- tbb-commits - lists.torproject.org

[torbutton/master] Bug #10751.2: Adapt Torbutton to Australis UI.
by mikeperry＠torproject.org 30 Sep '14

30 Sep '14

commit 4024c6ff958724d226a5a30b68316b25fb876616 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Aug 25 16:46:54 2014 -0700 Bug #10751.2: Adapt Torbutton to Australis UI. Use CustomizableUI, if it is available, to add TorButton's button to navigation toolbar. --- src/chrome/content/torbutton.js | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index 153cc3c..4ca6614 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -541,14 +541,21 @@ function torbutton_init() { if (!m_tb_prefs.getBoolPref("extensions.torbutton.inserted_button")) { torbutton_log(3, 'Adding button'); try { - var toolbutton = torbutton_get_button_from_toolbox(); - var navbar = document.getElementById("nav-bar"); - // XXX: Will probably fail on fennec. Also explicitly forbidden - // by MDC style guides (for good reason). Fix later.. - var urlbar = document.getElementById("urlbar-container"); - navbar.insertBefore(toolbutton, urlbar); - navbar.setAttribute("currentset", navbar.currentSet); - document.persist("nav-bar", "currentset"); + if (CustomizableUI) { + // ESR31-style toolbar + CustomizableUI.addWidgetToArea("torbutton-button", CustomizableUI.AREA_NAVBAR, 0); + } else { + // ESR24-style toolbar + // TODO: Remove this branch once TBB-ESR24 has been retired. + var toolbutton = torbutton_get_button_from_toolbox(); + var navbar = document.getElementById("nav-bar"); + // XXX: Will probably fail on fennec. Also explicitly forbidden + // by MDC style guides (for good reason). Fix later.. + var urlbar = document.getElementById("urlbar-container"); + navbar.insertBefore(toolbutton, urlbar); + navbar.setAttribute("currentset", navbar.currentSet); + document.persist("nav-bar", "currentset"); + } torbutton_log(3, 'Button added'); m_tb_prefs.setBoolPref("extensions.torbutton.inserted_button", true); } catch(e) {

1 0

[torbutton/master] Bug #10751.1: Load HUDService only if it's not already available.
by mikeperry＠torproject.org 30 Sep '14

30 Sep '14

commit f5095267fcc638bd5ded6f9934e31d98505a6247 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Aug 25 15:50:19 2014 -0700 Bug #10751.1: Load HUDService only if it's not already available. Loading by this method breaks the browser console in ESR31. Fortunately, ESR31 has a built-in window.HUDService. --- src/chrome/content/torbutton.js | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index 4cd9c3d..153cc3c 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -6,8 +6,13 @@ // TODO: Double-check there are no strange exploits to defeat: // http://kb.mozillazine.org/Links_to_local_pages_don%27t_work -XPCOMUtils.defineLazyModuleGetter(this, "HUDService", - "resource:///modules/HUDService.jsm"); +// TODO: Remove the following HUDService loading code once TBB-ESR24 has +// been retired. +if (!window.hasOwnProperty("HUDService")) { + XPCOMUtils.defineLazyModuleGetter(this, "HUDService", + "resource:///modules/HUDService.jsm"); +} + XPCOMUtils.defineLazyModuleGetter(this, "ConsoleServiceListener", "resource://gre/modules/devtools/WebConsoleUtils.jsm"); XPCOMUtils.defineLazyModuleGetter(this, "WebConsoleUtils", @@ -2605,8 +2610,8 @@ var torbutton_console_observer = { observe: function(subject, topic, data) { if (topic === "web-console-created") { - var id = subject.QueryInterface(Ci.nsISupportsString).toString(); - var con = HUDService.getHudReferenceById(subject); + var id = subject.QueryInterface(Ci.nsISupportsString).toString(), + con = HUDService.getHudReferenceById(id); con.ui.reportPageErrorOld = con.ui.reportPageError; // Filtering the messages by making them hidden adding the // "hidden-message" class. If the message does not need to get filtered

1 0

[torbutton/master] Bug 13138: ESR31-about:tor shows "Tor is not working"
by mikeperry＠torproject.org 30 Sep '14

30 Sep '14

commit 0467379f524273ed810b5c21d6a8eb16d00445cb Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Thu Sep 11 14:10:55 2014 -0400 Bug 13138: ESR31-about:tor shows "Tor is not working" In Firefox 26 and newer, the BrowserOnAboutPageLoad() function that Torbutton previously used to detect about:tor page loads has been removed. The new approach is to have about:tor dispatch a custom event (which is the same approach Mozilla uses for about:home). --- src/chrome/content/aboutTor/aboutTor.xhtml | 7 ++++++- src/chrome/content/torbutton.js | 9 +++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/chrome/content/aboutTor/aboutTor.xhtml b/src/chrome/content/aboutTor/aboutTor.xhtml index f8f829d..c13f60e 100644 --- a/src/chrome/content/aboutTor/aboutTor.xhtml +++ b/src/chrome/content/aboutTor/aboutTor.xhtml @@ -21,7 +21,7 @@ <title>&aboutTor.title;</title> <link rel="stylesheet" type="text/css" media="all" href="chrome://torbutton/skin/aboutTor.css"/> -<script type="text/javascript"> +<script type="text/javascript;version=1.7"> <![CDATA[ function onLoad() { @@ -125,6 +125,11 @@ function insertPropertyStrings() } catch(e) {}; } +window.addEventListener("pageshow", function() { + let evt = new CustomEvent("AboutTorLoad", { bubbles: true }); + document.dispatchEvent(evt); +}); + ]]> </script> </head> diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index 4ca6614..9b7ade2 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -506,9 +506,10 @@ function torbutton_init() { } } - // Add our hook into about page load - m_tb_orig_BrowserOnAboutPageLoad = window.BrowserOnAboutPageLoad; - window.BrowserOnAboutPageLoad = torbutton_override_BrowserOnAboutPageLoad; + // Add event listener for about:tor page loads. + document.addEventListener("AboutTorLoad", function(aEvent) { + torbutton_on_abouttor_load(aEvent.target); + }, false, true); // initialize preferences before we start our prefs observer torbutton_init_prefs(); @@ -966,7 +967,7 @@ function torbutton_update_abouttor_arrow(aDoc) { } catch(e) {} } -function torbutton_override_BrowserOnAboutPageLoad(aDoc) { +function torbutton_on_abouttor_load(aDoc) { if (torbutton_is_abouttor_doc(aDoc) && !aDoc.documentElement.hasAttribute("aboutTorLoaded")) { aDoc.documentElement.setAttribute("aboutTorLoaded", true);

1 0

[torbutton/master] Merge remote-tracking branch 'brade/bug13138'
by mikeperry＠torproject.org 30 Sep '14

30 Sep '14

commit f82606e56c30ee7db9e6160719ef858b7b9c1e10 Merge: 7f46869 0467379 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon Sep 29 17:06:48 2014 -0700 Merge remote-tracking branch 'brade/bug13138' src/chrome/content/aboutTor/aboutTor.xhtml | 7 ++++- src/chrome/content/torbutton.js | 45 ++++++++++++++++++---------- 2 files changed, 35 insertions(+), 17 deletions(-)

1 0

[torbutton/master] Update changelog and version for 1.7.0.0-pre.
by mikeperry＠torproject.org 30 Sep '14

30 Sep '14

commit 3f80c17eb67f2836c1652f43f693e0a99c152747 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon Sep 29 17:22:56 2014 -0700 Update changelog and version for 1.7.0.0-pre. --- src/CHANGELOG | 5 +++++ src/install.rdf | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/CHANGELOG b/src/CHANGELOG index 1f925c6..11c50a7 100644 --- a/src/CHANGELOG +++ b/src/CHANGELOG @@ -1,3 +1,8 @@ +1.7.0.0 + ?? + * Bug 10751: Adapt Torbutton to ESR31's Australis UI. + * Bug 13138: ESR31-about:tor shows "Tor is not working" + 1.6.12.3 23 Sep 2014 * Bug 10804: Workaround for some TBB startup hangs diff --git a/src/install.rdf b/src/install.rdf index bf5ec16..2411179 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -6,7 +6,7 @@ <em:name>Torbutton</em:name> <em:creator>Mike Perry</em:creator> <em:id>torbutton(a)torproject.org</em:id> - <em:version>1.6.12.3</em:version> + <em:version>1.7.0.0-pre</em:version> <em:homepageURL>https://www.torproject.org/projects/torbrowser.html.en</em:homepageURL> <em:optionsURL>chrome://torbutton/content/preferences.xul</em:optionsURL> <em:iconURL>chrome://torbutton/skin/tor.png</em:iconURL>

1 0

[tor-browser-bundle/master] Add the update responses script
by gk＠torproject.org 26 Sep '14

26 Sep '14

commit c2b76dcc4a854d7cecb44acac2bea1cf23cf51e6 Author: Nicolas Vigier <boklm(a)mars-attacks.org> Date: Thu Sep 25 19:39:19 2014 +0200 Add the update responses script Add the update responses script in directory tools/update-responses. This adds the content of commit 2c3625507a5c12b4c15b6681a8b694114a0cfb7b from https://github.com/boklm/tb-update-response. --- tools/update-responses/.gitignore | 1 + tools/update-responses/README.md | 45 +++++++ tools/update-responses/config.yml | 16 +++ tools/update-responses/htdocs/no-update.xml | 2 + tools/update-responses/update_responses | 169 +++++++++++++++++++++++++++ 5 files changed, 233 insertions(+) diff --git a/tools/update-responses/.gitignore b/tools/update-responses/.gitignore new file mode 100644 index 0000000..c077014 --- /dev/null +++ b/tools/update-responses/.gitignore @@ -0,0 +1 @@ +htdocs diff --git a/tools/update-responses/README.md b/tools/update-responses/README.md new file mode 100644 index 0000000..ee21bac --- /dev/null +++ b/tools/update-responses/README.md @@ -0,0 +1,45 @@ +Tor Browser Update Responses script +=================================== + +This repository contains a script to generate responses for Tor Browser +updater. + +See ticket [#12622](https://trac.torproject.org/projects/tor/ticket/12622) +for details. + + +Dependencies +------------ + +The following perl modules need to be installed to run the script: + FindBin YAML File::Slurp Digest::SHA XML::Writer + +On Debian / Ubuntu you can install them with: + +``` + # apt-get install libfindbin-libs-perl libyaml-perl libfile-slurp-perl \ + libdigest-sha-perl libxml-writer-perl +``` + +On Red Hat / Fedora you can install them with: + +``` + # for module in FindBin YAML File::Slurp Digest::SHA XML::Writer + do yum install "perl($module)"; done +``` + + +URL Format +---------- + +The URL format is: + https://something/$channel/$build_target/$tb_version/$lang?force=1 + +'build_target' is the OS for which the browser was built. The correspo +ndance between the build target and the OS name that we use in archive +files is defined in the config.yml file. + +'tb_version' is the Tor Browser version. + +'lang' is the locale. + diff --git a/tools/update-responses/config.yml b/tools/update-responses/config.yml new file mode 100644 index 0000000..8b5475a --- /dev/null +++ b/tools/update-responses/config.yml @@ -0,0 +1,16 @@ +--- +build_targets: + linux32: Linux_x86-gcc3 + linux64: Linux_x86_64-gcc3 + win32: WINNT_x86-gcc3 + osx32: Darwin_x86-gcc3 +channels: + alpha: 4.0-alpha-3 +versions: + 4.0-alpha-3: + platformVersion: 24.8.1 + detailsURL: https://www.torproject.org/projects/torbrowser.html.en + download_url: https://www.torproject.org/dist/torbrowser/4.0-alpha-3 +# osx32: +# minSupportedOSVersion: 10.7 +# unsupported: 1 diff --git a/tools/update-responses/htdocs/no-update.xml b/tools/update-responses/htdocs/no-update.xml new file mode 100644 index 0000000..910e99d --- /dev/null +++ b/tools/update-responses/htdocs/no-update.xml @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates></updates> diff --git a/tools/update-responses/releases/.directory b/tools/update-responses/releases/.directory new file mode 100644 index 0000000..e69de29 diff --git a/tools/update-responses/update_responses b/tools/update-responses/update_responses new file mode 100755 index 0000000..e082592 --- /dev/null +++ b/tools/update-responses/update_responses @@ -0,0 +1,169 @@ +#!/usr/bin/perl -w + +use strict; +use FindBin; +use YAML qw(LoadFile); +use File::Slurp; +use Digest::SHA; +use XML::Writer; + +my $htdocsdir = "$FindBin::Bin/htdocs"; +my $config = LoadFile("$FindBin::Bin/config.yml"); +my %htdocsfiles = ( '.' => 1, '..' => 1, 'no-update.xml' => 1 ); + +sub exit_error { + print STDERR "Error: ", $_[0], "\n"; + exit (exists $_[1] ? $_[1] : 1); +} + +sub build_target_by_os { + $config->{build_targets}{$_[0]} ? $config->{build_targets}{$_[0]} : $_[0]; +} + +sub write_htdocs { + my ($file, $content) = @_; + mkdir $htdocsdir unless -d $htdocsdir; + write_file("$htdocsdir/$file", $content); + $htdocsfiles{$file} = 1; +} + +sub clean_htdocs { + opendir(my $d, $htdocsdir); + my @files = grep { ! $htdocsfiles{$_} } readdir $d; + closedir $d; + unlink map { "$htdocsdir/$_" } @files; +} + +sub get_sha512_hex_of_file { + my ($file) = @_; + my $sha = Digest::SHA->new("512"); + $sha->addfile($file); + return $sha->hexdigest; +} + +sub get_version_files { + my ($config, $version) = @_; + return if $config->{versions}{$version}{files}; + my $files = {}; + my $vdir = "$FindBin::Bin/releases/$version"; + opendir(my $d, $vdir) or exit_error "Error opening directory $vdir"; + foreach my $file (readdir $d) { + next unless -f "$vdir/$file"; + if ($file =~ m/^tor-browser-([^-]+)-${version}_(.+)\.mar$/) { + my ($os, $lang) = ($1, $2); + $files->{$os}{$lang}{complete} = { + type => 'complete', + URL => "$config->{versions}{$version}{download_url}/$file", + size => -s "$vdir/$file", + hashFunction => 'SHA512', + hashValue => get_sha512_hex_of_file("$vdir/$file"), + }; + next; + } + if ($file =~ m/^tor-browser-([^-]+)-([^-]+)-${version}_(.+)\.mar$/) { + my ($os, $from_version, $lang) = ($1, $2, $3); + $files->{$os}{$lang}{partial}{$from_version} = { + type => 'partial', + URL => "$config->{versions}{$version}{download_url}/$file", + size => -s "$vdir/$file", + hashFunction => 'SHA512', + hashValue => get_sha512_hex_of_file("$vdir/$file"), + } + } + } + closedir $d; + $config->{versions}{$version}{files} = $files; +} + +sub get_config { + my ($config, $version, $os, $name) = @_; + return $config->{versions}{$version}{$os}{$name} + // $config->{versions}{$version}{$name} + // $config->{$name}; +} + +sub get_response { + my ($config, $version, $os, @patches) = @_; + my $res; + my $writer = XML::Writer->new(OUTPUT => \$res, ENCODING => 'UTF-8'); + $writer->xmlDecl; + $writer->startTag('updates'); + if (get_config($config, $version, $os, 'unsupported')) { + $writer->startTag('update', + unsupported => 'true', + detailsURL => get_config($config, $version, $os, 'detailsURL'), + ); + goto CLOSETAGS; + } + my $minversion = get_config($config, $version, $os, 'minSupportedOSVersion'); + $writer->startTag('update', + type => 'minor', + displayVersion => $version, + appVersion => $version, + platformVersion => get_config($config, $version, $os, 'platformVersion'), + buildID => '20000101000000', + detailsURL => get_config($config, $version, $os, 'detailsURL'), + defined $minversion ? ( minSupportedOSVersion => $minversion ) : (), + ); + foreach my $patch (@patches) { + $writer->startTag('patch', %$patch); + $writer->endTag('patch'); + } + CLOSETAGS: + $writer->endTag('update'); + $writer->endTag('updates'); + $writer->end; + return $res; +} + +sub write_responses { + my ($config) = @_; + foreach my $version (values %{$config->{channels}}) { + get_version_files($config, $version); + my $files = $config->{versions}{$version}{files}; + foreach my $os (keys %$files) { + foreach my $lang (keys %{$files->{$os}}) { + my $resp = get_response($config, $version, $os, + $files->{$os}{$lang}{complete}); + write_htdocs("$version-$os-$lang.xml", $resp); + foreach my $from_version (keys %{$files->{$os}{$lang}{partial}}) { + $resp = get_response($config, $version, $os, + $files->{$os}{$lang}{complete}, + $files->{$os}{$lang}{partial}{$from_version}); + write_htdocs("$from_version-$version-$os-$lang.xml", $resp); + } + } + } + } +} + +sub write_htaccess { + my ($config) = @_; + my $htaccess = "RewriteEngine On\n"; + my $flags = "[last]"; + foreach my $channel (keys %{$config->{channels}}) { + my $version = $config->{channels}{$channel}; + my $files = $config->{versions}{$version}{files}; + $htaccess .= "RewriteRule " + . "^$channel/[^\/]+/$version/ " + . "no-update.xml $flags\n"; + foreach my $os (keys %$files) { + my $bt = build_target_by_os($os); + foreach my $lang (keys %{$files->{$os}}) { + foreach my $from_version (keys %{$files->{$os}{$lang}{partial}}) { + $htaccess .= "RewriteRule ^$channel/$bt/$from_version/$lang " + . "$from_version-$version-$os-$lang.xml $flags\n"; + } + $htaccess .= "RewriteRule ^$channel/$bt/[^\/]+/$lang " + . "$version-$os-$lang.xml $flags\n"; + } + $htaccess .= "RewriteRule ^$channel/$bt " + . "$version-$os-en-US.xml $flags\n"; + } + } + write_htdocs('.htaccess', $htaccess); +} + +write_responses($config); +write_htaccess($config); +clean_htdocs;

1 0

[tor-browser-bundle/maint-3.6] Fix wrong changelog entry.
by gk＠torproject.org 26 Sep '14

26 Sep '14

commit e3cf791da65d0aca2fec7faac5a22a1954d44122 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Sep 26 14:02:15 2014 +0000 Fix wrong changelog entry. --- Bundle-Data/Docs/ChangeLog.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index e927d9c..916ad5d 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -10,7 +10,6 @@ Tor Browser Bundle 3.6.6 -- Sep 24 2014 * Bug 10804: Workaround fix for some cases of startup hang * Linux * Bug 9150: Make RPATH unavailable on Tor binary. - * Bug 13031: Add full RELRO protection. Tor Browser Bundle 3.6.5 -- Sep 2 2014 * All Platforms

1 0

[tor-browser-bundle/master] Update changelog for 4.0a3 (and fix 3.6.6 changelog for history).
by mikeperry＠torproject.org 26 Sep '14

26 Sep '14

commit 2e91690f2dac97c8ece8384b38085833a6ccb7e6 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Sep 25 19:07:26 2014 -0700 Update changelog for 4.0a3 (and fix 3.6.6 changelog for history). --- Bundle-Data/Docs/ChangeLog.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 6f3ea04..82e8138 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -11,6 +11,7 @@ Tor Browser 4.0-alpha-3 -- Sep 24 2014 * Bug 13049: Browser update failure (self.update is undefined) * Bug 13047: Updater should not send Kernel and GTK version * Bug 12998: Prevent intermediate certs from being written to disk + * Bug 13245: Prevent non-english TBBs from upgrading to english version. * Linux: * Bug 9150: Make RPATH unavailable on Tor binary. * Bug 13031: Add full RELRO protection. @@ -27,7 +28,6 @@ Tor Browser Bundle 3.6.6 -- Sep 24 2014 * Bug 10804: Workaround fix for some cases of startup hang * Linux * Bug 9150: Make RPATH unavailable on Tor binary. - * Bug 13031: Add full RELRO protection. Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014 * All Platforms

1 0

[tor-browser-bundle/master] Bug 13245: Prevent non-english TBBs from upgrading to english version.
by mikeperry＠torproject.org 26 Sep '14

26 Sep '14

commit a92ec3e06a17f1a19c35590c8ad93081b180ef4e Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Sep 25 19:05:59 2014 -0700 Bug 13245: Prevent non-english TBBs from upgrading to english version. --- gitian/descriptors/linux/gitian-bundle.yml | 6 ++++++ gitian/descriptors/mac/gitian-bundle.yml | 6 ++++++ gitian/descriptors/windows/gitian-bundle.yml | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 38882f3..d3b030c 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -183,6 +183,12 @@ script: | rm -rf defaults popd + # Set the update.locale (it is used to replace %LOCALE% within app.update.url). + pushd tor-browser_$LANG/Browser/ + echo "$LANG" > update.locale + zip -Xm omni.ja update.locale + popd + # Recreate precomplete file (needs to be accurate for full MAR updates). pushd tor-browser_$LANG/Browser rm -f precomplete diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index 9801826..bd8bb5d 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -227,6 +227,12 @@ script: | rm -rf defaults popd + # Set the update.locale (it is used to replace %LOCALE% within app.update.url). + pushd ~/build/dmg/$DEST.app/Contents/MacOS/ + echo "$LANG" > update.locale + zip -Xm omni.ja update.locale + popd + if [ ${TORBROWSER_VERSION::3} == "3.5" ]; then pushd ~/build/dmg/ ~/build/dzip.sh $OUTDIR/TorBrowserBundle-${TORBROWSER_VERSION}-osx${GBUILD_BITS}_$LANG.zip $DEST.app diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index 79d6340..2d50f9c 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -162,6 +162,12 @@ script: | rm -rf defaults popd + # Set the update.locale (it is used to replace %LOCALE% within app.update.url). + pushd "Tor Browser"/Browser/ + echo "$LANG" > update.locale + zip -Xm omni.ja update.locale + popd + # Recreate precomplete file (needs to be accurate for full MAR updates). pushd "Tor Browser"/Browser/ rm -f precomplete

1 0

[tor-browser-bundle/master] Use the commit for Tor Launcher as well.
by gk＠torproject.org 24 Sep '14

24 Sep '14

commit 72ec0faa93ceb840a897e2e6953334ced2a8ff7b Author: Georg Koppen <gk(a)torproject.org> Date: Wed Sep 24 15:03:46 2014 +0000 Use the commit for Tor Launcher as well. --- gitian/mkbundle-linux.sh | 2 +- gitian/mkbundle-mac.sh | 2 +- gitian/mkbundle-windows.sh | 2 +- gitian/record-inputs.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index be1283f..c4938d0 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -84,7 +84,7 @@ then # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG #GITIAN_TAG=refs/tags/$GITIAN_TAG - TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG + #TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index 286f860..d71c824 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -89,7 +89,7 @@ then # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG #GITIAN_TAG=refs/tags/$GITIAN_TAG - TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG + #TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index 520119b..d7fc722 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -82,7 +82,7 @@ then # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG #GITIAN_TAG=refs/tags/$GITIAN_TAG - TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG + #TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG diff --git a/gitian/record-inputs.sh b/gitian/record-inputs.sh index eb368a9..2c60e6e 100755 --- a/gitian/record-inputs.sh +++ b/gitian/record-inputs.sh @@ -36,7 +36,7 @@ then # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG #GITIAN_TAG=refs/tags/$GITIAN_TAG - TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG + #TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG

1 0

[tor-browser-bundle/maint-3.6] Use the commit for Tor Launcher as well.
by gk＠torproject.org 24 Sep '14

24 Sep '14

commit 4fd2bc0dda2c3c510f8062d3420e9a3c8f6e94fc Author: Georg Koppen <gk(a)torproject.org> Date: Wed Sep 24 15:00:03 2014 +0000 Use the commit for Tor Launcher as well. --- gitian/mkbundle-linux.sh | 2 +- gitian/mkbundle-mac.sh | 2 +- gitian/mkbundle-windows.sh | 2 +- gitian/record-inputs.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index cdaf51d..e4a428b 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -84,7 +84,7 @@ then # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG #GITIAN_TAG=refs/tags/$GITIAN_TAG - TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG + #TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index 3cd137b..c3dfb83 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -91,7 +91,7 @@ then # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG #GITIAN_TAG=refs/tags/$GITIAN_TAG - TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG + #TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index e582d17..4d24561 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -86,7 +86,7 @@ then # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG #GITIAN_TAG=refs/tags/$GITIAN_TAG - TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG + #TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG diff --git a/gitian/record-inputs.sh b/gitian/record-inputs.sh index 29f1e34..8778eca 100755 --- a/gitian/record-inputs.sh +++ b/gitian/record-inputs.sh @@ -37,7 +37,7 @@ then # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG #GITIAN_TAG=refs/tags/$GITIAN_TAG - TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG + #TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG TOR_TAG=refs/tags/$TOR_TAG

1 0

[tor-browser-bundle/maint-3.6] Also switch gitian to commit hash.
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 54b54404bebf330a2addd7fc77730326fe6de756 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Sep 24 02:26:42 2014 -0700 Also switch gitian to commit hash. --- gitian/mkbundle-linux.sh | 2 +- gitian/mkbundle-mac.sh | 2 +- gitian/mkbundle-windows.sh | 2 +- gitian/record-inputs.sh | 2 +- gitian/verify-tags.sh | 2 +- gitian/versions | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index ea6d171..cdaf51d 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -83,7 +83,7 @@ then # If we're verifying tags, be explicit to gitian that we # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG - GITIAN_TAG=refs/tags/$GITIAN_TAG + #GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index e852989..3cd137b 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -90,7 +90,7 @@ then # If we're verifying tags, be explicit to gitian that we # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG - GITIAN_TAG=refs/tags/$GITIAN_TAG + #GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index ecabeae..e582d17 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -85,7 +85,7 @@ then # If we're verifying tags, be explicit to gitian that we # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG - GITIAN_TAG=refs/tags/$GITIAN_TAG + #GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG diff --git a/gitian/record-inputs.sh b/gitian/record-inputs.sh index 7531589..29f1e34 100755 --- a/gitian/record-inputs.sh +++ b/gitian/record-inputs.sh @@ -36,7 +36,7 @@ then # If we're verifying tags, be explicit to gitian that we # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG - GITIAN_TAG=refs/tags/$GITIAN_TAG + #GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 8aa818e..36269f3 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -144,6 +144,6 @@ done cd "$INPUTS_DIR" -verify_git "." "$WRAPPER_DIR/gpg/torbutton.gpg" "$GITIAN_TAG" +#verify_git "." "$WRAPPER_DIR/gpg/torbutton.gpg" "$GITIAN_TAG" git checkout "$GITIAN_TAG" diff --git a/gitian/versions b/gitian/versions index 7c38d91..a52facf 100755 --- a/gitian/versions +++ b/gitian/versions @@ -23,7 +23,7 @@ FTEPROXY_TAG=d1186cc366895701a1cae5fc39afbe2534dad600 # tag 0.2.17 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 -GITIAN_TAG=tor-browser-builder-3.x-6 +GITIAN_TAG=ae72871ea2e1c731ee34bba27a47fcce1b79786e #tor-browser-builder-3.x-6 OPENSSL_VER=1.0.1i GMP_VER=5.1.3

1 0

[tor-browser-bundle/master] Also switch gitian to commit hash.
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 4d5787fb137e5275c5c23588caa1956770f3c67e Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Sep 24 02:28:08 2014 -0700 Also switch gitian to commit hash. --- gitian/mkbundle-linux.sh | 2 +- gitian/mkbundle-mac.sh | 2 +- gitian/mkbundle-windows.sh | 2 +- gitian/record-inputs.sh | 2 +- gitian/verify-tags.sh | 2 +- gitian/versions.alpha | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index e3b145d..be1283f 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -83,7 +83,7 @@ then # If we're verifying tags, be explicit to gitian that we # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG - GITIAN_TAG=refs/tags/$GITIAN_TAG + #GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index 9e8ec7c..286f860 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -88,7 +88,7 @@ then # If we're verifying tags, be explicit to gitian that we # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG - GITIAN_TAG=refs/tags/$GITIAN_TAG + #GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index 595ff29..520119b 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -81,7 +81,7 @@ then # If we're verifying tags, be explicit to gitian that we # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG - GITIAN_TAG=refs/tags/$GITIAN_TAG + #GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG diff --git a/gitian/record-inputs.sh b/gitian/record-inputs.sh index afcd70d..eb368a9 100755 --- a/gitian/record-inputs.sh +++ b/gitian/record-inputs.sh @@ -35,7 +35,7 @@ then # If we're verifying tags, be explicit to gitian that we # want to build from tags. NSIS_TAG=refs/tags/$NSIS_TAG - GITIAN_TAG=refs/tags/$GITIAN_TAG + #GITIAN_TAG=refs/tags/$GITIAN_TAG TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 5b1a304..97bc56e 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -147,6 +147,6 @@ done cd "$INPUTS_DIR" -verify_git "." "$WRAPPER_DIR/gpg/torbutton.gpg" "$GITIAN_TAG" +#verify_git "." "$WRAPPER_DIR/gpg/torbutton.gpg" "$GITIAN_TAG" git checkout "$GITIAN_TAG" diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 20e38f8..ccfb542 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -27,7 +27,7 @@ TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0 GOPTLIB_TAG=0.2 MEEK_TAG=0.11 -GITIAN_TAG=tor-browser-builder-3.x-6 +GITIAN_TAG=ae72871ea2e1c731ee34bba27a47fcce1b79786e #tor-browser-builder-3.x-6 OPENSSL_VER=1.0.1i GMP_VER=5.1.3

1 0

[tor-browser-bundle/master] Also update the tag verification for Tor Launcher..
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 6312ab050bfbcc9d70576c5cb993f923054b96a3 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Sep 24 02:17:43 2014 -0700 Also update the tag verification for Tor Launcher.. --- gitian/verify-tags.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index a4f6ca1..5b1a304 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -90,7 +90,6 @@ while read dir keyring tag; do verify_git "$dir" "$WRAPPER_DIR/gpg/$keyring" "$tag" done << EOF tbb-windows-installer tbb-windows-installer.gpg $NSIS_TAG -tor-launcher torbutton.gpg $TORLAUNCHER_TAG tor-browser torbutton.gpg $TORBROWSER_TAG torbutton torbutton.gpg $TORBUTTON_TAG zlib zlib.gpg $ZLIB_TAG @@ -112,6 +111,7 @@ libdmg-hfsplus $LIBDMG_TAG libfte $LIBFTE_TAG fteproxy $FTEPROXY_TAG txsocksx $TXSOCKSX_TAG +tor-launcher $TORLAUNCHER_TAG EOF # Verify signatures on signed packages

1 0

[tor-browser-bundle/maint-3.6] Also update the tag verification for Tor Launcher..
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 65a952679bebcff78f612dabf281fae0abc2f53d Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Sep 24 02:17:43 2014 -0700 Also update the tag verification for Tor Launcher.. --- gitian/verify-tags.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 9814440..8aa818e 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -90,7 +90,6 @@ while read dir keyring tag; do verify_git "$dir" "$WRAPPER_DIR/gpg/$keyring" "$tag" done << EOF tbb-windows-installer tbb-windows-installer.gpg $NSIS_TAG -tor-launcher torbutton.gpg $TORLAUNCHER_TAG tor-browser torbutton.gpg $TORBROWSER_TAG torbutton torbutton.gpg $TORBUTTON_TAG zlib zlib.gpg $ZLIB_TAG @@ -109,6 +108,7 @@ libdmg-hfsplus $LIBDMG_TAG libfte $LIBFTE_TAG fteproxy $FTEPROXY_TAG txsocksx $TXSOCKSX_TAG +tor-launcher $TORLAUNCHER_TAG EOF # Verify signatures on signed packages

1 0

[tor-browser-bundle/maint-3.6] Use SHA for Torlauncher due to gpg+git tag timestamp braindamage.
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit f94fc7f3ea1ff26fcb5d6c6df30ace75fc146891 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Sep 24 02:09:27 2014 -0700 Use SHA for Torlauncher due to gpg+git tag timestamp braindamage. --- gitian/versions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitian/versions b/gitian/versions index c07a09d..7c38d91 100755 --- a/gitian/versions +++ b/gitian/versions @@ -8,7 +8,7 @@ FIREFOX_VERSION=24.8.1esr TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-3.x-1-build1 TOR_TAG=tor-0.2.4.24 -TORLAUNCHER_TAG=0.2.5.6 +TORLAUNCHER_TAG=e058a548e736c75982873614631c1f4cb37b04a4 # 0.2.5.6 TORBUTTON_TAG=1.6.12.3 HTTPSE_TAG=3.5.3 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.1

1 0

[tor-browser-bundle/master] Use SHA for Torlauncher due to gpg+git tag timestamp braindamage.
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit b3a3162f6768d75c891abb8c54cd9ca395a022e0 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Sep 24 02:10:52 2014 -0700 Use SHA for Torlauncher due to gpg+git tag timestamp braindamage. --- gitian/versions.alpha | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 66f0e52..20e38f8 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -10,7 +10,7 @@ TORBROWSER_UPDATE_CHANNEL=alpha TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-1-build1 TOR_TAG=tor-0.2.5.8-rc -TORLAUNCHER_TAG=0.2.7.0 +TORLAUNCHER_TAG=25bc6349f5f1e43c7d383883e6d6822b8edb41bc # 0.2.7.0 TORBUTTON_TAG=1.6.12.3 HTTPSE_TAG=3.5.3 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.2

1 0

[tor-browser-bundle/master] Revert "Remove Torbutton 1.6.12.3 from 3.6.6 changelog."
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 526c77292bcd2f06a5f5cb17e80b58b549a14b2a Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Sep 24 01:01:25 2014 -0700 Revert "Remove Torbutton 1.6.12.3 from 3.6.6 changelog." This reverts commit 12f43a2f34f5341b66ae259bf26c78d7a8d89544. Ah, screw it. Let's keep it! What could possibly go wrong! --- Bundle-Data/Docs/ChangeLog.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 539a038..6f3ea04 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -22,6 +22,9 @@ Tor Browser Bundle 3.6.6 -- Sep 24 2014 * Update NoScript to 2.6.8.42 * Update HTTPS Everywhere to 4.0.1 * Bug 12998: Prevent intermediate certs from being written to disk + * Update Torbutton to 1.6.12.3 + * Bug 13091: Use "Tor Browser" everywhere + * Bug 10804: Workaround fix for some cases of startup hang * Linux * Bug 9150: Make RPATH unavailable on Tor binary. * Bug 13031: Add full RELRO protection.

1 0

[tor-browser-bundle/maint-3.6] Revert "Back out Torbutton 1.6.12.3"
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 1425e4458212b798161995fcefa3deaada544102 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Sep 24 01:01:53 2014 -0700 Revert "Back out Torbutton 1.6.12.3" This reverts commit d37da21a366199555c67c11e984cddddbbc66301. Ah, screw it. Let's keep it! What could possibly go wrong! --- Bundle-Data/Docs/ChangeLog.txt | 3 +++ gitian/versions | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 5aa2c5c..e927d9c 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -5,6 +5,9 @@ Tor Browser Bundle 3.6.6 -- Sep 24 2014 * Update NoScript to 2.6.8.42 * Update HTTPS Everywhere to 4.0.1 * Bug 12998: Prevent intermediate certs from being written to disk + * Update Torbutton to 1.6.12.3 + * Bug 13091: Use "Tor Browser" everywhere + * Bug 10804: Workaround fix for some cases of startup hang * Linux * Bug 9150: Make RPATH unavailable on Tor binary. * Bug 13031: Add full RELRO protection. diff --git a/gitian/versions b/gitian/versions index 6f5c161..c07a09d 100755 --- a/gitian/versions +++ b/gitian/versions @@ -9,7 +9,7 @@ FIREFOX_VERSION=24.8.1esr TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-3.x-1-build1 TOR_TAG=tor-0.2.4.24 TORLAUNCHER_TAG=0.2.5.6 -TORBUTTON_TAG=1.6.12.1 +TORBUTTON_TAG=1.6.12.3 HTTPSE_TAG=3.5.3 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8

1 0

[tor-browser-bundle/master] Remove Torbutton 1.6.12.3 from 3.6.6 changelog.
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 12f43a2f34f5341b66ae259bf26c78d7a8d89544 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Sep 24 00:41:49 2014 -0700 Remove Torbutton 1.6.12.3 from 3.6.6 changelog. --- Bundle-Data/Docs/ChangeLog.txt | 3 --- 1 file changed, 3 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 6f3ea04..539a038 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -22,9 +22,6 @@ Tor Browser Bundle 3.6.6 -- Sep 24 2014 * Update NoScript to 2.6.8.42 * Update HTTPS Everywhere to 4.0.1 * Bug 12998: Prevent intermediate certs from being written to disk - * Update Torbutton to 1.6.12.3 - * Bug 13091: Use "Tor Browser" everywhere - * Bug 10804: Workaround fix for some cases of startup hang * Linux * Bug 9150: Make RPATH unavailable on Tor binary. * Bug 13031: Add full RELRO protection.

1 0

[tor-browser-bundle/maint-3.6] Back out Torbutton 1.6.12.3
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit d37da21a366199555c67c11e984cddddbbc66301 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Sep 24 00:38:38 2014 -0700 Back out Torbutton 1.6.12.3 GeKo has concerns about testing and the potential for additional hangs. --- Bundle-Data/Docs/ChangeLog.txt | 3 --- gitian/versions | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index e927d9c..5aa2c5c 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -5,9 +5,6 @@ Tor Browser Bundle 3.6.6 -- Sep 24 2014 * Update NoScript to 2.6.8.42 * Update HTTPS Everywhere to 4.0.1 * Bug 12998: Prevent intermediate certs from being written to disk - * Update Torbutton to 1.6.12.3 - * Bug 13091: Use "Tor Browser" everywhere - * Bug 10804: Workaround fix for some cases of startup hang * Linux * Bug 9150: Make RPATH unavailable on Tor binary. * Bug 13031: Add full RELRO protection. diff --git a/gitian/versions b/gitian/versions index c07a09d..6f5c161 100755 --- a/gitian/versions +++ b/gitian/versions @@ -9,7 +9,7 @@ FIREFOX_VERSION=24.8.1esr TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-3.x-1-build1 TOR_TAG=tor-0.2.4.24 TORLAUNCHER_TAG=0.2.5.6 -TORBUTTON_TAG=1.6.12.3 +TORBUTTON_TAG=1.6.12.1 HTTPSE_TAG=3.5.3 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8

1 0

[tor-browser-bundle/maint-3.6] Update subkeys for Mike Perry and Torbutton.
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 75f103a5d294a5c839944e45984bf4bf9bcfa4f9 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Tue Sep 23 22:46:31 2014 -0700 Update subkeys for Mike Perry and Torbutton. --- gitian/gpg/mikeperry.gpg | Bin 7813 -> 15716 bytes gitian/gpg/torbutton.gpg | Bin 7813 -> 15716 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/gitian/gpg/mikeperry.gpg b/gitian/gpg/mikeperry.gpg index ab4acc0..7f14ee3 100644 Binary files a/gitian/gpg/mikeperry.gpg and b/gitian/gpg/mikeperry.gpg differ diff --git a/gitian/gpg/torbutton.gpg b/gitian/gpg/torbutton.gpg index ab4acc0..7f14ee3 100644 Binary files a/gitian/gpg/torbutton.gpg and b/gitian/gpg/torbutton.gpg differ

1 0

[tor-browser-bundle/master] Update subkeys for Mike Perry.
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 123bd9783692471258258042770c1fe58126d3d7 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Tue Sep 23 22:44:13 2014 -0700 Update subkeys for Mike Perry. --- gitian/gpg/mikeperry.gpg | Bin 7813 -> 15716 bytes gitian/gpg/torbutton.gpg | Bin 7813 -> 15716 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/gitian/gpg/mikeperry.gpg b/gitian/gpg/mikeperry.gpg index ab4acc0..7f14ee3 100644 Binary files a/gitian/gpg/mikeperry.gpg and b/gitian/gpg/mikeperry.gpg differ diff --git a/gitian/gpg/torbutton.gpg b/gitian/gpg/torbutton.gpg index ab4acc0..7f14ee3 100644 Binary files a/gitian/gpg/torbutton.gpg and b/gitian/gpg/torbutton.gpg differ

1 0

[tor-browser-bundle/maint-3.6] Update changelog and versions for 3.6.6.
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 7edebbe2c3f5ece67e4395f3209c866179c904ec Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Tue Sep 23 22:30:21 2014 -0700 Update changelog and versions for 3.6.6. --- Bundle-Data/Docs/ChangeLog.txt | 14 ++++++++++++++ gitian/versions | 16 ++++++++-------- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 6688bf1..e927d9c 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,17 @@ +Tor Browser Bundle 3.6.6 -- Sep 24 2014 + * All Platforms + * Update Tor to tor-0.2.4.24 + * Update Firefox to 24.8.1esr + * Update NoScript to 2.6.8.42 + * Update HTTPS Everywhere to 4.0.1 + * Bug 12998: Prevent intermediate certs from being written to disk + * Update Torbutton to 1.6.12.3 + * Bug 13091: Use "Tor Browser" everywhere + * Bug 10804: Workaround fix for some cases of startup hang + * Linux + * Bug 9150: Make RPATH unavailable on Tor binary. + * Bug 13031: Add full RELRO protection. + Tor Browser Bundle 3.6.5 -- Sep 2 2014 * All Platforms * Update Firefox to 24.8.0esr diff --git a/gitian/versions b/gitian/versions index 4096ec0..c07a09d 100755 --- a/gitian/versions +++ b/gitian/versions @@ -1,15 +1,15 @@ -TORBROWSER_VERSION=3.6.5 +TORBROWSER_VERSION=3.6.6 BUNDLE_LOCALES="ar de es-ES fa fr it ko nl pl pt-PT ru tr vi zh-CN" BUILD_PT_BUNDLES=1 VERIFY_TAGS=1 -FIREFOX_VERSION=24.8.0esr +FIREFOX_VERSION=24.8.1esr TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-3.x-1-build1 -TOR_TAG=tor-0.2.4.23 +TOR_TAG=tor-0.2.4.24 TORLAUNCHER_TAG=0.2.5.6 -TORBUTTON_TAG=1.6.12.1 +TORBUTTON_TAG=1.6.12.3 HTTPSE_TAG=3.5.3 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 @@ -42,12 +42,12 @@ PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 -HTTPSE_VER=4.0.0 +HTTPSE_VER=4.0.1 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.39-fx+sm+fn.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.42-fx+fn+sm.xpi HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz @@ -75,8 +75,8 @@ GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=6b97c02b3ceab452f0ceec0f8918e0653837b24f376ba1a9dd78bb551bae3715 -HTTPSE_HASH=1241631091f9ceb417f639a6df76425cda36ee4b38b78ce8d318088eb17a7219 +NOSCRIPT_HASH=b474156fd6b9957b38054a34c8acb581204f08733cce898ed581c67d425dda33 +HTTPSE_HASH=cd811b1d424ff24939249de1e2b745ba86cbd7e6804699a9460c631a0b3474fe MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c

1 0

[tor-browser-bundle/master] Update changelog for 3.6.6, and add an omission to 4.0a3.
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit a5c222038f94752618db15831e3a63a2120ff65a Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Tue Sep 23 22:21:46 2014 -0700 Update changelog for 3.6.6, and add an omission to 4.0a3. --- Bundle-Data/Docs/ChangeLog.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index a41d0d5..6f3ea04 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -10,10 +10,25 @@ Tor Browser 4.0-alpha-3 -- Sep 24 2014 * Bug 13091: Use "Tor Browser" everywhere * Bug 13049: Browser update failure (self.update is undefined) * Bug 13047: Updater should not send Kernel and GTK version + * Bug 12998: Prevent intermediate certs from being written to disk * Linux: * Bug 9150: Make RPATH unavailable on Tor binary. * Bug 13031: Add full RELRO protection. +Tor Browser Bundle 3.6.6 -- Sep 24 2014 + * All Platforms + * Update Tor to tor-0.2.4.24 + * Update Firefox to 24.8.1esr + * Update NoScript to 2.6.8.42 + * Update HTTPS Everywhere to 4.0.1 + * Bug 12998: Prevent intermediate certs from being written to disk + * Update Torbutton to 1.6.12.3 + * Bug 13091: Use "Tor Browser" everywhere + * Bug 10804: Workaround fix for some cases of startup hang + * Linux + * Bug 9150: Make RPATH unavailable on Tor binary. + * Bug 13031: Add full RELRO protection. + Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014 * All Platforms * Update Firefox to 24.8.0esr

1 0

[tor-browser-bundle/master] Bump versions and update changelog for 4.0a3.
by mikeperry＠torproject.org 24 Sep '14

24 Sep '14

commit 0d9c56ed19745b4bb5203d0ad0ad4d065235b03d Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Tue Sep 23 22:10:27 2014 -0700 Bump versions and update changelog for 4.0a3. --- Bundle-Data/Docs/ChangeLog.txt | 8 +++++--- gitian/versions.alpha | 10 +++++----- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 24fb9b1..a41d0d5 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,10 +1,12 @@ Tor Browser 4.0-alpha-3 -- Sep 24 2014 * All Platforms - * Update Tor to 0.2.5.7-rc + * Update Tor to 0.2.5.8-rc + * Update Firefox to 24.8.1esr * Update meek to 0.11 - * Update NoScript to 2.6.8.41 - * Update Torbutton to 1.6.12.2 + * Update NoScript to 2.6.8.42 + * Update Torbutton to 1.6.12.3 * Bug 13091: Use "Tor Browser" everywhere + * Bug 10804: Workaround fix for some cases of startup hang * Bug 13091: Use "Tor Browser" everywhere * Bug 13049: Browser update failure (self.update is undefined) * Bug 13047: Updater should not send Kernel and GTK version diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 25b35e5..66f0e52 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -4,14 +4,14 @@ BUILD_PT_BUNDLES=1 VERIFY_TAGS=1 -FIREFOX_VERSION=24.8.0esr +FIREFOX_VERSION=24.8.1esr TORBROWSER_UPDATE_CHANNEL=alpha TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-1-build1 -TOR_TAG=tor-0.2.5.7-rc +TOR_TAG=tor-0.2.5.8-rc TORLAUNCHER_TAG=0.2.7.0 -TORBUTTON_TAG=1.6.12.2 +TORBUTTON_TAG=1.6.12.3 HTTPSE_TAG=3.5.3 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.2 ZLIB_TAG=v1.2.8 @@ -52,7 +52,7 @@ GO_VER=1.3 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.41-fx+sm+fn.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.42-fx+fn+sm.xpi HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz @@ -80,7 +80,7 @@ GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=ac8b2febff44a437e00bd261570af9f7aba8cc2f49e69ffb631a0578af6facc1 +NOSCRIPT_HASH=b474156fd6b9957b38054a34c8acb581204f08733cce898ed581c67d425dda33 HTTPSE_HASH=6feb4982d13f89656b61435b6b49e1996c61bc79e52d046d02312879376028e3 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c

1 0

[torbutton/master] Bug 10804: Relocate event queue draining inside control port call.
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit bc58adf6e2ba152cca0d92f5f828e3b8b2d06798 Author: Agent Smith <smith007(a)not.gov> Date: Fri Sep 19 18:28:40 2014 +0200 Bug 10804: Relocate event queue draining inside control port call. This patch relocates the event queue draining hack from bug #9531 from New Identity to all control port commands. This should help address hangs at startup due to HTTPS activity (and other usage of the control port while the TLS stack is live). --- src/chrome/content/torbutton.js | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index 4cd9c3d..9ded64b 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -1428,6 +1428,19 @@ function torbutton_array_to_hexdigits(array) { // Executes a command on the control port. // Return a string response upon success and null upon error. function torbutton_send_ctrl_cmd(command) { + + // We spin the event queue until it is empty and we can be sure that sending + // NEWNYM is not leading to a deadlock (see bug 9531 comment 23 for an + // invstigation on why and when this may happen). This is surrounded by + // suppressing/unsuppressing user initiated events in a window's document to + // be sure that these events are not interfering with processing events being + // in the event queue. + var thread = Cc["@mozilla.org/thread-manager;1"]. + getService(Ci.nsIThreadManager).currentThread; + m_tb_domWindowUtils.suppressEventHandling(true); + while (thread.processNextEvent(false)) {} + m_tb_domWindowUtils.suppressEventHandling(false); + try { var socketTransportService = Components.classes["@mozilla.org/network/socket-transport-service;1"] .getService(Components.interfaces.nsISocketTransportService); @@ -1700,18 +1713,6 @@ function torbutton_do_new_identity() { getService(Ci.nsIPermissionManager); pm.removeAll(); - // We spin the event queue until it is empty and we can be sure that sending - // NEWNYM is not leading to a deadlock (see bug 9531 comment 23 for an - // invstigation on why and when this may happen). This is surrounded by - // suppressing/unsuppressing user initiated events in a window's document to - // be sure that these events are not interfering with processing events being - // in the event queue. - var thread = Cc["@mozilla.org/thread-manager;1"]. - getService(Ci.nsIThreadManager).currentThread; - m_tb_domWindowUtils.suppressEventHandling(true); - while (thread.processNextEvent(false)) {} - m_tb_domWindowUtils.suppressEventHandling(false); - torbutton_log(3, "New Identity: Sending NEWNYM"); // We only support TBB for newnym.

1 0

[torbutton/master] Bump version and update changelog for 1.6.12.3.
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit 7f46869cd1b53e9a94dda54bd8101f66b78ed3ab Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon Sep 22 23:24:28 2014 -0700 Bump version and update changelog for 1.6.12.3. --- src/CHANGELOG | 4 ++++ src/install.rdf | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/CHANGELOG b/src/CHANGELOG index f5d32e9..1f925c6 100644 --- a/src/CHANGELOG +++ b/src/CHANGELOG @@ -1,3 +1,7 @@ +1.6.12.3 + 23 Sep 2014 + * Bug 10804: Workaround for some TBB startup hangs + 1.6.12.2 22 Sep 2014 * Bug 13091: Use "Tor Browser" everywhere diff --git a/src/install.rdf b/src/install.rdf index 7e2f4fc..bf5ec16 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -6,7 +6,7 @@ <em:name>Torbutton</em:name> <em:creator>Mike Perry</em:creator> <em:id>torbutton(a)torproject.org</em:id> - <em:version>1.6.12.2</em:version> + <em:version>1.6.12.3</em:version> <em:homepageURL>https://www.torproject.org/projects/torbrowser.html.en</em:homepageURL> <em:optionsURL>chrome://torbutton/content/preferences.xul</em:optionsURL> <em:iconURL>chrome://torbutton/skin/tor.png</em:iconURL>

1 0

[tor-browser/tor-browser-24.8.0esr-3.x-1] fixup! TB4: Tor Browser's Firefox preference overrides.
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit 3c180c71ebadcea1e7913723f5404baba399d657 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Fri Aug 29 15:34:39 2014 -0700 fixup! TB4: Tor Browser's Firefox preference overrides. (missing pref setting for "Bug #2949: Make Intermediate Cert Store memory-only") --- browser/app/profile/000-tor-browser.js | 1 + 1 file changed, 1 insertion(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index a58ce4a..93ed957 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -19,6 +19,7 @@ pref("dom.indexedDB.enabled", false); pref("permissions.memory_only", true); pref("network.cookie.lifetimePolicy", 2); pref("browser.download.manager.retention", 1); +pref("security.nocertdb", true); // Disk activity: TBB Directory Isolation pref("browser.download.useDownloadDir", false);

1 0

[tor-browser/tor-browser-24.8.0esr-4.x-1] fixup! TB4: Tor Browser's Firefox preference overrides.
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit 86e814b7e3693a7e3a5f3339683208d9e7fcabeb Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Fri Aug 29 15:34:39 2014 -0700 fixup! TB4: Tor Browser's Firefox preference overrides. (missing pref setting for "Bug #2949: Make Intermediate Cert Store memory-only") --- browser/app/profile/000-tor-browser.js | 1 + 1 file changed, 1 insertion(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index c557d98..8635015 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -18,6 +18,7 @@ pref("dom.indexedDB.enabled", false); pref("permissions.memory_only", true); pref("network.cookie.lifetimePolicy", 2); pref("browser.download.manager.retention", 1); +pref("security.nocertdb", true); // Disk activity: TBB Directory Isolation pref("browser.download.useDownloadDir", false);

1 0

[tor-browser/tor-browser-24.8.0esr-4.x-1] Bug 13047: Updater should not send Kernel/GTK version
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit e4eca4759ead07562e4f6526b1ce79fe056fd03a Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Thu Sep 18 13:51:43 2014 -0400 Bug 13047: Updater should not send Kernel/GTK version Removed the %OS_VERSION% component from the update URL and replaced the /update/ component of the URL with /update_2/. Added support for minSupportedOSVersion, an attribute of the <update> element that may be used to trigger Firefox's "unsupported platform" behavior. Older versions of TB will ignore this (unknown to them) attribiute. --- browser/app/profile/firefox.js | 2 +- toolkit/mozapps/update/nsUpdateService.js | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js index 3e3a77c..620a7a9 100644 --- a/browser/app/profile/firefox.js +++ b/browser/app/profile/firefox.js @@ -152,7 +152,7 @@ pref("app.update.silent", false); pref("app.update.staging.enabled", true); // Update service URL: -pref("app.update.url", "https://www.torproject.org/dist/torbrowser/update/%CHANNEL%/%BUILD_TARGET%/…"); +pref("app.update.url", "https://www.torproject.org/dist/torbrowser/update_2/%CHANNEL%/%BUILD_TARGET…"); // app.update.url.manual is in branding section // app.update.url.details is in branding section diff --git a/toolkit/mozapps/update/nsUpdateService.js b/toolkit/mozapps/update/nsUpdateService.js index eb4a74a..fbf99a7 100644 --- a/toolkit/mozapps/update/nsUpdateService.js +++ b/toolkit/mozapps/update/nsUpdateService.js @@ -1598,7 +1598,17 @@ function Update(update) { this._patches.push(patch); } - if (this._patches.length == 0 && !update.hasAttribute("unsupported")) + if (update.hasAttribute("unsupported")) + this.unsupported = ("true" == update.getAttribute("unsupported")); + else if (update.hasAttribute("minSupportedOSVersion")) { + let minOSVersion = update.getAttribute("minSupportedOSVersion"); + try { + let osVersion = Services.sysinfo.getProperty("version"); + this.unsupported = (Services.vc.compare(osVersion, minOSVersion) < 0); + } catch (e) {} + } + + if (this._patches.length == 0 && !this.unsupported) throw Cr.NS_ERROR_ILLEGAL_VALUE; // Fallback to the behavior prior to bug 530872 if the update does not have an @@ -1643,15 +1653,13 @@ function Update(update) { if(!isNaN(attr.value)) this.promptWaitTime = parseInt(attr.value); } - else if (attr.name == "unsupported") - this.unsupported = attr.value == "true"; else if (attr.name == "version") { // Prevent version from replacing displayVersion if displayVersion is // present in the update xml. if (!this.displayVersion) this.displayVersion = attr.value; } - else { + else if (attr.name != "unsupported") { this[attr.name] = attr.value; switch (attr.name) {

1 0

[tor-browser/tor-browser-24.8.0esr-4.x-1] Merge remote-tracking branch 'brade/bug13047-03' into tor-browser-24.8.0esr-4.x-1
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit b0cd4e20527b9c1fc603ab1b18a5f36ffc3f726f Merge: 4424293 e4eca47 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon Sep 22 20:19:28 2014 -0700 Merge remote-tracking branch 'brade/bug13047-03' into tor-browser-24.8.0esr-4.x-1 browser/app/profile/firefox.js | 2 +- toolkit/mozapps/update/nsUpdateService.js | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-)

1 0

[tor-browser/tor-browser-24.8.0esr-4.x-1] Bug 13091: Use "Tor Browser" everywhere (space included)
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit b269bb036db77aef26bef86d947006c27992b683 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue Sep 9 11:52:08 2014 -0400 Bug 13091: Use "Tor Browser" everywhere (space included) Changed MOZ_APP_DISPLAYNAME and brandShortName from "TorBrowser" to "Tor Browser". --- .mozconfig | 2 +- .mozconfig-asan | 2 +- .mozconfig-mac | 2 +- .mozconfig-mingw | 2 +- browser/branding/official/configure.sh | 2 +- browser/branding/official/locales/en-US/brand.dtd | 2 +- browser/branding/official/locales/en-US/brand.properties | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.mozconfig b/.mozconfig index 97e0349..f0c5510 100755 --- a/.mozconfig +++ b/.mozconfig @@ -1,7 +1,7 @@ . $topsrcdir/browser/config/mozconfig mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@ -mk_add_options MOZ_APP_DISPLAYNAME=TorBrowser +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" mk_add_options MOZ_MAKE_FLAGS="-j4" mk_add_options MOZILLA_OFFICIAL=1 mk_add_options BUILD_OFFICIAL=1 diff --git a/.mozconfig-asan b/.mozconfig-asan index 32e3096..ffbde72 100644 --- a/.mozconfig-asan +++ b/.mozconfig-asan @@ -10,7 +10,7 @@ export CXXFLAGS="-fsanitize=address -Dxmalloc=myxmalloc -fsanitize=undefined -st export LDFLAGS="-fsanitize=address -fsanitize=undefined" mk_add_option sMOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@ -mk_add_options MOZ_APP_DISPLAYNAME=TorBrowser +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" mk_add_options MOZ_MAKE_FLAGS="-j4" mk_add_options MOZILLA_OFFICIAL=1 mk_add_options BUILD_OFFICIAL=1 diff --git a/.mozconfig-mac b/.mozconfig-mac index 7f28096..01ed601 100644 --- a/.mozconfig-mac +++ b/.mozconfig-mac @@ -25,7 +25,7 @@ LD=$ROOTDIR/x86_64-apple-darwin10-ld STRIP=$ROOTDIR/x86_64-apple-darwin10-strip mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-macos -mk_add_options MOZ_APP_DISPLAYNAME=TorBrowser +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" mk_add_options MOZILLA_OFFICIAL=1 mk_add_options BUILD_OFFICIAL=1 diff --git a/.mozconfig-mingw b/.mozconfig-mingw index 9c8695d..f3fc080 100644 --- a/.mozconfig-mingw +++ b/.mozconfig-mingw @@ -5,7 +5,7 @@ ac_add_options --enable-application=browser ac_add_options --target=i686-w64-mingw32 ac_add_options --enable-default-toolkit=cairo-windows mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-mingw -mk_add_options MOZ_APP_DISPLAYNAME=TorBrowser +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" mk_add_options MOZ_MAKE_FLAGS="-j4" mk_add_options MOZILLA_OFFICIAL=1 mk_add_options BUILD_OFFICIAL=1 diff --git a/browser/branding/official/configure.sh b/browser/branding/official/configure.sh index 33102b0..2b1b638 100644 --- a/browser/branding/official/configure.sh +++ b/browser/branding/official/configure.sh @@ -2,5 +2,5 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -MOZ_APP_DISPLAYNAME=TorBrowser +MOZ_APP_DISPLAYNAME="Tor Browser" MOZ_UA_BUILDID=20100101 diff --git a/browser/branding/official/locales/en-US/brand.dtd b/browser/branding/official/locales/en-US/brand.dtd index 76e405d..59f665e 100644 --- a/browser/branding/official/locales/en-US/brand.dtd +++ b/browser/branding/official/locales/en-US/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/browser/branding/official/locales/en-US/brand.properties b/browser/branding/official/locales/en-US/brand.properties index 9ae168e..f63def3 100644 --- a/browser/branding/official/locales/en-US/brand.properties +++ b/browser/branding/official/locales/en-US/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project

1 0

[tor-browser/tor-browser-24.8.0esr-4.x-1] Merge remote-tracking branch 'brade/bug13049' into tor-browser-24.8.0esr-4.x-1
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit 4424293819b0ae7b184b5e0703e2b4511d1b24f4 Merge: b269bb0 9906e7e Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon Sep 22 20:12:12 2014 -0700 Merge remote-tracking branch 'brade/bug13049' into tor-browser-24.8.0esr-4.x-1 browser/base/content/aboutDialog.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)

1 0

[tor-browser/tor-browser-24.8.0esr-4.x-1] Bug 13049: updater fails (self.update is undefined).
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit 9906e7e26e1dcbf313121dbf46e5a22aa185fd05 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Wed Sep 3 13:56:57 2014 -0400 Bug 13049: updater fails (self.update is undefined). Replace "self.update" with "this.update" in two add-on compatibility check functions. Using self.update (which is undefined) caused the updater to silently fail if one or more installed add-ons were marked in their install.rdf file as not compatible with the new platformVersion. We also replaced "TBB" with "Tor Browser" in the about box text. --- browser/base/content/aboutDialog.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/browser/base/content/aboutDialog.js b/browser/base/content/aboutDialog.js index c72c828..431d520 100644 --- a/browser/base/content/aboutDialog.js +++ b/browser/base/content/aboutDialog.js @@ -49,7 +49,7 @@ function init(aEvent) #ifdef TOR_BROWSER_VERSION let versionElem = document.getElementById("version"); if (versionElem) - versionElem.textContent += " (TBB " + TOR_BROWSER_VERSION + ")"; + versionElem.textContent += " (Tor Browser " + TOR_BROWSER_VERSION + ")"; #endif #ifdef MOZ_UPDATER @@ -444,9 +444,9 @@ appUpdater.prototype = checkAddonsForUpdates: function() { this.addons.forEach(function(aAddon) { #ifdef TOR_BROWSER_UPDATE - let compatVersion = self.update.platformVersion; + let compatVersion = this.update.platformVersion; #else - let compatVersion = self.update.appVersion; + let compatVersion = this.update.appVersion; #endif aAddon.findUpdates(this, AddonManager.UPDATE_WHEN_NEW_APP_DETECTED, compatVersion, @@ -471,9 +471,9 @@ appUpdater.prototype = */ onUpdateAvailable: function(aAddon, aInstall) { #ifdef TOR_BROWSER_UPDATE - let compatVersion = self.update.platformVersion; + let compatVersion = this.update.platformVersion; #else - let compatVersion = self.update.appVersion; + let compatVersion = this.update.appVersion; #endif if (!Services.blocklist.isAddonBlocklisted(aAddon.id, aInstall.version, compatVersion,

1 0

[torbutton/master] Bug 13091: Use "Tor Browser" everywhere (space included)
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit 1eaed5a1f0d9fc01c9db8e1759c7dc3fc17337ad Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue Sep 9 16:57:54 2014 -0400 Bug 13091: Use "Tor Browser" everywhere (space included) Changed MOZ_APP_DISPLAYNAME and brandShortName from "TorBrowser" to "Tor Browser". --- src/chrome/locale/af/brand.dtd | 2 +- src/chrome/locale/af/brand.properties | 2 +- src/chrome/locale/ak/brand.dtd | 2 +- src/chrome/locale/ak/brand.properties | 2 +- src/chrome/locale/am/brand.dtd | 2 +- src/chrome/locale/am/brand.properties | 2 +- src/chrome/locale/arn/brand.dtd | 2 +- src/chrome/locale/arn/brand.properties | 2 +- src/chrome/locale/ast/brand.dtd | 2 +- src/chrome/locale/ast/brand.properties | 2 +- src/chrome/locale/az/brand.dtd | 2 +- src/chrome/locale/az/brand.properties | 2 +- src/chrome/locale/be/brand.dtd | 2 +- src/chrome/locale/be/brand.properties | 2 +- src/chrome/locale/bg/brand.dtd | 2 +- src/chrome/locale/bg/brand.properties | 2 +- src/chrome/locale/bn-IN/brand.dtd | 2 +- src/chrome/locale/bn-IN/brand.properties | 2 +- src/chrome/locale/bn/brand.dtd | 2 +- src/chrome/locale/bn/brand.properties | 2 +- src/chrome/locale/bo/brand.dtd | 2 +- src/chrome/locale/bo/brand.properties | 2 +- src/chrome/locale/br/brand.dtd | 2 +- src/chrome/locale/br/brand.properties | 2 +- src/chrome/locale/bs/brand.dtd | 2 +- src/chrome/locale/bs/brand.properties | 2 +- src/chrome/locale/ca/brand.dtd | 2 +- src/chrome/locale/ca/brand.properties | 2 +- src/chrome/locale/cs/brand.dtd | 2 +- src/chrome/locale/cs/brand.properties | 2 +- src/chrome/locale/csb/brand.dtd | 2 +- src/chrome/locale/csb/brand.properties | 2 +- src/chrome/locale/cy/brand.dtd | 2 +- src/chrome/locale/cy/brand.properties | 2 +- src/chrome/locale/da/brand.dtd | 2 +- src/chrome/locale/da/brand.properties | 2 +- src/chrome/locale/de/brand.dtd | 2 +- src/chrome/locale/de/brand.properties | 2 +- src/chrome/locale/dz/brand.dtd | 2 +- src/chrome/locale/dz/brand.properties | 2 +- src/chrome/locale/el/brand.dtd | 2 +- src/chrome/locale/el/brand.properties | 2 +- src/chrome/locale/en/brand.dtd | 2 +- src/chrome/locale/en/brand.properties | 2 +- src/chrome/locale/eo/brand.dtd | 2 +- src/chrome/locale/eo/brand.properties | 2 +- src/chrome/locale/es/brand.dtd | 2 +- src/chrome/locale/es/brand.properties | 2 +- src/chrome/locale/et/brand.dtd | 2 +- src/chrome/locale/et/brand.properties | 2 +- src/chrome/locale/eu/brand.dtd | 2 +- src/chrome/locale/eu/brand.properties | 2 +- src/chrome/locale/fi/brand.dtd | 2 +- src/chrome/locale/fi/brand.properties | 2 +- src/chrome/locale/fil/brand.dtd | 2 +- src/chrome/locale/fil/brand.properties | 2 +- src/chrome/locale/fo/brand.dtd | 2 +- src/chrome/locale/fo/brand.properties | 2 +- src/chrome/locale/fur/brand.dtd | 2 +- src/chrome/locale/fur/brand.properties | 2 +- src/chrome/locale/fy/brand.dtd | 2 +- src/chrome/locale/fy/brand.properties | 2 +- src/chrome/locale/ga/brand.dtd | 2 +- src/chrome/locale/ga/brand.properties | 2 +- src/chrome/locale/gl/brand.dtd | 2 +- src/chrome/locale/gl/brand.properties | 2 +- src/chrome/locale/gu/brand.dtd | 2 +- src/chrome/locale/gu/brand.properties | 2 +- src/chrome/locale/gun/brand.dtd | 2 +- src/chrome/locale/gun/brand.properties | 2 +- src/chrome/locale/ha/brand.dtd | 2 +- src/chrome/locale/ha/brand.properties | 2 +- src/chrome/locale/he/brand.dtd | 2 +- src/chrome/locale/he/brand.properties | 2 +- src/chrome/locale/hi/brand.dtd | 2 +- src/chrome/locale/hi/brand.properties | 2 +- src/chrome/locale/hr/brand.dtd | 2 +- src/chrome/locale/hr/brand.properties | 2 +- src/chrome/locale/ht/brand.dtd | 2 +- src/chrome/locale/ht/brand.properties | 2 +- src/chrome/locale/hu/brand.dtd | 2 +- src/chrome/locale/hu/brand.properties | 2 +- src/chrome/locale/hy/brand.dtd | 2 +- src/chrome/locale/hy/brand.properties | 2 +- src/chrome/locale/id/brand.dtd | 2 +- src/chrome/locale/id/brand.properties | 2 +- src/chrome/locale/is/brand.dtd | 2 +- src/chrome/locale/is/brand.properties | 2 +- src/chrome/locale/it/brand.dtd | 2 +- src/chrome/locale/it/brand.properties | 2 +- src/chrome/locale/ja/brand.dtd | 2 +- src/chrome/locale/ja/brand.properties | 2 +- src/chrome/locale/jv/brand.dtd | 2 +- src/chrome/locale/jv/brand.properties | 2 +- src/chrome/locale/ka/brand.dtd | 2 +- src/chrome/locale/ka/brand.properties | 2 +- src/chrome/locale/km/brand.dtd | 2 +- src/chrome/locale/km/brand.properties | 2 +- src/chrome/locale/kn/brand.dtd | 2 +- src/chrome/locale/kn/brand.properties | 2 +- src/chrome/locale/ku/brand.dtd | 2 +- src/chrome/locale/ku/brand.properties | 2 +- src/chrome/locale/kw/brand.dtd | 2 +- src/chrome/locale/kw/brand.properties | 2 +- src/chrome/locale/ky/brand.dtd | 2 +- src/chrome/locale/ky/brand.properties | 2 +- src/chrome/locale/lb/brand.dtd | 2 +- src/chrome/locale/lb/brand.properties | 2 +- src/chrome/locale/ln/brand.dtd | 2 +- src/chrome/locale/ln/brand.properties | 2 +- src/chrome/locale/lo/brand.dtd | 2 +- src/chrome/locale/lo/brand.properties | 2 +- src/chrome/locale/lt/brand.dtd | 2 +- src/chrome/locale/lt/brand.properties | 2 +- src/chrome/locale/lv/brand.dtd | 2 +- src/chrome/locale/lv/brand.properties | 2 +- src/chrome/locale/mg/brand.dtd | 2 +- src/chrome/locale/mg/brand.properties | 2 +- src/chrome/locale/mi/brand.dtd | 2 +- src/chrome/locale/mi/brand.properties | 2 +- src/chrome/locale/mk/brand.dtd | 2 +- src/chrome/locale/mk/brand.properties | 2 +- src/chrome/locale/ml/brand.dtd | 2 +- src/chrome/locale/ml/brand.properties | 2 +- src/chrome/locale/mn/brand.dtd | 2 +- src/chrome/locale/mn/brand.properties | 2 +- src/chrome/locale/mr/brand.dtd | 2 +- src/chrome/locale/mr/brand.properties | 2 +- src/chrome/locale/ms/brand.dtd | 2 +- src/chrome/locale/ms/brand.properties | 2 +- src/chrome/locale/mt/brand.dtd | 2 +- src/chrome/locale/mt/brand.properties | 2 +- src/chrome/locale/my/brand.dtd | 2 +- src/chrome/locale/my/brand.properties | 2 +- src/chrome/locale/nah/brand.dtd | 2 +- src/chrome/locale/nah/brand.properties | 2 +- src/chrome/locale/nap/brand.dtd | 2 +- src/chrome/locale/nap/brand.properties | 2 +- src/chrome/locale/nb/brand.dtd | 2 +- src/chrome/locale/nb/brand.properties | 2 +- src/chrome/locale/ne/brand.dtd | 2 +- src/chrome/locale/ne/brand.properties | 2 +- src/chrome/locale/nl/brand.dtd | 2 +- src/chrome/locale/nl/brand.properties | 2 +- src/chrome/locale/nn/brand.dtd | 2 +- src/chrome/locale/nn/brand.properties | 2 +- src/chrome/locale/nso/brand.dtd | 2 +- src/chrome/locale/nso/brand.properties | 2 +- src/chrome/locale/oc/brand.dtd | 2 +- src/chrome/locale/oc/brand.properties | 2 +- src/chrome/locale/or/brand.dtd | 2 +- src/chrome/locale/or/brand.properties | 2 +- src/chrome/locale/pa/brand.dtd | 2 +- src/chrome/locale/pa/brand.properties | 2 +- src/chrome/locale/pap/brand.dtd | 2 +- src/chrome/locale/pap/brand.properties | 2 +- src/chrome/locale/pms/brand.dtd | 2 +- src/chrome/locale/pms/brand.properties | 2 +- src/chrome/locale/ps/brand.dtd | 2 +- src/chrome/locale/ps/brand.properties | 2 +- src/chrome/locale/pt-BR/brand.dtd | 2 +- src/chrome/locale/pt-BR/brand.properties | 2 +- src/chrome/locale/ro/brand.dtd | 2 +- src/chrome/locale/ro/brand.properties | 2 +- src/chrome/locale/ru/brand.dtd | 2 +- src/chrome/locale/ru/brand.properties | 2 +- src/chrome/locale/sco/brand.dtd | 2 +- src/chrome/locale/sco/brand.properties | 2 +- src/chrome/locale/sk/brand.dtd | 2 +- src/chrome/locale/sk/brand.properties | 2 +- src/chrome/locale/sl/brand.dtd | 2 +- src/chrome/locale/sl/brand.properties | 2 +- src/chrome/locale/so/brand.dtd | 2 +- src/chrome/locale/so/brand.properties | 2 +- src/chrome/locale/son/brand.dtd | 2 +- src/chrome/locale/son/brand.properties | 2 +- src/chrome/locale/sq/brand.dtd | 2 +- src/chrome/locale/sq/brand.properties | 2 +- src/chrome/locale/sr/brand.dtd | 2 +- src/chrome/locale/sr/brand.properties | 2 +- src/chrome/locale/st/brand.dtd | 2 +- src/chrome/locale/st/brand.properties | 2 +- src/chrome/locale/su/brand.dtd | 2 +- src/chrome/locale/su/brand.properties | 2 +- src/chrome/locale/sv/brand.dtd | 2 +- src/chrome/locale/sv/brand.properties | 2 +- src/chrome/locale/sw/brand.dtd | 2 +- src/chrome/locale/sw/brand.properties | 2 +- src/chrome/locale/ta/brand.dtd | 2 +- src/chrome/locale/ta/brand.properties | 2 +- src/chrome/locale/te/brand.dtd | 2 +- src/chrome/locale/te/brand.properties | 2 +- src/chrome/locale/tg/brand.dtd | 2 +- src/chrome/locale/tg/brand.properties | 2 +- src/chrome/locale/th/brand.dtd | 2 +- src/chrome/locale/th/brand.properties | 2 +- src/chrome/locale/ti/brand.dtd | 2 +- src/chrome/locale/ti/brand.properties | 2 +- src/chrome/locale/tk/brand.dtd | 2 +- src/chrome/locale/tk/brand.properties | 2 +- src/chrome/locale/tr/brand.dtd | 2 +- src/chrome/locale/tr/brand.properties | 2 +- src/chrome/locale/uk/brand.dtd | 2 +- src/chrome/locale/uk/brand.properties | 2 +- src/chrome/locale/ur/brand.dtd | 2 +- src/chrome/locale/ur/brand.properties | 2 +- src/chrome/locale/ve/brand.dtd | 2 +- src/chrome/locale/ve/brand.properties | 2 +- src/chrome/locale/vi/brand.dtd | 2 +- src/chrome/locale/vi/brand.properties | 2 +- src/chrome/locale/wa/brand.dtd | 2 +- src/chrome/locale/wa/brand.properties | 2 +- src/chrome/locale/wo/brand.dtd | 2 +- src/chrome/locale/wo/brand.properties | 2 +- src/chrome/locale/zh-CN/brand.dtd | 2 +- src/chrome/locale/zh-CN/brand.properties | 2 +- src/chrome/locale/zh-HK/brand.dtd | 2 +- src/chrome/locale/zh-HK/brand.properties | 2 +- src/chrome/locale/zh-TW/brand.dtd | 2 +- src/chrome/locale/zh-TW/brand.properties | 2 +- src/chrome/locale/zu/brand.dtd | 2 +- src/chrome/locale/zu/brand.properties | 2 +- 222 files changed, 222 insertions(+), 222 deletions(-) diff --git a/src/chrome/locale/af/brand.dtd b/src/chrome/locale/af/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/af/brand.dtd +++ b/src/chrome/locale/af/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/af/brand.properties b/src/chrome/locale/af/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/af/brand.properties +++ b/src/chrome/locale/af/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ak/brand.dtd b/src/chrome/locale/ak/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ak/brand.dtd +++ b/src/chrome/locale/ak/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ak/brand.properties b/src/chrome/locale/ak/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ak/brand.properties +++ b/src/chrome/locale/ak/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/am/brand.dtd b/src/chrome/locale/am/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/am/brand.dtd +++ b/src/chrome/locale/am/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/am/brand.properties b/src/chrome/locale/am/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/am/brand.properties +++ b/src/chrome/locale/am/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/arn/brand.dtd b/src/chrome/locale/arn/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/arn/brand.dtd +++ b/src/chrome/locale/arn/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/arn/brand.properties b/src/chrome/locale/arn/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/arn/brand.properties +++ b/src/chrome/locale/arn/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ast/brand.dtd b/src/chrome/locale/ast/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ast/brand.dtd +++ b/src/chrome/locale/ast/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ast/brand.properties b/src/chrome/locale/ast/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ast/brand.properties +++ b/src/chrome/locale/ast/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/az/brand.dtd b/src/chrome/locale/az/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/az/brand.dtd +++ b/src/chrome/locale/az/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/az/brand.properties b/src/chrome/locale/az/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/az/brand.properties +++ b/src/chrome/locale/az/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/be/brand.dtd b/src/chrome/locale/be/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/be/brand.dtd +++ b/src/chrome/locale/be/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/be/brand.properties b/src/chrome/locale/be/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/be/brand.properties +++ b/src/chrome/locale/be/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/bg/brand.dtd b/src/chrome/locale/bg/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/bg/brand.dtd +++ b/src/chrome/locale/bg/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/bg/brand.properties b/src/chrome/locale/bg/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/bg/brand.properties +++ b/src/chrome/locale/bg/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/bn-IN/brand.dtd b/src/chrome/locale/bn-IN/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/bn-IN/brand.dtd +++ b/src/chrome/locale/bn-IN/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/bn-IN/brand.properties b/src/chrome/locale/bn-IN/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/bn-IN/brand.properties +++ b/src/chrome/locale/bn-IN/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/bn/brand.dtd b/src/chrome/locale/bn/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/bn/brand.dtd +++ b/src/chrome/locale/bn/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/bn/brand.properties b/src/chrome/locale/bn/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/bn/brand.properties +++ b/src/chrome/locale/bn/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/bo/brand.dtd b/src/chrome/locale/bo/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/bo/brand.dtd +++ b/src/chrome/locale/bo/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/bo/brand.properties b/src/chrome/locale/bo/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/bo/brand.properties +++ b/src/chrome/locale/bo/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/br/brand.dtd b/src/chrome/locale/br/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/br/brand.dtd +++ b/src/chrome/locale/br/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/br/brand.properties b/src/chrome/locale/br/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/br/brand.properties +++ b/src/chrome/locale/br/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/bs/brand.dtd b/src/chrome/locale/bs/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/bs/brand.dtd +++ b/src/chrome/locale/bs/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/bs/brand.properties b/src/chrome/locale/bs/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/bs/brand.properties +++ b/src/chrome/locale/bs/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ca/brand.dtd b/src/chrome/locale/ca/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ca/brand.dtd +++ b/src/chrome/locale/ca/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ca/brand.properties b/src/chrome/locale/ca/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ca/brand.properties +++ b/src/chrome/locale/ca/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/cs/brand.dtd b/src/chrome/locale/cs/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/cs/brand.dtd +++ b/src/chrome/locale/cs/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/cs/brand.properties b/src/chrome/locale/cs/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/cs/brand.properties +++ b/src/chrome/locale/cs/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/csb/brand.dtd b/src/chrome/locale/csb/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/csb/brand.dtd +++ b/src/chrome/locale/csb/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/csb/brand.properties b/src/chrome/locale/csb/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/csb/brand.properties +++ b/src/chrome/locale/csb/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/cy/brand.dtd b/src/chrome/locale/cy/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/cy/brand.dtd +++ b/src/chrome/locale/cy/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/cy/brand.properties b/src/chrome/locale/cy/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/cy/brand.properties +++ b/src/chrome/locale/cy/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/da/brand.dtd b/src/chrome/locale/da/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/da/brand.dtd +++ b/src/chrome/locale/da/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/da/brand.properties b/src/chrome/locale/da/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/da/brand.properties +++ b/src/chrome/locale/da/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/de/brand.dtd b/src/chrome/locale/de/brand.dtd index cbe3b6b..e3a2aae 100644 --- a/src/chrome/locale/de/brand.dtd +++ b/src/chrome/locale/de/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor-Browser"> <!ENTITY brandFullName "Tor-Browser"> <!ENTITY vendorShortName "Tor-Projekt"> <!ENTITY trademarkInfo.part1 "Firefox und die Firefox-Logos sind Warenzeichen der Mozilla Foundation."> diff --git a/src/chrome/locale/de/brand.properties b/src/chrome/locale/de/brand.properties index 9e215e9..84e9a07 100644 --- a/src/chrome/locale/de/brand.properties +++ b/src/chrome/locale/de/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor-Browser brandFullName=Tor-Browser vendorShortName=Tor-Projekt diff --git a/src/chrome/locale/dz/brand.dtd b/src/chrome/locale/dz/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/dz/brand.dtd +++ b/src/chrome/locale/dz/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/dz/brand.properties b/src/chrome/locale/dz/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/dz/brand.properties +++ b/src/chrome/locale/dz/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/el/brand.dtd b/src/chrome/locale/el/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/el/brand.dtd +++ b/src/chrome/locale/el/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/el/brand.properties b/src/chrome/locale/el/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/el/brand.properties +++ b/src/chrome/locale/el/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/en/brand.dtd b/src/chrome/locale/en/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/en/brand.dtd +++ b/src/chrome/locale/en/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/en/brand.properties b/src/chrome/locale/en/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/en/brand.properties +++ b/src/chrome/locale/en/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/eo/brand.dtd b/src/chrome/locale/eo/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/eo/brand.dtd +++ b/src/chrome/locale/eo/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/eo/brand.properties b/src/chrome/locale/eo/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/eo/brand.properties +++ b/src/chrome/locale/eo/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/es/brand.dtd b/src/chrome/locale/es/brand.dtd index b2fd420..7710d47 100644 --- a/src/chrome/locale/es/brand.dtd +++ b/src/chrome/locale/es/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "NavegadorTor"> +<!ENTITY brandShortName "Navegador Tor"> <!ENTITY brandFullName "Navegador Tor"> <!ENTITY vendorShortName "Proyecto Tor"> <!ENTITY trademarkInfo.part1 "Firefox y los logotipos de Firefox son marcas registradas de la Mozilla Foundation."> diff --git a/src/chrome/locale/es/brand.properties b/src/chrome/locale/es/brand.properties index 3015f97..035057f 100644 --- a/src/chrome/locale/es/brand.properties +++ b/src/chrome/locale/es/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=NavegadorTor +brandShortName=Navegador Tor brandFullName=Navegador Tor vendorShortName=Proyecto Tor diff --git a/src/chrome/locale/et/brand.dtd b/src/chrome/locale/et/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/et/brand.dtd +++ b/src/chrome/locale/et/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/et/brand.properties b/src/chrome/locale/et/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/et/brand.properties +++ b/src/chrome/locale/et/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/eu/brand.dtd b/src/chrome/locale/eu/brand.dtd index 94325ee..f144e27 100644 --- a/src/chrome/locale/eu/brand.dtd +++ b/src/chrome/locale/eu/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox eta Firefox logoak Mozilla Fundazioaren marka errgistratuak dira."> diff --git a/src/chrome/locale/eu/brand.properties b/src/chrome/locale/eu/brand.properties index 0c4713e..341c4df 100644 --- a/src/chrome/locale/eu/brand.properties +++ b/src/chrome/locale/eu/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/fi/brand.dtd b/src/chrome/locale/fi/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/fi/brand.dtd +++ b/src/chrome/locale/fi/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/fi/brand.properties b/src/chrome/locale/fi/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/fi/brand.properties +++ b/src/chrome/locale/fi/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/fil/brand.dtd b/src/chrome/locale/fil/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/fil/brand.dtd +++ b/src/chrome/locale/fil/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/fil/brand.properties b/src/chrome/locale/fil/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/fil/brand.properties +++ b/src/chrome/locale/fil/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/fo/brand.dtd b/src/chrome/locale/fo/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/fo/brand.dtd +++ b/src/chrome/locale/fo/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/fo/brand.properties b/src/chrome/locale/fo/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/fo/brand.properties +++ b/src/chrome/locale/fo/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/fur/brand.dtd b/src/chrome/locale/fur/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/fur/brand.dtd +++ b/src/chrome/locale/fur/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/fur/brand.properties b/src/chrome/locale/fur/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/fur/brand.properties +++ b/src/chrome/locale/fur/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/fy/brand.dtd b/src/chrome/locale/fy/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/fy/brand.dtd +++ b/src/chrome/locale/fy/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/fy/brand.properties b/src/chrome/locale/fy/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/fy/brand.properties +++ b/src/chrome/locale/fy/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ga/brand.dtd b/src/chrome/locale/ga/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ga/brand.dtd +++ b/src/chrome/locale/ga/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ga/brand.properties b/src/chrome/locale/ga/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ga/brand.properties +++ b/src/chrome/locale/ga/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/gl/brand.dtd b/src/chrome/locale/gl/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/gl/brand.dtd +++ b/src/chrome/locale/gl/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/gl/brand.properties b/src/chrome/locale/gl/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/gl/brand.properties +++ b/src/chrome/locale/gl/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/gu/brand.dtd b/src/chrome/locale/gu/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/gu/brand.dtd +++ b/src/chrome/locale/gu/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/gu/brand.properties b/src/chrome/locale/gu/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/gu/brand.properties +++ b/src/chrome/locale/gu/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/gun/brand.dtd b/src/chrome/locale/gun/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/gun/brand.dtd +++ b/src/chrome/locale/gun/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/gun/brand.properties b/src/chrome/locale/gun/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/gun/brand.properties +++ b/src/chrome/locale/gun/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ha/brand.dtd b/src/chrome/locale/ha/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ha/brand.dtd +++ b/src/chrome/locale/ha/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ha/brand.properties b/src/chrome/locale/ha/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ha/brand.properties +++ b/src/chrome/locale/ha/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/he/brand.dtd b/src/chrome/locale/he/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/he/brand.dtd +++ b/src/chrome/locale/he/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/he/brand.properties b/src/chrome/locale/he/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/he/brand.properties +++ b/src/chrome/locale/he/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/hi/brand.dtd b/src/chrome/locale/hi/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/hi/brand.dtd +++ b/src/chrome/locale/hi/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/hi/brand.properties b/src/chrome/locale/hi/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/hi/brand.properties +++ b/src/chrome/locale/hi/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/hr/brand.dtd b/src/chrome/locale/hr/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/hr/brand.dtd +++ b/src/chrome/locale/hr/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/hr/brand.properties b/src/chrome/locale/hr/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/hr/brand.properties +++ b/src/chrome/locale/hr/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ht/brand.dtd b/src/chrome/locale/ht/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ht/brand.dtd +++ b/src/chrome/locale/ht/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ht/brand.properties b/src/chrome/locale/ht/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ht/brand.properties +++ b/src/chrome/locale/ht/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/hu/brand.dtd b/src/chrome/locale/hu/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/hu/brand.dtd +++ b/src/chrome/locale/hu/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/hu/brand.properties b/src/chrome/locale/hu/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/hu/brand.properties +++ b/src/chrome/locale/hu/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/hy/brand.dtd b/src/chrome/locale/hy/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/hy/brand.dtd +++ b/src/chrome/locale/hy/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/hy/brand.properties b/src/chrome/locale/hy/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/hy/brand.properties +++ b/src/chrome/locale/hy/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/id/brand.dtd b/src/chrome/locale/id/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/id/brand.dtd +++ b/src/chrome/locale/id/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/id/brand.properties b/src/chrome/locale/id/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/id/brand.properties +++ b/src/chrome/locale/id/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/is/brand.dtd b/src/chrome/locale/is/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/is/brand.dtd +++ b/src/chrome/locale/is/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/is/brand.properties b/src/chrome/locale/is/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/is/brand.properties +++ b/src/chrome/locale/is/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/it/brand.dtd b/src/chrome/locale/it/brand.dtd index b8f6fe9..f813020 100644 --- a/src/chrome/locale/it/brand.dtd +++ b/src/chrome/locale/it/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox e i loghi Firefox sono marchi registrati della Mozilla Foundation."> diff --git a/src/chrome/locale/it/brand.properties b/src/chrome/locale/it/brand.properties index ee1a15f..3308a03 100644 --- a/src/chrome/locale/it/brand.properties +++ b/src/chrome/locale/it/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ja/brand.dtd b/src/chrome/locale/ja/brand.dtd index 72bd4a1..dd9e0d2 100644 --- a/src/chrome/locale/ja/brand.dtd +++ b/src/chrome/locale/ja/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "FirefoxおよびFirefoxのロゴはMozilla財団の登録商標です。"> diff --git a/src/chrome/locale/ja/brand.properties b/src/chrome/locale/ja/brand.properties index 2f0fa2c..e7f8d56 100644 --- a/src/chrome/locale/ja/brand.properties +++ b/src/chrome/locale/ja/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/jv/brand.dtd b/src/chrome/locale/jv/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/jv/brand.dtd +++ b/src/chrome/locale/jv/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/jv/brand.properties b/src/chrome/locale/jv/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/jv/brand.properties +++ b/src/chrome/locale/jv/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ka/brand.dtd b/src/chrome/locale/ka/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ka/brand.dtd +++ b/src/chrome/locale/ka/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ka/brand.properties b/src/chrome/locale/ka/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ka/brand.properties +++ b/src/chrome/locale/ka/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/km/brand.dtd b/src/chrome/locale/km/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/km/brand.dtd +++ b/src/chrome/locale/km/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/km/brand.properties b/src/chrome/locale/km/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/km/brand.properties +++ b/src/chrome/locale/km/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/kn/brand.dtd b/src/chrome/locale/kn/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/kn/brand.dtd +++ b/src/chrome/locale/kn/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/kn/brand.properties b/src/chrome/locale/kn/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/kn/brand.properties +++ b/src/chrome/locale/kn/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ku/brand.dtd b/src/chrome/locale/ku/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ku/brand.dtd +++ b/src/chrome/locale/ku/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ku/brand.properties b/src/chrome/locale/ku/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ku/brand.properties +++ b/src/chrome/locale/ku/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/kw/brand.dtd b/src/chrome/locale/kw/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/kw/brand.dtd +++ b/src/chrome/locale/kw/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/kw/brand.properties b/src/chrome/locale/kw/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/kw/brand.properties +++ b/src/chrome/locale/kw/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ky/brand.dtd b/src/chrome/locale/ky/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ky/brand.dtd +++ b/src/chrome/locale/ky/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ky/brand.properties b/src/chrome/locale/ky/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ky/brand.properties +++ b/src/chrome/locale/ky/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/lb/brand.dtd b/src/chrome/locale/lb/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/lb/brand.dtd +++ b/src/chrome/locale/lb/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/lb/brand.properties b/src/chrome/locale/lb/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/lb/brand.properties +++ b/src/chrome/locale/lb/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ln/brand.dtd b/src/chrome/locale/ln/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ln/brand.dtd +++ b/src/chrome/locale/ln/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ln/brand.properties b/src/chrome/locale/ln/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ln/brand.properties +++ b/src/chrome/locale/ln/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/lo/brand.dtd b/src/chrome/locale/lo/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/lo/brand.dtd +++ b/src/chrome/locale/lo/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/lo/brand.properties b/src/chrome/locale/lo/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/lo/brand.properties +++ b/src/chrome/locale/lo/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/lt/brand.dtd b/src/chrome/locale/lt/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/lt/brand.dtd +++ b/src/chrome/locale/lt/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/lt/brand.properties b/src/chrome/locale/lt/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/lt/brand.properties +++ b/src/chrome/locale/lt/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/lv/brand.dtd b/src/chrome/locale/lv/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/lv/brand.dtd +++ b/src/chrome/locale/lv/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/lv/brand.properties b/src/chrome/locale/lv/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/lv/brand.properties +++ b/src/chrome/locale/lv/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/mg/brand.dtd b/src/chrome/locale/mg/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/mg/brand.dtd +++ b/src/chrome/locale/mg/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/mg/brand.properties b/src/chrome/locale/mg/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/mg/brand.properties +++ b/src/chrome/locale/mg/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/mi/brand.dtd b/src/chrome/locale/mi/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/mi/brand.dtd +++ b/src/chrome/locale/mi/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/mi/brand.properties b/src/chrome/locale/mi/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/mi/brand.properties +++ b/src/chrome/locale/mi/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/mk/brand.dtd b/src/chrome/locale/mk/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/mk/brand.dtd +++ b/src/chrome/locale/mk/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/mk/brand.properties b/src/chrome/locale/mk/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/mk/brand.properties +++ b/src/chrome/locale/mk/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ml/brand.dtd b/src/chrome/locale/ml/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ml/brand.dtd +++ b/src/chrome/locale/ml/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ml/brand.properties b/src/chrome/locale/ml/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ml/brand.properties +++ b/src/chrome/locale/ml/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/mn/brand.dtd b/src/chrome/locale/mn/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/mn/brand.dtd +++ b/src/chrome/locale/mn/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/mn/brand.properties b/src/chrome/locale/mn/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/mn/brand.properties +++ b/src/chrome/locale/mn/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/mr/brand.dtd b/src/chrome/locale/mr/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/mr/brand.dtd +++ b/src/chrome/locale/mr/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/mr/brand.properties b/src/chrome/locale/mr/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/mr/brand.properties +++ b/src/chrome/locale/mr/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ms/brand.dtd b/src/chrome/locale/ms/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ms/brand.dtd +++ b/src/chrome/locale/ms/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ms/brand.properties b/src/chrome/locale/ms/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ms/brand.properties +++ b/src/chrome/locale/ms/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/mt/brand.dtd b/src/chrome/locale/mt/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/mt/brand.dtd +++ b/src/chrome/locale/mt/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/mt/brand.properties b/src/chrome/locale/mt/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/mt/brand.properties +++ b/src/chrome/locale/mt/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/my/brand.dtd b/src/chrome/locale/my/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/my/brand.dtd +++ b/src/chrome/locale/my/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/my/brand.properties b/src/chrome/locale/my/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/my/brand.properties +++ b/src/chrome/locale/my/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/nah/brand.dtd b/src/chrome/locale/nah/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/nah/brand.dtd +++ b/src/chrome/locale/nah/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/nah/brand.properties b/src/chrome/locale/nah/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/nah/brand.properties +++ b/src/chrome/locale/nah/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/nap/brand.dtd b/src/chrome/locale/nap/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/nap/brand.dtd +++ b/src/chrome/locale/nap/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/nap/brand.properties b/src/chrome/locale/nap/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/nap/brand.properties +++ b/src/chrome/locale/nap/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/nb/brand.dtd b/src/chrome/locale/nb/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/nb/brand.dtd +++ b/src/chrome/locale/nb/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/nb/brand.properties b/src/chrome/locale/nb/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/nb/brand.properties +++ b/src/chrome/locale/nb/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ne/brand.dtd b/src/chrome/locale/ne/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ne/brand.dtd +++ b/src/chrome/locale/ne/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ne/brand.properties b/src/chrome/locale/ne/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ne/brand.properties +++ b/src/chrome/locale/ne/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/nl/brand.dtd b/src/chrome/locale/nl/brand.dtd index 111e9a9..af3e58a 100644 --- a/src/chrome/locale/nl/brand.dtd +++ b/src/chrome/locale/nl/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and het Firefox logo zijn handelsmerken van de Mozilla Foundation."> diff --git a/src/chrome/locale/nl/brand.properties b/src/chrome/locale/nl/brand.properties index b03e3a7..33caa67 100644 --- a/src/chrome/locale/nl/brand.properties +++ b/src/chrome/locale/nl/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/nn/brand.dtd b/src/chrome/locale/nn/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/nn/brand.dtd +++ b/src/chrome/locale/nn/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/nn/brand.properties b/src/chrome/locale/nn/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/nn/brand.properties +++ b/src/chrome/locale/nn/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/nso/brand.dtd b/src/chrome/locale/nso/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/nso/brand.dtd +++ b/src/chrome/locale/nso/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/nso/brand.properties b/src/chrome/locale/nso/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/nso/brand.properties +++ b/src/chrome/locale/nso/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/oc/brand.dtd b/src/chrome/locale/oc/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/oc/brand.dtd +++ b/src/chrome/locale/oc/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/oc/brand.properties b/src/chrome/locale/oc/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/oc/brand.properties +++ b/src/chrome/locale/oc/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/or/brand.dtd b/src/chrome/locale/or/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/or/brand.dtd +++ b/src/chrome/locale/or/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/or/brand.properties b/src/chrome/locale/or/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/or/brand.properties +++ b/src/chrome/locale/or/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/pa/brand.dtd b/src/chrome/locale/pa/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/pa/brand.dtd +++ b/src/chrome/locale/pa/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/pa/brand.properties b/src/chrome/locale/pa/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/pa/brand.properties +++ b/src/chrome/locale/pa/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/pap/brand.dtd b/src/chrome/locale/pap/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/pap/brand.dtd +++ b/src/chrome/locale/pap/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/pap/brand.properties b/src/chrome/locale/pap/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/pap/brand.properties +++ b/src/chrome/locale/pap/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/pms/brand.dtd b/src/chrome/locale/pms/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/pms/brand.dtd +++ b/src/chrome/locale/pms/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/pms/brand.properties b/src/chrome/locale/pms/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/pms/brand.properties +++ b/src/chrome/locale/pms/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ps/brand.dtd b/src/chrome/locale/ps/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ps/brand.dtd +++ b/src/chrome/locale/ps/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ps/brand.properties b/src/chrome/locale/ps/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ps/brand.properties +++ b/src/chrome/locale/ps/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/pt-BR/brand.dtd b/src/chrome/locale/pt-BR/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/pt-BR/brand.dtd +++ b/src/chrome/locale/pt-BR/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/pt-BR/brand.properties b/src/chrome/locale/pt-BR/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/pt-BR/brand.properties +++ b/src/chrome/locale/pt-BR/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ro/brand.dtd b/src/chrome/locale/ro/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ro/brand.dtd +++ b/src/chrome/locale/ro/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ro/brand.properties b/src/chrome/locale/ro/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ro/brand.properties +++ b/src/chrome/locale/ro/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ru/brand.dtd b/src/chrome/locale/ru/brand.dtd index b41f8ab..043e478 100644 --- a/src/chrome/locale/ru/brand.dtd +++ b/src/chrome/locale/ru/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Проект Tor"> <!ENTITY trademarkInfo.part1 "Firefox и его логотипы это торговые знаки Mozilla Foundation."> diff --git a/src/chrome/locale/ru/brand.properties b/src/chrome/locale/ru/brand.properties index d4788a7..93347e1 100644 --- a/src/chrome/locale/ru/brand.properties +++ b/src/chrome/locale/ru/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Проект Tor diff --git a/src/chrome/locale/sco/brand.dtd b/src/chrome/locale/sco/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/sco/brand.dtd +++ b/src/chrome/locale/sco/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/sco/brand.properties b/src/chrome/locale/sco/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/sco/brand.properties +++ b/src/chrome/locale/sco/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/sk/brand.dtd b/src/chrome/locale/sk/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/sk/brand.dtd +++ b/src/chrome/locale/sk/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/sk/brand.properties b/src/chrome/locale/sk/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/sk/brand.properties +++ b/src/chrome/locale/sk/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/sl/brand.dtd b/src/chrome/locale/sl/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/sl/brand.dtd +++ b/src/chrome/locale/sl/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/sl/brand.properties b/src/chrome/locale/sl/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/sl/brand.properties +++ b/src/chrome/locale/sl/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/so/brand.dtd b/src/chrome/locale/so/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/so/brand.dtd +++ b/src/chrome/locale/so/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/so/brand.properties b/src/chrome/locale/so/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/so/brand.properties +++ b/src/chrome/locale/so/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/son/brand.dtd b/src/chrome/locale/son/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/son/brand.dtd +++ b/src/chrome/locale/son/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/son/brand.properties b/src/chrome/locale/son/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/son/brand.properties +++ b/src/chrome/locale/son/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/sq/brand.dtd b/src/chrome/locale/sq/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/sq/brand.dtd +++ b/src/chrome/locale/sq/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/sq/brand.properties b/src/chrome/locale/sq/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/sq/brand.properties +++ b/src/chrome/locale/sq/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/sr/brand.dtd b/src/chrome/locale/sr/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/sr/brand.dtd +++ b/src/chrome/locale/sr/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/sr/brand.properties b/src/chrome/locale/sr/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/sr/brand.properties +++ b/src/chrome/locale/sr/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/st/brand.dtd b/src/chrome/locale/st/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/st/brand.dtd +++ b/src/chrome/locale/st/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/st/brand.properties b/src/chrome/locale/st/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/st/brand.properties +++ b/src/chrome/locale/st/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/su/brand.dtd b/src/chrome/locale/su/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/su/brand.dtd +++ b/src/chrome/locale/su/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/su/brand.properties b/src/chrome/locale/su/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/su/brand.properties +++ b/src/chrome/locale/su/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/sv/brand.dtd b/src/chrome/locale/sv/brand.dtd index bb0174f..72b2120 100644 --- a/src/chrome/locale/sv/brand.dtd +++ b/src/chrome/locale/sv/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor webbläsaren"> <!ENTITY vendorShortName "Tor projektet"> <!ENTITY trademarkInfo.part1 "Firefox och Firefox logotypen är varumärken tillhörande Mozilla Foundation."> diff --git a/src/chrome/locale/sv/brand.properties b/src/chrome/locale/sv/brand.properties index 3bf264b..2b65162 100644 --- a/src/chrome/locale/sv/brand.properties +++ b/src/chrome/locale/sv/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor webbläsaren vendorShortName=Tor projektet diff --git a/src/chrome/locale/sw/brand.dtd b/src/chrome/locale/sw/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/sw/brand.dtd +++ b/src/chrome/locale/sw/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/sw/brand.properties b/src/chrome/locale/sw/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/sw/brand.properties +++ b/src/chrome/locale/sw/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ta/brand.dtd b/src/chrome/locale/ta/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ta/brand.dtd +++ b/src/chrome/locale/ta/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ta/brand.properties b/src/chrome/locale/ta/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ta/brand.properties +++ b/src/chrome/locale/ta/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/te/brand.dtd b/src/chrome/locale/te/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/te/brand.dtd +++ b/src/chrome/locale/te/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/te/brand.properties b/src/chrome/locale/te/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/te/brand.properties +++ b/src/chrome/locale/te/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/tg/brand.dtd b/src/chrome/locale/tg/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/tg/brand.dtd +++ b/src/chrome/locale/tg/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/tg/brand.properties b/src/chrome/locale/tg/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/tg/brand.properties +++ b/src/chrome/locale/tg/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/th/brand.dtd b/src/chrome/locale/th/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/th/brand.dtd +++ b/src/chrome/locale/th/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/th/brand.properties b/src/chrome/locale/th/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/th/brand.properties +++ b/src/chrome/locale/th/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ti/brand.dtd b/src/chrome/locale/ti/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ti/brand.dtd +++ b/src/chrome/locale/ti/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ti/brand.properties b/src/chrome/locale/ti/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ti/brand.properties +++ b/src/chrome/locale/ti/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/tk/brand.dtd b/src/chrome/locale/tk/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/tk/brand.dtd +++ b/src/chrome/locale/tk/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/tk/brand.properties b/src/chrome/locale/tk/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/tk/brand.properties +++ b/src/chrome/locale/tk/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/tr/brand.dtd b/src/chrome/locale/tr/brand.dtd index 68f8c1c..f07182a 100644 --- a/src/chrome/locale/tr/brand.dtd +++ b/src/chrome/locale/tr/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorTarayıcı"> +<!ENTITY brandShortName "Tor Tarayıcı"> <!ENTITY brandFullName "Tor Tarayıcı"> <!ENTITY vendorShortName "Tor Projesi"> <!ENTITY trademarkInfo.part1 "Firefox ve Firefox logoları Mozilla Vakfı'nın ticari markalarıdır."> diff --git a/src/chrome/locale/tr/brand.properties b/src/chrome/locale/tr/brand.properties index a4220f9..2ae02b1 100644 --- a/src/chrome/locale/tr/brand.properties +++ b/src/chrome/locale/tr/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorTarayıcı +brandShortName=Tor Tarayıcı brandFullName=Tor Tarayıcı vendorShortName=Tor Projesi diff --git a/src/chrome/locale/uk/brand.dtd b/src/chrome/locale/uk/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/uk/brand.dtd +++ b/src/chrome/locale/uk/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/uk/brand.properties b/src/chrome/locale/uk/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/uk/brand.properties +++ b/src/chrome/locale/uk/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ur/brand.dtd b/src/chrome/locale/ur/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ur/brand.dtd +++ b/src/chrome/locale/ur/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ur/brand.properties b/src/chrome/locale/ur/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ur/brand.properties +++ b/src/chrome/locale/ur/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/ve/brand.dtd b/src/chrome/locale/ve/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/ve/brand.dtd +++ b/src/chrome/locale/ve/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/ve/brand.properties b/src/chrome/locale/ve/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/ve/brand.properties +++ b/src/chrome/locale/ve/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/vi/brand.dtd b/src/chrome/locale/vi/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/vi/brand.dtd +++ b/src/chrome/locale/vi/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/vi/brand.properties b/src/chrome/locale/vi/brand.properties index 8f3610e..e2b5250 100644 --- a/src/chrome/locale/vi/brand.properties +++ b/src/chrome/locale/vi/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/wa/brand.dtd b/src/chrome/locale/wa/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/wa/brand.dtd +++ b/src/chrome/locale/wa/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/wa/brand.properties b/src/chrome/locale/wa/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/wa/brand.properties +++ b/src/chrome/locale/wa/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/wo/brand.dtd b/src/chrome/locale/wo/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/wo/brand.dtd +++ b/src/chrome/locale/wo/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/wo/brand.properties b/src/chrome/locale/wo/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/wo/brand.properties +++ b/src/chrome/locale/wo/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/zh-CN/brand.dtd b/src/chrome/locale/zh-CN/brand.dtd index e6464da..7868d2d 100644 --- a/src/chrome/locale/zh-CN/brand.dtd +++ b/src/chrome/locale/zh-CN/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox 与 Firefox 图标为 Mozilla Foundation 的商标。"> diff --git a/src/chrome/locale/zh-CN/brand.properties b/src/chrome/locale/zh-CN/brand.properties index 151e991..5f9a8c7 100644 --- a/src/chrome/locale/zh-CN/brand.properties +++ b/src/chrome/locale/zh-CN/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/zh-HK/brand.dtd b/src/chrome/locale/zh-HK/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/zh-HK/brand.dtd +++ b/src/chrome/locale/zh-HK/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/zh-HK/brand.properties b/src/chrome/locale/zh-HK/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/zh-HK/brand.properties +++ b/src/chrome/locale/zh-HK/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/zh-TW/brand.dtd b/src/chrome/locale/zh-TW/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/zh-TW/brand.dtd +++ b/src/chrome/locale/zh-TW/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/zh-TW/brand.properties b/src/chrome/locale/zh-TW/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/zh-TW/brand.properties +++ b/src/chrome/locale/zh-TW/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project diff --git a/src/chrome/locale/zu/brand.dtd b/src/chrome/locale/zu/brand.dtd index 76e405d..59f665e 100644 --- a/src/chrome/locale/zu/brand.dtd +++ b/src/chrome/locale/zu/brand.dtd @@ -2,7 +2,7 @@ - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<!ENTITY brandShortName "TorBrowser"> +<!ENTITY brandShortName "Tor Browser"> <!ENTITY brandFullName "Tor Browser"> <!ENTITY vendorShortName "Tor Project"> <!ENTITY trademarkInfo.part1 "Firefox and the Firefox logos are trademarks of the Mozilla Foundation."> diff --git a/src/chrome/locale/zu/brand.properties b/src/chrome/locale/zu/brand.properties index 9ae168e..f63def3 100644 --- a/src/chrome/locale/zu/brand.properties +++ b/src/chrome/locale/zu/brand.properties @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -brandShortName=TorBrowser +brandShortName=Tor Browser brandFullName=Tor Browser vendorShortName=Tor Project

1 0

[torbutton/master] Bump version and update changelog for 1.6.12.2.
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit 0b02de380a388e8abe1be0a55631414c04dd71eb Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon Sep 22 20:04:04 2014 -0700 Bump version and update changelog for 1.6.12.2. --- src/CHANGELOG | 4 ++++ src/install.rdf | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/CHANGELOG b/src/CHANGELOG index 0943687..f5d32e9 100644 --- a/src/CHANGELOG +++ b/src/CHANGELOG @@ -1,3 +1,7 @@ +1.6.12.2 + 22 Sep 2014 + * Bug 13091: Use "Tor Browser" everywhere + 1.6.12.1 1 Sep 2014 * Bug 12684: Add `canvas.notNow` UI strings to torbutton.properties file. diff --git a/src/install.rdf b/src/install.rdf index de66e4e..7e2f4fc 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -6,7 +6,7 @@ <em:name>Torbutton</em:name> <em:creator>Mike Perry</em:creator> <em:id>torbutton(a)torproject.org</em:id> - <em:version>1.6.12.1</em:version> + <em:version>1.6.12.2</em:version> <em:homepageURL>https://www.torproject.org/projects/torbrowser.html.en</em:homepageURL> <em:optionsURL>chrome://torbutton/content/preferences.xul</em:optionsURL> <em:iconURL>chrome://torbutton/skin/tor.png</em:iconURL>

1 0

[torbutton/master] Update translations from transifex.
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

commit 0683ce614724600e2d87c44726a11203e575ee11 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon Sep 22 20:00:01 2014 -0700 Update translations from transifex. --- src/chrome/locale/ja/torbutton.properties | 8 ++++---- src/chrome/locale/sv/torbutton.properties | 8 ++++---- src/chrome/locale/zh-CN/torbutton.properties | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/chrome/locale/ja/torbutton.properties b/src/chrome/locale/ja/torbutton.properties index eda48d7..4d10949 100644 --- a/src/chrome/locale/ja/torbutton.properties +++ b/src/chrome/locale/ja/torbutton.properties @@ -48,10 +48,10 @@ torbutton.popup.confirm_plugins = Flashなどのプラグインはあなたの torbutton.popup.never_ask_again = 次からはたずねない # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=This website (%S) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer.\n\nShould Tor Browser allow this website to extract HTML5 canvas image data? -canvas.notNow=Not Now +canvas.siteprompt=このWebサイト(%S)がHTML5 canvas画像を使用しようとしています。これはあなたのコンピューターを識別するために使われる可能性があります。\n\nTor ブラウザーにHTML5 canvas画像の使用を許可しますか？ +canvas.notNow=今は許可しない canvas.notNowAccessKey=N -canvas.allow=Allow in the future +canvas.allow=許可する canvas.allowAccessKey=A -canvas.never=Never for this site (recommended) +canvas.never=このサイトには許可しない(推奨) canvas.neverAccessKey=e diff --git a/src/chrome/locale/sv/torbutton.properties b/src/chrome/locale/sv/torbutton.properties index aab3f2f..d1cc52a 100644 --- a/src/chrome/locale/sv/torbutton.properties +++ b/src/chrome/locale/sv/torbutton.properties @@ -48,10 +48,10 @@ torbutton.popup.confirm_plugins = Insticksmoduler så som Flash kan äventyra di torbutton.popup.never_ask_again = Fråga aldrig igen # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=This website (%S) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer.\n\nShould Tor Browser allow this website to extract HTML5 canvas image data? -canvas.notNow=Not Now +canvas.siteprompt=Denna webbsida (%S) försökte komma åt HTML5-bilddata på ett kanvas, som skulle kunna användas för att identifiera just din dator.\n\nSka Tor Browser tillåta den här webbsidan att använda HTML5-bilddata på kanvas? +canvas.notNow=Inte just nu canvas.notNowAccessKey=N -canvas.allow=Allow in the future +canvas.allow=Ja, tillåt alltid canvas.allowAccessKey=A -canvas.never=Never for this site (recommended) +canvas.never=Aldrig för denna sida (rekommenderas) canvas.neverAccessKey=e diff --git a/src/chrome/locale/zh-CN/torbutton.properties b/src/chrome/locale/zh-CN/torbutton.properties index 619b638..6425d8c 100644 --- a/src/chrome/locale/zh-CN/torbutton.properties +++ b/src/chrome/locale/zh-CN/torbutton.properties @@ -6,7 +6,7 @@ torbutton.panel.plugins.disabled = 点击启用插件 torbutton.panel.plugins.enabled = 点击禁用插件 torbutton.panel.label.disabled = Tor 已禁用 torbutton.panel.label.enabled = Tor 已启用 -extensions.torbutton(a)torproject.org.description = Torbutton 提供了一个按钮，可对“Tor 设置”进行配置，并可快速而方便地清除浏览器隐私数据。 +extensions.torbutton(a)torproject.org.description = Torbutton 是一个可以配置Tor并能简单快速清理个人浏览数据的按钮。 torbutton.popup.history.warning = Torbutton 屏蔽了在其他 Tor 状态下加载的标签的活动。\n\n这是用于暂时解决 Firefox Bug 409737 和 417869。\n如果这个弹出窗口在您不知情的情况下弹出，则您的标签之一正试图在后台重新载入自己，然而这样的行为是被屏蔽的。\n\n要刷新当前 Tor 状态下的标签，将焦点置于在地址栏并按回车键。\n\n torbutton.popup.plugin.warning = Torbutton 阻止了浏览器戴 Tor 时直接加载需要插件支持的内容。\n\n请使用“另存为”(保存后浏览)。\n\n torbutton.popup.confirm_ca_certs = Torbutton 注意：浏览器似乎缺少自定义的CA(证书颁发机构)。检查CA列表是一项耗时的操作，障碍Tor的切换。您是否希望禁用对CA证书的隔离？)如果您不懂，可以选择“确定”)

1 0

[torbutton/master] Merge remote-tracking branch 'brade/bug13091'
by mikeperry＠torproject.org 23 Sep '14

23 Sep '14

1 0

[gitian-builder/tor-browser-builder-3] Bug 13215: Use 15GiB VM space if needed.
by gk＠torproject.org 22 Sep '14

22 Sep '14

commit e371d36c295a11bca2c6d3f59777f8a1177e4c14 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Sep 22 11:55:42 2014 +0000 Bug 13215: Use 15GiB VM space if needed. With Firefox ESR 31 10GiB is not enough anymore to build Tor Browser for 64 Bit Linux systems. We bump the upper limit to 15GiB in order to account for the additional capacity needed when starting with the hardened build series. --- bin/make-base-vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/make-base-vm b/bin/make-base-vm index dccd237..cc5fe5b 100755 --- a/bin/make-base-vm +++ b/bin/make-base-vm @@ -99,7 +99,7 @@ if [ -e $OUT.qcow2 ]; then fi rm -rf $OUT -sudo vmbuilder kvm ubuntu --rootsize 10240 --arch=$ARCH --suite=$SUITE --addpkg=$addpkg --removepkg=$removepkg --ssh-key=var/id_dsa.pub --ssh-user-key=var/id_dsa.pub --mirror=$MIRROR --security-mirror=$SECURITY_MIRROR --dest=$OUT --flavour=$FLAVOUR --firstboot=`pwd`/target-bin/bootstrap-fixup +sudo vmbuilder kvm ubuntu --rootsize 15360 --arch=$ARCH --suite=$SUITE --addpkg=$addpkg --removepkg=$removepkg --ssh-key=var/id_dsa.pub --ssh-user-key=var/id_dsa.pub --mirror=$MIRROR --security-mirror=$SECURITY_MIRROR --dest=$OUT --flavour=$FLAVOUR --firstboot=`pwd`/target-bin/bootstrap-fixup mv $OUT/*.qcow2 $OUT.qcow2 rm -rf $OUT

1 0

[tor-browser-bundle/master] Update changelog file.
by gk＠torproject.org 22 Sep '14

22 Sep '14

commit 8c01d6bb195d38d3e236c5ff746b7bf7dc1c5562 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Sep 22 10:07:10 2014 +0000 Update changelog file. --- Bundle-Data/Docs/ChangeLog.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index bd49d11..24fb9b1 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,4 +1,4 @@ -Tor Browser 4.0-alpha-3 -- Sep 21 2014 +Tor Browser 4.0-alpha-3 -- Sep 24 2014 * All Platforms * Update Tor to 0.2.5.7-rc * Update meek to 0.11 @@ -10,6 +10,7 @@ Tor Browser 4.0-alpha-3 -- Sep 21 2014 * Bug 13047: Updater should not send Kernel and GTK version * Linux: * Bug 9150: Make RPATH unavailable on Tor binary. + * Bug 13031: Add full RELRO protection. Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014 * All Platforms

1 0

[tor-browser-bundle/master] Bug 13031: Adding full RELRO protection on Linux.
by gk＠torproject.org 22 Sep '14

22 Sep '14

commit 71f2ed613d2b2ce6fb40ef27f99fd140b1b86517 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Sep 22 10:04:12 2014 +0000 Bug 13031: Adding full RELRO protection on Linux. Thanks to a patch by a cypherpunk we have now full RELRO protection when using gold as our linker. --- gitian/descriptors/linux/gitian-firefox.yml | 9 +++++++++ gitian/descriptors/linux/gitian-utils.yml | 6 +----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml index 0cd4b28..509f63a 100644 --- a/gitian/descriptors/linux/gitian-firefox.yml +++ b/gitian/descriptors/linux/gitian-firefox.yml @@ -65,6 +65,15 @@ script: | export PATH=$INSTDIR/python/bin:$PATH # unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip + # Make sure gold is used with the hardening wrapper for full RELRO, see + # #13031. + cd $INSTDIR/binutils/bin + rm ld + cp /usr/bin/hardened-ld ./ + mv ld.gold ld.gold.real + ln -sf hardened-ld ld.gold + ln -sf ld.gold ld + cd ~/build export PATH=$INSTDIR/binutils/bin:$PATH mkdir -p $INSTDIR/Browser/ mkdir -p $INSTDIR/Debug/Browser/components diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml index ea122db..074076e 100644 --- a/gitian/descriptors/linux/gitian-utils.yml +++ b/gitian/descriptors/linux/gitian-utils.yml @@ -60,11 +60,7 @@ script: | ./configure --prefix=$INSTDIR/binutils --disable-multilib --enable-gold make $MAKEOPTS make install - # Make sure gold is used and not ld. - cd $INSTDIR/binutils/bin - rm ld - ln -sf ld.gold ld - cd ~/build + cd .. # Building Libevent cd libevent

1 0

[tor-browser-bundle/master] No patch for bug 11200 when using tor 0.2.5.7-rc.
by gk＠torproject.org 18 Sep '14

18 Sep '14

commit 174db93d1c62bf7542757e3096150e46b1956615 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Sep 18 10:49:58 2014 +0000 No patch for bug 11200 when using tor 0.2.5.7-rc. tor 0.2.5.7-rc already includes the fix for bug 11200 which breaks our build as we try to apply it, too. Thus, we remove it if building bundles with a tor 0.2.5.x from now on. --- gitian/descriptors/linux/gitian-tor.yml | 2 -- gitian/descriptors/mac/gitian-tor.yml | 2 -- gitian/descriptors/windows/gitian-tor.yml | 2 -- 3 files changed, 6 deletions(-) diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml index 3678913..2dccff6 100644 --- a/gitian/descriptors/linux/gitian-tor.yml +++ b/gitian/descriptors/linux/gitian-tor.yml @@ -30,7 +30,6 @@ files: - "bug9665.patch" - "bug8402.patch" - "bug8402-master.patch" -- "bug11200-hang-0.2.5.patch" - "dzip.sh" - "openssl-linux32-utils.zip" - "openssl-linux64-utils.zip" @@ -86,7 +85,6 @@ script: | elif [ ${TOR_TAG::9} == "tor-0.2.5" ]; then git am ~/build/bug8402-master.patch - git am ~/build/bug11200-hang-0.2.5.patch fi fi mkdir -p $OUTDIR/src diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml index 88fb40f..ee8a556 100644 --- a/gitian/descriptors/mac/gitian-tor.yml +++ b/gitian/descriptors/mac/gitian-tor.yml @@ -27,7 +27,6 @@ files: - "bug9665.patch" - "bug8402.patch" - "bug8402-master.patch" -- "bug11200-hang-0.2.5.patch" - "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb" - "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz" - "dzip.sh" @@ -81,7 +80,6 @@ script: | elif [ ${TOR_TAG::9} == "tor-0.2.5" ]; then git am ~/build/bug8402-master.patch - git am ~/build/bug11200-hang-0.2.5.patch fi fi mkdir -p $OUTDIR/src diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml index ad218f5..c326157 100644 --- a/gitian/descriptors/windows/gitian-tor.yml +++ b/gitian/descriptors/windows/gitian-tor.yml @@ -27,7 +27,6 @@ files: - "bug9665.patch" - "bug8402.patch" - "bug8402-master.patch" -- "bug11200-hang-0.2.5.patch" - "binutils.tar.bz2" - "dzip.sh" - "mingw-w64-win32-utils.zip" @@ -81,7 +80,6 @@ script: | elif [ ${TOR_TAG::9} == "tor-0.2.5" ]; then git am ~/build/bug8402-master.patch - git am ~/build/bug11200-hang-0.2.5.patch fi fi mkdir -p $OUTDIR/src

1 0

[tor-browser-bundle/master] Change the URL to the NoScript .xpi, too.
by gk＠torproject.org 17 Sep '14

17 Sep '14

commit 5d2f2409807c1d01a5a71867af2b2e800a7f26d3 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Sep 17 11:25:57 2014 +0000 Change the URL to the NoScript .xpi, too. --- gitian/versions.nightly | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitian/versions.nightly b/gitian/versions.nightly index d9b7f0a..1d3285d 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -102,7 +102,7 @@ TOOLCHAIN4_OLD_URL=https://people.torproject.org/~mikeperry/mirrors/sources… OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSX… BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE} GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-${GCC_VER}/${GCC_PACKAGE} -NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/${NOSCRIPT_PACKAGE} +NOSCRIPT_URL=https://addons.cdn.mozilla.net/user-media/addons/722/${NOSCRIPT_PACKAGE} HTTPSE_URL=https://www.eff.org/files/${HTTPSE_PACKAGE} PYTHON_URL=https://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_PACKAGE} PYTHON_MSI_URL=https://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_MSI…

1 0

[tor-browser-bundle/master] Use latest NoScript for nightlies.
by gk＠torproject.org 17 Sep '14

17 Sep '14

commit 6998ff48dbc146b062760063ed822a09816dad01 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Sep 17 10:23:03 2014 +0000 Use latest NoScript for nightlies. --- gitian/versions.nightly | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 4f483be..d9b7f0a 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -52,7 +52,7 @@ GO_VER=1.3 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.36-sm+fx+fn.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.41-fx+sm+fn.xpi HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz @@ -80,7 +80,7 @@ GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=3c8ed31dbd67634debf333f957ba5c08bf3596408c9d09b5bf4da98499733af4 +NOSCRIPT_HASH=ac8b2febff44a437e00bd261570af9f7aba8cc2f49e69ffb631a0578af6facc1 HTTPSE_HASH=6feb4982d13f89656b61435b6b49e1996c61bc79e52d046d02312879376028e3 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c

1 0

[tor-browser-bundle/master] Changelog for 4.0a3 and versions bump.
by gk＠torproject.org 17 Sep '14

17 Sep '14

commit 69d519ab9d7da77ff944d7141b9c7b7ce103a845 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Sep 17 10:17:31 2014 +0000 Changelog for 4.0a3 and versions bump. --- Bundle-Data/Docs/ChangeLog.txt | 13 +++++++++++++ gitian/versions.alpha | 10 +++++----- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 29082ac..bd49d11 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,16 @@ +Tor Browser 4.0-alpha-3 -- Sep 21 2014 + * All Platforms + * Update Tor to 0.2.5.7-rc + * Update meek to 0.11 + * Update NoScript to 2.6.8.41 + * Update Torbutton to 1.6.12.2 + * Bug 13091: Use "Tor Browser" everywhere + * Bug 13091: Use "Tor Browser" everywhere + * Bug 13049: Browser update failure (self.update is undefined) + * Bug 13047: Updater should not send Kernel and GTK version + * Linux: + * Bug 9150: Make RPATH unavailable on Tor binary. + Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014 * All Platforms * Update Firefox to 24.8.0esr diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 2e45f76..25b35e5 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -1,4 +1,4 @@ -TORBROWSER_VERSION=4.0-alpha-2 +TORBROWSER_VERSION=4.0-alpha-3 BUNDLE_LOCALES="ar de es-ES fa fr it ko nl pl pt-PT ru tr vi zh-CN" BUILD_PT_BUNDLES=1 @@ -9,9 +9,9 @@ FIREFOX_VERSION=24.8.0esr TORBROWSER_UPDATE_CHANNEL=alpha TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-1-build1 -TOR_TAG=tor-0.2.5.6-alpha +TOR_TAG=tor-0.2.5.7-rc TORLAUNCHER_TAG=0.2.7.0 -TORBUTTON_TAG=1.6.12.1 +TORBUTTON_TAG=1.6.12.2 HTTPSE_TAG=3.5.3 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.2 ZLIB_TAG=v1.2.8 @@ -52,7 +52,7 @@ GO_VER=1.3 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.39-fx+sm+fn.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.41-fx+sm+fn.xpi HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz @@ -80,7 +80,7 @@ GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=6b97c02b3ceab452f0ceec0f8918e0653837b24f376ba1a9dd78bb551bae3715 +NOSCRIPT_HASH=ac8b2febff44a437e00bd261570af9f7aba8cc2f49e69ffb631a0578af6facc1 HTTPSE_HASH=6feb4982d13f89656b61435b6b49e1996c61bc79e52d046d02312879376028e3 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c

1 0

[tor-browser-bundle/master] No need to apply the patch for bug 8402 anymore.
by gk＠torproject.org 11 Sep '14

11 Sep '14

commit 416e13ed4e32164d9fa56173cd517c4b2be45b6e Author: Georg Koppen <gk(a)torproject.org> Date: Thu Sep 11 13:10:53 2014 +0000 No need to apply the patch for bug 8402 anymore. Bug 8402 landed on tor master recently which breaks compilation if we'd still apply the patch for it when building nightlies. --- gitian/descriptors/linux/gitian-tor.yml | 2 -- gitian/descriptors/mac/gitian-tor.yml | 2 -- gitian/descriptors/windows/gitian-tor.yml | 2 -- 3 files changed, 6 deletions(-) diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml index bb99d02..3678913 100644 --- a/gitian/descriptors/linux/gitian-tor.yml +++ b/gitian/descriptors/linux/gitian-tor.yml @@ -87,8 +87,6 @@ script: | then git am ~/build/bug8402-master.patch git am ~/build/bug11200-hang-0.2.5.patch - else - git am ~/build/bug8402-master.patch fi fi mkdir -p $OUTDIR/src diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml index 7a75287..88fb40f 100644 --- a/gitian/descriptors/mac/gitian-tor.yml +++ b/gitian/descriptors/mac/gitian-tor.yml @@ -82,8 +82,6 @@ script: | then git am ~/build/bug8402-master.patch git am ~/build/bug11200-hang-0.2.5.patch - else - git am ~/build/bug8402-master.patch fi fi mkdir -p $OUTDIR/src diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml index 277f2d0..ad218f5 100644 --- a/gitian/descriptors/windows/gitian-tor.yml +++ b/gitian/descriptors/windows/gitian-tor.yml @@ -82,8 +82,6 @@ script: | then git am ~/build/bug8402-master.patch git am ~/build/bug11200-hang-0.2.5.patch - else - git am ~/build/bug8402-master.patch fi fi mkdir -p $OUTDIR/src

1 0

[tor-browser-bundle/master] Merge remote-tracking branch 'pc/bug13091'
by gk＠torproject.org 11 Sep '14

11 Sep '14

commit e21bb4837a7affd469e413a2664f4a2bb5c2de4e Merge: b5f07db 41b90ea Author: Georg Koppen <gk(a)torproject.org> Date: Thu Sep 11 10:38:02 2014 +0000 Merge remote-tracking branch 'pc/bug13091' gitian/build-helpers/fix-info-plist.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

1 0

[tor-browser-bundle/master] Bug 13091: Use "Tor Browser" everywhere (space included)
by gk＠torproject.org 11 Sep '14

11 Sep '14

commit 41b90eae7d3d1a3664bc0d482862961a8ed3fcad Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Wed Sep 10 09:52:33 2014 -0400 Bug 13091: Use "Tor Browser" everywhere (space included) Use "TorBrowser" instead "Tor Browser" in Info.plist on Mac OS. --- gitian/build-helpers/fix-info-plist.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitian/build-helpers/fix-info-plist.py b/gitian/build-helpers/fix-info-plist.py index ccb6c68..ac531ec 100755 --- a/gitian/build-helpers/fix-info-plist.py +++ b/gitian/build-helpers/fix-info-plist.py @@ -25,7 +25,7 @@ COPYRIGHT = "Tor Browser %s Copyright %s The Tor Project" % (TORBROWSER_VERSION, plist = plistlib.readPlist(sys.stdin) -plist["CFBundleGetInfoString"] = "TorBrowser %s" % TORBROWSER_VERSION +plist["CFBundleGetInfoString"] = "Tor Browser %s" % TORBROWSER_VERSION plist["CFBundleShortVersionString"] = TORBROWSER_VERSION plist["NSHumanReadableCopyright"] = COPYRIGHT

1 0

[tor-browser-bundle/master] Use meek 0.11.
by gk＠torproject.org 10 Sep '14

10 Sep '14

commit b5f07db7e42d1e31a44f3254f8889b2e12e545c5 Author: David Fifield <david(a)bamsoftware.com> Date: Tue Sep 9 00:20:43 2014 +0000 Use meek 0.11. 0.11 has a fix for #11612, which would prevent some users from being able to bootstrap for the first time. --- gitian/versions | 2 +- gitian/versions.alpha | 2 +- gitian/versions.beta | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gitian/versions b/gitian/versions index 5f99e3a..319a0de 100755 --- a/gitian/versions +++ b/gitian/versions @@ -25,7 +25,7 @@ FTEPROXY_TAG=d1186cc366895701a1cae5fc39afbe2534dad600 # tag 0.2.17 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 GOPTLIB_TAG=0.2 -MEEK_TAG=0.10 +MEEK_TAG=0.11 GITIAN_TAG=tor-browser-builder-3.x-6 diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 8fcde6e..2e45f76 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -25,7 +25,7 @@ FTEPROXY_TAG=d1186cc366895701a1cae5fc39afbe2534dad600 # tag 0.2.17 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 GOPTLIB_TAG=0.2 -MEEK_TAG=0.10 +MEEK_TAG=0.11 GITIAN_TAG=tor-browser-builder-3.x-6 diff --git a/gitian/versions.beta b/gitian/versions.beta index b6ad5bb..ca9d053 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -25,7 +25,7 @@ FTEPROXY_TAG=d1186cc366895701a1cae5fc39afbe2534dad600 # tag 0.2.17 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2 GOPTLIB_TAG=0.2 -MEEK_TAG=0.10 +MEEK_TAG=0.11 GITIAN_TAG=tor-browser-builder-3.x-6

1 0

[tor-browser-bundle/master] Include the Go license as required for certain PTs.
by gk＠torproject.org 04 Sep '14

04 Sep '14

commit 2326062d5c514ee4ce45783b1ff05af6eadfdb52 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Tue Sep 2 14:49:59 2014 +0000 Include the Go license as required for certain PTs. Go license taken from http://golang.org/LICENSE?m=text Fixes bug #13039. --- .../Docs/Licenses/PluggableTransports/LICENSE | 9 +++++++ .../Docs/Licenses/PluggableTransports/LICENSE.GO | 27 ++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE index 162589c..749986b 100644 --- a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE +++ b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE @@ -13,6 +13,15 @@ file LICENSE.PYTHON. =============================================================================== +Go + +Some pluggable transports are written in Go and the binary packages include +parts of the Go runtime library. A copy of the Go license (which itself +includes the licenses of some of Go's components) is included in the file +LICENSE.GO. + +=============================================================================== + OpenSSL (From http://openssl.org/source/license.html.) diff --git a/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.GO b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.GO new file mode 100644 index 0000000..7448756 --- /dev/null +++ b/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE.GO @@ -0,0 +1,27 @@ +Copyright (c) 2012 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

1 0

[tor-browser-bundle/maint-3.6] Bug 9150: Make RPATH unavailable on Linux builds.
by gk＠torproject.org 02 Sep '14

02 Sep '14

commit 4abb92271aef3256ca1838c5c9669d73cd605641 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Sep 2 15:53:55 2014 +0000 Bug 9150: Make RPATH unavailable on Linux builds. Thanks to a patch by a cypherpunk we make now RPATH unavailable on Linux builds. --- gitian/descriptors/linux/gitian-tor.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml index fa1badb..c76e026 100644 --- a/gitian/descriptors/linux/gitian-tor.yml +++ b/gitian/descriptors/linux/gitian-tor.yml @@ -61,6 +61,8 @@ script: | cp $INSTDIR/openssl/lib/libcrypto.so.1.0.0 $INSTDIR/Tor/ cp $INSTDIR/libevent/lib/libevent-2.0.so.5 $INSTDIR/Tor/ chmod 700 $INSTDIR/Tor/*so* + # This is needed to make RPATH unavailable. See bug 9150. + export LD_LIBRARY_PATH="$INSTDIR/Tor/" # Building tor cd tor

1 0

[tor-browser-bundle/master] Bug 9150: Make RPATH unavailable on Linux builds.
by gk＠torproject.org 02 Sep '14

02 Sep '14

commit 29c156d5085d2c186cf6f0cc12eba45dcea8992e Author: Georg Koppen <gk(a)torproject.org> Date: Tue Sep 2 15:49:19 2014 +0000 Bug 9150: Make RPATH unavailable on Linux builds. Thanks to a patch by a cypherpunk we make now RPATH unavailable on Linux builds. --- gitian/descriptors/linux/gitian-tor.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml index 277a8e4..bb99d02 100644 --- a/gitian/descriptors/linux/gitian-tor.yml +++ b/gitian/descriptors/linux/gitian-tor.yml @@ -61,6 +61,8 @@ script: | cp $INSTDIR/openssl/lib/libcrypto.so.1.0.0 $INSTDIR/Tor/ cp $INSTDIR/libevent/lib/libevent-2.0.so.5 $INSTDIR/Tor/ chmod 700 $INSTDIR/Tor/*so* + # This is needed to make RPATH unavailable. See bug 9150. + export LD_LIBRARY_PATH="$INSTDIR/Tor/" # Building tor cd tor

1 0

[tor-browser-bundle/master] Bug 10077: Make binutils independent of mingw-w64.
by gk＠torproject.org 01 Sep '14

01 Sep '14

commit 5a3ca06d4d031019aadc0a50aa209a5ca86c2b3f Author: Georg Koppen <gk(a)torproject.org> Date: Mon Sep 1 09:12:35 2014 +0000 Bug 10077: Make binutils independent of mingw-w64. We might want to bump the binutils version independent of the mingw-w64 version. This does not work anymore if we don't at least touch a binutils related file containing the currently built/used binutils version. --- gitian/descriptors/windows/gitian-utils.yml | 2 ++ gitian/mkbundle-windows.sh | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml index 2d0b3db..75e5662 100644 --- a/gitian/descriptors/windows/gitian-utils.yml +++ b/gitian/descriptors/windows/gitian-utils.yml @@ -152,6 +152,8 @@ script: | # Grabbing the remaining results cd $INSTDIR + # We might want to bump binutils independent of bumping mingw-w64. + touch binutils-$BINUTILS_VER-win32-utils.zip ~/build/dzip.sh mingw-w64-$GCC_VER-win32-utils.zip mingw-w64 ~/build/dzip.sh zlib-${ZLIB_TAG#v}-win32-utils.zip zlib ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-win32-utils.zip libevent diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index dfc326b..595ff29 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -96,7 +96,8 @@ fi cd $GITIAN_DIR -if [ ! -f inputs/gcclibs-$GCC_VER-win32-utils.zip -o \ +if [ ! -f inputs/binutils-$BINUTILS_VER-win32-utils.zip -o \ + ! -f inputs/gcclibs-$GCC_VER-win32-utils.zip -o \ ! -f inputs/mingw-w64-$GCC_VER-win32-utils.zip -o \ ! -f inputs/zlib-${ZLIB_TAG_ORIG#v}-win32-utils.zip -o \ ! -f inputs/libevent-${LIBEVENT_TAG_ORIG#release-}-win32-utils.zip -o \

1 0

[tor-browser-bundle/master] Update NoScript to 2.6.8.39.
by mikeperry＠torproject.org 01 Sep '14

01 Sep '14

commit f8ed0cfe8eba91741eca5c33cdb852cc0aa8a123 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Sun Aug 31 17:42:21 2014 -0700 Update NoScript to 2.6.8.39. --- Bundle-Data/Docs/ChangeLog.txt | 2 ++ gitian/versions.alpha | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index d511d84..29082ac 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,6 +1,7 @@ Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014 * All Platforms * Update Firefox to 24.8.0esr + * Update NoScript to 2.6.8.39 * Update Tor Launcher to 0.2.7.0 * Bug 11405: Remove firewall prompt from wizard. * Bug 12895: Mention @riseup.net as a valid bridge request email address @@ -26,6 +27,7 @@ Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014 Tor Browser Bundle 3.6.5 -- Sep 2 2014 * All Platforms * Update Firefox to 24.8.0esr + * Update NoScript to 2.6.8.39 * Update HTTPS Everywhere to 4.0.0 * Update Torbutton to 1.6.12.1 * Bug 12684: New strings for canvas image extraction message diff --git a/gitian/versions.alpha b/gitian/versions.alpha index d6d93b6..8fcde6e 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -52,7 +52,7 @@ GO_VER=1.3 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.36-sm+fx+fn.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.39-fx+sm+fn.xpi HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz @@ -80,7 +80,7 @@ GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=3c8ed31dbd67634debf333f957ba5c08bf3596408c9d09b5bf4da98499733af4 +NOSCRIPT_HASH=6b97c02b3ceab452f0ceec0f8918e0653837b24f376ba1a9dd78bb551bae3715 HTTPSE_HASH=6feb4982d13f89656b61435b6b49e1996c61bc79e52d046d02312879376028e3 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c @@ -102,7 +102,7 @@ TOOLCHAIN4_OLD_URL=https://people.torproject.org/~mikeperry/mirrors/sources… OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSX… BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE} GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-${GCC_VER}/${GCC_PACKAGE} -NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/${NOSCRIPT_PACKAGE} +NOSCRIPT_URL=https://addons.cdn.mozilla.net/user-media/addons/722/${NOSCRIPT_PACKAGE} HTTPSE_URL=https://www.eff.org/files/${HTTPSE_PACKAGE} PYTHON_URL=https://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_PACKAGE} PYTHON_MSI_URL=https://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_MSI…

1 0

[tor-browser-bundle/master] Don't distribute mar tools. They are not reproducible (yet).
by mikeperry＠torproject.org 01 Sep '14

01 Sep '14

commit 6de616f8de99af3343a85346028a1538e89f7f49 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Sun Aug 31 17:32:47 2014 -0700 Don't distribute mar tools. They are not reproducible (yet). --- gitian/mkbundle-linux.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index dd8e00a..e3b145d 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -248,7 +248,7 @@ then mkdir -p $WRAPPER_DIR/$TORBROWSER_VERSION/ cp -a build/out/tor-browser-linux*xz* $WRAPPER_DIR/$TORBROWSER_VERSION/ || exit 1 cp -a build/out/*.mar $WRAPPER_DIR/$TORBROWSER_VERSION/ || exit 1 - cp -a inputs/mar-tools-linux*.zip $WRAPPER_DIR/$TORBROWSER_VERSION/ || exit 1 + #cp -a inputs/mar-tools-linux*.zip $WRAPPER_DIR/$TORBROWSER_VERSION/ || exit 1 cp -a inputs/*debug.zip $WRAPPER_DIR/$TORBROWSER_VERSION/ || exit 1 touch inputs/bundle-linux.gbuilt else

1 0

[tor-browser-bundle/maint-3.6] Bump NoScript version.
by mikeperry＠torproject.org 01 Sep '14

01 Sep '14

commit 21000b7eb3bcfced485cdf279fc16d1d1976d0c8 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Sun Aug 31 17:20:43 2014 -0700 Bump NoScript version. --- Bundle-Data/Docs/ChangeLog.txt | 1 + gitian/versions | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 8bb3eae..6688bf1 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,6 +1,7 @@ Tor Browser Bundle 3.6.5 -- Sep 2 2014 * All Platforms * Update Firefox to 24.8.0esr + * Update NoScript to 2.6.8.39 * Update HTTPS Everywhere to 4.0.0 * Update Torbutton to 1.6.12.1 * Bug 12684: New strings for canvas image extraction message diff --git a/gitian/versions b/gitian/versions index 14803a8..4096ec0 100755 --- a/gitian/versions +++ b/gitian/versions @@ -47,7 +47,7 @@ HTTPSE_VER=4.0.0 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.36-sm+fx+fn.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.39-fx+sm+fn.xpi HTTPSE_PACKAGE=https-everywhere-${HTTPSE_VER}.xpi TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz @@ -75,7 +75,7 @@ GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=3c8ed31dbd67634debf333f957ba5c08bf3596408c9d09b5bf4da98499733af4 +NOSCRIPT_HASH=6b97c02b3ceab452f0ceec0f8918e0653837b24f376ba1a9dd78bb551bae3715 HTTPSE_HASH=1241631091f9ceb417f639a6df76425cda36ee4b38b78ce8d318088eb17a7219 MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 @@ -97,7 +97,7 @@ TOOLCHAIN4_OLD_URL=https://people.torproject.org/~mikeperry/mirrors/sources… OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSX… BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE} GCC_URL=https://ftp.gnu.org/gnu/gcc/gcc-${GCC_VER}/${GCC_PACKAGE} -NOSCRIPT_URL=https://addons.cdn.mozilla.net/storage/public-staging/722/${NOSCRIPT_PACKAGE} +NOSCRIPT_URL=https://addons.cdn.mozilla.net/user-media/addons/722/${NOSCRIPT_PACKAGE} HTTPSE_URL=https://www.eff.org/files/${HTTPSE_PACKAGE} PYTHON_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_PACKAGE} PYTHON_MSI_URL=http://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_MSI_…

1 0

[tor-browser-bundle/maint-3.6] Document 12103 in changelog.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit f163f339def978054f0ba40b24ed4eb221d9375b Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Aug 29 15:56:28 2014 -0700 Document 12103 in changelog. --- Bundle-Data/Docs/ChangeLog.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index f33c616..8bb3eae 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -12,6 +12,8 @@ Tor Browser Bundle 3.6.5 -- Sep 2 2014 * Bug 12974: Disable NTLM and Negotiate HTTP Auth * Bug 2874: Remove Components.* from content access (regression) * Bug 9881: Open popups in new tabs by default + * Linux: + * Bug 12103: Adding RELRO hardening back to browser binaries. Tor Browser Bundle 3.6.4 -- Aug 8 2014 * All Platforms

1 0

[tor-browser-bundle/master] Update versions file for Torbutton and Tor Launcher.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 8b0f5a4a84e50486bba041305a98801f4a6f18db Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Aug 29 15:54:14 2014 -0700 Update versions file for Torbutton and Tor Launcher. --- gitian/versions.alpha | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitian/versions.alpha b/gitian/versions.alpha index e503ef2..d6d93b6 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -10,8 +10,8 @@ TORBROWSER_UPDATE_CHANNEL=alpha TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-1-build1 TOR_TAG=tor-0.2.5.6-alpha -TORLAUNCHER_TAG=0.2.6.2 -TORBUTTON_TAG=1.6.12.0 +TORLAUNCHER_TAG=0.2.7.0 +TORBUTTON_TAG=1.6.12.1 HTTPSE_TAG=3.5.3 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.2 ZLIB_TAG=v1.2.8

1 0

[tor-browser-bundle/master] Add Bug 12103 to changelogs.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit e3f2fafc32a5650f968989ca16e87645b92a797f Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Aug 29 15:55:32 2014 -0700 Add Bug 12103 to changelogs. --- Bundle-Data/Docs/ChangeLog.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 80c80b4..d511d84 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -20,6 +20,8 @@ Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014 * Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with Firefox 24 * Windows: * Bug 10065: Enable DEP, ASLR, and SSP hardening options + * Linux: + * Bug 12103: Adding RELRO hardening back to browser binaries. Tor Browser Bundle 3.6.5 -- Sep 2 2014 * All Platforms @@ -35,6 +37,8 @@ Tor Browser Bundle 3.6.5 -- Sep 2 2014 * Bug 12974: Disable NTLM and Negotiate HTTP Auth * Bug 2874: Remove Components.* from content access (regression) * Bug 9881: Open popups in new tabs by default + * Linux: + * Bug 12103: Adding RELRO hardening back to browser binaries. Tor Browser Bundle 4.0-alpha-1 -- Aug 8 2014 * All Platforms

1 0

[tor-launcher/master] Import strings from transifex.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 660d34e87232bb292cbf36b7f48193299603d5a7 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Aug 29 15:51:15 2014 -0700 Import strings from transifex. --- src/chrome/locale/ach/network-settings.dtd | 10 ++--- src/chrome/locale/ach/torlauncher.properties | 8 ++-- src/chrome/locale/ady/network-settings.dtd | 10 ++--- src/chrome/locale/ady/torlauncher.properties | 8 ++-- src/chrome/locale/af/network-settings.dtd | 10 ++--- src/chrome/locale/af/torlauncher.properties | 8 ++-- src/chrome/locale/ak/network-settings.dtd | 10 ++--- src/chrome/locale/ak/torlauncher.properties | 8 ++-- src/chrome/locale/am/network-settings.dtd | 10 ++--- src/chrome/locale/am/torlauncher.properties | 8 ++-- src/chrome/locale/ar/network-settings.dtd | 12 +++--- src/chrome/locale/ar/torlauncher.properties | 8 ++-- src/chrome/locale/arn/network-settings.dtd | 10 ++--- src/chrome/locale/arn/torlauncher.properties | 8 ++-- src/chrome/locale/ast/network-settings.dtd | 10 ++--- src/chrome/locale/ast/torlauncher.properties | 8 ++-- src/chrome/locale/az/network-settings.dtd | 10 ++--- src/chrome/locale/az/torlauncher.properties | 8 ++-- src/chrome/locale/be/network-settings.dtd | 16 ++++---- src/chrome/locale/be/torlauncher.properties | 8 ++-- src/chrome/locale/bg/network-settings.dtd | 10 ++--- src/chrome/locale/bg/torlauncher.properties | 8 ++-- src/chrome/locale/bn-IN/network-settings.dtd | 10 ++--- src/chrome/locale/bn-IN/torlauncher.properties | 8 ++-- src/chrome/locale/bn/network-settings.dtd | 10 ++--- src/chrome/locale/bn/torlauncher.properties | 8 ++-- src/chrome/locale/bo/network-settings.dtd | 10 ++--- src/chrome/locale/bo/torlauncher.properties | 8 ++-- src/chrome/locale/br/network-settings.dtd | 10 ++--- src/chrome/locale/br/torlauncher.properties | 8 ++-- src/chrome/locale/bs/network-settings.dtd | 10 ++--- src/chrome/locale/bs/torlauncher.properties | 8 ++-- src/chrome/locale/ca/network-settings.dtd | 10 ++--- src/chrome/locale/ca/torlauncher.properties | 8 ++-- src/chrome/locale/cs/network-settings.dtd | 12 +++--- src/chrome/locale/cs/torlauncher.properties | 8 ++-- src/chrome/locale/csb/network-settings.dtd | 10 ++--- src/chrome/locale/csb/torlauncher.properties | 8 ++-- src/chrome/locale/cv/network-settings.dtd | 10 ++--- src/chrome/locale/cv/torlauncher.properties | 8 ++-- src/chrome/locale/cy/network-settings.dtd | 10 ++--- src/chrome/locale/cy/torlauncher.properties | 8 ++-- src/chrome/locale/da/network-settings.dtd | 12 +++--- src/chrome/locale/da/torlauncher.properties | 8 ++-- src/chrome/locale/de/network-settings.dtd | 10 ++--- src/chrome/locale/de/progress.dtd | 4 +- src/chrome/locale/de/torlauncher.properties | 8 ++-- src/chrome/locale/dz/network-settings.dtd | 10 ++--- src/chrome/locale/dz/torlauncher.properties | 8 ++-- src/chrome/locale/el/network-settings.dtd | 10 ++--- src/chrome/locale/el/torlauncher.properties | 8 ++-- src/chrome/locale/en-GB/network-settings.dtd | 10 ++--- src/chrome/locale/en-GB/torlauncher.properties | 8 ++-- src/chrome/locale/eo/network-settings.dtd | 10 ++--- src/chrome/locale/eo/torlauncher.properties | 8 ++-- src/chrome/locale/es-AR/network-settings.dtd | 36 +++++++++--------- src/chrome/locale/es-AR/torlauncher.properties | 8 ++-- src/chrome/locale/es-CL/network-settings.dtd | 10 ++--- src/chrome/locale/es-CL/torlauncher.properties | 8 ++-- src/chrome/locale/es-CO/network-settings.dtd | 10 ++--- src/chrome/locale/es-CO/torlauncher.properties | 8 ++-- src/chrome/locale/es-MX/network-settings.dtd | 10 ++--- src/chrome/locale/es-MX/torlauncher.properties | 8 ++-- src/chrome/locale/es/network-settings.dtd | 22 +++++------ src/chrome/locale/es/torlauncher.properties | 8 ++-- src/chrome/locale/et/network-settings.dtd | 10 ++--- src/chrome/locale/et/torlauncher.properties | 18 +++++---- src/chrome/locale/eu/network-settings.dtd | 10 ++--- src/chrome/locale/eu/torlauncher.properties | 8 ++-- src/chrome/locale/fa/network-settings.dtd | 12 +++--- src/chrome/locale/fa/torlauncher.properties | 8 ++-- src/chrome/locale/fi/network-settings.dtd | 38 +++++++++---------- src/chrome/locale/fi/torlauncher.properties | 34 +++++++++-------- src/chrome/locale/fil/network-settings.dtd | 10 ++--- src/chrome/locale/fil/torlauncher.properties | 8 ++-- src/chrome/locale/fo/network-settings.dtd | 10 ++--- src/chrome/locale/fo/torlauncher.properties | 8 ++-- src/chrome/locale/fr-CA/network-settings.dtd | 10 ++--- src/chrome/locale/fr-CA/torlauncher.properties | 8 ++-- src/chrome/locale/fr/network-settings.dtd | 10 ++--- src/chrome/locale/fr/torlauncher.properties | 8 ++-- src/chrome/locale/fur/network-settings.dtd | 10 ++--- src/chrome/locale/fur/torlauncher.properties | 8 ++-- src/chrome/locale/fy/network-settings.dtd | 10 ++--- src/chrome/locale/fy/torlauncher.properties | 8 ++-- src/chrome/locale/ga/network-settings.dtd | 10 ++--- src/chrome/locale/ga/torlauncher.properties | 8 ++-- src/chrome/locale/gl/network-settings.dtd | 10 ++--- src/chrome/locale/gl/torlauncher.properties | 8 ++-- src/chrome/locale/gu-IN/network-settings.dtd | 10 ++--- src/chrome/locale/gu-IN/torlauncher.properties | 8 ++-- src/chrome/locale/gu/network-settings.dtd | 10 ++--- src/chrome/locale/gu/torlauncher.properties | 8 ++-- src/chrome/locale/gun/network-settings.dtd | 10 ++--- src/chrome/locale/gun/torlauncher.properties | 8 ++-- src/chrome/locale/ha/network-settings.dtd | 10 ++--- src/chrome/locale/ha/torlauncher.properties | 8 ++-- src/chrome/locale/he/network-settings.dtd | 12 +++--- src/chrome/locale/he/torlauncher.properties | 14 ++++--- src/chrome/locale/hi/network-settings.dtd | 10 ++--- src/chrome/locale/hi/torlauncher.properties | 8 ++-- src/chrome/locale/hr-HR/network-settings.dtd | 12 ++---- src/chrome/locale/hr-HR/torlauncher.properties | 8 ++-- src/chrome/locale/hr/network-settings.dtd | 10 ++--- src/chrome/locale/hr/torlauncher.properties | 8 ++-- src/chrome/locale/ht/network-settings.dtd | 10 ++--- src/chrome/locale/ht/torlauncher.properties | 8 ++-- src/chrome/locale/hu/network-settings.dtd | 10 ++--- src/chrome/locale/hu/torlauncher.properties | 8 ++-- src/chrome/locale/hy-AM/network-settings.dtd | 10 ++--- src/chrome/locale/hy-AM/torlauncher.properties | 8 ++-- src/chrome/locale/hy/network-settings.dtd | 10 ++--- src/chrome/locale/hy/torlauncher.properties | 8 ++-- src/chrome/locale/ia/network-settings.dtd | 10 ++--- src/chrome/locale/ia/torlauncher.properties | 8 ++-- src/chrome/locale/id/network-settings.dtd | 10 ++--- src/chrome/locale/id/progress.dtd | 2 +- src/chrome/locale/id/torlauncher.properties | 8 ++-- src/chrome/locale/is/network-settings.dtd | 10 ++--- src/chrome/locale/is/torlauncher.properties | 8 ++-- src/chrome/locale/it/network-settings.dtd | 10 ++--- src/chrome/locale/it/torlauncher.properties | 8 ++-- src/chrome/locale/ja/network-settings.dtd | 12 +++--- src/chrome/locale/ja/torlauncher.properties | 8 ++-- src/chrome/locale/jv/network-settings.dtd | 10 ++--- src/chrome/locale/jv/torlauncher.properties | 8 ++-- src/chrome/locale/ka/network-settings.dtd | 10 ++--- src/chrome/locale/ka/torlauncher.properties | 8 ++-- src/chrome/locale/kk/network-settings.dtd | 10 ++--- src/chrome/locale/kk/torlauncher.properties | 8 ++-- src/chrome/locale/km/network-settings.dtd | 12 +++--- src/chrome/locale/km/torlauncher.properties | 8 ++-- src/chrome/locale/kn/network-settings.dtd | 10 ++--- src/chrome/locale/kn/torlauncher.properties | 8 ++-- src/chrome/locale/ko-KR/network-settings.dtd | 10 ++--- src/chrome/locale/ko-KR/torlauncher.properties | 8 ++-- src/chrome/locale/ko/network-settings.dtd | 10 ++--- src/chrome/locale/ko/torlauncher.properties | 8 ++-- src/chrome/locale/ku/network-settings.dtd | 10 ++--- src/chrome/locale/ku/torlauncher.properties | 8 ++-- src/chrome/locale/kw/network-settings.dtd | 10 ++--- src/chrome/locale/kw/torlauncher.properties | 8 ++-- src/chrome/locale/ky/network-settings.dtd | 10 ++--- src/chrome/locale/ky/torlauncher.properties | 8 ++-- src/chrome/locale/lb/network-settings.dtd | 10 ++--- src/chrome/locale/lb/torlauncher.properties | 8 ++-- src/chrome/locale/lg/network-settings.dtd | 10 ++--- src/chrome/locale/lg/torlauncher.properties | 8 ++-- src/chrome/locale/ln/network-settings.dtd | 10 ++--- src/chrome/locale/ln/torlauncher.properties | 8 ++-- src/chrome/locale/lo/network-settings.dtd | 40 ++++++++++---------- src/chrome/locale/lo/torlauncher.properties | 10 +++-- src/chrome/locale/lt/network-settings.dtd | 10 ++--- src/chrome/locale/lt/torlauncher.properties | 8 ++-- src/chrome/locale/lv/network-settings.dtd | 12 +++--- src/chrome/locale/lv/torlauncher.properties | 8 ++-- src/chrome/locale/mg/network-settings.dtd | 10 ++--- src/chrome/locale/mg/torlauncher.properties | 8 ++-- src/chrome/locale/mi/network-settings.dtd | 10 ++--- src/chrome/locale/mi/torlauncher.properties | 8 ++-- src/chrome/locale/mk/network-settings.dtd | 10 ++--- src/chrome/locale/mk/torlauncher.properties | 8 ++-- src/chrome/locale/ml/network-settings.dtd | 10 ++--- src/chrome/locale/ml/torlauncher.properties | 8 ++-- src/chrome/locale/mn/network-settings.dtd | 10 ++--- src/chrome/locale/mn/torlauncher.properties | 8 ++-- src/chrome/locale/mr/network-settings.dtd | 10 ++--- src/chrome/locale/mr/torlauncher.properties | 8 ++-- src/chrome/locale/ms-MY/network-settings.dtd | 10 ++--- src/chrome/locale/ms-MY/torlauncher.properties | 8 ++-- src/chrome/locale/mt/network-settings.dtd | 10 ++--- src/chrome/locale/mt/torlauncher.properties | 8 ++-- src/chrome/locale/my/network-settings.dtd | 10 ++--- src/chrome/locale/my/torlauncher.properties | 8 ++-- src/chrome/locale/nah/network-settings.dtd | 10 ++--- src/chrome/locale/nah/torlauncher.properties | 8 ++-- src/chrome/locale/nap/network-settings.dtd | 10 ++--- src/chrome/locale/nap/torlauncher.properties | 8 ++-- src/chrome/locale/nb/network-settings.dtd | 11 ++---- src/chrome/locale/nb/torlauncher.properties | 8 ++-- src/chrome/locale/nds/network-settings.dtd | 10 ++--- src/chrome/locale/nds/torlauncher.properties | 8 ++-- src/chrome/locale/ne/network-settings.dtd | 10 ++--- src/chrome/locale/ne/torlauncher.properties | 8 ++-- src/chrome/locale/nl-BE/network-settings.dtd | 10 ++--- src/chrome/locale/nl-BE/torlauncher.properties | 8 ++-- src/chrome/locale/nl/network-settings.dtd | 10 ++--- src/chrome/locale/nl/torlauncher.properties | 8 ++-- src/chrome/locale/nn/network-settings.dtd | 40 ++++++++++---------- src/chrome/locale/nn/torlauncher.properties | 24 ++++++------ src/chrome/locale/nso/network-settings.dtd | 10 ++--- src/chrome/locale/nso/torlauncher.properties | 8 ++-- src/chrome/locale/oc/network-settings.dtd | 10 ++--- src/chrome/locale/oc/torlauncher.properties | 8 ++-- src/chrome/locale/or/network-settings.dtd | 10 ++--- src/chrome/locale/or/torlauncher.properties | 8 ++-- src/chrome/locale/pa/network-settings.dtd | 10 ++--- src/chrome/locale/pa/torlauncher.properties | 8 ++-- src/chrome/locale/pap/network-settings.dtd | 10 ++--- src/chrome/locale/pap/torlauncher.properties | 8 ++-- src/chrome/locale/pl/network-settings.dtd | 10 ++--- src/chrome/locale/pl/torlauncher.properties | 8 ++-- src/chrome/locale/pms/network-settings.dtd | 10 ++--- src/chrome/locale/pms/torlauncher.properties | 8 ++-- src/chrome/locale/ps/network-settings.dtd | 10 ++--- src/chrome/locale/ps/torlauncher.properties | 8 ++-- src/chrome/locale/pt-BR/network-settings.dtd | 12 +++--- src/chrome/locale/pt-BR/torlauncher.properties | 10 +++-- src/chrome/locale/pt/network-settings.dtd | 10 ++--- src/chrome/locale/pt/torlauncher.properties | 8 ++-- src/chrome/locale/ro/network-settings.dtd | 10 ++--- src/chrome/locale/ro/torlauncher.properties | 8 ++-- src/chrome/locale/ru/network-settings.dtd | 12 +++--- src/chrome/locale/ru/torlauncher.properties | 8 ++-- src/chrome/locale/ru(a)petr1708/network-settings.dtd | 10 ++--- .../locale/ru(a)petr1708/torlauncher.properties | 8 ++-- src/chrome/locale/sco/network-settings.dtd | 10 ++--- src/chrome/locale/sco/torlauncher.properties | 8 ++-- src/chrome/locale/si-LK/network-settings.dtd | 10 ++--- src/chrome/locale/si-LK/torlauncher.properties | 8 ++-- src/chrome/locale/sk-SK/network-settings.dtd | 10 ++--- src/chrome/locale/sk-SK/torlauncher.properties | 8 ++-- src/chrome/locale/sk/network-settings.dtd | 10 ++--- src/chrome/locale/sk/torlauncher.properties | 8 ++-- src/chrome/locale/sl-SI/network-settings.dtd | 10 ++--- src/chrome/locale/sl-SI/torlauncher.properties | 8 ++-- src/chrome/locale/sl/network-settings.dtd | 10 ++--- src/chrome/locale/sl/torlauncher.properties | 8 ++-- src/chrome/locale/sn/network-settings.dtd | 10 ++--- src/chrome/locale/sn/torlauncher.properties | 8 ++-- src/chrome/locale/so/network-settings.dtd | 10 ++--- src/chrome/locale/so/torlauncher.properties | 8 ++-- src/chrome/locale/son/network-settings.dtd | 10 ++--- src/chrome/locale/son/torlauncher.properties | 8 ++-- src/chrome/locale/sq/network-settings.dtd | 10 ++--- src/chrome/locale/sq/torlauncher.properties | 8 ++-- src/chrome/locale/sr/network-settings.dtd | 10 ++--- src/chrome/locale/sr/torlauncher.properties | 10 +++-- src/chrome/locale/sr(a)latin/network-settings.dtd | 10 ++--- src/chrome/locale/sr(a)latin/torlauncher.properties | 8 ++-- src/chrome/locale/st/network-settings.dtd | 10 ++--- src/chrome/locale/st/torlauncher.properties | 8 ++-- src/chrome/locale/su/network-settings.dtd | 10 ++--- src/chrome/locale/su/torlauncher.properties | 8 ++-- src/chrome/locale/sv/network-settings.dtd | 10 ++--- src/chrome/locale/sv/torlauncher.properties | 8 ++-- src/chrome/locale/sw/network-settings.dtd | 10 ++--- src/chrome/locale/sw/torlauncher.properties | 8 ++-- src/chrome/locale/szl/network-settings.dtd | 10 ++--- src/chrome/locale/szl/torlauncher.properties | 8 ++-- src/chrome/locale/ta/network-settings.dtd | 10 ++--- src/chrome/locale/ta/torlauncher.properties | 8 ++-- src/chrome/locale/te-IN/network-settings.dtd | 10 ++--- src/chrome/locale/te-IN/torlauncher.properties | 8 ++-- src/chrome/locale/te/network-settings.dtd | 10 ++--- src/chrome/locale/te/torlauncher.properties | 8 ++-- src/chrome/locale/tg/network-settings.dtd | 10 ++--- src/chrome/locale/tg/torlauncher.properties | 8 ++-- src/chrome/locale/th/network-settings.dtd | 10 ++--- src/chrome/locale/th/torlauncher.properties | 8 ++-- src/chrome/locale/ti/network-settings.dtd | 10 ++--- src/chrome/locale/ti/torlauncher.properties | 8 ++-- src/chrome/locale/tk/network-settings.dtd | 10 ++--- src/chrome/locale/tk/torlauncher.properties | 8 ++-- src/chrome/locale/tr/network-settings.dtd | 12 +++--- src/chrome/locale/tr/progress.dtd | 2 +- src/chrome/locale/tr/torlauncher.properties | 10 +++-- src/chrome/locale/uk/network-settings.dtd | 12 +++--- src/chrome/locale/uk/torlauncher.properties | 8 ++-- src/chrome/locale/ur-PK/network-settings.dtd | 10 ++--- src/chrome/locale/ur-PK/torlauncher.properties | 8 ++-- src/chrome/locale/ur/network-settings.dtd | 10 ++--- src/chrome/locale/ur/torlauncher.properties | 8 ++-- src/chrome/locale/uz/network-settings.dtd | 10 ++--- src/chrome/locale/uz/torlauncher.properties | 8 ++-- src/chrome/locale/ve/network-settings.dtd | 10 ++--- src/chrome/locale/ve/torlauncher.properties | 8 ++-- src/chrome/locale/vi/network-settings.dtd | 10 ++--- src/chrome/locale/vi/torlauncher.properties | 8 ++-- src/chrome/locale/wa/network-settings.dtd | 10 ++--- src/chrome/locale/wa/torlauncher.properties | 8 ++-- src/chrome/locale/wo/network-settings.dtd | 10 ++--- src/chrome/locale/wo/torlauncher.properties | 8 ++-- src/chrome/locale/zh-CN/network-settings.dtd | 12 +++--- src/chrome/locale/zh-CN/progress.dtd | 2 +- src/chrome/locale/zh-CN/torlauncher.properties | 22 ++++++----- src/chrome/locale/zh-HK/network-settings.dtd | 10 ++--- src/chrome/locale/zh-HK/torlauncher.properties | 8 ++-- src/chrome/locale/zh-TW/network-settings.dtd | 14 +++---- src/chrome/locale/zh-TW/torlauncher.properties | 8 ++-- src/chrome/locale/zu/network-settings.dtd | 10 ++--- src/chrome/locale/zu/torlauncher.properties | 8 ++-- 292 files changed, 1422 insertions(+), 1425 deletions(-) diff --git a/src/chrome/locale/ach/network-settings.dtd b/src/chrome/locale/ach/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ach/network-settings.dtd +++ b/src/chrome/locale/ach/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ach/torlauncher.properties b/src/chrome/locale/ach/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ach/torlauncher.properties +++ b/src/chrome/locale/ach/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ady/network-settings.dtd b/src/chrome/locale/ady/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ady/network-settings.dtd +++ b/src/chrome/locale/ady/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ady/torlauncher.properties b/src/chrome/locale/ady/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ady/torlauncher.properties +++ b/src/chrome/locale/ady/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/af/network-settings.dtd b/src/chrome/locale/af/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/af/network-settings.dtd +++ b/src/chrome/locale/af/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/af/torlauncher.properties b/src/chrome/locale/af/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/af/torlauncher.properties +++ b/src/chrome/locale/af/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ak/network-settings.dtd b/src/chrome/locale/ak/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ak/network-settings.dtd +++ b/src/chrome/locale/ak/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ak/torlauncher.properties b/src/chrome/locale/ak/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ak/torlauncher.properties +++ b/src/chrome/locale/ak/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/am/network-settings.dtd b/src/chrome/locale/am/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/am/network-settings.dtd +++ b/src/chrome/locale/am/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/am/torlauncher.properties b/src/chrome/locale/am/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/am/torlauncher.properties +++ b/src/chrome/locale/am/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ar/network-settings.dtd b/src/chrome/locale/ar/network-settings.dtd index 3549bb6..7b7135b 100644 --- a/src/chrome/locale/ar/network-settings.dtd +++ b/src/chrome/locale/ar/network-settings.dtd @@ -2,14 +2,14 @@  -<!ENTITY torsettings.prompt "عليك توفير معلومات حول اتصال هذا الحاسب بالإنترنت قبل أن تحاول الاتصال بشبكة Tor."> +<!ENTITY torsettings.prompt "عليك توفير معلومات حول اتصال هذا الحاسب بالإنترنت قبل أن تحاول الاتصال بشبكة تور."> <!ENTITY torSettings.yes "نعم"> <!ENTITY torSettings.no "لا"> <!ENTITY torSettings.firstQuestion "أي مما يلي يعتبر وصف افضل لموقفك؟"> -<!ENTITY torSettings.configurePrompt1 " اتصال الإنترنت لهذا الكمبيوتر مُراقب، أو مصفى، أو يعمل ببروكسي."> -<!ENTITY torSettings.configurePrompt2 "علي تكوين إعدادات الجسر أو جدار الحماية أو الوكيل."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "تكوين"> <!ENTITY torSettings.connectPrompt2 "أود الاتصال مباشرة إلى شبكة تور."> <!ENTITY torSettings.connectPrompt3 "سيفيد هذا في معظم الحالات."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "إذا لم تكن متأكدا من كيفية الإجابة على هذا السؤال، إلقي نظرة على إعدادات الإنترنت في متصفح آخر حتي تتأكد إذا كان يستخدام بروكسي."> <!ENTITY torSettings.enterProxy "أدخل إعدادات البروكسي."> -<!ENTITY torSettings.firewallQuestion "هل اتصال الإنترنت لهذا الكمبيوتر يمر بجدار حماية يسمح بالاتصال فقط من خلال منافذ معينة؟"> -<!ENTITY torSettings.firewallHelp "إذا لم تكن متأكدا من كيفية الإجابة على هذا السؤال، اختار لا. إذا واجهتك مشاكل في الاتصال بشبكة تور, غيير هذا الإعداد."> -<!ENTITY torSettings.enterFirewall "إدخل قائمة مفصولة بفواصل من المنافذ التي يسمح بها جدار الحماية."> <!ENTITY torSettings.bridgeQuestion "هل يقوم مقدم خدمة الإنترنت (ISP) الذي تتعامل معه بحجب الاتصالات بشبكة Tor أو مراقبتها بطريقة أخرى؟"> <!ENTITY torSettings.bridgeHelp "إذا لم تكن متأكدا من إجابة هذا السؤال، قم باختيار لا.   إذا قمت باختيار نعم، فسيطلب منك تكوين جسور Tor والتي هي منافذ ترحيل غير مدرجة تصعب عملية حظر الاتصالات بشبكة Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "يمكنك استخدام مجموعة الجسور المتوفرة أو الحصول على مجموعة مخصصة من الجسور."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "من خلال الويب"> <!ENTITY torsettings.bridgeHelp2 "استخدم متصفح ويب لزيارة https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "من خلال المستجيب التلقائي للبريد الإلكتروني"> -<!ENTITY torsettings.bridgeHelp3 "ارسل بريد إلكتروني إلى bridges(a)torproject.org يحتوي علي 'get bridges' في قلب البريد. و حتي تضمن وصول ذلك البريد لنا بنجاح استخدم إما gmail.com أو yahoo.com"> +<!ENTITY torsettings.bridgeHelp3.emailDesc "ارسل رساله الى bridges(a)torproject.org مع العباره "get bridges" في وسط الصفحه .&#160 , ولكن بأمكانك ان تجعل الرساله اكثر امناً و مستصعبه للمخترق (الهاكر) ان يراها عن طريق استخدام من المواقع الريد المشهوره Gmail و Yahoo "> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net او https://mail.google.com, او https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "من خلال مكتب المساعدة"> <!ENTITY torsettings.bridgeHelp4 "يمكنك طلب عناوين الجسر، كحل أخير، من خلال إرسال رسالة بريد إلكتروني مهذبة إلى help(a)rt.torproject.org.  يرجى ملاحظة أنه يجب أن يرد شخص ما على كل طلب."> diff --git a/src/chrome/locale/ar/torlauncher.properties b/src/chrome/locale/ar/torlauncher.properties index 1a1882a..1138a57 100644 --- a/src/chrome/locale/ar/torlauncher.properties +++ b/src/chrome/locale/ar/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=مُشغل تور -torlauncher.tor_exited=توقف تور عن العمل بشكل غير متوقع. -torlauncher.tor_connection_lost=قد تم فقدك اتصالك بشبكة تور. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=اعادة تشغيل تور لا يغلق الصفحات. torlauncher.tor_controlconn_failed=تعذر الاتصال بمنفذ التحكم الخاص بتور. torlauncher.tor_failed_to_start=تور فشل في بدء التشغيل. torlauncher.tor_control_failed=تعذر التحكم في تور. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=هذا النوع غير متوفر ب torlauncher.recommended_bridge=(موصى به) torlauncher.connect=اتصل -torlauncher.reconnect=إعادة الإتصال +torlauncher.restart_tor=إعادة تشغيل تور torlauncher.quit=إنهاء torlauncher.quit_win=خروج torlauncher.done=تم torlauncher.forAssistance=للمساعدة, اتصل بـ %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=جارٍ الاتصال بدليل التحويلات torlauncher.bootstrapStatus.handshake_dir=ينشئ اتصالا مشفرا بالدليل torlauncher.bootstrapStatus.requesting_status=الحصول على حالة الشبكة diff --git a/src/chrome/locale/arn/network-settings.dtd b/src/chrome/locale/arn/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/arn/network-settings.dtd +++ b/src/chrome/locale/arn/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/arn/torlauncher.properties b/src/chrome/locale/arn/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/arn/torlauncher.properties +++ b/src/chrome/locale/arn/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ast/network-settings.dtd b/src/chrome/locale/ast/network-settings.dtd index 028263c..a97dd47 100644 --- a/src/chrome/locale/ast/network-settings.dtd +++ b/src/chrome/locale/ast/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Non"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ast/torlauncher.properties b/src/chrome/locale/ast/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ast/torlauncher.properties +++ b/src/chrome/locale/ast/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/az/network-settings.dtd b/src/chrome/locale/az/network-settings.dtd index b9ca7d7..3cf2d1d 100644 --- a/src/chrome/locale/az/network-settings.dtd +++ b/src/chrome/locale/az/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Xeyr"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/az/torlauncher.properties b/src/chrome/locale/az/torlauncher.properties index b59761b..a70b15b 100644 --- a/src/chrome/locale/az/torlauncher.properties +++ b/src/chrome/locale/az/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Çıx torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/be/network-settings.dtd b/src/chrome/locale/be/network-settings.dtd index f46473e..352d7c9 100644 --- a/src/chrome/locale/be/network-settings.dtd +++ b/src/chrome/locale/be/network-settings.dtd @@ -4,12 +4,12 @@ <!ENTITY torsettings.prompt "Before you connect to the Tor network, you need to provide information about this computer's Internet connection."> -<!ENTITY torSettings.yes "Yes"> -<!ENTITY torSettings.no "No"> +<!ENTITY torSettings.yes "Так"> +<!ENTITY torSettings.no "Не"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -39,7 +36,7 @@ <!ENTITY torsettings.useProxy.address.placeholder "IP address or hostname"> <!ENTITY torsettings.useProxy.port "Port:"> <!ENTITY torsettings.useProxy.username "Username:"> -<!ENTITY torsettings.useProxy.password "Password:"> +<!ENTITY torsettings.useProxy.password "Пароль:"> <!ENTITY torsettings.useProxy.type.socks4 "SOCKS 4"> <!ENTITY torsettings.useProxy.type.socks5 "SOCKS 5"> <!ENTITY torsettings.useProxy.type.http "HTTP / HTTPS"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/be/torlauncher.properties b/src/chrome/locale/be/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/be/torlauncher.properties +++ b/src/chrome/locale/be/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/bg/network-settings.dtd b/src/chrome/locale/bg/network-settings.dtd index f8f6c79..27ae588 100644 --- a/src/chrome/locale/bg/network-settings.dtd +++ b/src/chrome/locale/bg/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Не"> <!ENTITY torSettings.firstQuestion "Кое от следните описва най-добре вашата ситуация?"> -<!ENTITY torSettings.configurePrompt1 "Интернет връзката на този компютър е цензурирана,филтрирана или преминава през прокси."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Конфигурирай"> <!ENTITY torSettings.connectPrompt2 "Бих искал да се свържа директно към Tor мрежата."> <!ENTITY torSettings.connectPrompt3 "Това ще работи при повечето ситуации."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Ако не сте сигурни как да отговорите на този въпрос проверете интернет настройките на друг браузър,за да видите дали е настроен да използва прокси."> <!ENTITY torSettings.enterProxy "Въведете настройките за прокси."> -<!ENTITY torSettings.firewallQuestion "Интернет връзката на този компютър преминава ли през firewall,който позволява връзки към определени портове?"> -<!ENTITY torSettings.firewallHelp "Ако не сте сигурни как да отговорите на въпроса,изберете Не.Ако срещнете проблеми при свързване към Tor мрежата променете тези настройки."> -<!ENTITY torSettings.enterFirewall "Въведете списък с портове разделени със запетая,които са позволени от firewall."> <!ENTITY torSettings.bridgeQuestion "Блокирани или цензурирани ли са връзките към Tor Мрежата от вашият Интернет Доставчик(ISP)?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "През Web"> <!ENTITY torsettings.bridgeHelp2 "Използвайте уеб браузър за да посетите https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/bg/torlauncher.properties b/src/chrome/locale/bg/torlauncher.properties index 9073054..2363674 100644 --- a/src/chrome/locale/bg/torlauncher.properties +++ b/src/chrome/locale/bg/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Тор лънчер -torlauncher.tor_exited=Тор спря принудително -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Тор няма връзка с контролния порт torlauncher.tor_failed_to_start=Тор не стартира успешно torlauncher.tor_control_failed=Неуспя да поеме контрол над Тор. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Никой от избраните м torlauncher.recommended_bridge=(препоръчително) torlauncher.connect=Свържи се -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Край torlauncher.quit_win=Изход torlauncher.done=Готово torlauncher.forAssistance=За съдействие , моля свържете се с %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Свързване с препредаващата директория torlauncher.bootstrapStatus.handshake_dir=Осъществяване на връзка с криптираната директория torlauncher.bootstrapStatus.requesting_status=Получаване на информация за статуса на мрежата diff --git a/src/chrome/locale/bn-IN/network-settings.dtd b/src/chrome/locale/bn-IN/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/bn-IN/network-settings.dtd +++ b/src/chrome/locale/bn-IN/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/bn-IN/torlauncher.properties b/src/chrome/locale/bn-IN/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/bn-IN/torlauncher.properties +++ b/src/chrome/locale/bn-IN/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/bn/network-settings.dtd b/src/chrome/locale/bn/network-settings.dtd index 21754aa..3e6b70c 100644 --- a/src/chrome/locale/bn/network-settings.dtd +++ b/src/chrome/locale/bn/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/bn/torlauncher.properties b/src/chrome/locale/bn/torlauncher.properties index f77c6fe..c745e20 100644 --- a/src/chrome/locale/bn/torlauncher.properties +++ b/src/chrome/locale/bn/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/bo/network-settings.dtd b/src/chrome/locale/bo/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/bo/network-settings.dtd +++ b/src/chrome/locale/bo/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/bo/torlauncher.properties b/src/chrome/locale/bo/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/bo/torlauncher.properties +++ b/src/chrome/locale/bo/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/br/network-settings.dtd b/src/chrome/locale/br/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/br/network-settings.dtd +++ b/src/chrome/locale/br/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/br/torlauncher.properties b/src/chrome/locale/br/torlauncher.properties index 306f505..5860c8a 100644 --- a/src/chrome/locale/br/torlauncher.properties +++ b/src/chrome/locale/br/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(erbedet) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/bs/network-settings.dtd b/src/chrome/locale/bs/network-settings.dtd index 8dccace..8f9ec4d 100644 --- a/src/chrome/locale/bs/network-settings.dtd +++ b/src/chrome/locale/bs/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Ne"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/bs/torlauncher.properties b/src/chrome/locale/bs/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/bs/torlauncher.properties +++ b/src/chrome/locale/bs/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ca/network-settings.dtd b/src/chrome/locale/ca/network-settings.dtd index 638d506..a29491f 100644 --- a/src/chrome/locale/ca/network-settings.dtd +++ b/src/chrome/locale/ca/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Quina de les següuens descriula teva situació?"> -<!ENTITY torSettings.configurePrompt1 "La connexió a internet d'aquest ordinador està censurada, filtrada o usa Proxys"> -<!ENTITY torSettings.configurePrompt2 "Necessito configurar un pont, el tallafocs o els paràmetres del proxy."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configura"> <!ENTITY torSettings.connectPrompt2 "M'agradaria conectar-me directament a la xarxa Tor."> <!ENTITY torSettings.connectPrompt3 "Això funciona en la majoria dels casos."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Si no estas segur de com respondre a aquesta pregunta, observa els paràmetres d'Internet en un altre navegador per veure si està configurat per utilitzar un proxy."> <!ENTITY torSettings.enterProxy "Introdueix les opcions del proxy."> -<!ENTITY torSettings.firewallQuestion "La connexió d'aquest ordinador va a través d'un firewall que només permet les connexions per certs ports?"> -<!ENTITY torSettings.firewallHelp "Si no estas segur de com respondre a aquesta pregunta, selecciona no. Si tens problemes de connexió per la xarxa Tor, canvia aquest paràmetre."> -<!ENTITY torSettings.enterFirewall "Escriviu una llista separada per comes dels ports que estan permesos pel proxy."> <!ENTITY torSettings.bridgeQuestion "El vostre proveïdor d'Internet (ISP) bloqueja o censura les connexions a la Xarxa Tor?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "Hauries d'utilitzar el set de repetidors provist o customitzar el teu propi."> @@ -60,6 +57,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "A través del web"> <!ENTITY torsettings.bridgeHelp2 "Utilitza un navegador web o vés a: https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "A través del mail d'autorresposta."> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "A través del Escriptori d'Ajuda"> <!ENTITY torsettings.bridgeHelp4 "Com a última opció, pots demanar adreces de repetidors enviant un missatge a help(a)rt.torproject.org.  siusplau recorda que serà una persona qui et respondrà, siguis pacient i amable."> diff --git a/src/chrome/locale/ca/torlauncher.properties b/src/chrome/locale/ca/torlauncher.properties index 161efa0..636fe1b 100644 --- a/src/chrome/locale/ca/torlauncher.properties +++ b/src/chrome/locale/ca/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Inicialitzador Tor -torlauncher.tor_exited=Tor ha sortit inesperadament. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Nos'ha pogut conectar al port de control Tor torlauncher.tor_failed_to_start=Tor ha fallat al iniciar. torlauncher.tor_control_failed=No s'ha pogut prendre el control de Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No hi ha ponts subministrats que tingu torlauncher.recommended_bridge=(recomanat) torlauncher.connect=Conectar -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Surt torlauncher.quit_win=Surt torlauncher.done=Fet torlauncher.forAssistance=Per assistència, contacta %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=S'està establint una connexió a un directori xifrat torlauncher.bootstrapStatus.requesting_status=S'està rebent l'estat de la xarxa diff --git a/src/chrome/locale/cs/network-settings.dtd b/src/chrome/locale/cs/network-settings.dtd index ff97202..4059981 100644 --- a/src/chrome/locale/cs/network-settings.dtd +++ b/src/chrome/locale/cs/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Ne"> <!ENTITY torSettings.firstQuestion "Která možnost nejlépe popisuje Vaši situaci?"> -<!ENTITY torSettings.configurePrompt1 "Toto připojení počítače k internetu je cenzurováno, filtrováno, nebo zprostředkováno."> -<!ENTITY torSettings.configurePrompt2 "Potřebuji nastavit síťový most, firewall, nebo nastavní proxy."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Konfigurovat"> <!ENTITY torSettings.connectPrompt2 "Chtěl bych se přímo připojit k Tor síti."> <!ENTITY torSettings.connectPrompt3 "Toto bude fungovat ve většině případů."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Jestli nevíte jak odpovědět na tuto otázku, podívejte se na internetové nastavení v jiném prohlížeči, aby jste zjistili, zda je nakonfigurován k použití proxy."> <!ENTITY torSettings.enterProxy "Zadejte nastavení serveru proxy."> -<!ENTITY torSettings.firewallQuestion "Je počítač připojen k internetu přes firewall, který povoluje připojení pouze přes některé porty?"> -<!ENTITY torSettings.firewallHelp "Jestli si nejste jisti, jak odpovědět na otázku, odpovězte NE. Jestliže narazíte na problémy s připojením k Tor síti, změňte toto nastavení."> -<!ENTITY torSettings.enterFirewall "Zadejte čárkami oddělený seznam portů, které jsou povoleny firewallem."> <!ENTITY torSettings.bridgeQuestion "Blokuje nebo jinak cenzuruje váš poskytovatel internetového připojení (ISP) spojení se sítí TORu?"> <!ENTITY torSettings.bridgeHelp "Pokud si nejste jistí jak odpovědět na tuto otázku, zvolte No.  Pokud vyberete Ano, budete vyzváni k nastavení Mostů TORu, což jsou přenašeče neuvedené v seznamu, které dělají blokování spojení se sítí TORu složitější."> <!ENTITY torSettings.bridgeSettingsPrompt "Můžete použít poskytnutou sadu síťových mostů nebo můžete získat a zadat vlastní sadu."> @@ -29,7 +26,7 @@  <!ENTITY torsettings.startingTor "Čekání na start TORu"> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "Restartovat Tor"> <!ENTITY torsettings.optional "Volitelný"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Přes síť"> <!ENTITY torsettings.bridgeHelp2 "Použijte internetový prohlížeč k návštěvě https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Přes automatický e-mailový odpovídač"> -<!ENTITY torsettings.bridgeHelp3 "Pošlete e-mail na bridges(a)torproject.org s větou 'get bridges' jako takovou v těle zprávy.  Nicméně abychom ztížili útočníkovi zjištění spousty adres, musíte tento požadavek poslat z e-mailové adresy gmail.com nebo yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Přes zákaznickou linku"> <!ENTITY torsettings.bridgeHelp4 "Jako poslední řešení si můžete vyžádat adresy síťových mostů tak, že zašlete slušný e-mail na help(a)rt.torproject.org.  Vezměte v úvahu si prosím, že na každý požadavek musí odpovědět člověk."> diff --git a/src/chrome/locale/cs/torlauncher.properties b/src/chrome/locale/cs/torlauncher.properties index caa3810..48114f5 100644 --- a/src/chrome/locale/cs/torlauncher.properties +++ b/src/chrome/locale/cs/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor spouštěč -torlauncher.tor_exited=Tor znenadání skončil. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor byl neočekávaně ukončen. To by mohlo být způsobeno chybou v Toru, jiném programu na vašem systému, nebo vadným hardware. Dokud nerestartujete Tor, nebude Tor Browser schopen dosáhnout jakékoli webové stránky. Pokud problém přetrvává, prosím pošlete týmu podpory kopii souboru Tor Logu. +torlauncher.tor_exited2=Restartování Tor nebude zavírat záložky prohlížeče. torlauncher.tor_controlconn_failed=Nemohu se připojit ke kontrolnímu portu Tor. torlauncher.tor_failed_to_start=Tor nenastartoval. torlauncher.tor_control_failed=Nezdařilo se převzít kontrolu nad Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Nejsou zadané žádné bridge, které torlauncher.recommended_bridge=(doporučeno) torlauncher.connect=Připojit -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restartovat Tor torlauncher.quit=Ukoncit torlauncher.quit_win=Konec torlauncher.done=Hotovo torlauncher.forAssistance=Pro asistenci kontaktujte %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Připojování do adresáře uzlu torlauncher.bootstrapStatus.handshake_dir=Navazuji spojení s šifrovaným adresářem torlauncher.bootstrapStatus.requesting_status=Zjišťuji stav sítě diff --git a/src/chrome/locale/csb/network-settings.dtd b/src/chrome/locale/csb/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/csb/network-settings.dtd +++ b/src/chrome/locale/csb/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/csb/torlauncher.properties b/src/chrome/locale/csb/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/csb/torlauncher.properties +++ b/src/chrome/locale/csb/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/cv/network-settings.dtd b/src/chrome/locale/cv/network-settings.dtd index 8551533..c8a555d 100644 --- a/src/chrome/locale/cv/network-settings.dtd +++ b/src/chrome/locale/cv/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Çук"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/cv/torlauncher.properties b/src/chrome/locale/cv/torlauncher.properties index b68511b..f55f173 100644 --- a/src/chrome/locale/cv/torlauncher.properties +++ b/src/chrome/locale/cv/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Çыхăнтар -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/cy/network-settings.dtd b/src/chrome/locale/cy/network-settings.dtd index 9525451..541f1cd 100644 --- a/src/chrome/locale/cy/network-settings.dtd +++ b/src/chrome/locale/cy/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Na"> <!ENTITY torSettings.firstQuestion "Pa un o'r canlynol sy'n disgrifio'ch sefyllfa orau?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "Mae angen i mi ffurweddu pont, mur gwarchod, neu osodiadau dirprwy."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Ffurfweddu"> <!ENTITY torSettings.connectPrompt2 "Hoffwn gysylltu'n uniongyrchol â rhwydwaith Tor."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Rhowch osodiadau'r dirprwy."> -<!ENTITY torSettings.firewallQuestion "A yw cysylltiad Rhyngrwyd y cyfrifiadur hwn yn mynd trwy mur gwarchod sy'n caniatau cysylltiadau i rai pyrth penodol?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/cy/torlauncher.properties b/src/chrome/locale/cy/torlauncher.properties index 2fce140..5119e81 100644 --- a/src/chrome/locale/cy/torlauncher.properties +++ b/src/chrome/locale/cy/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Lansiwr Tor -torlauncher.tor_exited=Gadawodd Tor ar hap. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Ni allai gysylltu â'r porth rheolaeth Tor. torlauncher.tor_failed_to_start=Methodd Tor gychwyn. torlauncher.tor_control_failed=Methu cymryd rheolaeth o Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Does ddim pontiau a ddatparwyd gyda'r torlauncher.recommended_bridge=(awgrymwyd) torlauncher.connect=Cysylltu -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Cau torlauncher.quit_win=Gadael torlauncher.done=Wedi gorffen torlauncher.forAssistance=Am gymorth, cysylltu â %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Cysylltu i cyfeiriadur cyfnewid torlauncher.bootstrapStatus.handshake_dir=Yn sefydlu cysylltiad cyfeiriadur amgryptiedig torlauncher.bootstrapStatus.requesting_status=Yn adalw statws y rhwydwaith diff --git a/src/chrome/locale/da/network-settings.dtd b/src/chrome/locale/da/network-settings.dtd index da32cfc..0c8817a 100644 --- a/src/chrome/locale/da/network-settings.dtd +++ b/src/chrome/locale/da/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nej"> <!ENTITY torSettings.firstQuestion "Hvilke af de følgende beskriver bedst din situation?"> -<!ENTITY torSettings.configurePrompt1 "Denne computers internetforbindelse er censureret, filtreret, eller føres igennem en proxy."> -<!ENTITY torSettings.configurePrompt2 "Jeg ønsker at konfigurere bro, firewall eller proxy indstillinger"> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Indstil"> <!ENTITY torSettings.connectPrompt2 "Jeg vil forbinde direkte til Tor netværket."> <!ENTITY torSettings.connectPrompt3 "Dette vil virker i de fleste situationer"> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Hvis du ikke kender svaret på dette spørgsmål, så kig på internetindstillingerne i en anden browser for at se om den er konfigureret til at bruge en proxy."> <!ENTITY torSettings.enterProxy "Indtast proxy-indstillinger."> -<!ENTITY torSettings.firewallQuestion "Går denne computers internetforbindelse igennem en firewall som kun tillader forbindelse til visse porte?"> -<!ENTITY torSettings.firewallHelp "Hvis du ikke er sikker på hvordan du skal svare på dette spørgsmål, vælg Nej. Hvis du løber ind i problemer med at forbinde til Tor netværket, skal du ændre denne indstilling."> -<!ENTITY torSettings.enterFirewall "Indtast en komma-separeret liste over porte der er tilladt på firewallen."> <!ENTITY torSettings.bridgeQuestion "Blokerer eller censurerer din internetudbyder (ISP) forbindelser til Tor netværket?"> <!ENTITY torSettings.bridgeHelp "Hvis du er usikker på svaret til dette spørgsmål, vælg No.  Hvis du vælger Ja, vil du blive bedt om at konfigurere Tor Broer, der er ulistede relays, som gør det sværere at blokere forbindelser til Tor Netværket."> <!ENTITY torSettings.bridgeSettingsPrompt "Du kan bruge det tildelte sæt broer eller du kan hente og indtaste et skræddersyet sæt broer."> @@ -29,7 +26,7 @@  <!ENTITY torsettings.startingTor "Venter på at Tor starter..."> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "Genstart Tor"> <!ENTITY torsettings.optional "Valgfri"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "På nettet"> <!ENTITY torsettings.bridgeHelp2 "Brug en browser og besøg https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Via den automatiske email service"> -<!ENTITY torsettings.bridgeHelp3 "Send en email til bridges(a)torproject.org kun bestående af linjen 'get bridges' i indholdet.  For at gøre det sværere at få kendskab til alle bro adresser med henblik på blokering er det kun muligt at sende fra en gmail.com eller yahoo.com email adresse."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Via vores Help Desk"> <!ENTITY torsettings.bridgeHelp4 "Som en sidste mulighed kan du bede om at få en bro adresse tilsendt ved at sende en venlig email to help(a)rt.torproject.org.  Bemærk venligst at alle emails besvares manuelt."> diff --git a/src/chrome/locale/da/torlauncher.properties b/src/chrome/locale/da/torlauncher.properties index 12bb8af..2d356fc 100644 --- a/src/chrome/locale/da/torlauncher.properties +++ b/src/chrome/locale/da/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor starter -torlauncher.tor_exited=Tor lukkede uventet. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Kunne ikke forbinde til Tor kontrol-porten. torlauncher.tor_failed_to_start=Tor kunne ikke starte. torlauncher.tor_control_failed=Det lykkedes ikke at tage kontrol over Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Ingen tildelte broer med transporttype torlauncher.recommended_bridge=(Anbefalet) torlauncher.connect=Tilslut -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Genstart Tor torlauncher.quit=Afslut torlauncher.quit_win=Afslut torlauncher.done=Færdig torlauncher.forAssistance=For hjælp, kontakt %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Tilslutter til relæ mappe torlauncher.bootstrapStatus.handshake_dir=Opretter en krypteret mappe forbindelse torlauncher.bootstrapStatus.requesting_status=Henter netværk status diff --git a/src/chrome/locale/de/network-settings.dtd b/src/chrome/locale/de/network-settings.dtd index 1409260..2ccb333 100644 --- a/src/chrome/locale/de/network-settings.dtd +++ b/src/chrome/locale/de/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nein"> <!ENTITY torSettings.firstQuestion "Was beschreibt Ihre Situation am besten?"> -<!ENTITY torSettings.configurePrompt1 "Die Internetverbindung dieses Rechner ist zensiert, gefiltert oder vermittelt."> -<!ENTITY torSettings.configurePrompt2 "Ich muss die Einstellungen der Brücke, der Firewall oder des Vermittlungsservers einstellen."> +<!ENTITY torSettings.configurePrompt1 "Die Internetverbindung dieses Rechner ist zensiert oder vermittelt."> +<!ENTITY torSettings.configurePrompt2 "Ich muss die Brücken- und Vermittlungsservereinstellungen konfigurieren."> <!ENTITY torSettings.configure "Konfigurieren"> <!ENTITY torSettings.connectPrompt2 "Ich würde gerne direkt eine Verbindung zum Tor-Netzwerk herstellen."> <!ENTITY torSettings.connectPrompt3 "Das wird in den meisten Situationen funktionieren."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Wenn Sie sich nicht sicher sind, dann schauen Sie in die Einstellungen ihres normalen Browsers ob dort ein Vermittlungsserver eingerichtet ist."> <!ENTITY torSettings.enterProxy "Vermittlungseinstellungen eingeben."> -<!ENTITY torSettings.firewallQuestion "Benutzt die Internetverbindung dieses Rechners eine Firewall, die nur Verbindungen zu bestimmten Anschlüssen zulässt?"> -<!ENTITY torSettings.firewallHelp "Wenn Sie sich nicht sicher sind, wählen Sie Nein. Wenn Sie dann Probleme haben eine Verbindung zum Tor-Netzwerk herzustellen, ändern Sie diese Einstellung."> -<!ENTITY torSettings.enterFirewall "Geben Sie hier die Anschlüsse ein, die von der Firewall erlaubt werden. Trennen Sie die Anschlüsse jeweils mit einem Komma."> <!ENTITY torSettings.bridgeQuestion "Blockiert oder zensiert Ihr Internetdienstanbieter (ISP) Verbindungen zum Tor-Netzwerk?"> <!ENTITY torSettings.bridgeHelp "Wenn Sie sich nicht sicher sind, wie Sie diese Frage beantworten sollen, wählen Sie Nr.  Wenn Sie Ja wählen, werden Sie aufgefordert, die Torbrücken zu konfigurieren. Die nicht aufgeführte Relais sind, was es schwieriger macht, Verbindungen zum Tor-Netzwerk zu blockieren."> <!ENTITY torSettings.bridgeSettingsPrompt "Sie könne den bereitgestellten Satz an Brücken verwenden oder Sie können welche erhalten, und geben einen benutzerdefinierten Satz an Brücken ein."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Durch das Internet"> <!ENTITY torsettings.bridgeHelp2 "Benutzen Sie einen Browser und besuchen Sie https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Durch die automatische E-Mail-Antwort"> -<!ENTITY torsettings.bridgeHelp3 "Schreiben Sie eine E-Mail an bridges(a)torproject.org mit dem Nachrichteninhalt »get bridges«.  Doch um es schwieriger für einen Angreifer zu machen, eine Menge von Brückenadressen zu erfahren, müssen Sie diese Anfrage von einer gmail.com oder yahoo.com E-Mail-Adresse schicken."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Schicken Sie eine E-Mail mit dem Text 'get bridges' an bridges(a)torproject.org. Um Missbrauch durch das Auslesen großer Mengen an Brücken zu erschweren, muss Ihre Anfrage jedoch von einer der folgenden E-Mail Anbieter kommen:"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, oder https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Durch die Beratungsstelle"> <!ENTITY torsettings.bridgeHelp4 "Brückenadressen können auch mit Hilfe einer höflichen E-Mail an help(a)rt.torproject.org angefordert werden.  Bitte beachten Sie, dass jede Anfrage einzeln bearbeitet werden muss."> diff --git a/src/chrome/locale/de/progress.dtd b/src/chrome/locale/de/progress.dtd index 45bd6d6..3386f46 100644 --- a/src/chrome/locale/de/progress.dtd +++ b/src/chrome/locale/de/progress.dtd @@ -1,4 +1,4 @@ <!ENTITY torprogress.dialog.title "Tor-Status"> <!ENTITY torprogress.openSettings "Einstellungen öffnen"> -<!ENTITY torprogress.heading "Mit dem Tor-Netzwerk verbinden"> -<!ENTITY torprogress.pleaseWait "Bitte warten Sie während die Verbindung zum Tor-Netzwerk hergestellt wird."> +<!ENTITY torprogress.heading "Mit dem Tor-Netzwerk wird verbinden"> +<!ENTITY torprogress.pleaseWait "Bitte warten, während die Verbindung zum Tor-Netzwerk hergestellt wird."> diff --git a/src/chrome/locale/de/torlauncher.properties b/src/chrome/locale/de/torlauncher.properties index 7ef626d..5dc89c9 100644 --- a/src/chrome/locale/de/torlauncher.properties +++ b/src/chrome/locale/de/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor-Starter -torlauncher.tor_exited=Tor wurde unerwartet geschlossen. -torlauncher.tor_connection_lost=Ihre Verbindung zum Tor-Netzwerk ist verloren gegangen. +torlauncher.tor_exited=Tor wurde unerwartet beendet. Das kann an einem Fehler von Tor selbst, an einem anderen Programm auf ihrem System oder fehlerhaften Geräten liegen. Bis Sie Tor neu starten, kann der Tor-Browser keine Internetseiten mehr erreichen. Wenn das Problem bestehen bleibt, bitte eine Kopie des Tor-Protokolls an die Unterstützungsmannschaft senden. +torlauncher.tor_exited2=Das Neustarten von Tor wird die Reiter Ihres Browsers nicht schließen. torlauncher.tor_controlconn_failed=Zum Tor-Kontrollanschluss konnte keine Verbindung hergestellt werden. torlauncher.tor_failed_to_start=Der Start von Tor ist fehlgeschlagen. torlauncher.tor_control_failed=Fehler, die Kontrolle über Tor zu übernehmen. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Es sind keine bereitgestellten Brücke torlauncher.recommended_bridge=(empfohlen) torlauncher.connect=Verbinden -torlauncher.reconnect=Wieder verbinden +torlauncher.restart_tor=Tor neustarten torlauncher.quit=Schließen torlauncher.quit_win=Beenden torlauncher.done=Fertig torlauncher.forAssistance=Falls Sie Hilfe benötigen, kontaktieren Sie %S +torlauncher.copiedNLogMessages=Kopie vollständig. %S Tor-Protokollnachrichten sind bereit, um in eine Textbearbeitung oder in eine E-Mail-Nachricht eingefügt zu werden. + torlauncher.bootstrapStatus.conn_dir=Zu einem Relaisverzeichnis wird verbunden torlauncher.bootstrapStatus.handshake_dir=Es wird eine verschlüsselte Verbindung zu einem Verzeichnis hergestellt torlauncher.bootstrapStatus.requesting_status=Netzwerkstatus wird abgerufen diff --git a/src/chrome/locale/dz/network-settings.dtd b/src/chrome/locale/dz/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/dz/network-settings.dtd +++ b/src/chrome/locale/dz/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/dz/torlauncher.properties b/src/chrome/locale/dz/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/dz/torlauncher.properties +++ b/src/chrome/locale/dz/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/el/network-settings.dtd b/src/chrome/locale/el/network-settings.dtd index a9a6bfd..0727666 100644 --- a/src/chrome/locale/el/network-settings.dtd +++ b/src/chrome/locale/el/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Οχι"> <!ENTITY torSettings.firstQuestion "Ποιο από τα παρακάτω περιγράφει καλύτερα την κατάστασή σας;"> -<!ENTITY torSettings.configurePrompt1 "Σύνδεση στο διαδικτυο αυτού του υπολογιστή λογοκρινετε, φιλτραρετε ή εμποδιζετε γενικως. "> -<!ENTITY torSettings.configurePrompt2 "Χρειάζονται ρυθμίσεις για τις γέφυρες, για το firewall, ή για τον proxy μου."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Ρύθμιση "> <!ENTITY torSettings.connectPrompt2 "Θα ήθελα να συνδεθεί άμεσα με το δίκτυο Tor."> <!ENTITY torSettings.connectPrompt3 "Αυτό θα λειτουργήσει στις περισσότερες περιπτώσεις."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Εάν δεν είστε βέβαιοι πώς να απαντήσετε στο ερώτημα αυτό, δείτε τις ρυθμίσεις διαδικτυου σε άλλο φυλλομετρητή για να δείτε αν έχει ρυθμιστεί να χρησιμοποιεί διακομιστή μεσολάβησης."> <!ENTITY torSettings.enterProxy "Εισάγωγη των ρυθμίσεων διακομιστή μεσολάβησης."> -<!ENTITY torSettings.firewallQuestion "Πηγαίνει μέσω ενός τείχους προστασίας που επιτρέπει μόνο συνδέσεις σε ορισμένες θύρες σύνδεσης Internet αυτού του υπολογιστή;"> -<!ENTITY torSettings.firewallHelp "Εάν δεν είστε βέβαιοι πώς να απαντήσετε στο ερώτημα αυτό, επιλέξτε Όχι. Εάν αντιμετωπίζετε προβλήματα με τη σύνδεση με το δίκτυο Tor, αλλάξτε αυτή τη ρύθμιση. "> -<!ENTITY torSettings.enterFirewall "Πληκτρολογήστε μια λίστα διαχωρισμένη με κόμματα των θυρών που επιτρέπονται από το firewall."> <!ENTITY torSettings.bridgeQuestion "Γνωρίζετε αν ο πάροχος (ISP) σας μπλοκάρει ή με οποιοδήποτε τρόπο ελέγχει συνδέσεις στο δίκτυο Tor?"> <!ENTITY torSettings.bridgeHelp "Αν δε ξέρετε πώς να απαντήσετε εδώ, επιλέξτε "Όχι".  Αν επιλέξετε "Ναι", θα σας ζητήσω να ρυθμίσετε γέφυρες Tor, που είναι μη ευρέως γνωστά κανάλια εισόδου στο δίκτυο Tor, που δυσκολεύουν όσους προσπαθούν να μπλοκάρουν τις συνδέσεις στο δίκτυο Tor."> @@ -60,6 +57,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Μέσω του Διαδικτύου"> <!ENTITY torsettings.bridgeHelp2 "Χρησιμοποιήστε έναν φυλλομετρητή για να επισκεφτείτε το https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Μέσω της Αυτοματοποιημένης Απάντησης Email"> -<!ENTITY torsettings.bridgeHelp3 "Στείλτε email στο bridges(a)torproject.org με μόνο με τις λέξεις 'get bridges' στο κείμενο.  Για να δυσκολέψουμε τους αντιπάλους μας που θέλουν μα μάθουν πολλές διευθύνσεις γεφυρών, δεχόμαστε μηνύματα μόνο από διευθύνσεις που τελειώνουν σε gmail.com ή yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Μέσω της Υποστήριξης"> <!ENTITY torsettings.bridgeHelp4 "Αν όλα τα άλλα αποτύχουν, μπορείτε να ζητήσετε διευθύνσεις γεφυρών στέλνοντας ένα ευγενικό email στο help(a)rt.torproject.org.  Σημείωση: Κάποιος εθελοντής θα πρέπει να απαντήσει χειροκίνητα (συνεπώς η απάντηση ίσως αργήσει)."> diff --git a/src/chrome/locale/el/torlauncher.properties b/src/chrome/locale/el/torlauncher.properties index 5ea3b28..7f10f07 100644 --- a/src/chrome/locale/el/torlauncher.properties +++ b/src/chrome/locale/el/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Το Tor σταμάτησε απροσδόκητα -torlauncher.tor_connection_lost= Η σύνδεση στο δίκτυο Tor χάθηκε. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Δεν ήταν δυνατή η σύνδεση με την υποδοχη ελέγχου του Tor. torlauncher.tor_failed_to_start=Αδυναμία εκκίνησης του Tor. torlauncher.tor_control_failed=Απέτυχε να πάρει τον έλεγχο του Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Δεν υπάρχουν γέφυρες torlauncher.recommended_bridge=(συνιστάται) torlauncher.connect=Σύνδεση -torlauncher.reconnect=Επανασύνδεση +torlauncher.restart_tor=Eπανεκκίνηση Tor torlauncher.quit=Έξοδος torlauncher.quit_win=Έξοδος torlauncher.done=Τελος torlauncher.forAssistance=Για βοήθεια, επικοινωνήστε με το% S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Σύνδεση σε ενδιάμεσο (relay) κατάλογο torlauncher.bootstrapStatus.handshake_dir=Πραγματοποιήθηκε σύνδεση σε κρυπτογραφημένο κατάλογο torlauncher.bootstrapStatus.requesting_status=Ανάκτηση της κατάστασης του δικτύου diff --git a/src/chrome/locale/en-GB/network-settings.dtd b/src/chrome/locale/en-GB/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/en-GB/network-settings.dtd +++ b/src/chrome/locale/en-GB/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/en-GB/torlauncher.properties b/src/chrome/locale/en-GB/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/en-GB/torlauncher.properties +++ b/src/chrome/locale/en-GB/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/eo/network-settings.dtd b/src/chrome/locale/eo/network-settings.dtd index bdd711d..5f32b65 100644 --- a/src/chrome/locale/eo/network-settings.dtd +++ b/src/chrome/locale/eo/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/eo/torlauncher.properties b/src/chrome/locale/eo/torlauncher.properties index 5cfa121..8a3706c 100644 --- a/src/chrome/locale/eo/torlauncher.properties +++ b/src/chrome/locale/eo/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Eliri torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Konektante al relajsa dosierujo torlauncher.bootstrapStatus.handshake_dir=Starigante ĉifritan dosierujan konekton torlauncher.bootstrapStatus.requesting_status=Ricevante retan staton diff --git a/src/chrome/locale/es-AR/network-settings.dtd b/src/chrome/locale/es-AR/network-settings.dtd index c037e32..d398aa6 100644 --- a/src/chrome/locale/es-AR/network-settings.dtd +++ b/src/chrome/locale/es-AR/network-settings.dtd @@ -1,27 +1,24 @@ -<!ENTITY torsettings.dialog.title "Tor Network Settings"> +<!ENTITY torsettings.dialog.title "Configuraciones de la red Tor">  <!ENTITY torsettings.prompt "Before you connect to the Tor network, you need to provide information about this computer's Internet connection."> -<!ENTITY torSettings.yes "Yes"> +<!ENTITY torSettings.yes "Si"> <!ENTITY torSettings.no "No"> -<!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> -<!ENTITY torSettings.configure "Configure"> -<!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> -<!ENTITY torSettings.connectPrompt3 "This will work in most situations."> +<!ENTITY torSettings.firstQuestion "¿Cuál de las siguientes opciones describe mejor su situación?"> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> +<!ENTITY torSettings.configure "Configurar"> +<!ENTITY torSettings.connectPrompt2 "Me gustaría conectar directamente a la red Tor."> +<!ENTITY torSettings.connectPrompt3 "Esto debería funcionar en la mayoría de situaciones."> <!ENTITY torSettings.connect "Conectar"> <!ENTITY torSettings.proxyQuestion "Does this computer need to use a proxy to access the Internet?">  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -29,17 +26,17 @@  <!ENTITY torsettings.startingTor "Waiting for Tor to start…"> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "Reiniciar Tor"> -<!ENTITY torsettings.optional "Optional"> +<!ENTITY torsettings.optional "Opcional"> <!ENTITY torsettings.useProxy.checkbox "This computer needs to use a proxy to access the Internet"> <!ENTITY torsettings.useProxy.type "Proxy Type:"> -<!ENTITY torsettings.useProxy.address "Address:"> +<!ENTITY torsettings.useProxy.address "Dirección:"> <!ENTITY torsettings.useProxy.address.placeholder "IP address or hostname"> -<!ENTITY torsettings.useProxy.port "Port:"> -<!ENTITY torsettings.useProxy.username "Username:"> -<!ENTITY torsettings.useProxy.password "Password:"> +<!ENTITY torsettings.useProxy.port "Puerto:"> +<!ENTITY torsettings.useProxy.username "Usuario:"> +<!ENTITY torsettings.useProxy.password "Contraseña:"> <!ENTITY torsettings.useProxy.type.socks4 "SOCKS 4"> <!ENTITY torsettings.useProxy.type.socks5 "SOCKS 5"> <!ENTITY torsettings.useProxy.type.http "HTTP / HTTPS"> @@ -56,9 +53,10 @@ <!ENTITY torsettings.bridgeHelpTitle "Bridge Relay Help"> <!ENTITY torsettings.bridgeHelp1 "If you are unable to connect to the Tor network, it could be that your Internet Service Provider (ISP) or another agency is blocking Tor.  Often, you can work around this problem by using Tor Bridges, which are unlisted relays that are more difficult to block."> <!ENTITY torsettings.bridgeHelp1B "You may use the preconfigured, provided set of bridge addresses or you may obtain a custom set of addresses by using one of these three methods:"> -<!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> +<!ENTITY torsettings.bridgeHelp2Heading "A través de la Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/es-AR/torlauncher.properties b/src/chrome/locale/es-AR/torlauncher.properties index d494033..6b9b4af 100644 --- a/src/chrome/locale/es-AR/torlauncher.properties +++ b/src/chrome/locale/es-AR/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Lanzador de Tor -torlauncher.tor_exited=Salida inesperada de Tor -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor se cerró inesperadamente. Esto pudo ser debido a un error dentro de Tor, otro programa en tu sistema, o hardware defectuoso. Hasta que reinicies Tor, el navegador Tor no será capaz de acceder a sitios web. Si el problema persiste, por favor envía una copia de tu archivo de registro de Tor al equipo de soporte técnico. +torlauncher.tor_exited2=Reiniciar Tor no cerrará las pestañas de navegación. torlauncher.tor_controlconn_failed=No se pudo conectar Tor con el puerto de control torlauncher.tor_failed_to_start=Fallo al iniciar Tor torlauncher.tor_control_failed=Falló toma de control de Tor @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No hay puentes disponibles que tengan torlauncher.recommended_bridge=(recomendado) torlauncher.connect=Conectar -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Reiniciar Tor torlauncher.quit=Quitar torlauncher.quit_win=Salir torlauncher.done=Hecho torlauncher.forAssistance=Para solicitar asistencia, contactese al %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Conectando para retransmitir directorio torlauncher.bootstrapStatus.handshake_dir=Estableciendo una conexión segura al directorio torlauncher.bootstrapStatus.requesting_status=Regresando el estado de la red de trabajo diff --git a/src/chrome/locale/es-CL/network-settings.dtd b/src/chrome/locale/es-CL/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/es-CL/network-settings.dtd +++ b/src/chrome/locale/es-CL/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/es-CL/torlauncher.properties b/src/chrome/locale/es-CL/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/es-CL/torlauncher.properties +++ b/src/chrome/locale/es-CL/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/es-CO/network-settings.dtd b/src/chrome/locale/es-CO/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/es-CO/network-settings.dtd +++ b/src/chrome/locale/es-CO/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/es-CO/torlauncher.properties b/src/chrome/locale/es-CO/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/es-CO/torlauncher.properties +++ b/src/chrome/locale/es-CO/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/es-MX/network-settings.dtd b/src/chrome/locale/es-MX/network-settings.dtd index dc1309a..f6960ea 100644 --- a/src/chrome/locale/es-MX/network-settings.dtd +++ b/src/chrome/locale/es-MX/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/es-MX/torlauncher.properties b/src/chrome/locale/es-MX/torlauncher.properties index 52f013c..964c3b6 100644 --- a/src/chrome/locale/es-MX/torlauncher.properties +++ b/src/chrome/locale/es-MX/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Lanzador Tor -torlauncher.tor_exited=Tor se cerró inesperadamente. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=No se pudo conectar con el puerto de control Tor torlauncher.tor_failed_to_start=Tor falló al iniciar. torlauncher.tor_control_failed=Falló al tomar control de Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Ningún puente proporcionado que tenga torlauncher.recommended_bridge=(recomendado) torlauncher.connect=Conectar -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Abandonar torlauncher.quit_win=Salir torlauncher.done=Hecho torlauncher.forAssistance=Si necesitas ayuda, contacta a %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Conectando a un directorio de retransmisión torlauncher.bootstrapStatus.handshake_dir=Estableciendo conexión con un directorio encriptado. torlauncher.bootstrapStatus.requesting_status=Recuperando estado de la red diff --git a/src/chrome/locale/es/network-settings.dtd b/src/chrome/locale/es/network-settings.dtd index dd1d82d..73b9f80 100644 --- a/src/chrome/locale/es/network-settings.dtd +++ b/src/chrome/locale/es/network-settings.dtd @@ -4,24 +4,21 @@ <!ENTITY torsettings.prompt "Antes de que se conecte a la red Tor, necesita proporcionar información sobre la conexión a Internet de este equipo."> -<!ENTITY torSettings.yes "Sí"> +<!ENTITY torSettings.yes "Si"> <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "¿Cuál de las siguientes describe mejor su situación?"> -<!ENTITY torSettings.configurePrompt1 "La conexión a Internet de esta computadora está censurada, filtrada o proxificada."> -<!ENTITY torSettings.configurePrompt2 "Necesito configurar las preferencias de repetidor puente ('bridge'), cortafuegos ('firewall'), o proxy."> +<!ENTITY torSettings.configurePrompt1 "La conexión a Internet de este equipo está censurada o proxyficada."> +<!ENTITY torSettings.configurePrompt2 "Tengo que ajustar las configuraciones de puente ('bridge') o proxy."> <!ENTITY torSettings.configure "Configurar"> <!ENTITY torSettings.connectPrompt2 "Me gustaría conectar directamente a la red Tor."> <!ENTITY torSettings.connectPrompt3 "Esto funcionará en la mayoría de las situaciones."> <!ENTITY torSettings.connect "Conectar"> -<!ENTITY torSettings.proxyQuestion "¿Necesita usar un proxy de acceso a Internet esta computadora ?"> +<!ENTITY torSettings.proxyQuestion "¿Necesita esta computadora usar un proxy para acceder a Internet?">  <!ENTITY torSettings.proxyHelp "Si no está seguro de cómo responder a esta pregunta, eche un vistazo a las configuraciones de Internet en otro navegador para ver si está configurado para usar un proxy."> -<!ENTITY torSettings.enterProxy "Introduzca las preferencias para proxy."> -<!ENTITY torSettings.firewallQuestion "¿Va la conexión a Internet de esta computadora a través de un cortafuegos ('firewall') que sólo permite conexiones a ciertos puertos?"> -<!ENTITY torSettings.firewallHelp "Si no está seguro de cómo responder a esta pregunta, elija No. Si encuentra problemas conectando a la red Tor, cambie esta configuración."> -<!ENTITY torSettings.enterFirewall "Introduzca una lista de puertos separada por comas que esté permitida por el cortafuegos ('firewall')."> +<!ENTITY torSettings.enterProxy "Introduzca los ajustes del proxy."> <!ENTITY torSettings.bridgeQuestion "Su proveedor de servicios de Internet (ISP) bloquea o censura de alguna forma las conexiones hacia la red Tor?"> <!ENTITY torSettings.bridgeHelp "Si no está seguro como responder a esta pregunta, elija No.  Si usted elige Sí, se le pedirá configurar puentes Tor, los cuales son repetidores no listados que hacen más difícil el bloqueo de conexiones hacia la red Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "Puede usar el juego de repetidores puente ('bridge') proporcionado, o puede obtener e introducir un juego de puentes personalizado."> @@ -34,7 +31,7 @@ <!ENTITY torsettings.optional "Opcional"> <!ENTITY torsettings.useProxy.checkbox "Esta computadora necesita usar usar un proxy de acceso a Internet"> -<!ENTITY torsettings.useProxy.type "Tipo de Proxy:"> +<!ENTITY torsettings.useProxy.type "Tipo de proxy:"> <!ENTITY torsettings.useProxy.address "Dirección:"> <!ENTITY torsettings.useProxy.address.placeholder "Dirección IP o nombre de máquina ('hostname')"> <!ENTITY torsettings.useProxy.port "Puerto:"> @@ -50,16 +47,17 @@ <!ENTITY torsettings.useBridges.type "Tipo de transporte:"> <!ENTITY torsettings.useBridges.custom "Introducir puentes personalizados"> <!ENTITY torsettings.useBridges.label "Introduzca uno o más repetidores puente ('bridge', uno por línea)."> -<!ENTITY torsettings.useBridges.placeholder "ingrese dirección:puerto"> +<!ENTITY torsettings.useBridges.placeholder "introduzca dirección:puerto"> <!ENTITY torsettings.copyLog "Copiar el registro de mensajes ('log') de Tor al portapapeles"> -<!ENTITY torsettings.bridgeHelpTitle "Ayuda de Repetidores Puente ('Bridge Relays')"> +<!ENTITY torsettings.bridgeHelpTitle "Ayuda de repetidores puente ('bridge relays')"> <!ENTITY torsettings.bridgeHelp1 "Si no puede conectar a la red Tor, podría ser que su proveedor de servicios de Internet (ISP) u otra agencia, esté bloqueando Tor.  A menudo, puede evitar este problema usando puentes ('bridges') de Tor, que son repetidores ('relays') de salida de la red Tor que no son publicitados, y es más difícil que sean bloqueados."> <!ENTITY torsettings.bridgeHelp1B "Puede usar el juego de direcciones de repetidores puente ('bridge') preconfigurado proporcionado, o puede obtener un juego de direcciones personalizado usando uno de estos tres métodos:"> <!ENTITY torsettings.bridgeHelp2Heading "Mediante la web"> <!ENTITY torsettings.bridgeHelp2 "Use un navegador web para visitar https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Mediante el correo electrónico automático"> -<!ENTITY torsettings.bridgeHelp3 "Envíe un correo a bridges(a)torproject.org con la línea 'get bridges' por si misma en el cuerpo del mensaje.  Sin embargo, para hacer más difícil a un atacante aprender muchas direcciones de puentes, ha de enviar esta solicitud desde una dirección de correo de gmail.com o yahoo.com ."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Envíe un correo electrónico a bridges(a)torproject.org únicamente con la línea 'get bridges' en el cuerpo del mensaje.  Sin embargo, para ponerle más difícil a un atacante adquirir muchas direcciones de puentes, tiene que enviar esta petición desde uno de los siguientes proveedores de correo electrónico (listados en orden de preferencia):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com o https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Mediante el gabinete de ayuda"> <!ENTITY torsettings.bridgeHelp4 "Como último recurso, puede pedir direcciones de repetidores puente enviando un cortés mensaje de correo a help(a)rt.torproject.org .  Por favor observe que es una persona la que tendrá que responder a cada petición."> diff --git a/src/chrome/locale/es/torlauncher.properties b/src/chrome/locale/es/torlauncher.properties index 7edc87e..6f1c18a 100644 --- a/src/chrome/locale/es/torlauncher.properties +++ b/src/chrome/locale/es/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Arranque de Tor -torlauncher.tor_exited=Tor se cerró inesperadamente. -torlauncher.tor_connection_lost=Se ha perdido su conexión a la red Tor. +torlauncher.tor_exited=Tor se cerró inesperadamente. Esto podría deberse a un fallo con el propio Tor, con otro programa de su sistema, o a hardware defectuoso. Hasta que reinicie Tor, el Navegador Tor no podrá alcanzar ningún sitio web. Si el problema persiste, por favor envíe una copia de su Registro de Tor (log) al equipo de soporte. +torlauncher.tor_exited2=Al reiniciar Tor no cerrará las pestañas de su navegador. torlauncher.tor_controlconn_failed=No se pudo conectar al puerto de control de Tor torlauncher.tor_failed_to_start=Tor no pudo iniciarse. torlauncher.tor_control_failed=Fallo al tomar control de Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No hay disponible ningún repetidor pu torlauncher.recommended_bridge=(recomendado) torlauncher.connect=Conectar -torlauncher.reconnect=Reconectar +torlauncher.restart_tor=Reiniciar Tor torlauncher.quit=Salir torlauncher.quit_win=Salir torlauncher.done=Listo torlauncher.forAssistance=Para obtener ayuda, contacte con %S +torlauncher.copiedNLogMessages=Copia completada. %S mensajes de registro ('log') de Tor están listos para ser pegados en un editor de texto o un mensaje de correo electrónico. + torlauncher.bootstrapStatus.conn_dir=Conectando a un repositorio ('Directory') de repetidores ('relays') torlauncher.bootstrapStatus.handshake_dir=Estableciendo una conexión cifrada con el repositorio de repetidores torlauncher.bootstrapStatus.requesting_status=Recopilando el estado de la red diff --git a/src/chrome/locale/et/network-settings.dtd b/src/chrome/locale/et/network-settings.dtd index c1da578..15fa9d4 100644 --- a/src/chrome/locale/et/network-settings.dtd +++ b/src/chrome/locale/et/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Ei"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/et/torlauncher.properties b/src/chrome/locale/et/torlauncher.properties index 01de316..1ebd50d 100644 --- a/src/chrome/locale/et/torlauncher.properties +++ b/src/chrome/locale/et/torlauncher.properties @@ -1,17 +1,17 @@ ### Copyright (c) 2014, The Tor Project, Inc. ### See LICENSE for licensing information. -torlauncher.error_title=Tor Launcher +torlauncher.error_title=Tori käivitaja -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. -torlauncher.tor_controlconn_failed=Could not connect to Tor control port. -torlauncher.tor_failed_to_start=Tor failed to start. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. +torlauncher.tor_controlconn_failed=Ei suutnud luua ühendust Tor-i kontroll pordiga. +torlauncher.tor_failed_to_start=Tor-i käivitamine ebaõnnestus torlauncher.tor_control_failed=Failed to take control of Tor. -torlauncher.tor_bootstrap_failed=Tor failed to establish a Tor network connection. +torlauncher.tor_bootstrap_failed=Tor-il ebaõnnestus ühenduse loomine Tor võrguga. torlauncher.tor_bootstrap_failed_details=%1$S failed (%2$S). -torlauncher.unable_to_start_tor=Unable to start Tor.\n\n%S +torlauncher.unable_to_start_tor=Ei suuda käivitada Tor-i.\n\n\n%S torlauncher.tor_missing=The Tor executable is missing. torlauncher.torrc_missing=The torrc file is missing. torlauncher.datadir_missing=The Tor data directory does not exist. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Valmis torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/eu/network-settings.dtd b/src/chrome/locale/eu/network-settings.dtd index ea1c8cc..d992e0f 100644 --- a/src/chrome/locale/eu/network-settings.dtd +++ b/src/chrome/locale/eu/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Ez"> <!ENTITY torSettings.firstQuestion "Hurrengoetako zeinek deskribatzen du zure egoera hobekien?"> -<!ENTITY torSettings.configurePrompt1 "Ordenagailu honen Interneteko konexioa zentsuratuta, iragazita, edo proxyatuta dago."> -<!ENTITY torSettings.configurePrompt2 "Zubi, sueten, edo proxy ezarpenak konfiguratu behar ditut."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Konfiguratu"> <!ENTITY torSettings.connectPrompt2 "Tor sarera zuzenean konektatu nahiko nuke."> <!ENTITY torSettings.connectPrompt3 "Hau egoera gehienetan funtzionatuko du."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Galdera hau nola erantzuteaz zalantzan bazaude, begiratu beste nabigatzaile batean Interneteko ezarpenak proxy bat erabiltzeko konfiguratuta dagoen ikusteko."> <!ENTITY torSettings.enterProxy "Sartu proxy ezarpenak."> -<!ENTITY torSettings.firewallQuestion "Ordenagailu honen Interneteko konexioa ataka zehatz batzuetara bakarrik konektatzea baimentzen duen sueten baten zehar al doa?"> -<!ENTITY torSettings.firewallHelp "Galdera hau nola erantzuteaz zalantzan bazaude, hautatu Ez. Tor sarera konektatzen arazoak aurkitzen badituzu, aldatu ezarpen hau."> -<!ENTITY torSettings.enterFirewall "Suetenak baimendutako eta komaz banandutako ataka zerrenda bat sar ezazu "> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Webean bidez"> <!ENTITY torsettings.bridgeHelp2 "Erabili ezazu web nabigatzaile bat https://bridges.torproject.org bisitatzeko"> <!ENTITY torsettings.bridgeHelp3Heading "Email erantzule automatikoaren bidez"> -<!ENTITY torsettings.bridgeHelp3 "Bidali ezazu mezu bat bridges(a)torproject.org-era mezuaren gorputzean 'get bridges' esaldiarekin.  Hala ere, erasotzaile batentzat zubi helbide asko ikastea zailago izan dadin, eskakizun hau hurrengo domeinuetako eposta helbide batetik bidali behar duzu: gmail.com edo yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Laguntza mahaiaren bidez"> <!ENTITY torsettings.bridgeHelp4 "Azken aukera bezala, zubi erreleak eska ditzakezu mezu adeitsu bat help(a)rt.torproject.org-era bidaliz.  Mesedez, kontuan izan pertsona batek eskarea bakoitza erantzun beharko duela."> diff --git a/src/chrome/locale/eu/torlauncher.properties b/src/chrome/locale/eu/torlauncher.properties index 3f4a852..7d2c0a9 100644 --- a/src/chrome/locale/eu/torlauncher.properties +++ b/src/chrome/locale/eu/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor abiarazlea -torlauncher.tor_exited=Tor ustekabean irten da. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Tor kontrol atakara ezin konektatu. torlauncher.tor_failed_to_start=Torek huts egin du abiarazterakoan. torlauncher.tor_control_failed=Huts Toren kontrola hartzerakoan. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Ez daude eskuragarri %S garraio mota d torlauncher.recommended_bridge=(gomendatuta) torlauncher.connect=Konektatu -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Irten torlauncher.quit_win=Irten torlauncher.done=Eginda torlauncher.forAssistance=Laguntza lortzeko, %S(r)ekin harremanetan jarri +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Errele direktorio batera konektatzen torlauncher.bootstrapStatus.handshake_dir=Enkriptatutako direktorio batera konexioa ezartzen torlauncher.bootstrapStatus.requesting_status=Sarearen egoera eskuratzen diff --git a/src/chrome/locale/fa/network-settings.dtd b/src/chrome/locale/fa/network-settings.dtd index 136acea..3b755f8 100644 --- a/src/chrome/locale/fa/network-settings.dtd +++ b/src/chrome/locale/fa/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "نه"> <!ENTITY torSettings.firstQuestion "کدام یک از موارد زیر وضعیت شما را بهتر بیان می‌کند؟"> -<!ENTITY torSettings.configurePrompt1 "اینترنت استفاده شده در این رایانه ها سانسور شده٫فیلتر شده و یا عبور کرده از روی پراکسی می باشند."> -<!ENTITY torSettings.configurePrompt2 "من نیاز دارم که «پل ها»، «پروکسی» و یا «فایروال» را تنظیم کنم."> +<!ENTITY torSettings.configurePrompt1 "اتصال به اینترنت این کامپیوتر یا فیلترینگ شدید دارد و یا پراکسی دارد."> +<!ENTITY torSettings.configurePrompt2 "من نیاز به پیکربندی پل و یا تنظیمات پروکسی دارم."> <!ENTITY torSettings.configure "پیکربندی"> <!ENTITY torSettings.connectPrompt2 "تمایل دارم مستقیما به شبکه‌ی تور متصل شوم."> <!ENTITY torSettings.connectPrompt3 "این در بیشتر مواقع کار خواهد کرد."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "اگر مطمئن نیستید چطور به این سوال پاسخ دهید، به تنظیمات سایر مرورگرهای خود نگاهی بیاندازید تا متوجه شوید که آیا باید یک پروکسی استفاده شود یا خیر."> <!ENTITY torSettings.enterProxy "تنظیمات پراکسی را وارد کنید."> -<!ENTITY torSettings.firewallQuestion "آیا در مسیر ارتباط شما به اینترنت یک فایروال وجود دارد؟ و فقط اجازه اتصال از یک درگاه خاص را می دهد؟"> -<!ENTITY torSettings.firewallHelp "اگر مطمئن نیستید چه جوابی به این سوال دهید، «نه» و یا «خیر» را انتخاب کنید. سپس اگر مشکلی در ارتباط با شبکه تور داشتید، این مورد را تغییر دهید."> -<!ENTITY torSettings.enterFirewall "یک لیست جداشده با ویرگول از پورت‌هایی که توسط فایروال مجاز هستند."> <!ENTITY torSettings.bridgeQuestion "آیا شرکتی که از آن اینترنت گرفته اید (ISP)، دسترسی به شبکه تور را فیلتر، سانسور و یا مسدود می کند؟"> <!ENTITY torSettings.bridgeHelp "اگر مطمئن نیستید چطور به این سوال پاسخ دهید، «نه» یا انتخاب کنید.  اگر «بله» را انتخاب کنید، می بایست تنظیمات مربوط به «پل های» تور را انجام دهید. پل ها مسیرهای دور زدن فیلتر هستند که لیست مشخصی از آن ها وجود ندارد و فیلتر کردن آن ها بسیار مشکل است."> <!ENTITY torSettings.bridgeSettingsPrompt "شما می‌توانید از مجموعه‌ای از پل‌های آماده و یا پل‌های شخصی خودتان استفاده کنید."> @@ -29,7 +26,7 @@  <!ENTITY torsettings.startingTor "در انتظار آغاز به کار تور..."> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "تور را دوباره شوروع کنید."> <!ENTITY torsettings.optional "اختیاری"> @@ -60,6 +57,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "از طریق اینترنت"> <!ENTITY torsettings.bridgeHelp2 "با استفاده از یک مرورگر به آدرس https://bridges.torproject.org بروید."> <!ENTITY torsettings.bridgeHelp3Heading "از طریق آدرس ایمیل پاسخگوی خودکار"> -<!ENTITY torsettings.bridgeHelp3 "یک ایمیل حاوی عبارت 'get bridges' به آدرس bridges(a)torproject.org ارسال کنید.  برای اینکه بتوانیم جلوی فیلتر شدن پل ها را بگیریم، مجبوریم شما را محدود کنیم تا فقط از یک آدرس ایمیل yahoo.com و یا gmail.com درخواست خود را ارسال کنید. لطفاً صبور باشید. از چند دقیقه تا چند ساعت طول خواهد کشید تا به طور خودکار پل ها برای شما ارسال شوند."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, یا https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "از طریق واحد کمک رسانی"> <!ENTITY torsettings.bridgeHelp4 "اگر از طریق هیچ کدام از راه حل های فوق به نتیجه نرسیدید، یک درخواست مودبانه به آدرس help(a)rt.torproject.org ارسال کنید.  در نظر داشته باشید که یک نفر باید ایمیل شما را بخواند و به آن پاسخ دهد. پس صبور باشید."> diff --git a/src/chrome/locale/fa/torlauncher.properties b/src/chrome/locale/fa/torlauncher.properties index 18906ed..bdd5c09 100644 --- a/src/chrome/locale/fa/torlauncher.properties +++ b/src/chrome/locale/fa/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=اجرا کننده تور -torlauncher.tor_exited=تور به‌دلیلی نامشخص خارج شد. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor به طور غیر منتظره خارج شد. ممکن است به علت یک اشکال در Tor و یا یک برنامه دیگر بر روی سیستم شما و یا یک سخت افزار معیوب اتفاق افتاده باشد، تا زمانی که دوباره Tor را اجرا نمائید. مرورگر Tor قادر است به هر سایتی دسترسی داشته باشد. اگر این مشکل ادامه داشت، لطفا یک کپی از Log Tor خود را به تیم پشتیبانی ارسال کنید. +torlauncher.tor_exited2=شروع مجدد، Tor نمی تواند زبانه های مرورگر را ببندد. torlauncher.tor_controlconn_failed=اتصال به پورت کنترل تور امکان پذیر نمی‌باشد. torlauncher.tor_failed_to_start=خطا در راه اندازی. torlauncher.tor_control_failed=به‌دست گرفتن کنترل تور ناموفق بود. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=هیچ پلی از نوع %S موجو torlauncher.recommended_bridge=(توصیه شده) torlauncher.connect=اتصال -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=تور را دوباره شوروع کنید. torlauncher.quit=خروج torlauncher.quit_win=خروج torlauncher.done=انجام شد torlauncher.forAssistance=برای دریافت کمک٫ با %S تماس بگیرید +torlauncher.copiedNLogMessages=کپی کامل شد. %S پیامهای ثبت شده آماده است تا Paste شود در ویرایشگر متن یا یک ایمیل. + torlauncher.bootstrapStatus.conn_dir=اتصال به یک فهرست بازپخش torlauncher.bootstrapStatus.handshake_dir=برپایی یک اتصال فهرست رمزبندی شده torlauncher.bootstrapStatus.requesting_status=بازیابی وضیعت شبکه diff --git a/src/chrome/locale/fi/network-settings.dtd b/src/chrome/locale/fi/network-settings.dtd index f8d6644..c8fb8f7 100644 --- a/src/chrome/locale/fi/network-settings.dtd +++ b/src/chrome/locale/fi/network-settings.dtd @@ -1,4 +1,4 @@ -<!ENTITY torsettings.dialog.title "Torin Verkkoasetukset"> +<!ENTITY torsettings.dialog.title "Tor-verkkoasetukset">  @@ -8,20 +8,17 @@ <!ENTITY torSettings.no "Ei"> <!ENTITY torSettings.firstQuestion "Mikä seuraavista kuvailee parhaiten tilannettasi?"> -<!ENTITY torSettings.configurePrompt1 "Tämän tietokoneen internet yhteys on sensuroitu, suodatettu tai proxattu."> -<!ENTITY torSettings.configurePrompt2 "Minun täytyy määrittää silta-, palomuuri- tai välityspalvelinasetuksia."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Määritä"> -<!ENTITY torSettings.connectPrompt2 "Haluan yhdistää suoraan Torin verkkoon."> -<!ENTITY torSettings.connectPrompt3 "Tämä toimii monissa tilanteissa."> +<!ENTITY torSettings.connectPrompt2 "Haluan yhdistää suoraan Tor-verkkoon."> +<!ENTITY torSettings.connectPrompt3 "Tämä toimii useimmissa tilanteissa."> <!ENTITY torSettings.connect "Yhdistä"> -<!ENTITY torSettings.proxyQuestion "Tarvitseeko tämä tietokone proxya päästäkseen internettiin?"> +<!ENTITY torSettings.proxyQuestion "Tarvitseeko tämä tietokone välityspalvelinta päästäkseen internettiin?">  -<!ENTITY torSettings.proxyHelp "Ellet ole varma, kuinka vastata tähän kysymykseen, katso Internet asetukset toisessa selaimessa nähdäksesi onko se määritetty käyttämään välityspalvelinta."> -<!ENTITY torSettings.enterProxy "Mene proxy asetuksiin."> -<!ENTITY torSettings.firewallQuestion "Kulkeeko tietokoneen Internet-yhteys palomuurin läpi, joka hyväksyy yhteydet ainoastaan tiettyihin portteihin?"> -<!ENTITY torSettings.firewallHelp "Ellet ole varma kuinka vastata tähän kysymykseen, valitse Ei. Muuta tätä asetusta jos yhteyden saamisessa Tor-verkkoon on ongelmia."> -<!ENTITY torSettings.enterFirewall "Luettele pilkuin erotettuina ne portit, jotka palomuuri sallii. "> +<!ENTITY torSettings.proxyHelp "Ellet ole varma, kuinka vastata tähän kysymykseen, katso Internet-asetukset toisessa selaimessa nähdäksesi onko se määritetty käyttämään välityspalvelinta."> +<!ENTITY torSettings.enterProxy "Kirjoita välityspalvelinasetukset."> <!ENTITY torSettings.bridgeQuestion "Sensuroiko tai estääkö sinun operaattorisi (ISP) yhteydet Tor-verkkoon?"> <!ENTITY torSettings.bridgeHelp "Ellet ole varma kuinka vastata tähän kysymykseen, valitse No.  Jos valitset Kyllä, sinua pyydetään määrittämään Torin Sillat, jotka ovat listaamattomia releitä, jotta yhteyksiä olisi vaikeampi estää Torin verkkoon yhdistettäessä."> <!ENTITY torSettings.bridgeSettingsPrompt "Voit käyttää edellytettyjä silta-yhteyksiä tai voit saada ja osallistua mukautettuihin siltasarjaan."> @@ -33,32 +30,33 @@ <!ENTITY torsettings.optional "Vaihtoehtoinen"> -<!ENTITY torsettings.useProxy.checkbox "Tämä tietokone tarvitsee käyttää proxya päästäkseen internettiin."> -<!ENTITY torsettings.useProxy.type "Proxy tyyppi:"> +<!ENTITY torsettings.useProxy.checkbox "Tämän tietokoneen on käytettävä välityspalvelinta päästäkseen internettiin."> +<!ENTITY torsettings.useProxy.type "Välityspalvelintyyppi:"> <!ENTITY torsettings.useProxy.address "Osoite:"> -<!ENTITY torsettings.useProxy.address.placeholder "IP osoite tai isännän nimi"> +<!ENTITY torsettings.useProxy.address.placeholder "IP-osoite tai palvelinnimi"> <!ENTITY torsettings.useProxy.port "Portti:"> -<!ENTITY torsettings.useProxy.username "Käyttäjänimi:"> +<!ENTITY torsettings.useProxy.username "Käyttäjätunnus:"> <!ENTITY torsettings.useProxy.password "Salasana:"> <!ENTITY torsettings.useProxy.type.socks4 "SOCKS 4"> <!ENTITY torsettings.useProxy.type.socks5 "SOCKS 5"> <!ENTITY torsettings.useProxy.type.http "HTTP / HTTPS"> -<!ENTITY torsettings.firewall.checkbox "Tämän tietokoneen palomuuri sallii yhteydet vain tiettyjen porttien kautta."> +<!ENTITY torsettings.firewall.checkbox "Tämän tietokoneen palomuuri sallii yhteydet vain tiettyjen porttien kautta"> <!ENTITY torsettings.firewall.allowedPorts "Sallitut portit:"> -<!ENTITY torsettings.useBridges.checkbox "Minun internet-yhteyden tarjoaja (ISP) estää yhteydet Tor verkkoon."> -<!ENTITY torsettings.useBridges.default "Yhteys edellytetyillä silloilla."> +<!ENTITY torsettings.useBridges.checkbox "Minun internet-yhteyden tarjoajani (ISP) estää yhteydet Tor-verkkoon"> +<!ENTITY torsettings.useBridges.default "Yhdistä tarjotuilla silloilla"> <!ENTITY torsettings.useBridges.type "Siirtotyyppi:"> <!ENTITY torsettings.useBridges.custom "Mene mukautettuihin siltoihin"> <!ENTITY torsettings.useBridges.label "Mene yhteen tai useampaan silta releeseen (yksi per rivi)."> <!ENTITY torsettings.useBridges.placeholder "syötä osoite:portti"> -<!ENTITY torsettings.copyLog "Kopioi Torin Loki Leikepöydälle"> +<!ENTITY torsettings.copyLog "Kopioi Tor-loki leikepöydälle"> <!ENTITY torsettings.bridgeHelpTitle "Siltarele-apu"> <!ENTITY torsettings.bridgeHelp1 "Jos et pysty yhdistämään Torin verkkoon, syy voi olla, että Internet palveluntarjoajasi (ISP) tai muu taho estää Tor.  Usein, voit kiertää tämän ongelman käyttämällä Torin siltoja, jotka ovat listaamattomia releitä, jotka on vaikeampi estää."> <!ENTITY torsettings.bridgeHelp1B "Voit käyttää esimääritettyjä, edellytettyjä siltaosoitesarjoja tai voit saada mukautetun osoitesarjan käyttämällä näitä kolmea menetelmää:"> <!ENTITY torsettings.bridgeHelp2Heading "Verkon yli"> <!ENTITY torsettings.bridgeHelp2 "Käytä internet-selainta vieraillaksesi osoitteessa: https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Sähköpostin Automaattivastaajan läpi"> -<!ENTITY torsettings.bridgeHelp3 "Lähetä sähköpostia: bridges(a)torproject.org tekstin kanssa 'get bridges' 160"> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Lähetä sähköpostia osoitteeseen bridges(a)torproject.org käyttäen viestissä tekstiä 'get bridges' pelkästään viestin rungossa.  Kuitenkin, tehdäksesi vaikeammaksi siltaosoitteiden opettelu hyökkääjälle sinun on lähetettävä tämä pyyntö yhdestä seuraavista sähköpostipalveluiden tarjoajan osoitteesta (listattu suosion mukaisessa järjestyksessä):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com tai https:://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Neuvontapisteen läpi"> <!ENTITY torsettings.bridgeHelp4 "Viimeisenä keinona voit pyytää siltaosoitteita lähettämällä kohteliaan viestin osoitteeseen: help(a)rt.torproject.org.  Huomioi, että henkilön tulee vastata kuhunkin pyyntöön."> diff --git a/src/chrome/locale/fi/torlauncher.properties b/src/chrome/locale/fi/torlauncher.properties index 21ade8d..f6491b9 100644 --- a/src/chrome/locale/fi/torlauncher.properties +++ b/src/chrome/locale/fi/torlauncher.properties @@ -3,25 +3,25 @@ torlauncher.error_title=Tor-käynnistin -torlauncher.tor_exited=Tor lopetti toimintansa yllättäen. -torlauncher.tor_connection_lost=Yhteytesi Tor-verkkoon on katkennut. -torlauncher.tor_controlconn_failed=Ei voi ottaa yhteyttä Tor-hallintaporttiin. -torlauncher.tor_failed_to_start=Tor ei käynnistynyt. +torlauncher.tor_exited=Tor sammui odottamatta. Tämä voi olla virhe Torissa itsessään, tai toisen ohjelman järjestelmässäsi aiheuttama, tai laitteistovirhe. Tor ei kykene tavoittamaan yhtään verkkosivua, jos et käynnistä Toria uudelleen. Jos tämä ongelma jatkuu, lähetä kopio Torin lokitiedostosta tukiryhmälle. +torlauncher.tor_exited2=Torin käynnistäminen uudestaan ei sulje selaimesi välilehtiä. +torlauncher.tor_controlconn_failed=Yhteydenotto Torin hallintaporttiin epäonnistui. +torlauncher.tor_failed_to_start=Torin käynnistys epäonnistui. torlauncher.tor_control_failed=Torin haltuun ottaminen epäonnistui. -torlauncher.tor_bootstrap_failed=Tor ei saanut yhteyttä Tor-verkkoon.\n\n%S -torlauncher.tor_bootstrap_failed_details=%1$S Epäonnistui (%2$S). +torlauncher.tor_bootstrap_failed=Yhteyden muodostaminen Tor-verkkoon epäonnistui. +torlauncher.tor_bootstrap_failed_details=%1$S epäonnistui (%2$S). -torlauncher.unable_to_start_tor=Toria ei voi käynnistää.\n\n%S +torlauncher.unable_to_start_tor=Torin käynnistys epäonnistui.\n\n%S torlauncher.tor_missing=Suoritettava Tor-tiedosto puuttuu. torlauncher.torrc_missing=Tiedosto torrc puuttuu. -torlauncher.datadir_missing=Tor on kadottanut yhteyden tietokantaan. -torlauncher.password_hash_missing=Salasanan varmistussummaa ei löydy. +torlauncher.datadir_missing=Tor-tietohakemistoa ei ole. +torlauncher.password_hash_missing=Tiivistettyä salasanaa ei löytynyt. -torlauncher.failed_to_get_settings=Tor-asetuksia ei saa ladattua.\n\n%S -torlauncher.failed_to_save_settings=Tor-asetuksia ei saa tallennettua.\n\n%S +torlauncher.failed_to_get_settings=Tor-asetusten noutaminen epäonnistui.\n\n%S +torlauncher.failed_to_save_settings=Tor-asetusten tallentaminen epäonnistui.\n\n%S torlauncher.ensure_tor_is_running=Varmista, että Tor on käynnissä. -torlauncher.error_proxy_addr_missing=Sinun on määriteltävä IP-osoite tai verkkonimi sekä porttinumero, jotta Tor voi yhdistää välityspalvelimen kautta Internetiin. +torlauncher.error_proxy_addr_missing=Sinun on määriteltävä sekä IP-osoite että porttinumero tai sekä verkkonimi että porttinumero, jotta Tor voi yhdistää välityspalvelimen kautta Internetiin. torlauncher.error_proxy_type_missing=Sinun on valittava välityspalvelimen tyyppi. torlauncher.error_bridges_missing=Määrittele yksi tai useampi silta. torlauncher.error_default_bridges_type_missing=Sinun täytyy valita siirtotyyppi tarjotuille silloille. @@ -30,17 +30,19 @@ torlauncher.error_bridge_bad_default_type=Tarjolla olevissa silloissa ei ole saa torlauncher.recommended_bridge=(suositeltu) torlauncher.connect=Yhdistä -torlauncher.reconnect=Yhdistä uudelleen +torlauncher.restart_tor=Käynnistä Tor uudelleen torlauncher.quit=Lopeta torlauncher.quit_win=Lopeta torlauncher.done=Valmis torlauncher.forAssistance=Tukea saat ottamalla yhteyttä %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Yhdistetään reititinhakemistoon torlauncher.bootstrapStatus.handshake_dir=Muodostetaan suojattu yhteys hakemistoon -torlauncher.bootstrapStatus.requesting_status=Noudetaan verkon tilaa -torlauncher.bootstrapStatus.loading_status=Ladataan verkon tilaa +torlauncher.bootstrapStatus.requesting_status=Noudetaan verkon tila +torlauncher.bootstrapStatus.loading_status=Ladataan verkon tila torlauncher.bootstrapStatus.loading_keys=Ladataan juurivarmenteita torlauncher.bootstrapStatus.requesting_descriptors=Pyydetään reititintietoja torlauncher.bootstrapStatus.loading_descriptors=Ladataan reititintietoja @@ -56,4 +58,4 @@ torlauncher.bootstrapWarning.identity=yhteensopimaton identiteetti torlauncher.bootstrapWarning.timeout=yhteys aikakatkaistu torlauncher.bootstrapWarning.noroute=ei reittiä palvelimelle torlauncher.bootstrapWarning.ioerror=luku/kirjoitusvirhe -torlauncher.bootstrapWarning.pt_missing=Puuttuu kytkettävä liikenne +torlauncher.bootstrapWarning.pt_missing=puuttuu kytkettävä liikenne diff --git a/src/chrome/locale/fil/network-settings.dtd b/src/chrome/locale/fil/network-settings.dtd index bd52ca0..41348a6 100644 --- a/src/chrome/locale/fil/network-settings.dtd +++ b/src/chrome/locale/fil/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Wala"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/fil/torlauncher.properties b/src/chrome/locale/fil/torlauncher.properties index b69659f..a801b32 100644 --- a/src/chrome/locale/fil/torlauncher.properties +++ b/src/chrome/locale/fil/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tagapaglunsad ng Tor -torlauncher.tor_exited=Hindi inaasahang tumigil ang Tor. -torlauncher.tor_connection_lost=Ang iyong koneksyon sa Tor Network ay nawala. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Hindi makakonekta sa Tor control port. torlauncher.tor_failed_to_start=Nabigong magsimula ang Tor. torlauncher.tor_control_failed=Nabigong kontrolin ang Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Walang maaaring gamitin sa mga ibiniga torlauncher.recommended_bridge=(rekomendado) torlauncher.connect=Kumonekta -torlauncher.reconnect=Muling kumonekta +torlauncher.restart_tor=Restart Tor torlauncher.quit=Tumigil torlauncher.quit_win=Lumabas torlauncher.done=Tapos na torlauncher.forAssistance=Para sa tulong, makipag-ugnay sa %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Kumokonekta sa isang direktoryo ng relay torlauncher.bootstrapStatus.handshake_dir= Itinatatag ang isang naka-encrypt na direktoryo ng koneksyon torlauncher.bootstrapStatus.requesting_status=Kinukuha ang katayuan ng network diff --git a/src/chrome/locale/fo/network-settings.dtd b/src/chrome/locale/fo/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/fo/network-settings.dtd +++ b/src/chrome/locale/fo/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/fo/torlauncher.properties b/src/chrome/locale/fo/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/fo/torlauncher.properties +++ b/src/chrome/locale/fo/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/fr-CA/network-settings.dtd b/src/chrome/locale/fr-CA/network-settings.dtd index e8673f3..5df779b 100644 --- a/src/chrome/locale/fr-CA/network-settings.dtd +++ b/src/chrome/locale/fr-CA/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Non"> <!ENTITY torSettings.firstQuestion "Laquelle des suivantes décrit le mieux votre situation?"> -<!ENTITY torSettings.configurePrompt1 "La connexion Internet de cet ordinateur est censurée, filtrée ou relayée par un serveur mandataire."> -<!ENTITY torSettings.configurePrompt2 "Je dois configurer des paramètres de pont, de coupe-feu ou de serveur mandataire."> +<!ENTITY torSettings.configurePrompt1 "La connexion Internet de cet ordinateur est censurée ou relayée."> +<!ENTITY torSettings.configurePrompt2 "Je dois configurer des paramètres de pont ou de serveur mandataire."> <!ENTITY torSettings.configure "Configurer"> <!ENTITY torSettings.connectPrompt2 "Je voudrais me connecter directement au réseau Tor."> <!ENTITY torSettings.connectPrompt3 "Ceci fonctionnera dans la plupart des situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Si vous ne savez pas comment répondre à cette question, regarder les paramètres Internet d'un autre navigateur afin de voir s'il est configuré pour utiliser un mandataire."> <!ENTITY torSettings.enterProxy "Saisir les paramètres du serveur mandataire."> -<!ENTITY torSettings.firewallQuestion "Est-ce que la connexion Internet de cet ordinateur passe par un pare-feu qui n'autorise les connexions que vers certains ports?"> -<!ENTITY torSettings.firewallHelp "Si vous ne savez par comment répondre à cette question, choisissez Non. Si vous éprouvez des difficultés à vous connecter au réseau Tor, changer ce paramètre."> -<!ENTITY torSettings.enterFirewall "Saisir une liste de ports, séparés par des virgules, qui sont autorisés par le pare-feu."> <!ENTITY torSettings.bridgeQuestion "Votre fournisseur de service Internet (FSI) bloque-t-il ou censure-t-il vos connexions au réseau Tor?"> <!ENTITY torSettings.bridgeHelp "Si vous ne savez pas comment répondre à cette question, choisissez Non.  Si vous choisissez Oui, on vous demandera de configurer les ponts Tor qui sont des relais non listés rendant le bloquage des connexions au réseau Tor plus difficile."> <!ENTITY torSettings.bridgeSettingsPrompt "Vous pouvez utiliser le jeu de ponts fourni ou vous pouvez obtenir et saisir un jeu de ponts personnalisé."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "par le Web"> <!ENTITY torsettings.bridgeHelp2 "en utilisant un navigateur Web pour visiter https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "par le répondeur automatique de courriel"> -<!ENTITY torsettings.bridgeHelp3 "en envoyant un courriel à bridges(a)torproject.org avec la ligne « get bridges » seule dans le corps du message.  Cependant pour compliquer l'obtention des ces adresses de ponts pour un attaqueur, vous devez envoyer la demande depuis une adresse courriel gmail.com ou yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Envoyez un courriel à bridges(a)torproject.org avec la ligne « get bridges » seule dans le corps du message.  Cependant, afin que cela soit plus difficile pour un attaqueur de découvrir de nombreuses adresses de ponts, vous devez envoyer cette demande à partir d'un des fournisseurs de courriel suivants (listés par ordre de préférence) :"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com ou https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "par le centre d'assistance"> <!ENTITY torsettings.bridgeHelp4 "en dernier recours, vous pouvez demander des adresses de ponts en envoyant un courriel poli à help(a)rt.torproject.org.  Veuillez remarquer qu'une personne devra répondre à chaque demande."> diff --git a/src/chrome/locale/fr-CA/torlauncher.properties b/src/chrome/locale/fr-CA/torlauncher.properties index 3a5372a..bd66071 100644 --- a/src/chrome/locale/fr-CA/torlauncher.properties +++ b/src/chrome/locale/fr-CA/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Lanceur Tor -torlauncher.tor_exited=Tor a quitté de manière imprévue. -torlauncher.tor_connection_lost=Votre connexion au réseau Tor a été perdue. +torlauncher.tor_exited=Tor a quitté de manière imprévue. Ceci peut être dû à un bogue dans Tor lui-même, un autre programme dans votre système ou un matériel défectueux. Jusqu'à ce que vous redémarriez Tor, le navigateur Tor ne sera capable d'atteindre aucun site. Si le problème persiste, veuillez envoyer une copie de votre journal de Tor à l'équipe de soutien. +torlauncher.tor_exited2=Redémarrer Tor ne fermera par les onglets de votre navigateur. torlauncher.tor_controlconn_failed=Impossible de se connecter au port de contrôle de Tor. torlauncher.tor_failed_to_start=Tor n'a pas pu démarrer. torlauncher.tor_control_failed=La prise de contrôle de Tor a échoué. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Aucun pont ayant le type de transport torlauncher.recommended_bridge=(recommandé) torlauncher.connect=Se connecter -torlauncher.reconnect=Se reconnecter +torlauncher.restart_tor=Redémarrer Tor torlauncher.quit=Quitter torlauncher.quit_win=Sortir torlauncher.done=Fait torlauncher.forAssistance=Pour l'assistance, contacter %S +torlauncher.copiedNLogMessages=La copie est terminée. %S messages de journalisation de Tor sont prêts à être coller dans un éditeur de texte ou un courriel. + torlauncher.bootstrapStatus.conn_dir=Connexion à un annuaire de relais torlauncher.bootstrapStatus.handshake_dir=Mise en place d'une connexion chiffrée à l'annuaire torlauncher.bootstrapStatus.requesting_status=Récupération de l'état du réseau diff --git a/src/chrome/locale/fr/network-settings.dtd b/src/chrome/locale/fr/network-settings.dtd index 3ebad6c..d82a436 100644 --- a/src/chrome/locale/fr/network-settings.dtd +++ b/src/chrome/locale/fr/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Non"> <!ENTITY torSettings.firstQuestion "Laquelle des phrases suivantes décrit le mieux votre situation ?"> -<!ENTITY torSettings.configurePrompt1 "La connexion Internet de cet ordinateur est censurée, filtrée ou nécessite un proxy."> -<!ENTITY torSettings.configurePrompt2 "J'ai besoin de configurer une passerelle, le pare-feu, ou les paramètres du proxy."> +<!ENTITY torSettings.configurePrompt1 "Le connexion internet de cet ordinateur est bloqué ou utilise un proxy."> +<!ENTITY torSettings.configurePrompt2 "Je doit configurer le pont réseau ou les paramètres du proxy."> <!ENTITY torSettings.configure "Configurer"> <!ENTITY torSettings.connectPrompt2 "Je souhaite me connecter directement au réseau Tor."> <!ENTITY torSettings.connectPrompt3 "Cela fonctionnera dans la plupart des situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Si vous ne savez pas comment répondre à cette question, vous pouvez regarder les paramètres de connexion d'un autre navigateur afin de voir s'il est configuré pour utiliser un proxy."> <!ENTITY torSettings.enterProxy "Entrez les paramètres de votre proxy."> -<!ENTITY torSettings.firewallQuestion "Est-ce que votre connexion Internet est filtré par un pare-feu qui n'autorise les connexions que vers certains ports ?"> -<!ENTITY torSettings.firewallHelp "Si vous ne savez par comment répondre à cette question, choisissez Non. Vous pourrez changer ce paramètre plus tard en cas de problèmes de connexion au réseau Tor."> -<!ENTITY torSettings.enterFirewall "Entrez la liste de ports, séparés par des virgules, qui sont autorisés par le pare-feu."> <!ENTITY torSettings.bridgeQuestion "Est-ce que votre Fournisseur d'Accès Internet (FAI) bloque les connexions au réseau Tor ?"> <!ENTITY torSettings.bridgeHelp "Si vous ne savez pas comment répondre à cette question, choisissez Non.  Si vous choisissez Oui, il vous sera demandé de configurer les bridges Tor qui sont des relais non listés et qui rendent plus difficile le blocage du réseau Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "Vous pouvez utiliser les bridges fournis ou bien saisir votre liste de bridges personnels."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Par le Web"> <!ENTITY torsettings.bridgeHelp2 "Utilisez un navigateur web pour visiter https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Par l'auto-répondeur de courrier électronique"> -<!ENTITY torsettings.bridgeHelp3 "Envoyer un email à bridges(a)torproject.org avec la ligne 'get bridges' en elle-même obtiennent dans le corps du message.  Cependant, pour rendre plus difficile à un attaquant d'apprendre beaucoup d'adresses de pont, vous devez envoyer cette demande depuis une adresse électronique gmail.com ou yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Envoyer un e-mail à bridges(a)torproject.org avec la ligne 'get bridges' dans le corps du message.  Pour rendre plus difficile à un attaquant d'apprendre beaucoup d'adresses de pont, vous devez envoyer cette demande depuis une adresse électronique d'un de ces fournisseurs (listés par ordre de préférence) :"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, ou https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Par le bureau d'aide"> <!ENTITY torsettings.bridgeHelp4 "En dernier ressort, vous pouvez demander des adresses de pont en envoyant un message électronique poli à help(a)rt.torproject.org.  Veuillez noter qu'une personne devra répondre à chaque demande."> diff --git a/src/chrome/locale/fr/torlauncher.properties b/src/chrome/locale/fr/torlauncher.properties index 874e6af..faef49a 100644 --- a/src/chrome/locale/fr/torlauncher.properties +++ b/src/chrome/locale/fr/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Lanceur Tor -torlauncher.tor_exited=Le programme Tor s'est terminé de manière inatendue. -torlauncher.tor_connection_lost=Votre connexion à Tor a été perdue. +torlauncher.tor_exited=Tor s'est terminé de manière inattendue. Cela pourrait être dû à un bug dans Tor lui-même, à un autre logiciel sur votre système, ou à un défaut matériel. Jusqu'à ce que vous redémarriez Tor, le navigateur Tor sera incapable d'atteindre un site Web. Si le problème persiste, veuillez envoyer une copie de votre historique Tor à l'équipe d'assistance. +torlauncher.tor_exited2=Redémarrer Tor ne fermera pas les onglets de votre navigateur torlauncher.tor_controlconn_failed=Impossible de se connecter au port de contrôle de Tor. torlauncher.tor_failed_to_start=Tor n'a pas pu démarrer. torlauncher.tor_control_failed=Échec lors de la prise de contrôle de Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Aucun des bridges fournis n'a le type torlauncher.recommended_bridge=(recommandé) torlauncher.connect=Se connecter -torlauncher.reconnect=Reconnecter +torlauncher.restart_tor=Relancer Tor torlauncher.quit=Quitter torlauncher.quit_win=Sortir torlauncher.done=Terminé torlauncher.forAssistance=Pour obtenir de l'aide, contactez %S +torlauncher.copiedNLogMessages=Copie terminée. %S messages du journal Tor sont prêt à être collés dans votre éditeur de texte ou dans un mail. + torlauncher.bootstrapStatus.conn_dir=Connexion à un annuaire de relais torlauncher.bootstrapStatus.handshake_dir=Établissement d'une connexion annuaire chiffrée torlauncher.bootstrapStatus.requesting_status=Récupération de l'état du réseau diff --git a/src/chrome/locale/fur/network-settings.dtd b/src/chrome/locale/fur/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/fur/network-settings.dtd +++ b/src/chrome/locale/fur/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/fur/torlauncher.properties b/src/chrome/locale/fur/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/fur/torlauncher.properties +++ b/src/chrome/locale/fur/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/fy/network-settings.dtd b/src/chrome/locale/fy/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/fy/network-settings.dtd +++ b/src/chrome/locale/fy/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/fy/torlauncher.properties b/src/chrome/locale/fy/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/fy/torlauncher.properties +++ b/src/chrome/locale/fy/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ga/network-settings.dtd b/src/chrome/locale/ga/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ga/network-settings.dtd +++ b/src/chrome/locale/ga/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ga/torlauncher.properties b/src/chrome/locale/ga/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ga/torlauncher.properties +++ b/src/chrome/locale/ga/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/gl/network-settings.dtd b/src/chrome/locale/gl/network-settings.dtd index 2d70aac..6586f28 100644 --- a/src/chrome/locale/gl/network-settings.dtd +++ b/src/chrome/locale/gl/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Non"> <!ENTITY torSettings.firstQuestion "Cal das seguintes alternativas describe mellor a súa situación?"> -<!ENTITY torSettings.configurePrompt1 "A conexión á Internet deste computador é censurada, filtrada ou pasa por un proxy."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configurar"> <!ENTITY torSettings.connectPrompt2 "Gustaríame conectar directamente á rede Tor"> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Se non está seguro de como responder a esta pregunta, consulte as opcións de Internet en outro navegador para ver se está configurado para usar un proxy."> <!ENTITY torSettings.enterProxy "Introduza a configuración do proxy."> -<!ENTITY torSettings.firewallQuestion "A conexión á Internet deste computador pasa por unha devasa (firewall) que só permite conexións a certos portos?"> -<!ENTITY torSettings.firewallHelp "Se non está seguro de como responder a esta pregunta, seleccione Non. Se atopa problemas para conectarse á rede Tor, cambie esta configuración."> -<!ENTITY torSettings.enterFirewall "Escriba unha lista separada por comas de portos permitidos pola devasa (firewall)."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/gl/torlauncher.properties b/src/chrome/locale/gl/torlauncher.properties index c0a6d84..038d926 100644 --- a/src/chrome/locale/gl/torlauncher.properties +++ b/src/chrome/locale/gl/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Lanzador do Tor -torlauncher.tor_exited=O Tor saíu de vez. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Non se puido conectar ao porto de control do Tor. torlauncher.tor_failed_to_start=Non se puido iniciar o Tor. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recomendado) torlauncher.connect=Conectar -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Abandoar torlauncher.quit_win=Saír torlauncher.done=Feito torlauncher.forAssistance=Para obter asistencia, póñase en contacto con %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Conectando co directorio de repetidores torlauncher.bootstrapStatus.handshake_dir=Estabelecendo unha conexión cifrada co directorio torlauncher.bootstrapStatus.requesting_status=Recuperando o estado da rede diff --git a/src/chrome/locale/gu-IN/network-settings.dtd b/src/chrome/locale/gu-IN/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/gu-IN/network-settings.dtd +++ b/src/chrome/locale/gu-IN/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/gu-IN/torlauncher.properties b/src/chrome/locale/gu-IN/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/gu-IN/torlauncher.properties +++ b/src/chrome/locale/gu-IN/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/gu/network-settings.dtd b/src/chrome/locale/gu/network-settings.dtd index 41cc87f..47d5383 100644 --- a/src/chrome/locale/gu/network-settings.dtd +++ b/src/chrome/locale/gu/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/gu/torlauncher.properties b/src/chrome/locale/gu/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/gu/torlauncher.properties +++ b/src/chrome/locale/gu/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/gun/network-settings.dtd b/src/chrome/locale/gun/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/gun/network-settings.dtd +++ b/src/chrome/locale/gun/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/gun/torlauncher.properties b/src/chrome/locale/gun/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/gun/torlauncher.properties +++ b/src/chrome/locale/gun/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ha/network-settings.dtd b/src/chrome/locale/ha/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ha/network-settings.dtd +++ b/src/chrome/locale/ha/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ha/torlauncher.properties b/src/chrome/locale/ha/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ha/torlauncher.properties +++ b/src/chrome/locale/ha/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/he/network-settings.dtd b/src/chrome/locale/he/network-settings.dtd index cebbcc4..e377cdf 100644 --- a/src/chrome/locale/he/network-settings.dtd +++ b/src/chrome/locale/he/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "לא"> <!ENTITY torSettings.firstQuestion "אילו מן הבאים מתאר את המצב שלך באופן הטוב ביותר?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "הגדר"> <!ENTITY torSettings.connectPrompt2 "ברצוני להתחבר ישירות אל הרשת Tor."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "הזן את הגדרות הפרוקסי."> -<!ENTITY torSettings.firewallQuestion "האם חיבור האינטרנט של מחשב זה עובר דרך חומת אש שרק מאפשר חיבורים ליציאות מסוימות?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -29,7 +26,7 @@  <!ENTITY torsettings.startingTor "ממתין כעת עבור Tor כדי להתחיל…"> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "התחל מחדש את Tor"> <!ENTITY torsettings.optional "רשות"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/he/torlauncher.properties b/src/chrome/locale/he/torlauncher.properties index ddc5d61..55224f5 100644 --- a/src/chrome/locale/he/torlauncher.properties +++ b/src/chrome/locale/he/torlauncher.properties @@ -3,12 +3,12 @@ torlauncher.error_title=משגר Tor -torlauncher.tor_exited=‏Tor יצא במפתיעה. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=התחלה מחדש של Tor לא תסגור את כרטיסיות הדפדפן שלך. torlauncher.tor_controlconn_failed=לא הצליח להתחבר ליציאת שליטת Tor. torlauncher.tor_failed_to_start=Tor נכשל בהפעלה. -torlauncher.tor_control_failed=Failed to take control of Tor. -torlauncher.tor_bootstrap_failed=Tor failed to establish a Tor network connection. +torlauncher.tor_control_failed=נכשל לקבל שליטה על Tor. +torlauncher.tor_bootstrap_failed=Tor נכשל לבסס חיבור רשת Tor. torlauncher.tor_bootstrap_failed_details=%1$S failed (%2$S). torlauncher.unable_to_start_tor=אין אפשרות להתחיל את Tor.\n\n%S @@ -27,16 +27,18 @@ torlauncher.error_bridges_missing=עליך לציין גשר אחד או יות torlauncher.error_default_bridges_type_missing=You must select a transport type for the provided bridges. torlauncher.error_bridge_bad_default_type=No provided bridges that have the transport type %S are available. Please adjust your settings. -torlauncher.recommended_bridge=(recommended) +torlauncher.recommended_bridge=(מומלץ) torlauncher.connect=התחבר -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=התחל מחדש את Tor torlauncher.quit=יציאה torlauncher.quit_win=צא torlauncher.done=הושלם torlauncher.forAssistance=לעזרה, צרו קשר עם %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=מתחבר כעת אל מדור ממסר torlauncher.bootstrapStatus.handshake_dir=מקים כעת חיבור ספריות מוצפן torlauncher.bootstrapStatus.requesting_status=מאתר כעת את מצב הרשת diff --git a/src/chrome/locale/hi/network-settings.dtd b/src/chrome/locale/hi/network-settings.dtd index 4a31e93..f8d4548 100644 --- a/src/chrome/locale/hi/network-settings.dtd +++ b/src/chrome/locale/hi/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "नहीं"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/hi/torlauncher.properties b/src/chrome/locale/hi/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/hi/torlauncher.properties +++ b/src/chrome/locale/hi/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/hr-HR/network-settings.dtd b/src/chrome/locale/hr-HR/network-settings.dtd index 65fe1e6..26c627a 100644 --- a/src/chrome/locale/hr-HR/network-settings.dtd +++ b/src/chrome/locale/hr-HR/network-settings.dtd @@ -9,8 +9,8 @@ internetskoj vezi ovog računala."> <!ENTITY torSettings.no "Ne"> <!ENTITY torSettings.firstQuestion "Koje od sljedećeg najbolje opisuje Vašu situaciju?"> -<!ENTITY torSettings.configurePrompt1 "Internetska veza ovog računala je cenzurirana, filtrirana ili prolazi kroz proxy."> -<!ENTITY torSettings.configurePrompt2 "Trebam konfigurirati bridge, firewall ili proxy postavke."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Podesi"> <!ENTITY torSettings.connectPrompt2 "Želim se izravno spojiti na Tor mrežu."> <!ENTITY torSettings.connectPrompt3 "Ovo će raditi u većini situacija."> @@ -20,9 +20,6 @@ internetskoj vezi ovog računala.">  <!ENTITY torSettings.proxyHelp "Ako niste sigurni kako odgovoriti na ovo pitanje, pogledajte Internet postavke u drugom pregledniku i provjerite je li podešen za korištenje proxyja."> <!ENTITY torSettings.enterProxy "Unesite postavke proxyja."> -<!ENTITY torSettings.firewallQuestion "Prolazi li Internet veza ovog računala kroz vatrozid koji dopušta spajanje samo na određene portove?"> -<!ENTITY torSettings.firewallHelp "Ako niste sigurni kako odgovoriti na ovo pitanje, odaberite "Ne". Ako uočite probleme pri spajanju na Tor mrežu, promijenite ovu postavku."> -<!ENTITY torSettings.enterFirewall "Unesite popis portova, odvojenih zarezom, koji su dopušteni na vatrozidu."> <!ENTITY torSettings.bridgeQuestion "Blokira li vaš Internet Service Provider (ISP) ili ikako cenzurira veze s Tor mrežom?"> <!ENTITY torSettings.bridgeHelp "Ako niste sigurni kako da odgovorite na ovo pitanje, odaberite Ne.  Ako odaberete Da, zatražit će vas da konfigurirate Tor Mostove, koji su neizlistani releji koji otežavaju @@ -63,9 +60,8 @@ vlastiti set adresa koristeći jednu od ove tri metode:"> <!ENTITY torsettings.bridgeHelp2Heading "Kroz Web"> <!ENTITY torsettings.bridgeHelp2 "Koristite web preglednik kako bi posjetili https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Kroz Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Pošaljite email na bridges(a)torproject.org samo s tekstom 'get bridges' u sadržaju -poruke.  No, kako bi napadačima bilo teže naučiti mnogo bridge adresa, morate -poslati ovaj zahtjev sa gmail.com ili yahoo.com email adrese."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Pomoću Help Deska"> <!ENTITY torsettings.bridgeHelp4 "U najgorem slučaju, možete zatražiti bridge adrese tako što pošaljete pristojan email na help(a)rt.torproject.org.  Imajte na umu da neće odgovoriti na svaki zahtjev."> diff --git a/src/chrome/locale/hr-HR/torlauncher.properties b/src/chrome/locale/hr-HR/torlauncher.properties index daa86fa..a59b544 100644 --- a/src/chrome/locale/hr-HR/torlauncher.properties +++ b/src/chrome/locale/hr-HR/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Pokretač Tora -torlauncher.tor_exited=Tor je neočekivano izašao. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Nije se moguće spojiti na Torov upravljački port. torlauncher.tor_failed_to_start=Tor se nije uspio pokrenuti. torlauncher.tor_control_failed=Preuzimanje kontrole nad Torom nije uspjelo. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Nema dostupnih pruženih mostova koji torlauncher.recommended_bridge=(preporučeno) torlauncher.connect=Spajanje -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Odustani torlauncher.quit_win=Izlaz torlauncher.done=Gotovo torlauncher.forAssistance=Za pomoć, kontaktirajte %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Spajanje na mapu releja torlauncher.bootstrapStatus.handshake_dir=Uspostavljanje šifrirane veze na mapu torlauncher.bootstrapStatus.requesting_status=Dohvaćanje statusa mreže diff --git a/src/chrome/locale/hr/network-settings.dtd b/src/chrome/locale/hr/network-settings.dtd index 4f50368..e84fff5 100644 --- a/src/chrome/locale/hr/network-settings.dtd +++ b/src/chrome/locale/hr/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Ne"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "Ovo će raditi u većini situacija."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Unesi proxy postavke."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/hr/torlauncher.properties b/src/chrome/locale/hr/torlauncher.properties index 54a9c06..0d1c26a 100644 --- a/src/chrome/locale/hr/torlauncher.properties +++ b/src/chrome/locale/hr/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Poveži se -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ht/network-settings.dtd b/src/chrome/locale/ht/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ht/network-settings.dtd +++ b/src/chrome/locale/ht/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ht/torlauncher.properties b/src/chrome/locale/ht/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ht/torlauncher.properties +++ b/src/chrome/locale/ht/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/hu/network-settings.dtd b/src/chrome/locale/hu/network-settings.dtd index 54b862a..5611fc0 100644 --- a/src/chrome/locale/hu/network-settings.dtd +++ b/src/chrome/locale/hu/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nem"> <!ENTITY torSettings.firstQuestion "A következők közül melyik illik jobban a szituációhoz?"> -<!ENTITY torSettings.configurePrompt1 "A számítógép internet kapcsolata cenzúrázott, szűrt vagy proxy-t használ."> -<!ENTITY torSettings.configurePrompt2 "Konfigurálni kell a bridge, tűzfal vagy proxy beállításokat."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Beállít"> <!ENTITY torSettings.connectPrompt2 "Szeretnék közvetlenül kapcsolódni a Tor hálózathoz."> <!ENTITY torSettings.connectPrompt3 "A legtöbb esetben ez működni fog."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Ha nem vagy biztos a válaszban nézd meg az Internet beállításokat egy másik böngészőben. Nézd meg van-e proxy használat beállítva."> <!ENTITY torSettings.enterProxy "Adja meg a proxy beállításokat."> -<!ENTITY torSettings.firewallQuestion "Ezen számítógép internet kapcsolata tűzfalon halad át, mely csak bizonyos portokhoz enged csatlakozni?"> -<!ENTITY torSettings.firewallHelp "Nem biztos abban, hogy hogyan válaszoljon erre a kérdésre, válassza a 'Nem'-et. Ha problémákba ütközik a Tor hálózathoz való csatlakozáskor, változtassa meg ezt a beállítást."> -<!ENTITY torSettings.enterFirewall "Gépelj be egy vesszővel elválasztott listát a portokról amik engedélyezve vannak a tűzfal által."> <!ENTITY torSettings.bridgeQuestion "Az internet szolgáltatód (ISP) blokkolja vagy cenzúrázza a kapcsolatot a Tor hálózathoz?"> <!ENTITY torSettings.bridgeHelp "Ha nem vagy biztos a válaszban, válaszd a Nem-et.  Ha az Igen-t választod neked kell konfigurálni a Tor bridges amik nem listázott átjátszók és nehezebbé teszik a Tor hálózat kapcsolódásának a blokkolását."> <!ENTITY torSettings.bridgeSettingsPrompt "Használhatod a szolgáltatott bridge címeket vagy beszerezhetsz egyedi bridge címeket."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Interneten keresztül"> <!ENTITY torsettings.bridgeHelp2 "Használj egy böngészőt megnézni ezt az oldalt: https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Az automata email válaszok által."> -<!ENTITY torsettings.bridgeHelp3 "Küldj emailt a bridges(a)torproject.org -ra a következő szöveggel: "get bridges" az emailben.  Hogy egy esetleges támadó információ szerzési esélyét nehezítse ezt az emailt egy gmail.com vagy yahoo.com email címről küldd."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "A támogatáson keresztül."> <!ENTITY torsettings.bridgeHelp4 "Utolsó lehetőségként küldj egy udvarias bridge igénylő emailt ide: help(a)rt.torproject.org.  Légyszíves vedd figyelembe az adott személynek több emailt kell megválaszolnia."> diff --git a/src/chrome/locale/hu/torlauncher.properties b/src/chrome/locale/hu/torlauncher.properties index 47d9543..bc73c2b 100644 --- a/src/chrome/locale/hu/torlauncher.properties +++ b/src/chrome/locale/hu/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Indító -torlauncher.tor_exited=A Tor váratlanul kilépett. -torlauncher.tor_connection_lost=A kapcsolat a Tor hálózattal megszakadt. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Nem lehetséges csatlakozni a Tor vezérlő portjára torlauncher.tor_failed_to_start=Nem sikerült elindulnia a Tor-nak. torlauncher.tor_control_failed=Nem sikerült átvenni a Tor vezérlését. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Nincs egy híd sem aminek az átviteli torlauncher.recommended_bridge=(ajánlott) torlauncher.connect=Csatlakozás -torlauncher.reconnect=Újrakapcsolódás +torlauncher.restart_tor=Tor újraindítása torlauncher.quit=Kilépés torlauncher.quit_win=Kilépés torlauncher.done=Kész torlauncher.forAssistance=Segítségér kérjük írjon ide: %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Csatlakozás egy Elosztó címtárhoz torlauncher.bootstrapStatus.handshake_dir=Titkosított címtárkapcsolat létrehozása torlauncher.bootstrapStatus.requesting_status=Hálózat státuszának lekérdezése diff --git a/src/chrome/locale/hy-AM/network-settings.dtd b/src/chrome/locale/hy-AM/network-settings.dtd index 63d5339..572c45e 100644 --- a/src/chrome/locale/hy-AM/network-settings.dtd +++ b/src/chrome/locale/hy-AM/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/hy-AM/torlauncher.properties b/src/chrome/locale/hy-AM/torlauncher.properties index 4cacf25..fc5a3b9 100644 --- a/src/chrome/locale/hy-AM/torlauncher.properties +++ b/src/chrome/locale/hy-AM/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor-ի թողարկման սխալ; torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Միանալ -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Չեղարկել torlauncher.quit_win=Ելք torlauncher.done=Պատրաստ է torlauncher.forAssistance=Օգնության համար կապվեք %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/hy/network-settings.dtd b/src/chrome/locale/hy/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/hy/network-settings.dtd +++ b/src/chrome/locale/hy/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/hy/torlauncher.properties b/src/chrome/locale/hy/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/hy/torlauncher.properties +++ b/src/chrome/locale/hy/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ia/network-settings.dtd b/src/chrome/locale/ia/network-settings.dtd index de5dc49..a391ea8 100644 --- a/src/chrome/locale/ia/network-settings.dtd +++ b/src/chrome/locale/ia/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ia/torlauncher.properties b/src/chrome/locale/ia/torlauncher.properties index 300a337..44c40ed 100644 --- a/src/chrome/locale/ia/torlauncher.properties +++ b/src/chrome/locale/ia/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quitar torlauncher.quit_win=Sortir torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/id/network-settings.dtd b/src/chrome/locale/id/network-settings.dtd index eac76c4..e1b9efd 100644 --- a/src/chrome/locale/id/network-settings.dtd +++ b/src/chrome/locale/id/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Tidak"> <!ENTITY torSettings.firstQuestion "Yang mana dari di bawah ini cocok dengan situasi anda?"> -<!ENTITY torSettings.configurePrompt1 "Koneksi internet komputer ini disensor, disaring, atau diladeni pewali."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Konfigur"> <!ENTITY torSettings.connectPrompt2 "Saya ingin menghubungkan secara langsung ke jaringan Tor."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Kalau anda tidak yakin bagaimana menjawab pertanyaan ini, periksalah pengaturan Internet di browser lain untuk melihat apakah dia diatur untuk menggunakan proxy."> <!ENTITY torSettings.enterProxy "Masukkan pengaturan proxy."> -<!ENTITY torSettings.firewallQuestion "Apakah koneksi Internet komputer ini melalui firewall yang hanya memperbolehkan koneksi ke port-port tertentu?"> -<!ENTITY torSettings.firewallHelp "Jika anda tidak yakin atas jawaban pertanyaan ini, pilih Tidak. Jika anda mendapatkan masalah dalam menghubungi network Tor, ubah pengaturan ini."> -<!ENTITY torSettings.enterFirewall "Masukkan port-port (pisahkan dengan koma) yang diperbolehkan oleh firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/id/progress.dtd b/src/chrome/locale/id/progress.dtd index c2ea79d..495fdf5 100644 --- a/src/chrome/locale/id/progress.dtd +++ b/src/chrome/locale/id/progress.dtd @@ -1,4 +1,4 @@ <!ENTITY torprogress.dialog.title "Status Tor "> <!ENTITY torprogress.openSettings "Buka Pengaturan"> <!ENTITY torprogress.heading "Menghubungkan diri ke jaringan Tor"> -<!ENTITY torprogress.pleaseWait "Please wait while we establish a connection to the Tor network."> +<!ENTITY torprogress.pleaseWait "Silakan tunggu saat kami membangun koneksi ke jaringan Tor."> diff --git a/src/chrome/locale/id/torlauncher.properties b/src/chrome/locale/id/torlauncher.properties index 679374c..9151a1a 100644 --- a/src/chrome/locale/id/torlauncher.properties +++ b/src/chrome/locale/id/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor gagal untuk memulai. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Hubungi -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Berhenti torlauncher.quit_win=Keluar torlauncher.done=Selesai. torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Menghubungkan diri ke direktori relay torlauncher.bootstrapStatus.handshake_dir=Membuat koneksi direktori terenkripsi torlauncher.bootstrapStatus.requesting_status=Mengambil status jaringan diff --git a/src/chrome/locale/is/network-settings.dtd b/src/chrome/locale/is/network-settings.dtd index 6a7609a..755ae01 100644 --- a/src/chrome/locale/is/network-settings.dtd +++ b/src/chrome/locale/is/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nei"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/is/torlauncher.properties b/src/chrome/locale/is/torlauncher.properties index d882dc5..409ab33 100644 --- a/src/chrome/locale/is/torlauncher.properties +++ b/src/chrome/locale/is/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Hætta torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/it/network-settings.dtd b/src/chrome/locale/it/network-settings.dtd index 084c264..69b1821 100644 --- a/src/chrome/locale/it/network-settings.dtd +++ b/src/chrome/locale/it/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Quale delle seguenti descrizioni raffigura meglio la tua situazione?"> -<!ENTITY torSettings.configurePrompt1 "La connessione ad Internet di questo computer è censurata, filtrata, o passa attraverso un proxy."> -<!ENTITY torSettings.configurePrompt2 "Ho bisogno di configurare un bridge, firewall o settaggi proxy."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "Ho bisogno di configurare un ponte o un settaggio proxy"> <!ENTITY torSettings.configure "Configura"> <!ENTITY torSettings.connectPrompt2 "Vorrei connettermi direttamente alla rete Tor."> <!ENTITY torSettings.connectPrompt3 "Questo funzionerà nella maggior parte delle situazioni."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Se non sei sicuro su come rispondere a questa domanda, controlla le impostazioni Internet di un altro browser web per vedere se sia configurato l'uso di un proxy."> <!ENTITY torSettings.enterProxy "Inserisci le impostazioni del proxy."> -<!ENTITY torSettings.firewallQuestion "La connessione ad Internet di questo computer passa attraverso un firewall che permette le connessioni solo ad alcune porte?"> -<!ENTITY torSettings.firewallHelp "Se non sei sicuro su come rispondere a questa domanda, seleziona No. Nel caso in cui si verifichino problemi di connessione alla rete Tor, cambia queste impostazioni."> -<!ENTITY torSettings.enterFirewall "Inserisci una lista di porte consentite dal firewall, separate da una virgola."> <!ENTITY torSettings.bridgeQuestion "Il tuo fornitore di servizi internet (ISP) blocca o censura la connessione alla rete Tor?"> <!ENTITY torSettings.bridgeHelp "Se non sei sicuro di come rispondere alla domanda, scegli No.  Se scegli Sì, ti verrà chiesto di configurare Tor Bridges, che consiste in relay non elencati che rendono più difficile bloccare le connessioni alla Rete Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "Puoi usare il set preconfigurato di bridge o ottenere ed inserire un set personale di bridge."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Attraverso il web"> <!ENTITY torsettings.bridgeHelp2 "Usa un browser per visitare https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Attraverso l'autorisponditore Email"> -<!ENTITY torsettings.bridgeHelp3 "Manda una mail a bridges(a)torproject.org con scritto 'get bridges' nel corpo del messaggio.  Tuttavia, per rendere più difficile il riconoscimento di molti indirizzi bridge, manda questa richiesta da un account gmail.com o yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Invia una email a bridges(a)torproject.org con scritto 'get bridges' nel corpo del messaggio.  Inoltre, per evitare che un utente maleintenzionato richieda troppi indirizzi bridge, dovrai inviare una richiesta da uno dei seguenti provider di emails (ordinati per preferenza):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, o https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Attraverso l'Help Desk"> <!ENTITY torsettings.bridgeHelp4 "Come ultima spiaggia, puoi richiedere un indirizzo bridge mandando una cortese mail a help(a)rt.torproject.org.  Tieni conto che una persona dovrà rispondere ad ogni singola richiesta."> diff --git a/src/chrome/locale/it/torlauncher.properties b/src/chrome/locale/it/torlauncher.properties index 731ced4..b5729ed 100644 --- a/src/chrome/locale/it/torlauncher.properties +++ b/src/chrome/locale/it/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Avviatore di Tor -torlauncher.tor_exited=Tor si è arrestato inaspettatamente. -torlauncher.tor_connection_lost=La tua connesione alla rete Tor è stata persa. +torlauncher.tor_exited=Tor si è chiuso inaspettatamente. La causa può essere un bug dello stesso Tor, un altro programma sul tuo sistema o hardware difettoso. Finchè non riavvii Tor, il Tor Browser non potrà connettersi. Se il problema persiste, invia una copia del log di Tor al team di supporto. +torlauncher.tor_exited2=Il riavvio di Tor non chiuderà le schede del browser. torlauncher.tor_controlconn_failed=Impossibile connettersi alla porta di controllo di Tor. torlauncher.tor_failed_to_start=Si è verificato un errore nell'avvio di Tor. torlauncher.tor_control_failed=Impossibile ottenere il controllo di Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Non è disponibile alcun bridge con il torlauncher.recommended_bridge=(raccomandato) torlauncher.connect=Connetti -torlauncher.reconnect=Riconnettiti +torlauncher.restart_tor=Riavvia Tor torlauncher.quit=Esci torlauncher.quit_win=Esci torlauncher.done=Fatto torlauncher.forAssistance=Per richiedere assistenza, contattare %S +torlauncher.copiedNLogMessages=Copia completata. %S Messaggi di log Tor sono pronti per essere incollato in un editor di testo o un messaggio e-mail. + torlauncher.bootstrapStatus.conn_dir=Connessione ad una directory dei relay torlauncher.bootstrapStatus.handshake_dir=Sto creando una connessione cifrata alla directory torlauncher.bootstrapStatus.requesting_status=Sto ottenendo informazioni sullo stato della rete diff --git a/src/chrome/locale/ja/network-settings.dtd b/src/chrome/locale/ja/network-settings.dtd index 7d10085..76034db 100644 --- a/src/chrome/locale/ja/network-settings.dtd +++ b/src/chrome/locale/ja/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "いいえ"> <!ENTITY torSettings.firstQuestion "以下のうちあなたの状態に最も適しているのはどれですか？"> -<!ENTITY torSettings.configurePrompt1 "このコンピュータのインターネット接続は検閲されているか、フィルターされているか、プロキシを通します。"> -<!ENTITY torSettings.configurePrompt2 "ブリッジやファイアーウォール、プロキシの設定を構成する必要があります。"> +<!ENTITY torSettings.configurePrompt1 "このコンピュータのインターネット接続は、検閲されているかプロキシを通します。"> +<!ENTITY torSettings.configurePrompt2 "ブリッジやプロキシの設定を構成する必要があります。"> <!ENTITY torSettings.configure "構成"> <!ENTITY torSettings.connectPrompt2 "Torネットワークへ直接接続します。"> <!ENTITY torSettings.connectPrompt3 "これはほとんどの状況で動作します。"> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "この質問にどう答えるべきか確信が持てなければ、Proxyの使用がどのように設定されているか確認するために、他のブラウザのインターネット設定を見てください。"> <!ENTITY torSettings.enterProxy "Proxy設定を入力"> -<!ENTITY torSettings.firewallQuestion "このコンピュータのインターネット接続は特定のポートへの接続のみ許可するファイアーウォールを通しますか？"> -<!ENTITY torSettings.firewallHelp "この質問にどう答えるべきか確信が持てなければ、いいえを選択してください。 Torネットワークへ接続する時に問題に遭遇したなら、この設定を変更してください。"> -<!ENTITY torSettings.enterFirewall "ファイアーウォールによって許可されているポートのコンマ区切りのリストを入力してください。"> <!ENTITY torSettings.bridgeQuestion "あなたのインターネットサービスプロバイダー (ISP) は Tor ネットワークへの接続をブロックしているか、あるいは別のやり方で検閲していますか？"> <!ENTITY torSettings.bridgeHelp "この質問にどう答えるべきかよくわからない場合は、いいえを選択してください。  はいを選択すると、Tor ネットワークへの接続をブロックすることをさらに困難にするリスト化されていないリレーである Tor Bridges を構成することが求められます。"> <!ENTITY torSettings.bridgeSettingsPrompt "提供されたブリッジのセットを使用するか、あるいはカスタムのブリッジのセットを取得して入力することができます。"> @@ -29,7 +26,7 @@  <!ENTITY torsettings.startingTor "Torの開始を待っています..."> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "Torを再起動する"> <!ENTITY torsettings.optional "オプション"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "ウェブ経由"> <!ENTITY torsettings.bridgeHelp2 "ウェブを使用して、https://bridges.torproject.orgを開く"> <!ENTITY torsettings.bridgeHelp3Heading "メール自動応答システム経由"> -<!ENTITY torsettings.bridgeHelp3 "メッセージの本文に 'get bridges' という行を付けて bridges(a)torproject.org にメールを送信する。. ただし、攻撃者が多くのブリッジアドレスを把握するのを困難にするために、 gmail.com または yahoo.com のメールアドレスからこのリクエストを送信する必要があります。"> +<!ENTITY torsettings.bridgeHelp3.emailDesc "bridges(a)torproject.xn--orgget-rd4ex272a bridgesという本文のメールを送信してください。  ただし、攻撃者にブリッジのアドレスを知られないため、このリクエストを以下のEメールプロバイダーのいずれかから送信する必要があります。(設定の順に表示):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "ヘルプデスク経由"> <!ENTITY torsettings.bridgeHelp4 "最後の頼みの綱として、 help(a)rt.torproject.org に丁寧なメールメッセージを送信して、ブリッジアドレスをリクエストすることができます。  人間が各リクエストに対応する必要があることにご注意ください。"> diff --git a/src/chrome/locale/ja/torlauncher.properties b/src/chrome/locale/ja/torlauncher.properties index a234677..c679f1d 100644 --- a/src/chrome/locale/ja/torlauncher.properties +++ b/src/chrome/locale/ja/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Torは予期せず終了しました。 -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Torが突然終了しました。原因はおそらくTor自体のバグか、他の常駐プログラムか、あるいはハードウェアーが問題です。Torを再起動するまで、Torブラウザーはウェブサイトに一切接続できません。再起動しても解決されない場合、Torログファイルをサポートチームに送信してください +torlauncher.tor_exited2=Torを再起動しても、あなたのブラウザータブはそのまま残ります。 torlauncher.tor_controlconn_failed=Torのコントロールポートに接続出来ませんでした。 torlauncher.tor_failed_to_start=Torは開始出来ませんでした。 torlauncher.tor_control_failed=Tor の制御に失敗しました。 @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=トランスポートタイプ %S が torlauncher.recommended_bridge=(推奨) torlauncher.connect=接続 -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Torを再起動する torlauncher.quit=終了 torlauncher.quit_win=終了 torlauncher.done=完了 torlauncher.forAssistance=サポートについては、%Sにお問い合わせください +torlauncher.copiedNLogMessages=コピー成功。 %S個のTorログファイルがテキストエディターやEメールにペーストする準備ができました。 + torlauncher.bootstrapStatus.conn_dir=リレーディレクトリへ接続中 torlauncher.bootstrapStatus.handshake_dir=暗号化されたディレクトリとの接続を確立中 torlauncher.bootstrapStatus.requesting_status=ネットワークを検索中 diff --git a/src/chrome/locale/jv/network-settings.dtd b/src/chrome/locale/jv/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/jv/network-settings.dtd +++ b/src/chrome/locale/jv/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/jv/torlauncher.properties b/src/chrome/locale/jv/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/jv/torlauncher.properties +++ b/src/chrome/locale/jv/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ka/network-settings.dtd b/src/chrome/locale/ka/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ka/network-settings.dtd +++ b/src/chrome/locale/ka/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ka/torlauncher.properties b/src/chrome/locale/ka/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ka/torlauncher.properties +++ b/src/chrome/locale/ka/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/kk/network-settings.dtd b/src/chrome/locale/kk/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/kk/network-settings.dtd +++ b/src/chrome/locale/kk/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/kk/torlauncher.properties b/src/chrome/locale/kk/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/kk/torlauncher.properties +++ b/src/chrome/locale/kk/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/km/network-settings.dtd b/src/chrome/locale/km/network-settings.dtd index b5e57a5..bc33bb7 100644 --- a/src/chrome/locale/km/network-settings.dtd +++ b/src/chrome/locale/km/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "ទេ"> <!ENTITY torSettings.firstQuestion "តើការពណ៌នាណាមួយដូចខាងក្រោមនេះល្អបំផុតសម្រាប់ស្ថានភាពរបស់អ្នក?"> -<!ENTITY torSettings.configurePrompt1 "ការភ្ជាប់អ៊ីនធឺណិតកុំព្យូទ័រនេះត្រូវបានកែ ច្រោះ ឬដាក់ប្រូកស៊ី។"> -<!ENTITY torSettings.configurePrompt2 "ខ្ញុំត្រូវកំណត់រចនាសម្ព័ន្ធប្រ៊ីត, ជញ្ជាំងភ្លើង ឬការកំណត់ប្រូកស៊ី។"> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "កំណត់រចនាសម្ព័ន្ធ"> <!ENTITY torSettings.connectPrompt2 "ខ្ញុំចង់ភ្ជាប់ដោយផ្ទាល់ទៅបណ្ដាញ Tor ។"> <!ENTITY torSettings.connectPrompt3 "វានឹងដំណើរការក្នុងស្ថានភាពភាគច្រើន។"> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "បើអ្នកមិនប្រាកដអំពីវិធីឆ្លើយសំណួរនេះ មើលការកំណត់អ៊ីនធឺណិតក្នុងកម្មវិធីអ៊ីនធឺណិតផ្សេង ដើម្បីដឹងថាតើវាត្រូវបានកំណត់រចនាសម្ព័ន្ធដើម្បីប្រើប្រូកស៊ីដែរឬទេ។"> <!ENTITY torSettings.enterProxy "បញ្ចូលការកំណត់ប្រូកស៊ី។"> -<!ENTITY torSettings.firewallQuestion "តើការភ្ជាប់អ៊ីនធឺណិតរបស់កុំព្យូទ័រនេះឆ្លងកាត់ជញ្ជាំងភ្លើងដែលអនុញ្ញាតតែការភ្ជាប់ទៅច្រកជាក់លាក់?"> -<!ENTITY torSettings.firewallHelp "បើអ្នកមិនប្រាកដវិធីឆ្លើយតសំណួរនេះ ជ្រើស ទេ។ បើអ្នកមានបញ្ហាក្នុងការភ្ជាប់ទៅបណ្ដាញ Tor ប្ដូរការកំណត់នេះ។"> -<!ENTITY torSettings.enterFirewall "បញ្ជីបញ្ជីច្រកដែលបំបែកដោយសញ្ញាក្បៀសដែលត្រូវបានអនុញ្ញាតដោយជញ្ជាំងភ្លើង។"> <!ENTITY torSettings.bridgeQuestion "តើក្រុមហ៊ុនផ្ដល់អ៊ីនធឺណិតរបស់អ្នក (ISP) ទប់ស្កាត់ ឬបើមិនដូច្នេះទេការភ្ជាប់ឧបករណ៍ចាប់សញ្ញាទៅបណ្ដាញ Tor ?"> <!ENTITY torSettings.bridgeHelp "បើអ្នកប្រាកដពីវិធីឆ្លើយសំណួរនេះ ជ្រើសទេ។   បើអ្នកជ្រើសបាទ/ចាស អ្នកនឹងត្រូវបានស្នើឲ្យកំណត់រចនាសម្ព័ន្ធប៊្រីត Tor ដែលជាការបញ្ជូនបន្តមិនបានរាយដែលធ្វើឲ្យវាកាន់តែលំបាកក្នុងការទប់ស្កាត់ការភ្ជាប់ទៅបណ្ដាញ Tor ។"> <!ENTITY torSettings.bridgeSettingsPrompt "អ្នកអាចប្រើការកំណត់ប៊្រីតដែលបានផ្ដល់ ឬអ្នកអាចយក និងបញ្ចូលការកំណត់ប៊្រីតផ្ទាល់ខ្លួន។"> @@ -29,7 +26,7 @@  <!ENTITY torsettings.startingTor "កំពុងរង់ចាំ Tor ចាប់ផ្ដើម..."> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "ចាប់ផ្ដើម Tor ឡើងវិញ"> <!ENTITY torsettings.optional "ជាជម្រើស"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "តាមរយៈបណ្ដាញ"> <!ENTITY torsettings.bridgeHelp2 "ប្រើកម្មវិធីរុករកបណ្ដាញ ដើម្បីមើល https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "តាមរយៈការឆ្លើយតបដោយស្វ័យប្រវត្តិរបស់អ៊ីមែល"> -<!ENTITY torsettings.bridgeHelp3 "ផ្ញើអ៊ីមែលទៅ bridges(a)torproject.org ដោយមានឃ្លា 'get bridges' ដោយខ្លួនវាក្នុងតួសារ។  ទោះជាយ៉ាងណាក៏ដោយ ដើម្បីធ្វើឲ្យវាកាន់តែពិបាកសម្រាប់អ្នកវាយប្រហារ ដើម្បីសិក្សាច្រើនអំពីអាសយដ្ឋានប៊្រីត អ្នកត្រូវផ្ញើសំណើនេះពីអាសយដ្ឋាន gmail.com ឬ yahoo.com ។"> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "តាមរយៈជំនួយ"> <!ENTITY torsettings.bridgeHelp4 "នៅជម្រើសចុងក្រោយ អ្នកអាចស្នើអាសយដ្ឋានប៊្រីតដោយផ្ញើសារអ៊ីមែលគួរសមទៅ help(a)rt.torproject.org.  សូមចំណាំថា មនុស្សម្នាក់នឹងត្រូវឆ្លើយតបទៅសំណើនីមួយៗ។"> diff --git a/src/chrome/locale/km/torlauncher.properties b/src/chrome/locale/km/torlauncher.properties index bd0a264..b93eb81 100644 --- a/src/chrome/locale/km/torlauncher.properties +++ b/src/chrome/locale/km/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=កម្មវិធីចាប់ផ្ដើម Tor -torlauncher.tor_exited=បានចេញពី Tor ដោយមិនរំពឹងទុក -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=ការចាប់ផ្ដើម Tor ឡើងវិញនឹងមិនបិទផ្ទាំងកម្មវិធីរុករករបស់អ្នកទេ។ torlauncher.tor_controlconn_failed=មិនអាចភ្ជាប់ទៅច្រកពិនិត្យរបស់ Tor torlauncher.tor_failed_to_start=បានបរាជ័យក្នុងការចាប់ផ្ដើម Tor torlauncher.tor_control_failed=បានបរាជ័យក្នុងការពិនិត្យ Tor ។ @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=គ្មានប៊្រីត torlauncher.recommended_bridge=(បានផ្ដល់អនុសាសន៍) torlauncher.connect=តភ្ជាប់ -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=ចាប់ផ្ដើម Tor ឡើងវិញ torlauncher.quit=ចេញ torlauncher.quit_win=ចាកចេញ torlauncher.done=រួចរាល់ torlauncher.forAssistance=សម្រាប់ជំនួយ សូមទាក់ទង %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=តភ្ជាប់ទៅថតការបញ្ជូនបន្ត torlauncher.bootstrapStatus.handshake_dir=បង្កើតការតភ្ជាប់ថតដែលបានអ៊ិនគ្រីប torlauncher.bootstrapStatus.requesting_status=ទៅយកស្ថានភាពបណ្ដាញ diff --git a/src/chrome/locale/kn/network-settings.dtd b/src/chrome/locale/kn/network-settings.dtd index 61c76e2..7e477e3 100644 --- a/src/chrome/locale/kn/network-settings.dtd +++ b/src/chrome/locale/kn/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "ಇಲ್ಲಪ್ಪ"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/kn/torlauncher.properties b/src/chrome/locale/kn/torlauncher.properties index 3f563cb..a4ad1c9 100644 --- a/src/chrome/locale/kn/torlauncher.properties +++ b/src/chrome/locale/kn/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ko-KR/network-settings.dtd b/src/chrome/locale/ko-KR/network-settings.dtd index c2ed7fb..1842a05 100644 --- a/src/chrome/locale/ko-KR/network-settings.dtd +++ b/src/chrome/locale/ko-KR/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "아니오"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ko-KR/torlauncher.properties b/src/chrome/locale/ko-KR/torlauncher.properties index 7bcdc5a..c793562 100644 --- a/src/chrome/locale/ko-KR/torlauncher.properties +++ b/src/chrome/locale/ko-KR/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=나가기 torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=중계소 경로에 연결하고 있어요 torlauncher.bootstrapStatus.handshake_dir=경로와의 연결을 암호화해서 만들고 있어요 torlauncher.bootstrapStatus.requesting_status=네트워크 상태를 알아오고 있어요 diff --git a/src/chrome/locale/ko/network-settings.dtd b/src/chrome/locale/ko/network-settings.dtd index b64c5c1..2dd94b2 100644 --- a/src/chrome/locale/ko/network-settings.dtd +++ b/src/chrome/locale/ko/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "아니오"> <!ENTITY torSettings.firstQuestion "어떤 것이 귀하의 상황에 가깝습니까?"> -<!ENTITY torSettings.configurePrompt1 "이 컴퓨터의 인터넷 연결은 검열되거나 필터링되거나 프록시를 사용하고 있습니다."> -<!ENTITY torSettings.configurePrompt2 "브릿지, 방화벽, 프록시 설정 구성을 해야 합니다."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "구성"> <!ENTITY torSettings.connectPrompt2 "Tor 네트워크에 직접 연결하고 싶습니다."> <!ENTITY torSettings.connectPrompt3 "이것은 대부분의 상황에서 동작합니다"> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "이 질문에 어떻게 대답해야 할지 확신이 서지 않으면 프록시의 사용이 어떻게 설정되어 있는지 확인하기 위해 다른 브라우저의 인터넷 설정을 보세요."> <!ENTITY torSettings.enterProxy "프록시 설정에 들어갑니다."> -<!ENTITY torSettings.firewallQuestion "이 컴퓨터의 인터넷 연결은 방화벽을 통해서 특정 포트 접속만 허가합니까?"> -<!ENTITY torSettings.firewallHelp "이 질문에 어떻게 대답해야 할지 확신이 서지 않으면 아니오를 선택하세요. Tor 네트워크에 접속할 때 문제를 만났다면 이 설정을 변경해 주세요."> -<!ENTITY torSettings.enterFirewall "방화벽에 따라 허가되고 있는 포트 목록 입력해 주세요. 포트 번호는 콤마로 구분됩니다."> <!ENTITY torSettings.bridgeQuestion "인터넷 서비스 공급자(ISP)가 Tor 네트워크 접속을 차단하거나 검열하고 있나요?"> <!ENTITY torSettings.bridgeHelp "이 질문에 어떻게 대답해야할지 잘 모르는 경우 아니오를 선택하십시오.  예를 선택하면 Tor 네트워크에 대한 연결을 차단하는 것을 더욱 어렵게하는 목록 화되지 않은 릴레이이고 Tor Bridges을 구성하는 것이 요구됩니다."> <!ENTITY torSettings.bridgeSettingsPrompt "제공된 브릿지 세트를 사용하거나 사용자 지정 브릿지 세트를 취득하여 입력 할 수 있습니다."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "웹을 통해"> <!ENTITY torsettings.bridgeHelp2 "https://bridges.torproject.org 를 방문하십시오."> <!ENTITY torsettings.bridgeHelp3Heading "메일 자동 응답 시스템을 통해"> -<!ENTITY torsettings.bridgeHelp3 "공개 브릿지 주소를 찾는 또 하나의 방법은 본문에 'get bridges'라고 적은 E-mail을 bridges(a)torproject.org 앞으로 보내는 것입니다.  단, 브릿지 주소를 크래커들이 수집하기 어렵게 하기 위해 gmail.com 이나 yahoo.com 으로 보내주시면 감사하겠습니다."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "헬프 데스크를 통해"> <!ENTITY torsettings.bridgeHelp4 "최후의 수단으로 help(a)rt.torproject.xn--org-568n 정중 한 메일 메시지를 보내 브릿지 주소를 요청할 수 있습니다.  사람이 각 요청에 대응할 필요가 있다는 점에 주의해주십시오"> diff --git a/src/chrome/locale/ko/torlauncher.properties b/src/chrome/locale/ko/torlauncher.properties index d572091..0792dde 100644 --- a/src/chrome/locale/ko/torlauncher.properties +++ b/src/chrome/locale/ko/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor 브라우저 Launcher -torlauncher.tor_exited=Tor가 예기치 않게 종료되었습니다. -torlauncher.tor_connection_lost=Tor 네트워크 연결에 실패하였습니다 +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Tor 제어 포트에 연결이 어렵습니다. torlauncher.tor_failed_to_start=Tor 시작 실패. torlauncher.tor_control_failed=Tor 제어에 실패했습니다. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=전송 유형 %S가 제공 한 브리 torlauncher.recommended_bridge=(권장함) torlauncher.connect=연결 -torlauncher.reconnect=재연결 +torlauncher.restart_tor=Tor 재시작 torlauncher.quit=끝내기 torlauncher.quit_win=종료 torlauncher.done=완료 torlauncher.forAssistance=지원자 연결 %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=중계서버 디렉토리에 연결 torlauncher.bootstrapStatus.handshake_dir=암호화된 디렉터리 연결을 설정 torlauncher.bootstrapStatus.requesting_status=네트워크의 상태를 가져오는중 diff --git a/src/chrome/locale/ku/network-settings.dtd b/src/chrome/locale/ku/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ku/network-settings.dtd +++ b/src/chrome/locale/ku/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ku/torlauncher.properties b/src/chrome/locale/ku/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ku/torlauncher.properties +++ b/src/chrome/locale/ku/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/kw/network-settings.dtd b/src/chrome/locale/kw/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/kw/network-settings.dtd +++ b/src/chrome/locale/kw/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/kw/torlauncher.properties b/src/chrome/locale/kw/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/kw/torlauncher.properties +++ b/src/chrome/locale/kw/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ky/network-settings.dtd b/src/chrome/locale/ky/network-settings.dtd index dec8285..a8f724c 100644 --- a/src/chrome/locale/ky/network-settings.dtd +++ b/src/chrome/locale/ky/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ky/torlauncher.properties b/src/chrome/locale/ky/torlauncher.properties index 4f8fbb2..66f9e15 100644 --- a/src/chrome/locale/ky/torlauncher.properties +++ b/src/chrome/locale/ky/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Чыгуу torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/lb/network-settings.dtd b/src/chrome/locale/lb/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/lb/network-settings.dtd +++ b/src/chrome/locale/lb/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/lb/torlauncher.properties b/src/chrome/locale/lb/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/lb/torlauncher.properties +++ b/src/chrome/locale/lb/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/lg/network-settings.dtd b/src/chrome/locale/lg/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/lg/network-settings.dtd +++ b/src/chrome/locale/lg/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/lg/torlauncher.properties b/src/chrome/locale/lg/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/lg/torlauncher.properties +++ b/src/chrome/locale/lg/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ln/network-settings.dtd b/src/chrome/locale/ln/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ln/network-settings.dtd +++ b/src/chrome/locale/ln/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ln/torlauncher.properties b/src/chrome/locale/ln/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ln/torlauncher.properties +++ b/src/chrome/locale/ln/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/lo/network-settings.dtd b/src/chrome/locale/lo/network-settings.dtd index f46473e..b4d3d09 100644 --- a/src/chrome/locale/lo/network-settings.dtd +++ b/src/chrome/locale/lo/network-settings.dtd @@ -1,29 +1,26 @@ -<!ENTITY torsettings.dialog.title "Tor Network Settings"> +<!ENTITY torsettings.dialog.title "ການຕັ້ງຄ່າເຄືອຂ່າຍ Tor">  -<!ENTITY torsettings.prompt "Before you connect to the Tor network, you need to provide information about this computer's Internet connection."> +<!ENTITY torsettings.prompt "ກ່ອນທີ່ທ່ານຈະເຊື່ອມຕໍ່ເຂົ້າເຄືອຂ່າຍ Tor, ທ່ານຕ້ອງໄດ້ໃຫ້ລາຍລະອຽດກ່ຽວກັບ ການເຊື່ອມຕໍ່ ອິນເຕີເນັດ ຂອງ ຄັອມພິວເຕີຣ໌ ນີ້ກ່ອນ."> -<!ENTITY torSettings.yes "Yes"> -<!ENTITY torSettings.no "No"> +<!ENTITY torSettings.yes "ແມ່ນ"> +<!ENTITY torSettings.no "ບໍ່"> -<!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> -<!ENTITY torSettings.configure "Configure"> -<!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> -<!ENTITY torSettings.connectPrompt3 "This will work in most situations."> -<!ENTITY torSettings.connect "Connect"> +<!ENTITY torSettings.firstQuestion "ອັນໃດ ຕໍ່ໄປນີ້ ທີ່ ບັນຍາຍ ຢ່າງ ລະອຽດ ທີ່ສຸດ ກ່ຽວກັບ ສະພາບ ຂອງ ທ່ານ?"> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> +<!ENTITY torSettings.configure "ກຳນົດຄ່າ"> +<!ENTITY torSettings.connectPrompt2 "ຂ້ອຍຕ້ອງການເຊື່ອມໂດຍກົງກັບເຄືອຂ່າຍ Tor."> +<!ENTITY torSettings.connectPrompt3 "ນີ້ຈະໃຊ້ໄດ້ກັບສະຖານະການສ່ວນໃຫຍ່."> +<!ENTITY torSettings.connect "ເຊື່ອມຕໍ່"> -<!ENTITY torSettings.proxyQuestion "Does this computer need to use a proxy to access the Internet?"> +<!ENTITY torSettings.proxyQuestion "ເຄື່ອງຄັອມພິວເຕີຣ໌ນີ້ ຕ້ອງການ ໃຊ້ ພຣັອກຊີ ເພື່ອເຊື່ອມຕໍ່ເຂົ້າ ອິນເຕີເນັດ ບໍ່?">  -<!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> -<!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> -<!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> -<!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> +<!ENTITY torSettings.proxyHelp "ຖ້າທ່ານຍັງບໍ່ແນ່ໃຈວ່າຈະຕອບຄໍາຖາມນີ້ແນວໃດ, ໃຫ້ເບິ່ງ ການຕັ້ງຄ່າ ອິນເຕີເນັດ ຢູ່ ບຣາວເຊີຣ໌ ໂຕອື່ນ ເພື່ອເບິ່ງວ່າ ມັນຖືກກຳນົດ ໃຊ້ ພຣັອກຊີ ແນວໃດ."> +<!ENTITY torSettings.enterProxy "ປ້ອນ ການຕັ້ງຄ່າ ພຣັອກຊີ ເຂົ້າໄປ."> +<!ENTITY torSettings.bridgeQuestion "ຜູ້ໃຫ້ບໍລິການ ອິນເຕີເນັດ (ISP) ກັນໄວ້ບໍ່ ຫຼືບໍ່ ກໍແມ່ນ ມີການກວດສອບ ກ່ອນທີ່ຈະເຊື່ອມຕໍ່ເຂົ້າກັບເຄືອຂ່າຍ Tor?"> +<!ENTITY torSettings.bridgeHelp "ຖ້າທ່ານຍັງບໍ່ແນ່ໃຈວ່າຈະຕອບຄໍາຖາມນີ້ແນວໃດ, ໃຫ້ເລືອກ No.  ຖ້າທ່ານເລືກ Yes, ທ່ານ ຈະ ຖືກບອກ ໃຫ້ກຳນົດຄ່າ Tor Bridge ທີ່ບໍ່ໄດ້ຢູ່ໃນລາຍການ ຊຶ່ງຈະເຮັດໃຫ້ຫຍຸ້ງຍາກຕື່ມ ໃນການກັ້ນ ການເຊື່ອມຕໍ່ເຂົ້າເຄືອຂ່າຍ Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges.">  @@ -37,7 +34,7 @@ <!ENTITY torsettings.useProxy.type "Proxy Type:"> <!ENTITY torsettings.useProxy.address "Address:"> <!ENTITY torsettings.useProxy.address.placeholder "IP address or hostname"> -<!ENTITY torsettings.useProxy.port "Port:"> +<!ENTITY torsettings.useProxy.port "ພັອດ:"> <!ENTITY torsettings.useProxy.username "Username:"> <!ENTITY torsettings.useProxy.password "Password:"> <!ENTITY torsettings.useProxy.type.socks4 "SOCKS 4"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/lo/torlauncher.properties b/src/chrome/locale/lo/torlauncher.properties index bf2426a..3640155 100644 --- a/src/chrome/locale/lo/torlauncher.properties +++ b/src/chrome/locale/lo/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -29,14 +29,16 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) -torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.connect=ເຊື່ອມຕໍ່ +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/lt/network-settings.dtd b/src/chrome/locale/lt/network-settings.dtd index 959d2d9..0e51ad5 100644 --- a/src/chrome/locale/lt/network-settings.dtd +++ b/src/chrome/locale/lt/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Ne"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/lt/torlauncher.properties b/src/chrome/locale/lt/torlauncher.properties index dedd011..b1f594d 100644 --- a/src/chrome/locale/lt/torlauncher.properties +++ b/src/chrome/locale/lt/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor nepavyko paleisti. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(rekomenduojama) torlauncher.connect=Prisijungti -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Nutraukti torlauncher.quit_win=Išeiti torlauncher.done=Atlikta torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Jungiamasi prie retransliavimo taškų torlauncher.bootstrapStatus.handshake_dir=Užmezgiamas ryšys torlauncher.bootstrapStatus.requesting_status=Nuskaitoma tinklo būklė diff --git a/src/chrome/locale/lv/network-settings.dtd b/src/chrome/locale/lv/network-settings.dtd index bd6aeaf..63b8ede 100644 --- a/src/chrome/locale/lv/network-settings.dtd +++ b/src/chrome/locale/lv/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nē"> <!ENTITY torSettings.firstQuestion "Kura situācija vislabāk atbilst jūsējai?"> -<!ENTITY torSettings.configurePrompt1 "Šī datora interneta savienojums tiek vai nu cenzēts, vai filtrēts, vai arī realizēts caur starpnieku."> -<!ENTITY torSettings.configurePrompt2 "Man jākonfigurē tilta, ugunsmūra vai starpniekservera iestatījumi."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Konfigurēt"> <!ENTITY torSettings.connectPrompt2 "Es vēlos tieši pieslēgties tīklam Tor."> <!ENTITY torSettings.connectPrompt3 "Šis strādās vairumā gadījumu."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Ja neesat pārliecināts kāda ir pareizā atbilde, apskatiet cita pārlūka interneta iestatījumus, lai redzētu vai tas ir konfigurēts izmantot starpnieku."> <!ENTITY torSettings.enterProxy "Ievadiet starpnieka iestatījumus."> -<!ENTITY torSettings.firewallQuestion "Vai šī datora interneta savienojums iet caur ugunsmūri, kurš atļauj savienojumus tikai ar atsevišķiem portiem?"> -<!ENTITY torSettings.firewallHelp "Ja neesat pārliecināts par pareizo atbildi, izvēlieties atbildi "Nē". Ja rodas problēmas pievienojoties tīklam Tor, mainiet šo iestatījumu."> -<!ENTITY torSettings.enterFirewall "Ievadiet ar komatiem atdalītu ugusnmūra atļauto portu sarakstu."> <!ENTITY torSettings.bridgeQuestion "Vai Jūsu interneta pakalpojumu sniedzējs (ISP) bloķē vai savādāk cenzē savienojumus ar tīklu Tor?"> <!ENTITY torSettings.bridgeHelp "Ja nezināt atbildi, izvēlieties No.  ja izvēlēsities Jā, Jums lūgs konfigurēt Tor tiltus jeb Tor Bridges, proti, neuzskaitītus retranslatorus, kuri apgrūtina savienojumu bloķēšanu ar tīklu Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "Jūs varat izmantot piedāvāto tiltu kopumu vai varat ievadīt tiltu pielāgotu sarakstu. "> @@ -29,7 +26,7 @@  <!ENTITY torsettings.startingTor "Gaida, kamēr Tor startēs..."> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "Restartēt Tor"> <!ENTITY torsettings.optional "Neobligāts"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Caur tīmekli"> <!ENTITY torsettings.bridgeHelp2 "Izmanto pārlūkprogrammu lai apmeklētu https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Caur E-pasta Auto-atbildētāju"> -<!ENTITY torsettings.bridgeHelp3 "Sūtiet e-pastu uz bridges(a)torproject.org ar rindu 'get bridges' teksta korpusā.  Taču, lai uzbrucējam būtu sarežģītāk uzzināt daudz tiltu adrešu, Jums jāsūta šis pieprasījums no gmail.com vai yahoo.com e-pasta adreses."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Caur Palīdzības Centru"> <!ENTITY torsettings.bridgeHelp4 "Pēdējās instances palīdzība tiltu adrešu pieprasījumiem ir sūtīt pieklājīgu e-pasta adresi uz help(a)rt.torproject.org.  Lūdzu, ņemiet vērā, ka ikvienu pieprasījumu izskata cilvēks."> diff --git a/src/chrome/locale/lv/torlauncher.properties b/src/chrome/locale/lv/torlauncher.properties index 80e8f61..8be9868 100644 --- a/src/chrome/locale/lv/torlauncher.properties +++ b/src/chrome/locale/lv/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor palaidējs -torlauncher.tor_exited=Tor negaidīti beidza darbu. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor negaidīti beidza darbu. Tas varēja noteikt dēļ kļūdas pašā Tor, vai citas programmas Jūsu sistēmā, vai kļūmes datorā. Līdz brīdim kad Jūs restartēsiet Tor, Tor nevarēs sasniegt nevienu mājaslapu. Ja problēma nepazūd, lūdzu nosūtiet Jūsu Tor Log atblasta komandai. +torlauncher.tor_exited2=Tor restartēšana neaizvērs jūsu pārlūka lapas. torlauncher.tor_controlconn_failed=Nevarēja veikt savienojumu ar Tor kontrolportu. torlauncher.tor_failed_to_start=Tor'am neizdevās startēt. torlauncher.tor_control_failed=Neizdevās pārņemt Tor vadību. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Nav piedāvātu tiltu ar transporta ve torlauncher.recommended_bridge=(ieteicami) torlauncher.connect=Veidot savienojumu -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restartēt Tor torlauncher.quit=Beigt torlauncher.quit_win=Iziet torlauncher.done=Gatavs torlauncher.forAssistance=Lai saņemtu palīdzību, sazinieties ar %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Veido savienojumu ar retranslatoru direktoriju torlauncher.bootstrapStatus.handshake_dir=Izveido šifrētu savienojumu ar direktoriju torlauncher.bootstrapStatus.requesting_status=Izgūst tīkla statusu diff --git a/src/chrome/locale/mg/network-settings.dtd b/src/chrome/locale/mg/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/mg/network-settings.dtd +++ b/src/chrome/locale/mg/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/mg/torlauncher.properties b/src/chrome/locale/mg/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/mg/torlauncher.properties +++ b/src/chrome/locale/mg/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/mi/network-settings.dtd b/src/chrome/locale/mi/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/mi/network-settings.dtd +++ b/src/chrome/locale/mi/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/mi/torlauncher.properties b/src/chrome/locale/mi/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/mi/torlauncher.properties +++ b/src/chrome/locale/mi/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/mk/network-settings.dtd b/src/chrome/locale/mk/network-settings.dtd index a143b50..bf9c0d6 100644 --- a/src/chrome/locale/mk/network-settings.dtd +++ b/src/chrome/locale/mk/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/mk/torlauncher.properties b/src/chrome/locale/mk/torlauncher.properties index b708f1f..3b8e9fa 100644 --- a/src/chrome/locale/mk/torlauncher.properties +++ b/src/chrome/locale/mk/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Излез torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ml/network-settings.dtd b/src/chrome/locale/ml/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ml/network-settings.dtd +++ b/src/chrome/locale/ml/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ml/torlauncher.properties b/src/chrome/locale/ml/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ml/torlauncher.properties +++ b/src/chrome/locale/ml/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/mn/network-settings.dtd b/src/chrome/locale/mn/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/mn/network-settings.dtd +++ b/src/chrome/locale/mn/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/mn/torlauncher.properties b/src/chrome/locale/mn/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/mn/torlauncher.properties +++ b/src/chrome/locale/mn/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/mr/network-settings.dtd b/src/chrome/locale/mr/network-settings.dtd index b599240..9771da3 100644 --- a/src/chrome/locale/mr/network-settings.dtd +++ b/src/chrome/locale/mr/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/mr/torlauncher.properties b/src/chrome/locale/mr/torlauncher.properties index d40c2a0..2367cd5 100644 --- a/src/chrome/locale/mr/torlauncher.properties +++ b/src/chrome/locale/mr/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=टॉर लाँचर -torlauncher.tor_exited=टॉर अनपेक्षितपणे बंद झाले. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=टॉर नियंत्रण पोर्टला जोडण्यात अपयश. torlauncher.tor_failed_to_start=टॉर सुरू होण्यात अपयश. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=जोडा -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=बाहेर पडा torlauncher.quit_win=बंद करा torlauncher.done=झाले torlauncher.forAssistance=सहकार्यासाठी संपर्क साधा : %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ms-MY/network-settings.dtd b/src/chrome/locale/ms-MY/network-settings.dtd index 53386ff..35f9827 100644 --- a/src/chrome/locale/ms-MY/network-settings.dtd +++ b/src/chrome/locale/ms-MY/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Tidak"> <!ENTITY torSettings.firstQuestion "Antara berikut yang manakah terbaik menerangkan keadaan anda?"> -<!ENTITY torSettings.configurePrompt1 "Sambungan internet komputer ini telpas ditapis, atau di-proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Konfigurasi"> <!ENTITY torSettings.connectPrompt2 "Saya ingin berhubung terus kepada rangkaian Tor."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Jika anda tidak pasti bagaimana untuk menjawab soalan ini, lihat tetapan Internet dalam pelayar yang lain untuk melihat sama ada ia dikonfigurasi untuk menggunakan proksi."> <!ENTITY torSettings.enterProxy "Masukkan tetapan proksi."> -<!ENTITY torSettings.firewallQuestion "Adakah sambungan internet komputer ini melalui firewall yang hanya membenarkan sambungan ke port tertentu?"> -<!ENTITY torSettings.firewallHelp "Jika anda tidak pasti bagaimana untuk menjawab soalan ini, pilih Tidak. Jika anda menghadapi masalah untuk menyambung kepada rangkaian Tor, tukar tetapan ini."> -<!ENTITY torSettings.enterFirewall "Masukkan senarai port yang dipisahkan melalui koma yang dibenarkan oleh firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ms-MY/torlauncher.properties b/src/chrome/locale/ms-MY/torlauncher.properties index 8bcd08e..c403773 100644 --- a/src/chrome/locale/ms-MY/torlauncher.properties +++ b/src/chrome/locale/ms-MY/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Pelancar Tor -torlauncher.tor_exited=Tor telah terkeluar secara tidak sengaja. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Tidak dapat menyambung ke port kawalan Tor. torlauncher.tor_failed_to_start=Tor gagal untuk bermula. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Menyambung -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Henti torlauncher.quit_win=Keluar torlauncher.done=Selesai torlauncher.forAssistance=Untuk bantuan, hubungi %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/mt/network-settings.dtd b/src/chrome/locale/mt/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/mt/network-settings.dtd +++ b/src/chrome/locale/mt/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/mt/torlauncher.properties b/src/chrome/locale/mt/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/mt/torlauncher.properties +++ b/src/chrome/locale/mt/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/my/network-settings.dtd b/src/chrome/locale/my/network-settings.dtd index 2f2890b..19ac674 100644 --- a/src/chrome/locale/my/network-settings.dtd +++ b/src/chrome/locale/my/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "လက်မခံ့ါ"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/my/torlauncher.properties b/src/chrome/locale/my/torlauncher.properties index 628cd89..9c1d74c 100644 --- a/src/chrome/locale/my/torlauncher.properties +++ b/src/chrome/locale/my/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=ထွက်ရန် torlauncher.quit_win=ထွက်ရန် torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Relay ဖိုင်လမ်းကြောင်း တစ်ခုကို ဆက်သွယ်နေသည် torlauncher.bootstrapStatus.handshake_dir=စာဝှက်ထားသည့် ဖိုင်လမ်းကြောင်း ချိတ်ဆက်မှု တစ်ခု တည်ဆောက်နေသည် torlauncher.bootstrapStatus.requesting_status=ကွန်ရက် အနေအထားကို ပြန်ရယူနေသည် diff --git a/src/chrome/locale/nah/network-settings.dtd b/src/chrome/locale/nah/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/nah/network-settings.dtd +++ b/src/chrome/locale/nah/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/nah/torlauncher.properties b/src/chrome/locale/nah/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/nah/torlauncher.properties +++ b/src/chrome/locale/nah/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/nap/network-settings.dtd b/src/chrome/locale/nap/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/nap/network-settings.dtd +++ b/src/chrome/locale/nap/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/nap/torlauncher.properties b/src/chrome/locale/nap/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/nap/torlauncher.properties +++ b/src/chrome/locale/nap/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/nb/network-settings.dtd b/src/chrome/locale/nb/network-settings.dtd index fb5bd9b..7c02244 100644 --- a/src/chrome/locale/nb/network-settings.dtd +++ b/src/chrome/locale/nb/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nei"> <!ENTITY torSettings.firstQuestion "Hvilket av følgende beskriver best din situasjon?"> -<!ENTITY torSettings.configurePrompt1 "Denne datamaskinens Internett-tilkobling er sensurert, filtrert, eller går gjennom en proxy."> -<!ENTITY torSettings.configurePrompt2 "Jeg må konfigurere bro, brannmur eller proxy innstillinger."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Konfigurer"> <!ENTITY torSettings.connectPrompt2 "Jeg vil koble direkte til Tor-nettverket."> <!ENTITY torSettings.connectPrompt3 "Dette vil fungere i de fleste situasjoner."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Hvis du ikke er sikker på hvordan du skal svare på dette spørsmålet, se på Internett-innstillingene i en annen nettleser for å se om den er konfigurert til å bruke en proxy."> <!ENTITY torSettings.enterProxy "Skriv inn proxy-innstillingene."> -<!ENTITY torSettings.firewallQuestion "Går denne datamaskinens Internett-tilkobling gjennom en brannmur som kun tillater forbindelser til visse porter?"> -<!ENTITY torSettings.firewallHelp "Hvis du ikke er sikker på hvordan du skal svare på dette spørsmålet, velg nei. Hvis du støter på problemer med å koble til Tor-nettverket, endrer du denne innstillingen."> -<!ENTITY torSettings.enterFirewall "Skriv inn en liste, adskilt med komma, over porter som er tillatt av brannmuren."> <!ENTITY torSettings.bridgeQuestion "Blokkerer eller sensurerer internettleverandøren (ISP) din tilkoblinger til Tor-nettverket?"> <!ENTITY torSettings.bridgeHelp "Hvis du er usikker på hva du skal svare på dette spørsmålet, velg Nei.  Hvis du velger Ja, vil du bli bedt om å konfigurere Tor-broer, som er ulistede reléer som gjør det vanskeligere å blokkere tilkoblinger til Tor-nettverket."> <!ENTITY torSettings.bridgeSettingsPrompt "Du kan bruke de angitte broene eller du kan skaffe og oppgi egendefinerte broer."> @@ -59,8 +56,8 @@ <!ENTITY torsettings.bridgeHelp2Heading "Via nettet"> <!ENTITY torsettings.bridgeHelp2 "Bruk en nettleser for å besøke https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Via e-post autosvar"> -<!ENTITY torsettings.bridgeHelp3 "Send e-post til bridges(a)torproject.org med tekstlinjen 'get bridges' som eneste innhold i e-posten.  -Men, for å gjøre det vanskeligere for en angriper å lære seg en masse bro-adresser, må du sende denne forespørselen fra en gmail.com eller yahoo.com adresse."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send en e-post til bridges(a)torproject.org med 'get bridges' enten i emnefeltet eller i meldingen.  For å gjøre det vanskeligere for en angriper å ta rede på en mengde bro-adresser, må du sende denne forespørselen fra en av følgende i listen over e-posttilbydere (opplistet etter preferanse):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, eller https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Via supporten"> <!ENTITY torsettings.bridgeHelp4 "Som en siste utvei, kan du be om bro-adresser ved å sende en høflig e-post til help(a)rt.torproject.org.  Tenk over at en person må svare på hver slik forespørsel."> diff --git a/src/chrome/locale/nb/torlauncher.properties b/src/chrome/locale/nb/torlauncher.properties index dfcd138..b440fc4 100644 --- a/src/chrome/locale/nb/torlauncher.properties +++ b/src/chrome/locale/nb/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor ble uventet avsluttet. -torlauncher.tor_connection_lost=Din forbindelse til Tor-nettverket har blitt brutt. +torlauncher.tor_exited=Tor avsluttet uventet. Dette kan være forårsaket av en feil i Tor, eller et annet program på ditt system, alternativt ødelagt maskinvare. Før omstart av Tor er gjennomført vil du ikke kunne nå noen nettsider. Hvis problemet vedvarer, send en kopi av din Tor-logg til brukerstøtte. +torlauncher.tor_exited2=Omstart av Tor vil ikke lukke fanene dine. torlauncher.tor_controlconn_failed=Kunne ikke koble til Tor kontrollport. torlauncher.tor_failed_to_start=Tor kunne ikke starte. torlauncher.tor_control_failed=Feilet i ta kontroll over Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Ingen angitte broer som har tilkobling torlauncher.recommended_bridge=(anbefalt) torlauncher.connect=Koble til -torlauncher.reconnect=Koble til på nytt +torlauncher.restart_tor=Omstart av Tor torlauncher.quit=Avslutt torlauncher.quit_win=Exit torlauncher.done=Ferdig torlauncher.forAssistance=For hjelp, kontakt %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Kobler til en relékatalog torlauncher.bootstrapStatus.handshake_dir=Etablerer en kryptert katalogforbindelse torlauncher.bootstrapStatus.requesting_status=Mottar nettverkstatus diff --git a/src/chrome/locale/nds/network-settings.dtd b/src/chrome/locale/nds/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/nds/network-settings.dtd +++ b/src/chrome/locale/nds/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/nds/torlauncher.properties b/src/chrome/locale/nds/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/nds/torlauncher.properties +++ b/src/chrome/locale/nds/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ne/network-settings.dtd b/src/chrome/locale/ne/network-settings.dtd index 91c9614..800a3b5 100644 --- a/src/chrome/locale/ne/network-settings.dtd +++ b/src/chrome/locale/ne/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ne/torlauncher.properties b/src/chrome/locale/ne/torlauncher.properties index 6963aa2..ddd7834 100644 --- a/src/chrome/locale/ne/torlauncher.properties +++ b/src/chrome/locale/ne/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=टोर सुरुवातकर्ता -torlauncher.tor_exited=टोर अनपेक्षित रुपमा बन्द भयो| -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=टोरको नियेंत्रण पोर्टसंग जडान विफल भयो| torlauncher.tor_failed_to_start=टोर खुल्न विफल भयो | torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=जडान गर्नुहोस् -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=बन्द गर्नुहोस torlauncher.quit_win=बन्द torlauncher.done=भयो torlauncher.forAssistance=जानकारीको लागि सम्पर्क गर्नुहोस +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/nl-BE/network-settings.dtd b/src/chrome/locale/nl-BE/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/nl-BE/network-settings.dtd +++ b/src/chrome/locale/nl-BE/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/nl-BE/torlauncher.properties b/src/chrome/locale/nl-BE/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/nl-BE/torlauncher.properties +++ b/src/chrome/locale/nl-BE/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/nl/network-settings.dtd b/src/chrome/locale/nl/network-settings.dtd index 5b26fc2..8f37c53 100644 --- a/src/chrome/locale/nl/network-settings.dtd +++ b/src/chrome/locale/nl/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nee"> <!ENTITY torSettings.firstQuestion "Welke van de volgende beschrijft het best jouw situatie?"> -<!ENTITY torSettings.configurePrompt1 "De internetverbinding van deze computer wordt gecensureerd, gefilterd of geproxyed."> -<!ENTITY torSettings.configurePrompt2 "Ik moet bridge, firewall, of proxy instellingen wijzigen."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configureer"> <!ENTITY torSettings.connectPrompt2 "Ik zou graag rechtstreeks met het Tor netwerk verbinden."> <!ENTITY torSettings.connectPrompt3 "Dit zal in de meeste omstandigheden werken"> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Als je niet zeker bent over het antwoord op deze vraag, bekijk dan de verbindingsinstellingen van een andere browser om te zien of die is ingesteld om gebruik te maken van een proxy."> <!ENTITY torSettings.enterProxy "Voer de proxy-instellingen in."> -<!ENTITY torSettings.firewallQuestion "Loopt de internetverbinding van deze computer door een firewall die enkel toegang tot bepaalde poorten toestaat?"> -<!ENTITY torSettings.firewallHelp "Als je niet zeker bent hoe je deze vraag moet beantwoorden, kies dan Nee. Als je op problemen botst tijdens het verbinden met het Tor netwerk, verander dan deze instelling."> -<!ENTITY torSettings.enterFirewall "Voer de poorten in die toegestaan zijn door de firewall, gescheiden door komma's."> <!ENTITY torSettings.bridgeQuestion "Doet je Internet Service Provider (ISP) het Tor netwerk verbieden of filteren?"> <!ENTITY torSettings.bridgeHelp "Als je niet zeker weet hoe je deze vraag moet beantwoorden, kies dan Nee.  Als je Ja kiest, moet je Tor bridges instellen, die doordat ze geen bekende relays zijn het dus moeilijker maken om verbinding te maken met het Tor Netwerk. "> <!ENTITY torSettings.bridgeSettingsPrompt "Je kunt de ingegeven bridges gebruiken, of je kunt een eigen bridge instellen. "> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Door middel van het Web"> <!ENTITY torsettings.bridgeHelp2 "Gebruik een browser om https://bridges.torproject.org te bezoeken"> <!ENTITY torsettings.bridgeHelp3Heading "Door middel van de E-mail Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Zend een e-mail naar bridges(a)torproject.org met als inhoud van de mail de tekst 'get bridges'.  Let wel, om het aanvallers te bemoeilijken informatie te krijgen over bridge adressen, dient u uw aanvraag te versturen van een gmail.com of yahoo.com e-mailadres."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Zend een e-mail naar bridges(a)torproject.org met als inhoud van de mail de tekst 'get bridges'.  Let wel, om het aanvallers te bemoeilijken informatie te verkrijgen over bridge adressen, dient u uw aanvraag te versturen van een gmail.com of yahoo.com e-mailadres( gerangschikt in voorkeurs volgorde)."> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Door middel van de helpdesk"> <!ENTITY torsettings.bridgeHelp4 "Als laatste redmiddel, kan u bridge adressen aanvraag door een zeer vriendelijke e-mail te sturen naar help(a)rt.torproject.org.  Houd er wel rekening mee dat deze persoon elke aanvraag moet behandelen."> diff --git a/src/chrome/locale/nl/torlauncher.properties b/src/chrome/locale/nl/torlauncher.properties index 182ae3c..5fee2c2 100644 --- a/src/chrome/locale/nl/torlauncher.properties +++ b/src/chrome/locale/nl/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Starter -torlauncher.tor_exited=Tor is onverwacht afgesloten. -torlauncher.tor_connection_lost=Je verbinding met het Tor netwerk is verbroken. +torlauncher.tor_exited=Tor is onverwachts afgesloten. Dit kan veroorzaakt zijn door een fout in Tor zelf, een ander op je systeem geïnstalleerd programma of door slecht functionerende hardware. Totdat je tor opnieuw hebt opgestart zal de Tor Browser niet in staat zijn een website te bereiken. Stuur een kopie van je Tor Log naar het support team als het probleem zich voor blijft doen. +torlauncher.tor_exited2=Tor herstarten zal niet uw browser tabbladen sluiten. torlauncher.tor_controlconn_failed=Kon niet verbinden met een Tor controlepoort. torlauncher.tor_failed_to_start=Tor kon niet starten. torlauncher.tor_control_failed=Controle over Tor mislukt. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Géén van de verstrekte bridges met h torlauncher.recommended_bridge=(aanbevolen) torlauncher.connect=Verbind -torlauncher.reconnect=Opnieuw verbinden +torlauncher.restart_tor=Herstart Tor torlauncher.quit=Stop torlauncher.quit_win=Sluit af torlauncher.done=OK torlauncher.forAssistance=Voor hulp, contacteer %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Verbinden met een relay directory torlauncher.bootstrapStatus.handshake_dir=Maken van een versleutelde verbinding met de lijst torlauncher.bootstrapStatus.requesting_status=Ontvangen van de netwerkstatus diff --git a/src/chrome/locale/nn/network-settings.dtd b/src/chrome/locale/nn/network-settings.dtd index a675de3..217e82e 100644 --- a/src/chrome/locale/nn/network-settings.dtd +++ b/src/chrome/locale/nn/network-settings.dtd @@ -1,27 +1,24 @@ -<!ENTITY torsettings.dialog.title "Tor Network Settings"> +<!ENTITY torsettings.dialog.title "Tor nettverksinnstillingar">  <!ENTITY torsettings.prompt "Before you connect to the Tor network, you need to provide information about this computer's Internet connection."> -<!ENTITY torSettings.yes "Yes"> +<!ENTITY torSettings.yes "Ja"> <!ENTITY torSettings.no "Nei"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> -<!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> +<!ENTITY torSettings.connectPrompt2 "Eg vil kopla til direkte til Tor-nettverket."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> -<!ENTITY torSettings.connect "Connect"> +<!ENTITY torSettings.connect "Kopla til"> <!ENTITY torSettings.proxyQuestion "Does this computer need to use a proxy to access the Internet?">  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> -<!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> +<!ENTITY torSettings.enterProxy "Skriv inn mellomtenarinnstillingane."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -29,25 +26,25 @@  <!ENTITY torsettings.startingTor "Waiting for Tor to start…"> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "Start Tor på nytt"> -<!ENTITY torsettings.optional "Optional"> +<!ENTITY torsettings.optional "Valfritt"> <!ENTITY torsettings.useProxy.checkbox "This computer needs to use a proxy to access the Internet"> -<!ENTITY torsettings.useProxy.type "Proxy Type:"> -<!ENTITY torsettings.useProxy.address "Address:"> -<!ENTITY torsettings.useProxy.address.placeholder "IP address or hostname"> +<!ENTITY torsettings.useProxy.type "Mellomtenartype:"> +<!ENTITY torsettings.useProxy.address "Addresse:"> +<!ENTITY torsettings.useProxy.address.placeholder "IP-adresse eller vertsnamn"> <!ENTITY torsettings.useProxy.port "Port:"> -<!ENTITY torsettings.useProxy.username "Username:"> -<!ENTITY torsettings.useProxy.password "Password:"> +<!ENTITY torsettings.useProxy.username "Brukarnamn:"> +<!ENTITY torsettings.useProxy.password "Passord:"> <!ENTITY torsettings.useProxy.type.socks4 "SOCKS 4"> <!ENTITY torsettings.useProxy.type.socks5 "SOCKS 5"> -<!ENTITY torsettings.useProxy.type.http "HTTP / HTTPS"> +<!ENTITY torsettings.useProxy.type.http "HTTP/HTTPS"> <!ENTITY torsettings.firewall.checkbox "This computer goes through a firewall that only allows connections to certain ports"> -<!ENTITY torsettings.firewall.allowedPorts "Allowed Ports:"> +<!ENTITY torsettings.firewall.allowedPorts "Tillatne portar:"> <!ENTITY torsettings.useBridges.checkbox "My Internet Service Provider (ISP) blocks connections to the Tor network"> <!ENTITY torsettings.useBridges.default "Connect with provided bridges"> -<!ENTITY torsettings.useBridges.type "Transport type:"> +<!ENTITY torsettings.useBridges.type "Transporttype:"> <!ENTITY torsettings.useBridges.custom "Enter custom bridges"> <!ENTITY torsettings.useBridges.label "Enter one or more bridge relays (one per line)."> <!ENTITY torsettings.useBridges.placeholder "type address:port"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/nn/torlauncher.properties b/src/chrome/locale/nn/torlauncher.properties index 5da2bb8..2a7698b 100644 --- a/src/chrome/locale/nn/torlauncher.properties +++ b/src/chrome/locale/nn/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -13,7 +13,7 @@ torlauncher.tor_bootstrap_failed_details=%1$S failed (%2$S). torlauncher.unable_to_start_tor=Unable to start Tor.\n\n%S torlauncher.tor_missing=The Tor executable is missing. -torlauncher.torrc_missing=The torrc file is missing. +torlauncher.torrc_missing=torrc-fila manglar torlauncher.datadir_missing=The Tor data directory does not exist. torlauncher.password_hash_missing=Failed to get hashed password. @@ -29,31 +29,33 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(tilrådd) -torlauncher.connect=Connect -torlauncher.reconnect=Reconnect -torlauncher.quit=Quit +torlauncher.connect=Kople til +torlauncher.restart_tor=Start Tor på nytt +torlauncher.quit=Avslutt torlauncher.quit_win=Avslutt torlauncher.done=Done -torlauncher.forAssistance=For assistance, contact %S +torlauncher.forAssistance=For hjelp, kontakt %S + +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status -torlauncher.bootstrapStatus.loading_status=Loading network status +torlauncher.bootstrapStatus.loading_status=Lastar nettverkstatus torlauncher.bootstrapStatus.loading_keys=Loading authority certificates torlauncher.bootstrapStatus.requesting_descriptors=Requesting relay information torlauncher.bootstrapStatus.loading_descriptors=Loading relay information torlauncher.bootstrapStatus.conn_or=Koplar til Tor-nettverket torlauncher.bootstrapStatus.handshake_or=Establishing a Tor circuit -torlauncher.bootstrapStatus.done=Connected to the Tor network! +torlauncher.bootstrapStatus.done=Kopla til Tor-nettverket! torlauncher.bootstrapWarning.done=done -torlauncher.bootstrapWarning.connectrefused=connection refused +torlauncher.bootstrapWarning.connectrefused=tilkopling avslått torlauncher.bootstrapWarning.misc=miscellaneous torlauncher.bootstrapWarning.resourcelimit=insufficient resources torlauncher.bootstrapWarning.identity=identity mismatch torlauncher.bootstrapWarning.timeout=connection timeout torlauncher.bootstrapWarning.noroute=no route to host -torlauncher.bootstrapWarning.ioerror=read/write error +torlauncher.bootstrapWarning.ioerror=lese/skrive-feil torlauncher.bootstrapWarning.pt_missing=missing pluggable transport diff --git a/src/chrome/locale/nso/network-settings.dtd b/src/chrome/locale/nso/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/nso/network-settings.dtd +++ b/src/chrome/locale/nso/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/nso/torlauncher.properties b/src/chrome/locale/nso/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/nso/torlauncher.properties +++ b/src/chrome/locale/nso/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/oc/network-settings.dtd b/src/chrome/locale/oc/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/oc/network-settings.dtd +++ b/src/chrome/locale/oc/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/oc/torlauncher.properties b/src/chrome/locale/oc/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/oc/torlauncher.properties +++ b/src/chrome/locale/oc/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/or/network-settings.dtd b/src/chrome/locale/or/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/or/network-settings.dtd +++ b/src/chrome/locale/or/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/or/torlauncher.properties b/src/chrome/locale/or/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/or/torlauncher.properties +++ b/src/chrome/locale/or/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/pa/network-settings.dtd b/src/chrome/locale/pa/network-settings.dtd index b422fe9..3beefe6 100644 --- a/src/chrome/locale/pa/network-settings.dtd +++ b/src/chrome/locale/pa/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "ਨਹੀਂ"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "ਮੈਨੂੰ ਬਰਿਜ਼, ਫਾਇਰਵਾਲ ਜਾਂ ਪਰਾਕਸੀ ਸੈਟਿੰਗ ਦੀ ਸੰਰਚਨਾ ਕਰਨ ਦੀ ਲੋੜ ਹੈ।"> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "ਸੰਰਚਨਾ"> <!ENTITY torSettings.connectPrompt2 "ਮੈਂ ਟੋਰ ਨੈੱਟਵਰਕ ਨਾਲ ਸਿੱਧਾ ਕੁਨੈਕਟ ਹੋਣਾ ਚਾਹੁੰਦਾ/ਚਾਹੁੰਦੀ ਹਾਂ।"> <!ENTITY torSettings.connectPrompt3 "ਇਹ ਬਹੁਤੇ ਹਾਲਤਾਂ ਵਿੱਚ ਕੰਮ ਕਰੇਗਾ।"> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "ਵੈੱਬ ਰਾਹੀਂ"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "ਮੱਦਦ ਡੈਸਕ ਰਾਹੀਂ"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/pa/torlauncher.properties b/src/chrome/locale/pa/torlauncher.properties index 1183cb8..4246cf6 100644 --- a/src/chrome/locale/pa/torlauncher.properties +++ b/src/chrome/locale/pa/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=ਟੋਰ ਲਾਂਚਰ -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=ਸ਼ੁਰੂ ਕਰਨ ਲਈ ਫੇਲ੍ਹ ਹੈ torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=ਕੁਨੈਕਟ ਕਰੋ -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=ਬੰਦ ਕਰੋ torlauncher.done=ਮੁਕੰਮਲ torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=ਨੈੱਟਵਰਕ ਸਥਿਤੀ ਪ੍ਰਾਪਤ ਕੀਤੀ ਜਾ ਰਹੀ ਹੈ diff --git a/src/chrome/locale/pap/network-settings.dtd b/src/chrome/locale/pap/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/pap/network-settings.dtd +++ b/src/chrome/locale/pap/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/pap/torlauncher.properties b/src/chrome/locale/pap/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/pap/torlauncher.properties +++ b/src/chrome/locale/pap/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/pl/network-settings.dtd b/src/chrome/locale/pl/network-settings.dtd index b3beb8a..9d794b4 100644 --- a/src/chrome/locale/pl/network-settings.dtd +++ b/src/chrome/locale/pl/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nie"> <!ENTITY torSettings.firstQuestion "Które z poniższych najlepiej opisuje Twoją sytuację?"> -<!ENTITY torSettings.configurePrompt1 "Połączenie tego komputera jest cenzurowane, filtrowane lub przekierowywane."> -<!ENTITY torSettings.configurePrompt2 "Muszę skonfigurować most, firewall lub ustawienia serwera proxy."> +<!ENTITY torSettings.configurePrompt1 "Połączenie internetowe tego komputera jest ocenzurowane lub przepuszczane przez proxy."> +<!ENTITY torSettings.configurePrompt2 "Muszę skonfigurować most lub ustawienia serwera proxy."> <!ENTITY torSettings.configure "Konfiguruj"> <!ENTITY torSettings.connectPrompt2 "Chcę połączyć się bezpośrednio z siecią Tor."> <!ENTITY torSettings.connectPrompt3 "To zadziała w większości sytuacji."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Jeśli nie jesteś pewny odpowiedzi sprawdź ustawienia internetowe innej przeglądarki, czy jest skonfigurowana do użycia serwera proxy."> <!ENTITY torSettings.enterProxy "Wprowadź ustawienia serwera proxy"> -<!ENTITY torSettings.firewallQuestion "Czy połączenie internetowe Twojego komputera pozwala przejść przez zaporę sieciową w celu nawiązania połączenia z ustalonymi portami?"> -<!ENTITY torSettings.firewallHelp "Jeśli nie jesteś pewien jak odpowiedzieć na to pytanie, wybierz Nie. W przypadku wystąpienia problemów z połączeniem, zmień tą opcję."> -<!ENTITY torSettings.enterFirewall "Wprowadź listę portów dozwolonych przez zaporę (kolejne porty oddzielaj przecinkiem)."> <!ENTITY torSettings.bridgeQuestion "Czy Twój dostawca usług internetowych (ISP) blokuje lub cenzuruje połączenia sieci Tor?"> <!ENTITY torSettings.bridgeHelp "Jeśli nie jesteś pewny odpowiedzi na to pytanie proszę wybrać odpowiedź Nie.  Jeśli wybierzesz Tak, to będziesz poproszony o skonfigurowanie mostków Tora, które nie są publicznie wymienione, dzięki czemu będzie trudniej zablokować połączenia do sieci Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "Możesz wybrać dostępny zestaw mostków, albo możesz uzyskać i wprowadzić niestandardowy zestaw mostów."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Za pośrednictwem sieci Web"> <!ENTITY torsettings.bridgeHelp2 "Użyj przeglądarki internetowej do odwiedzenia https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Poprzez Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Wyślij e-mail do bridges(a)torproject.org z linią "get bridges" w treści wiadomości.  Aby jednak, utrudnić napastnikom naukę o adresach mostów, należy wysłać prośbę z adresu email gmail.com lub yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Wyślij e-maila na adres bridges(a)torproject.org pisząc w treści emaila 'get bridges'.  Jednak, aby utrudnić napastnikom naukę o adresach bridges, należy wysłać tego emaila używając jednego z wymienionych dostawców usługi email (dostawcy wymienieni są w kolejności preferencji):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, lub https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Przez Help Desk"> <!ENTITY torsettings.bridgeHelp4 "W ostateczności, można zażądać adresów mostów, wysyłając uprzejmą wiadomość e-mail do help(a)rt.torproject.org.  Należy pamiętać, że osoba będzie musiała odpowiedzieć na każde żądanie."> diff --git a/src/chrome/locale/pl/torlauncher.properties b/src/chrome/locale/pl/torlauncher.properties index 367c5be..e7746bb 100644 --- a/src/chrome/locale/pl/torlauncher.properties +++ b/src/chrome/locale/pl/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor wyłączył się niespodziewanie. -torlauncher.tor_connection_lost=Twoje połączenie z siecią Tor zostało utracone. +torlauncher.tor_exited=Tor niespodziewanie wyłączył się. Może to być spowodowane błędem programu Tor, lub innego programu zainstalowanym w Twoim systemie, lub może być to wina wadliwego sprzętu. Do czasu ponownego uruchomienia Tora, Tor Browser nie będzie w stanie dotrzeć do wszystkich stron. Jeśli problem nadal występuje, należy wysłać kopię logów Tora do zespołu pomocy technicznej. +torlauncher.tor_exited2=Zrestartowanie Tora nie spowoduje zamknięcia Twoich zakładek. torlauncher.tor_controlconn_failed=Nie można połączyć się z portem kontrolnym Tora. torlauncher.tor_failed_to_start=Nie powiodło się włączenie Tora. torlauncher.tor_control_failed=Nie udało się przejąć kontroli nad Tor'em. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Brak dostępnych mostków, które maj torlauncher.recommended_bridge=(zalecane) torlauncher.connect=Połącz -torlauncher.reconnect=Połącz ponownie +torlauncher.restart_tor=Zrestartuj Tor torlauncher.quit=Wyjście torlauncher.quit_win=Wyjście torlauncher.done=Gotowe torlauncher.forAssistance=By uzyskać pomoc, skontaktuj się +torlauncher.copiedNLogMessages=Kopia zakończona. %S logi Tora są gotowe do wklejenia do notatnika lub wiadomości email. + torlauncher.bootstrapStatus.conn_dir=Podłączanie do katalogu węzłów torlauncher.bootstrapStatus.handshake_dir=Ustanawianie szyfrowanego połączenia z katalogiem torlauncher.bootstrapStatus.requesting_status=Odczytywanie stanu sieci diff --git a/src/chrome/locale/pms/network-settings.dtd b/src/chrome/locale/pms/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/pms/network-settings.dtd +++ b/src/chrome/locale/pms/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/pms/torlauncher.properties b/src/chrome/locale/pms/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/pms/torlauncher.properties +++ b/src/chrome/locale/pms/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ps/network-settings.dtd b/src/chrome/locale/ps/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ps/network-settings.dtd +++ b/src/chrome/locale/ps/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ps/torlauncher.properties b/src/chrome/locale/ps/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ps/torlauncher.properties +++ b/src/chrome/locale/ps/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/pt-BR/network-settings.dtd b/src/chrome/locale/pt-BR/network-settings.dtd index 254e1cc..b78b35c 100644 --- a/src/chrome/locale/pt-BR/network-settings.dtd +++ b/src/chrome/locale/pt-BR/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Não"> <!ENTITY torSettings.firstQuestion "Quais opções descrevem melhor a sua situação?"> -<!ENTITY torSettings.configurePrompt1 "A conexão Internet deste computador foi censurada, filtrada ou limitada por um proxy."> -<!ENTITY torSettings.configurePrompt2 "Eu preciso configurar o bridge, firewall ou opções de proxy."> +<!ENTITY torSettings.configurePrompt1 "A conexão internet deste computador encontra-se sob censura ou proxy."> +<!ENTITY torSettings.configurePrompt2 "É preciso configurar bridge ou "> <!ENTITY torSettings.configure "Configurar"> <!ENTITY torSettings.connectPrompt2 "Eu gostaria de me conectar diretamente à rede Tor."> <!ENTITY torSettings.connectPrompt3 "Isso funcionará na maioria dos casos."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Caso você não tenha certeza sobre como responder a essa questão, consulte as configurações de rede em um outro browser para saber se ele está configurado para usar um proxy."> <!ENTITY torSettings.enterProxy "Insira as configurações de proxy."> -<!ENTITY torSettings.firewallQuestion "A conexão Internet deste computador é filtrada por uma firewall que autoriza conexões somente a certas portas?"> -<!ENTITY torSettings.firewallHelp "Se você não tiver certeza sobre como responder a esta questão, escolha Não. Em caso de dificuldades de conexão à rede Tor, modifique esta configuração."> -<!ENTITY torSettings.enterFirewall "Insira, separando-as por vírgulas, uma lista de portas habilitadas pelo firewall. "> <!ENTITY torSettings.bridgeQuestion "Seu provedor de serviços de internet (ISP) bloqueia ou censura conexões à rede Tor?"> <!ENTITY torSettings.bridgeHelp "Se você não estiver seguro sobre como responder a essa questão, escolha Não . Se você escolher Sim, será preciso configurar pontes Tor, que são retransmissores não-listados que dificultam possíveis bloqueios à rede Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "Você pode usar o conjunto de pontes fornecidas ou obter e adicionar um conjunto de pontes personalizadas. "> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Através da Web"> <!ENTITY torsettings.bridgeHelp2 "Use um navegador internet para visitar https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Através do Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Envie um e-mail para bridges(a)torproject.org com a mensagem 'get bridges'. . Contudo, para tornar mais difícil para um invasor descobrir uma grande quantidade de endereços de pontes, esse pedido deve ser enviado de uma conta gmail.com ou yahoo.com."> -<!ENTITY torsettings.bridgeHelp4Heading "Através do "> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Envie um e-mail para bridges(a)torproject.org com a mensagem 'get bridges'.  Contudo, para tornar mais difícil para um invasor descobrir uma grande quantidade de endereços, você deve enviar esse pedido a partir de um dos seguintes provedores de e-mail (listados em ordem de preferência)."> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> +<!ENTITY torsettings.bridgeHelp4Heading "Pelo serviço de assistência"> <!ENTITY torsettings.bridgeHelp4 "Como última opção, você pode solicitar endereços de pontes enviando uma mensagem de e-mail educada para help(a)rt.torproject.org. . Note que uma pessoa terá que responder a cada solicitação"> diff --git a/src/chrome/locale/pt-BR/torlauncher.properties b/src/chrome/locale/pt-BR/torlauncher.properties index fd5a15f..0741ccb 100644 --- a/src/chrome/locale/pt-BR/torlauncher.properties +++ b/src/chrome/locale/pt-BR/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Inicializador do Tor -torlauncher.tor_exited=Tor fechou inesperadamente. -torlauncher.tor_connection_lost=Sua conexão à rede Tor foi interrompida. +torlauncher.tor_exited=O Tor fechou inesperadamente. Isso pode ser devido a um bug no Tor em si, a um outro programa no seu sistema, ou a um problema com o equipamento. O navegador Tor não poderá acessar nenhum website até que você o reinicie. Se o problema persistir, por favor envie uma cópia do seu Tor Log para a equipe responsável pela assistência. +torlauncher.tor_exited2=Ao reiniciar o Tor, as abas do seu navegador não serão fechadas. torlauncher.tor_controlconn_failed=Não foi possível conectar-se à porta de controle do Tor. torlauncher.tor_failed_to_start=Falha ao iniciar Tor. torlauncher.tor_control_failed=Falha ao receber controle do Tor. @@ -30,20 +30,22 @@ torlauncher.error_bridge_bad_default_type=Entre as pontes fornecidas que têm o torlauncher.recommended_bridge=(recomendado) torlauncher.connect=Conectar -torlauncher.reconnect=Reconectar +torlauncher.restart_tor=Reiniciar o Tor torlauncher.quit=Encerrar torlauncher.quit_win=Sair torlauncher.done=Terminado torlauncher.forAssistance=Para assistência, contacte +torlauncher.copiedNLogMessages=Cópia concluída. As mensagens %S do Tor log estão prontas para ser copiadas em um editor de texto ou em uma mensagem de e-mail. + torlauncher.bootstrapStatus.conn_dir=Conectando a um diretório de retransmissores torlauncher.bootstrapStatus.handshake_dir=Estabelecendo uma conexão de diretório criptografada torlauncher.bootstrapStatus.requesting_status=Recebendo estado da rede torlauncher.bootstrapStatus.loading_status=Carregando estado da rede torlauncher.bootstrapStatus.loading_keys=Carregando certificados de autoridade torlauncher.bootstrapStatus.requesting_descriptors=Requisitando informações do retransmissor -torlauncher.bootstrapStatus.loading_descriptors=Carregando informações de servidor +torlauncher.bootstrapStatus.loading_descriptors=Carregando informações do retransmissor torlauncher.bootstrapStatus.conn_or=Conectando à rede Tor torlauncher.bootstrapStatus.handshake_or=Estabelecendo um circuito Tor torlauncher.bootstrapStatus.done=Conectado à rede Tor! diff --git a/src/chrome/locale/pt/network-settings.dtd b/src/chrome/locale/pt/network-settings.dtd index 1f5566e..6a469ec 100644 --- a/src/chrome/locale/pt/network-settings.dtd +++ b/src/chrome/locale/pt/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Não"> <!ENTITY torSettings.firstQuestion "Qual das seguintes frases melhor descreve a sua situação?"> -<!ENTITY torSettings.configurePrompt1 "A ligação à Internet deste computador está a ser censurada, filtrada ou utilizada através de um proxy."> -<!ENTITY torSettings.configurePrompt2 "Eu preciso de configurar o bridge, o firewall e as definições do proxy."> +<!ENTITY torSettings.configurePrompt1 "Esta ligação à Internet está censurada ou é através de um proxy."> +<!ENTITY torSettings.configurePrompt2 "Preciso de configurar a ponte ou as definições de proxy."> <!ENTITY torSettings.configure "Configurar"> <!ENTITY torSettings.connectPrompt2 "Gostaria de me ligar diretamente à rede Tor."> <!ENTITY torSettings.connectPrompt3 "Isto funciona na maior parte das situações."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Se não tem a certeza de como responder esta questão, olhe para as definições de Internet noutro navegador para ver se está configurado para usar um proxy."> <!ENTITY torSettings.enterProxy "Introduza as definições de proxy."> -<!ENTITY torSettings.firewallQuestion "A ligação à Internet deste computador atravessa uma firewall que só permite algumas ligações a certos portos?"> -<!ENTITY torSettings.firewallHelp "Se não tem a certeza de como responder esta questão, escolha Não. Se encontrar quaisquer problemas ao ligar-se à rede Tor, mude esta definição."> -<!ENTITY torSettings.enterFirewall "Introduza uma lista de portos separada por vírgulas que são permitidas pela firewall."> <!ENTITY torSettings.bridgeQuestion "O seu fornecedor de serviços de internet bloqueia ou censura ligações à rede Tor ?"> <!ENTITY torSettings.bridgeHelp "Se não tem a certeza de como responder a esta questão, escolha o Nº.  Se escolher Sim, vai-lhe ser pedido para configurar as Tor Bridges, que são pontos de passagem não listados mais difíceis de bloquear ligações à rede Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "Pode usar o conjunto de bridges pré-configurado fornecido, ou pode obter um conjunto de bridges personalizadas."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Pela rede"> <!ENTITY torsettings.bridgeHelp2 "Use um navegador internet para visitar https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Pelo respondedor de email automático"> -<!ENTITY torsettings.bridgeHelp3 "Envie um email para bridges(a)torproject.org com a linha 'get bridges' no próprio corpo da mensagem.  No entanto, para tornar mais difícil para um atacante apreender o conjunto de endereços de bridge, tem que enviar este pedido de uma conta gmail.com ou yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Enviar mensagem para bridges(a)torproject.org com a linha 'get bridges' sozinha no corpo da mensagem.  Contudo, para tornar mais difícil para os atacantes aprenderem sobre os endereços de pontes, tem de enviar a mensagem de um dos seguintes fornecedores de serviços de correio eletrónico (por esta ordem de preferência):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, ou https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Pelo Helpdesk"> <!ENTITY torsettings.bridgeHelp4 "Em último caso, pode pedir endereços bridge enviando um email cordial para help(a)rt.torproject.org.  Por favor tenha em conta que cada pedido será respondido por uma pessoa."> diff --git a/src/chrome/locale/pt/torlauncher.properties b/src/chrome/locale/pt/torlauncher.properties index 94a233f..78b4729 100644 --- a/src/chrome/locale/pt/torlauncher.properties +++ b/src/chrome/locale/pt/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Iniciador Tor -torlauncher.tor_exited=O Tor fechou-se insperadamente. -torlauncher.tor_connection_lost=A sua ligação à rede Tor perdeu-se. +torlauncher.tor_exited=O tor encerrou inesperadamente. Pode ser devido a erro dentro o Tor, noutro programa no seu sistema ou falha no equipamento. Até reiniciar, o Tor não será capaz de aceder a nenhum website. Se o problema persistir, por favor envie uma cópia do diário do seu Tor à equipa de assistência. +torlauncher.tor_exited2=Reiniciar o Tor não fecha os seus separadores. torlauncher.tor_controlconn_failed=Não foi possível ligar ao porto de controlo do Tor. torlauncher.tor_failed_to_start=O Tor falhou a inicialização. torlauncher.tor_control_failed=Falha ao tentar controlar o Tor @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Não há pontes disponíveis que tenha torlauncher.recommended_bridge=(recomendado) torlauncher.connect=Ligar -torlauncher.reconnect=Voltar a ligar +torlauncher.restart_tor=Reiniciar o Tor torlauncher.quit=Sair torlauncher.quit_win=Sair torlauncher.done=Completo torlauncher.forAssistance=Para assistência, contacte %S +torlauncher.copiedNLogMessages=Cópia completa. %S mensagens de diário estão prontas para ser coladas num editor de texto ou numa mensagem de correio eletrónico. + torlauncher.bootstrapStatus.conn_dir=A ligar ao diretório do retransmissor torlauncher.bootstrapStatus.handshake_dir=A estabelecer uma ligação de diretório encriptada torlauncher.bootstrapStatus.requesting_status=A obter o estado da rede diff --git a/src/chrome/locale/ro/network-settings.dtd b/src/chrome/locale/ro/network-settings.dtd index b2c90ff..cc07448 100644 --- a/src/chrome/locale/ro/network-settings.dtd +++ b/src/chrome/locale/ro/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nu"> <!ENTITY torSettings.firstQuestion "Care din următoarele descrie cel mai bine situația dvs?"> -<!ENTITY torSettings.configurePrompt1 "Conexiunea acestui computer la Internet este cenzurată, filtrată sau cu proxy."> -<!ENTITY torSettings.configurePrompt2 "Trebuie să configurez punte, firewall sau proxy."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configuraţi "> <!ENTITY torSettings.connectPrompt2 "Vreau sa ma conectez direct la reţeaua Tor ."> <!ENTITY torSettings.connectPrompt3 "Aceasta funcționează în cele mai multe situații."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Dacă nu sînteți siguri cum să răspundeți la întrebarea aceasta, uitați-vă la setările de Internet din alt browser pentru a vedea dacă este configurat să folosească un proxy."> <!ENTITY torSettings.enterProxy "Introduceţi setările pentru proxy ."> -<!ENTITY torSettings.firewallQuestion "Conexiunea la Internet a acestui computer iese printr-un firewall care permite doar conexiuni către anumite porturi?"> -<!ENTITY torSettings.firewallHelp "Dacă nu sînteți sigur cum să răspundeți la această întrebare, alegeți Nu. Dacă întîlniți probleme conectîndu-vă la rețeaua Tor, schimbați aceste setări."> -<!ENTITY torSettings.enterFirewall "Introduceți o listă separată cu virgule de porturi care sînt permise de firewall."> <!ENTITY torSettings.bridgeQuestion "Internet Service Providerul (ISP) dvs blochează sau cenzurează conexiunile către rețeaua Tor?"> <!ENTITY torSettings.bridgeHelp "Dacă nu sînteți sigur cum să răspundeți la această întrebare, alegeți Nu.  Dacă alegeți Da, vi se va cere să configurați punțile Tor, care sînt relayuri nelistate care fac mai dificilă blocarea conexiunilor la rețeaua Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "Puteți folosi setul de punți oferit sau puteți obține și introduce un set particular de punți."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Prin Web"> <!ENTITY torsettings.bridgeHelp2 "Folosiți un webbrowser pentru a vizita https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Prin email automat"> -<!ENTITY torsettings.bridgeHelp3 "Trimiteți email la bridges(a)torproject.org cu 'get bridges' singură în corpul mesajului.  Oricum, pentru a face mai greu pentru un atacator să afle multe adrese de punți, trebuie să trimiteți această cerere de la o adresă gmail.com sau yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Prin Help Desk"> <!ENTITY torsettings.bridgeHelp4 "Ca o ultimă soluție, puteți cere adrese de punți trimițînd un email politicos la help(a)rt.torproject.org.  Remarcați că o persoană trebuie să răspundă la fiecare cerere."> diff --git a/src/chrome/locale/ro/torlauncher.properties b/src/chrome/locale/ro/torlauncher.properties index adec424..cd61ca6 100644 --- a/src/chrome/locale/ro/torlauncher.properties +++ b/src/chrome/locale/ro/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Lansator Tor -torlauncher.tor_exited=Tor a ieșit în mod neașteptat. -torlauncher.tor_connection_lost=Conexiunea to cu rețeaua Tor s-a pierdut. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Nu sa putut conecta la portul de control Tor. torlauncher.tor_failed_to_start=Tor nu poate porni. torlauncher.tor_control_failed=Eșec să preiau controlul Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Nici una din punțile oferite care să torlauncher.recommended_bridge=(recomandat) torlauncher.connect=Conectare -torlauncher.reconnect=Reconectează +torlauncher.restart_tor=Repornește Tor torlauncher.quit=Revocare torlauncher.quit_win=Ieşire torlauncher.done=Gata torlauncher.forAssistance=Pentru asistență, contactați +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Conectare la un director relay torlauncher.bootstrapStatus.handshake_dir=Se stabileşte o conexiune criptată la director torlauncher.bootstrapStatus.requesting_status=Se obţin informaţii despre starea reţelei diff --git a/src/chrome/locale/ru/network-settings.dtd b/src/chrome/locale/ru/network-settings.dtd index 3cf9cd2..90857ae 100644 --- a/src/chrome/locale/ru/network-settings.dtd +++ b/src/chrome/locale/ru/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Нет"> <!ENTITY torSettings.firstQuestion "Что лучше описывает вашу ситуацию?"> -<!ENTITY torSettings.configurePrompt1 "Интернет-соединение этого компьютера цензурируется, фильтруется или находятся за прокси."> -<!ENTITY torSettings.configurePrompt2 "Мне требуется настроить мост, брандмауэр или прокси."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Настроить"> <!ENTITY torSettings.connectPrompt2 "Я бы хотел соединиться с сетью Tor напрямую."> <!ENTITY torSettings.connectPrompt3 "Это должно работать в большинстве ситуаций."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Если вы не знаете как отвечать, посмотрите в настройки другого браузера - прописан ли там прокси."> <!ENTITY torSettings.enterProxy "Введите настройки прокси."> -<!ENTITY torSettings.firewallQuestion "Защищено ли соединение брандмауэром, разрешающим связь только через некоторые порты?"> -<!ENTITY torSettings.firewallHelp "Если вы не уверены как отвечать, выберите нет. Если возникнут проблемы соединения с сетью Tor, измените эту настройку."> -<!ENTITY torSettings.enterFirewall "Введите список портов через запятую, которые брандмауэр не блокирует."> <!ENTITY torSettings.bridgeQuestion "Ваш провайдер (ISP) блокирует или как-либо цензурирует подключения к сети Tor?"> <!ENTITY torSettings.bridgeHelp "Если вы не знаете, как ответить на этот вопрос, выбирайте Нет.  Если вы выберете Да, вас попросят настроить мосты Tor, которые являются неопубликованными маршрутизаторами, что затрудняет их блокировку."> <!ENTITY torSettings.bridgeSettingsPrompt "Вы можете использовать предопределенный набор мостов или получить и ввести список мостов вручную."> @@ -29,7 +26,7 @@  <!ENTITY torsettings.startingTor "Ожидание запуска Tor..."> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "Перезапустить Tor"> <!ENTITY torsettings.optional "Необязательно"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Из Веб"> <!ENTITY torsettings.bridgeHelp2 "Откройте в веб-браузере https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Через автоответчик электронной почты"> -<!ENTITY torsettings.bridgeHelp3 "Отправьте письмо по адресу bridges(a)torproject.org со строкой 'get bridges' в теле сообщения.  Однако чтобы усложнить сбор атакующими адресов всех мостов, от Вас требуется отправить запрос с адреса gmail.com или yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, или https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "В справочной службе"> <!ENTITY torsettings.bridgeHelp4 "В крайнем случае, Вы можете вежливо попросить адреса мостов по адресу help(a)rt.torproject.org.  Пожалуйста, имейте в виду, что каждый запрос обрабатывается человеком."> diff --git a/src/chrome/locale/ru/torlauncher.properties b/src/chrome/locale/ru/torlauncher.properties index ba61f55..20e6134 100644 --- a/src/chrome/locale/ru/torlauncher.properties +++ b/src/chrome/locale/ru/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Загрузчик Tor -torlauncher.tor_exited=Tor неожиданно завершился. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Невозможно соединиться с портом управления Tor. torlauncher.tor_failed_to_start=Невозможно запустить Tor. torlauncher.tor_control_failed=Не удалось взять контроль над Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Предопределенные мо torlauncher.recommended_bridge=(рекомендуемый) torlauncher.connect=Соединиться -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Перезапустить Tor torlauncher.quit=Выйти torlauncher.quit_win=Выход torlauncher.done=Готово torlauncher.forAssistance=Для помощи свяжитесь с %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Подключение к каталогy ретрансляторов torlauncher.bootstrapStatus.handshake_dir=Создание шифрованного соединения каталогa torlauncher.bootstrapStatus.requesting_status=Получение статуса сети diff --git a/src/chrome/locale/ru(a)petr1708/network-settings.dtd b/src/chrome/locale/ru(a)petr1708/network-settings.dtd index bf31d5d..1e4c8b2 100644 --- a/src/chrome/locale/ru(a)petr1708/network-settings.dtd +++ b/src/chrome/locale/ru(a)petr1708/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Нет"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ru(a)petr1708/torlauncher.properties b/src/chrome/locale/ru(a)petr1708/torlauncher.properties index fb8d310..77dc4e7 100644 --- a/src/chrome/locale/ru(a)petr1708/torlauncher.properties +++ b/src/chrome/locale/ru(a)petr1708/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(рекомендуется) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/sco/network-settings.dtd b/src/chrome/locale/sco/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/sco/network-settings.dtd +++ b/src/chrome/locale/sco/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/sco/torlauncher.properties b/src/chrome/locale/sco/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/sco/torlauncher.properties +++ b/src/chrome/locale/sco/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/si-LK/network-settings.dtd b/src/chrome/locale/si-LK/network-settings.dtd index fbd30da..6312948 100644 --- a/src/chrome/locale/si-LK/network-settings.dtd +++ b/src/chrome/locale/si-LK/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "නැත"> <!ENTITY torSettings.firstQuestion "පහත සදහන් කුමක් ඔබගේ තත්ත්වය හොදින්ම විස්තර කරයිද?"> -<!ENTITY torSettings.configurePrompt1 "මෙම පරිගණකයේ අන්තර්ජාල සැකසුම වාරණයට ලක්වී, පෙරීමකට ලක්වී හෝ නියුතු සේවා දායකයෙකුට ලක්ව ඇත."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "වින්‍යාස කරන්න"> <!ENTITY torSettings.connectPrompt2 "මම ඍජුවම Tor ජාලය හා සම්බන්ධ වීමට කැමතිය."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "ඔබට මෙම ප්‍රශ්නයට පිළිතුරු දෙන්නේ කෙසේද යන්න විශ්වාස නැත්නම්, වෙනත් browser එකක අන්තජාල සැකසුම් නියුතු සේවාදායකයෙක් සදහා වින්‍යාස කර ඇත්දැයි බලන්න"> <!ENTITY torSettings.enterProxy "නියුතු සේවාදායක සැකසුම් ඇතුළත් කරන්න"> -<!ENTITY torSettings.firewallQuestion "මෙම පරිගණකයේ අන්තර්ජාල සබැදියාව විශේෂිත ports සදහා ඉඩදෙන පරිදි firewall එකක් හරහා ගමන් කරනවාද?"> -<!ENTITY torSettings.firewallHelp "ඔබට මෙම ප්‍රශ්නයට පිළිතුරු දෙන්නේ කෙසේද යන්න විශ්වාස නැත්නම්, නැත යන්න තෝරන්න. Tor ජාලයට සම්බන්ධ වීමේදී ඔබට ගැටළු මතුවේ නම් මෙම සැකසුම වෙනස් කරන්න"> -<!ENTITY torSettings.enterFirewall "firewall එක හරහා යාමට ඉඩදෙන ports වල ලැයිස්තුවක් කොමා වලින් වෙන්කර ඇතුළත් කරන්න."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/si-LK/torlauncher.properties b/src/chrome/locale/si-LK/torlauncher.properties index 9884689..a132cff 100644 --- a/src/chrome/locale/si-LK/torlauncher.properties +++ b/src/chrome/locale/si-LK/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor පුරනය -torlauncher.tor_exited=Tor අනපේක්ෂිත ලෙස නැතිවිය. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Tor පාලක පොර්ටයට සම්බන්ධ විය නොහැක. torlauncher.tor_failed_to_start=Tor ආරම්භ කිරීමට අපොහොසත්ය. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=සම්බන්ධ වෙන්න -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=ඉවත් වෙන්න torlauncher.quit_win=අයින් වන්න torlauncher.done=කරන ලදී torlauncher.forAssistance=සහය සදහා, සම්බන්ධ වන්න%S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=ප්‍රතියෝජක ඩිරෙක්ටරියකට සබදෙමින් torlauncher.bootstrapStatus.handshake_dir=සංකේත කරන ලද ඩිරෙක්ටරි සබැදුමක් ස්ථාපනය කරමින් torlauncher.bootstrapStatus.requesting_status=ජාල තත්වය සමුධ්රණය කරමින් diff --git a/src/chrome/locale/sk-SK/network-settings.dtd b/src/chrome/locale/sk-SK/network-settings.dtd index b5d9fe5..10ddb55 100644 --- a/src/chrome/locale/sk-SK/network-settings.dtd +++ b/src/chrome/locale/sk-SK/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nie"> <!ENTITY torSettings.firstQuestion "Ktorá z nasledujúcich situácií najlepšie popisuje vašu?"> -<!ENTITY torSettings.configurePrompt1 "Pripojenie tohto počítača je cenzurované, filtrované alebo vedené cez proxy."> -<!ENTITY torSettings.configurePrompt2 "Potrebujem nastaviť premostenie, firewall alebo proxy."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Konfigurovať"> <!ENTITY torSettings.connectPrompt2 "Rád by som sa pripojil priamo do siete Tor."> <!ENTITY torSettings.connectPrompt3 "Toto by vo väčšine prípadov malo fungovať."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Ak si nie ste istý odpoveďou na túto otázku, skontrolujte nastavenia Internetu v inom prehliadači, aby ste zistili, či je nastavený pre použitie proxy."> <!ENTITY torSettings.enterProxy "Zadajte nastavenia proxy."> -<!ENTITY torSettings.firewallQuestion "Je pripojenie tohto počítača na Internet vedené cez firewall, ktorý povoľuje spojenia len na určité porty?"> -<!ENTITY torSettings.firewallHelp "Ak neviete, ako máte odpovedať na túto otázku, zvoľte Nie. Ak sa vyskytne problém s pripojením do siete Tor, zmeňte toto nastavenie."> -<!ENTITY torSettings.enterFirewall "Zadajte čísla portov oddelené medzerou, ktoré sú povolené na firewalle."> <!ENTITY torSettings.bridgeQuestion "Blokuje váš poskytovateľ internetového pripojenia (ISP) alebo inak cenzuruje pripojenia do siete Tor Network?"> <!ENTITY torSettings.bridgeHelp "Ak si nie ste istí, ako odpovedať, zvoľte Nie.  Ak zvolíte Áno, bude potrebné nakonfigurovať Tor Bridges, čo sú nikde nezapísané relé, použitie ktorých robí blokovanie pripojenia do Tor Network ešte obtiažnejším."> <!ENTITY torSettings.bridgeSettingsPrompt "Môžete použiť dodanú sadu premostení alebo si môžete zaobstarať a zadať vlastnú sadu premostení."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Navštívte https://bridges.torproject.org pomocou webového prehliadača"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Odošlite e-mail na bridges(a)torproject.org, ktorý v správe na samostatnom riadku obsahuje 'get bridges'.  Aby však bolo získanie adries premostenia pre útočníka ťažšie, musíte vašu požiadavku poslať z e-mailovej adresa na gmail.com alebo yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "Ako posledné východisko, môžete poslať milý e-mail na help(a)rt.torproject.org a požiadať o adresy premostenia.  Berte, prosím, na vedomie, že niekto bude musieť na každú požiadavku samostatne reagovať."> diff --git a/src/chrome/locale/sk-SK/torlauncher.properties b/src/chrome/locale/sk-SK/torlauncher.properties index d588f70..076255c 100644 --- a/src/chrome/locale/sk-SK/torlauncher.properties +++ b/src/chrome/locale/sk-SK/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor sa nečakane vypol. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Nepodarilo sa spustiť Tor. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Pripojiť -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Reštartovať Tor torlauncher.quit=Quit torlauncher.quit_win=Ukončiť torlauncher.done=Hotovo torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/sk/network-settings.dtd b/src/chrome/locale/sk/network-settings.dtd index 500be4d..812f4f1 100644 --- a/src/chrome/locale/sk/network-settings.dtd +++ b/src/chrome/locale/sk/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nie"> <!ENTITY torSettings.firstQuestion "Ktoré z nasledujúcich možností najlepšie opisuje Vašu situáciu?"> -<!ENTITY torSettings.configurePrompt1 "Internetové pripojenie tohto počítača je cenzurované, filtrované alebo sprostredkované."> -<!ENTITY torSettings.configurePrompt2 "Potrebujem nakonfigurovať nastavenia mostu, firewallu alebo proxy."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Konfigurácia"> <!ENTITY torSettings.connectPrompt2 "Chcem sa pripojiť priamo do siete Tor."> <!ENTITY torSettings.connectPrompt3 "Toto bude vo väčšine prípadov fungovať."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Ak si nieste istý ako odpovedať na túto otázku, pozrite sa či máte nastavené používanie proxy v inom Internetovom prehliadači."> <!ENTITY torSettings.enterProxy "Vstúpiť do nastavení proxy."> -<!ENTITY torSettings.firewallQuestion "Používa Internetové pripojenie tohto počítača bránu firewall, ktorá povoľuje pripojenia len na niektoré porty?"> -<!ENTITY torSettings.firewallHelp "Ak si nieste istý ako odpovedať na túto otázku, zvoľte Nie. Ak narazíte na problémy s pripojením do siete Tor, zmeňte toto nastavenie."> -<!ENTITY torSettings.enterFirewall "Vložte zoznam portov oddelený čiarkou, ktoré sú povolené firewallom."> <!ENTITY torSettings.bridgeQuestion "Blokuje alebo nejak cenzuruje váš Poskytovateľ Internetu (ISP) pripojenia k Sieti Tor?"> <!ENTITY torSettings.bridgeHelp "Ak ste si nie istý ako zodpovedať túto otázku, zvoľte Nie.  Ak zvolíte Áno, budete vyzvaný na konfiguráciu Mostov Toru, čo sú nezaradené relé značne sťažujúce blokovanie pripojení k Sieti Tor."> <!ENTITY torSettings.bridgeSettingsPrompt "Môžete použiť poskytnutú sadu mostov alebo získať a vložiť vlastnú sadu."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Cez Web"> <!ENTITY torsettings.bridgeHelp2 "Použite webový prehliadač na navštívenie https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Cez Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Pošlite email na adresu bridges(a)torproject.org obsahujúcu jeden riadok 'get bridges' ako telo správy.  Avšak, aby bolo pre útočníkov náročnejšie odhaliť veľa mostových adries, musíte túto žiadosť poslať z emailovej adresy gmail.com alebo yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Cez Help Desk"> <!ENTITY torsettings.bridgeHelp4 "Ako poslednú možnosť si môžete vyžiadať adresy mostov zaslaním zdvorilého emailu na adresu help(a)rt.torproject.org.  Prosíme berte na vedomie, že príslušná osoba musí odpovedať na každú jednu podobnú žiadosť."> diff --git a/src/chrome/locale/sk/torlauncher.properties b/src/chrome/locale/sk/torlauncher.properties index 3bbcfcf..2280de6 100644 --- a/src/chrome/locale/sk/torlauncher.properties +++ b/src/chrome/locale/sk/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Spúšťač Tor -torlauncher.tor_exited=Tor bol neočakávane ukončený. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Nepodarilo sa pripojiť ku kontrolnému portu Tor. torlauncher.tor_failed_to_start=Tor sa nepodarilo spustiť. torlauncher.tor_control_failed=Nepodarilo sa prevziať kontrolu nad Torom. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Žiadne poskytnuté mosty nemajú dost torlauncher.recommended_bridge=(odporúčané) torlauncher.connect=Pripojiť -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Ukončiť torlauncher.quit_win=Ukončiť torlauncher.done=Hotovo torlauncher.forAssistance=Pre podporu kontaktujte %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/sl-SI/network-settings.dtd b/src/chrome/locale/sl-SI/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/sl-SI/network-settings.dtd +++ b/src/chrome/locale/sl-SI/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/sl-SI/torlauncher.properties b/src/chrome/locale/sl-SI/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/sl-SI/torlauncher.properties +++ b/src/chrome/locale/sl-SI/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/sl/network-settings.dtd b/src/chrome/locale/sl/network-settings.dtd index 5d461aa..6f3da1a 100644 --- a/src/chrome/locale/sl/network-settings.dtd +++ b/src/chrome/locale/sl/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Ne"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/sl/torlauncher.properties b/src/chrome/locale/sl/torlauncher.properties index 11d70c8..c1f7981 100644 --- a/src/chrome/locale/sl/torlauncher.properties +++ b/src/chrome/locale/sl/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor zaganjalnik -torlauncher.tor_exited=Tor je se je nepredvideno zaustavil. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Povezava na Tor nadzorna vrata ni uspela. torlauncher.tor_failed_to_start=Tor se ni zagnal. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Poveži -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Zapusti torlauncher.quit_win=Izhod torlauncher.done=Končano torlauncher.forAssistance=Za pomoč, vzpostavite stik z %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/sn/network-settings.dtd b/src/chrome/locale/sn/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/sn/network-settings.dtd +++ b/src/chrome/locale/sn/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/sn/torlauncher.properties b/src/chrome/locale/sn/torlauncher.properties index 3d2d4e7..6e5b1e9 100644 --- a/src/chrome/locale/sn/torlauncher.properties +++ b/src/chrome/locale/sn/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Buda torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/so/network-settings.dtd b/src/chrome/locale/so/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/so/network-settings.dtd +++ b/src/chrome/locale/so/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/so/torlauncher.properties b/src/chrome/locale/so/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/so/torlauncher.properties +++ b/src/chrome/locale/so/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/son/network-settings.dtd b/src/chrome/locale/son/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/son/network-settings.dtd +++ b/src/chrome/locale/son/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/son/torlauncher.properties b/src/chrome/locale/son/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/son/torlauncher.properties +++ b/src/chrome/locale/son/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/sq/network-settings.dtd b/src/chrome/locale/sq/network-settings.dtd index d3d0ac3..89b8a33 100644 --- a/src/chrome/locale/sq/network-settings.dtd +++ b/src/chrome/locale/sq/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Jo"> <!ENTITY torSettings.firstQuestion "Cila nga këto i përshtatet më shumë situatës tuaj aktuale?"> -<!ENTITY torSettings.configurePrompt1 "Lidhja internet e këtij kompjuteri është e censuruar, e filtruar ose me përfaqësim."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Konfiguro"> <!ENTITY torSettings.connectPrompt2 "Do të dëshiroja të lidhesha direkt me rrjetin Tor."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Nëse nuk jeni i sigurt si ti përgjigjeni kësaj pyetjeje, shikoni parametrat e internetit në një shfletues tjetër të këtij kompjuteri për të parë nëse është konfiguruar që të përdorë përfaqësues 'proxy'."> <!ENTITY torSettings.enterProxy "Jepni parametrat e përfaqësimit 'proxy'."> -<!ENTITY torSettings.firewallQuestion "A kalon lidhja internet e këtij kompjuteri nëpërmjet ndonjë mbrojtesi 'firewall' i cili lejon lidhje vetëm në disa porta?"> -<!ENTITY torSettings.firewallHelp "Nëse nuk jeni i sigurt si ti përgjigjeni kësaj pyetjeje, zgjidhni JO. Nëse keni probleme gjatë lidhjes me rrjetin Tor, kthehuni këtu dhe ndryshoni këtë parametër."> -<!ENTITY torSettings.enterFirewall "Jepni një listë të portave të lejuara nga mbrojtësi 'firewall', të ndarë me presje."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/sq/torlauncher.properties b/src/chrome/locale/sq/torlauncher.properties index 1c0489b..0b3ae2d 100644 --- a/src/chrome/locale/sq/torlauncher.properties +++ b/src/chrome/locale/sq/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Lidhu -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Dil torlauncher.quit_win=Dil torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/sr/network-settings.dtd b/src/chrome/locale/sr/network-settings.dtd index b01fedf..0fb1cbf 100644 --- a/src/chrome/locale/sr/network-settings.dtd +++ b/src/chrome/locale/sr/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "NE"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/sr/torlauncher.properties b/src/chrome/locale/sr/torlauncher.properties index f7eef46..02ae889 100644 --- a/src/chrome/locale/sr/torlauncher.properties +++ b/src/chrome/locale/sr/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Тоr Покретач -torlauncher.tor_exited=Tor се неочекивано искључио -torlauncher.tor_connection_lost=Ваша веза са Tor мрежом је изгубљена +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Повезивање на Tor port није успело torlauncher.tor_failed_to_start=Tor није успео да се покрене torlauncher.tor_control_failed=Неуспело преузимање контроле над Tor-om @@ -25,18 +25,20 @@ torlauncher.error_proxy_addr_missing=Морате навести IP адресу torlauncher.error_proxy_type_missing=Morate izabrati tip proxya. torlauncher.error_bridges_missing=Morate odrediti jedan ili vise mostova torlauncher.error_default_bridges_type_missing=Морате да одаберете тип транспорта за обезбеђене мостове -torlauncher.error_bridge_bad_default_type=No provided bridges that have the transport type %S are available. Please adjust your settings. +torlauncher.error_bridge_bad_default_type=Не постоје услови да мостови који имају тип транспорта %S буду доступни. Молимо Вас да прилагодите поставке. torlauncher.recommended_bridge=(препоручено) torlauncher.connect=Повежи се -torlauncher.reconnect=Поново се повежи +torlauncher.restart_tor=Restart Tor torlauncher.quit=Искључити torlauncher.quit_win=Излаз torlauncher.done=Gotovo torlauncher.forAssistance=За помоћ контактирајте %Ѕ +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Повезивање са релеј директоријумом torlauncher.bootstrapStatus.handshake_dir=Успостављање шифроване везе директоријума torlauncher.bootstrapStatus.requesting_status=Преузимање мрежног статуса diff --git a/src/chrome/locale/sr(a)latin/network-settings.dtd b/src/chrome/locale/sr(a)latin/network-settings.dtd index d1bf809..840c452 100644 --- a/src/chrome/locale/sr(a)latin/network-settings.dtd +++ b/src/chrome/locale/sr(a)latin/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Ne"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/sr(a)latin/torlauncher.properties b/src/chrome/locale/sr(a)latin/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/sr(a)latin/torlauncher.properties +++ b/src/chrome/locale/sr(a)latin/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/st/network-settings.dtd b/src/chrome/locale/st/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/st/network-settings.dtd +++ b/src/chrome/locale/st/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/st/torlauncher.properties b/src/chrome/locale/st/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/st/torlauncher.properties +++ b/src/chrome/locale/st/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/su/network-settings.dtd b/src/chrome/locale/su/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/su/network-settings.dtd +++ b/src/chrome/locale/su/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/su/torlauncher.properties b/src/chrome/locale/su/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/su/torlauncher.properties +++ b/src/chrome/locale/su/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/sv/network-settings.dtd b/src/chrome/locale/sv/network-settings.dtd index 32f8bec..3f71c94 100644 --- a/src/chrome/locale/sv/network-settings.dtd +++ b/src/chrome/locale/sv/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Nej"> <!ENTITY torSettings.firstQuestion "Vilket av följande beskriver bäst din situation?"> -<!ENTITY torSettings.configurePrompt1 "Denna dators internetanslutning är censurerad, filtrerad, eller bakom en proxy."> -<!ENTITY torSettings.configurePrompt2 "Jag behöver konfigurera brygg-, brandvägg- eller proxyinställningar."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Konfigurera"> <!ENTITY torSettings.connectPrompt2 "Jag vill ansluta direkt till Tor-nätverket."> <!ENTITY torSettings.connectPrompt3 "Detta fungerar i de flesta situationer."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Om du är osäker på hur du ska svara på denna fråga, titta efter i Internet-inställningarna i en annan webbläsare för att se om den är konfigurerad att använda en proxy."> <!ENTITY torSettings.enterProxy "Ange proxyinställningarna."> -<!ENTITY torSettings.firewallQuestion "Ansluter den här datorn till Internet genom en brandvägg som bara tillåter anslutningar på vissa specifika portar?"> -<!ENTITY torSettings.firewallHelp "Om du är osäker på hur du ska svara på denna fråga, välj Nej. Om du då får problem med att ansluta till Tor-nätverket, ändra denna inställning till Ja."> -<!ENTITY torSettings.enterFirewall "Ange en komma-separerad lista över portar som brandväggen tillåter."> <!ENTITY torSettings.bridgeQuestion "Blockerar eller censurerar din internetleverantör anslutningar till Tor-nätverket?"> <!ENTITY torSettings.bridgeHelp "Om du är osäker på hur du ska svara på den här frågan, välj Nej.  Om du väljer Ja kommer du ombes att konfigurera Tor-bryggor, vilka är olistade reläer som gör det svårare att blockera anslutningar till Tor-nätverket."> <!ENTITY torSettings.bridgeSettingsPrompt "Du kan använda de förkonfigurerade bryggorna, eller skaffa och ange bryggor själv."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Via nätet"> <!ENTITY torsettings.bridgeHelp2 "Använd en webbläsare för att besöka https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Via e-post autosvar"> -<!ENTITY torsettings.bridgeHelp3 "Skicka ett e-post meddelande till bridges(a)torproject.org med endast raden "get bridges" i texten.  Emellertid, för att göra det svårare för en angripare är ta reda på en massa bryggadresser, måste du skicka detta meddelande från ett gmail.com eller yahoo.com konto."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Via supporten"> <!ENTITY torsettings.bridgeHelp4 "Som en sista utväg kan du skicka ett artigt e-post meddelande på engelska till help(a)rt.torproject.org, och fråga efter bryggadresser.  Tänk på att en person måste svara på varje sådan förfrågan."> diff --git a/src/chrome/locale/sv/torlauncher.properties b/src/chrome/locale/sv/torlauncher.properties index 9397a1e..d23b5e7 100644 --- a/src/chrome/locale/sv/torlauncher.properties +++ b/src/chrome/locale/sv/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor stängdes av oväntat. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Kunde inte ansluta till Tors kontrollport. torlauncher.tor_failed_to_start=Uppstart av Tor misslyckades. torlauncher.tor_control_failed=Misslyckades med att ta kontroll över Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Det finns inga förkonfigurerade brygg torlauncher.recommended_bridge=(rekommenderas) torlauncher.connect=Anslut -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Avsluta torlauncher.quit_win=Stäng torlauncher.done=Klar torlauncher.forAssistance=För assistans, kontakta %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Ansluter till en reläkatalog torlauncher.bootstrapStatus.handshake_dir=Skapar en krypterad kataloganslutning torlauncher.bootstrapStatus.requesting_status=Hämtar nätverksstatus diff --git a/src/chrome/locale/sw/network-settings.dtd b/src/chrome/locale/sw/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/sw/network-settings.dtd +++ b/src/chrome/locale/sw/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/sw/torlauncher.properties b/src/chrome/locale/sw/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/sw/torlauncher.properties +++ b/src/chrome/locale/sw/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/szl/network-settings.dtd b/src/chrome/locale/szl/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/szl/network-settings.dtd +++ b/src/chrome/locale/szl/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/szl/torlauncher.properties b/src/chrome/locale/szl/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/szl/torlauncher.properties +++ b/src/chrome/locale/szl/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ta/network-settings.dtd b/src/chrome/locale/ta/network-settings.dtd index 3671894..10b38ab 100644 --- a/src/chrome/locale/ta/network-settings.dtd +++ b/src/chrome/locale/ta/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "இல்லை"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "கட்டமைக்க"> <!ENTITY torSettings.connectPrompt2 "நான் Tor வலையமைப்பில் நேரடியாக இணைக்க விரும்புகிறேன்."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ta/torlauncher.properties b/src/chrome/locale/ta/torlauncher.properties index 299f992..079d758 100644 --- a/src/chrome/locale/ta/torlauncher.properties +++ b/src/chrome/locale/ta/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor துவக்கி -torlauncher.tor_exited=Tor எதிர்பாராத விதமாக வெளியேறிவிட்டது. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Tor கட்டுப்பாட்டு துறையை இணைக்க முடியவில்லை. torlauncher.tor_failed_to_start=Tor தொடங்க முடியவில்லை. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=இணைக்க -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=விடுவி torlauncher.quit_win=வெளியேறு torlauncher.done=முடிந்தது torlauncher.forAssistance=உதவிக்கு, தொடர்பு கொள்ளுங்கள் %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/te-IN/network-settings.dtd b/src/chrome/locale/te-IN/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/te-IN/network-settings.dtd +++ b/src/chrome/locale/te-IN/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/te-IN/torlauncher.properties b/src/chrome/locale/te-IN/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/te-IN/torlauncher.properties +++ b/src/chrome/locale/te-IN/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/te/network-settings.dtd b/src/chrome/locale/te/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/te/network-settings.dtd +++ b/src/chrome/locale/te/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/te/torlauncher.properties b/src/chrome/locale/te/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/te/torlauncher.properties +++ b/src/chrome/locale/te/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/tg/network-settings.dtd b/src/chrome/locale/tg/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/tg/network-settings.dtd +++ b/src/chrome/locale/tg/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/tg/torlauncher.properties b/src/chrome/locale/tg/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/tg/torlauncher.properties +++ b/src/chrome/locale/tg/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/th/network-settings.dtd b/src/chrome/locale/th/network-settings.dtd index 3781102..53b0202 100644 --- a/src/chrome/locale/th/network-settings.dtd +++ b/src/chrome/locale/th/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "ไม่ใช่"> <!ENTITY torSettings.firstQuestion "สิ่งต่อไปนี้อันไหนบ้างที่บรรยายลักษณะสถานการณ์ของคุณ"> -<!ENTITY torSettings.configurePrompt1 "การเชื่อมต่ออินเตอร์เน็ตของคอมพิวเตอร์เครื่องนี้ได้ถูกเซ็นเซอร์ ถูกกรอง หรือใช้งานผ่านพร็อกซี"> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "ปรับแต่ง"> <!ENTITY torSettings.connectPrompt2 "ฉันอยากจะเชื่อมต่อโดยตรงกับเครือข่าย Tor"> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "ถ้าคุณไม่แน่ใจว่าจะตอบคำถามนี้ยังไง ให้ดูค่าติดตั้งอินเทอร์เน็ตในโปรแกรมอื่นๆว่าถูกตั้งค่าให้ใช้พร็อกซีหรือไม่"> <!ENTITY torSettings.enterProxy "ใส่ค่าติดตั้งพร็อกซี"> -<!ENTITY torSettings.firewallQuestion "คอมพิวเตอร์เครื่องนี้ใช้งานผ่านไฟร์วอลล์ที่ยินยอมที่จะให้เชื่อมต่อกับบางพอร์ตเท่านั้นหรือไม่?"> -<!ENTITY torSettings.firewallHelp "ถ้าคุณไม่แน่ใจว่าจะตอบคำถามยังไงให้เลือก "ไม่" ถ้าคุณประสบปัญหาในการเชื่อมต่อกับเครือข่าย Tor ให้กลับมาเปลี่ยนค่าติดตั้งนี้"> -<!ENTITY torSettings.enterFirewall "ใส่รายการพอร์ตที่ไฟร์วอลล์อนุญาตโดยคั่นด้วยเครื่องหมายจุลภาค"> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/th/torlauncher.properties b/src/chrome/locale/th/torlauncher.properties index 3691169..f5ac6d9 100644 --- a/src/chrome/locale/th/torlauncher.properties +++ b/src/chrome/locale/th/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=ตัวเปิด Tor -torlauncher.tor_exited=Tor ออกจากโปรแกรมโดยไม่คาดคิด -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=ไม่สามารถเชื่อมต่อกับพอร์ตควบคุมของ Tor ได้ torlauncher.tor_failed_to_start=การเริ่ม Tor ล้มเหลว torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=เชื่อมต่อ -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=ออก torlauncher.quit_win=ออก torlauncher.done=สำเร็จ torlauncher.forAssistance=ต้องการคำแนะนำ ติดต่อ %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=กำลังเชื่อมต่อกับ คลังเก็บรายชื่อ relay (relay directory) torlauncher.bootstrapStatus.handshake_dir=กำลังสร้างการเชื่อมต่อแบบเข้ารหัสกับคลังเก็บรายชื่อ torlauncher.bootstrapStatus.requesting_status=กำลังตรวจสถานะเครือข่าย diff --git a/src/chrome/locale/ti/network-settings.dtd b/src/chrome/locale/ti/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ti/network-settings.dtd +++ b/src/chrome/locale/ti/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ti/torlauncher.properties b/src/chrome/locale/ti/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ti/torlauncher.properties +++ b/src/chrome/locale/ti/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/tk/network-settings.dtd b/src/chrome/locale/tk/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/tk/network-settings.dtd +++ b/src/chrome/locale/tk/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/tk/torlauncher.properties b/src/chrome/locale/tk/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/tk/torlauncher.properties +++ b/src/chrome/locale/tk/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/tr/network-settings.dtd b/src/chrome/locale/tr/network-settings.dtd index e08c7df..6642c29 100644 --- a/src/chrome/locale/tr/network-settings.dtd +++ b/src/chrome/locale/tr/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Hayır"> <!ENTITY torSettings.firstQuestion "Aşağıdakilerden hangisi durumunuzu en iyi açıklıyor?"> -<!ENTITY torSettings.configurePrompt1 "İnternet bağlantınız sansürlenmiş, filtrelenmiş veya vekil sunucu altında."> -<!ENTITY torSettings.configurePrompt2 "Köprü, güvenlik duvarı ve vekil sunucu ayarlarını yapılandırmam gerekli."> +<!ENTITY torSettings.configurePrompt1 "Bu bilgisayarın internet bağlantısı sansürlü veya vekil sunucu arkasında."> +<!ENTITY torSettings.configurePrompt2 "Köprü veya vekil sunucu ayarlarını yapılandırmam gerekli."> <!ENTITY torSettings.configure "Yapılandır"> <!ENTITY torSettings.connectPrompt2 "Doğrudan Tor ağına bağlanmak istiyorum"> <!ENTITY torSettings.connectPrompt3 "Bu çoğu durumda çalışır."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Eğer bu soruyu nasıl yanıtlayacağınızdan emin değilseniz, farklı bir tarayıcıda İnternet seçeneklerine bakın ve bir vekil kullanmak üzere yapılandırılıp yapılandırılmadığına bakın"> <!ENTITY torSettings.enterProxy "Vekil ayarlarını girin."> -<!ENTITY torSettings.firewallQuestion "Bu bilgisayarın İnternet bağlantısı, sadece belirli bağlantı noktalarına izin veren bir güvenlik duvarından geçiyor mu?"> -<!ENTITY torSettings.firewallHelp "Eğer bu soruya nasıl cevap vereceğinizden emin değilseniz, Hayır seçin. Eğer Tor ağına bağlanırken sorunla karşılaşırsanız, bu ayarı değiştirin."> -<!ENTITY torSettings.enterFirewall "Güvenlik duvarı tarafından izin verilen bağlantı noktalarının virgülle ayrılmış bir listesini girin."> <!ENTITY torSettings.bridgeQuestion "İnternet Servis Sağlayıcınız (ISS) Tor Ağına bağlantıları engelliyor veya sansürlüyor mu?"> <!ENTITY torSettings.bridgeHelp "Bu soruyu nasıl cevaplayacağınızdan emin değilseniz Hayır'ı Seçin.  Eğer Evet'i seçerseniz, Tor Ağına bağlantıyı engellemeyi daha zor hale getiren listelenmeyen aynalar olan Tor Köprülerini yapılandırmanız istenecektir."> <!ENTITY torSettings.bridgeSettingsPrompt "Sağlanan köprülerin kümesini kullanabilirsiniz veya özel bir köprü seti girebilir veya sağlayabilirsiniz."> @@ -29,7 +26,7 @@  <!ENTITY torsettings.startingTor "Tor'un başlaması bekleniyor..."> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "Tor'u Yeniden Başlat"> <!ENTITY torsettings.optional "İsteğe Bağlı"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Web aracılığıyla."> <!ENTITY torsettings.bridgeHelp2 "https://bridges.torproject.org sitesini ziyaret etmek için web tarayıcısı kullanın."> <!ENTITY torsettings.bridgeHelp3Heading "E-posta Otomatik Cevaplandırıcı Aracılığıyla"> -<!ENTITY torsettings.bridgeHelp3 "bridges(a)torproject.org adresine, iletide sadece 'get bridges' satırını yazarak bir e-posta gönderin.  Ancak, bir saldırganın çok sayıda köprü adresi öğrenmesini zorlaştırmak için bu e-postayı gmail.com veya yahoo.com adreslerinden yollamanız gerekmektedir."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "bridges(a)torproject.org adresine, iletide sadece 'get bridges' satırını yazarak bir e-posta gönderin.  Ancak, bir saldırganın çok sayıda köprü adresi öğrenmesini zorlaştırmak için bu e-postayı aşağıdaki e-posta sağlayıcılarından yollamanız gerekmektedir (tercih sırasına göre listelenmiştir):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com veya https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Help Desk aracılığıyla."> <!ENTITY torsettings.bridgeHelp4 "Son bir çare olarak köprü adres taleplerini help(a)rt.torproject.org adresine posta göndererek rica edebilirsiniz.  Birisinin bu talebi cevaplayacağını unutmayın."> diff --git a/src/chrome/locale/tr/progress.dtd b/src/chrome/locale/tr/progress.dtd index c61e5ac..4a46cde 100644 --- a/src/chrome/locale/tr/progress.dtd +++ b/src/chrome/locale/tr/progress.dtd @@ -1,4 +1,4 @@ <!ENTITY torprogress.dialog.title "Tor Durumu"> <!ENTITY torprogress.openSettings "Ayarları Aç"> <!ENTITY torprogress.heading "Tor ağına bağlanıyor"> -<!ENTITY torprogress.pleaseWait "Biz Tor şebekesi ile bağlantı kurana lütfen bekleyin."> +<!ENTITY torprogress.pleaseWait "Biz Tor şebekesi ile bağlantı kurana kadar lütfen bekleyin."> diff --git a/src/chrome/locale/tr/torlauncher.properties b/src/chrome/locale/tr/torlauncher.properties index 8718c38..0b57c1e 100644 --- a/src/chrome/locale/tr/torlauncher.properties +++ b/src/chrome/locale/tr/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Başlatıcı -torlauncher.tor_exited=Tor beklenmedik bir şekilde kapandı. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor, beklenmedik şekilde sonlandı. Bu; Tor içerisinde veya sisteminizdeki farklı bir programda bir hatadan ya da sorunlu bir donanımdan kaynaklanmış olabilir. Tor'u yeniden başlatıncaya kadar Tor Tarayıcısı hiçbir web sitesine erişemeyecek. Eğer sorun devam ederse lütfen Tor Günlüğünüzün bir kopyasını destek takımına gönderin. +torlauncher.tor_exited2=Tor'u yeniden başlatmak tarayıcı sekmelerinizi kapatmayacak. torlauncher.tor_controlconn_failed=Tor yönetim portuna bağlanılamadı. torlauncher.tor_failed_to_start=Tor başlatılamadı. torlauncher.tor_control_failed=Tor'u kontrol altına alma başarısız @@ -21,7 +21,7 @@ torlauncher.failed_to_get_settings=Tor ayarlarına ulaşılamıyor.\n\n%S torlauncher.failed_to_save_settings=Tor ayarları kaydedilemiyor.\n\n%S torlauncher.ensure_tor_is_running=Lütfen Tor'un çalıştığından emin olun. -torlauncher.error_proxy_addr_missing=İnternet bağlanırken vekil sunucu kullanmak için IP adresi veya sunucu ve bağlantı noktası numarası girmeniz gerekiyor. +torlauncher.error_proxy_addr_missing=İnternete bağlanırken vekil sunucusu kullanmak için IP adresi veya sunucu ve bağlantı noktası numarası girmeniz gerekiyor. torlauncher.error_proxy_type_missing=Vekil sunucu türünü seçmelisiniz. torlauncher.error_bridges_missing=Bir ya da daha fazla köprü belirtmelisiniz. torlauncher.error_default_bridges_type_missing=Sağlanan köprüler için bir aktarım türü seçmelisiniz. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=%S aktarım türü için sağlanan kul torlauncher.recommended_bridge=(önerilen) torlauncher.connect=Bağlan -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Tor'u Yeniden Başlat torlauncher.quit=Çık torlauncher.quit_win=Çıkış torlauncher.done=Tamamlandı torlauncher.forAssistance=Yardım için %S ile bağlantıya geçin. +torlauncher.copiedNLogMessages=Kopyalama tamamlandı. %S Tor günlük mesajları bir metin düzenleyici veya bir e-posta iletisine kopyalanmaya hazır. + torlauncher.bootstrapStatus.conn_dir=Bir ayna dizinine bağlanıyor torlauncher.bootstrapStatus.handshake_dir=Şifrelenmiş dizin bağlantısı kuruluyor torlauncher.bootstrapStatus.requesting_status=Ağ durumu güncelliyor diff --git a/src/chrome/locale/uk/network-settings.dtd b/src/chrome/locale/uk/network-settings.dtd index 10ff964..0090d60 100644 --- a/src/chrome/locale/uk/network-settings.dtd +++ b/src/chrome/locale/uk/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Ні"> <!ENTITY torSettings.firstQuestion "Яке з наступних тверджень найкраще описує Вашу ситуацію?"> -<!ENTITY torSettings.configurePrompt1 "Мережеве підключення цього комп'ютера цензурується, фільтрується або йде через проксі-сервер."> -<!ENTITY torSettings.configurePrompt2 "Мені потрібно налаштувати міст, брандмауер або проксі-сервер."> +<!ENTITY torSettings.configurePrompt1 "Мережеве з'єднання цього комп'ютера цензурується або йде через проксі-сервер."> +<!ENTITY torSettings.configurePrompt2 "Мені потрібно налаштувати міст або проксі-сервер."> <!ENTITY torSettings.configure "Налаштування"> <!ENTITY torSettings.connectPrompt2 "Я бажаю підключатися до Tor напряму "> <!ENTITY torSettings.connectPrompt3 "Це має працювати у більшості ситуацій."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "Якщо Ви не знаєте, як відповісти на це питання, подивіться налаштування Інтернету в іншому браузері, щоб побачити чи він налаштований на використання проксі."> <!ENTITY torSettings.enterProxy "Задати параметри проксі"> -<!ENTITY torSettings.firewallQuestion "Чи даний комп'ютер підключений до Інтернету через брандмауер, який дозволяє підключення тільки до певних портів?"> -<!ENTITY torSettings.firewallHelp "Якщо Ви не знаєте, як відповісти на це питання, виберіть Ні. Якщо у Вас виникли проблеми з підключенням до мережі Tor, змініть дане налаштування."> -<!ENTITY torSettings.enterFirewall "Введіть список портів, відкритих у брандмауері, через кому."> <!ENTITY torSettings.bridgeQuestion "Ваш Інтернет-провайдер (ISP) блокує чи яким-небудь чином цензурує підключення до Tor мережі?"> <!ENTITY torSettings.bridgeHelp "Якщо Ви не знаєте, як відповісти на це питання, виберіть Ні.  Якщо Ви виберете Так, Вам буде запропоновано налаштувати мости Tor, що є приватними трансляторами, які роблять більш важким блокування з'єднань з Tor мережі."> <!ENTITY torSettings.bridgeSettingsPrompt "Ви можете використати визначений перелік мостів або можете отримати і ввести набір мостів вручну."> @@ -29,7 +26,7 @@  <!ENTITY torsettings.startingTor "Підключення до Tor..."> -<!ENTITY torsettings.restartTor "Restart Tor"> +<!ENTITY torsettings.restartTor "Перезапустити Tor"> <!ENTITY torsettings.optional "Додатково"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Через Веб"> <!ENTITY torsettings.bridgeHelp2 "Відвідайте сторінку https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Через автовідповідач електронної пошти"> -<!ENTITY torsettings.bridgeHelp3 "Надішліть повідомлення на адресу bridges(a)torproject.org зі стрічкою "get bridges" у тілі повідомлення.  Проте, для того, щоб ускладнити визначення великої кількості адрес мостів зловмисниками, необхідно відправити цей запит від поштової скриньки gmail.com або yahoo.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Надішліть повідомлення на адресу bridges(a)torproject.org із рядком "get bridges" у тілі повідомлення.  Проте, для того, щоб ускладнити визначення великої кількості адрес мостів зловмисниками, необхідно відправити цей запит від поштової скриньки одного з наступних постачальників (перераховано у порядку пріоритетності):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com або https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Через допомогу"> <!ENTITY torsettings.bridgeHelp4 "У крайньому випадку, Ви можете отримати адресу мосту, відправивши ввічливе повідомлення на адресу help(a)rt.torproject.org.  Зверніть увагу на те, що кожен запит обробляється людиною."> diff --git a/src/chrome/locale/uk/torlauncher.properties b/src/chrome/locale/uk/torlauncher.properties index 05891cd..8287a1f 100644 --- a/src/chrome/locale/uk/torlauncher.properties +++ b/src/chrome/locale/uk/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Завантажувач Tor -torlauncher.tor_exited=Tor несподівано завершився. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor несподівано завершив роботу. Це може бути пов'язано з помилкою в Torі, іншою програмою на вашій системі, або несправним обладнанням. Поки ви не перевантажите Tor, браузер Tor буде не в змозі досягти будь-яких веб-сайтів. Якщо проблема не усувається, то, будь ласка, відправте копію журналу Tor у службу підтримки. +torlauncher.tor_exited2=Перезапуск Tor не буде закривати вкладки вашого браузера. torlauncher.tor_controlconn_failed=Неможливо з'єднатися з портом управління Tor. torlauncher.tor_failed_to_start=Tor не зміг запуститися. torlauncher.tor_control_failed=Збій отримання контролю над Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=Немає мережевих мост torlauncher.recommended_bridge=(рекомендовано) torlauncher.connect=З'єднатися -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Перезапустити Tor torlauncher.quit=Вийти torlauncher.quit_win=Вихід torlauncher.done=Готово torlauncher.forAssistance=Для допомоги зв'яжіться з %S +torlauncher.copiedNLogMessages=Копіювання завершено. %S повідомлень журналу tor готові до вставки у текстовий редактор або повідомлення електронної пошти. + torlauncher.bootstrapStatus.conn_dir=З'єднання з довідником маршрутизатора torlauncher.bootstrapStatus.handshake_dir=Встановлення зашифрованого з'єднання до каталогу torlauncher.bootstrapStatus.requesting_status=Отримання стану мережі diff --git a/src/chrome/locale/ur-PK/network-settings.dtd b/src/chrome/locale/ur-PK/network-settings.dtd index a3e772f..605bc6f 100644 --- a/src/chrome/locale/ur-PK/network-settings.dtd +++ b/src/chrome/locale/ur-PK/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "نہیں"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ur-PK/torlauncher.properties b/src/chrome/locale/ur-PK/torlauncher.properties index b4ba9ca..8ac7270 100644 --- a/src/chrome/locale/ur-PK/torlauncher.properties +++ b/src/chrome/locale/ur-PK/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=چھوڑدیجیے (Quit) torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ur/network-settings.dtd b/src/chrome/locale/ur/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ur/network-settings.dtd +++ b/src/chrome/locale/ur/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ur/torlauncher.properties b/src/chrome/locale/ur/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ur/torlauncher.properties +++ b/src/chrome/locale/ur/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/uz/network-settings.dtd b/src/chrome/locale/uz/network-settings.dtd index 78f7a1b..c5c0d61 100644 --- a/src/chrome/locale/uz/network-settings.dtd +++ b/src/chrome/locale/uz/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Yo'q"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/uz/torlauncher.properties b/src/chrome/locale/uz/torlauncher.properties index 57dcb32..9ead70b 100644 --- a/src/chrome/locale/uz/torlauncher.properties +++ b/src/chrome/locale/uz/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor ishga tushirish muvaffaqiyatsiz tugadi. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Ulanish -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Chiqish torlauncher.quit_win=Chiqish torlauncher.done=Bajarildi torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/ve/network-settings.dtd b/src/chrome/locale/ve/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/ve/network-settings.dtd +++ b/src/chrome/locale/ve/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/ve/torlauncher.properties b/src/chrome/locale/ve/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/ve/torlauncher.properties +++ b/src/chrome/locale/ve/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/vi/network-settings.dtd b/src/chrome/locale/vi/network-settings.dtd index 00b0a0f..8450fa3 100644 --- a/src/chrome/locale/vi/network-settings.dtd +++ b/src/chrome/locale/vi/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "Không"> <!ENTITY torSettings.firstQuestion "Những mục này có miêu tả đúng vị trí của bạn không?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "Tôi cần phải cấu hình cầu nối, tường lửa, hoặc thiết lập máy chủ uỷ quyền."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Cấu hình"> <!ENTITY torSettings.connectPrompt2 "Tôi muốn kết nối trực tiếp đến mạng Tor,"> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "Nếu như bạn không chắc chắn làm thế nào trả lời câu hỏi này, chọn Không. Nếu như bạn gặp vấn đề kết nối đến mạng Tor, thay đổi thiết lập này."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Nhà cung cấp dịch vụ (ISP) của bạn có ngăn chặn hoặc kiểm duyệt kết nối đến mạng Tor không?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Đi qua Web"> <!ENTITY torsettings.bridgeHelp2 "Sử dụng trình duyệt web truy cập vào https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Gửi email đến bridges(a)torproject.org với dòng get bridges trong phần thân của email. Tuy nhiên, để làm cho kẻ tấn công khó khăn hơn trong việc biết được địa chỉ cầu nối, bạn phải gửi yêu cầu này từ email của yahoo.com hoặc gmail.com."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/vi/torlauncher.properties b/src/chrome/locale/vi/torlauncher.properties index d565c82..4ced031 100644 --- a/src/chrome/locale/vi/torlauncher.properties +++ b/src/chrome/locale/vi/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Chạy Tor thất bại. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(khuyên dùng) torlauncher.connect=Kết nối -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Thoát torlauncher.quit_win=Thoát torlauncher.done=Hoàn thành torlauncher.forAssistance=Để được trợ giúp, liên hệ %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Kết nối vào một thư mục chuyển tiếp torlauncher.bootstrapStatus.handshake_dir=Thành lập một kết nối thư mục được mã hóa torlauncher.bootstrapStatus.requesting_status=Khôi phục trạng thái mạng diff --git a/src/chrome/locale/wa/network-settings.dtd b/src/chrome/locale/wa/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/wa/network-settings.dtd +++ b/src/chrome/locale/wa/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/wa/torlauncher.properties b/src/chrome/locale/wa/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/wa/torlauncher.properties +++ b/src/chrome/locale/wa/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/wo/network-settings.dtd b/src/chrome/locale/wo/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/wo/network-settings.dtd +++ b/src/chrome/locale/wo/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/wo/torlauncher.properties b/src/chrome/locale/wo/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/wo/torlauncher.properties +++ b/src/chrome/locale/wo/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/zh-CN/network-settings.dtd b/src/chrome/locale/zh-CN/network-settings.dtd index db96aef..562cfdb 100644 --- a/src/chrome/locale/zh-CN/network-settings.dtd +++ b/src/chrome/locale/zh-CN/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "否"> <!ENTITY torSettings.firstQuestion "以下哪个描述与你的情况最为匹配？"> -<!ENTITY torSettings.configurePrompt1 "该计算机的网络连接受到审查或过滤，或者需要使用代理。"> -<!ENTITY torSettings.configurePrompt2 "我需要配置网桥、防火墙或者代理设置。"> +<!ENTITY torSettings.configurePrompt1 "网络连接受到审查或需要代理。"> +<!ENTITY torSettings.configurePrompt2 "我需要添加网桥或对代理设定进行配置。"> <!ENTITY torSettings.configure "配置"> <!ENTITY torSettings.connectPrompt2 "我想要直接连接 Tor 网络。"> <!ENTITY torSettings.connectPrompt3 "通常这种方式是有效的。"> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "如果不知道如何回答该问题，请在其他浏览器中查看互联网设置，检查是否使用了代理。"> <!ENTITY torSettings.enterProxy "输入代理设置。"> -<!ENTITY torSettings.firewallQuestion "该计算机的防火墙是否仅允许特定端口的互联网连接？"> -<!ENTITY torSettings.firewallHelp "如果不知道如何回答该问题，请选择否。如果连接 Tor 网络时出现问题，请更改该设置。"> -<!ENTITY torSettings.enterFirewall "请输入防火墙允许的端口，中间用逗号隔开。"> <!ENTITY torSettings.bridgeQuestion "互联网服务提供商 (ISP) 是否对 Tor 网络连接进行了封锁或审查？"> <!ENTITY torSettings.bridgeHelp "如果不理解该问题，请选择“否”。如果选择“是”，那么需要对 Tor 网桥进行配置。网桥指用于连接 Tor 网络的非公开网络中继，更难于封锁。"> <!ENTITY torSettings.bridgeSettingsPrompt "可以使用集成的网桥，也可以获取网桥，以自定义方式手动输入。"> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "网页方式"> <!ENTITY torsettings.bridgeHelp2 "使用浏览器访问 https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "电子邮件自动回复方式"> -<!ENTITY torsettings.bridgeHelp3 "发送电子邮件至 bridges(a)torproject.xn--org,get-z36cn781bfha600c2kdv79bwxu38tcq3n bridges” 2 个单词（如需获取 obfs3 网桥，请写“transport obfs3”）。由于为了防止封锁者获取大量网桥地址，你必须使用 gmail.com 或者 yahoo.com 的电子邮件地址发送这一请求。"> +<!ENTITY torsettings.bridgeHelp3.emailDesc "发送电子邮件至 bridges(a)torproject.xn--org,get-z36cn781bfha600c2kdv79bwxu38tcq3n bridges” 这两个单词（如需获取 obfs3 网桥，请写“get transport obfs3”）。为了防止封锁者大量获取网桥地址，发送网桥请求邮件必须使用以下网站的电子邮箱（按推荐度由高到低排列）。"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net，https://mail.google.com 或者 https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "联系客服方式"> -<!ENTITY torsettings.bridgeHelp4 "如果以上方式无法获取所需网桥，作为最后的网桥获取方式，你可以写一封礼貌的邮件发送到 help(a)rt.torproject.xn--org(-3f5fw21a8fn84kbq7c8m3a help-zh(a)rt.torproject.org).xn--,-ny6a9go5tm3jb1cb9a7ykqznm8ni2c559c8l1c0mll5cfqb."> +<!ENTITY torsettings.bridgeHelp4 "如果以上方式无法获取所需网桥，作为最后的网桥获取方式，你可以写一封礼貌的邮件发送到 help(a)rt.torproject.xn--org(-3f5fw21a8fn84kbq7c8m3a help-zh@rt.torproject.org）。请注意：查看并回复这些邮件的并非机器人而是技术支持人员。"> diff --git a/src/chrome/locale/zh-CN/progress.dtd b/src/chrome/locale/zh-CN/progress.dtd index c014812..90ef643 100644 --- a/src/chrome/locale/zh-CN/progress.dtd +++ b/src/chrome/locale/zh-CN/progress.dtd @@ -1,4 +1,4 @@ <!ENTITY torprogress.dialog.title "Tor 状态"> <!ENTITY torprogress.openSettings "打开设置"> <!ENTITY torprogress.heading "正在连接 Tor 网络"> -<!ENTITY torprogress.pleaseWait "请等待建立Tor网络连接"> +<!ENTITY torprogress.pleaseWait "正在连接 Tor 网络，请稍等。"> diff --git a/src/chrome/locale/zh-CN/torlauncher.properties b/src/chrome/locale/zh-CN/torlauncher.properties index cd7ede8..828415a 100644 --- a/src/chrome/locale/zh-CN/torlauncher.properties +++ b/src/chrome/locale/zh-CN/torlauncher.properties @@ -1,14 +1,14 @@ ### Copyright (c) 2014, The Tor Project, Inc. ### See LICENSE for licensing information. -torlauncher.error_title=Tor 启动器 +torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor 意外退出。 -torlauncher.tor_connection_lost=您到 Tor 网络的连接已丢失。 +torlauncher.tor_exited=Tor 意外退出。这可能是由于：Tor 自身故障，操作系统的其他程序或硬件故障。在重新启动 Tor 之前，Tor Browser 将无法连接任何网站。如果问题持续发生，请将 Tor 日志发送至技术团队。 +torlauncher.tor_exited2=重启 Tor 不会关闭浏览器标签页。 torlauncher.tor_controlconn_failed=无法连接 Tor 控制端口。 torlauncher.tor_failed_to_start=Tor 无法启动。 torlauncher.tor_control_failed=控制 Tor 失败。 -torlauncher.tor_bootstrap_failed=Tor 建立到 Tor 网络的连接失败。 +torlauncher.tor_bootstrap_failed=连接 Tor 网络失败。 torlauncher.tor_bootstrap_failed_details=%1$S 失败 (%2$S)。 torlauncher.unable_to_start_tor=无法启动 Tor。\n\n%S @@ -24,24 +24,26 @@ torlauncher.ensure_tor_is_running=请确保 Tor 正在运行。 torlauncher.error_proxy_addr_missing=为了将 Tor 配置为使用代理访问互联网，必须指定 IP 地址或主机名以及端口号。 torlauncher.error_proxy_type_missing=必须选择代理类型。 torlauncher.error_bridges_missing=必须指定一个或多个网桥。 -torlauncher.error_default_bridges_type_missing=您必须对提供的网桥选择传输类型。 -torlauncher.error_bridge_bad_default_type=没有提供传输类型为 %S 的可用网桥。请调整你的设置。 +torlauncher.error_default_bridges_type_missing=必须指定网桥的传输类型。 +torlauncher.error_bridge_bad_default_type=没有传输类型为 %S 的可用网桥。请调整设置。 torlauncher.recommended_bridge=(推荐) torlauncher.connect=连接 -torlauncher.reconnect=重新连接 +torlauncher.restart_tor=重新启动 Tor torlauncher.quit=退出 torlauncher.quit_win=关闭 torlauncher.done=完成 torlauncher.forAssistance=如需帮助，请联系 %S +torlauncher.copiedNLogMessages=复制完成。%S 条 Tor 日志信息已准备好，可以将其粘贴到文本编辑器或电子邮件中。 + torlauncher.bootstrapStatus.conn_dir=正在连接中继目录 torlauncher.bootstrapStatus.handshake_dir=正在建立加密的目录连接 -torlauncher.bootstrapStatus.requesting_status=正在接收网络状态 +torlauncher.bootstrapStatus.requesting_status=正在检索网络状态 torlauncher.bootstrapStatus.loading_status=正在载入网络状态 -torlauncher.bootstrapStatus.loading_keys=正在载入权威证书 +torlauncher.bootstrapStatus.loading_keys=正在载入证书颁发机构证书 torlauncher.bootstrapStatus.requesting_descriptors=正在请求中继信息 torlauncher.bootstrapStatus.loading_descriptors=正在载入中继信息 torlauncher.bootstrapStatus.conn_or=正在连接 Tor 网络 @@ -52,7 +54,7 @@ torlauncher.bootstrapWarning.done=完成 torlauncher.bootstrapWarning.connectrefused=连接被拒绝 torlauncher.bootstrapWarning.misc=杂项 torlauncher.bootstrapWarning.resourcelimit=资源不够 -torlauncher.bootstrapWarning.identity=身份不一致 +torlauncher.bootstrapWarning.identity=标识不一致 torlauncher.bootstrapWarning.timeout=连接超时 torlauncher.bootstrapWarning.noroute=没有可用链路 torlauncher.bootstrapWarning.ioerror=读写错误 diff --git a/src/chrome/locale/zh-HK/network-settings.dtd b/src/chrome/locale/zh-HK/network-settings.dtd index 511ba2f..9a1108c 100644 --- a/src/chrome/locale/zh-HK/network-settings.dtd +++ b/src/chrome/locale/zh-HK/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "否"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/zh-HK/torlauncher.properties b/src/chrome/locale/zh-HK/torlauncher.properties index 71d997d..151dc4b 100644 --- a/src/chrome/locale/zh-HK/torlauncher.properties +++ b/src/chrome/locale/zh-HK/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor啟動器 -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(建議) torlauncher.connect=連接 -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=離開 torlauncher.quit_win=離開 torlauncher.done=完成 torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status diff --git a/src/chrome/locale/zh-TW/network-settings.dtd b/src/chrome/locale/zh-TW/network-settings.dtd index e1af290..05427fa 100644 --- a/src/chrome/locale/zh-TW/network-settings.dtd +++ b/src/chrome/locale/zh-TW/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "否"> <!ENTITY torSettings.firstQuestion "下列哪一項最符合您的情況?"> -<!ENTITY torSettings.configurePrompt1 "這台電腦的網際網路連線遭審查、過濾、或經過代理。"> -<!ENTITY torSettings.configurePrompt2 "我需要設定橋接、防火牆或代理伺服器設定。"> +<!ENTITY torSettings.configurePrompt1 "這部電腦的網路連線是被審查或是有代理的。"> +<!ENTITY torSettings.configurePrompt2 "我需要配置橋接或代理設定。"> <!ENTITY torSettings.configure "設定"> <!ENTITY torSettings.connectPrompt2 "我想直接連接到 Tor 網路。"> <!ENTITY torSettings.connectPrompt3 "這將在大多數情況下生效。"> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "若您不確定如何回答此問題，請查看其他瀏覽器的網際網路設定，看看它是否設定成使用代理伺服器連線。"> <!ENTITY torSettings.enterProxy "輸入代理伺服器設定。"> -<!ENTITY torSettings.firewallQuestion "這台電腦的網際網路連線，要通過只允許連接特定連線埠的防火牆嗎?"> -<!ENTITY torSettings.firewallHelp "若您不確定如何回答此問題，請選擇「否」。若您連接至 Tor 網路時遭遇問題，請變更此設定。"> -<!ENTITY torSettings.enterFirewall "請輸入防火牆允許的連線埠（請以逗號分隔）。"> <!ENTITY torSettings.bridgeQuestion "您的網際網路服務提供者(ISP)阻擋或審查員連接到 Tor 網路?"> <!ENTITY torSettings.bridgeHelp "如果您不確定如何回答此問題，請選擇「否」。  如果您選擇「是」，您將被要求設定Tor 橋接，這讓阻止連接到 Tor 網路更加困難。"> <!ENTITY torSettings.bridgeSettingsPrompt "您可以使用提供的橋接或您可以輸入一組自訂的橋接。"> @@ -54,11 +51,12 @@ <!ENTITY torsettings.copyLog "將 Tor 記錄複製到剪貼簿"> <!ENTITY torsettings.bridgeHelpTitle "橋接中繼說明"> -<!ENTITY torsettings.bridgeHelp1 "若您無法連接到 Tor 網路，可能是您的網際網路服務提供者 (ISP) 或其他機構已封鎖 Tor。  通常您可以使用更難以封鎖之隱藏中繼的 Tor 橋接來解決此問題。"> +<!ENTITY torsettings.bridgeHelp1 "若您無法連接到 Tor 網路，可能是您的網際網路服務提供者 (ISP) 或其它機構已封鎖 Tor。  通常您可以使用更難以封鎖之隱藏中繼的 Tor 橋接來解決此問題。"> <!ENTITY torsettings.bridgeHelp1B "您可以使用預先設定，提供橋接位址或您可以使用下列三種方法其中之一獲取一組自訂的位址:"> <!ENTITY torsettings.bridgeHelp2Heading "透過網路"> <!ENTITY torsettings.bridgeHelp2 "使用網路瀏覽器造訪 https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "透過電子郵件自動回覆"> -<!ENTITY torsettings.bridgeHelp3 "尋找公眾橋接位址的另一種方式是發送電子郵件到 bridges(a)torproject.xn--org,-3e5fnb965bxtdv9cqulkw6b 「get bridges」訊息。  然而，為了使攻擊者更難記錄到更多橋接位址，您必須使用 gmail.com 或 yahoo.com 的信箱來發送此郵件。"> +<!ENTITY torsettings.bridgeHelp3.emailDesc "傳送郵件到 bridges(a)torproject.org 並在內文中輸入 'get bridges'。  然而，要使得駭客更難學習有關橋接位址，您必須是使用以下電子郵件提供者之一來寄送本要求 (列表順序是依照優先偏好)："> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, 或者 https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "透過服務台"> -<!ENTITY torsettings.bridgeHelp4 "最後的方法是:您可以發送一封正常的郵件到 help(a)rt.torproject.org.  請注意我們需要一封封的手動回覆郵件。"> +<!ENTITY torsettings.bridgeHelp4 "最後的方法是:您可以發送一封正常的郵件到 help(a)rt.torproject.org.  請注意我們需要一封封地手動回覆郵件。"> diff --git a/src/chrome/locale/zh-TW/torlauncher.properties b/src/chrome/locale/zh-TW/torlauncher.properties index 78d59a3..ed3f796 100644 --- a/src/chrome/locale/zh-TW/torlauncher.properties +++ b/src/chrome/locale/zh-TW/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor 啟動工具 -torlauncher.tor_exited=Tor 意外結束。 -torlauncher.tor_connection_lost=您與 Tor 網路的連線已遺失。 +torlauncher.tor_exited=Tor 意外地結束。這有可能是 Tor 本身的程式錯誤、您系統上的其它程式或是硬體故障。直到您重新啟動 Tor，Tor Browser將不會造訪任何網站。如果問題仍然存在，請發送您的 Tor 紀錄副本到支援團隊。 +torlauncher.tor_exited2=重新啟動 Tor 將不會關閉您瀏覽器的分頁。 torlauncher.tor_controlconn_failed=無法連接至 Tor 控制連接埠。 torlauncher.tor_failed_to_start=Tor 無法啟動。 torlauncher.tor_control_failed=無法控制 Tor。 @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=沒有可用的傳輸類型為 %S 的 torlauncher.recommended_bridge=(建議使用) torlauncher.connect=連接 -torlauncher.reconnect=重新連線 +torlauncher.restart_tor=重新啟動 Tor torlauncher.quit=離開 torlauncher.quit_win=結束 torlauncher.done=完成 torlauncher.forAssistance=如需協助，請聯絡 %S +torlauncher.copiedNLogMessages=複製完成。%S Tor 紀錄訊息已準備好被貼到文字編輯器或是一封電子郵件訊息。 + torlauncher.bootstrapStatus.conn_dir=正連接至中繼目錄 torlauncher.bootstrapStatus.handshake_dir=正在建立加密的目錄連線 torlauncher.bootstrapStatus.requesting_status=正在擷取網路狀態 diff --git a/src/chrome/locale/zu/network-settings.dtd b/src/chrome/locale/zu/network-settings.dtd index f46473e..3661088 100644 --- a/src/chrome/locale/zu/network-settings.dtd +++ b/src/chrome/locale/zu/network-settings.dtd @@ -8,8 +8,8 @@ <!ENTITY torSettings.no "No"> <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?"> -<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied."> -<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings."> +<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied."> +<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings."> <!ENTITY torSettings.configure "Configure"> <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network."> <!ENTITY torSettings.connectPrompt3 "This will work in most situations."> @@ -19,9 +19,6 @@  <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy."> <!ENTITY torSettings.enterProxy "Enter the proxy settings."> -<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?"> -<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting."> -<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall."> <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?"> <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network."> <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges."> @@ -59,6 +56,7 @@ <!ENTITY torsettings.bridgeHelp2Heading "Through the Web"> <!ENTITY torsettings.bridgeHelp2 "Use a web browser to visit https://bridges.torproject.org"> <!ENTITY torsettings.bridgeHelp3Heading "Through the Email Autoresponder"> -<!ENTITY torsettings.bridgeHelp3 "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from a gmail.com or yahoo.com email address."> +<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges(a)torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email providers (listed in order of preference):"> +<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com"> <!ENTITY torsettings.bridgeHelp4Heading "Through the Help Desk"> <!ENTITY torsettings.bridgeHelp4 "As a last resort, you can request bridge addresses by sending a polite email message to help(a)rt.torproject.org.  Please note that a person will need to respond to each request."> diff --git a/src/chrome/locale/zu/torlauncher.properties b/src/chrome/locale/zu/torlauncher.properties index bf2426a..02be756 100644 --- a/src/chrome/locale/zu/torlauncher.properties +++ b/src/chrome/locale/zu/torlauncher.properties @@ -3,8 +3,8 @@ torlauncher.error_title=Tor Launcher -torlauncher.tor_exited=Tor unexpectedly exited. -torlauncher.tor_connection_lost=Your connection to the Tor Network has been lost. +torlauncher.tor_exited=Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team. +torlauncher.tor_exited2=Restarting Tor will not close your browser tabs. torlauncher.tor_controlconn_failed=Could not connect to Tor control port. torlauncher.tor_failed_to_start=Tor failed to start. torlauncher.tor_control_failed=Failed to take control of Tor. @@ -30,13 +30,15 @@ torlauncher.error_bridge_bad_default_type=No provided bridges that have the tran torlauncher.recommended_bridge=(recommended) torlauncher.connect=Connect -torlauncher.reconnect=Reconnect +torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit torlauncher.quit_win=Exit torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S +torlauncher.copiedNLogMessages=Copy complete. %S Tor log messages are ready to be pasted into a text editor or an email message. + torlauncher.bootstrapStatus.conn_dir=Connecting to a relay directory torlauncher.bootstrapStatus.handshake_dir=Establishing an encrypted directory connection torlauncher.bootstrapStatus.requesting_status=Retrieving network status

1 0

[tor-launcher/master] Bump version to 0.2.7.0.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 25bc6349f5f1e43c7d383883e6d6822b8edb41bc Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Aug 29 15:51:49 2014 -0700 Bump version to 0.2.7.0. --- src/install.rdf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/install.rdf b/src/install.rdf index ec1377d..db6588c 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -7,7 +7,7 @@ <em:creator>The Tor Project, Inc.</em:creator> <em:contributor>Pearl Crescent, LLC</em:contributor> <em:id>tor-launcher(a)torproject.org</em:id> - <em:version>0.2.6.2</em:version> + <em:version>0.2.7.0</em:version> <em:homepageURL>https://www.torproject.org/projects/torbrowser.html</em:homepageURL> <em:updateURL>https://127.0.0.1/</em:updateURL> <!--

1 0

[tor-browser-bundle/master] Bug 12103: Adding RELRO back to browser binaries.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit d8e92e2f4d362216dfff1790026309e6c0a51b58 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Aug 29 15:32:35 2014 -0700 Bug 12103: Adding RELRO back to browser binaries. We removed the build-id from browser binaries in bug 11042 as it turned out that despite the contents being exactly the same the build-id was not occasionally. But doing that with bjcopy destroyed RELRO protections as well. Having the build-id non-deterministic seems to be an ld issue as switching to gold solves this. --- gitian/descriptors/linux/gitian-firefox.yml | 6 ++++-- gitian/descriptors/linux/gitian-utils.yml | 20 ++++++++++++++++++++ gitian/mkbundle-linux.sh | 8 +++++++- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml index 90958c2..0cd4b28 100644 --- a/gitian/descriptors/linux/gitian-firefox.yml +++ b/gitian/descriptors/linux/gitian-firefox.yml @@ -29,6 +29,8 @@ remotes: - "url": "https://git.torproject.org/tor-browser.git" "dir": "tor-browser" files: +- "binutils-linux32-utils.zip" +- "binutils-linux64-utils.zip" - "python-linux32-utils.zip" - "python-linux64-utils.zip" - "re-dzip.sh" @@ -62,6 +64,8 @@ script: | ln -sf $INSTDIR/python/bin/python2.7 $INSTDIR/python/bin/python export PATH=$INSTDIR/python/bin:$PATH # + unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip + export PATH=$INSTDIR/binutils/bin:$PATH mkdir -p $INSTDIR/Browser/ mkdir -p $INSTDIR/Debug/Browser/components # @@ -100,8 +104,6 @@ script: | cd $INSTDIR for LIB in Browser/*.so Browser/webapprt-stub Browser/mozilla-xremote-client Browser/firefox Browser/plugin-container Browser/components/*.so # Browser/updater do - # Build-ID is sometimes non-deterministic, and we use debuglink anyway - objcopy --remove-section=.note.gnu.build-id $LIB objcopy --only-keep-debug $LIB Debug/$LIB strip $LIB objcopy --add-gnu-debuglink=./Debug/$LIB $LIB diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml index 34b1672..ea122db 100644 --- a/gitian/descriptors/linux/gitian-utils.yml +++ b/gitian/descriptors/linux/gitian-utils.yml @@ -15,6 +15,8 @@ packages: - "faketime" - "libtool" - "hardening-wrapper" +# Needed for compiling gold. +- "bison" # These packages are needed for Python due to HTTPS-Everywhere >= 3.5. - "libsqlite3-dev" - "zlib1g-dev" @@ -25,6 +27,7 @@ remotes: - "url": "https://github.com/libevent/libevent.git" "dir": "libevent" files: +- "binutils.tar.bz2" - "openssl.tar.gz" - "python.tar.bz2" - "lxml.tar.gz" @@ -47,6 +50,22 @@ script: | export DEB_BUILD_HARDENING_FORMAT=1 export DEB_BUILD_HARDENING_PIE=1 + # Building Binutils + tar xjf binutils.tar.bz2 + cd binutils* + # We want to use gold as the linker in our toolchain mainly as it is way + # faster when linking Tor Browser code (especially libxul). But apart from + # that it fixes #12103 and issues with ESR 31 and our Gitian setup as well + # (see bug #12743). + ./configure --prefix=$INSTDIR/binutils --disable-multilib --enable-gold + make $MAKEOPTS + make install + # Make sure gold is used and not ld. + cd $INSTDIR/binutils/bin + rm ld + ln -sf ld.gold ld + cd ~/build + # Building Libevent cd libevent ./autogen.sh @@ -104,6 +123,7 @@ script: | # Grabbing the remaining results cd $INSTDIR + ~/build/dzip.sh binutils-$BINUTILS_VER-linux$GBUILD_BITS-utils.zip binutils ~/build/dzip.sh openssl-$OPENSSL_VER-linux$GBUILD_BITS-utils.zip openssl ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-linux$GBUILD_BITS-utils.zip libevent ~/build/dzip.sh python-$PYTHON_VER-linux$GBUILD_BITS-utils.zip python diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 7e90165..dd8e00a 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -98,7 +98,9 @@ fi cd $GITIAN_DIR -if [ ! -f inputs/openssl-$OPENSSL_VER-linux32-utils.zip -o \ +if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \ + ! -f inputs/binutils-$BINUTILS_VER-linux64-utils.zip -o \ + ! -f inputs/openssl-$OPENSSL_VER-linux32-utils.zip -o \ ! -f inputs/openssl-$OPENSSL_VER-linux64-utils.zip -o \ ! -f inputs/libevent-${LIBEVENT_TAG_ORIG#release-}-linux32-utils.zip -o \ ! -f inputs/libevent-${LIBEVENT_TAG_ORIG#release-}-linux64-utils.zip -o \ @@ -122,6 +124,8 @@ then cd inputs cp -a ../build/out/*-utils.zip . + ln -sf binutils-$BINUTILS_VER-linux32-utils.zip binutils-linux32-utils.zip + ln -sf binutils-$BINUTILS_VER-linux64-utils.zip binutils-linux64-utils.zip ln -sf openssl-$OPENSSL_VER-linux32-utils.zip openssl-linux32-utils.zip ln -sf openssl-$OPENSSL_VER-linux64-utils.zip openssl-linux64-utils.zip ln -sf libevent-${LIBEVENT_TAG_ORIG#release-}-linux32-utils.zip libevent-linux32-utils.zip @@ -141,6 +145,8 @@ else # We might have built the utilities in the past but maybe the links are # pointing to the wrong version. Refresh them. cd inputs + ln -sf binutils-$BINUTILS_VER-linux32-utils.zip binutils-linux32-utils.zip + ln -sf binutils-$BINUTILS_VER-linux64-utils.zip binutils-linux64-utils.zip ln -sf openssl-$OPENSSL_VER-linux32-utils.zip openssl-linux32-utils.zip ln -sf openssl-$OPENSSL_VER-linux64-utils.zip openssl-linux64-utils.zip ln -sf libevent-${LIBEVENT_TAG_ORIG#release-}-linux32-utils.zip libevent-linux32-utils.zip

1 0

[tor-browser-bundle/maint-3.6] Bug 12103: Adding RELRO back to browser binaries.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 7df10ce04da9ed36a55e91c193fca29e88ac7a5f Author: Georg Koppen <gk(a)torproject.org> Date: Fri Aug 29 20:28:39 2014 +0000 Bug 12103: Adding RELRO back to browser binaries. We removed the build-id from browser binaries in bug 11042 as it turned out that despite the contents being exactly the same the build-id was not occasionally. But doing that with bjcopy destroyed RELRO protections as well. Having the build-id non-deterministic seems to be an ld issue as switching to gold solves this. --- gitian/descriptors/linux/gitian-firefox.yml | 6 ++++-- gitian/descriptors/linux/gitian-utils.yml | 20 ++++++++++++++++++++ gitian/mkbundle-linux.sh | 8 +++++++- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml index 7e6c598..cbd2b17 100644 --- a/gitian/descriptors/linux/gitian-firefox.yml +++ b/gitian/descriptors/linux/gitian-firefox.yml @@ -29,6 +29,8 @@ remotes: - "url": "https://git.torproject.org/tor-browser.git" "dir": "tor-browser" files: +- "binutils-linux32-utils.zip" +- "binutils-linux64-utils.zip" - "python-linux32-utils.zip" - "python-linux64-utils.zip" - "re-dzip.sh" @@ -62,6 +64,8 @@ script: | ln -sf $INSTDIR/python/bin/python2.7 $INSTDIR/python/bin/python export PATH=$INSTDIR/python/bin:$PATH # + unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip + export PATH=$INSTDIR/binutils/bin:$PATH mkdir -p $INSTDIR/Browser/ mkdir -p $INSTDIR/Debug/Browser/components # @@ -89,8 +93,6 @@ script: | cd $INSTDIR for LIB in Browser/*.so Browser/webapprt-stub Browser/mozilla-xremote-client Browser/firefox Browser/plugin-container Browser/components/*.so # Browser/updater do - # Build-ID is sometimes non-deterministic, and we use debuglink anyway - objcopy --remove-section=.note.gnu.build-id $LIB objcopy --only-keep-debug $LIB Debug/$LIB strip $LIB objcopy --add-gnu-debuglink=./Debug/$LIB $LIB diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml index 34b1672..ea122db 100644 --- a/gitian/descriptors/linux/gitian-utils.yml +++ b/gitian/descriptors/linux/gitian-utils.yml @@ -15,6 +15,8 @@ packages: - "faketime" - "libtool" - "hardening-wrapper" +# Needed for compiling gold. +- "bison" # These packages are needed for Python due to HTTPS-Everywhere >= 3.5. - "libsqlite3-dev" - "zlib1g-dev" @@ -25,6 +27,7 @@ remotes: - "url": "https://github.com/libevent/libevent.git" "dir": "libevent" files: +- "binutils.tar.bz2" - "openssl.tar.gz" - "python.tar.bz2" - "lxml.tar.gz" @@ -47,6 +50,22 @@ script: | export DEB_BUILD_HARDENING_FORMAT=1 export DEB_BUILD_HARDENING_PIE=1 + # Building Binutils + tar xjf binutils.tar.bz2 + cd binutils* + # We want to use gold as the linker in our toolchain mainly as it is way + # faster when linking Tor Browser code (especially libxul). But apart from + # that it fixes #12103 and issues with ESR 31 and our Gitian setup as well + # (see bug #12743). + ./configure --prefix=$INSTDIR/binutils --disable-multilib --enable-gold + make $MAKEOPTS + make install + # Make sure gold is used and not ld. + cd $INSTDIR/binutils/bin + rm ld + ln -sf ld.gold ld + cd ~/build + # Building Libevent cd libevent ./autogen.sh @@ -104,6 +123,7 @@ script: | # Grabbing the remaining results cd $INSTDIR + ~/build/dzip.sh binutils-$BINUTILS_VER-linux$GBUILD_BITS-utils.zip binutils ~/build/dzip.sh openssl-$OPENSSL_VER-linux$GBUILD_BITS-utils.zip openssl ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-linux$GBUILD_BITS-utils.zip libevent ~/build/dzip.sh python-$PYTHON_VER-linux$GBUILD_BITS-utils.zip python diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 0d07364..ea6d171 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -98,7 +98,9 @@ fi cd $GITIAN_DIR -if [ ! -f inputs/openssl-$OPENSSL_VER-linux32-utils.zip -o \ +if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \ + ! -f inputs/binutils-$BINUTILS_VER-linux64-utils.zip -o \ + ! -f inputs/openssl-$OPENSSL_VER-linux32-utils.zip -o \ ! -f inputs/openssl-$OPENSSL_VER-linux64-utils.zip -o \ ! -f inputs/libevent-${LIBEVENT_TAG_ORIG#release-}-linux32-utils.zip -o \ ! -f inputs/libevent-${LIBEVENT_TAG_ORIG#release-}-linux64-utils.zip -o \ @@ -122,6 +124,8 @@ then cd inputs cp -a ../build/out/*-utils.zip . + ln -sf binutils-$BINUTILS_VER-linux32-utils.zip binutils-linux32-utils.zip + ln -sf binutils-$BINUTILS_VER-linux64-utils.zip binutils-linux64-utils.zip ln -sf openssl-$OPENSSL_VER-linux32-utils.zip openssl-linux32-utils.zip ln -sf openssl-$OPENSSL_VER-linux64-utils.zip openssl-linux64-utils.zip ln -sf libevent-${LIBEVENT_TAG_ORIG#release-}-linux32-utils.zip libevent-linux32-utils.zip @@ -141,6 +145,8 @@ else # We might have built the utilities in the past but maybe the links are # pointing to the wrong version. Refresh them. cd inputs + ln -sf binutils-$BINUTILS_VER-linux32-utils.zip binutils-linux32-utils.zip + ln -sf binutils-$BINUTILS_VER-linux64-utils.zip binutils-linux64-utils.zip ln -sf openssl-$OPENSSL_VER-linux32-utils.zip openssl-linux32-utils.zip ln -sf openssl-$OPENSSL_VER-linux64-utils.zip openssl-linux64-utils.zip ln -sf libevent-${LIBEVENT_TAG_ORIG#release-}-linux32-utils.zip libevent-linux32-utils.zip

1 0

[tor-browser-bundle/master] add hardening for Windows bundles
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 9b138783e0f6e2423caba58bad777fc5622169db Author: Erinn Clark <erinn(a)torproject.org> Date: Thu Aug 21 19:21:43 2014 -0400 add hardening for Windows bundles --- gitian/build-helpers/i686-w64-mingw32-g++ | 2 +- gitian/build-helpers/i686-w64-mingw32-gcc | 2 +- gitian/build-helpers/i686-w64-mingw32-ld | 7 +----- gitian/descriptors/windows/gitian-firefox.yml | 24 ++++++++------------ .../windows/gitian-pluggable-transports.yml | 12 ++++++++-- gitian/descriptors/windows/gitian-tor.yml | 16 +++++++------ gitian/descriptors/windows/gitian-utils.yml | 24 +++++++++++--------- gitian/mkbundle-windows.sh | 6 ++--- 8 files changed, 48 insertions(+), 45 deletions(-) diff --git a/gitian/build-helpers/i686-w64-mingw32-g++ b/gitian/build-helpers/i686-w64-mingw32-g++ index e3c13fd..b73f107 100755 --- a/gitian/build-helpers/i686-w64-mingw32-g++ +++ b/gitian/build-helpers/i686-w64-mingw32-g++ @@ -1,4 +1,4 @@ #!/bin/sh # Hardened mingw gcc wrapper -/usr/bin/i686-w64-mingw32-g++ -Wl,--dynamicbase -Wl,--nxcompat -fstack-protector-all -pie -fPIE --param ssp-buffer-size=4 -fno-strict-overflow "$@" +/home/ubuntu/install/mingw-w64/bin/i686-w64-mingw32-g++ -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -fstack-protector --param ssp-buffer-size=4 -fno-strict-overflow "$@" diff --git a/gitian/build-helpers/i686-w64-mingw32-gcc b/gitian/build-helpers/i686-w64-mingw32-gcc index 830e11b..d4fd642 100755 --- a/gitian/build-helpers/i686-w64-mingw32-gcc +++ b/gitian/build-helpers/i686-w64-mingw32-gcc @@ -1,4 +1,4 @@ #!/bin/sh # Hardened mingw gcc wrapper -/usr/bin/i686-w64-mingw32-gcc -Wl,--dynamicbase -Wl,--nxcompat -fstack-protector-all -pie -fPIE --param ssp-buffer-size=4 -fno-strict-overflow "$@" +/home/ubuntu/install/mingw-w64/bin/i686-w64-mingw32-gcc -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -fstack-protector --param ssp-buffer-size=4 -fno-strict-overflow "$@" diff --git a/gitian/build-helpers/i686-w64-mingw32-ld b/gitian/build-helpers/i686-w64-mingw32-ld index e085bdd..f8c61fd 100755 --- a/gitian/build-helpers/i686-w64-mingw32-ld +++ b/gitian/build-helpers/i686-w64-mingw32-ld @@ -1,9 +1,4 @@ #!/bin/sh # Hardened mingw gcc wrapper -if [ -x /usr/bin/i686-w64-mingw32-ld.orig ]; -then - /usr/bin/i686-w64-mingw32-ld.orig --dynamicbase --nxcompat -lssp -L/usr/lib/gcc/i686-w64-mingw32/4.6/ "$@" -else - /usr/bin/i686-w64-mingw32-ld --dynamicbase --nxcompat -lssp -L/usr/lib/gcc/i686-w64-mingw32/4.6/ "$@" -fi +/home/ubuntu/install/mingw-w64/bin/i686-w64-mingw32-ld --dynamicbase --nxcompat --enable-reloc-section -lssp -L$INSTDIR/gcclibs/ "$@" diff --git a/gitian/descriptors/windows/gitian-firefox.yml b/gitian/descriptors/windows/gitian-firefox.yml index 94b5eef..0968911 100644 --- a/gitian/descriptors/windows/gitian-firefox.yml +++ b/gitian/descriptors/windows/gitian-firefox.yml @@ -20,10 +20,10 @@ files: - "mingw-w64-win32-utils.zip" - "re-dzip.sh" - "dzip.sh" -# TODO: Hardening. -#- "i686-w64-mingw32-gcc" -#- "i686-w64-mingw32-g++" -#- "i686-w64-mingw32-ld" +- "gcclibs-win32-utils.zip" +- "i686-w64-mingw32-gcc" +- "i686-w64-mingw32-g++" +- "i686-w64-mingw32-ld" - "msvcr100.dll" - "versions" script: | @@ -38,8 +38,10 @@ script: | mkdir -p $INSTDIR/Browser/ mkdir -p $OUTDIR/ unzip -d $INSTDIR mingw-w64-win32-utils.zip + unzip -d $INSTDIR gcclibs-win32-utils.zip # Make sure our custom mingw gets used. export PATH=$INSTDIR/mingw-w64/bin:$PATH + # We don't want to link against msvcrt.dll due to bug 9084. i686-w64-mingw32-g++ -dumpspecs > msvcr100.spec sed 's/msvcrt/msvcr100/' -i msvcr100.spec @@ -73,22 +75,16 @@ script: | make -f client.mk configure find -type f | xargs touch --date="$REFERENCE_DATETIME" # - # FIXME: MinGW doens't like being built with hardening, and Firefox doesn't - # like being configured with it - # XXX: These changes cause the exes to crash on launch. - #mkdir -p ~/build/bin/ - #cp ~/build/i686* ~/build/bin/ - #export PATH=~/build/bin:$PATH - # XXX: the path to ld is hardcoded in mingw.. This forces gcc's linking to - # use our flags: - #sudo mv /usr/bin/i686-w64-mingw32-ld /usr/bin/i686-w64-mingw32-ld.orig - #sudo cp ~/build/bin/i686-w64-mingw32-ld /usr/bin/ + mkdir -p ~/build/bin/ + cp ~/build/i686* ~/build/bin/ + export PATH=~/build/bin:$PATH # make $MAKEOPTS -f client.mk build # make -C obj-* package INNER_MAKE_PACKAGE=true cp -a obj-*/dist/firefox/* $INSTDIR/Browser/ cp -a ~/build/msvcr100.dll $INSTDIR/Browser/ + cp -a $INSTDIR/gcclibs/libssp-0.dll $INSTDIR/Browser/ # # What the hell are these three bytes anyways? # FIXME: This was probably fixed by patching binutils. If we get matching diff --git a/gitian/descriptors/windows/gitian-pluggable-transports.yml b/gitian/descriptors/windows/gitian-pluggable-transports.yml index 1580152..bac9bf0 100644 --- a/gitian/descriptors/windows/gitian-pluggable-transports.yml +++ b/gitian/descriptors/windows/gitian-pluggable-transports.yml @@ -50,8 +50,10 @@ files: - "go.tar.gz" - "dzip.sh" - "pyc-timestamp.sh" +- "binutils-win32-utils.zip" - "openssl-win32-utils.zip" - "gmp-win32-utils.zip" +- "gcclibs-win32-utils.zip" script: | # Set the timestamp on every .pyc file in a zip file, and re-dzip the zip file. function py2exe_zip_timestomp { @@ -75,14 +77,20 @@ script: | export FAKETIME=$REFERENCE_DATETIME export TZ=UTC export LC_ALL=C - export CFLAGS="-mwindows" - export LDFLAGS="-mwindows" + export CFLAGS="-mwindows -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security" + export LDFLAGS="-mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs" umask 0022 + unzip -d $INSTDIR binutils-win32-utils.zip unzip -d $INSTDIR gmp-win32-utils.zip unzip -d $INSTDIR openssl-win32-utils.zip + unzip -d $INSTDIR gcclibs-win32-utils.zip cp $INSTDIR/gmp/bin/*dll* $INSTDIR/Tor + export PATH=$INSTDIR/mingw-w64/bin:$PATH + sudo mv /usr/bin/i686-w64-mingw32-ld /usr/bin/i686-w64-mingw32-ld.orig + sudo cp $INSTDIR/mingw-w64/bin/i686-w64-mingw32-ld /usr/bin/ + # We need at least Wine 1.5.29 which is not in Ubuntu's main repository (see # below). Thus, we resort to a PPA and need therefore to determine the correct # network interface depending on the virtualization we use. diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml index bc70839..65df589 100644 --- a/gitian/descriptors/windows/gitian-tor.yml +++ b/gitian/descriptors/windows/gitian-tor.yml @@ -35,6 +35,7 @@ files: - "openssl-win32-utils.zip" - "libevent-win32-utils.zip" - "zlib-win32-utils.zip" +- "gcclibs-win32-utils.zip" script: | INSTDIR="$HOME/install" source versions @@ -51,14 +52,17 @@ script: | unzip -d $INSTDIR zlib-win32-utils.zip unzip -d $INSTDIR libevent-win32-utils.zip unzip -d $INSTDIR openssl-win32-utils.zip + unzip -d $INSTDIR gcclibs-win32-utils.zip cp $INSTDIR/zlib/lib/*.dll $INSTDIR/Tor/ cp $INSTDIR/libevent/bin/*.dll $INSTDIR/Tor/ cp $INSTDIR/openssl/bin/*.dll $INSTDIR/Tor/ - # Make sure our custom ld gets used. - # See the we-need-only-the-binutils-comment in gitian-utils.yml for the - # reasoning behind the "mingw-w64" dir instead of an expected "binutils" one. + cp $INSTDIR/gcclibs/*.dll $INSTDIR/Tor/ + export PATH=$INSTDIR/mingw-w64/bin:$PATH + sudo mv /usr/bin/i686-w64-mingw32-ld /usr/bin/i686-w64-mingw32-ld.orig + sudo cp $INSTDIR/mingw-w64/bin/i686-w64-mingw32-ld /usr/bin/ + # Building tor cd tor git update-index --refresh -q @@ -89,8 +93,8 @@ script: | mkdir -p $OUTDIR/src #git archive HEAD | tar -x -C $OUTDIR/src # Let's avoid the console window popping up. - export CFLAGS="-mwindows" - export LDFLAGS="-mwindows" + export CFLAGS="-mwindows -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security" + export LDFLAGS="-mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs" ./autogen.sh find -type f | xargs touch --date="$REFERENCE_DATETIME" ./configure --disable-asciidoc --host=i686-w64-mingw32 --with-libevent-dir=$INSTDIR/libevent --with-openssl-dir=$INSTDIR/openssl --prefix=$INSTDIR --with-zlib-dir=$INSTDIR/zlib/ @@ -100,8 +104,6 @@ script: | install -s $INSTDIR/bin/tor.exe $INSTDIR/Tor/ cp $INSTDIR/share/tor/geoip $INSTDIR/Data/Tor/ cp $INSTDIR/share/tor/geoip6 $INSTDIR/Data/Tor/ - cp -a /usr/lib/gcc/i686-w64-mingw32/4.6/libgcc_s_sjlj-1.dll $INSTDIR/Tor/ - cp -a /usr/lib/gcc/i686-w64-mingw32/4.6/libssp*.dll $INSTDIR/Tor/ # Grabbing the result cd $INSTDIR diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml index 87dbe16..2d0b3db 100644 --- a/gitian/descriptors/windows/gitian-utils.yml +++ b/gitian/descriptors/windows/gitian-utils.yml @@ -31,6 +31,7 @@ files: - "gcc.tar.bz2" - "openssl.tar.gz" - "gmp.tar.bz2" +- "enable-reloc-section-ld.patch" - "peXXigen.patch" - "versions" - "dzip.sh" @@ -47,15 +48,11 @@ script: | # XXX: This is needed due to bug 10102. sed 's/= extern_rt_rel_d;/= extern_rt_rel_d;\n memset (extern_rt_rel_d, 0, PE_IDATA5_SIZE);/' -i ld/pe-dll.c # Zeroing timestamps in PE headers reliably, see bug 12753. + patch -p1 < ../enable-reloc-section-ld.patch patch -p1 < ../peXXigen.patch ./configure --prefix=$INSTDIR/mingw-w64 --target=i686-w64-mingw32 --disable-multilib make $MAKEOPTS make install - # XXX: We currently do this as we are not using our own compiler but only our - # own binutils for compiling tor. See bug 10077. Nevertheless, we need both - # for cross-compiling Tor Browser. - cd $INSTDIR - ~/build/dzip.sh binutils-$BINUTILS_VER-win32-utils.zip mingw-w64 # Make sure our ld etc. is found and used. export PATH=$INSTDIR/mingw-w64/bin:$PATH cd ~/build @@ -78,7 +75,7 @@ script: | sed 's/msvcrt/msvcr100/' -i gcc-*/gcc/config/i386/t-mingw-w32 # LDFLAGS_FOR_TARGET does not work for some reason. Thus, we take # CFLAGS_FOR_TARGET. - export CFLAGS_FOR_TARGET="-specs=/home/ubuntu/build/msvcr100.spec" + export CFLAGS_FOR_TARGET="-specs=/home/ubuntu/build/msvcr100.spec -Wl,--nxcompat -Wl,--dynamicbase" gcc-*/configure --prefix=$INSTDIR/mingw-w64 --target=i686-w64-mingw32 --disable-multilib --enable-languages=c,c++ make $MAKEOPTS all-gcc make install-gcc @@ -99,8 +96,12 @@ script: | cd .. # Second stage of gcc compilation cd gcc + find -type f | xargs touch --date="$REFERENCE_DATETIME" make $MAKEOPTS make install + mkdir -p $INSTDIR/gcclibs + cp i686-w64-mingw32/libssp/.libs/libssp-0.dll $INSTDIR/gcclibs + cp i686-w64-mingw32/libgcc/shlib/libgcc_s_sjlj-1.dll $INSTDIR/gcclibs cd .. # XXX: Build the libraries we include into the bundles deterministically. As @@ -111,12 +112,12 @@ script: | export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 export FAKETIME=$REFERENCE_DATETIME # Building zlib - export CFLAGS="-mwindows" - export LDFLAGS="-mwindows" + export CFLAGS="-mwindows -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security" + export LDFLAGS="-mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs/" cd zlib find -type f | xargs touch --date="$REFERENCE_DATETIME" - make BINARY_PATH=$INSTDIR/zlib/lib INCLUDE_PATH=$INSTDIR/zlib/include LIBRARY_PATH=$INSTDIR/zlib/lib -f win32/Makefile.gcc PREFIX=i686-w64-mingw32- $MAKEOPTS SHARED_MODE=1 - make BINARY_PATH=$INSTDIR/zlib/lib INCLUDE_PATH=$INSTDIR/zlib/include LIBRARY_PATH=$INSTDIR/zlib/lib -f win32/Makefile.gcc PREFIX=i686-w64-mingw32- $MAKEOPTS SHARED_MODE=1 install + make BINARY_PATH=$INSTDIR/zlib/lib INCLUDE_PATH=$INSTDIR/zlib/include LIBRARY_PATH=$INSTDIR/zlib/lib -f win32/Makefile.gcc PREFIX=i686-w64-mingw32- $MAKEOPTS SHARED_MODE=1 LOC="-fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs/" + make BINARY_PATH=$INSTDIR/zlib/lib INCLUDE_PATH=$INSTDIR/zlib/include LIBRARY_PATH=$INSTDIR/zlib/lib -f win32/Makefile.gcc PREFIX=i686-w64-mingw32- $MAKEOPTS SHARED_MODE=1 LOC="-fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs/" install cd .. # Building Libevent @@ -133,7 +134,7 @@ script: | cd openssl-* find -type f | xargs touch --date="$REFERENCE_DATETIME" # TODO: Add enable-ec_nistp_64_gcc_128 for 64bit Windows. - ./Configure -shared --cross-compile-prefix=i686-w64-mingw32- mingw --prefix=$INSTDIR/openssl + ./Configure -shared --cross-compile-prefix=i686-w64-mingw32- mingw "-fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs/" --prefix=$INSTDIR/openssl # Using $MAKEOPTS breaks the build. Might be the issue mentioned on # http://cblfs.cross-lfs.org/index.php/OpenSSL. make @@ -156,4 +157,5 @@ script: | ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-win32-utils.zip libevent ~/build/dzip.sh openssl-$OPENSSL_VER-win32-utils.zip openssl ~/build/dzip.sh gmp-$GMP_VER-win32-utils.zip gmp + ~/build/dzip.sh gcclibs-$GCC_VER-win32-utils.zip gcclibs cp *-utils.zip $OUTDIR/ diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index 0af015d..9ef5c41 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -97,7 +97,7 @@ fi cd $GITIAN_DIR -if [ ! -f inputs/binutils-$BINUTILS_VER-win32-utils.zip -o \ +if [ ! -f inputs/gcclibs-$GCC_VER-win32-utils.zip -o \ ! -f inputs/mingw-w64-$GCC_VER-win32-utils.zip -o \ ! -f inputs/zlib-${ZLIB_TAG_ORIG#v}-win32-utils.zip -o \ ! -f inputs/libevent-${LIBEVENT_TAG_ORIG#release-}-win32-utils.zip -o \ @@ -117,12 +117,12 @@ then cd inputs cp -a ../build/out/*-utils.zip . - ln -sf binutils-$BINUTILS_VER-win32-utils.zip binutils-win32-utils.zip ln -sf mingw-w64-$GCC_VER-win32-utils.zip mingw-w64-win32-utils.zip ln -sf zlib-${ZLIB_TAG_ORIG#v}-win32-utils.zip zlib-win32-utils.zip ln -sf libevent-${LIBEVENT_TAG_ORIG#release-}-win32-utils.zip libevent-win32-utils.zip ln -sf openssl-$OPENSSL_VER-win32-utils.zip openssl-win32-utils.zip ln -sf gmp-$GMP_VER-win32-utils.zip gmp-win32-utils.zip + ln -sf gcclibs-$GCC_VER-win32-utils.zip gcclibs-win32-utils.zip cd .. #cp -a result/utils-win-res.yml inputs/ else @@ -132,12 +132,12 @@ else # We might have built the utilities in the past but maybe the links are # pointing to the wrong version. Refresh them. cd inputs - ln -sf binutils-$BINUTILS_VER-win32-utils.zip binutils-win32-utils.zip ln -sf mingw-w64-$GCC_VER-win32-utils.zip mingw-w64-win32-utils.zip ln -sf zlib-${ZLIB_TAG_ORIG#v}-win32-utils.zip zlib-win32-utils.zip ln -sf libevent-${LIBEVENT_TAG_ORIG#release-}-win32-utils.zip libevent-win32-utils.zip ln -sf openssl-$OPENSSL_VER-win32-utils.zip openssl-win32-utils.zip ln -sf gmp-$GMP_VER-win32-utils.zip gmp-win32-utils.zip + ln -sf gcclibs-$GCC_VER-win32-utils.zip gcclibs-win32-utils.zip cd .. fi

1 0

[tor-browser-bundle/master] Merge remote-tracking branch 'erinn/tbb-4.x-hardening'
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 393ac6898933fc17d31edb6be518ca8c957c6034 Merge: 59cb26c e92aa0a Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Aug 29 15:11:04 2014 -0700 Merge remote-tracking branch 'erinn/tbb-4.x-hardening' gitian/build-helpers/i686-w64-mingw32-g++ | 2 +- gitian/build-helpers/i686-w64-mingw32-gcc | 2 +- gitian/build-helpers/i686-w64-mingw32-ld | 7 +- gitian/build-helpers/wine-wrappers/dllwrap.py | 2 +- gitian/build-helpers/wine-wrappers/g++.py | 2 +- gitian/build-helpers/wine-wrappers/gcc.py | 2 +- gitian/descriptors/windows/gitian-firefox.yml | 24 +-- .../windows/gitian-pluggable-transports.yml | 12 +- gitian/descriptors/windows/gitian-tor.yml | 18 +- gitian/descriptors/windows/gitian-utils.yml | 24 ++- gitian/mkbundle-windows.sh | 6 +- gitian/patches/enable-reloc-section-ld.patch | 216 ++++++++++++++++++++ 12 files changed, 264 insertions(+), 53 deletions(-) diff --cc gitian/descriptors/windows/gitian-firefox.yml index 4ea551f,0968911..d6a6756 --- a/gitian/descriptors/windows/gitian-firefox.yml +++ b/gitian/descriptors/windows/gitian-firefox.yml @@@ -69,19 -72,12 +71,12 @@@ script: find -type f | xargs touch --date="$REFERENCE_DATETIME" rm -f configure rm -f js/src/configure - make -f client.mk configure + make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL}" find -type f | xargs touch --date="$REFERENCE_DATETIME" # - # FIXME: MinGW doens't like being built with hardening, and Firefox doesn't - # like being configured with it - # XXX: These changes cause the exes to crash on launch. - #mkdir -p ~/build/bin/ - #cp ~/build/i686* ~/build/bin/ - #export PATH=~/build/bin:$PATH - # XXX: the path to ld is hardcoded in mingw.. This forces gcc's linking to - # use our flags: - #sudo mv /usr/bin/i686-w64-mingw32-ld /usr/bin/i686-w64-mingw32-ld.orig - #sudo cp ~/build/bin/i686-w64-mingw32-ld /usr/bin/ + mkdir -p ~/build/bin/ + cp ~/build/i686* ~/build/bin/ + export PATH=~/build/bin:$PATH # make $MAKEOPTS -f client.mk build #

1 0

[tor-browser-bundle/master] add --enable-reloc-section patch from skruffy
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 1221eecfdc639fe412bc5fe051e3151e1ce5d6a9 Author: Erinn Clark <erinn(a)torproject.org> Date: Thu Aug 21 19:23:30 2014 -0400 add --enable-reloc-section patch from skruffy --- gitian/patches/enable-reloc-section-ld.patch | 216 ++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) diff --git a/gitian/patches/enable-reloc-section-ld.patch b/gitian/patches/enable-reloc-section-ld.patch new file mode 100644 index 0000000..f393f51 --- /dev/null +++ b/gitian/patches/enable-reloc-section-ld.patch @@ -0,0 +1,216 @@ +From 093b08a9e7af23a258306b710ebc4556d12f94f7 Mon Sep 17 00:00:00 2001 +From: Erinn Clark <erinn(a)torproject.org> +Date: Fri, 8 Aug 2014 14:23:44 -0400 +Subject: [PATCH] add relocation section so Windows bundles can have ASLR + +Patch by skruffy. + +--- + ld/emultempl/pe.em | 6 +++++ + ld/emultempl/pep.em | 8 ++++++- + ld/pe-dll.c | 63 ++++++++++++++++++++++++++++++----------------------- + ld/pe-dll.h | 1 + + 4 files changed, 50 insertions(+), 28 deletions(-) + +diff --git a/ld/emultempl/pe.em b/ld/emultempl/pe.em +index 5d6da9e..14c07f7 100644 +--- a/ld/emultempl/pe.em ++++ b/ld/emultempl/pe.em +@@ -268,6 +268,7 @@ fragment <<EOF + #define OPTION_TERMINAL_SERVER_AWARE (OPTION_WDM_DRIVER + 1) + /* Determinism. */ + #define OPTION_INSERT_TIMESTAMP (OPTION_TERMINAL_SERVER_AWARE + 1) ++#define OPTION_ENABLE_RELOC_SECTION (OPTION_INSERT_TIMESTAMP + 1) + + static void + gld${EMULATION_NAME}_add_options +@@ -310,6 +311,7 @@ gld${EMULATION_NAME}_add_options + {"export-all-symbols", no_argument, NULL, OPTION_EXPORT_ALL}, + {"exclude-symbols", required_argument, NULL, OPTION_EXCLUDE_SYMBOLS}, + {"exclude-all-symbols", no_argument, NULL, OPTION_EXCLUDE_ALL_SYMBOLS}, ++ {"enable-reloc-section", no_argument, NULL, OPTION_ENABLE_RELOC_SECTION}, + {"exclude-libs", required_argument, NULL, OPTION_EXCLUDE_LIBS}, + {"exclude-modules-for-implib", required_argument, NULL, OPTION_EXCLUDE_MODULES_FOR_IMPLIB}, + {"kill-at", no_argument, NULL, OPTION_KILL_ATS}, +@@ -773,6 +775,9 @@ gld${EMULATION_NAME}_handle_option (int optc) + case OPTION_EXCLUDE_ALL_SYMBOLS: + pe_dll_exclude_all_symbols = 1; + break; ++ case OPTION_ENABLE_RELOC_SECTION: ++ pe_dll_enable_reloc_section = 1; ++ break; + case OPTION_EXCLUDE_LIBS: + pe_dll_add_excludes (optarg, EXCLUDELIBS); + break; +@@ -1839,6 +1844,7 @@ gld_${EMULATION_NAME}_finish (void) + if (link_info.shared + #if !defined(TARGET_IS_shpe) + || (!link_info.relocatable && pe_def_file->num_exports != 0) ++ || (!link_info.relocatable && pe_dll_enable_reloc_section) + #endif + ) + { +diff --git a/ld/emultempl/pep.em b/ld/emultempl/pep.em +index b738800..b566903 100644 +--- a/ld/emultempl/pep.em ++++ b/ld/emultempl/pep.em +@@ -242,7 +242,8 @@ enum options + OPTION_NO_BIND, + OPTION_WDM_DRIVER, + OPTION_INSERT_TIMESTAMP, +- OPTION_TERMINAL_SERVER_AWARE ++ OPTION_TERMINAL_SERVER_AWARE, ++ OPTION_ENABLE_RELOC_SECTION + }; + + static void +@@ -284,6 +285,7 @@ gld${EMULATION_NAME}_add_options + {"export-all-symbols", no_argument, NULL, OPTION_EXPORT_ALL}, + {"exclude-symbols", required_argument, NULL, OPTION_EXCLUDE_SYMBOLS}, + {"exclude-all-symbols", no_argument, NULL, OPTION_EXCLUDE_ALL_SYMBOLS}, ++ {"enable-reloc-section", no_argument, NULL, OPTION_ENABLE_RELOC_SECTION}, + {"exclude-libs", required_argument, NULL, OPTION_EXCLUDE_LIBS}, + {"exclude-modules-for-implib", required_argument, NULL, OPTION_EXCLUDE_MODULES_FOR_IMPLIB}, + {"kill-at", no_argument, NULL, OPTION_KILL_ATS}, +@@ -727,6 +729,9 @@ gld${EMULATION_NAME}_handle_option (int optc) + case OPTION_EXCLUDE_ALL_SYMBOLS: + pep_dll_exclude_all_symbols = 1; + break; ++ case OPTION_ENABLE_RELOC_SECTION: ++ pe_dll_enable_reloc_section = 1; ++ break; + case OPTION_EXCLUDE_LIBS: + pep_dll_add_excludes (optarg, EXCLUDELIBS); + break; +@@ -1618,6 +1623,7 @@ gld_${EMULATION_NAME}_finish (void) + + #ifdef DLL_SUPPORT + if (link_info.shared ++ || (!link_info.relocatable && pe_dll_enable_reloc_section) + || (!link_info.relocatable && pep_def_file->num_exports != 0)) + { + pep_dll_fill_sections (link_info.output_bfd, &link_info); +diff --git a/ld/pe-dll.c b/ld/pe-dll.c +index e9e133b..4230dc3 100644 +--- a/ld/pe-dll.c ++++ b/ld/pe-dll.c +@@ -152,6 +152,7 @@ def_file * pe_def_file = 0; + int pe_dll_export_everything = 0; + int pe_dll_exclude_all_symbols = 0; + int pe_dll_do_default_excludes = 1; ++int pe_dll_enable_reloc_section = 0; + int pe_dll_kill_ats = 0; + int pe_dll_stdcall_aliases = 0; + int pe_dll_warn_dup_exports = 0; +@@ -3370,8 +3371,15 @@ pe_dll_build_sections (bfd *abfd, struct bfd_link_info *info) + process_def_file_and_drectve (abfd, info); + + if (pe_def_file->num_exports == 0 && !info->shared) +- return; +- ++ { ++ if (pe_dll_enable_reloc_section) ++ { ++ build_filler_bfd (0); ++ pe_output_file_set_long_section_names (filler_bfd); ++ } ++ return; ++ } ++ + generate_edata (abfd, info); + build_filler_bfd (1); + pe_output_file_set_long_section_names (filler_bfd); +@@ -3386,13 +3394,9 @@ pe_exe_build_sections (bfd *abfd, struct bfd_link_info *info ATTRIBUTE_UNUSED) + pe_output_file_set_long_section_names (filler_bfd); + } + +-void +-pe_dll_fill_sections (bfd *abfd, struct bfd_link_info *info) ++static void ++pe_dll_create_reloc (bfd *abfd, struct bfd_link_info *info) + { +- pe_dll_id_target (bfd_get_target (abfd)); +- pe_output_file_set_long_section_names (abfd); +- image_base = pe_data (abfd)->pe_opthdr.ImageBase; +- + generate_reloc (abfd, info); + if (reloc_sz > 0) + { +@@ -3409,38 +3413,43 @@ pe_dll_fill_sections (bfd *abfd, struct bfd_link_info *info) + lang_do_assignments (lang_final_phase_enum); + } + +- fill_edata (abfd, info); +- +- if (info->shared && !info->pie) +- pe_data (abfd)->dll = 1; +- +- edata_s->contents = edata_d; + reloc_s->contents = reloc_d; + } + + void +-pe_exe_fill_sections (bfd *abfd, struct bfd_link_info *info) ++pe_dll_fill_sections (bfd *abfd, struct bfd_link_info *info) + { ++ if (!reloc_s && !edata_s) ++ return; + pe_dll_id_target (bfd_get_target (abfd)); + pe_output_file_set_long_section_names (abfd); + image_base = pe_data (abfd)->pe_opthdr.ImageBase; + +- generate_reloc (abfd, info); +- if (reloc_sz > 0) ++ if (reloc_s) ++ pe_dll_create_reloc (abfd, info); ++ ++ if (edata_s) + { +- bfd_set_section_size (filler_bfd, reloc_s, reloc_sz); ++ fill_edata (abfd, info); ++ edata_s->contents = edata_d; ++ } + +- /* Resize the sections. */ +- lang_reset_memory_regions (); +- lang_size_sections (NULL, TRUE); ++ if (info->shared && !info->pie) ++ pe_data (abfd)->dll = 1; + +- /* Redo special stuff. */ +- ldemul_after_allocation (); + +- /* Do the assignments again. */ +- lang_do_assignments (lang_final_phase_enum); +- } +- reloc_s->contents = reloc_d; ++} ++ ++void ++pe_exe_fill_sections (bfd *abfd, struct bfd_link_info *info) ++{ ++ if (!reloc_s) ++ return; ++ pe_dll_id_target (bfd_get_target (abfd)); ++ pe_output_file_set_long_section_names (abfd); ++ image_base = pe_data (abfd)->pe_opthdr.ImageBase; ++ ++ pe_dll_create_reloc (abfd, info); + } + + bfd_boolean +diff --git a/ld/pe-dll.h b/ld/pe-dll.h +index 4697390..2bf71d9 100644 +--- a/ld/pe-dll.h ++++ b/ld/pe-dll.h +@@ -31,6 +31,7 @@ extern def_file *pe_def_file; + extern int pe_dll_export_everything; + extern int pe_dll_exclude_all_symbols; + extern int pe_dll_do_default_excludes; ++extern int pe_dll_enable_reloc_section; + extern int pe_dll_kill_ats; + extern int pe_dll_stdcall_aliases; + extern int pe_dll_warn_dup_exports; +-- +2.0.1 +

1 0

[tor-browser-bundle/master] make Tor and the PTs build with our mingw compilers
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit e92aa0a6a20117a9badd0c116284e77afd8b9dbb Author: Erinn Clark <erinn(a)torproject.org> Date: Tue Aug 26 11:01:48 2014 -0400 make Tor and the PTs build with our mingw compilers --- gitian/build-helpers/wine-wrappers/dllwrap.py | 2 +- gitian/build-helpers/wine-wrappers/g++.py | 2 +- gitian/build-helpers/wine-wrappers/gcc.py | 2 +- gitian/descriptors/windows/gitian-pluggable-transports.yml | 8 ++------ gitian/descriptors/windows/gitian-tor.yml | 8 ++------ 5 files changed, 7 insertions(+), 15 deletions(-) diff --git a/gitian/build-helpers/wine-wrappers/dllwrap.py b/gitian/build-helpers/wine-wrappers/dllwrap.py index fdff035..8f339ff 100755 --- a/gitian/build-helpers/wine-wrappers/dllwrap.py +++ b/gitian/build-helpers/wine-wrappers/dllwrap.py @@ -10,7 +10,7 @@ import sys import common -args = ["/usr/bin/i686-w64-mingw32-dllwrap"] +args = ["/home/ubuntu/install/mingw-w64/bin/i686-w64-mingw32-dllwrap"] sys.argv.pop(0) while sys.argv: a = sys.argv.pop(0) diff --git a/gitian/build-helpers/wine-wrappers/g++.py b/gitian/build-helpers/wine-wrappers/g++.py index 4738420..0688285 100755 --- a/gitian/build-helpers/wine-wrappers/g++.py +++ b/gitian/build-helpers/wine-wrappers/g++.py @@ -10,7 +10,7 @@ import sys import common -args = ["/usr/bin/i686-w64-mingw32-g++"] +args = ["/home/ubuntu/install/mingw-w64/bin/i686-w64-mingw32-g++"] sys.argv.pop(0) while sys.argv: a = sys.argv.pop(0) diff --git a/gitian/build-helpers/wine-wrappers/gcc.py b/gitian/build-helpers/wine-wrappers/gcc.py index 493b27b..37bb1d8 100755 --- a/gitian/build-helpers/wine-wrappers/gcc.py +++ b/gitian/build-helpers/wine-wrappers/gcc.py @@ -10,7 +10,7 @@ import sys import common -args = ["/usr/bin/i686-w64-mingw32-gcc"] +args = ["/home/ubuntu/install/mingw-w64/bin/i686-w64-mingw32-gcc"] sys.argv.pop(0) while sys.argv: a = sys.argv.pop(0) diff --git a/gitian/descriptors/windows/gitian-pluggable-transports.yml b/gitian/descriptors/windows/gitian-pluggable-transports.yml index bac9bf0..93776b8 100644 --- a/gitian/descriptors/windows/gitian-pluggable-transports.yml +++ b/gitian/descriptors/windows/gitian-pluggable-transports.yml @@ -11,8 +11,6 @@ packages: - "swig" - "p7zip-full" - "m4" -- "mingw-w64" -- "g++-mingw-w64" - "python-dev" - "faketime" - "libtool" @@ -50,7 +48,7 @@ files: - "go.tar.gz" - "dzip.sh" - "pyc-timestamp.sh" -- "binutils-win32-utils.zip" +- "mingw-w64-win32-utils.zip" - "openssl-win32-utils.zip" - "gmp-win32-utils.zip" - "gcclibs-win32-utils.zip" @@ -81,15 +79,13 @@ script: | export LDFLAGS="-mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs" umask 0022 - unzip -d $INSTDIR binutils-win32-utils.zip + unzip -d $INSTDIR mingw-w64-win32-utils.zip unzip -d $INSTDIR gmp-win32-utils.zip unzip -d $INSTDIR openssl-win32-utils.zip unzip -d $INSTDIR gcclibs-win32-utils.zip cp $INSTDIR/gmp/bin/*dll* $INSTDIR/Tor export PATH=$INSTDIR/mingw-w64/bin:$PATH - sudo mv /usr/bin/i686-w64-mingw32-ld /usr/bin/i686-w64-mingw32-ld.orig - sudo cp $INSTDIR/mingw-w64/bin/i686-w64-mingw32-ld /usr/bin/ # We need at least Wine 1.5.29 which is not in Ubuntu's main repository (see # below). Thus, we resort to a PPA and need therefore to determine the correct diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml index 65df589..277f2d0 100644 --- a/gitian/descriptors/windows/gitian-tor.yml +++ b/gitian/descriptors/windows/gitian-tor.yml @@ -11,7 +11,6 @@ packages: - "autoconf" - "automake" - "autoconf2.13" -- "mingw-w64" - "faketime" - "libtool" reference_datetime: "2000-01-01 00:00:00" @@ -31,7 +30,7 @@ files: - "bug11200-hang-0.2.5.patch" - "binutils.tar.bz2" - "dzip.sh" -- "binutils-win32-utils.zip" +- "mingw-w64-win32-utils.zip" - "openssl-win32-utils.zip" - "libevent-win32-utils.zip" - "zlib-win32-utils.zip" @@ -48,7 +47,7 @@ script: | mkdir -p $INSTDIR/bin/ mkdir -p $INSTDIR/Tor/ mkdir -p $INSTDIR/Data/Tor/ - unzip -d $INSTDIR binutils-win32-utils.zip + unzip -d $INSTDIR mingw-w64-win32-utils.zip unzip -d $INSTDIR zlib-win32-utils.zip unzip -d $INSTDIR libevent-win32-utils.zip unzip -d $INSTDIR openssl-win32-utils.zip @@ -60,9 +59,6 @@ script: | export PATH=$INSTDIR/mingw-w64/bin:$PATH - sudo mv /usr/bin/i686-w64-mingw32-ld /usr/bin/i686-w64-mingw32-ld.orig - sudo cp $INSTDIR/mingw-w64/bin/i686-w64-mingw32-ld /usr/bin/ - # Building tor cd tor git update-index --refresh -q

1 0

[tor-browser-bundle/master] Update changelog and bumped Tor Browser branch.
by gk＠torproject.org 29 Aug '14

29 Aug '14

commit 59cb26c5fa474bc766e13974d893d51e98ea8453 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Aug 29 13:57:11 2014 +0000 Update changelog and bumped Tor Browser branch. --- Bundle-Data/Docs/ChangeLog.txt | 5 ++++- gitian/versions.alpha | 4 ++-- gitian/versions.nightly | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 37d8339..80c80b4 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -8,6 +8,7 @@ Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014 * Bug 11199: Improve error messages if Tor exits unexpectedly * Update Torbutton to 1.6.12.1 * Bug 12684: New strings for canvas image extraction message + * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org * Bug 12684: Improve Canvas image extraction permissions prompt * Bug 7265: Only prompt for first party canvas access. Log all scripts that attempt to extract canvas images to Browser console. @@ -16,15 +17,17 @@ Tor Browser Bundle 4.0-alpha-2 -- Sep 2 2014 * Bug 4234: Automatic Update support (off by default) * Bug 9881: Open popups in new tabs by default * Meek Pluggable Transport: - * Use TLSv1.0 in meek-http-helper to blend in with Firefox 24 + * Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with Firefox 24 * Windows: * Bug 10065: Enable DEP, ASLR, and SSP hardening options Tor Browser Bundle 3.6.5 -- Sep 2 2014 * All Platforms * Update Firefox to 24.8.0esr + * Update HTTPS Everywhere to 4.0.0 * Update Torbutton to 1.6.12.1 * Bug 12684: New strings for canvas image extraction message + * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org * Bug 9531: Workaround to avoid rare hangs during New Identity * Bug 12684: Improve Canvas image extraction permissions prompt * Bug 7265: Only prompt for first party canvas access. Log all scripts diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 685bbc2..e503ef2 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -1,10 +1,10 @@ -TORBROWSER_VERSION=4.0-alpha-1 +TORBROWSER_VERSION=4.0-alpha-2 BUNDLE_LOCALES="ar de es-ES fa fr it ko nl pl pt-PT ru tr vi zh-CN" BUILD_PT_BUNDLES=1 VERIFY_TAGS=1 -FIREFOX_VERSION=24.7.0esr +FIREFOX_VERSION=24.8.0esr TORBROWSER_UPDATE_CHANNEL=alpha diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 38f7863..4f483be 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -4,11 +4,11 @@ BUILD_PT_BUNDLES=1 VERIFY_TAGS=0 -FIREFOX_VERSION=24.7.0esr +FIREFOX_VERSION=24.8.0esr TORBROWSER_UPDATE_CHANNEL=default -TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-2 +TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-1 TOR_TAG=master TORLAUNCHER_TAG=master TORBUTTON_TAG=master

1 0

[tor-browser-bundle/maint-3.6] Bump HTTPS Everyhwere version.
by gk＠torproject.org 29 Aug '14

29 Aug '14

commit 6bf678be02b43e0bf8264017aa45f31b408fda7d Author: Georg Koppen <gk(a)torproject.org> Date: Fri Aug 29 13:38:57 2014 +0000 Bump HTTPS Everyhwere version. --- Bundle-Data/Docs/ChangeLog.txt | 1 + gitian/versions | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index af1cb61..f33c616 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,6 +1,7 @@ Tor Browser Bundle 3.6.5 -- Sep 2 2014 * All Platforms * Update Firefox to 24.8.0esr + * Update HTTPS Everywhere to 4.0.0 * Update Torbutton to 1.6.12.1 * Bug 12684: New strings for canvas image extraction message * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org diff --git a/gitian/versions b/gitian/versions index 11ed2ae..14803a8 100755 --- a/gitian/versions +++ b/gitian/versions @@ -42,7 +42,7 @@ PY2EXE_VER=0.6.9 SETUPTOOLS_VER=1.4 LXML_VER=3.3.5 PARSLEY_VER=1.2 -HTTPSE_VER=3.5.3 +HTTPSE_VER=4.0.0 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -76,7 +76,7 @@ OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 NOSCRIPT_HASH=3c8ed31dbd67634debf333f957ba5c08bf3596408c9d09b5bf4da98499733af4 -HTTPSE_HASH=06a635a6a9dd2a31f4ab72c9ed8bf612bdda33941f5fe8b3225553fdc3b99e10 +HTTPSE_HASH=1241631091f9ceb417f639a6df76425cda36ee4b38b78ce8d318088eb17a7219 MINGW_HASH=a5b03d0448a309341be4cf34c6ad3016d04c89952dca5243254b4d6c738b164f MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c

1 0

[tor-browser-bundle/maint-3.6] Add the versions file change to Torbutton changelog.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 6269b8673bf0d923ca312dec27db4bc77fda417c Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Aug 29 01:00:39 2014 -0700 Add the versions file change to Torbutton changelog. --- Bundle-Data/Docs/ChangeLog.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index e2301cf..af1cb61 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -3,6 +3,7 @@ Tor Browser Bundle 3.6.5 -- Sep 2 2014 * Update Firefox to 24.8.0esr * Update Torbutton to 1.6.12.1 * Bug 12684: New strings for canvas image extraction message + * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org * Bug 9531: Workaround to avoid rare hangs during New Identity * Bug 12684: Improve Canvas image extraction permissions prompt * Bug 7265: Only prompt for first party canvas access. Log all scripts

1 0

[tor-browser-bundle/maint-3.6] Update versions file for 3.6.5.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 924707d621d1a77b9628b03e58611a68a9b67e69 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Aug 29 01:01:09 2014 -0700 Update versions file for 3.6.5. --- gitian/versions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gitian/versions b/gitian/versions index 25bafb0..11ed2ae 100755 --- a/gitian/versions +++ b/gitian/versions @@ -1,15 +1,15 @@ -TORBROWSER_VERSION=3.6.4 +TORBROWSER_VERSION=3.6.5 BUNDLE_LOCALES="ar de es-ES fa fr it ko nl pl pt-PT ru tr vi zh-CN" BUILD_PT_BUNDLES=1 VERIFY_TAGS=1 -FIREFOX_VERSION=24.7.0esr +FIREFOX_VERSION=24.8.0esr TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-3.x-1-build1 TOR_TAG=tor-0.2.4.23 TORLAUNCHER_TAG=0.2.5.6 -TORBUTTON_TAG=1.6.11.1 +TORBUTTON_TAG=1.6.12.1 HTTPSE_TAG=3.5.3 # XXX: HTTPSE_VER is used instead, pending #11630 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8

1 0

[torbutton/master] Update translations from transifex.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 47b93cb560667089bbe5b889a2fe5c38eebc4660 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Aug 29 00:56:37 2014 -0700 Update translations from transifex. --- src/chrome/locale/ar/torbutton.properties | 8 +- src/chrome/locale/de/aboutTor.dtd | 4 +- src/chrome/locale/de/brand.dtd | 2 +- src/chrome/locale/de/brand.properties | 6 +- src/chrome/locale/de/torbutton.dtd | 152 +++++++++++++------------- src/chrome/locale/de/torbutton.properties | 30 ++--- src/chrome/locale/es/torbutton.dtd | 10 +- src/chrome/locale/es/torbutton.properties | 6 +- src/chrome/locale/eu/torbutton.properties | 8 +- src/chrome/locale/fa/torbutton.properties | 8 +- src/chrome/locale/fr/torbutton.properties | 6 +- src/chrome/locale/it/torbutton.properties | 8 +- src/chrome/locale/ja/torbutton.properties | 8 +- src/chrome/locale/ko/torbutton.properties | 8 +- src/chrome/locale/nl/torbutton.properties | 8 +- src/chrome/locale/pl/torbutton.properties | 6 +- src/chrome/locale/pt/torbutton.properties | 8 +- src/chrome/locale/ru/torbutton.properties | 8 +- src/chrome/locale/sv/torbutton.properties | 8 +- src/chrome/locale/tr/torbutton.dtd | 6 +- src/chrome/locale/tr/torbutton.properties | 10 +- src/chrome/locale/vi/torbutton.properties | 8 +- src/chrome/locale/zh-CN/aboutTor.dtd | 2 +- src/chrome/locale/zh-CN/torbutton.dtd | 42 +++---- src/chrome/locale/zh-CN/torbutton.properties | 14 ++- 25 files changed, 209 insertions(+), 175 deletions(-) diff --git a/src/chrome/locale/ar/torbutton.properties b/src/chrome/locale/ar/torbutton.properties index 221eecd..f35285f 100644 --- a/src/chrome/locale/ar/torbutton.properties +++ b/src/chrome/locale/ar/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = البرامج الإضافية مثل فلا torbutton.popup.never_ask_again = لا تسألني مرة اخري # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=حاول هذا الموقع (%S) الحصول علي بيانات لصورة من على سطح الرسم. ولأن بيانات الصور من على سطح الرسم يمكن استخدامها لمعرفة معلومات عن حاسبك، لذلك فقط تم تزود صورة فارغة هذه المرة. -canvas.allow=اسمح في المستقبل +canvas.siteprompt=هذا الموقع (٪ S) حاول استخراج بيانات الصورة HTML5، والتي يمكن استخدامها لتحديد مكانك وتحديد الكومبيوتر.\n\nهل تريد أن يسمح متصفح Tor لهذا الموقع لاستخراج بيانات الصورة ؟ +canvas.notNow=ليس الان +canvas.notNowAccessKey=النون +canvas.allow=السماح في المستقبل canvas.allowAccessKey=ا -canvas.never=مطلقاً لهذا الموقع +canvas.never=ليس للموقع هذا ابداً (مستحب) canvas.neverAccessKey=ط diff --git a/src/chrome/locale/de/aboutTor.dtd b/src/chrome/locale/de/aboutTor.dtd index c517faa..beab0ff 100644 --- a/src/chrome/locale/de/aboutTor.dtd +++ b/src/chrome/locale/de/aboutTor.dtd @@ -32,7 +32,7 @@ <!ENTITY aboutTor.torInfo4.label "Dieser Server speichert keine Informationen über Besucher."> <!ENTITY aboutTor.whatnextQuestion.label "Was nun?"> <!ENTITY aboutTor.whatnextAnswer.label "Tor ist NICHT alles was benötigt wird, um anonym zu surfen! Sie müssen eventuell einige Gewohnheiten ändern, um sicherzustellen, dass Ihre Identität geschützt bleibt."> -<!ENTITY aboutTor.whatnext.label "Tipps um anonym zu bleiben »"> +<!ENTITY aboutTor.whatnext.label "Tipps, um anonym zu bleiben »"> <!ENTITY aboutTor.whatnext.link "https://www.torproject.org/download/download.html.en#warning"> <!ENTITY aboutTor.helpInfo1.label "Sie können helfen!"> <!ENTITY aboutTor.helpInfo2.label "Es gibt viele Möglichkeiten, um das Tor-Netzwerk schneller und stärker zu machen:"> @@ -43,6 +43,6 @@ <!ENTITY aboutTor.helpInfo5.label "Etwas spenden »"> <!ENTITY aboutTor.helpInfo5.link "https://www.torproject.org/donate/donate.html.en"> -<!ENTITY aboutTor.footer.label "Die Organisation »The Tor Project« ist nach dem US-Gesetz US 501(c)(3) als gemeinnützig eingestuft und widmet sich Forschung, Entwicklung und Schulung von Anonymität und Datenschutz."> +<!ENTITY aboutTor.footer.label "Die Organisation »The Tor Project« ist nach dem US-Gesetz US 501(c)(3) als gemeinnützig eingestuft und widmet sich der Forschung, der Entwicklung und der Schulung zum Thema Internetanonymität und Datenschutz."> <!ENTITY aboutTor.learnMore.label "Mehr über das Tor-Projekt erfahren »"> <!ENTITY aboutTor.learnMore.link "https://www.torproject.org/about/overview.html.en"> diff --git a/src/chrome/locale/de/brand.dtd b/src/chrome/locale/de/brand.dtd index febd197..cbe3b6b 100644 --- a/src/chrome/locale/de/brand.dtd +++ b/src/chrome/locale/de/brand.dtd @@ -3,6 +3,6 @@ - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> <!ENTITY brandShortName "TorBrowser"> -<!ENTITY brandFullName "Tor Browser"> +<!ENTITY brandFullName "Tor-Browser"> <!ENTITY vendorShortName "Tor-Projekt"> <!ENTITY trademarkInfo.part1 "Firefox und die Firefox-Logos sind Warenzeichen der Mozilla Foundation."> diff --git a/src/chrome/locale/de/brand.properties b/src/chrome/locale/de/brand.properties index bdb15b2..9e215e9 100644 --- a/src/chrome/locale/de/brand.properties +++ b/src/chrome/locale/de/brand.properties @@ -3,13 +3,13 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. brandShortName=TorBrowser -brandFullName=Tor Browser +brandFullName=Tor-Browser vendorShortName=Tor-Projekt -homePageSingleStartMain=Firefox Start, eine schnelle Startseite mit eingebauter Suche +homePageSingleStartMain=Firefox-Start, eine schnelle Startseite mit eingebauter Suche homePageImport=Ihre Startseite von %S importieren homePageMigrationPageTitle=Startseitenauswahl -homePageMigrationDescription=Bitte wählen Sie die Startseite die Sie benutzen möchten: +homePageMigrationDescription=Bitte die Startseite auswählen, die Sie benutzen wollen: syncBrandShortName=Sync diff --git a/src/chrome/locale/de/torbutton.dtd b/src/chrome/locale/de/torbutton.dtd index 6242e22..b024b95 100644 --- a/src/chrome/locale/de/torbutton.dtd +++ b/src/chrome/locale/de/torbutton.dtd @@ -1,9 +1,9 @@ -<!ENTITY torbutton.prefs.title "Einstellungen für Torbutton"> +<!ENTITY torbutton.prefs.title "Torbutton-Einstellungen"> <!ENTITY torbutton.prefs.tor_settings "Vermittlungsservereinstellungen"> -<!ENTITY torbutton.prefs.recommended_settings "Benutze die empfohlenen Proxy-Einstellungen für meine Firefox-Version"> +<!ENTITY torbutton.prefs.recommended_settings "Die empfohlenen Vermittlungsservereinstellungen für meine Firefox-Version benutzen"> <!ENTITY torbutton.prefs.use_privoxy "Privoxy verwenden"> <!ENTITY torbutton.prefs.use_polipo "Polipo verwenden"> -<!ENTITY torbutton.prefs.custom_settings "Individuelle Proxy-Einstellungen verwenden"> +<!ENTITY torbutton.prefs.custom_settings "Individuelle Vermittlungsservereinstellungen verwenden"> <!ENTITY torbutton.prefs.proxy.host.http "HTTP-Proxy:"> <!ENTITY torbutton.prefs.proxy.host.https "SSL-Proxy:"> <!ENTITY torbutton.prefs.proxy.host.ftp "FTP-Proxy:"> @@ -12,18 +12,18 @@ <!ENTITY torbutton.prefs.proxy.port "Port:"> <!ENTITY torbutton.about.title "Über Torbutton"> <!ENTITY torbutton.about.version "Version:"> -<!ENTITY torbutton.about.summary "Schützt die Privatsphäre deines Tor-Browsings."> +<!ENTITY torbutton.about.summary "Schützt die Privatsphäre Ihres Tor-Navigierens."> <!ENTITY torbutton.about.code "Code Beitragende:"> -<!ENTITY torbutton.about.maintainer "Maintainer:"> +<!ENTITY torbutton.about.maintainer "Hauptbetreuer:"> <!ENTITY torbutton.about.security_review "Sicherheitsüberprüfung:"> -<!ENTITY torbutton.about.donate "Wenn du es magst, Tor zu benutzen, ziehst du vielleicht in betracht"> -<!ENTITY torbutton.about.make_donation "zu spenden."> -<!ENTITY torbutton.pref_connection.notice "Deaktivieren Sie Torbutton, um diese Einstellungen zu verändern."> +<!ENTITY torbutton.about.donate "Wenn Sie Tor gerne benutzen, könne Sie vielleicht etwas"> +<!ENTITY torbutton.about.make_donation "spenden."> +<!ENTITY torbutton.pref_connection.notice "Torbutton deaktivieren, um diese Einstellungen zu ändern."> <!ENTITY torbutton.pref_connection.more_info "Mehr Informationen"> <!ENTITY torbutton.pref_connection_more_info.title "Hilfe"> -<!ENTITY torbutton.pref_connection_more_info.text "Torbutten ist momentan aktiv. Wenn Sie die Proxy-Einstellungen für den Betrieb ohne Tor ändern möchten, deaktivieren Sie bitte zuerst Torbutton. Für Änderungen der Tor-Einstellungen verwenden Sie bitte das Fenster "Torbutton-Einstellungen"."> +<!ENTITY torbutton.pref_connection_more_info.text "Torbutten ist momentan aktiv. Wenn Sie die Vermittlungsservereinstellungen für den Betrieb ohne Tor ändern möchten, bitte zuerst Torbutton deaktivieren. Zum Ändern der Tor-Einstellungen bitte das Fenster »Torbutton-Einstellungen« verwenden."> <!ENTITY torbutton.context_menu.new_identity "Neue Identität"> -<!ENTITY torbutton.context_menu.new_identity_key "I"> +<!ENTITY torbutton.context_menu.new_identity_key "N"> <!ENTITY torbutton.context_menu.toggle "Tor-Modus umschalten"> <!ENTITY torbutton.context_menu.toggle.key "T"> <!ENTITY torbutton.context_menu.preferences "Einstellungen …"> @@ -39,99 +39,99 @@ <!ENTITY torbutton.context_menu.copyTor "Tor-Adresse kopieren"> <!ENTITY torbutton.context_menu.copyTor.key "k"> <!ENTITY torbutton.context_menu.openTorTab "Tor-Adresse in neuem Reiter öffnen"> -<!ENTITY torbutton.context_menu.openTorTab.key "F"> +<!ENTITY torbutton.context_menu.openTorTab.key "R"> <!ENTITY torbutton.context_menu.openTorWindow "Tor-Adresse in neuem Fenster öffnen"> <!ENTITY torbutton.context_menu.openTorWindow.key "F"> <!ENTITY torbutton.button.label "Torbutton"> <!ENTITY torbutton.button.tooltip "Klicken, um Torbutton zu aktivieren"> <!ENTITY torbutton.prefs.sec_settings "Sicherheitseinstellungen"> -<!ENTITY torbutton.prefs.block_thread "Lesen von Einträgen der besuchten Seiten (History) während der Benutzung von Tor verhindern (wichtig)"> -<!ENTITY torbutton.prefs.block_thwrite "Schreiben von Einträgen der besuchten Seiten (History) während der Benutzung von Tor verhindern (empfohlen)"> -<!ENTITY torbutton.prefs.block_nthread "Lesen von Einträgen der besuchten Seiten (History) außerhalb der Benutzung von Tor verhindern (optional)"> -<!ENTITY torbutton.prefs.block_nthwrite "Schreiben von Einträgen der besuchten Seiten (History) außerhalb der Benutzung von Tor verhindern (optional)"> -<!ENTITY torbutton.prefs.clear_history "Informationen zu besuchten Seiten (History) bei An- und Abschalten von Tor löschen (optional)"> -<!ENTITY torbutton.prefs.clear_cache "Zugriff auf Festplatten-Cache verhindern und Cache-Informationen bei An- und Abschalten von Tor löschen"> -<!ENTITY torbutton.prefs.block_cache "Verhindere den Zugriff auf Festplatten- und Speicher-Cache während Tor aktiviert ist"> -<!ENTITY torbutton.prefs.cookie_jars "Speichern von Cookies, die nicht zu Tor gehören in einer gesicherten jar-Datei"> -<!ENTITY torbutton.prefs.cookie_protection "Verwende den Cookie Schutzdialog um zu wählen"> +<!ENTITY torbutton.prefs.block_thread "Lesen von Einträgen, der besuchten Seiten (Verlauf), während der Benutzung von Tor verhindern (wichtig)"> +<!ENTITY torbutton.prefs.block_thwrite "Schreiben von Einträgen, der besuchten Seiten (Verlauf), während der Benutzung von Tor verhindern (empfohlen)"> +<!ENTITY torbutton.prefs.block_nthread "Lesen von Einträgen, der besuchten Seiten (Verlauf), außerhalb der Benutzung von Tor verhindern (optional)"> +<!ENTITY torbutton.prefs.block_nthwrite "Schreiben von Einträgen, der besuchten Seiten (Verlauf), außerhalb der Benutzung von Tor verhindern (optional)"> +<!ENTITY torbutton.prefs.clear_history "Informationen zu besuchten Seiten (Verlauf), bei An- und Abschalten von Tor, löschen (optional)"> +<!ENTITY torbutton.prefs.clear_cache "Zugriff auf den Festplattenzwischenspeicher verhindern und Zwischenspeicherinformationen bei An- und Abschalten von Tor löschen"> +<!ENTITY torbutton.prefs.block_cache "Den Zugriff auf Festplatten- und Speicherzwischenspeicher verhindern, während Tor aktiviert ist"> +<!ENTITY torbutton.prefs.cookie_jars "Cookies, die nicht zu Tor gehören, in einer gesicherten jar-Datei speichern"> +<!ENTITY torbutton.prefs.cookie_protection "Den Cookie-Schutzdialog benutzen, um auszuwählen"> <!ENTITY torbutton.prefs.mmm_cookies "Ich verwalte meine Cookies manuell (gefährlich)"> <!ENTITY torbutton.prefs.clear_cookies "Cookies beim An- und Abschalten von Tor löschen"> -<!ENTITY torbutton.prefs.disable_plugins "Plugins während der Benutzung von Tor deaktivieren (wichtig)"> +<!ENTITY torbutton.prefs.disable_plugins "Erweiterungen, während der Benutzung von Tor, deaktivieren (wichtig)"> <!ENTITY torbutton.prefs.kill_bad_js "Gefährliches JavaScript kontrollieren (wichtig)"> <!ENTITY torbutton.prefs.isolate_content "Dynamisch generierte Daten während der Benutzung von Tor separieren (wichtig)"> -<!ENTITY torbutton.prefs.no_updates "Deaktiviere Updates während der Benutzung von Tor"> +<!ENTITY torbutton.prefs.no_updates "Aktualisierungen während der Benutzung von Tor deaktivieren"> <!ENTITY torbutton.prefs.set_uagent "Browser-Bezeichnung während der Benutzung von Tor umstellen (wichtig)"> <!ENTITY torbutton.prefs.dynamic "Dynamisch generierte Inhalte"> <!ENTITY torbutton.prefs.cookies "Cookies"> -<!ENTITY torbutton.prefs.cache "Cache"> +<!ENTITY torbutton.prefs.cache "Zwischenspeicher"> <!ENTITY torbutton.prefs.history "Verlauf"> -<!ENTITY torbutton.prefs.no_search "Such-Vorschläge während Tor-Benutzung abschalten (empfohlen)"> +<!ENTITY torbutton.prefs.no_search "Suchvorschläge während der Tor-Benutzung abschalten (empfohlen)"> <!ENTITY torbutton.prefs.shutdown "Herunterfahren"> <!ENTITY torbutton.prefs.tor_shutdown "Cookies beim Beenden des Browsers löschen (wenn Tor aktiv ist)"> <!ENTITY torbutton.prefs.all_shutdown "Cookies beim Beenden des Browsers löschen (immer)"> -<!ENTITY torbutton.prefs.no_shutdown "Cookies beim Beenden des Browers nicht löschen"> +<!ENTITY torbutton.prefs.no_shutdown "Cookies beim Beenden des Browsers nicht löschen"> <!ENTITY torbutton.prefs.disable_sessionstore "Speichern des Browserzustandes zwischen Programmaufrufen deaktivieren (empfohlen)"> <!ENTITY torbutton.prefs.headers "Überschriften"> <!ENTITY torbutton.prefs.spoof_english "Englischen Browser (US) vortäuschen"> <!ENTITY torbutton.prefs.refererspoofing "Absender tarnen"> -<!ENTITY torbutton.prefs.spoofblank "Spoof blank referer during Tor usage (may break some sites)"> -<!ENTITY torbutton.prefs.smartspoof "Smarte Absendertarnung während der Tor-Sitzung (Vortäuschung verschiedener Domainabsender)"> -<!ENTITY torbutton.prefs.nospoof "No referer spoof during Tor usage (sends referers as normal)"> -<!ENTITY torbutton.prefs.disable_domstorage "Deaktiviere die DOM-Speicherung während der Benutzung von Tor (wichtig)"> +<!ENTITY torbutton.prefs.spoofblank "Einen leeren Absender vortäuschen, während Tor benutzt wird (kann einige Seiten ruinieren)"> +<!ENTITY torbutton.prefs.smartspoof "Intelligente Absendertarnung während der Benutzung von Tor (Vortäuschung verschiedener Domainabsender)"> +<!ENTITY torbutton.prefs.nospoof "Keine vortäuschen des Absenders, während Tor benutzt wird (sendet Absender normal)"> +<!ENTITY torbutton.prefs.disable_domstorage "Die DOM-Speicherung während der Benutzung von Tor deaktivieren (wichtig)"> <!ENTITY torbutton.prefs.forms "Formulare"> -<!ENTITY torbutton.prefs.block_tforms "Speichern von Passwörten und Formularen während Benutzung von Tor deaktivieren (empfohlen)"> -<!ENTITY torbutton.prefs.block_ntforms "Speichern von Passwörten und Formularen generell deaktivieren (optional)"> +<!ENTITY torbutton.prefs.block_tforms "Speichern von Passwörtern und Formularen, während der Benutzung von Tor, deaktivieren (empfohlen)"> +<!ENTITY torbutton.prefs.block_ntforms "Speichern von Passwörtern und Formularen bei Nicht-Tor deaktivieren (optional)"> <!ENTITY torbutton.prefs.tor "Tor"> <!ENTITY torbutton.prefs.non_tor "Nicht-Tor"> -<!ENTITY torbutton.prefs.restore_tor "Setze Tor-Modus bei Session-Wiederherstellung zu:"> -<!ENTITY torbutton.prefs.startup_tor "Bei Browser-Start, setze Tor-Status auf:"> -<!ENTITY torbutton.prefs.reload_crashed_jar "Lade die Cookiedatei/Lösche Cookies beim Absturz (empfohlen)"> -<!ENTITY torbutton.prefs.dual_cookie_jars "Speichere alle Cookies (Verbindungen über Tor oder nicht) in geschützten Dateien (gefährlich)"> -<!ENTITY torbutton.prefs.clear_http_auth "Lösche Sitzungen mit Authentifizierung (empfohlen)"> -<!ENTITY torbutton.prefs.block_js_history "Isoliere den Zugriff zur Verlaufsnavigation (wichtig)"> -<!ENTITY torbutton.prefs.resize_on_toggle "Verändere die Größe des Fensters zu einem Vielfachen von 50px während der Nutzung von Tor (empfohlen)"> -<!ENTITY torbutton.prefs.close_tor "Schließe alle Tor-Fenster und -Tabs beim Wechsel (optional)"> -<!ENTITY torbutton.prefs.close_nontor "Schließe alle Nicht-Tor-Fenster und -Tabs beim Wechsel (optional)"> -<!ENTITY torbutton.prefs.block_links "Sperre Klicks auf Links und Neuladen von Seiten von verschiedenen Tor-Modi (optional)"> -<!ENTITY torbutton.prefs.jar_certs "Speichere SSL-Zertifikate in verschiedenen Dateien für Tor/Nicht-Tor (empfohlen)"> -<!ENTITY torbutton.prefs.jar_ca_certs "Speichere CA-Zertifikate in verschiedenen Dateien für Tor/Nicht-Tor (empfohlen)"> -<!ENTITY torbutton.prefs.locked_mode "Deaktiviere den Knopf und Tastenkürzel, um versehentliches Umschalten zu vermeiden."> -<!ENTITY torbutton.prefs.startup_state "Setze Tor-Modus bei normalen Start auf:"> +<!ENTITY torbutton.prefs.restore_tor "Tor-Modus bei Sitzungswiederherstellung einstellen auf:"> +<!ENTITY torbutton.prefs.startup_tor "Beim Browser-Start, Tor-Status einstellen auf:"> +<!ENTITY torbutton.prefs.reload_crashed_jar "Cookie-JAR-Datei neuladen / Cookies beim Absturz von Firefox löschen (empfohlen)"> +<!ENTITY torbutton.prefs.dual_cookie_jars "Alle Cookies speichern (Verbindungen über Tor oder nicht) in geschützten JAR-Dateien (gefährlich)"> +<!ENTITY torbutton.prefs.clear_http_auth "Legitimierte HTTP-Sitzungen löschen (empfohlen)"> +<!ENTITY torbutton.prefs.block_js_history "Den Zugriff zur Verlaufsnavigation isolieren (wichtig)"> +<!ENTITY torbutton.prefs.resize_on_toggle "Die Größe des Fensters zu einem Vielfachen von 50px, während der Benutzung von Tor, veränderen (empfohlen)"> +<!ENTITY torbutton.prefs.close_tor "Slle Tor-Fenster und Reiter beim Wechsel schließen (optional)"> +<!ENTITY torbutton.prefs.close_nontor "Alle Nicht-Tor-Fenster und Reiter beim Wechsel schließen (optional)"> +<!ENTITY torbutton.prefs.block_links "Klicks auf Verweise sperren und das Neuladen von Seiten von verschiedenen Tor-Modi (optional)"> +<!ENTITY torbutton.prefs.jar_certs "SSL-Zertifikate in verschiedenen Dateien für Tor/Nicht-Tor speichern (empfohlen)"> +<!ENTITY torbutton.prefs.jar_ca_certs "CA-Zertifikate in verschiedenen Dateien für Tor/Nicht-Tor speichern (empfohlen)"> +<!ENTITY torbutton.prefs.locked_mode "Den Knopf und Tastenkürzel deaktiviere, um versehentliches Umschalten zu vermeiden."> +<!ENTITY torbutton.prefs.startup_state "Tor-Modus bei normalen Start einstellen auf:"> <!ENTITY torbutton.prefs.shutdown_state "Modus beim letzten Beenden"> -<!ENTITY torbutton.prefs.startup "Start-Up"> -<!ENTITY torbutton.prefs.block_tor_file_net "Sperre den Zugriff zum Netzwerk von file://-URLS (empfohlen)"> -<!ENTITY torbutton.prefs.block_nontor_file_net "Sperre den Zugriff zum Netzwerk von file://-URLs bei deaktiviertem Tor"> -<!ENTITY torbutton.prefs.restore_defaults "Stelle Einstellungen zurück auf Standard"> -<!ENTITY torbutton.prefs.test_settings "Teste Einstellungen"> -<!ENTITY torbutton.prefs.test_auto "Teste meine Einstellungen nach dem ersten Umschalten bei jedem Firefox-Start"> -<!ENTITY torbutton.prefs.disable_livemarks "Disable livemarks updates during Tor usage"> -<!ENTITY torbutton.prefs.tor_memory_jar "Schreibe im Tor-Modus keine Cookies auf die Festplatte"> -<!ENTITY torbutton.prefs.nontor_memory_jar "Schreibe im Nicht-Tor-Modus keine Cookies auf die Festplatte"> -<!ENTITY torbutton.prefs.session_restore "Der Sessionmanager soll diese Tabs sichern und wiederherstellen."> -<!ENTITY torbutton.prefs.nontor_tabs "Im Nicht-Tor-Modus geladene Tabs"> -<!ENTITY torbutton.prefs.tor_tabs "Im Tor-Modus geladene Tabs"> +<!ENTITY torbutton.prefs.startup "Inbetriebnahme"> +<!ENTITY torbutton.prefs.block_tor_file_net "Den Zugriff zum Netzwerk von Adressen mit »file://« sperren (empfohlen)"> +<!ENTITY torbutton.prefs.block_nontor_file_net "Den Zugriff, bei deaktiviertem Tor, zum Netzwerk von Adressen mit »file://« sperren"> +<!ENTITY torbutton.prefs.restore_defaults "Vorgabeeinstellungen wiederherstellen"> +<!ENTITY torbutton.prefs.test_settings "Einstellungen testen"> +<!ENTITY torbutton.prefs.test_auto "Meine Einstellungen, nach dem ersten Umschalten, bei jedem Firefox-Start testen"> +<!ENTITY torbutton.prefs.disable_livemarks "Aktualisierungen der Livemarks während der Benutzung von Tor deaktivieren"> +<!ENTITY torbutton.prefs.tor_memory_jar "Im Tor-Modus keine Cookies auf die Festplatte schreiben"> +<!ENTITY torbutton.prefs.nontor_memory_jar "Im Nicht-Tor-Modus keine Cookies auf die Festplatte schreiben"> +<!ENTITY torbutton.prefs.session_restore "Die Sitzungsverwaltung soll diese Reiter sichern und wiederherstellen:"> +<!ENTITY torbutton.prefs.nontor_tabs "Im Nicht-Tor-Modus geladene Reiter"> +<!ENTITY torbutton.prefs.tor_tabs "Im Tor-Modus geladene Reiter"> <!ENTITY torbutton.prefs.socks_vfour "SOCKS v4"> <!ENTITY torbutton.prefs.socks_vfive "SOCKS v5"> -<!ENTITY torbutton.prefs.no_proxies_on "Keine Proxies für: "> -<!ENTITY torbutton.prefs.no_proxy_warning "Warnung: Vermeiden Sie es, oben irgendwelche Host Namen zu verwenden"> -<!ENTITY torbutton.prefs.spoofreresh "Aktualisiere Tarnung"> -<!ENTITY torbutton.prefs.refereroptions " Einstellungen Absendertarnung"> -<!ENTITY torbutton.prefs.nospoof "No referer spoof during Tor usage (sends referers as normal)"> -<!ENTITY torbutton.prefs.spoofroot "Tarne den enthaltenen Ordner auf der Seite"> -<!ENTITY torbutton.prefs.spoofdomain "Tarne die Domain als Absender"> -<!ENTITY torbutton.prefs.spoofblank "Spoof blank referer during Tor usage (may break some sites)"> -<!ENTITY torbutton.cookiedialog.title "Verwalte Cookie-Schutz"> +<!ENTITY torbutton.prefs.no_proxies_on "Keine Vermittlungsserver (Proxies) für: "> +<!ENTITY torbutton.prefs.no_proxy_warning "Achtung: Vermeiden Sie es, oben irgendwelche Rechnernamen zu verwenden"> +<!ENTITY torbutton.prefs.spoofreresh "Tarnung aufrischen"> +<!ENTITY torbutton.prefs.refereroptions "Einstellungen der Absendertarnung"> +<!ENTITY torbutton.prefs.nospoof "Keine vortäuschen des Absenders, während Tor benutzt wird (sendet Absender normal)"> +<!ENTITY torbutton.prefs.spoofroot "Den enthaltenen Ordner auf der Seite tarnen"> +<!ENTITY torbutton.prefs.spoofdomain "Die Domain als Absender vortäuschen"> +<!ENTITY torbutton.prefs.spoofblank "Einen leeren Absender vortäuschen, während Tor benutzt wird (kann einige Seiten ruinieren)"> +<!ENTITY torbutton.cookiedialog.title "Cookie-Schutz verwalten"> <!ENTITY torbutton.cookiedialog.lockCol "Geschützt"> -<!ENTITY torbutton.cookiedialog.domainCol "Host"> +<!ENTITY torbutton.cookiedialog.domainCol "Rechner"> <!ENTITY torbutton.cookiedialog.nameCol "Name"> <!ENTITY torbutton.cookiedialog.pathCol "Pfad"> <!ENTITY torbutton.cookiedialog.protectCookie "Cookie schützen"> <!ENTITY torbutton.cookiedialog.removeCookie "Cookie entfernen"> <!ENTITY torbutton.cookiedialog.unprotectCookie "Cookie nicht schützen"> -<!ENTITY torbutton.cookiedialog.removeAllBut "Entferne alle, außer die geschützten"> -<!ENTITY torbutton.cookiedialog.saveAllCookies "Schütze neue Cookies"> -<!ENTITY torbutton.cookiedialog.doNotSaveAllCookies "Schütze nicht neue Cookies"> -<!ENTITY torbutton.prefs.disable_livemarks "Disable livemarks updates during Tor usage"> +<!ENTITY torbutton.cookiedialog.removeAllBut "Alle, außer den geschützten entfernen"> +<!ENTITY torbutton.cookiedialog.saveAllCookies "Neue Cookies schützen"> +<!ENTITY torbutton.cookiedialog.doNotSaveAllCookies "Neue Cookies nicht schützen"> +<!ENTITY torbutton.prefs.disable_livemarks "Aktualisierungen der Livemarks während der Benutzung von Tor deaktivieren"> <!ENTITY torbutton.prefs.dtd_recommended "(empfohlen)"> <!ENTITY torbutton.prefs.dtd_optional "(optional)"> <!ENTITY torbutton.prefs.dtd_crucial "(kritisch)"> @@ -143,8 +143,8 @@ <!ENTITY torbutton.prefs.engine4 "startpage.com"> <!ENTITY torbutton.prefs.engine5 "duckduckgo.com"> <!ENTITY torbutton.prefs.fix_google_srch "Betriebssystem und Sprache bei Google Suchabfragen nicht übermitteln"> -<!ENTITY torbutton.prefs.transparentTor "Transparente Torification (Erfordert eigenen Transproxy oder Tor-Router)"> -<!ENTITY torbutton.prefs.block_disk "Keinen Browser-Verlauf anlegen und keine Website-Daten speichern (aktiviert den Privaten Browser Modus)"> -<!ENTITY torbutton.prefs.restrict_thirdparty "Cookies von Drittanbietern und andere Tracking-Daten einschränken"> -<!ENTITY torbutton.prefs.block_plugins "Browser-Plugins Deaktivieren (wie zb. Flash)"> -<!ENTITY torbutton.prefs.resist_fingerprinting "Ändern Sie details, die Sie von anderen Tor-Browser Nutzern unterscheiden"> +<!ENTITY torbutton.prefs.transparentTor "Transparente-Torification (Erfordert eigenen Transproxy oder Tor-Router)"> +<!ENTITY torbutton.prefs.block_disk "Browser-Verlauf und Internetdaten nicht speichern (aktiviert den privaten Browser-Modus)"> +<!ENTITY torbutton.prefs.restrict_thirdparty "Profildateien (Cookies) von Drittanbietern und andere Überwachungsdaten einschränken"> +<!ENTITY torbutton.prefs.block_plugins "Browser-Erweiterungen deaktivieren (wie z.B. Flash)"> +<!ENTITY torbutton.prefs.resist_fingerprinting "Details ändern, die Sie von anderen Tor-Browser-Benutzern unterscheiden"> diff --git a/src/chrome/locale/de/torbutton.properties b/src/chrome/locale/de/torbutton.properties index c269cc1..29bfaf4 100644 --- a/src/chrome/locale/de/torbutton.properties +++ b/src/chrome/locale/de/torbutton.properties @@ -4,19 +4,19 @@ torbutton.panel.tooltip.disabled = Klicken, um Tor zu aktivieren torbutton.panel.tooltip.enabled = Klicken, um Tor zu deaktivieren torbutton.panel.plugins.disabled = Klicken, um die Erweiterungen zu aktivieren torbutton.panel.plugins.enabled = Klicken, um die Erweiterungen zu deaktivieren -torbutton.panel.label.disabled = Tor deaktiviert -torbutton.panel.label.enabled = Tor aktiviert -extensions.torbutton(a)torproject.org.description = Torbutton gibt ihnen die Möglichkeit, Einstellungen von Tor schnell und einfach zu verändern und die Browser-Daten zu löschen. +torbutton.panel.label.disabled = Tor ist deaktiviert +torbutton.panel.label.enabled = Tor ist aktiviert +extensions.torbutton(a)torproject.org.description = Torbutton gibt ihnen die Möglichkeit, Einstellungen von Tor schnell und einfach zu verändern und einfach die Internetdaten zu löschen. torbutton.popup.history.warning = Torbutton hat Aktivitäten in einem Reiter blockiert, welcher in einem anderen Tor-Status geladen wurde.\n\nDas ist nötig, um die Firefox-Fehler 409737 und 417869 zu umgehen.\n\nSollte dieses PopUp augenscheinlich grundlos auftauchen, so versucht gerade, einer Ihrer Reiter, sich im Hintergrund neu zu laden, und wurde deshalb blockiert.\n\nUm den Reiter in diesem Tor-Status neu zu laden, drücken Sie »Eingabe« im Adresseingabefeld.\n\n -torbutton.popup.plugin.warning = Torbutton hat das direkte laden von Erweiterungsinhalten über Tor blockiert.\n\nBenutzen Sie stattdessen »Speichern unter«.\n\n +torbutton.popup.plugin.warning = Torbutton hat das direkte laden von Erweiterungsinhalten über Tor blockiert.\n\nStattdessen bitte »Speichern unter« benutzen.\n\n torbutton.popup.confirm_ca_certs = Anmerkung: Es scheint, als seien keinerlei eigene Zertifikatsautoritäten in Ihrer Konfiguration vorhanden. Die Auswertung der globalen Zertifikationsautoritätenliste ist aufwändig und verlangsamt das schnelle An- und Abschalten von Tor. Möchten Sie die Isolation von Zertifikatsautoritäten abschalten? (Wenn Sie nicht wissen, was gemeint ist, können Sie ruhig auf OK klicken). -torbutton.popup.ff3.warning = Warnung!\n\nEs ist bekannt, dass Torbutton auf Firefox 3 deine Zeitzone und Livemarks über Tor mitteilt.\n\nWollen Sie trotzdem fortfahren? +torbutton.popup.ff3.warning = Achtung!\n\nEs ist bekannt, dass Torbutton auf Firefox 3 Ihre Zeitzone und Livemarks über Tor mitteilt.\n\nWollen Sie trotzdem fortfahren? torbutton.popup.toggle.warning = Die Einstellungen werden erst nach einem Neustart von Tor wirksam. torbutton.popup.test.success = Test des Tor-Vermittlungsservers erfolgreich! -torbutton.popup.test.failure = Test des Tor-Vermittlungsservers FEHLGESCHLAGEN! Überprüfen Sie Ihre Proxy- und Polipo-Einstellungen. +torbutton.popup.test.failure = Test des Tor-Vermittlungsservers FEHLGESCHLAGEN! Bitte überprüfen Sie Ihre Vermittlungsserver-(Proxy) und Polipo-Einstellungen. torbutton.popup.test.confirm_toggle = Der letzte Tor-Vermittlungsservertest konnte Tor nicht benutzen.\n\nSind Sie sicher, dass Sie diesen trotzdem aktivieren möchten?\n\nAnmerkung: Falls Sie das Problem gelöst haben, können Sie den Test im Einstellungsfenster vom Torbutton-Vermittlungsserver wiederholen, um diese Warnung zu löschen. -torbutton.popup.test.ff3_notice = Klicken Sie OK um die Vermittlungsservereinstellungen zu testen. Dieser Test arbeitet im Hintergrund. Bitte warten Sie einen Augenblick. -torbutton.panel.label.verified = Tor überprüft +torbutton.popup.test.ff3_notice = Bitte OK klicken, um die Vermittlungsservereinstellungen zu testen. Dieser Test arbeitet im Hintergrund. Bitte warten Sie einen Augenblick. +torbutton.panel.label.verified = Tor ist überprüft torbutton.popup.test.auto_failed = Der automatische Tor-Vermittlungsservertest ist fehlgeschlagen.\n\nSind Sie sicher, dass Sie ihn trotzdem aktivieren möchten? torbutton.prefs.recommended = (empfohlen) torbutton.prefs.optional = (optional) @@ -31,25 +31,27 @@ torbutton.popup.dontask = Von jetzt an Dateien immer automatisch herunterladen torbutton.popup.test.no_http_proxy = Tor-Vermittlungsservertest: Lokaler HTTP-Vermittlungsserver ist unerreichbar. Läuft Polipo korrekt? torbutton.popup.captcha.title = Google-Captchas vermeiden? torbutton.popup.captcha.ask = Torbutton hat ein Google-Captcha festgestellt. Möchten Sie für Ihre Suchanfrage zu einer anderen Suchmaschine umgeleitet werden? -torbutton.popup.captcha.always = Von nun an immer diese Aktion durchführen +torbutton.popup.captcha.always = Ab jetzt, immer diese Aktion durchführen torbutton.popup.redirect = Umleiten torbutton.popup.no_redirect = Nicht umleiten torbutton.popup.prompted_language = Um Ihre Privatsphäre zu erhöhen, kann Torbutton die jeweilige englische Version einer Webseite anfordern. Dies kann zur Folge haben, dass Webseiten, die sie lieber in Ihrer Muttersprache lesen würden, nun in Englisch dargestellt werden. \n\nSollen nun - zur Erhöhung Ihrer Privatsphäre - Webseiten in Englisch geladen werden? -torbutton.popup.no_newnym = Torbutton kann Ihnen keine neue Identität geben, da es keinen Zugriff auf den Tor-Steueranschluss hatt.\n\nBenutzen Sie das Tor-Browser-Paket? +torbutton.popup.no_newnym = Torbutton kann Ihnen keine neue Identität geben, da es keinen Zugriff auf den Tor-Steueranschluss hat.\n\nBenutzen Sie das Tor-Browser-Paket? torbutton.popup.use_tbb = Es scheint, als würden Sie Torbutton zusammen mit Firefox benutzen. Diese Kombination ist nicht länger eine empfohlene und sichere Konfiguration.\n\nAnstelle dieser Konfiguration, empfehlen wir Ihnen das neueste Tor-Browser-Paket zu benutzen, das Sie durch eine E-Mail an gettor(a)torproject.org oder von der Herunterladeseite bekommen können: torbutton.popup.pref_error = Torbutton kann die Einstellungen von Tor-Browser im Profilordner nicht aktualisieren. torbutton.popup.permission_denied = Bitte entweder die Berechtigungen des Tor-Browser-Ordners zurücksetzen, oder es an einen neuen Ort kopieren. torbutton.popup.device_full = Es scheint als würde das Medium voll sein. Bitte machen Sie etwas Platz frei, oder bewegen sie den Tor-Browser auf ein neues Gerät. torbutton.title.prompt_torbrowser = Wichtige Torbutton-Information torbutton.popup.prompt_torbrowser = Torbutton funktioniert jetzt anders als vorher: es kann nicht mehr abgeschaltet werden.\n\nWir haben diese Änderung vorgenommen, da es nicht sicher ist, Torbutton auch in einem Browser zu benutzen, der auch für den Betrieb ohne Tor gedacht ist. Es gab zu viele Fehler, die wir sonst nicht hätten beheben können.\n\nWenn Sie Firefox weiterhin normal benutzen möchten, sollten Sie Torbutton deinstallieren, und das Tor-Browser-Paket herunterladen. Die Privatsphäreeinstellungen des Tor-Browsers sind außerdem denen des normalen Firefox überlegen, selbst wenn Firefox mit Torbutton benutzt wird.\n\nUm Torbutton zu entfernen, gehen Sie einfach auf Extras->Add-ons->Erweiterungen und klicken Sie auf Entfernen neben dem Torbutton. -torbutton.popup.short_torbrowser = Wichtige Torbutton Information!\n\nTorbutton ist jetzt immer aktiviert.\n\nKlicken sie auf den Torbutton, um mehr Informationen zu erhalten. +torbutton.popup.short_torbrowser = Wichtige Torbutton-Information!\n\nTorbutton ist jetzt immer aktiviert.\n\nBitte auf den Torbutton klicken, um mehr Informationen zu erhalten. torbutton.popup.confirm_plugins = Erweiterungen wie Flash können ihre Privatsphäre und Anonymität schädigen.\n\nSie können auch das Tor-Netzwerk umgehen, und Ihren derzeitigen Aufenthaltsort und ihre IP-Adresse verraten.\n\nSind Sie sicher, dass Sie Erweiterungen aktivieren wollen?\n\n torbutton.popup.never_ask_again = Nicht mehr nachfragen # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Die Internetseite (%S) hat versucht, auf Bilddaten von einem Canvas zuzugreifen. Da Canvas-Bilddaten dazu benutzt werden können, um Informationen über ihren Rechner zu bekommen, wurden diesmal leere Bilddaten an die Internetseite geschickt. -canvas.allow=In Zukunft Erlauben +canvas.siteprompt=Die Internetseite (%S) hat versucht, HTML5-Canvas-Bilddaten zu extrahieren, die verwendet werden können, um Ihren Rechner eindeutig zu identifizieren. \n\nSoll Tor-Browser es dieser Internetseite erlauben HTML5-Canvas-Bilddaten zu extrahieren? +canvas.notNow=Nicht jetzt +canvas.notNowAccessKey=j +canvas.allow=In der Zukunft erlauben canvas.allowAccessKey=I -canvas.never=Niemals für diese Internetseite +canvas.never=Niemals für diese Internetseite (empfohlen) canvas.neverAccessKey=N diff --git a/src/chrome/locale/es/torbutton.dtd b/src/chrome/locale/es/torbutton.dtd index c60b592..1dcdda7 100644 --- a/src/chrome/locale/es/torbutton.dtd +++ b/src/chrome/locale/es/torbutton.dtd @@ -1,9 +1,9 @@ <!ENTITY torbutton.prefs.title "Preferencias de Torbutton"> -<!ENTITY torbutton.prefs.tor_settings "Configuración para proxy"> +<!ENTITY torbutton.prefs.tor_settings "Configuración del proxy"> <!ENTITY torbutton.prefs.recommended_settings "Usar la configuración para proxy recomendada para mi versión de Firefox"> <!ENTITY torbutton.prefs.use_privoxy "Usar Privoxy"> <!ENTITY torbutton.prefs.use_polipo "Usar Polipo"> -<!ENTITY torbutton.prefs.custom_settings "Usar configuración para proxy personalizada"> +<!ENTITY torbutton.prefs.custom_settings "Usar configuración de proxy personalizada"> <!ENTITY torbutton.prefs.proxy.host.http "Proxy HTTP:"> <!ENTITY torbutton.prefs.proxy.host.https "Proxy SSL:"> <!ENTITY torbutton.prefs.proxy.host.ftp "Proxy FTP:"> @@ -12,7 +12,7 @@ <!ENTITY torbutton.prefs.proxy.port "Puerto:"> <!ENTITY torbutton.about.title "Acerca de Torbutton"> <!ENTITY torbutton.about.version "Versión: "> -<!ENTITY torbutton.about.summary "Protege la privacidad de su navegación a través de Tor"> +<!ENTITY torbutton.about.summary "Protege la privacidad de su navegación a través de Tor."> <!ENTITY torbutton.about.code "Contribuidores al código: "> <!ENTITY torbutton.about.maintainer "Mantenedor:"> <!ENTITY torbutton.about.security_review "Revisión de la seguridad: "> @@ -112,7 +112,7 @@ <!ENTITY torbutton.prefs.tor_tabs "Pestañas cargadas con Tor"> <!ENTITY torbutton.prefs.socks_vfour "SOCKS v4"> <!ENTITY torbutton.prefs.socks_vfive "SOCKS v5"> -<!ENTITY torbutton.prefs.no_proxies_on "Sin proxys para: "> +<!ENTITY torbutton.prefs.no_proxies_on "Sin proxies para: "> <!ENTITY torbutton.prefs.no_proxy_warning "Advertencia: Evite usar los nombres de servidor (host) citados arriba"> <!ENTITY torbutton.prefs.spoofreresh "Simular refresco de página"> <!ENTITY torbutton.prefs.refereroptions "Opciones de simulación del referer (remitente, dirección desde la que accede a la actual)"> @@ -142,7 +142,7 @@ <!ENTITY torbutton.prefs.engine3 "yahoo.com"> <!ENTITY torbutton.prefs.engine4 "startpage.com"> <!ENTITY torbutton.prefs.engine5 "duckduckgo.com"> -<!ENTITY torbutton.prefs.fix_google_srch "Despojar de información de su plataforma e idioma a las consultas en los cuadros de busqueda de Google"> +<!ENTITY torbutton.prefs.fix_google_srch "Despojar de información de su plataforma e idioma a las consultas en los cuadros de búsqueda de Google"> <!ENTITY torbutton.prefs.transparentTor "Torificación transparente (requiere un transproxy personalizado o un router Tor)"> <!ENTITY torbutton.prefs.block_disk "No registrar historial de navegación o datos del sitio web (habilita Modo de Navegación Privada)"> <!ENTITY torbutton.prefs.restrict_thirdparty "Restringir cookies de terceros y otros datos de seguimiento"> diff --git a/src/chrome/locale/es/torbutton.properties b/src/chrome/locale/es/torbutton.properties index ef75962..f40fc06 100644 --- a/src/chrome/locale/es/torbutton.properties +++ b/src/chrome/locale/es/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Complementos (plugins) como Flash pueden daña torbutton.popup.never_ask_again = No volver a preguntar # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Este sitio web (%S) trató de acceder a los metadatos de una imagen. Como los metadatos de la imágenes puede usarse para revelar información acerca de su computadora, en esta ocasión se ha respondido con metadatos en blanco. +canvas.siteprompt=Este sitio web (%s) intentó extraer datos de imagen de un lienzo HTML5, que podrían usarse para identificar de forma única su computadora.\n\n¿Debe permitir el Navegador Tor a este sitio web extraer los datos de imagen de lienzos HTML5? +canvas.notNow=Ahora no +canvas.notNowAccessKey=N canvas.allow=Permitir en el futuro canvas.allowAccessKey=P -canvas.never=Nunca para este sitio +canvas.never=Nunca para este sitio (recomendado) canvas.neverAccessKey=u diff --git a/src/chrome/locale/eu/torbutton.properties b/src/chrome/locale/eu/torbutton.properties index 15b29be..fdff847 100644 --- a/src/chrome/locale/eu/torbutton.properties +++ b/src/chrome/locale/eu/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Flash bezalako pluginek zure pribatutasuna eta torbutton.popup.never_ask_again = Ez nazazu galdetu berriz # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Webgune honek (%S) oihal bateko irudi datuetara sartzen saiatu da. Oihalen irudi datuak zure ordenagailuari buruzko informazioa ezagutzeko erabil daitezkeenez, irudi datu zuria itzuli da oraingoan. -canvas.allow=Baimendu etorkizunean +canvas.siteprompt=This website (%S) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer.\n\nShould Tor Browser allow this website to extract HTML5 canvas image data? +canvas.notNow=Not Now +canvas.notNowAccessKey=N +canvas.allow=Allow in the future canvas.allowAccessKey=A -canvas.never=Inoiz gune honetarako +canvas.never=Never for this site (recommended) canvas.neverAccessKey=e diff --git a/src/chrome/locale/fa/torbutton.properties b/src/chrome/locale/fa/torbutton.properties index ca7da00..811125e 100644 --- a/src/chrome/locale/fa/torbutton.properties +++ b/src/chrome/locale/fa/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = پلاگینها مانند فلش، میتو torbutton.popup.never_ask_again = دیگر هیچگاه این را از من نپرس # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=وب سایت (%S) تلاش کر تا به داده عکس در یک پرده نقاشى دسترسی پیدا کند، از آنجایی که داده عکس پرده نقاشى میتواند برای کشف اطلاعات درباره رایانه شما استفاده شود، این بار داده عکس خالی بازگشت داده شد. -canvas.allow=در آینده اجازه بده +canvas.siteprompt=This website (%S) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer.\n\nShould Tor Browser allow this website to extract HTML5 canvas image data? +canvas.notNow=نه در حال حاضر +canvas.notNowAccessKey=N +canvas.allow=اجازه دهید در آینده canvas.allowAccessKey=A -canvas.never=برای این وب‌سایت، هیچگاه +canvas.never=هرگز برای این سایت (توصیه شده) canvas.neverAccessKey=e diff --git a/src/chrome/locale/fr/torbutton.properties b/src/chrome/locale/fr/torbutton.properties index ecb71e9..870d293 100644 --- a/src/chrome/locale/fr/torbutton.properties +++ b/src/chrome/locale/fr/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Les greffons tels que Flash peuvent nuire à v torbutton.popup.never_ask_again = Ne plus me poser la question. # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Ce site web (%S) a essayé d’accéder aux données d’une image incluse dans un canvas. Puisque ce procédé peut être utilisé pour découvrir des informations concernant votre ordinateur, une image vide a été utilisée à la place cette fois-ci. +canvas.siteprompt=Ce site (%S) tente d'extraire des informations d'image canvas HTML5 qui pourraient être utilisées comme identifiant unique pour votre ordinateur.\n\nTor Browser doit-il autoriser le site à extraire les informations d'image canvas HTML5 ? +canvas.notNow=Pas maintenant +canvas.notNowAccessKey=N canvas.allow=Autoriser à l’avenir canvas.allowAccessKey=A -canvas.never=Jamais pour ce site +canvas.never=Jamais pour ce site (recommandé) canvas.neverAccessKey=e diff --git a/src/chrome/locale/it/torbutton.properties b/src/chrome/locale/it/torbutton.properties index c48a918..34f7671 100644 --- a/src/chrome/locale/it/torbutton.properties +++ b/src/chrome/locale/it/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Alcuni plugin come Flash possono violare la tu torbutton.popup.never_ask_again = Non chiedermelo più # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Questo sito (%S) ha cercato di accedere ad un'immagine in un elemento canvas. Le immagini canvas possono essere usate per scoprire informazioni sul tuo computer, per questo è stata visualizzata un'immagine vuota. -canvas.allow=Permetti in futuro +canvas.siteprompt=Questo sito (%S) tentato di estrarre i dati di immagine HTML5 canvas, che possono essere utilizzati per identificare in modo univoco il computer.\n\nPermettere a Tor Browser di estrarre l'immagine HTML5 canvas per questo sito? +canvas.notNow=Non ora +canvas.notNowAccessKey=N +canvas.allow=acconsenti in futuro canvas.allowAccessKey=A -canvas.never=Mai per questo sito +canvas.never=Mai per questo sito (raccomandato) canvas.neverAccessKey=e diff --git a/src/chrome/locale/ja/torbutton.properties b/src/chrome/locale/ja/torbutton.properties index c2420ae..eda48d7 100644 --- a/src/chrome/locale/ja/torbutton.properties +++ b/src/chrome/locale/ja/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Flashなどのプラグインはあなたの torbutton.popup.never_ask_again = 次からはたずねない # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=このウェブサイト (%S)はキャンバスで画像データにアクセスを試みました。キャンバスのイメージデータはあなたのコンピュータについての情報を発見するために使われる可能性がありますので、今回は空の画像データを返しました。 -canvas.allow=後で許可する +canvas.siteprompt=This website (%S) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer.\n\nShould Tor Browser allow this website to extract HTML5 canvas image data? +canvas.notNow=Not Now +canvas.notNowAccessKey=N +canvas.allow=Allow in the future canvas.allowAccessKey=A -canvas.never=このサイトには使用しない +canvas.never=Never for this site (recommended) canvas.neverAccessKey=e diff --git a/src/chrome/locale/ko/torbutton.properties b/src/chrome/locale/ko/torbutton.properties index 8a452f4..c8f16d1 100644 --- a/src/chrome/locale/ko/torbutton.properties +++ b/src/chrome/locale/ko/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = 플래시와 같은 플러그인들은 당신 torbutton.popup.never_ask_again = 다시는 물어보지 않기 # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=이 웹사이트(%S)는 캔버스(Canvas)에 있는 이미지 데이터에 접근하려 했습니다. 캔버스 이미지 데이터는 귀하의 컴퓨터 정보를 찾아내는 데에 사용될 수 있기 때문에, 이번에 빈 이미지 데이터가 되돌려졌습니다. -canvas.allow=나중에 허용 +canvas.siteprompt=This website (%S) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer.\n\nShould Tor Browser allow this website to extract HTML5 canvas image data? +canvas.notNow=Not Now +canvas.notNowAccessKey=N +canvas.allow=Allow in the future canvas.allowAccessKey=A -canvas.never=이 사이트에서는 절대 금지 +canvas.never=Never for this site (recommended) canvas.neverAccessKey=e diff --git a/src/chrome/locale/nl/torbutton.properties b/src/chrome/locale/nl/torbutton.properties index 6fc64a8..c2e105d 100644 --- a/src/chrome/locale/nl/torbutton.properties +++ b/src/chrome/locale/nl/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = plug-ins zoals flash kunnen u privacy en anoni torbutton.popup.never_ask_again = Vraag me dit nooit meer. # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Deze website (%S) probeerde image data op een canvas te benaderen. Aangezien canvas image data gebruikt kan worden om informatie te verkrijgen over je computer, is deze keer blanco image data teruggemeld. -canvas.allow=Toestaan in de toekomst +canvas.siteprompt=De website (%S) heeft geprobeerd HTML5 canvas image data op te vragen, wat kan gebruikt worden voor een unieke identificatie van je computer.\n\nMoet Tor Browser deze website toestaan om HTML5 canvas image data op te vragen? +canvas.notNow=Niet nu +canvas.notNowAccessKey=N +canvas.allow=Toestaan en onthouden canvas.allowAccessKey=A -canvas.never=Nooit voor deze site +canvas.never=Nooit toestaan voor deze site(aangeraden) canvas.neverAccessKey=e diff --git a/src/chrome/locale/pl/torbutton.properties b/src/chrome/locale/pl/torbutton.properties index 8798190..2b78918 100644 --- a/src/chrome/locale/pl/torbutton.properties +++ b/src/chrome/locale/pl/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Wtyczki takie jak Flash mogą szkodzić Twojej torbutton.popup.never_ask_again = Nie pytaj mnie więcej # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Ta strona (%S) próbowała dostać się do danych obrazu na canvas. Jako że te dane mogą być użyte do odkrycia informacji o Twoim komputerze, na razie został zwrócony pusty obraz. +canvas.siteprompt=Ta strona internetowa (%S) próbowała wydobyć HTML5 canvas danych obrazu, które mogą być wykorzystane w celu identyfikacji Twojego komputera.\n\nCzy chcesz, aby Tor Browser pozwolił tej stronie na wydobycie danych obrazu HTML5 canvas? +canvas.notNow=Nie teraz +canvas.notNowAccessKey=N canvas.allow=Pozwól w przyszłości canvas.allowAccessKey=P -canvas.never=Nigdy dla tej strony +canvas.never=Nigdy dla tej strony (zalecane) canvas.neverAccessKey=i diff --git a/src/chrome/locale/pt/torbutton.properties b/src/chrome/locale/pt/torbutton.properties index fc4ce58..4c920a3 100644 --- a/src/chrome/locale/pt/torbutton.properties +++ b/src/chrome/locale/pt/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Plugins such as Flash can harm your privacy an torbutton.popup.never_ask_again = Never ask me again # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Esta página (%S) tentou aceder a dados de imagem em tela. Porque os dados de imagem em tela podem ser usados para revelar informação acerca do seu computador, neste momento foram devolvidos dados de imagem em branco. -canvas.allow=Permitir no futuro +canvas.siteprompt=Este site (%S) tentou extrair informação HTML5, que pode ser usada para identificar claramente o seu computador.\n\nQuer que o navegador Tor permita que o site extraia a informação HTML5? +canvas.notNow=Agora não +canvas.notNowAccessKey=N +canvas.allow=Permitir de futuro canvas.allowAccessKey=A -canvas.never=Nunca para ESTE SITE +canvas.never=Nunca para este site (recomendado) canvas.neverAccessKey=e diff --git a/src/chrome/locale/ru/torbutton.properties b/src/chrome/locale/ru/torbutton.properties index f0f294d..5339ed1 100644 --- a/src/chrome/locale/ru/torbutton.properties +++ b/src/chrome/locale/ru/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Плагины вроде Flash могут н torbutton.popup.never_ask_again = Больше не спрашивать # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Этот веб-сайт (% S) пытался получить доступ к данным изображения на холсте. Поскольку данные холсте изображение может быть использовано для получения информации о вашем компьютере, пустые данные изображения были возвращены на этот раз. -canvas.allow=Позволит в будущем +canvas.siteprompt=This website (%S) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer.\n\nShould Tor Browser allow this website to extract HTML5 canvas image data? +canvas.notNow=Not Now +canvas.notNowAccessKey=N +canvas.allow=Allow in the future canvas.allowAccessKey=A -canvas.never=Никогда для этого сайта +canvas.never=Never for this site (recommended) canvas.neverAccessKey=e diff --git a/src/chrome/locale/sv/torbutton.properties b/src/chrome/locale/sv/torbutton.properties index a08b3de..aab3f2f 100644 --- a/src/chrome/locale/sv/torbutton.properties +++ b/src/chrome/locale/sv/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Insticksmoduler så som Flash kan äventyra di torbutton.popup.never_ask_again = Fråga aldrig igen # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Denna webbsida (%S) försökte komma åt bild data på ett kanvas. Eftersom kanvas bild data kan användas för att upptäcka information om din dator skickades vi tom bild data denna gång. -canvas.allow=Tillåt i Framtiden +canvas.siteprompt=This website (%S) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer.\n\nShould Tor Browser allow this website to extract HTML5 canvas image data? +canvas.notNow=Not Now +canvas.notNowAccessKey=N +canvas.allow=Allow in the future canvas.allowAccessKey=A -canvas.never=Aldrig för Denna Sida +canvas.never=Never for this site (recommended) canvas.neverAccessKey=e diff --git a/src/chrome/locale/tr/torbutton.dtd b/src/chrome/locale/tr/torbutton.dtd index 7d5293d..3b2975e 100644 --- a/src/chrome/locale/tr/torbutton.dtd +++ b/src/chrome/locale/tr/torbutton.dtd @@ -1,5 +1,5 @@ <!ENTITY torbutton.prefs.title "Ayarlar"> -<!ENTITY torbutton.prefs.tor_settings "Vekıl Sunucu Ayarları"> +<!ENTITY torbutton.prefs.tor_settings "Vekil Sunucu Ayarları"> <!ENTITY torbutton.prefs.recommended_settings "Firefox'umda önerilen vekil sunucu ayarlarını kullan"> <!ENTITY torbutton.prefs.use_privoxy "Privoxy'i kullan"> <!ENTITY torbutton.prefs.use_polipo "Polipo'yu kullan"> @@ -30,7 +30,7 @@ <!ENTITY torbutton.context_menu.preferences.key "A"> <!ENTITY torbutton.context_menu.about "Hakkında"> <!ENTITY torbutton.context_menu.about.key "H"> -<!ENTITY torbutton.context_menu.networksettings "Ağ seçeneklerini aç."> +<!ENTITY torbutton.context_menu.networksettings "Ağ Ayarlarını Aç..."> <!ENTITY torbutton.context_menu.networksettings.key "S"> <!ENTITY torbutton.context_menu.downloadUpdate "Tor Tarayıcı Destesi güncelleştirmesini yükleyin."> <!ENTITY torbutton.context_menu.downloadUpdate.key "H"> @@ -120,7 +120,7 @@ <!ENTITY torbutton.prefs.spoofroot "Geçerli klasör için aldatmaca kullan"> <!ENTITY torbutton.prefs.spoofdomain "Referans olarak alanı aldat"> <!ENTITY torbutton.prefs.spoofblank "Spoof blank referer during Tor usage (may break some sites)"> -<!ENTITY torbutton.cookiedialog.title "Çerez korumasını yönet"> +<!ENTITY torbutton.cookiedialog.title "Çerez Korumasını Yönet"> <!ENTITY torbutton.cookiedialog.lockCol "Korunmuş"> <!ENTITY torbutton.cookiedialog.domainCol "Sunucu"> <!ENTITY torbutton.cookiedialog.nameCol "İsim"> diff --git a/src/chrome/locale/tr/torbutton.properties b/src/chrome/locale/tr/torbutton.properties index db32a46..b857f82 100644 --- a/src/chrome/locale/tr/torbutton.properties +++ b/src/chrome/locale/tr/torbutton.properties @@ -34,7 +34,7 @@ torbutton.popup.captcha.ask = Google Captcha algılandı. Aramana devam etmek i torbutton.popup.captcha.always = Bu ayarı şu andan itibaren sürekli hale getir\n torbutton.popup.redirect = Yönlendir torbutton.popup.no_redirect = Yönlendirme -torbutton.popup.prompted_language = Daha fazla gizlilik icin, Torbutton sayfaların İngilizce versiyonlarını göstermeye çalışır. Bu özellik sayfaları anadilinizde görememenize sebep olabilir.\n\nSiz de daha fazla gizlilik için sayfaların İngilizce versiyonarını görüntülemek ister misiniz? +torbutton.popup.prompted_language = Daha fazla gizlilik icin, Torbutton sayfaların İngilizce versiyonlarını göstermeye çalışır. Bu özellik sayfaları ana dilinizde görememenize sebep olabilir.\n\nSiz de daha fazla gizlilik için sayfaların İngilizce sürümlerini görüntülemek ister misiniz? torbutton.popup.no_newnym = Torbutton size güvenli yeni bir kimlik sağlayamadı. Tor Control Port una giriş yapılamıyor.\n\nTor Browser Bundle nin çalıştığından emin olun. torbutton.popup.use_tbb = Görünüşe göre Torbutton'ı Firefox ile kullanıyorsunuz, bu tavsiye edilen bir güvenlik ayarlaması değildir.\n\nAslında, Size tavsiyemiz Tor Tarayıcısını gettor(a)torproject.org adresine e-posta göndererek veya şu adrese girerek edinmenizdir. torbutton.popup.pref_error = Torbutton, Tor Browser profil klasörünün içinde seçenekleri güncelleyemez. @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Flash gibi eklentiler gizliliğinizi ve anonim torbutton.popup.never_ask_again = Bir daha sorma # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=Bu web sitesi (%S) canvas'daki resim verisini erişmeye çalıştı. Canvas resim verisi bilgisayarınız hakkında bilgi almak için kullanılabileceğinden bu sefer boş resim verisi gönderildi. -canvas.allow=Gelecekte izin ver +canvas.siteprompt=Bu web sitesi (%S) bilgisayarınızı benzersiz olarak tanımlayabilmek için kullanılabilen HTML5 tuvalindeki resim verisine erişmeye çalıştı.\n\nTor Tarayıcı bu web sitesine HTML5 tuval resim verisini çıkarmasına izin vermeli mi? +canvas.notNow=Şimdi Değil +canvas.notNowAccessKey=H +canvas.allow=İleride izin ver canvas.allowAccessKey=H -canvas.never=Bu site için asla +canvas.never=Bu site için asla (önerilen) canvas.neverAccessKey=a diff --git a/src/chrome/locale/vi/torbutton.properties b/src/chrome/locale/vi/torbutton.properties index d500589..20b1f61 100644 --- a/src/chrome/locale/vi/torbutton.properties +++ b/src/chrome/locale/vi/torbutton.properties @@ -48,8 +48,10 @@ torbutton.popup.confirm_plugins = Plugins such as Flash can harm your privacy an torbutton.popup.never_ask_again = Never ask me again # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=This website (%S) attempted to access image data on a canvas. Since canvas image data can be used to discover information about your computer, blank image data was returned this time. -canvas.allow=Allow in the Future +canvas.siteprompt=This website (%S) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer.\n\nShould Tor Browser allow this website to extract HTML5 canvas image data? +canvas.notNow=Not Now +canvas.notNowAccessKey=N +canvas.allow=Allow in the future canvas.allowAccessKey=T -canvas.never=Never for This Site +canvas.never=Never for this site (recommended) canvas.neverAccessKey=e diff --git a/src/chrome/locale/zh-CN/aboutTor.dtd b/src/chrome/locale/zh-CN/aboutTor.dtd index 8e84ded..3e2cff4 100644 --- a/src/chrome/locale/zh-CN/aboutTor.dtd +++ b/src/chrome/locale/zh-CN/aboutTor.dtd @@ -18,7 +18,7 @@ <!ENTITY aboutTor.failure.label "出错了！"> <!ENTITY aboutTor.failure2.label "Tor 无法在该浏览器下运行。"> <!ENTITY aboutTor.failure3prefix.label "如需帮助，请联系："> -<!ENTITY aboutTor.failure3Link "help(a)rt.torproject.org"> +<!ENTITY aboutTor.failure3Link "help-zh(a)rt.torproject.org"> <!ENTITY aboutTor.failure3suffix.label "。"> <!ENTITY aboutTor.search.label "安全的搜索引擎"> diff --git a/src/chrome/locale/zh-CN/torbutton.dtd b/src/chrome/locale/zh-CN/torbutton.dtd index 2b1894e..06ab662 100644 --- a/src/chrome/locale/zh-CN/torbutton.dtd +++ b/src/chrome/locale/zh-CN/torbutton.dtd @@ -3,7 +3,7 @@ <!ENTITY torbutton.prefs.recommended_settings "该版本的 Firefox 使用推荐代理设置"> <!ENTITY torbutton.prefs.use_privoxy "使用 Privoxy"> <!ENTITY torbutton.prefs.use_polipo "使用 Polipo"> -<!ENTITY torbutton.prefs.custom_settings "使用自定义代理设置"> +<!ENTITY torbutton.prefs.custom_settings "自定义代理设置"> <!ENTITY torbutton.prefs.proxy.host.http "HTTP 代理："> <!ENTITY torbutton.prefs.proxy.host.https "SSL 代理："> <!ENTITY torbutton.prefs.proxy.host.ftp "FTP 代理："> @@ -16,12 +16,12 @@ <!ENTITY torbutton.about.code "代码贡献者："> <!ENTITY torbutton.about.maintainer "维护人员："> <!ENTITY torbutton.about.security_review "安全评审："> -<!ENTITY torbutton.about.donate "如果喜欢使用 Tor，你可以"> +<!ENTITY torbutton.about.donate "如果喜欢使用 Tor，你可以考虑"> <!ENTITY torbutton.about.make_donation "给予捐赠。"> <!ENTITY torbutton.pref_connection.notice "禁止 Torbutton 更改这些设置。"> <!ENTITY torbutton.pref_connection.more_info "更多信息"> <!ENTITY torbutton.pref_connection_more_info.title "帮助"> -<!ENTITY torbutton.pref_connection_more_info.text "Torbutton 当前已启用。如需对 Tor 之外的代理设置进行更改，请禁用 Torbutton 后再返回这里。如需更改Tor 的设置，请在 Torbutton 首选项窗口中进行设置。"> +<!ENTITY torbutton.pref_connection_more_info.text "Torbutton 当前已启用。如需对 Tor 之外的代理设置进行更改，请禁用 Torbutton 后再返回这里。如需更改 Tor 的设置，请在 Torbutton 首选项窗口中进行设置。"> <!ENTITY torbutton.context_menu.new_identity "新标识"> <!ENTITY torbutton.context_menu.new_identity_key "I"> <!ENTITY torbutton.context_menu.toggle "切换 Tor 状态"> @@ -36,11 +36,11 @@ <!ENTITY torbutton.context_menu.downloadUpdate.key "U"> <!ENTITY torbutton.context_menu.cookieProtections "Cookie 保护"> <!ENTITY torbutton.context_menu.cookieProtections.key "C"> -<!ENTITY torbutton.context_menu.copyTor "复制 Tor URL"> +<!ENTITY torbutton.context_menu.copyTor "复制 Tor 网址"> <!ENTITY torbutton.context_menu.copyTor.key "p"> -<!ENTITY torbutton.context_menu.openTorTab "在新标签页中打开 Tor URL"> +<!ENTITY torbutton.context_menu.openTorTab "在新标签页中打开 Tor 网址"> <!ENTITY torbutton.context_menu.openTorTab.key "r"> -<!ENTITY torbutton.context_menu.openTorWindow "在新窗口中打开 Tor URL"> +<!ENTITY torbutton.context_menu.openTorWindow "在新窗口中打开 Tor 网址"> <!ENTITY torbutton.context_menu.openTorWindow.key "d"> <!ENTITY torbutton.button.label "Torbutton"> <!ENTITY torbutton.button.tooltip "点此初始化 Torbutton"> @@ -52,9 +52,9 @@ <!ENTITY torbutton.prefs.clear_history "切换 Tor 状态时清除历史记录（可选）"> <!ENTITY torbutton.prefs.clear_cache "切换 Tor 时禁用磁盘缓存并清除所有缓存"> <!ENTITY torbutton.prefs.block_cache "使用 Tor 时禁止访问磁盘和内存缓存"> -<!ENTITY torbutton.prefs.cookie_jars "在受保护的 jar 中保存 Tor 之外的 Cookie"> -<!ENTITY torbutton.prefs.cookie_protection "请在 Cookie 隐私保护对话框内选择"> -<!ENTITY torbutton.prefs.mmm_cookies "手动管理我的 cookies （危险）"> +<!ENTITY torbutton.prefs.cookie_jars "在受保护的 jar 中保存 Tor 之外的 cookie"> +<!ENTITY torbutton.prefs.cookie_protection "请在 cookie 隐私保护对话框内选择"> +<!ENTITY torbutton.prefs.mmm_cookies "手动管理 cookie （危险）"> <!ENTITY torbutton.prefs.clear_cookies "切换 Tor 时清除 cookie"> <!ENTITY torbutton.prefs.disable_plugins "使用 Tor 时禁用插件（重要）"> <!ENTITY torbutton.prefs.kill_bad_js "挂勾危险的 Java 脚本（重要）"> @@ -62,21 +62,21 @@ <!ENTITY torbutton.prefs.no_updates "使用 Tor 时禁用浏览器更新"> <!ENTITY torbutton.prefs.set_uagent "使用 Tor 作为用户代理设置（重要）"> <!ENTITY torbutton.prefs.dynamic "动态网页内容"> -<!ENTITY torbutton.prefs.cookies "Cookies"> +<!ENTITY torbutton.prefs.cookies "Cookie"> <!ENTITY torbutton.prefs.cache "缓存"> <!ENTITY torbutton.prefs.history "历史"> <!ENTITY torbutton.prefs.no_search "使用 Tor 时禁用搜索建议（推荐）"> <!ENTITY torbutton.prefs.shutdown "关闭"> -<!ENTITY torbutton.prefs.tor_shutdown "通过 Tor 启动的浏览器关闭时清除 Cookies"> -<!ENTITY torbutton.prefs.all_shutdown "任何浏览器关闭时都清除 cookies"> +<!ENTITY torbutton.prefs.tor_shutdown "通过 Tor 启动的浏览器关闭时清除 cookie"> +<!ENTITY torbutton.prefs.all_shutdown "任何浏览器关闭时都清除 cookie"> <!ENTITY torbutton.prefs.no_shutdown "关闭时不清除 cookies"> <!ENTITY torbutton.prefs.disable_sessionstore "禁用 Firefox 的会话保存（推荐）"> <!ENTITY torbutton.prefs.headers "Header"> <!ENTITY torbutton.prefs.spoof_english "伪装浏览器语言为美国英语"> <!ENTITY torbutton.prefs.refererspoofing "伪造 Referer"> -<!ENTITY torbutton.prefs.spoofblank "Spoof blank referer during Tor usage (may break some sites)"> +<!ENTITY torbutton.prefs.spoofblank "使用 Tor 时伪造空白 Referer（可能造成某些网站显示异常）"> <!ENTITY torbutton.prefs.smartspoof "使用 Tor 时伪造智能 Referer（伪造跨域 Referer）"> -<!ENTITY torbutton.prefs.nospoof "No referer spoof during Tor usage (sends referers as normal)"> +<!ENTITY torbutton.prefs.nospoof "使用Tor 时不使用伪造 Rererer（发送正常 Referer）"> <!ENTITY torbutton.prefs.disable_domstorage "使用 Tor 时禁止存储浏览器的 DOM（重要）"> <!ENTITY torbutton.prefs.forms "表单"> <!ENTITY torbutton.prefs.block_tforms "使用 Tor 时禁止保存密码和表单（推荐）"> @@ -86,7 +86,7 @@ <!ENTITY torbutton.prefs.restore_tor "恢复浏览器会话时，设置 Tor 的状态为："> <!ENTITY torbutton.prefs.startup_tor "浏览器启动时,设置 Tor 的状态为:"> <!ENTITY torbutton.prefs.reload_crashed_jar "Firefox 崩溃后重载 cookie jar/清除 cookie（推荐）"> -<!ENTITY torbutton.prefs.dual_cookie_jars "在受保护的 jar 文件中同时保存使用 Tor 和停用 Tor 时的 cookies（危险）"> +<!ENTITY torbutton.prefs.dual_cookie_jars "在受保护的 jar 文件中同时保存使用 Tor 和停用 Tor 时的 cookie（危险）"> <!ENTITY torbutton.prefs.clear_http_auth "清除 HTTP 认证会话（推荐）"> <!ENTITY torbutton.prefs.block_js_history "Tor 状态变化后限制在先前状态下已浏览的网页间进行跳转（重要）"> <!ENTITY torbutton.prefs.resize_on_toggle "使用 Tor 时调整窗口大小为 50 像素的倍数（推荐）"> @@ -104,7 +104,7 @@ <!ENTITY torbutton.prefs.restore_defaults "恢复默认设置"> <!ENTITY torbutton.prefs.test_settings "测试代理设置"> <!ENTITY torbutton.prefs.test_auto "每次启动 Firefox 后进行首次切换时自动验证 Tor 设置"> -<!ENTITY torbutton.prefs.disable_livemarks "Disable livemarks updates during Tor usage"> +<!ENTITY torbutton.prefs.disable_livemarks "使用 Tor 时禁用 Livemark（RSS书签）更新"> <!ENTITY torbutton.prefs.tor_memory_jar "使用 Tor 时不将 Cookie 写入磁盘"> <!ENTITY torbutton.prefs.nontor_memory_jar "停用 Tor 时不将 Cookie 写入磁盘"> <!ENTITY torbutton.prefs.session_restore "让 Firefox 的会话保存功能保存并恢复如下标签页："> @@ -116,10 +116,10 @@ <!ENTITY torbutton.prefs.no_proxy_warning "警告：请不要使用上述任何主机名。"> <!ENTITY torbutton.prefs.spoofreresh "伪造刷新"> <!ENTITY torbutton.prefs.refereroptions "Referer 欺骗选项"> -<!ENTITY torbutton.prefs.nospoof "No referer spoof during Tor usage (sends referers as normal)"> +<!ENTITY torbutton.prefs.nospoof "使用Tor 时不使用伪造 Rererer（发送正常 Referer）"> <!ENTITY torbutton.prefs.spoofroot "伪造包含文件夹的页面"> <!ENTITY torbutton.prefs.spoofdomain "伪造域名作为 Referer"> -<!ENTITY torbutton.prefs.spoofblank "Spoof blank referer during Tor usage (may break some sites)"> +<!ENTITY torbutton.prefs.spoofblank "使用 Tor 时伪造空白 Referer（可能造成某些网站显示异常）"> <!ENTITY torbutton.cookiedialog.title "管理受保护的 Cookie"> <!ENTITY torbutton.cookiedialog.lockCol "受保护"> <!ENTITY torbutton.cookiedialog.domainCol "服务器"> @@ -129,9 +129,9 @@ <!ENTITY torbutton.cookiedialog.removeCookie "移除 Cookie"> <!ENTITY torbutton.cookiedialog.unprotectCookie "停止保护 Cookie"> <!ENTITY torbutton.cookiedialog.removeAllBut "全部移除仅保留受保护的 Cookie"> -<!ENTITY torbutton.cookiedialog.saveAllCookies "保护新的 Cookies"> -<!ENTITY torbutton.cookiedialog.doNotSaveAllCookies "不保护新的 Cookies"> -<!ENTITY torbutton.prefs.disable_livemarks "Disable livemarks updates during Tor usage"> +<!ENTITY torbutton.cookiedialog.saveAllCookies "保护新的 Cookie"> +<!ENTITY torbutton.cookiedialog.doNotSaveAllCookies "不保护新的 Cookie"> +<!ENTITY torbutton.prefs.disable_livemarks "使用 Tor 时禁用 Livemark（RSS书签）更新"> <!ENTITY torbutton.prefs.dtd_recommended "（推荐）"> <!ENTITY torbutton.prefs.dtd_optional "（可选）"> <!ENTITY torbutton.prefs.dtd_crucial "（重要）"> diff --git a/src/chrome/locale/zh-CN/torbutton.properties b/src/chrome/locale/zh-CN/torbutton.properties index cb46ace..619b638 100644 --- a/src/chrome/locale/zh-CN/torbutton.properties +++ b/src/chrome/locale/zh-CN/torbutton.properties @@ -15,7 +15,7 @@ torbutton.popup.toggle.warning = 您需要切换 Tor 或重新启动您的设置 torbutton.popup.test.success = Tor 代理测试成功！ torbutton.popup.test.failure = Tor 代理测试失败！请检查您的代理和 Polipo 设置。 torbutton.popup.test.confirm_toggle = 上一次 Tor 代理测试失败。\n\n您还要启用代理吗？\n\n注意：如果您已经解决了代理问题，请打开 Torbutton 代理设置窗口，消除此警告。 -torbutton.popup.test.ff3_notice = 单击确定测试 Tor 的代理设置。测试将在后台进行。请耐心等待。 +torbutton.popup.test.ff3_notice = 单击“确定”测试 Tor 的代理设置。测试将在后台进行，请耐心等待。 torbutton.panel.label.verified = Tor 验证通过 torbutton.popup.test.auto_failed = Tor 未通过自动代理测试。\n\n您确定要继续启用吗？ torbutton.prefs.recommended = (推荐) @@ -40,16 +40,18 @@ torbutton.popup.use_tbb = 您似乎正在 Firefox 中使用 Torbutton，而我 torbutton.popup.pref_error = Torbutton 无法更新 Tor 浏览器配置目录中的配置。 torbutton.popup.permission_denied = 请重置 Tor 浏览器目录的文件权限或将其复制到一个新位置。 torbutton.popup.device_full = 硬盘空间已满。请释放一些空间或将 Tor 浏览器移动至其他新设备。 -torbutton.title.prompt_torbrowser = 重要的Torbutton的信息 +torbutton.title.prompt_torbrowser = Torbutton 重要信息 torbutton.popup.prompt_torbrowser = Torbutton 工作方式有所改变：它不再支持临时关闭。\n\n做出这种改变是因为在非匿名浏览的浏览器中，同时使用 Torbutton 并不安全。有太多无法克服的错误。\n\n如果您希望正常使用 Firefox ，请卸载 Torbutton 插件，下载 Tor 浏览器套件。Tor 浏览器的隐私特性优于普通的 Firefox ，即使Firefox中使用了Torbutton。\n\n移除 Torbutton，请到工具Tools->附加组件Addons->扩展Extensions 中，在 Torbutton 旁点击卸载。 -torbutton.popup.short_torbrowser = Torbutton的重要信息\n\nTorbutton的是現在始終處於啟用狀態\n\n點擊Torbutton的更多信息 +torbutton.popup.short_torbrowser = Torbutton的重要信息！\n\nTorbutton 目前已知处于启用状态。\n\n点击 Torbutton 获取更多信息。 torbutton.popup.confirm_plugins = Flash 之类的插件可对用户的隐私与匿名性造成危害。\n\n它们还可能绕过 Tor 而泄漏用户的当前位置和 IP 地址。\n\n是否确定启用插件？\n\n torbutton.popup.never_ask_again = 不再询问 # Canvas permission prompt. Strings are kept here for ease of translation. -canvas.siteprompt=此网站(%S)试图访问画布上的图像数据。因为画布上的数据可以被用来侦测您的电脑信息，所以 Torbutton 这次返回了空白图像数据。 -canvas.allow=以后允许 +canvas.siteprompt=此网站 (%S) 试图获取 HTML5 Canva 图像数据，该数据可用作你所用计算机的唯一标识。\n\nTor Browser 是否应允许此网站获取 HTML5 Canva 图像数据？ +canvas.notNow=暂不 +canvas.notNowAccessKey=N +canvas.allow=以后一直允许 canvas.allowAccessKey=A -canvas.never=禁止此站点 +canvas.never=永不允许此网站（推荐） canvas.neverAccessKey=e

1 0

[torbutton/master] Add changelog and bump version for 1.6.12.1.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit de3791281953327f0472e6e9313e184a7aab2be1 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Aug 29 00:54:29 2014 -0700 Add changelog and bump version for 1.6.12.1. --- src/CHANGELOG | 5 +++++ src/install.rdf | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/CHANGELOG b/src/CHANGELOG index 5b35a6a..0943687 100644 --- a/src/CHANGELOG +++ b/src/CHANGELOG @@ -1,3 +1,8 @@ +1.6.12.1 + 1 Sep 2014 + * Bug 12684: Add `canvas.notNow` UI strings to torbutton.properties file. + * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org. + 1.6.12.0 4 Aug 2014 * Bug 9531: Workaround to avoid rare hangs during New Identity diff --git a/src/install.rdf b/src/install.rdf index f8c0f97..de66e4e 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -6,7 +6,7 @@ <em:name>Torbutton</em:name> <em:creator>Mike Perry</em:creator> <em:id>torbutton(a)torproject.org</em:id> - <em:version>1.6.12.0</em:version> + <em:version>1.6.12.1</em:version> <em:homepageURL>https://www.torproject.org/projects/torbrowser.html.en</em:homepageURL> <em:optionsURL>chrome://torbutton/content/preferences.xul</em:optionsURL> <em:iconURL>chrome://torbutton/skin/tor.png</em:iconURL>

1 0

[tor-browser/tor-browser-24.7.0esr-3.x-1] Backport two integer overflow patches.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit d765da2ed5b5724a1adc4d8e73a552cbc0fe033d Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Aug 28 16:04:57 2014 -0700 Backport two integer overflow patches. https://hg.mozilla.org/mozilla-central/rev/14ad832ecbcd https://hg.mozilla.org/mozilla-central/rev/c00387255d25 https://bugzilla.mozilla.org/show_bug.cgi?id=922603 https://bugzilla.mozilla.org/show_bug.cgi?id=811122 --- image/src/imgFrame.cpp | 10 +++------- js/src/vm/Interpreter-inl.h | 8 ++------ 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/image/src/imgFrame.cpp b/image/src/imgFrame.cpp index c1b4022..33d1b3a 100644 --- a/image/src/imgFrame.cpp +++ b/image/src/imgFrame.cpp @@ -19,6 +19,7 @@ static bool gDisableOptimize = false; #include "cairo.h" #include "GeckoProfiler.h" #include "mozilla/Likely.h" +#include "mozilla/CheckedInt.h" #if defined(XP_WIN) @@ -54,13 +55,8 @@ static bool AllowedImageSize(int32_t aWidth, int32_t aHeight) } // check to make sure we don't overflow a 32-bit - int32_t tmp = aWidth * aHeight; - if (MOZ_UNLIKELY(tmp / aHeight != aWidth)) { - NS_WARNING("width or height too large"); - return false; - } - tmp = tmp * 4; - if (MOZ_UNLIKELY(tmp / 4 != aWidth * aHeight)) { + CheckedInt32 requiredBytes = CheckedInt32(aWidth) * CheckedInt32(aHeight) * 4; + if (MOZ_UNLIKELY(!requiredBytes.isValid())) { NS_WARNING("width or height too large"); return false; } diff --git a/js/src/vm/Interpreter-inl.h b/js/src/vm/Interpreter-inl.h index b5818e4..0a665d1 100644 --- a/js/src/vm/Interpreter-inl.h +++ b/js/src/vm/Interpreter-inl.h @@ -368,13 +368,9 @@ AddOperation(JSContext *cx, HandleScript script, jsbytecode *pc, { if (lhs.isInt32() && rhs.isInt32()) { int32_t l = lhs.toInt32(), r = rhs.toInt32(); - int32_t sum = l + r; - if (JS_UNLIKELY(bool((l ^ sum) & (r ^ sum) & 0x80000000))) { - res->setDouble(double(l) + double(r)); + double d = double(l) + double(r); + if (!res->setNumber(d)) types::TypeScript::MonitorOverflow(cx, script, pc); - } else { - res->setInt32(sum); - } return true; }

1 0

[tor-browser/tor-browser-24.7.0esr-3.x-1] fixup! Backport two integer overflow patches.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit cd9904f907ef4c248cca64efbc1f04bcc76e835b Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Aug 28 18:30:06 2014 -0700 fixup! Backport two integer overflow patches. These are in the mozilla namespace. --- image/src/imgFrame.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/src/imgFrame.cpp b/image/src/imgFrame.cpp index 33d1b3a..0e2ef3f 100644 --- a/image/src/imgFrame.cpp +++ b/image/src/imgFrame.cpp @@ -55,7 +55,7 @@ static bool AllowedImageSize(int32_t aWidth, int32_t aHeight) } // check to make sure we don't overflow a 32-bit - CheckedInt32 requiredBytes = CheckedInt32(aWidth) * CheckedInt32(aHeight) * 4; + mozilla::CheckedInt32 requiredBytes = mozilla::CheckedInt32(aWidth) * mozilla::CheckedInt32(aHeight) * 4; if (MOZ_UNLIKELY(!requiredBytes.isValid())) { NS_WARNING("width or height too large"); return false;

1 0

[tor-browser/esr24] No bug, Automated blocklist update from host bld-linux64-spot-111 - a=blocklist-update
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 815dfecb8f7aaf622b3ec271d21091cc9f54fbcf Author: ffxbld <none@none> Date: Sat Aug 16 03:14:27 2014 -0700 No bug, Automated blocklist update from host bld-linux64-spot-111 - a=blocklist-update --- browser/app/blocklist.xml | 676 +++++++++++++++++++++++---------------------- 1 file changed, 344 insertions(+), 332 deletions(-) diff --git a/browser/app/blocklist.xml b/browser/app/blocklist.xml index 2e455a6..e2eeda0 100644 --- a/browser/app/blocklist.xml +++ b/browser/app/blocklist.xml @@ -1,171 +1,171 @@ <?xml version="1.0"?> -<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1407370380000"> +<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1407886026000"> <emItems> <emItem blockID="i454" id="sqlmoz(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i58" id="webmaster(a)buzzzzvideos.info"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i652" id="garg_sms(a)yahoo.in"> <versionRange minVersion="67.9" maxVersion="67.9" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i71" id="youtube(a)2youtube.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i404" id="{a9bb9fa0-4122-4c75-bd9a-bc27db3f9155}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i8" id="{B13721C7-F507-4982-B2E5-502A71474FED}"> <versionRange minVersion=" " severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i646" id="{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}"> <versionRange minVersion="178.7.0" maxVersion="178.7.0" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i684" id="{9edd0ea8-2819-47c2-8320-b007d5996f8a}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> <pref>browser.search.defaultenginename</pref> </prefs> </emItem> <emItem blockID="i107" os="WINNT" id="{ABDE892B-13A8-4d1b-88E6-365A6E755758}"> <versionRange minVersion="0" maxVersion="15.0.5" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i88" id="anttoolbar(a)ant.com"> <versionRange minVersion="2.4.6.4" maxVersion="2.4.6.4" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i484" id="plugin(a)getwebcake.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i688" id="firefox-extension(a)mozilla.org"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i65" id="activity(a)facebook.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i527" id="/^({bfec236d-e122-4102-864f-f5f19d897f5e}|{3f842035-47f4-4f10-846b-6199b07f09b8}|{92ed4bbd-83f2-4c70-bb4e-f8d3716143fe})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i535" id="/^ext(a)WebexpEnhancedV1alpha[0-9]+\.net$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i105" id="{95ff02bc-ffc6-45f0-a5c8-619b8226a9de}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i626" id="{20AD702C-661E-4534-8CE9-BA4EC9AD6ECC}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i20" id="{AB2CE124-6272-4b12-94A9-7303C7397BD1}"> <versionRange minVersion="0.1" maxVersion="5.2.0.7164" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i506" id="/^ext@bettersurfplus/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i400" id="{dd6b651f-dfb9-4142-b0bd-09912ad22674}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i488" id="jid1-4P0kohSJxU1qGg@jetpack"> <versionRange minVersion="1.2.50" maxVersion="1.2.50" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i578" id="jid1-XLjasWL55iEE1Q@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i674" id="crossriderapp12555(a)crossrider.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i529" id="/^(torntv@torntv\.com|trtv3@trtv\.com|torntv2@torntv\.com|e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707\.com)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i486" id="xz123(a)ya456.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i392" id="{EEE6C361-6118-11DC-9C72-001320C79847}"> <versionRange minVersion="0" maxVersion="1.7.999" severity="1"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="1"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i406" id="{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i4" id="{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"> @@ -174,13 +174,13 @@ <versionRange minVersion="3.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i492" id="{af95cc15-3b9b-45ae-8d9b-98d08eda3111}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i24" id="{6E19037A-12E3-4295-8915-ED48BC341614}"> @@ -189,67 +189,67 @@ <versionRange minVersion="3.7a1pre" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i64" id="royal(a)facebook.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i72" os="WINNT" id="{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"> <versionRange minVersion="3.4.1" maxVersion="3.4.1.194" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i100" id="{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}"> <versionRange minVersion="2.5.0" maxVersion="2.5.0" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i77" id="{fa277cfc-1d75-4949-a1f9-4ac8e41b2dfd}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i40" id="{28387537-e3f9-4ed7-860c-11e69af4a8a0}"> <versionRange minVersion="0.1" maxVersion="4.3.1.00" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i491" id="{515b2424-5911-40bd-8a2c-bdb20286d8f5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i498" id="hoverst(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i127" id="plugin(a)youtubeplayer.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i430" id="1chtw(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i78" id="socialnetworktools(a)mozilla.doslash.org"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i238" id="/^pink@.*\.info$/"> @@ -258,136 +258,136 @@ <versionRange minVersion="18.0" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i516" id="/^({3f3cddf8-f74d-430c-bd19-d2c9147aed3d}|{515b2424-5911-40bd-8a2c-bdb20286d8f5}|{17464f93-137e-4646-a0c6-0dc13faf0113}|{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}|{aad50c91-b136-49d9-8b30-0e8d3ead63d0})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i630" id="webbooster(a)iminent.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> <pref>browser.startup.homepage</pref> <pref>browser.search.defaultenginename</pref> </prefs> </emItem> <emItem blockID="i7" id="{2224e955-00e9-4613-a844-ce69fccaae91}"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i174" id="info(a)thebflix.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i478" id="{7e8a1050-cf67-4575-92df-dcc60e7d952d}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i582" id="discoverypro(a)discoverypro.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i670" id="/^({ad9a41d2-9a49-4fa6-a79e-71a0785364c8})|(ffxtlbr(a)mysearchdial\.com)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> <pref>browser.search.defaultenginename</pref> </prefs> </emItem> <emItem blockID="i93" id="{68b8676b-99a5-46d1-b390-22411d8bcd61}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i596" id="{b99c8534-7800-48fa-bd71-519a46cdc7e1}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i140" id="mozillahmpg(a)mozilla.org"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i500" id="{2aab351c-ad56-444c-b935-38bffe18ad26}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i494" id="/^({e9df9360-97f8-4690-afe6-996c80790da4}|{687578b9-7132-4a7a-80e4-30ee31099e03}|{46a3135d-3683-48cf-b94c-82655cbc0e8a}|{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}|{7473b6bd-4691-4744-a82b-7854eb3d70b6}|{96f454ea-9d38-474f-b504-56193e00c1a5})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i467" id="plugin(a)analytic-s.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i47" id="youtube(a)youtube2.com"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i640" id="jid0-l9BxpNUhx1UUgRfKigWzSfrZqAc@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i360" id="ytd(a)mybrowserbar.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i5" id="support(a)daemon-tools.cc"> <versionRange minVersion=" " maxVersion="1.0.0.5"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i436" id="/(\{7aeae561-714b-45f6-ace3-4a8aed6e227b\})|(\{01e86e69-a2f8-48a0-b068-83869bdba3d0\})|(\{77f5fe49-12e3-4cf5-abb4-d993a0164d9e\})/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i97" id="support3_en(a)adobe122.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i342" id="lbmsrvfvxcblvpane(a)lpaezhjez.org"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i481" id="{B40794A0-7477-4335-95C5-8CB9BBC5C4A5}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i11" id="yslow(a)yahoo-inc.com"> @@ -396,241 +396,241 @@ <versionRange minVersion="3.5.7" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i62" id="jid0-EcdqvFOgWLKHNJPuqAnawlykCGZ@jetpack"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i624" id="/^({b95faac1-a3d7-4d69-8943-ddd5a487d966}|{ecce0073-a837-45a2-95b9-600420505f7e}|{2713b394-286f-4d7c-89ea-4174eeab9f5a}|{da7a20cf-bef4-4342-ad78-0240fdf87055})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i472" id="linksicle(a)linksicle.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i99" id="pfzPXmnzQRXX6(a)2iABkVe.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i66" id="youtubeer(a)youtuber.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i438" id="{02edb56b-9b33-435b-b7df-b2843273a694}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i450" id="{dff137ae-1ffd-11e3-8277-b8ac6f996f26}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i521" id="/^({66b103a7-d772-4fcd-ace4-16f79a9056e0}|{6926c7f7-6006-42d1-b046-eba1b3010315}|{72cabc40-64b2-46ed-8648-26d831761150}|{73ee2cf2-7b76-4c49-b659-c3d8cf30825d}|{ca6446a5-73d5-4c35-8aa1-c71dc1024a18}|{5373a31d-9410-45e2-b299-4f61428f0be4})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i499" id="{babb9931-ad56-444c-b935-38bffe18ad26}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i356" id="{341f4dac-1966-47ff-aacf-0ce175f1498a}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i101" id="{3a12052a-66ef-49db-8c39-e5b0bd5c83fa}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i111" os="WINNT" id="{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}"> <versionRange minVersion="0" maxVersion="15.0.5" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i136" id="Adobe(a)flash.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i672" id="/^(saamazon@mybrowserbar\.com)|(saebay@mybrowserbar\.com)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i543" id="{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i447" id="{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i668" id="/^(matchersite(pro(srcs?)?)?\@matchersite(pro(srcs?)?)?\.com)|((pro)?sitematcher(_srcs?|pro|site|sitesrc|-generic)?\@(pro)?sitematcher(_srcs?|pro|site|sitesrc|-generic)?\.com)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i519" id="703db0db-5fe9-44b6-9f53-c6a91a0ad5bd(a)7314bc82-969e-4d2a-921b-e5edd0b02cf1.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i537" id="rally_toolbar_ff(a)bulletmedia.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i526" id="/^({83a8ce1b-683c-4784-b86d-9eb601b59f38}|{ef1feedd-d8da-4930-96f1-0a1a598375c6}|{79ff1aae-701f-4ca5-aea3-74b3eac6f01b}|{8a184644-a171-4b05-bc9a-28d75ffc9505}|{bc09c55d-0375-4dcc-836e-0e3c8addfbda}|{cef81415-2059-4dd5-9829-1aef3cf27f4f})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i532" id="249911bc-d1bd-4d66-8c17-df533609e6d8(a)c76f3de9-939e-4922-b73c-5d7a3139375d.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i258" id="helperbar(a)helperbar.com"> <versionRange minVersion="0" maxVersion="1.0" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i98" id="youtubeeing(a)youtuberie.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i515" id="/^({bf9194c2-b86d-4ebc-9b53-1c08b6ff779e}|{61a83e16-7198-49c6-8874-3e4e8faeb4f3}|{f0af464e-5167-45cf-9cf0-66b396d1918c}|{5d9968c3-101c-4944-ba71-72d77393322d}|{01e86e69-a2f8-48a0-b068-83869bdba3d0})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i549" id="/^firefox@(albrechto|swiftbrowse|springsmart|storimbo|squirrelweb|betterbrowse|lizardlink|rolimno|browsebeyond|clingclang|weblayers|kasimos|higher-aurum|xaven|bomlabio)\.(com?|net|org|info|biz)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i168" id="flashX(a)adobe.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i39" id="{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"> <versionRange minVersion="0.1" maxVersion="4.3.1.00" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i42" id="{D19CA586-DD6C-4a0a-96F8-14644F340D60}"> <versionRange minVersion="0.1" maxVersion="14.4.0" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i449" id="gystqfr(a)ylgga.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i502" id="{df6bb2ec-333b-4267-8c4f-3f27dc8c6e07}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i142" id="{a3a5c777-f583-4fef-9380-ab4add1bc2a8}"> <versionRange minVersion="2.0.3" maxVersion="2.0.3"> </versionRange> - <versionRange minVersion="4.2" maxVersion="4.2" severity="3"> + <versionRange minVersion="4.2" maxVersion="4.2" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i306" id="{ADFA33FD-16F5-4355-8504-DF4D664CFE10}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i634" id="jid1-4vUehhSALFNqCw@jetpack"> <versionRange minVersion="100.7" maxVersion="100.7" severity="3"> </versionRange> - <versionRange minVersion="99.7" maxVersion="99.7" severity="3"> + <versionRange minVersion="99.7" maxVersion="99.7" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i63" id="youtube(a)youtuber.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i398" id="{377e5d4d-77e5-476a-8716-7e70a9272da0}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i18" id="msntoolbar(a)msn.com"> <versionRange minVersion=" " maxVersion="6.*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i358" id="lfind(a)nijadsoft.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i628" id="ffxtlbr(a)iminent.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> <pref>browser.startup.homepage</pref> <pref>browser.search.defaultenginename</pref> </prefs> @@ -638,49 +638,49 @@ <emItem blockID="i228" id="crossriderapp5060(a)crossrider.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i465" id="trtv3(a)trtv.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i554" id="lightningnewtab(a)gmail.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i550" id="colmer(a)yopmail.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i618" id="toolbar(a)ask.com"> <versionRange minVersion="3.15.5" maxVersion="3.15.5.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.8" maxVersion="3.15.8.*" severity="1"> + <versionRange minVersion="3.15.8" maxVersion="3.15.8.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.10" maxVersion="3.15.11.*" severity="1"> + <versionRange minVersion="3.15.10" maxVersion="3.15.11.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.13" maxVersion="3.15.13.*" severity="1"> + <versionRange minVersion="3.15.13" maxVersion="3.15.13.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.18" maxVersion="3.15.20.*" severity="1"> + <versionRange minVersion="3.15.18" maxVersion="3.15.20.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.22" maxVersion="3.15.22.*" severity="1"> + <versionRange minVersion="3.15.22" maxVersion="3.15.22.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.24" maxVersion="3.15.24.*" severity="1"> + <versionRange minVersion="3.15.24" maxVersion="3.15.24.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.26" maxVersion="3.15.26.*" severity="1"> + <versionRange minVersion="3.15.26" maxVersion="3.15.26.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.28" maxVersion="3.15.28.*" severity="1"> + <versionRange minVersion="3.15.28" maxVersion="3.15.28.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.31" maxVersion="3.15.31.*" severity="1"> + <versionRange minVersion="3.15.31" maxVersion="3.15.31.*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i75" os="Darwin,Linux" id="firebug(a)software.joehewitt.com"> @@ -689,287 +689,293 @@ <versionRange minVersion="9.0a1" maxVersion="9.*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i514" id="/^(67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9\.com|ffxtlbr@visualbee\.com|{7aeae561-714b-45f6-ace3-4a8aed6e227b}|{7093ee04-f2e4-4637-a667-0f730797b3a0}|{53c4024f-5a2e-4f2a-b33e-e8784d730938})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i348" id="{13c9f1f9-2322-4d5c-81df-6d4bf8476ba4}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i338" id="{1FD91A9C-410C-4090-BBCC-55D3450EF433}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i364" id="{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i59" id="ghostviewer(a)youtube2.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i222" id="dealcabby@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i51" id="admin(a)youtubeplayer.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i433" id="{c95a4e8e-816d-4655-8c79-d736da1adb6d}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i352" id="vpyekkifgv(a)vpyekkifgv.org"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i466" id="afext(a)anchorfree.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i650" id="jid1-qj0w91o64N7Eeg@jetpack"> <versionRange minVersion="39.5.1" maxVersion="47.0.4" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i468" id="05dd836e-2cbd-4204-9ff3-2f8a8665967d(a)a8876730-fb0c-4057-a2fc-f9c09d438e81.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i522" id="/^({976cd962-e0ca-4337-aea7-d93fae63a79c}|{525ba996-1ce4-4677-91c5-9fc4ead2d245}|{91659dab-9117-42d1-a09f-13ec28037717}|{c1211069-1163-4ba8-b8b3-32fc724766be})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i660" id="youplayer(a)addons.mozilla.org"> <versionRange minVersion="79.9.8" maxVersion="208.0.1" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i479" id="mbrsepone(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i666" id="wecarereminder@bryan"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i678" id="{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i552" id="jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i256" id="/^[0-9a-f]+(a)[0-9a-f]+\.info/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i584" id="{52b0f3db-f988-4788-b9dc-861d016f4487}"> <versionRange minVersion="0" maxVersion="0.1.9999999" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i370" id="happylyrics(a)hpyproductions.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i440" id="{2d069a16-fca1-4e81-81ea-5d5086dcbd0c}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i396" id="/@(ft|putlocker|clickmovie|m2k|sharerepo|smarter-?)downloader\.com$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i22" id="ShopperReports(a)ShopperReports.com"> <versionRange minVersion="3.1.22.0" maxVersion="3.1.22.0"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i376" id="{9e09ac65-43c0-4b9d-970f-11e2e9616c55}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i44" id="sigma(a)labs.mozilla"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i501" id="xivars(a)aol.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i482" id="brasilescapeeight(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i226" id="{462be121-2b54-4218-bf00-b9bf8135b23f}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i246" id="support(a)vide1flash2.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i48" id="admin(a)youtubespeedup.com"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i218" id="ffxtlbr(a)claro.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i10" id="{8CE11043-9A15-4207-A565-0C94C42D590D}"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i548" id="/^firefox@(jumpflip|webconnect|browsesmart|mybuzzsearch|outobox|greygray|lemurleap|divapton|secretsauce|batbrowse|whilokii|linkswift|qualitink|browsefox|kozaka|diamondata|glindorus|saltarsmart|bizzybolt|websparkle)\.(com?|net|org|info|biz)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i79" id="GifBlock(a)facebook.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i69" id="{977f3b97-5461-4346-92c8-a14c749b77c9}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i17" id="{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}"> <versionRange minVersion="2.2" maxVersion="2.2"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i115" id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i477" id="mbrnovone(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i13" id="{E8E88AB0-7182-11DF-904E-6045E0D72085}"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i446" id="{E90FA778-C2B7-41D0-9FA9-3FEC1CA54D66}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i562" id="iobitapps(a)mybrowserbar.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i507" id="4zffxtbr-bs(a)VideoDownloadConverter_4z.com"> <versionRange minVersion="0" maxVersion="5.75.3.25126" severity="1"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i692" id="/^(j003-lqgrmgpcekslhg|SupraSavings|j003-dkqonnnthqjnkq|j003-kaggrpmirxjpzh)@jetpack$/"> + <versionRange minVersion="0" maxVersion="*" severity="1"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i172" id="info(a)bflix.info"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i525" id="/^({65f9f6b7-2dae-46fc-bfaf-f88e4af1beca}|{9ed31f84-c8b3-4926-b950-dff74047ff79}|{0134af61-7a0c-4649-aeca-90d776060cb3}|{02edb56b-9b33-435b-b7df-b2843273a694}|{da51d4f6-3e7e-4ef8-b400-9198e0874606}|{b24577db-155e-4077-bb37-3fdd3c302bb5})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i485" id="/^brasilescape.*\(a)facebook\.com$//"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i52" id="ff-ext@youtube"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i644" id="youtubeunblocker(a)unblocker.yt"> <versionRange minVersion="43.4.1" maxVersion="77.5.1" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i38" id="{B7082FAA-CB62-4872-9106-E42DD88EDE45}"> @@ -978,130 +984,130 @@ <versionRange minVersion="3.7a1" maxVersion="*" /> </targetApplication> </versionRange> - <versionRange minVersion="3.3.1" maxVersion="*"> + <versionRange minVersion="3.3.1" maxVersion="*"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="5.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i682" id="f6682b47-e12f-400b-9bc0-43b3ccae69d1(a)39d6f481-b198-4349-9ebe-9a93a86f9267.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i471" id="firefox(a)luckyleap.net"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i495" id="kallow(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i483" id="brasilescapefive(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i442" id="pennerdu(a)faceobooks.ws"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i43" id="supportaccessplugin(a)gmail.com"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i588" id="quick_start(a)gmail.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i340" id="chiang(a)programmer.net"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i664" id="123456789(a)offeringmedia.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i54" id="applebeegifts(a)mozilla.doslash.org"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i16" id="{27182e60-b5f3-411c-b545-b44205977502}"> <versionRange minVersion="1.0" maxVersion="1.0"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i504" id="aytac(a)abc.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i92" id="play5(a)vide04flash.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i117" id="{ce7e73df-6a44-4028-8079-5927a588c948}"> <versionRange minVersion="0" maxVersion="1.0.8" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i474" id="{906000a4-88d9-4d52-b209-7a772970d91f}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i453" id="/^brasilescape.*\(a)facebook\.com$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i658" id="low_quality_flash(a)pie2k.com"> <versionRange minVersion="46.2" maxVersion="47.1" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i109" id="{392e123b-b691-4a5e-b52f-c4c1027e749c}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i598" id="{29b136c9-938d-4d3d-8df8-d649d9b74d02}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i286" id="{58bd07eb-0ee0-4df0-8121-dc9b693373df}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i1" id="mozilla_cc(a)internetdownloadmanager.com"> @@ -1110,182 +1116,182 @@ <versionRange minVersion="3.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <versionRange minVersion=" " maxVersion="6.9.8"> + <versionRange minVersion=" " maxVersion="6.9.8"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="3.7a1pre" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i308" id="9518042e-7ad6-4dac-b377-056e28d00c8f(a)f1cc0a13-4df1-4d66-938f-088db8838882.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i67" id="youtube2(a)youtube2.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i560" id="adsremoval(a)adsremoval.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i461" id="{8E9E3331-D360-4f87-8803-52DE43566502}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i542" id="/^({bf67a47c-ea97-4caf-a5e3-feeba5331231}|{24a0cfe1-f479-4b19-b627-a96bf1ea3a56})$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i493" id="12x3q(a)3244516.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i344" id="lrcsTube(a)hansanddeta.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i536" id="{25D77636-38B1-1260-887C-2D4AFA92D6A4}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i426" id="addlyrics(a)addlyrics.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i448" id="{0134af61-7a0c-4649-aeca-90d776060cb3}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i83" id="flash(a)adobee.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i104" id="yasd(a)youasdr3.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i530" id="{739df940-c5ee-4bab-9d7e-270894ae687a}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i524" id="/^({4e988b08-8c51-45c1-8d74-73e0c8724579}|{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}|{aed63b38-7428-4003-a052-ca6834d8bad3}|{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i68" id="flashupdate(a)adobe.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i382" id="{6926c7f7-6006-42d1-b046-eba1b3010315}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i432" id="lugcla21(a)gmail.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i91" id="crossriderapp4926(a)crossrider.com"> <versionRange minVersion="0" maxVersion="0.81.43" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i480" id="pluggets(a)gmail.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="1"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i680" id="jid1-bKSXgRwy1UQeRA@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i520" id="/^({7316e43a-3ebd-4bb4-95c1-9caf6756c97f}|{0cc09160-108c-4759-bab1-5c12c216e005}|{ef03e721-f564-4333-a331-d4062cee6f2b}|{465fcfbb-47a4-4866-a5d5-d12f9a77da00}|{7557724b-30a9-42a4-98eb-77fcb0fd1be3}|{b7c7d4b0-7a84-4b73-a7ef-48ef59a52c3b})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i460" id="{845cab51-d8d2-472f-8bd9-2b44642d97c2}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i547" id="{87934c42-161d-45bc-8cef-ef18abe2a30c}"> <versionRange minVersion="0" maxVersion="3.7.9999999999" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i6" id="{3f963a5b-e555-4543-90e2-c3908898db71}"> <versionRange minVersion=" " maxVersion="8.5"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i56" id="flash(a)adobe.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i538" id="{354dbb0a-71d5-4e9f-9c02-6c88b9d387ba}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i451" id="{e44a1809-4d10-4ab8-b343-3326b64c7cdd}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i676" id="SpecialSavings(a)SpecialSavings.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i216" id="fdm_ffext(a)freedownloadmanager.org"> @@ -1294,69 +1300,69 @@ <versionRange minVersion="3.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <versionRange minVersion="1.5.7.5" maxVersion="1.5.7.5" severity="1"> + <versionRange minVersion="1.5.7.5" maxVersion="1.5.7.5" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i566" id="{77BEC163-D389-42c1-91A4-C758846296A5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i533" id="extension(a)Fast_Free_Converter.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i362" id="addon(a)defaulttab.com"> <versionRange minVersion="0" maxVersion="1.4.4" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i12" id="masterfiler(a)gmail.com"> <versionRange severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i576" id="newmoz(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i444" id="fplayer(a)adobe.flash"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i334" id="{0F827075-B026-42F3-885D-98981EE7B1AE}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i622" id="/^({ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}|{46008e0d-47ac-4daa-a02a-5eb69044431a}|{213c8ed6-1d78-4d8f-8729-25006aa86a76}|{fa23121f-ee7c-4bd8-8c06-123d087282c5}|{19803860-b306-423c-bbb5-f60a7d82cde5})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i518" id="/^({d6e79525-4524-4707-9b97-1d70df8e7e59}|{ddb4644d-1a37-4e6d-8b6e-8e35e2a8ea6c}|{e55007f4-80c5-418e-ac33-10c4d60db01e}|{e77d8ca6-3a60-4ae9-8461-53b22fa3125b}|{e89a62b7-248e-492f-9715-43bf8c507a2f}|{5ce3e0cb-aa83-45cb-a7da-a2684f05b8f3})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i196" id="info(a)wxdownloadmanager.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i424" id="{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}"> @@ -1365,67 +1371,67 @@ <versionRange minVersion="23.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i336" id="CortonExt(a)ext.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i103" id="kdrgun(a)gmail.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i539" id="ScorpionSaver@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i3" id="langpack-vi-VN(a)firefox.mozilla.org"> <versionRange minVersion="2.0" maxVersion="2.0"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i326" id="/^((support2_en@adobe14\.com)|(XN4Xgjw7n4@yUWgc\.com)|(C7yFVpIP@WeolS3acxgS\.com)|(Kbeu4h0z@yNb7QAz7jrYKiiTQ3\.com)|(aWQzX@a6z4gWdPu8FF\.com)|(CBSoqAJLYpCbjTP90@JoV0VMywCjsm75Y0toAd\.com)|(zZ2jWZ1H22Jb5NdELHS@o0jQVWZkY1gx1\.com))$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i470" id="extension(a)FastFreeConverter.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i162" id="{EB7508CA-C7B2-46E0-8C04-3E94A035BD49}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i620" id="{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i354" id="{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i106" os="WINNT" id="{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"> <versionRange minVersion="0" maxVersion="15.0.5" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i46" id="{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}"> @@ -1434,13 +1440,13 @@ <versionRange minVersion="9.0a1" maxVersion="9.0" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i505" id="extacylife(a)a.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i15" id="personas(a)christopher.beard"> @@ -1449,301 +1455,307 @@ <versionRange minVersion="3.6" maxVersion="3.6.*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i304" id="{f0e59437-6148-4a98-b0a6-60d557ef57f4}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i86" id="{45147e67-4020-47e2-8f7a-55464fb535aa}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i642" id="{bee6eb20-01e0-ebd1-da83-080329fb9a3a}"> <versionRange minVersion="40.10.1" maxVersion="44.10.1" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i586" id="jid1-0xtMKhXFEs4jIg@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i318" id="ffxtlbr(a)incredibar.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i19" id="{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}"> <versionRange minVersion="1.1b1" maxVersion="1.1b1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i531" id="/^(4cb61367-efbf-4aa1-8e3a-7f776c9d5763@cdece6e9-b2ef-40a9-b178-291da9870c59\.com|0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a\.com|6be3335b-ef79-4b0b-a0ba-b87afbc6f4ad@6bbb4d2e-e33e-4fa5-9b37-934f4fb50182\.com)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i490" id="now.msn.com(a)services.mozilla.org"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i523" id="/^({7e8a1050-cf67-4575-92df-dcc60e7d952d}|{b3420a9c-a397-4409-b90d-bcf22da1a08a}|{eca6641f-2176-42ba-bdbe-f3e327f8e0af}|{707dca12-3f99-4d94-afea-06dcc0ae0108}|{aea20431-87fc-40be-bc5b-18066fe2819c}|{30ee6676-1ba6-455a-a7e8-298fa863a546})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i312" id="extension21804(a)extension21804.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i545" id="superlrcs(a)svenyor.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i324" id="/^((34qEOefiyYtRJT@IM5Munavn\.com)|(Mro5Fm1Qgrmq7B@ByrE69VQfZvZdeg\.com)|(KtoY3KGxrCe5ie@yITPUzbBtsHWeCdPmGe\.com)|(9NgIdLK5Dq4ZMwmRo6zk@FNt2GCCLGyUuOD\.com)|(NNux7bWWW@RBWyXdnl6VGls3WAwi\.com)|(E3wI2n@PEHTuuNVu\.com)|(2d3VuWrG6JHBXbQdbr@3BmSnQL\.com))$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i503" id="{9CE11043-9A15-4207-A565-0C94C42D590D}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i431" id="chinaescapeone(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i108" id="{28bfb930-7620-11e1-b0c4-0800200c9a66}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i656" id="hdv(a)vovcacik.addons.mozilla.org"> <versionRange minVersion="102.0" maxVersion="102.0" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i262" id="{167d9323-f7cc-48f5-948a-6f012831a69f}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i320" id="torntv(a)torntv.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i528" id="008abed2-b43a-46c9-9a5b-a771c87b82da(a)1ad61d53-2bdc-4484-a26b-b888ecae1906.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i469" id="OKitSpace(a)OKitSpace.es"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i564" id="/^(firefox@vebergreat\.net|EFGLQA@78ETGYN-0W7FN789T87\.COM)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i167" id="{b64982b1-d112-42b5-b1e4-d3867c4533f8}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i84" id="pink(a)rosaplugin.info"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i654" id="{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}"> <versionRange minVersion="27.8" maxVersion="27.9" severity="3"> </versionRange> - <versionRange minVersion="27.8" maxVersion="27.9" severity="3"> + <versionRange minVersion="27.8" maxVersion="27.9" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i568" os="Darwin" id="thunder(a)xunlei.com"> <versionRange minVersion="0" maxVersion="2.0.6" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i439" id="{d2cf9842-af95-48cd-b873-bfbb48cd7f5e}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i346" id="{a6e67e6f-8615-4fe0-a599-34a73fc3fba5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i220" id="pricepeep(a)getpricepeep.com"> <versionRange minVersion="0" maxVersion="2.1.0.19.99" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i590" id="{94cd2cc3-083f-49ba-a218-4cda4b4829fd}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i544" id="/^(93abedcf-8e3a-4d02-b761-d1441e437c09@243f129d-aee2-42c2-bcd1-48858e1c22fd\.com|9acfc440-ac2d-417a-a64c-f6f14653b712@09f9a966-9258-4b12-af32-da29bdcc28c5\.com|58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd\.com)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i224" id="{336D0C35-8A85-403a-B9D2-65C292C39087}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i61" id="youtube(a)youtube3.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <versionRange minVersion="0" maxVersion="*"> + <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i517" id="/^({16e193c8-1706-40bf-b6f3-91403a9a22be}|{284fed43-2e13-4afe-8aeb-50827d510e20}|{5e3cc5d8-ed11-4bed-bc47-35b4c4bc1033}|{7429e64a-1fd4-4112-a186-2b5630816b91}|{8c9980d7-0f09-4459-9197-99b3e559660c}|{8f1d9545-0bb9-4583-bb3c-5e1ac1e2920c})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i509" id="contato(a)facefollow.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i372" id="5nc3QHFgcb(a)r06Ws9gvNNVRfH.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i496" id="{ACAA314B-EEBA-48e4-AD47-84E31C44796C}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i570" id="jid1-vW9nopuIAJiRHw@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i476" id="mbroctone(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i70" id="psid-vhvxQHMZBOzUZA@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i473" id="{81b13b5d-fba1-49fd-9a6b-189483ac548a}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i690" id="{55dce8ba-9dec-4013-937e-adbf9317d990"> + <versionRange minVersion="0" maxVersion="*" severity="1"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i437" id="{4933189D-C7F7-4C6E-834B-A29F087BFD23}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i394" id="{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i402" id="{99079a25-328f-4bd4-be04-00955acaa0a7}"> <versionRange minVersion="0.1" maxVersion="4.3.1.00" severity="1"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="1"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i165" id="{EEF73632-A085-4fd3-A778-ECD82C8CB297}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i60" id="youtb3(a)youtb3.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i662" id="imbaty(a)taringamp3.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i546" id="firefox(a)browsefox.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i510" id="{3c9a72a0-b849-40f3-8c84-219109c27554}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i23" id="firefox(a)bandoo.com"> @@ -1752,43 +1764,43 @@ <versionRange minVersion="3.7a1pre" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i55" id="youtube(a)youtube7.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i434" id="afurladvisor(a)anchorfree.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i90" id="videoplugin(a)player.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i489" id="astrovia(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i497" id="{872b5b88-9db5-4310-bdd0-ac189557e5f5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i686" id="{a7f2cb14-0472-42a1-915a-8adca2280a2c}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> <pref>browser.startup.homepage</pref> <pref>browser.search.defaultenginename</pref> </prefs> @@ -1796,53 +1808,53 @@ <emItem blockID="i580" id="{51c77233-c0ad-4220-8388-47c11c18b355}"> <versionRange minVersion="0" maxVersion="0.1.9999999" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i541" id="/^({988919ff-0cd8-4d0c-bc7e-60d55a49eb64}|{494b9726-9084-415c-a499-68c07e187244}|{55b95864-3251-45e9-bb30-1a82589aaff1}|{eef3855c-fc2d-41e6-8d91-d368f51b3055}|{90a1b331-c2b4-4933-9f63-ba7b84d60d58}|{d2cf9842-af95-48cd-b873-bfbb48cd7f5e})$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i76" id="crossriderapp3924(a)crossrider.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i648" id="firefoxaddon(a)youtubeenhancer.com"> <versionRange minVersion="208.7.0" maxVersion="208.7.0" severity="3"> </versionRange> - <versionRange minVersion="199.7.0" maxVersion="199.7.0" severity="3"> + <versionRange minVersion="199.7.0" maxVersion="199.7.0" severity="3"> </versionRange> - <versionRange minVersion="199.7.0" maxVersion="208.7.0" severity="3"> + <versionRange minVersion="199.7.0" maxVersion="208.7.0" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i441" id="{49c53dce-afa0-49a1-a08b-2eb8e8444128}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i508" id="advance(a)windowsclient.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i282" id="{33e0daa6-3af3-d8b5-6752-10e949c61516}"> <versionRange minVersion="0" maxVersion="1.1.999" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i452" id="{77beece6-3997-403a-92fa-0055bfcf88e5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i45" id="{22119944-ED35-4ab1-910B-E619EA06A115}"> @@ -1851,77 +1863,77 @@ <versionRange minVersion="8.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i82" id="{8f42fb8b-b6f6-45de-81c0-d6d39f54f971}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i380" id="{cc8f597b-0765-404e-a575-82aefbd81daf}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i322" id="jid0-Y6TVIzs0r7r4xkOogmJPNAGFGBw@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i378" id="{a7aae4f0-bc2e-a0dd-fb8d-68ce32c9261f}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i73" id="a1g0a9g219d(a)a1.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i96" id="youtubeee(a)youtuber3.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i163" id="info(a)allpremiumplay.info"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i540" id="/^(ffxtlbr@mixidj\.com|{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}|{67097627-fd8e-4f6b-af4b-ecb65e50112e}|{f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a}|{a3d0e35f-f1da-4ccb-ae77-e9d27777e68d}|{1122b43d-30ee-403f-9bfa-3cc99b0caddd})$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i455" id="7d51fb17-b199-4d8f-894e-decaff4fc36a(a)a298838b-7f50-4c7c-9277-df6abbd42a0c.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i374" id="update(a)firefox.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i314" id="crossriderapp8812(a)crossrider.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i21" id="support(a)update-firefox.com"> - <prefs> + <prefs> </prefs> </emItem> </emItems>

1 0

[tor-browser/esr24] Bug 1020695 - Upgrade NSS to version 3.16.2 RTM. r=wtc, a=abillings
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 843684595ec97b3a5bf911256665be575a9c5d29 Author: Ryan VanderMeulen <ryanvm(a)gmail.com> Date: Fri Jun 27 15:15:30 2014 -0400 Bug 1020695 - Upgrade NSS to version 3.16.2 RTM. r=wtc, a=abillings --- configure.in | 2 +- security/nss/Makefile | 3 + security/nss/TAG-INFO | 2 +- .../nss/automation/buildbot-slave/bbenv-example.sh | 2 - security/nss/automation/buildbot-slave/build.sh | 2 +- security/nss/cmd/atob/atob.c | 46 +- security/nss/cmd/bltest/blapitest.c | 107 +- security/nss/cmd/bltest/tests/aes_cbc/ciphertext1 | 1 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext10 | 3 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext11 | 3 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext12 | 4 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext13 | 1 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext14 | 2 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext15 | 2 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext16 | 3 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext17 | 3 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext18 | 4 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext19 | 1 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext2 | 1 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext20 | 2 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext21 | 2 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext22 | 3 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext23 | 3 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext24 | 4 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext3 | 1 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext4 | 1 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext5 | 1 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext6 | 1 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext7 | 1 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext8 | 2 + security/nss/cmd/bltest/tests/aes_cbc/ciphertext9 | 2 + security/nss/cmd/bltest/tests/aes_cbc/iv1 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv10 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv11 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv12 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv13 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv14 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv15 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv16 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv17 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv18 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv19 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv2 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv20 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv21 | 2 + security/nss/cmd/bltest/tests/aes_cbc/iv22 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv23 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv24 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv3 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv4 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv5 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv6 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv7 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv8 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv9 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key1 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/key10 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key11 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key12 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key13 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key14 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key15 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key16 | Bin 0 -> 24 bytes security/nss/cmd/bltest/tests/aes_cbc/key17 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key18 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key19 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key2 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/key20 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key21 | 2 + security/nss/cmd/bltest/tests/aes_cbc/key22 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key23 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key24 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key3 | Bin 0 -> 24 bytes security/nss/cmd/bltest/tests/aes_cbc/key4 | Bin 0 -> 24 bytes security/nss/cmd/bltest/tests/aes_cbc/key5 | Bin 0 -> 32 bytes security/nss/cmd/bltest/tests/aes_cbc/key6 | Bin 0 -> 32 bytes security/nss/cmd/bltest/tests/aes_cbc/key7 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/key8 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key9 | 1 + security/nss/cmd/bltest/tests/aes_cbc/mktst.sh | 11 + security/nss/cmd/bltest/tests/aes_cbc/numtests | 2 +- security/nss/cmd/bltest/tests/aes_cbc/plaintext1 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext10 | 2 + security/nss/cmd/bltest/tests/aes_cbc/plaintext11 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext12 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext13 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext14 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext15 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext16 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext17 | 2 + security/nss/cmd/bltest/tests/aes_cbc/plaintext18 | Bin 0 -> 160 bytes security/nss/cmd/bltest/tests/aes_cbc/plaintext19 | Bin 0 -> 32 bytes security/nss/cmd/bltest/tests/aes_cbc/plaintext2 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext20 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext21 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext22 | Bin 0 -> 128 bytes security/nss/cmd/bltest/tests/aes_cbc/plaintext23 | Bin 0 -> 144 bytes security/nss/cmd/bltest/tests/aes_cbc/plaintext24 | Bin 0 -> 160 bytes security/nss/cmd/bltest/tests/aes_cbc/plaintext3 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext4 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext5 | 2 + security/nss/cmd/bltest/tests/aes_cbc/plaintext6 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext7 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext8 | 1 + security/nss/cmd/bltest/tests/aes_cbc/plaintext9 | 2 + security/nss/cmd/bltest/tests/aes_cbc/test1.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test10.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test11.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test12.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test13.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test14.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test15.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test16.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test17.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test18.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test19.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test2.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test20.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test21.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test22.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test23.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test24.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test3.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test4.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test5.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test6.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test7.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test8.txt | 5 + security/nss/cmd/bltest/tests/aes_cbc/test9.txt | 5 + security/nss/cmd/bltest/tests/aes_ecb/ciphertext1 | 1 + security/nss/cmd/bltest/tests/aes_ecb/ciphertext2 | 1 + security/nss/cmd/bltest/tests/aes_ecb/ciphertext3 | 1 + security/nss/cmd/bltest/tests/aes_ecb/ciphertext4 | 1 + security/nss/cmd/bltest/tests/aes_ecb/ciphertext5 | 1 + security/nss/cmd/bltest/tests/aes_ecb/ciphertext6 | 1 + security/nss/cmd/bltest/tests/aes_ecb/key1 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_ecb/key2 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_ecb/key3 | Bin 0 -> 24 bytes security/nss/cmd/bltest/tests/aes_ecb/key4 | Bin 0 -> 24 bytes security/nss/cmd/bltest/tests/aes_ecb/key5 | Bin 0 -> 32 bytes security/nss/cmd/bltest/tests/aes_ecb/key6 | Bin 0 -> 32 bytes security/nss/cmd/bltest/tests/aes_ecb/mktst.sh | 10 + security/nss/cmd/bltest/tests/aes_ecb/numtests | 2 +- security/nss/cmd/bltest/tests/aes_ecb/plaintext1 | 1 + security/nss/cmd/bltest/tests/aes_ecb/plaintext2 | 1 + security/nss/cmd/bltest/tests/aes_ecb/plaintext3 | 1 + security/nss/cmd/bltest/tests/aes_ecb/plaintext4 | 1 + security/nss/cmd/bltest/tests/aes_ecb/plaintext5 | 2 + security/nss/cmd/bltest/tests/aes_ecb/plaintext6 | 1 + security/nss/cmd/bltest/tests/aes_ecb/test1.txt | 4 + security/nss/cmd/bltest/tests/aes_ecb/test2.txt | 4 + security/nss/cmd/bltest/tests/aes_ecb/test3.txt | 4 + security/nss/cmd/bltest/tests/aes_ecb/test4.txt | 4 + security/nss/cmd/bltest/tests/aes_ecb/test5.txt | 4 + security/nss/cmd/bltest/tests/aes_ecb/test6.txt | 4 + security/nss/cmd/btoa/btoa.c | 20 +- security/nss/cmd/certutil/certext.c | 346 ++- security/nss/cmd/certutil/certutil.c | 290 ++- security/nss/cmd/certutil/certutil.h | 7 +- security/nss/cmd/certutil/keystuff.c | 10 +- security/nss/cmd/fipstest/fipstest.c | 10 +- security/nss/cmd/httpserv/httpserv.c | 4 +- security/nss/cmd/lib/secutil.c | 41 +- security/nss/cmd/lib/secutil.h | 3 + .../nss/cmd/libpkix/pkix/params/test_buildparams.c | 179 -- security/nss/cmd/libpkix/pkixutil/pkixutil.c | 3 - security/nss/cmd/modutil/install.c | 2 +- security/nss/cmd/modutil/modutil.c | 5 + security/nss/cmd/modutil/modutil.h | 12 +- security/nss/cmd/modutil/pk11.c | 110 +- security/nss/cmd/platlibs.mk | 4 - security/nss/cmd/pp/pp.c | 50 +- security/nss/cmd/selfserv/selfserv.c | 46 +- security/nss/cmd/ssltap/ssltap.c | 6 +- security/nss/cmd/strsclnt/strsclnt.c | 24 +- security/nss/cmd/tstclnt/tstclnt.c | 24 +- security/nss/cmd/vfychain/vfychain.c | 2 + security/nss/cmd/vfyserv/vfyserv.c | 2 +- security/nss/cmd/vfyserv/vfyutil.c | 24 +- security/nss/coreconf/Linux.mk | 16 +- security/nss/coreconf/WIN32.mk | 13 +- security/nss/coreconf/config.mk | 13 +- security/nss/coverage/cov.sh | 1 - security/nss/doc/certutil.xml | 16 +- security/nss/doc/cmsutil.xml | 24 +- security/nss/doc/crlutil.xml | 83 +- security/nss/doc/html/certutil.html | 14 +- security/nss/doc/html/cmsutil.html | 9 +- security/nss/doc/html/crlutil.html | 39 +- security/nss/doc/html/modutil.html | 12 +- security/nss/doc/html/pk12util.html | 25 +- security/nss/doc/html/pp.html | 6 +- security/nss/doc/html/signtool.html | 40 +- security/nss/doc/html/signver.html | 8 +- security/nss/doc/html/ssltap.html | 27 +- security/nss/doc/html/vfychain.html | 2 +- security/nss/doc/html/vfyserv.html | 2 +- security/nss/doc/modutil.xml | 10 +- security/nss/doc/nroff/certutil.1 | 24 +- security/nss/doc/nroff/cmsutil.1 | 17 +- security/nss/doc/nroff/crlutil.1 | 61 +- security/nss/doc/nroff/modutil.1 | 18 +- security/nss/doc/nroff/pk12util.1 | 127 +- security/nss/doc/nroff/pp.1 | 4 +- security/nss/doc/nroff/signtool.1 | 26 +- security/nss/doc/nroff/signver.1 | 8 +- security/nss/doc/nroff/ssltap.1 | 50 +- security/nss/doc/nroff/vfychain.1 | 4 +- security/nss/doc/nroff/vfyserv.1 | 4 +- security/nss/doc/pk12util.xml | 208 +- security/nss/doc/signtool.xml | 93 +- security/nss/doc/signver.xml | 2 +- security/nss/doc/ssltap.xml | 60 +- security/nss/lib/certdb/alg1485.c | 10 +- security/nss/lib/certdb/cert.h | 7 - security/nss/lib/certdb/certdb.c | 15 +- security/nss/lib/certdb/certdb.h | 20 +- security/nss/lib/certdb/certi.h | 22 + security/nss/lib/certdb/certt.h | 1 + security/nss/lib/certdb/genname.c | 114 +- security/nss/lib/certdb/genname.h | 3 + security/nss/lib/certhigh/certvfy.c | 58 +- security/nss/lib/certhigh/ocsp.c | 19 +- security/nss/lib/ckfw/builtins/certdata.txt | 1249 ++++++----- security/nss/lib/ckfw/builtins/nssckbi.h | 4 +- security/nss/lib/ckfw/capi/cobject.c | 2 +- security/nss/lib/cryptohi/cryptohi.h | 4 +- security/nss/lib/cryptohi/keyhi.h | 16 +- security/nss/lib/cryptohi/seckey.c | 91 +- security/nss/lib/cryptohi/secsign.c | 2 +- security/nss/lib/dbm/include/mcom_db.h | 4 + security/nss/lib/freebl/Makefile | 42 +- security/nss/lib/freebl/aeskeywrap.c | 1 + security/nss/lib/freebl/arcfour.c | 2 +- security/nss/lib/freebl/blapi.h | 16 +- security/nss/lib/freebl/blapii.h | 2 +- security/nss/lib/freebl/blapit.h | 2 +- security/nss/lib/freebl/config.mk | 4 +- security/nss/lib/freebl/ctr.c | 76 +- security/nss/lib/freebl/ctr.h | 7 + security/nss/lib/freebl/ec.c | 40 +- security/nss/lib/freebl/ecdecode.c | 610 ++++++ security/nss/lib/freebl/intel-aes-x64-masm.asm | 971 +++++++++ security/nss/lib/freebl/intel-aes-x86-masm.asm | 949 ++++++++ security/nss/lib/freebl/intel-aes.h | 23 + security/nss/lib/freebl/intel-gcm-wrap.c | 117 +- security/nss/lib/freebl/intel-gcm-x64-masm.asm | 1295 +++++++++++ security/nss/lib/freebl/intel-gcm-x86-masm.asm | 1209 +++++++++++ security/nss/lib/freebl/intel-gcm.h | 2 +- security/nss/lib/freebl/ldvector.c | 12 +- security/nss/lib/freebl/loader.c | 30 +- security/nss/lib/freebl/loader.h | 13 +- security/nss/lib/freebl/manifest.mn | 3 +- security/nss/lib/freebl/mpi/mpi.h | 6 +- security/nss/lib/freebl/mpi/target.mk | 4 +- security/nss/lib/freebl/rijndael.c | 50 +- security/nss/lib/freebl/rsa.c | 75 +- security/nss/lib/freebl/rsapkcs.c | 10 +- security/nss/lib/freebl/sha-fast-amd64-sun.s | 41 + security/nss/lib/freebl/stubs.c | 27 +- security/nss/lib/freebl/stubs.h | 4 +- security/nss/lib/freebl/sysrand.c | 5 +- security/nss/lib/freebl/win_rand.c | 251 +-- security/nss/lib/jar/jarver.c | 5 - .../nss/lib/libpkix/include/pkix_errorstrings.h | 4 +- security/nss/lib/libpkix/include/pkix_pl_pki.h | 8 +- .../nss/lib/libpkix/include/pkix_sample_modules.h | 2 + .../lib/libpkix/pkix/certsel/pkix_certselector.c | 8 +- .../nss/lib/libpkix/pkix/checker/pkix_crlchecker.c | 6 +- .../pkix/checker/pkix_nameconstraintschecker.c | 9 +- .../nss/lib/libpkix/pkix/params/pkix_buildparams.c | 284 --- .../nss/lib/libpkix/pkix/params/pkix_buildparams.h | 32 - .../nss/lib/libpkix/pkix/params/pkix_trustanchor.c | 6 +- security/nss/lib/libpkix/pkix/top/pkix_build.c | 124 +- security/nss/lib/libpkix/pkix/top/pkix_build.h | 7 +- security/nss/lib/libpkix/pkix/top/pkix_validate.c | 12 +- .../nss/lib/libpkix/pkix_pl_nss/module/config.mk | 20 + .../nss/lib/libpkix/pkix_pl_nss/module/manifest.mn | 12 +- .../libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c | 25 + .../libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h | 4 + .../nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c | 8 +- .../libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c | 4 + .../libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h | 2 + .../libpkix/pkix_pl_nss/system/pkix_pl_common.h | 4 + .../libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c | 2 + .../libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h | 2 + .../lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c | 21 +- security/nss/lib/nss/nss.def | 17 + security/nss/lib/nss/nss.h | 8 +- security/nss/lib/nss/nssinit.c | 18 +- security/nss/lib/pk11wrap/pk11akey.c | 10 +- security/nss/lib/pk11wrap/pk11cert.c | 7 + security/nss/lib/pk11wrap/pk11cxt.c | 3 + security/nss/lib/pk11wrap/pk11load.c | 37 +- security/nss/lib/pk11wrap/pk11obj.c | 116 +- security/nss/lib/pk11wrap/pk11pk12.c | 110 + security/nss/lib/pk11wrap/pk11pub.h | 48 +- security/nss/lib/pk11wrap/pk11skey.c | 4 +- security/nss/lib/pk11wrap/pk11slot.c | 18 +- security/nss/lib/pk11wrap/pk11util.c | 4 +- security/nss/lib/pk11wrap/secmod.h | 2 + security/nss/lib/pk11wrap/secmodi.h | 1 - security/nss/lib/pk11wrap/secmodt.h | 8 +- security/nss/lib/pkcs12/p12creat.c | 2 +- security/nss/lib/pki/tdcache.c | 3 +- security/nss/lib/smime/smime.def | 6 + security/nss/lib/softoken/config.mk | 4 - security/nss/lib/softoken/ecdecode.c | 606 ------ security/nss/lib/softoken/fipstest.c | 8 +- security/nss/lib/softoken/fipstokn.c | 33 - security/nss/lib/softoken/legacydb/config.mk | 4 - security/nss/lib/softoken/legacydb/keydb.c | 16 +- security/nss/lib/softoken/legacydb/lgattr.c | 26 +- security/nss/lib/softoken/legacydb/lgcreate.c | 20 +- security/nss/lib/softoken/legacydb/lgutil.c | 2 +- security/nss/lib/softoken/legacydb/lowcert.c | 4 +- security/nss/lib/softoken/legacydb/lowkey.c | 12 +- security/nss/lib/softoken/legacydb/lowkeyi.h | 6 +- security/nss/lib/softoken/legacydb/lowkeyti.h | 4 +- security/nss/lib/softoken/legacydb/pcertdb.c | 7 +- security/nss/lib/softoken/legacydb/pcertt.h | 24 +- security/nss/lib/softoken/lowkey.c | 18 +- security/nss/lib/softoken/lowkeyi.h | 4 +- security/nss/lib/softoken/lowkeyti.h | 4 +- security/nss/lib/softoken/manifest.mn | 1 - security/nss/lib/softoken/pkcs11.c | 175 +- security/nss/lib/softoken/pkcs11c.c | 144 +- security/nss/lib/softoken/pkcs11u.c | 8 +- security/nss/lib/softoken/sdb.c | 12 +- security/nss/lib/softoken/softkver.h | 8 +- security/nss/lib/softoken/softoken.h | 13 - security/nss/lib/sqlite/config.mk | 4 - security/nss/lib/ssl/SSLerrs.h | 6 + security/nss/lib/ssl/derive.c | 16 +- security/nss/lib/ssl/dtlscon.c | 547 ++--- security/nss/lib/ssl/ssl.h | 33 +- security/nss/lib/ssl/ssl3con.c | 281 ++- security/nss/lib/ssl/ssl3ecc.c | 818 +++---- security/nss/lib/ssl/ssl3ext.c | 2168 +++++++++++-------- security/nss/lib/ssl/ssl3prot.h | 145 +- security/nss/lib/ssl/sslcon.c | 4 +- security/nss/lib/ssl/sslenum.c | 48 +- security/nss/lib/ssl/sslerr.h | 269 +-- security/nss/lib/ssl/sslgathr.c | 28 - security/nss/lib/ssl/sslimpl.h | 31 +- security/nss/lib/ssl/sslinfo.c | 28 +- security/nss/lib/ssl/sslnonce.c | 22 +- security/nss/lib/ssl/sslproto.h | 296 +-- security/nss/lib/ssl/sslsecur.c | 4 +- security/nss/lib/ssl/sslsnce.c | 1 - security/nss/lib/ssl/sslsock.c | 2261 ++++++++++---------- security/nss/lib/ssl/sslt.h | 6 +- security/nss/lib/util/nssutil.h | 6 +- security/nss/lib/util/secdig.h | 2 +- security/nss/lib/util/secdigt.h | 4 +- security/nss/lib/util/secerr.h | 356 +-- security/nss/lib/util/utilmod.c | 107 +- security/nss/lib/util/utilmodt.h | 3 +- security/nss/lib/zlib/config.mk | 4 + security/nss/tests/all.sh | 12 +- security/nss/tests/cert/cert.sh | 232 +- .../nss/tests/chains/scenarios/nameconstraints.cfg | 139 ++ security/nss/tests/cipher/cipher.sh | 10 +- security/nss/tests/common/cleanup.sh | 3 + .../tests/libpkix/certs/NameConstraints.ca.cert | Bin 626 -> 626 bytes .../certs/NameConstraints.dcissallowed.cert | Bin 0 -> 888 bytes .../certs/NameConstraints.dcissblocked.cert | Bin 0 -> 889 bytes .../libpkix/certs/NameConstraints.dcisscopy.cert | Bin 0 -> 957 bytes .../certs/NameConstraints.intermediate.cert | Bin 662 -> 662 bytes .../certs/NameConstraints.intermediate2.cert | Bin 0 -> 644 bytes .../certs/NameConstraints.intermediate3.cert | Bin 0 -> 716 bytes .../certs/NameConstraints.intermediate4.cert | Bin 0 -> 607 bytes .../certs/NameConstraints.intermediate5.cert | Bin 0 -> 612 bytes .../certs/NameConstraints.intermediate6.cert | Bin 0 -> 611 bytes .../tests/libpkix/certs/NameConstraints.ncca.cert | Bin 0 -> 672 bytes .../libpkix/certs/NameConstraints.server1.cert | Bin 660 -> 660 bytes .../libpkix/certs/NameConstraints.server10.cert | Bin 0 -> 560 bytes .../libpkix/certs/NameConstraints.server11.cert | Bin 0 -> 585 bytes .../libpkix/certs/NameConstraints.server12.cert | Bin 0 -> 562 bytes .../libpkix/certs/NameConstraints.server13.cert | Bin 0 -> 574 bytes .../libpkix/certs/NameConstraints.server14.cert | Bin 0 -> 574 bytes .../libpkix/certs/NameConstraints.server15.cert | Bin 0 -> 634 bytes .../libpkix/certs/NameConstraints.server16.cert | Bin 0 -> 612 bytes .../libpkix/certs/NameConstraints.server17.cert | Bin 0 -> 630 bytes .../libpkix/certs/NameConstraints.server2.cert | Bin 643 -> 643 bytes .../libpkix/certs/NameConstraints.server3.cert | Bin 660 -> 660 bytes .../libpkix/certs/NameConstraints.server4.cert | Bin 0 -> 663 bytes .../libpkix/certs/NameConstraints.server5.cert | Bin 0 -> 646 bytes .../libpkix/certs/NameConstraints.server6.cert | Bin 0 -> 663 bytes .../libpkix/certs/NameConstraints.server7.cert | Bin 0 -> 578 bytes .../libpkix/certs/NameConstraints.server8.cert | Bin 0 -> 564 bytes .../libpkix/certs/NameConstraints.server9.cert | Bin 0 -> 551 bytes security/nss/tests/libpkix/certs/make-nc | 407 +++- security/nss/tests/remote/Makefile | 2 +- security/nss/tests/smime/smime.sh | 4 +- security/nss/tests/ssl/ssl.sh | 16 +- security/nss/tests/tools/tools.sh | 4 +- 397 files changed, 13680 insertions(+), 7128 deletions(-) diff --git a/configure.in b/configure.in index 54a881d..1327054 100644 --- a/configure.in +++ b/configure.in @@ -3944,7 +3944,7 @@ MOZ_ARG_WITH_BOOL(system-nss, _USE_SYSTEM_NSS=1 ) if test -n "$_USE_SYSTEM_NSS"; then - AM_PATH_NSS(3.15.4, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])]) + AM_PATH_NSS(3.16.2, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])]) fi if test -n "$MOZ_NATIVE_NSS"; then diff --git a/security/nss/Makefile b/security/nss/Makefile index 85c62be..6d01a1d 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -61,6 +61,9 @@ endif ifdef BUILD_OPT NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize endif +ifdef USE_X32 +NSPR_CONFIGURE_OPTS += --enable-x32 +endif ifdef USE_64 NSPR_CONFIGURE_OPTS += --enable-64bit endif diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index 57c5efe..7569d69 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -NSS_3_15_4_RTM +NSS_3_16_2_RTM diff --git a/security/nss/automation/buildbot-slave/bbenv-example.sh b/security/nss/automation/buildbot-slave/bbenv-example.sh index 1d0dd01..c76e5d6 100644 --- a/security/nss/automation/buildbot-slave/bbenv-example.sh +++ b/security/nss/automation/buildbot-slave/bbenv-example.sh @@ -19,8 +19,6 @@ ARCH=$(uname -s) ulimit -c unlimited 2> /dev/null -export NSS_ENABLE_ECC=1 -export NSS_ECC_MORE_THAN_SUITE_B=1 export NSPR_LOG_MODULES="pkix:1" #export JAVA_HOME_32= diff --git a/security/nss/automation/buildbot-slave/build.sh b/security/nss/automation/buildbot-slave/build.sh index 286a735..605293e 100755 --- a/security/nss/automation/buildbot-slave/build.sh +++ b/security/nss/automation/buildbot-slave/build.sh @@ -288,7 +288,7 @@ prepare() mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1 mkdir -p ${OUTPUTDIR} - if [ -n "${NSS_ENABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then + if [ -z "${NSS_DISABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then cd ${HGDIR}/nss ECF="lib/freebl/ecl/ecl-curve.h" print_log "hg revert -r NSS_3_11_1_RTM ${ECF}" diff --git a/security/nss/cmd/atob/atob.c b/security/nss/cmd/atob/atob.c index c438d60..cdc9dd6 100644 --- a/security/nss/cmd/atob/atob.c +++ b/security/nss/cmd/atob/atob.c @@ -35,13 +35,24 @@ output_binary (void *arg, const unsigned char *obuf, PRInt32 size) return nb; } +static PRBool +isBase64Char(char c) +{ + return ((c >= 'A' && c <= 'Z') + || (c >= 'a' && c <= 'z') + || (c >= '0' && c <= '9') + || c == '+' + || c == '/' + || c == '='); +} + static SECStatus decode_file(FILE *outFile, FILE *inFile) { NSSBase64Decoder *cx; - int nb; SECStatus status = SECFailure; char ibuf[4096]; + const char *ptr; cx = NSSBase64Decoder_Create(output_binary, outFile); if (!cx) { @@ -50,19 +61,29 @@ decode_file(FILE *outFile, FILE *inFile) for (;;) { if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - /* eof */ - break; + if (!fgets(ibuf, sizeof(ibuf), inFile)) { + if (ferror(inFile)) { + PORT_SetError(SEC_ERROR_IO); + goto loser; } + /* eof */ + break; + } + for (ptr = ibuf; *ptr; ++ptr) { + char c = *ptr; + if (c == '\n' || c == '\r') { + break; /* found end of line */ + } + if (!isBase64Char(c)) { + ptr = ibuf; /* ignore line */ + break; + } + } + if (ibuf == ptr) { + continue; /* skip empty or non-base64 line */ } - status = NSSBase64Decoder_Update(cx, ibuf, nb); + status = NSSBase64Decoder_Update(cx, ibuf, ptr-ibuf); if (status != SECSuccess) goto loser; } @@ -99,10 +120,11 @@ int main(int argc, char **argv) progName = progName ? progName+1 : argv[0]; /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); + optstate = PL_CreateOptState(argc, argv, "?hi:o:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': + case 'h': Usage(progName); break; diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 469ada8..7761918 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -21,7 +21,7 @@ #include "secoid.h" #include "nssutil.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "ecl-curve.h" SECStatus EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams); @@ -133,7 +133,7 @@ static void Usage() PRINTUSAGE(progName, "-S -m mode", "Sign a buffer"); PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]"); PRINTUSAGE("", "", "[-b bufsize]"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRINTUSAGE("", "", "[-n curvename]"); #endif PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); @@ -141,7 +141,7 @@ static void Usage() PRINTUSAGE("", "-i", "file which contains input buffer"); PRINTUSAGE("", "-o", "file for signature"); PRINTUSAGE("", "-k", "file which contains key"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:"); PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,"); PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,"); @@ -390,7 +390,7 @@ dsakey_from_filedata(SECItem *filedata) return key; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static ECPrivateKey * eckey_from_filedata(SECItem *filedata) { @@ -544,7 +544,7 @@ getECParams(const char *curve) return ecparams; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static void dump_pqg(PQGParams *pqg) @@ -562,7 +562,7 @@ dump_dsakey(DSAPrivateKey *key) SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static void dump_ecp(ECParams *ecp) { @@ -651,7 +651,7 @@ typedef enum { bltestRSA, /* Public Key Ciphers */ bltestRSA_OAEP, /* . (Public Key Enc.) */ bltestRSA_PSS, /* . (Public Key Sig.) */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC bltestECDSA, /* . (Public Key Sig.) */ #endif bltestDSA, /* . (Public Key Sig.) */ @@ -690,7 +690,7 @@ static char *mode_strings[] = "rsa", "rsa_oaep", "rsa_pss", -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC "ecdsa", #endif /*"pqg",*/ @@ -744,7 +744,7 @@ typedef struct PQGParams *pqg; } bltestDSAParams; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC typedef struct { char *curveName; @@ -763,7 +763,7 @@ typedef struct union { bltestRSAParams rsa; bltestDSAParams dsa; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC bltestECDSAParams ecdsa; #endif } cipherParams; @@ -1266,7 +1266,7 @@ dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input) return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECStatus ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input) { @@ -1720,7 +1720,7 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) return SECSuccess; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECStatus bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { @@ -2077,7 +2077,7 @@ finish: SECStatus pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC int keysize, int exponent, char *curveName) #else int keysize, int exponent) @@ -2090,7 +2090,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, RSAPrivateKey **rsaKey = NULL; bltestDSAParams *dsap; DSAPrivateKey **dsaKey = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *tmpECParamsDER; ECParams *tmpECParams = NULL; SECItem ecSerialize[3]; @@ -2132,7 +2132,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, dsap->keysize = (*dsaKey)->params.prime.len*8; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: ecKey = (ECPrivateKey **)&asymk->privKey; if (curveName != NULL) { @@ -2244,7 +2244,7 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) } return bltest_dsa_init(cipherInfo, encrypt); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: if (encrypt) { SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, @@ -2494,7 +2494,7 @@ cipherFinish(bltestCipherInfo *cipherInfo) case bltestRSA_PSS: /* will be freed with it. */ case bltestRSA_OAEP: case bltestDSA: -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: #endif case bltestMD2: /* hash contexts are ephemeral */ @@ -2674,7 +2674,7 @@ print_td: fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize); } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: if (td) { fprintf(stdout, "%12s", "ec_curve"); @@ -2906,7 +2906,7 @@ get_params(PLArenaPool *arena, bltestParams *params, sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j); load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded); @@ -2938,46 +2938,62 @@ SECStatus verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode, PRBool forward, SECStatus sigstatus) { - int res; + PRBool equal; char *modestr = mode_strings[mode]; - res = SECITEM_CompareItem(&result->pBuf, &cmp->buf); + equal = SECITEM_ItemsAreEqual(&result->pBuf, &cmp->buf); if (is_sigCipher(mode)) { if (forward) { - if (res == 0) { + if (equal) { printf("Signature self-test for %s passed.\n", modestr); } else { printf("Signature self-test for %s failed!\n", modestr); } + return equal ? SECSuccess : SECFailure; } else { if (sigstatus == SECSuccess) { printf("Verification self-test for %s passed.\n", modestr); } else { printf("Verification self-test for %s failed!\n", modestr); } + return sigstatus; } - return sigstatus; } else if (is_hashCipher(mode)) { - if (res == 0) { + if (equal) { printf("Hash self-test for %s passed.\n", modestr); } else { printf("Hash self-test for %s failed!\n", modestr); } } else { if (forward) { - if (res == 0) { + if (equal) { printf("Encryption self-test for %s passed.\n", modestr); } else { printf("Encryption self-test for %s failed!\n", modestr); } } else { - if (res == 0) { + if (equal) { printf("Decryption self-test for %s passed.\n", modestr); } else { printf("Decryption self-test for %s failed!\n", modestr); } } } - return (res != 0); + return equal ? SECSuccess : SECFailure; +} + +static SECStatus +ReadFileToItem(SECItem *dst, const char *filename) +{ + PRFileDesc *file; + SECStatus rv; + + file = PR_Open(filename, PR_RDONLY, 00660); + if (!file) { + return SECFailure; + } + rv = SECU_FileToItem(dst, file); + PR_Close(file); + return rv; } static SECStatus @@ -2991,19 +3007,16 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, int i, j, nummodes, numtests; char *modestr; char filename[256]; - PRFileDesc *file; PLArenaPool *arena; SECItem item; - PRBool finished; SECStatus rv = SECSuccess, srv; PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo)); arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); cipherInfo.arena = arena; - finished = PR_FALSE; nummodes = (numModes == 0) ? NUMMODES : numModes; - for (i=0; i < nummodes && !finished; i++) { + for (i=0; i < nummodes; i++) { if (numModes > 0) mode = modes[i]; else @@ -3017,13 +3030,11 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, params = &cipherInfo.params; /* get the number of tests in the directory */ sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests"); - file = PR_Open(filename, PR_RDONLY, 00660); - if (!file) { - fprintf(stderr, "%s: File %s does not exist.\n", progName,filename); - return SECFailure; + if (ReadFileToItem(&item, filename) != SECSuccess) { + fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename); + rv = SECFailure; + continue; } - rv = SECU_FileToItem(&item, file); - PR_Close(file); /* loop over the tests in the directory */ numtests = 0; for (j=0; j<item.len; j++) { @@ -3048,8 +3059,6 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, ** Align the input buffer (plaintext) according to request ** then perform operation and compare to ciphertext */ - /* XXX for now */ - rv = SECSuccess; if (encrypt) { bltestCopyIO(arena, &cipherInfo.input, &pt); misalignBuffer(arena, &cipherInfo.input, inoff); @@ -3059,11 +3068,10 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, rv |= cipherDoOp(&cipherInfo); rv |= cipherFinish(&cipherInfo); rv |= verify_self_test(&cipherInfo.output, - &ct, mode, PR_TRUE, 0); + &ct, mode, PR_TRUE, SECSuccess); /* If testing hash, only one op to test */ if (is_hashCipher(mode)) continue; - /*if (rv) return rv;*/ if (is_sigCipher(mode)) { /* Verify operations support detached signature files. For ** consistency between tests that run Sign/Verify back to @@ -3079,8 +3087,6 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, } if (!decrypt) continue; - /* XXX for now */ - rv = SECSuccess; /* Reverse Operation (Decrypt/Verify) ** Align the input buffer (ciphertext) according to request ** then perform operation and compare to plaintext @@ -3100,7 +3106,6 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, rv |= cipherFinish(&cipherInfo); rv |= verify_self_test(&cipherInfo.output, &pt, mode, PR_FALSE, srv); - /*if (rv) return rv;*/ } } return rv; @@ -3128,7 +3133,7 @@ dump_file(bltestCipherMode mode, char *filename) load_file_data(arena, &keydata, filename, bltestBase64Encoded); key = dsakey_from_filedata(&keydata.buf); dump_dsakey(key); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC } else if (mode == bltestECDSA) { ECPrivateKey *key; load_file_data(arena, &keydata, filename, bltestBase64Encoded); @@ -3373,7 +3378,7 @@ enum { opt_Key, opt_HexWSpc, opt_Mode, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC opt_CurveName, #endif opt_Output, @@ -3426,7 +3431,7 @@ static secuCommandFlag bltest_options[] = { /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE }, { /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE }, { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE }, #endif { /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE }, @@ -3461,7 +3466,7 @@ int main(int argc, char **argv) bltestCipherInfo *cipherInfoListHead, *cipherInfo; bltestIOMode ioMode; int bufsize, exponent, curThrdNum; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC char *curveName = NULL; #endif int i, commandsEntered; @@ -3605,7 +3610,7 @@ int main(int argc, char **argv) rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff, encrypt, decrypt); PORT_Free(cipherInfo); - return rv; + return rv == SECSuccess ? 0 : 1; } /* Do FIPS self-test */ @@ -3695,7 +3700,7 @@ int main(int argc, char **argv) else exponent = 65537; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (bltest.options[opt_CurveName].activated) curveName = PORT_Strdup(bltest.options[opt_CurveName].arg); else @@ -3783,7 +3788,7 @@ int main(int argc, char **argv) file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660); } params->key.mode = bltestBase64Encoded; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName); #else pubkeyInitKey(cipherInfo, file, keysize, exponent); diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext1 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext1 new file mode 100644 index 0000000..1126bbf --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext1 @@ -0,0 +1 @@ +AzZ2PpZtkllaVnzJzlN/Xg== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext10 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext10 new file mode 100644 index 0000000..c3d443f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext10 @@ -0,0 +1,3 @@ +eykx9YVfcXFF4A8VKp9HlDWbH/yz5V9ZTjMJi1HCOmx0oGwdlP3tf9KuQsfbesrv +WETLM67dxoUlhe0AIKZpnSy1OAnO/RaRSM5CKSr6sGNEOXgwbFgsGLnODaPQhM5N +PEgs/Y/PGoUITon7iLQKCE1elyRm0HZmEm+3YfhAePI= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext11 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext11 new file mode 100644 index 0000000..ae00d8b --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext11 @@ -0,0 +1,3 @@ +sJUS8+/57Q2FiQmDpz2tu3w2eNUlgb5kqKj8WG9JDyUhKXpHigWYBA69D1UJ+vsJ +afnZ5gDq7zOxuT7tmWh7Fn+JpQZarEOc5G87jSLTCGXmTkXvjNMLaYQ1OoRKEcjN +YNug6IZrPuMNJLP6imQ7MoNT4GAQ+oJzyP1U7woraTDlUgquXNWQL5uGozWSykNl diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext12 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext12 new file mode 100644 index 0000000..605a1ba --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext12 @@ -0,0 +1,4 @@ +a+ihKABFWjIFOIU+DLoxvS2A6gyFFkpMXCYa5IVBfZPv/i68DQoLUdbqGGM9IQz2 +PAxN28J2B/LoHtkRMZHvhtVvO5m+bEFaQVApn7hGznFgtAtjuvEXnRknWi6DaYN2 +0ouSVIxo4G5tmU4sFQHtKXAU5wLN7+4vZWRHcGAJYU2AHeHKr3P4t/pWzxupS2MZ +M7vld2JDgIUPEXQ1oDVbKw== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext13 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext13 new file mode 100644 index 0000000..2abf369 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext13 @@ -0,0 +1 @@ +UdRHefkNQKgASCdsA1y0nKKke8ubnPcnC5FEeTeH1T8= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext14 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext14 new file mode 100644 index 0000000..f16428a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext14 @@ -0,0 +1,2 @@ +1fVYl2C/nHYiKP3iNt4fot0trUSNs/qb4MQZbv1Go1yE3RrHfZ21jJWRjLMXpkMK +CNL7ao6LDxybcsejRNw0nw== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext15 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext15 new file mode 100644 index 0000000..ed1cecd --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext15 @@ -0,0 +1,2 @@ +dTlZdL0ys2ZWVKbI45a4iuNLEjV1hyp6tofY52tG35EailkM0B0vXDML46Zibp3T +ql4Q7RTo/4KYEbb+1Q8/UzykOFocvKePXEdE5Q8vg1kWXCSF0TJOdsPq52oMysYp diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext16 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext16 new file mode 100644 index 0000000..8fa8952 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext16 @@ -0,0 +1,3 @@ +gVjiFCDyW1nWrpQ/ocvyHwLpefQZ2rASanIbfu9Vvumtl/XM/30jkFe7wZqMN4FC +92cvHV5+F9e+vLAHDoNVys5mYBcaU7YYFq6CSm72nORwtv/TtbtLQ4h02R0nhU07 +byWGDTholY3jMH1isTOb3duKMYwM4PM8F8rw6fYECCA= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext17 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext17 new file mode 100644 index 0000000..8ca864c --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext17 @@ -0,0 +1,3 @@ +km2ySMwbog8MV2MafIrvCU95GTe5BZSeNGAkDov6b6SDEVobMQtuQ2nK68UmKIg3 +ex3apYAOpJaivf8PmhAx5xKcmiDjViHn8Li6yg2HAw8q58qFk8hZlnegb9SyYAnq +0I/srCTKqc8srTtHDIInQVp7Hg8uqz+tltcKIJyLsmxidnfiUxuUNcpuPERNGVtf diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext18 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext18 new file mode 100644 index 0000000..9b42740 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext18 @@ -0,0 +1,4 @@ +yCzyxHbeqMtqbmB6QNLwORvoLqnshKU3poIPmvuZe3Y5fQBUJPqmp03E6MeqSokA +aQ+JS20dyoBnU5PSJDrax2LxWTAeNX6YtyR2IxDNWnuv4cKgMNukb9k6n9uJzBMs +qcF9xyAx7Ggi7lqdmdvKZseEwBsIhcu2LinZeAGSfsQVpdIVFY0yX57miUN60bdo +StM8DZJzlFGsh/Of+MMbhA== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext19 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext19 new file mode 100644 index 0000000..39bf937 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext19 @@ -0,0 +1 @@ +L6Dfciqf07ZMsY+ys9tV/yJnQidXKJQT+PZXUHQSpkw= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext2 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext2 new file mode 100644 index 0000000..ec069ab --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext2 @@ -0,0 +1 @@ +qaFjG/SZaVTrwJOVeyNFiQ== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext20 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext20 new file mode 100644 index 0000000..d74f0e0 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext20 @@ -0,0 +1,2 @@ +BdXHdylCGwi3N+QRGfpEONH1cMx3Kk1sPff/7aA4TvhCiM43/ExMfRElpJmwUTZM +OJ/WOb3aZH2qO9rasutVlA== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext21 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext21 new file mode 100644 index 0000000..9f3b9ea --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext21 @@ -0,0 +1,2 @@ +rD1tuv4uD3QGMv2eggv2BEzVsVUcu5zAPAslw5zLfzO4Oqz8pAoyZfK7/4eRU0SK +ysuI/Ps7t7EP5GOmjAEJ8Cg4Lj5VexrfAu1kira7iV3wIF0m67+ppf2M69jkvuPc diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext22 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext22 new file mode 100644 index 0000000..b9b5b5c --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext22 @@ -0,0 +1,3 @@ +kLe5YwojePU/UBq3vv8DkVUAgHG8hDjniZMs/T6xKZGVRl5mM4SUY/20Q3Unji/b +ExCCHmSSz4D/Fct3JQn7Qm867uJ71JOIgv0q5rW9nZH6SkOxe7Q5675ZwEIxAWOo +Kl/lOIeW7uNaGBoScfAL4puFLY+nWbrQH/RnjwEFlM0= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext23 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext23 new file mode 100644 index 0000000..e7710c1 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext23 @@ -0,0 +1,3 @@ +AlSyNGO8q+xaOV63TI+w6xN6B7xvXp9h7AsFfeMFcU+PopQiHJGhWcMVk5uB4wDu +kCGS7F8VJUQo2HcveTJOxDKYyiHACzcCc+5eXtkOQ++h4FpdFxIJ/jT58pI326Km +cmZQ/TsTIXR9EgiGPGw8az4th5q18leC8Iuo8qu+Y+C+20oifoGvs2u2ZFUINW00 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext24 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext24 new file mode 100644 index 0000000..d5234aa --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext24 @@ -0,0 +1,4 @@ +/Fhz5Q3o+vTGuEunB7CFTp25qy6ffXB/u6M4xoQ6GPxvrOuvZj0mKW+zKbTSbxhJ +THngnneWR/m6+odIljDXn0MBYQwjAMGdvzFIt8rIxPSUQQJ1TzMukrb3xedbxhee +uHegeNRxkAkCF0TBTxP9KlWiucRNGAAGhahFpPYyx8VqdzBu+maiTQXQiNzXwT/i +T8RHJ1ll255NN/vJMERIzQ== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext3 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext3 new file mode 100644 index 0000000..82c4cd2 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext3 @@ -0,0 +1 @@ +J1z8BBPYzLcFE8OFmx0Pcg== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext4 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext4 new file mode 100644 index 0000000..81714bd --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext4 @@ -0,0 +1 @@ +ybgTX/G1rcQT39BTshvZbQ== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext5 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext5 new file mode 100644 index 0000000..ce9672a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext5 @@ -0,0 +1 @@ +XJ2ETtRvmIUIXl1qT5TH1w== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext6 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext6 new file mode 100644 index 0000000..fc53a4f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext6 @@ -0,0 +1 @@ +qf91vXz2YT03Mcd8O20MBA== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext7 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext7 new file mode 100644 index 0000000..1d6d84b --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext7 @@ -0,0 +1 @@ +xNxh2XJZZ6MCAQSpc48jhoUnzoOaqxdS/YvblagsTQA= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext8 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext8 new file mode 100644 index 0000000..7191a64 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext8 @@ -0,0 +1,2 @@ +Gblgl3LGPzOGCL9utSyhC+ZQl/icHgkFxCQB/Ud5GuLFRAstRzEWyni9n/L7YBXP +0xZSTq59y5Wuc46+roSkZw== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext9 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext9 new file mode 100644 index 0000000..232a691 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext9 @@ -0,0 +1,2 @@ +O4YRv8SXPFzY6YKwc7MxhM0mEQFZFy5EmI61/1ZhoeFvrWclj8v+5VRpJnoS3DdI +k7TjUz029WNMMJVYNZbxNaqM0RONyJi8VlHuNakuv4mrautTZmU7xgpw4AdPwR7+ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv1 b/security/nss/cmd/bltest/tests/aes_cbc/iv1 new file mode 100644 index 0000000..01d633b Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv1 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv10 b/security/nss/cmd/bltest/tests/aes_cbc/iv10 new file mode 100644 index 0000000..58d7a2d --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv10 @@ -0,0 +1 @@ +ù4n\Ð®œXS,Ž \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv11 b/security/nss/cmd/bltest/tests/aes_cbc/iv11 new file mode 100644 index 0000000..6847886 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv11 @@ -0,0 +1 @@ +$_&[vëëÂíÊÄ¢ø \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv12 b/security/nss/cmd/bltest/tests/aes_cbc/iv12 new file mode 100644 index 0000000..15040cd --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv12 @@ -0,0 +1 @@ +»ë/«ŽH¯$J× \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv13 b/security/nss/cmd/bltest/tests/aes_cbc/iv13 new file mode 100644 index 0000000..1bef08a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv13 @@ -0,0 +1 @@ +óÖf~My`÷P[£ë \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv14 b/security/nss/cmd/bltest/tests/aes_cbc/iv14 new file mode 100644 index 0000000..099828f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv14 @@ -0,0 +1 @@ +YÉ Rš9ÀÎ<8 \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv15 b/security/nss/cmd/bltest/tests/aes_cbc/iv15 new file mode 100644 index 0000000..d7a44d9 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv15 @@ -0,0 +1 @@ +6êž¯ïlÃc(FÍ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv16 b/security/nss/cmd/bltest/tests/aes_cbc/iv16 new file mode 100644 index 0000000..678bb8d --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv16 @@ -0,0 +1 @@ +ãÈÐÃ«ÝöOHÛm¿â \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv17 b/security/nss/cmd/bltest/tests/aes_cbc/iv17 new file mode 100644 index 0000000..7ff21ab --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv17 @@ -0,0 +1 @@ +€(3ñE€œÆè< \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv18 b/security/nss/cmd/bltest/tests/aes_cbc/iv18 new file mode 100644 index 0000000..244b502 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv18 @@ -0,0 +1 @@ +$@8,Êà{¶cUÁ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv19 b/security/nss/cmd/bltest/tests/aes_cbc/iv19 new file mode 100644 index 0000000..919e165 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv19 @@ -0,0 +1 @@ +ýê¡4È×7EquýWÓü \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv2 b/security/nss/cmd/bltest/tests/aes_cbc/iv2 new file mode 100644 index 0000000..01d633b Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv2 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv20 b/security/nss/cmd/bltest/tests/aes_cbc/iv20 new file mode 100644 index 0000000..c49bf8f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv20 @@ -0,0 +1 @@ +ÀÍ+ëÌ»lIÕH*ÇVè \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv21 b/security/nss/cmd/bltest/tests/aes_cbc/iv21 new file mode 100644 index 0000000..6452e3d --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv21 @@ -0,0 +1,2 @@ +³Ëš +SžÂE; \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv22 b/security/nss/cmd/bltest/tests/aes_cbc/iv22 new file mode 100644 index 0000000..42b7bd3 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv22 @@ -0,0 +1 @@ +LïüYcÔY`&u>I \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv23 b/security/nss/cmd/bltest/tests/aes_cbc/iv23 new file mode 100644 index 0000000..99b2249 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv23 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv24 b/security/nss/cmd/bltest/tests/aes_cbc/iv24 new file mode 100644 index 0000000..0104daf --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv24 @@ -0,0 +1 @@ +ÖÕžÏëÓ¶ê¡µ?~á \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv3 b/security/nss/cmd/bltest/tests/aes_cbc/iv3 new file mode 100644 index 0000000..01d633b Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv3 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv4 b/security/nss/cmd/bltest/tests/aes_cbc/iv4 new file mode 100644 index 0000000..01d633b Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv4 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv5 b/security/nss/cmd/bltest/tests/aes_cbc/iv5 new file mode 100644 index 0000000..01d633b Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv5 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv6 b/security/nss/cmd/bltest/tests/aes_cbc/iv6 new file mode 100644 index 0000000..01d633b Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/iv6 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv7 b/security/nss/cmd/bltest/tests/aes_cbc/iv7 new file mode 100644 index 0000000..524d1b9 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv7 @@ -0,0 +1 @@ +ªÑX<Ùeã»/40Ðe» \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv8 b/security/nss/cmd/bltest/tests/aes_cbc/iv8 new file mode 100644 index 0000000..f58e954 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv8 @@ -0,0 +1 @@ +È ]± `i|J \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv9 b/security/nss/cmd/bltest/tests/aes_cbc/iv9 new file mode 100644 index 0000000..d6c4782 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv9 @@ -0,0 +1 @@ +eµî60ŸÖžBÙ¹z \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key1 b/security/nss/cmd/bltest/tests/aes_cbc/key1 new file mode 100644 index 0000000..01d633b Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key1 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key10 b/security/nss/cmd/bltest/tests/aes_cbc/key10 new file mode 100644 index 0000000..3cdff7a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key10 @@ -0,0 +1 @@ +ÄÊ1ùE)©%ìUx \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key11 b/security/nss/cmd/bltest/tests/aes_cbc/key11 new file mode 100644 index 0000000..4a13040 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key11 @@ -0,0 +1 @@ +öè}q°Mn°jhÜjqô \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key12 b/security/nss/cmd/bltest/tests/aes_cbc/key12 new file mode 100644 index 0000000..0a0103d --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key12 @@ -0,0 +1 @@ +,A7QÃ'0W£6xk \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key13 b/security/nss/cmd/bltest/tests/aes_cbc/key13 new file mode 100644 index 0000000..87ae208 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key13 @@ -0,0 +1 @@ +ê³±Xšsá«»øQû.k! \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key14 b/security/nss/cmd/bltest/tests/aes_cbc/key14 new file mode 100644 index 0000000..de4da4d --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key14 @@ -0,0 +1 @@ +{±{M÷i~¬ÏâËuæy|é5Ë \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key15 b/security/nss/cmd/bltest/tests/aes_cbc/key15 new file mode 100644 index 0000000..b13351f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key15 @@ -0,0 +1 @@ +ãþÌuðZ ³ßÓ£Ó<ÉžT³²TÀô \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key16 b/security/nss/cmd/bltest/tests/aes_cbc/key16 new file mode 100644 index 0000000..71afcb3 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key16 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key17 b/security/nss/cmd/bltest/tests/aes_cbc/key17 new file mode 100644 index 0000000..291b89b --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key17 @@ -0,0 +1 @@ +ŒŠú<gý)NfþÖOEô(õŒ3§ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key18 b/security/nss/cmd/bltest/tests/aes_cbc/key18 new file mode 100644 index 0000000..9c28957 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key18 @@ -0,0 +1 @@ +*ÕæJªUWíÁk,jMK^î \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key19 b/security/nss/cmd/bltest/tests/aes_cbc/key19 new file mode 100644 index 0000000..f0ca408 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key19 @@ -0,0 +1 @@ +ÜâlkLû(eÚNìÒÏþlßC3Û_wŽ`gÔ® \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key2 b/security/nss/cmd/bltest/tests/aes_cbc/key2 new file mode 100644 index 0000000..01d633b Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key2 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key20 b/security/nss/cmd/bltest/tests/aes_cbc/key20 new file mode 100644 index 0000000..ce28587 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key20 @@ -0,0 +1 @@ +ÿcq¯j[¬ßZ=K¯Ñ¯µsŸzÞæcå \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key21 b/security/nss/cmd/bltest/tests/aes_cbc/key21 new file mode 100644 index 0000000..1b1a9bc --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key21 @@ -0,0 +1,2 @@ +sžúð3¬\öùéäi +Y€MÏHÒú®* \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key22 b/security/nss/cmd/bltest/tests/aes_cbc/key22 new file mode 100644 index 0000000..4b23daa --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key22 @@ -0,0 +1 @@ +Eg¿!- ó¥Î9 eX-Îûóª"8«R& \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key23 b/security/nss/cmd/bltest/tests/aes_cbc/key23 new file mode 100644 index 0000000..cc1b48f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key23 @@ -0,0 +1 @@ +ÒA-°]ås+œd)WG;ûÊÿpçÁÛì \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key24 b/security/nss/cmd/bltest/tests/aes_cbc/key24 new file mode 100644 index 0000000..cf579fc --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key24 @@ -0,0 +1 @@ +HŸY~c,w#$ÈÓúZÍì];þÃvÅS+ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key3 b/security/nss/cmd/bltest/tests/aes_cbc/key3 new file mode 100644 index 0000000..4ac5fc6 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key3 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key4 b/security/nss/cmd/bltest/tests/aes_cbc/key4 new file mode 100644 index 0000000..4ac5fc6 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key4 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key5 b/security/nss/cmd/bltest/tests/aes_cbc/key5 new file mode 100644 index 0000000..4e4e493 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key5 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key6 b/security/nss/cmd/bltest/tests/aes_cbc/key6 new file mode 100644 index 0000000..4e4e493 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key6 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key7 b/security/nss/cmd/bltest/tests/aes_cbc/key7 new file mode 100644 index 0000000..c1e46ce Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/key7 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key8 b/security/nss/cmd/bltest/tests/aes_cbc/key8 new file mode 100644 index 0000000..804b8d4 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key8 @@ -0,0 +1 @@ +·óÉWnÝ¶>¬+9 \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key9 b/security/nss/cmd/bltest/tests/aes_cbc/key9 new file mode 100644 index 0000000..193a2a1 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key9 @@ -0,0 +1 @@ +»ç·ºOñ®|4þF^ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/mktst.sh b/security/nss/cmd/bltest/tests/aes_cbc/mktst.sh new file mode 100644 index 0000000..443167e --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/mktst.sh @@ -0,0 +1,11 @@ +#!/bin/sh +for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 +do + file="test$i.txt" + grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i + grep "IV = " $file | sed -e 's;IV = ;;' | hex > iv$i + grep "PLAINTEXT = " $file | sed -e 's;PLAINTEXT = ;;' | hex > plaintext$i + grep "CIPHERTEXT = " $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin + btoa < ciphertext$i.bin > ciphertext$i + rm ciphertext$i.bin +done diff --git a/security/nss/cmd/bltest/tests/aes_cbc/numtests b/security/nss/cmd/bltest/tests/aes_cbc/numtests index d00491f..7273c0f 100644 --- a/security/nss/cmd/bltest/tests/aes_cbc/numtests +++ b/security/nss/cmd/bltest/tests/aes_cbc/numtests @@ -1 +1 @@ -1 +25 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext1 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext1 new file mode 100644 index 0000000..8bac1b7 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext1 @@ -0,0 +1 @@ +óDì<Æ'ºÍ]Ãûòsæ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext10 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext10 new file mode 100644 index 0000000..779400b --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext10 @@ -0,0 +1,2 @@ +Ëjx~ìVù¡e¯3lŠŽÙé@ÆQRd.My¬^{Ò§Lå®.èTöS +ykÔÉüÛÇËïMîžvÑ÷â€üGÝfßlMŸPäfTG¶6ŒÇÂ³Š$µk¶{mE_ëÙ¿ïìŒŠÇó5ÏÎEË \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext11 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext11 new file mode 100644 index 0000000..c226c29 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext11 @@ -0,0 +1 @@ +ø+ï<sŠ÷ø²rmi¶¿UîÂZ; àD_&¹»;£ÑnMØòåøìŽämt§§ Íü{ÌG§ Êº8#ÐÀQÕÙãÝÎnkKÔ«ÏØ®ß¡Ï; g¹}wmÎn~?tHãDP¯6œáS6Ó\Ôä?ÛO) \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext12 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext12 new file mode 100644 index 0000000..357fd2c --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext12 @@ -0,0 +1 @@ +@Ù0ù S4Ùoâ? ?jWšÄuÉESÑÑi:ÜaIð§i¢îÖŠËÀ>ÅÌÍŒìLå`ÏÒ"W 2mMçTÖÐ×þ×Rû#ñªDû°0éÞÔç~7Ày-@Ã%±¥ïÑ_ÈBä@ÊCt¿8óÃü>ã's;îŒÐUw/Ü`?{,Šöb6+à¡q»Üê]? \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext13 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext13 new file mode 100644 index 0000000..88c5250 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext13 @@ -0,0 +1 @@ +NLÌÑh#!mðiãñÆú9:°-YÛtÁ@³¬Ä \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext14 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext14 new file mode 100644 index 0000000..c42aec2 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext14 @@ -0,0 +1 @@ +Û7šŽœ8wTÚ"/L-+þyà[Éû©AŸê0ñ#¬ðFìÃhéüŠ·ÅIyÒœyïõO \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext15 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext15 new file mode 100644 index 0000000..1266255 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext15 @@ -0,0 +1 @@ +/_:X Õ:kêªd1:4ôë°õµ~ø8áW#;ÖæwS.Qïp<IVC.æ£NB²jØœ®l*ùŠÇo;`ÒgAñÉôà=JR° eJ3óMÎ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext16 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext16 new file mode 100644 index 0000000..6348620 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext16 @@ -0,0 +1 @@ +Á£vû(gÝ,ïº»Òî$ÏÑDYmí&Ç/qz2¿j$ºÝ2€îc|s·€Š%5eûúEœü<±"bA³ÞÎØj¥šÓèpà€KÀWÔ# Ö"©?©Ú)ªíõÙèvÉF _øìÈ?'7Õ\ôÅy' \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext17 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext17 new file mode 100644 index 0000000..6343a1a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext17 @@ -0,0 +1,2 @@ +[ìŒ1ØŸm6®JXcÑJCkUÒŠºªArqqm³£;.PkE ßæJÂÞ0ŒA%NÅ@Ä}B7Çy/Ü×Mò±ufBÕu©/kÅ=2jé¥·á± +VWFM9ü9 ?~ß~dêÝ1 @pèŽkÊ+@EPé3w5B ôÞÞ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext18 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext18 new file mode 100644 index 0000000..4858130 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/plaintext18 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext19 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext19 new file mode 100644 index 0000000..0d6ad5e Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/plaintext19 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext2 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext2 new file mode 100644 index 0000000..b2153e2 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext2 @@ -0,0 +1 @@ +ÄduÇÃ"}¹Nr \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext20 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext20 new file mode 100644 index 0000000..6873047 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext20 @@ -0,0 +1 @@ +7ùô»%kæ1sÈÜXêÿI¶C{4É¿ð©OíÖ5&«Âzanî%JŽV}ÖÍL8¬V;c \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext21 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext21 new file mode 100644 index 0000000..22bfbac --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext21 @@ -0,0 +1 @@ +:ÞŠànBÄðAòw^ö7°$^ÜOdHâ2[`Ð4[xßeì"·¹çn<v³-]g'?þzoÃÝ<IpúW³Ÿ¬aŽð©á?F@ÄPÓzß°® \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext22 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext22 new file mode 100644 index 0000000..a36a7f9 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/plaintext22 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext23 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext23 new file mode 100644 index 0000000..5201604 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/plaintext23 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext24 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext24 new file mode 100644 index 0000000..42c59ea Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_cbc/plaintext24 differ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext3 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext3 new file mode 100644 index 0000000..b565f3a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext3 @@ -0,0 +1 @@ +zjô·ù)Þxmu¶9 \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext4 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext4 new file mode 100644 index 0000000..9ef1cbb --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext4 @@ -0,0 +1 @@ +-BåôWdÓ#ñ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext5 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext5 new file mode 100644 index 0000000..767e9f4 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext5 @@ -0,0 +1,2 @@ +G0ø +Æ%þð&ÆýT} \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext6 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext6 new file mode 100644 index 0000000..e8537b6 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext6 @@ -0,0 +1 @@ +$¯6<äf_(%×Žt \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext7 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext7 new file mode 100644 index 0000000..b3b7284 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext7 @@ -0,0 +1 @@ +%Ç¿±øœÔÏÉöÿÅÝÇ&¡ðå÷ ÷092yŸ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext8 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext8 new file mode 100644 index 0000000..32b0833 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext8 @@ -0,0 +1 @@ +ÁTÎ³TÓ"`÷7?Ó6$ýän¿í.yZnœÄiÞÀAr+ÚŒ²,è¡FWÚ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext9 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext9 new file mode 100644 index 0000000..ba4b455 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext9 @@ -0,0 +1,2 @@ +*,CVtGFÓÚÀT4m&þÝŒœ@ŽyKâ© +QQ¥µ@ôí'5H²CN©»`þSv7%¶(ÕsQ·î:ï¯ÅŽÁ¿Ddgç¿_xó÷Êñ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test1.txt b/security/nss/cmd/bltest/tests/aes_cbc/test1.txt new file mode 100644 index 0000000..1d46380 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test1.txt @@ -0,0 +1,5 @@ +COUNT = 0 +KEY = 00000000000000000000000000000000 +IV = 00000000000000000000000000000000 +PLAINTEXT = f34481ec3cc627bacd5dc3fb08f273e6 +CIPHERTEXT = 0336763e966d92595a567cc9ce537f5e diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test10.txt b/security/nss/cmd/bltest/tests/aes_cbc/test10.txt new file mode 100644 index 0000000..e220c90 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test10.txt @@ -0,0 +1,5 @@ +COUNT = 7 +KEY = c491ca31f91708458e29a925ec558d78 +IV = 9ef934946e5cd0ae97bd58532cb49381 +PLAINTEXT = cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d +CIPHERTEXT = 7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test11.txt b/security/nss/cmd/bltest/tests/aes_cbc/test11.txt new file mode 100644 index 0000000..4eb4383b --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test11.txt @@ -0,0 +1,5 @@ +COUNT = 8 +KEY = f6e87d71b0104d6eb06a68dc6a71f498 +IV = 1c245f26195b76ebebc2edcac412a2f8 +PLAINTEXT = f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729 +CIPHERTEXT = b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test12.txt b/security/nss/cmd/bltest/tests/aes_cbc/test12.txt new file mode 100644 index 0000000..1b2c7aa --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test12.txt @@ -0,0 +1,5 @@ +COUNT = 9 +KEY = 2c14413751c31e2730570ba3361c786b +IV = 1dbbeb2f19abb448af849796244a19d7 +PLAINTEXT = 40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f +CIPHERTEXT = 6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test13.txt b/security/nss/cmd/bltest/tests/aes_cbc/test13.txt new file mode 100644 index 0000000..344157f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test13.txt @@ -0,0 +1,5 @@ +COUNT = 1 +KEY = eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21 +IV = f3d6667e8d4d791e60f7505ba383eb05 +PLAINTEXT = 9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4 +CIPHERTEXT = 51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test14.txt b/security/nss/cmd/bltest/tests/aes_cbc/test14.txt new file mode 100644 index 0000000..c548ceb --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test14.txt @@ -0,0 +1,5 @@ +COUNT = 3 +KEY = 067bb17b4df785697eaccf961f98e212cb75e6797ce935cb +IV = 8b59c9209c529ca8391c9fc0ce033c38 +PLAINTEXT = db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f +CIPHERTEXT = d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test15.txt b/security/nss/cmd/bltest/tests/aes_cbc/test15.txt new file mode 100644 index 0000000..71e0f1c --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test15.txt @@ -0,0 +1,5 @@ +COUNT = 5 +KEY = e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4 +IV = 36eab883afef936cc38f63284619cd19 +PLAINTEXT = 931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce +CIPHERTEXT = 75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test16.txt b/security/nss/cmd/bltest/tests/aes_cbc/test16.txt new file mode 100644 index 0000000..60e6e58 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test16.txt @@ -0,0 +1,5 @@ +COUNT = 7 +KEY = fb09cf9e00dbf883689d079c920077c0073c31890b55bab5 +IV = e3c89bd097c3abddf64f4881db6dbfe2 +PLAINTEXT = c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27 +CIPHERTEXT = 8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test17.txt b/security/nss/cmd/bltest/tests/aes_cbc/test17.txt new file mode 100644 index 0000000..262b055 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test17.txt @@ -0,0 +1,5 @@ +COUNT = 8 +KEY = bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7 +IV = 92a47f2833f1450d1da41717bdc6e83c +PLAINTEXT = 5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede +CIPHERTEXT = 926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test18.txt b/security/nss/cmd/bltest/tests/aes_cbc/test18.txt new file mode 100644 index 0000000..50a2966 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test18.txt @@ -0,0 +1,5 @@ +COUNT = 9 +KEY = 162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee +IV = 24408038161a2ccae07b029bb66355c1 +PLAINTEXT = be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae +CIPHERTEXT = c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test19.txt b/security/nss/cmd/bltest/tests/aes_cbc/test19.txt new file mode 100644 index 0000000..a38ed01 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test19.txt @@ -0,0 +1,5 @@ +COUNT = 1 +KEY = dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae +IV = fdeaa134c8d7379d457175fd1a57d3fc +PLAINTEXT = 50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00 +CIPHERTEXT = 2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test2.txt b/security/nss/cmd/bltest/tests/aes_cbc/test2.txt new file mode 100644 index 0000000..d9b681b --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test2.txt @@ -0,0 +1,5 @@ +COUNT = 1 +KEY = 00000000000000000000000000000000 +IV = 00000000000000000000000000000000 +PLAINTEXT = 9798c4640bad75c7c3227db910174e72 +CIPHERTEXT = a9a1631bf4996954ebc093957b234589 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test20.txt b/security/nss/cmd/bltest/tests/aes_cbc/test20.txt new file mode 100644 index 0000000..a0586e1 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test20.txt @@ -0,0 +1,5 @@ +COUNT = 3 +KEY = 0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5 +IV = c0cd2bebccbb6c49920bd5482ac756e8 +PLAINTEXT = 8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c +CIPHERTEXT = 05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test21.txt b/security/nss/cmd/bltest/tests/aes_cbc/test21.txt new file mode 100644 index 0000000..06abcde --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test21.txt @@ -0,0 +1,5 @@ +COUNT = 5 +KEY = 73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a +IV = b3cb97a80a539912b8c21f450d3b9395 +PLAINTEXT = 3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10 +CIPHERTEXT = ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test22.txt b/security/nss/cmd/bltest/tests/aes_cbc/test22.txt new file mode 100644 index 0000000..991068f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test22.txt @@ -0,0 +1,5 @@ +COUNT = 7 +KEY = 458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d +IV = 4c12effc5963d40459602675153e9649 +PLAINTEXT = 256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa +CIPHERTEXT = 90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test23.txt b/security/nss/cmd/bltest/tests/aes_cbc/test23.txt new file mode 100644 index 0000000..aa6b7d0 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test23.txt @@ -0,0 +1,5 @@ +COUNT = 8 +KEY = d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89 +IV = 51c619fcf0b23f0c7925f400a6cacb6d +PLAINTEXT = 026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803 +CIPHERTEXT = 0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test24.txt b/security/nss/cmd/bltest/tests/aes_cbc/test24.txt new file mode 100644 index 0000000..231fcd1 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test24.txt @@ -0,0 +1,5 @@ +COUNT = 9 +KEY = 48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b +IV = d6d581b8cf04ebd3b6eaa1b53f047ee1 +PLAINTEXT = 0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8 +CIPHERTEXT = fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test3.txt b/security/nss/cmd/bltest/tests/aes_cbc/test3.txt new file mode 100644 index 0000000..bdbc91b --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test3.txt @@ -0,0 +1,5 @@ +COUNT = 0 +KEY = 000000000000000000000000000000000000000000000000 +IV = 00000000000000000000000000000000 +PLAINTEXT = 1b077a6af4b7f98229de786d7516b639 +CIPHERTEXT = 275cfc0413d8ccb70513c3859b1d0f72 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test4.txt b/security/nss/cmd/bltest/tests/aes_cbc/test4.txt new file mode 100644 index 0000000..764b095 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test4.txt @@ -0,0 +1,5 @@ +COUNT = 1 +KEY = 000000000000000000000000000000000000000000000000 +IV = 00000000000000000000000000000000 +PLAINTEXT = 9c2d8842e5f48f57648205d39a239af1 +CIPHERTEXT = c9b8135ff1b5adc413dfd053b21bd96d diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test5.txt b/security/nss/cmd/bltest/tests/aes_cbc/test5.txt new file mode 100644 index 0000000..8a58240 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test5.txt @@ -0,0 +1,5 @@ +COUNT = 0 +KEY = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 00000000000000000000000000000000 +PLAINTEXT = 014730f80ac625fe84f026c60bfd547d +CIPHERTEXT = 5c9d844ed46f9885085e5d6a4f94c7d7 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test6.txt b/security/nss/cmd/bltest/tests/aes_cbc/test6.txt new file mode 100644 index 0000000..aa97489 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test6.txt @@ -0,0 +1,5 @@ +COUNT = 1 +KEY = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 00000000000000000000000000000000 +PLAINTEXT = 0b24af36193ce4665f2825d7b4749c98 +CIPHERTEXT = a9ff75bd7cf6613d3731c77c3b6d0c04 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test7.txt b/security/nss/cmd/bltest/tests/aes_cbc/test7.txt new file mode 100644 index 0000000..734c8c2 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test7.txt @@ -0,0 +1,5 @@ +COUNT = 1 +KEY = 0700d603a1c514e46b6191ba430a3a0c +IV = aad1583cd91365e3bb2f0c3430d065bb +PLAINTEXT = 068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91 +CIPHERTEXT = c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test8.txt b/security/nss/cmd/bltest/tests/aes_cbc/test8.txt new file mode 100644 index 0000000..ed628c9 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test8.txt @@ -0,0 +1,5 @@ +COUNT = 3 +KEY = b7f3c9576e12dd0db63e8f8fac2b9a39 +IV = c80f095d8bb1a060699f7c19974a1aa0 +PLAINTEXT = 9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e +CIPHERTEXT = 19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/test9.txt b/security/nss/cmd/bltest/tests/aes_cbc/test9.txt new file mode 100644 index 0000000..16bc6d6 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/test9.txt @@ -0,0 +1,5 @@ +COUNT = 5 +KEY = bbe7b7ba07124ff1ae7c3416fe8b465e +IV = 7f65b5ee3630bed6b84202d97fb97a1e +PLAINTEXT = 2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187 +CIPHERTEXT = 3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext1 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext1 new file mode 100644 index 0000000..1126bbf --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext1 @@ -0,0 +1 @@ +AzZ2PpZtkllaVnzJzlN/Xg== diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext2 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext2 new file mode 100644 index 0000000..ec069ab --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext2 @@ -0,0 +1 @@ +qaFjG/SZaVTrwJOVeyNFiQ== diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext3 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext3 new file mode 100644 index 0000000..82c4cd2 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext3 @@ -0,0 +1 @@ +J1z8BBPYzLcFE8OFmx0Pcg== diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext4 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext4 new file mode 100644 index 0000000..81714bd --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext4 @@ -0,0 +1 @@ +ybgTX/G1rcQT39BTshvZbQ== diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext5 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext5 new file mode 100644 index 0000000..ce9672a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext5 @@ -0,0 +1 @@ +XJ2ETtRvmIUIXl1qT5TH1w== diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext6 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext6 new file mode 100644 index 0000000..fc53a4f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext6 @@ -0,0 +1 @@ +qf91vXz2YT03Mcd8O20MBA== diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key1 b/security/nss/cmd/bltest/tests/aes_ecb/key1 new file mode 100644 index 0000000..01d633b Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key1 differ diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key2 b/security/nss/cmd/bltest/tests/aes_ecb/key2 new file mode 100644 index 0000000..01d633b Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key2 differ diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key3 b/security/nss/cmd/bltest/tests/aes_ecb/key3 new file mode 100644 index 0000000..4ac5fc6 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key3 differ diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key4 b/security/nss/cmd/bltest/tests/aes_ecb/key4 new file mode 100644 index 0000000..4ac5fc6 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key4 differ diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key5 b/security/nss/cmd/bltest/tests/aes_ecb/key5 new file mode 100644 index 0000000..4e4e493 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key5 differ diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key6 b/security/nss/cmd/bltest/tests/aes_ecb/key6 new file mode 100644 index 0000000..4e4e493 Binary files /dev/null and b/security/nss/cmd/bltest/tests/aes_ecb/key6 differ diff --git a/security/nss/cmd/bltest/tests/aes_ecb/mktst.sh b/security/nss/cmd/bltest/tests/aes_ecb/mktst.sh new file mode 100644 index 0000000..6d46509 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/mktst.sh @@ -0,0 +1,10 @@ +#!/bin/sh +for i in 1 2 3 4 5 6 +do + file="test$i.txt" + grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i + grep "PLAINTEXT = " $file | sed -e 's;PLAINTEXT = ;;' | hex > plaintext$i + grep "CIPHERTEXT = " $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin + btoa < ciphertext$i.bin > ciphertext$i + rm ciphertext$i.bin +done diff --git a/security/nss/cmd/bltest/tests/aes_ecb/numtests b/security/nss/cmd/bltest/tests/aes_ecb/numtests index d00491f..7f8f011 100644 --- a/security/nss/cmd/bltest/tests/aes_ecb/numtests +++ b/security/nss/cmd/bltest/tests/aes_ecb/numtests @@ -1 +1 @@ -1 +7 diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext1 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext1 new file mode 100644 index 0000000..8bac1b7 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext1 @@ -0,0 +1 @@ +óDì<Æ'ºÍ]Ãûòsæ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext2 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext2 new file mode 100644 index 0000000..b2153e2 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext2 @@ -0,0 +1 @@ +ÄduÇÃ"}¹Nr \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext3 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext3 new file mode 100644 index 0000000..b565f3a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext3 @@ -0,0 +1 @@ +zjô·ù)Þxmu¶9 \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext4 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext4 new file mode 100644 index 0000000..9ef1cbb --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext4 @@ -0,0 +1 @@ +-BåôWdÓ#ñ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext5 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext5 new file mode 100644 index 0000000..767e9f4 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext5 @@ -0,0 +1,2 @@ +G0ø +Æ%þð&ÆýT} \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext6 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext6 new file mode 100644 index 0000000..e8537b6 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/plaintext6 @@ -0,0 +1 @@ +$¯6<äf_(%×Žt \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test1.txt b/security/nss/cmd/bltest/tests/aes_ecb/test1.txt new file mode 100644 index 0000000..96a2adb --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/test1.txt @@ -0,0 +1,4 @@ +COUNT = 0 +KEY = 00000000000000000000000000000000 +PLAINTEXT = f34481ec3cc627bacd5dc3fb08f273e6 +CIPHERTEXT = 0336763e966d92595a567cc9ce537f5e diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test2.txt b/security/nss/cmd/bltest/tests/aes_ecb/test2.txt new file mode 100644 index 0000000..a01daae --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/test2.txt @@ -0,0 +1,4 @@ +COUNT = 1 +KEY = 00000000000000000000000000000000 +PLAINTEXT = 9798c4640bad75c7c3227db910174e72 +CIPHERTEXT = a9a1631bf4996954ebc093957b234589 diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test3.txt b/security/nss/cmd/bltest/tests/aes_ecb/test3.txt new file mode 100644 index 0000000..803c23c --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/test3.txt @@ -0,0 +1,4 @@ +COUNT = 0 +KEY = 000000000000000000000000000000000000000000000000 +PLAINTEXT = 1b077a6af4b7f98229de786d7516b639 +CIPHERTEXT = 275cfc0413d8ccb70513c3859b1d0f72 diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test4.txt b/security/nss/cmd/bltest/tests/aes_ecb/test4.txt new file mode 100644 index 0000000..e567fab --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/test4.txt @@ -0,0 +1,4 @@ +COUNT = 1 +KEY = 000000000000000000000000000000000000000000000000 +PLAINTEXT = 9c2d8842e5f48f57648205d39a239af1 +CIPHERTEXT = c9b8135ff1b5adc413dfd053b21bd96d diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test5.txt b/security/nss/cmd/bltest/tests/aes_ecb/test5.txt new file mode 100644 index 0000000..c96940e --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/test5.txt @@ -0,0 +1,4 @@ +COUNT = 0 +KEY = 0000000000000000000000000000000000000000000000000000000000000000 +PLAINTEXT = 014730f80ac625fe84f026c60bfd547d +CIPHERTEXT = 5c9d844ed46f9885085e5d6a4f94c7d7 diff --git a/security/nss/cmd/bltest/tests/aes_ecb/test6.txt b/security/nss/cmd/bltest/tests/aes_ecb/test6.txt new file mode 100644 index 0000000..d8d0058 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_ecb/test6.txt @@ -0,0 +1,4 @@ +COUNT = 1 +KEY = 0000000000000000000000000000000000000000000000000000000000000000 +PLAINTEXT = 0b24af36193ce4665f2825d7b4749c98 +CIPHERTEXT = a9ff75bd7cf6613d3731c77c3b6d0c04 diff --git a/security/nss/cmd/btoa/btoa.c b/security/nss/cmd/btoa/btoa.c index 7cee58a..9416feb 100644 --- a/security/nss/cmd/btoa/btoa.c +++ b/security/nss/cmd/btoa/btoa.c @@ -92,6 +92,10 @@ static void Usage(char *progName) "-i input"); fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", "-o output"); + fprintf(stderr, "%-20s Wrap output in BEGIN/END lines and the given suffix\n", + "-w suffix"); + fprintf(stderr, "%-20s (use \"c\" as a shortcut for suffix CERTIFICATE)\n", + ""); exit(-1); } @@ -102,6 +106,7 @@ int main(int argc, char **argv) FILE *inFile, *outFile; PLOptState *optstate; PLOptStatus status; + char *suffix = NULL; inFile = 0; outFile = 0; @@ -111,7 +116,7 @@ int main(int argc, char **argv) progName = progName ? progName+1 : argv[0]; /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); + optstate = PL_CreateOptState(argc, argv, "i:o:w:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { default: @@ -135,6 +140,13 @@ int main(int argc, char **argv) return -1; } break; + + case 'w': + if (!strcmp(optstate->value, "c")) + suffix = strdup("CERTIFICATE"); + else + suffix = strdup(optstate->value); + break; } } if (status == PL_OPT_BAD) @@ -171,11 +183,17 @@ int main(int argc, char **argv) #endif outFile = stdout; } + if (suffix) { + fprintf(outFile, "-----BEGIN %s-----\n", suffix); + } rv = encode_file(outFile, inFile); if (rv != SECSuccess) { fprintf(stderr, "%s: lossage: error=%d errno=%d\n", progName, PORT_GetError(), errno); return -1; } + if (suffix) { + fprintf(outFile, "-----END %s-----\n", suffix); + } return 0; } diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c index ea42370..a87b4b1 100644 --- a/security/nss/cmd/certutil/certext.c +++ b/security/nss/cmd/certutil/certext.c @@ -27,6 +27,8 @@ #include "xconst.h" #include "prprf.h" #include "certutil.h" +#include "genname.h" +#include "prnetdb.h" #define GEN_BREAK(e) rv=e; break; @@ -665,53 +667,213 @@ AddNscpCertType (void *extHandle, const char *userSuppliedValue) } +SECStatus +GetOidFromString(PLArenaPool *arena, SECItem *to, + const char *from, size_t fromLen) +{ + SECStatus rv; + SECOidTag tag; + SECOidData *coid; + + /* try dotted form first */ + rv = SEC_StringToOID(arena, to, from, fromLen); + if (rv == SECSuccess) { + return rv; + } + + /* Check to see if it matches a name in our oid table. + * SECOID_FindOIDByTag returns NULL if tag is out of bounds. + */ + tag = SEC_OID_UNKNOWN; + coid = SECOID_FindOIDByTag(tag); + for ( ; coid; coid = SECOID_FindOIDByTag(++tag)) { + if (PORT_Strncasecmp(from, coid->desc, fromLen) == 0) { + break; + } + } + if (coid == NULL) { + /* none found */ + return SECFailure; + } + return SECITEM_CopyItem(arena, to, &coid->oid); +} + static SECStatus AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp, - const char *names, CERTGeneralNameType type) + const char *constNames, CERTGeneralNameType type) { CERTGeneralName *nameList = NULL; CERTGeneralName *current = NULL; PRCList *prev = NULL; - const char *cp; - char *tbuf; + char *cp, *nextName = NULL; SECStatus rv = SECSuccess; + PRBool readTypeFromName = (PRBool) (type == 0); + char *names = NULL; + + if (constNames) + names = PORT_Strdup(constNames); + + if (names == NULL) { + return SECFailure; + } /* * walk down the comma separated list of names. NOTE: there is * no sanity checks to see if the email address look like * email addresses. + * + * Each name may optionally be prefixed with a type: string. + * If it isn't, the type from the previous name will be used. + * If there wasn't a previous name yet, the type given + * as a parameter to this function will be used. + * If the type value is zero (undefined), we'll fail. */ - for (cp=names; cp; cp = PORT_Strchr(cp,',')) { + for (cp=names; cp; cp=nextName) { int len; - char *end; - + char *oidString; + char *nextComma; + CERTName *name; + PRStatus status; + unsigned char *data; + PRNetAddr addr; + + nextName = NULL; if (*cp == ',') { cp++; } - end = PORT_Strchr(cp,','); - len = end ? end-cp : PORT_Strlen(cp); - if (len <= 0) { + nextComma = PORT_Strchr(cp, ','); + if (nextComma) { + *nextComma = 0; + nextName = nextComma+1; + } + if ((*cp) == 0) { continue; } - tbuf = PORT_ArenaAlloc(arena,len+1); - PORT_Memcpy(tbuf,cp,len); - tbuf[len] = 0; - current = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName)); + if (readTypeFromName) { + char *save=cp; + /* Because we already replaced nextComma with end-of-string, + * a found colon belongs to the current name */ + cp = PORT_Strchr(cp, ':'); + if (cp) { + *cp = 0; + cp++; + type = CERT_GetGeneralNameTypeFromString(save); + if (*cp == 0) { + continue; + } + } else { + if (type == 0) { + /* no type known yet */ + rv = SECFailure; + break; + } + cp = save; + } + } + + current = PORT_ArenaZNew(arena, CERTGeneralName); if (!current) { rv = SECFailure; break; } + + current->type = type; + switch (type) { + /* string types */ + case certRFC822Name: + case certDNSName: + case certURI: + current->name.other.data = + (unsigned char *) PORT_ArenaStrdup(arena,cp); + current->name.other.len = PORT_Strlen(cp); + break; + /* unformated data types */ + case certX400Address: + case certEDIPartyName: + /* turn a string into a data and len */ + rv = SECFailure; /* punt on these for now */ + fprintf(stderr,"EDI Party Name and X.400 Address not supported\n"); + break; + case certDirectoryName: + /* certDirectoryName */ + name = CERT_AsciiToName(cp); + if (name == NULL) { + rv = SECFailure; + fprintf(stderr, "Invalid Directory Name (\"%s\")\n", cp); + break; + } + rv = CERT_CopyName(arena,&current->name.directoryName,name); + CERT_DestroyName(name); + break; + /* types that require more processing */ + case certIPAddress: + /* convert the string to an ip address */ + status = PR_StringToNetAddr(cp, &addr); + if (status != PR_SUCCESS) { + rv = SECFailure; + fprintf(stderr, "Invalid IP Address (\"%s\")\n", cp); + break; + } + + if (PR_NetAddrFamily(&addr) == PR_AF_INET) { + len = sizeof(addr.inet.ip); + data = (unsigned char *)&addr.inet.ip; + } else if (PR_NetAddrFamily(&addr) == PR_AF_INET6) { + len = sizeof(addr.ipv6.ip); + data = (unsigned char *)&addr.ipv6.ip; + } else { + fprintf(stderr, "Invalid IP Family\n"); + rv = SECFailure; + break; + } + current->name.other.data = PORT_ArenaAlloc(arena, len); + if (current->name.other.data == NULL) { + rv = SECFailure; + break; + } + current->name.other.len = len; + PORT_Memcpy(current->name.other.data,data, len); + break; + case certRegisterID: + rv = GetOidFromString(arena, &current->name.other, cp, strlen(cp)); + break; + case certOtherName: + oidString = cp; + cp = PORT_Strchr(cp,';'); + if (cp == NULL) { + rv = SECFailure; + fprintf(stderr, "missing name in other name\n"); + break; + } + *cp++ = 0; + current->name.OthName.name.data = + (unsigned char *) PORT_ArenaStrdup(arena,cp); + if (current->name.OthName.name.data == NULL) { + rv = SECFailure; + break; + } + current->name.OthName.name.len = PORT_Strlen(cp); + rv = GetOidFromString(arena, &current->name.OthName.oid, + oidString, strlen(oidString)); + break; + default: + rv = SECFailure; + fprintf(stderr, "Missing or invalid Subject Alternate Name type\n"); + break; + } + if (rv == SECFailure) { + break; + } + if (prev) { current->l.prev = prev; prev->next = &(current->l); } else { nameList = current; } - current->type = type; - current->name.other.data = (unsigned char *)tbuf; - current->name.other.len = PORT_Strlen(tbuf); prev = &(current->l); } + PORT_Free(names); /* at this point nameList points to the head of a doubly linked, * but not yet circular, list and current points to its tail. */ if (rv == SECSuccess && nameList) { @@ -749,6 +911,12 @@ AddDNSSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp, return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName); } +static SECStatus +AddGeneralSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp, + const char *altNames) +{ + return AddSubjectAltNames(arena, existingListp, altNames, 0); +} static SECStatus AddBasicConstraint(void *extHandle) @@ -1746,12 +1914,73 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert) return (rv); } +/* Example of valid input: + * 1.2.3.4:critical:/tmp/abc,5.6.7.8:not-critical:/tmp/xyz + */ +static SECStatus +parseNextGenericExt(const char *nextExtension, const char **oid, int *oidLen, + const char **crit, int *critLen, + const char **filename, int *filenameLen, + const char **next) +{ + const char *nextColon; + const char *nextComma; + const char *iter = nextExtension; + + if (!iter || !*iter) + return SECFailure; + + /* Require colons at earlier positions than nextComma (or end of string ) */ + nextComma = strchr(iter, ','); + + *oid = iter; + nextColon = strchr(iter, ':'); + if (!nextColon || (nextComma && nextColon > nextComma)) + return SECFailure; + *oidLen = (nextColon - *oid); + + if (!*oidLen) + return SECFailure; + + iter = nextColon; + ++iter; + + *crit = iter; + nextColon = strchr(iter, ':'); + if (!nextColon || (nextComma && nextColon > nextComma)) + return SECFailure; + *critLen = (nextColon - *crit); + + if (!*critLen) + return SECFailure; + + iter = nextColon; + ++iter; + + *filename = iter; + if (nextComma) { + *filenameLen = (nextComma - *filename); + iter = nextComma; + ++iter; + *next = iter; + } else { + *filenameLen = strlen(*filename); + *next = NULL; + } + + if (!*filenameLen) + return SECFailure; + + return SECSuccess; +} + SECStatus AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, - certutilExtnList extList) + certutilExtnList extList, const char *extGeneric) { SECStatus rv = SECSuccess; char *errstring = NULL; + const char *nextExtension = NULL; do { /* Add key usage extension */ @@ -1864,7 +2093,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, } } - if (emailAddrs || dnsNames) { + if (emailAddrs || dnsNames || extList[ext_subjectAltName].activated) { PLArenaPool *arena; CERTGeneralName *namelist = NULL; SECItem item = { 0, NULL, 0 }; @@ -1874,10 +2103,21 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, rv = SECFailure; break; } + + rv = SECSuccess; + + if (emailAddrs) { + rv |= AddEmailSubjectAlt(arena, &namelist, emailAddrs); + } - rv = AddEmailSubjectAlt(arena, &namelist, emailAddrs); + if (dnsNames) { + rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); + } - rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); + if (extList[ext_subjectAltName].activated) { + rv |= AddGeneralSubjectAlt(arena, &namelist, + extList[ext_subjectAltName].arg); + } if (rv == SECSuccess) { rv = CERT_EncodeAltNameExtension(arena, namelist, &item); @@ -1898,5 +2138,71 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, if (rv != SECSuccess) { SECU_PrintError(progName, "Problem creating %s extension", errstring); } + + nextExtension = extGeneric; + while (nextExtension && *nextExtension) { + SECItem oid_item, value; + PRBool isCritical; + const char *oid, *crit, *filename, *next; + int oidLen, critLen, filenameLen; + PRFileDesc *inFile = NULL; + char *zeroTerminatedFilename = NULL; + + rv = parseNextGenericExt(nextExtension, &oid, &oidLen, &crit, &critLen, + &filename, &filenameLen, &next); + if (rv!= SECSuccess) { + SECU_PrintError(progName, + "error parsing generic extension parameter %s", + nextExtension); + break; + } + oid_item.data = NULL; + oid_item.len = 0; + rv = GetOidFromString(NULL, &oid_item, oid, oidLen); + if (rv != SECSuccess) { + SECU_PrintError(progName, "malformed extension OID %s", nextExtension); + break; + } + if (!strncmp("critical", crit, critLen)) { + isCritical = PR_TRUE; + } else if (!strncmp("not-critical", crit, critLen)) { + isCritical = PR_FALSE; + } else { + rv = SECFailure; + SECU_PrintError(progName, "expected 'critical' or 'not-critical'"); + break; + } + zeroTerminatedFilename = PL_strndup(filename, filenameLen); + if (!zeroTerminatedFilename) { + rv = SECFailure; + SECU_PrintError(progName, "out of memory"); + break; + } + rv = SECFailure; + inFile = PR_Open(zeroTerminatedFilename, PR_RDONLY, 0); + if (inFile) { + rv = SECU_ReadDERFromFile(&value, inFile, PR_FALSE, PR_FALSE); + PR_Close(inFile); + inFile = NULL; + } + if (rv != SECSuccess) { + SECU_PrintError(progName, "unable to read file %s", + zeroTerminatedFilename); + } + PL_strfree(zeroTerminatedFilename); + if (rv != SECSuccess) { + break; + } + rv = CERT_AddExtensionByOID(extHandle, &oid_item, &value, isCritical, + PR_FALSE /*copyData*/); + if (rv != SECSuccess) { + SECITEM_FreeItem(&oid_item, PR_FALSE); + SECITEM_FreeItem(&value, PR_FALSE); + SECU_PrintError(progName, "failed to add extension %s", nextExtension); + break; + } + nextExtension = next; + } + return rv; } diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index c815693..b2f12f3 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -182,7 +182,7 @@ static SECStatus CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, const char *emailAddrs, const char *dnsNames, - certutilExtnList extnList, + certutilExtnList extnList, const char *extGeneric, /*out*/ SECItem *result) { CERTSubjectPublicKeyInfo *spki; @@ -220,7 +220,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, PORT_FreeArena (arena, PR_FALSE); return SECFailure; } - if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList) + if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric) != SECSuccess) { PORT_FreeArena (arena, PR_FALSE); return SECFailure; @@ -420,12 +420,65 @@ DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii) } static SECStatus -listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, - PRBool raw, PRBool ascii, PRFileDesc *outfile, void *pwarg) +outputCertOrExtension(CERTCertificate *the_cert, PRBool raw, PRBool ascii, + SECItem *extensionOID, PRFileDesc *outfile) { SECItem data; PRInt32 numBytes; SECStatus rv = SECFailure; + if (extensionOID) { + int i; + PRBool found = PR_FALSE; + for (i=0; the_cert->extensions[i] != NULL; i++) { + CERTCertExtension *extension = the_cert->extensions[i]; + if (SECITEM_CompareItem(&extension->id, extensionOID) == SECEqual) { + found = PR_TRUE; + numBytes = PR_Write(outfile, extension->value.data, + extension->value.len); + rv = SECSuccess; + if (numBytes != (PRInt32) extension->value.len) { + SECU_PrintSystemError(progName, "error writing extension"); + rv = SECFailure; + } + rv = SECSuccess; + break; + } + } + if (!found) { + SECU_PrintSystemError(progName, "extension not found"); + rv = SECFailure; + } + } else { + data.data = the_cert->derCert.data; + data.len = the_cert->derCert.len; + if (ascii) { + PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, + BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); + rv = SECSuccess; + } else if (raw) { + numBytes = PR_Write(outfile, data.data, data.len); + rv = SECSuccess; + if (numBytes != (PRInt32) data.len) { + SECU_PrintSystemError(progName, "error writing raw cert"); + rv = SECFailure; + } + } else { + rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL); + if (rv != SECSuccess) { + SECU_PrintError(progName, "problem printing certificate"); + } + } + } + return rv; +} + +static SECStatus +listCerts(CERTCertDBHandle *handle, char *name, char *email, + PK11SlotInfo *slot, PRBool raw, PRBool ascii, + SECItem *extensionOID, + PRFileDesc *outfile, void *pwarg) +{ + SECStatus rv = SECFailure; CERTCertList *certs; CERTCertListNode *node; @@ -461,34 +514,13 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, } for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) { - the_cert = node->cert; - /* now get the subjectList that matches this cert */ - data.data = the_cert->derCert.data; - data.len = the_cert->derCert.len; - if (ascii) { - PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); - rv = SECSuccess; - } else if (raw) { - numBytes = PR_Write(outfile, data.data, data.len); - if (numBytes != (PRInt32) data.len) { - SECU_PrintSystemError(progName, "error writing raw cert"); - rv = SECFailure; - } - rv = SECSuccess; - } else { - rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL); - if (rv != SECSuccess) { - SECU_PrintError(progName, "problem printing certificate"); - } - - } + rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID, + outfile); if (rv != SECSuccess) { break; } } } else if (email) { - CERTCertificate *the_cert; certs = PK11_FindCertsFromEmailAddress(email, NULL); if (!certs) { SECU_PrintError(progName, @@ -498,28 +530,8 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, } for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) { - the_cert = node->cert; - /* now get the subjectList that matches this cert */ - data.data = the_cert->derCert.data; - data.len = the_cert->derCert.len; - if (ascii) { - PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(data.data, data.len), - NS_CERT_TRAILER); - rv = SECSuccess; - } else if (raw) { - numBytes = PR_Write(outfile, data.data, data.len); - rv = SECSuccess; - if (numBytes != (PRInt32) data.len) { - SECU_PrintSystemError(progName, "error writing raw cert"); - rv = SECFailure; - } - } else { - rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL); - if (rv != SECSuccess) { - SECU_PrintError(progName, "problem printing certificate"); - } - } + rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID, + outfile); if (rv != SECSuccess) { break; } @@ -547,8 +559,9 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, static SECStatus ListCerts(CERTCertDBHandle *handle, char *nickname, char *email, - PK11SlotInfo *slot, PRBool raw, PRBool ascii, PRFileDesc *outfile, - secuPWData *pwdata) + PK11SlotInfo *slot, PRBool raw, PRBool ascii, + SECItem *extensionOID, + PRFileDesc *outfile, secuPWData *pwdata) { SECStatus rv; @@ -569,7 +582,8 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, char *email, CERT_DestroyCertList(list); return SECSuccess; } - rv = listCerts(handle, nickname, email, slot, raw, ascii, outfile, pwdata); + rv = listCerts(handle, nickname, email, slot, raw, ascii, + extensionOID, outfile, pwdata); return rv; } @@ -615,6 +629,15 @@ ValidateCert(CERTCertDBHandle *handle, char *name, char *date, case 'O': usage = certificateUsageStatusResponder; break; + case 'L': + usage = certificateUsageSSLCA; + break; + case 'A': + usage = certificateUsageAnyCA; + break; + case 'Y': + usage = certificateUsageVerifyCA; + break; case 'C': usage = certificateUsageSSLClient; break; @@ -968,7 +991,7 @@ PrintSyntax(char *progName) "\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n" "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n" "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n", @@ -976,7 +999,7 @@ PrintSyntax(char *progName) #else FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n", progName); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n"); FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n", progName); @@ -989,7 +1012,7 @@ PrintSyntax(char *progName) FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n"); FPS "\t%s -L [-n cert-name] [--email email-address] [-X] [-r] [-a]\n", progName); - FPS "\t\t [-d certdir] [-P dbprefix]\n"); + FPS "\t\t [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n"); FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName); @@ -1008,7 +1031,8 @@ PrintSyntax(char *progName) "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n" "\t\t [-8 DNS-names]\n" "\t\t [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA]\n" - "\t\t [--extSKID] [--extNC]\n", progName); + "\t\t [--extSKID] [--extNC] [--extSAN type:name[,type:name]...]\n" + "\t\t [--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...]\n", progName); FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName); exit(1); } @@ -1155,7 +1179,7 @@ static void luG(enum usage_level ul, const char *command) return; FPS "%-20s Name of token in which to generate key (default is internal)\n", " -h token-name"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", " -k key-type"); FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n", @@ -1165,7 +1189,7 @@ static void luG(enum usage_level ul, const char *command) " -k key-type"); FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n", " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n", " -y exp"); FPS "%-20s Specify the password file\n", @@ -1174,7 +1198,7 @@ static void luG(enum usage_level ul, const char *command) " -z noisefile"); FPS "%-20s read PQG value from pqgfile (dsa only)\n", " -q pqgfile"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Elliptic curve name (ec only)\n", " -q curve-name"); FPS "%-20s One of nistp256, nistp384, nistp521\n", ""); @@ -1286,7 +1310,7 @@ static void luK(enum usage_level ul, const char *command) " -h token-name "); FPS "%-20s Key type (\"all\" (default), \"dsa\"," -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC " \"ec\"," #endif " \"rsa\")\n", @@ -1308,7 +1332,7 @@ static void luL(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "L")); if (ul == usage_all || !command || is_my_command) - FPS "%-15s List all certs, or print out a single named cert\n", + FPS "%-15s List all certs, or print out a single named cert (or a subset)\n", "-L"); if (ul == usage_selected && !is_my_command) return; @@ -1327,6 +1351,9 @@ static void luL(enum usage_level ul, const char *command) " -r"); FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n", " -a"); + FPS "%-20s \n" + "%-20s For single cert, print binary DER encoding of extension OID\n", + " --dump-ext-val OID", ""); FPS "\n"); } @@ -1418,11 +1445,11 @@ static void luR(enum usage_level ul, const char *command) " -s subject"); FPS "%-20s Output the cert request to this file\n", " -o output-req"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", #else FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ " -k key-type-or-id"); FPS "%-20s or nickname of the cert key to use \n", ""); @@ -1432,12 +1459,12 @@ static void luR(enum usage_level ul, const char *command) " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); FPS "%-20s Name of file containing PQG parameters (dsa only)\n", " -q pqgfile"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Elliptic curve name (ec only)\n", " -q curve-name"); FPS "%-20s See the \"-G\" option for a full list of supported names.\n", ""); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ FPS "%-20s Specify the password file\n", " -f pwfile"); FPS "%-20s Key database directory (default is ~/.netscape)\n", @@ -1472,6 +1499,9 @@ static void luV(enum usage_level ul, const char *command) FPS "%-20s Specify certificate usage:\n", " -u certusage"); FPS "%-25s C \t SSL Client\n", ""); FPS "%-25s V \t SSL Server\n", ""); + FPS "%-25s L \t SSL CA\n", ""); + FPS "%-25s A \t Any CA\n", ""); + FPS "%-25s Y \t Verify CA\n", ""); FPS "%-25s S \t Email signer\n", ""); FPS "%-25s R \t Email Recipient\n", ""); FPS "%-25s O \t OCSP status responder\n", ""); @@ -1570,11 +1600,11 @@ static void luS(enum usage_level ul, const char *command) " -c issuer-name"); FPS "%-20s Set the certificate trust attributes (see -A above)\n", " -t trustargs"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", #else FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ " -k key-type-or-id"); FPS "%-20s Name of token in which to generate key (default is internal)\n", " -h token-name"); @@ -1582,12 +1612,12 @@ static void luS(enum usage_level ul, const char *command) " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); FPS "%-20s Name of file containing PQG parameters (dsa only)\n", " -q pqgfile"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC FPS "%-20s Elliptic curve name (ec only)\n", " -q curve-name"); FPS "%-20s See the \"-G\" option for a full list of supported names.\n", ""); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ FPS "%-20s Self sign\n", " -x"); FPS "%-20s Cert serial number\n", @@ -1638,6 +1668,18 @@ static void luS(enum usage_level ul, const char *command) " See -G for available key flag options"); FPS "%-20s Create a name constraints extension\n", " --extNC "); + FPS "%-20s \n" + "%-20s Create a Subject Alt Name extension with one or multiple names\n", + " --extSAN type:name[,type:name]...", ""); + FPS "%-20s - type: directory, dn, dns, edi, ediparty, email, ip, ipaddr,\n", ""); + FPS "%-20s other, registerid, rfc822, uri, x400, x400addr\n", ""); + FPS "%-20s \n" + "%-20s Add one or multiple extensions that certutil cannot encode yet,\n" + "%-20s by loading their encodings from external files.\n", + " --extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...", "", ""); + FPS "%-20s - OID (example): 1.2.3.4\n", ""); + FPS "%-20s - critical-flag: critical or not-critical\n", ""); + FPS "%-20s - filename: full path to a file containing an encoded extension\n", ""); FPS "\n"); } @@ -1736,7 +1778,8 @@ MakeV1Cert( CERTCertDBHandle * handle, static SECStatus SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, SECOidTag hashAlgTag, - SECKEYPrivateKey *privKey, char *issuerNickName, void *pwarg) + SECKEYPrivateKey *privKey, char *issuerNickName, + int certVersion, void *pwarg) { SECItem der; SECKEYPrivateKey *caPrivateKey = NULL; @@ -1776,9 +1819,23 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, goto done; } - /* we only deal with cert v3 here */ - *(cert->version.data) = 2; - cert->version.len = 1; + switch(certVersion) { + case (SEC_CERTIFICATE_VERSION_1): + /* The initial version for x509 certificates is version one + * and this default value must be an implicit DER encoding. */ + cert->version.data = NULL; + cert->version.len = 0; + break; + case (SEC_CERTIFICATE_VERSION_2): + case (SEC_CERTIFICATE_VERSION_3): + case 3: /* unspecified format (would be version 4 certificate). */ + *(cert->version.data) = certVersion; + cert->version.len = 1; + break; + default: + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } der.len = 0; der.data = NULL; @@ -1821,6 +1878,8 @@ CreateCert( PRBool ascii, PRBool selfsign, certutilExtnList extnList, + const char *extGeneric, + int certVersion, SECItem * certDER) { void * extHandle; @@ -1848,7 +1907,7 @@ CreateCert( GEN_BREAK (SECFailure) } - rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList); + rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric); if (rv != SECSuccess) { GEN_BREAK (SECFailure) } @@ -1880,7 +1939,8 @@ CreateCert( } rv = SignCert(handle, subjectCert, selfsign, hashAlgTag, - *selfsignprivkey, issuerNickName, pwarg); + *selfsignprivkey, issuerNickName, + certVersion, pwarg); if (rv != SECSuccess) break; @@ -2194,6 +2254,10 @@ enum certutilOpts { opt_KeyOpFlagsOff, opt_KeyAttrFlags, opt_EmptyPassword, + opt_CertVersion, + opt_AddSubjectAltNameExt, + opt_DumpExtensionValue, + opt_GenericExtensions, opt_Help }; @@ -2303,6 +2367,13 @@ secuCommandFlag options_init[] = "keyAttrFlags"}, { /* opt_EmptyPassword */ 0, PR_FALSE, 0, PR_FALSE, "empty-password"}, + { /* opt_CertVersion */ 0, PR_FALSE, 0, PR_FALSE, + "certVersion"}, + { /* opt_AddSubjectAltExt */ 0, PR_TRUE, 0, PR_FALSE, "extSAN"}, + { /* opt_DumpExtensionValue */ 0, PR_TRUE, 0, PR_FALSE, + "dump-ext-val"}, + { /* opt_GenericExtensions */ 0, PR_TRUE, 0, PR_FALSE, + "extGeneric"}, }; #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0])) @@ -2341,6 +2412,7 @@ certutil_main(int argc, char **argv, PRBool initialize) SECOidTag hashAlgTag = SEC_OID_UNKNOWN; int keysize = DEFAULT_KEY_BITS; int publicExponent = 0x010001; + int certVersion = SEC_CERTIFICATE_VERSION_3; unsigned int serialNumber = 0; int warpmonths = 0; int validityMonths = 3; @@ -2427,12 +2499,12 @@ certutil_main(int argc, char **argv, PRBool initialize) progName, MIN_KEY_BITS, MAX_KEY_BITS); return 255; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (keytype == ecKey) { PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName); return 255; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } @@ -2462,10 +2534,10 @@ certutil_main(int argc, char **argv, PRBool initialize) keytype = rsaKey; } else if (PL_strcmp(arg, "dsa") == 0) { keytype = dsaKey; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC } else if (PL_strcmp(arg, "ec") == 0) { keytype = ecKey; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } else if (PL_strcmp(arg, "all") == 0) { keytype = nullKey; } else { @@ -2518,7 +2590,7 @@ certutil_main(int argc, char **argv, PRBool initialize) /* -q PQG file or curve name */ if (certutil.options[opt_PQGFile].activated) { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if ((keytype != dsaKey) && (keytype != ecKey)) { PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \ " (-k dsa) or a named curve for EC keys (-k ec)\n)", @@ -2527,7 +2599,7 @@ certutil_main(int argc, char **argv, PRBool initialize) if (keytype != dsaKey) { PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)", progName); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return 255; } } @@ -2569,6 +2641,19 @@ certutil_main(int argc, char **argv, PRBool initialize) } } + /* --certVersion */ + if (certutil.options[opt_CertVersion].activated) { + certVersion = PORT_Atoi(certutil.options[opt_CertVersion].arg); + if (certVersion < 1 || certVersion > 4) { + PR_fprintf(PR_STDERR, "%s -certVersion: incorrect certificate version %d.", + progName, certVersion); + PR_fprintf(PR_STDERR, "Must be 1, 2, 3 or 4.\n"); + return 255; + } + certVersion = certVersion - 1; + } + + /* Check number of commands entered. */ commandsEntered = 0; for (i=0; i< certutil.numCommands; i++) { @@ -2629,9 +2714,10 @@ certutil_main(int argc, char **argv, PRBool initialize) return 255; } - /* if -L is given raw or ascii mode, it must be for only one cert. */ + /* if -L is given raw, ascii or dump mode, it must be for only one cert. */ if (certutil.commands[cmd_ListCerts].activated && (certutil.options[opt_ASCIIForIO].activated || + certutil.options[opt_DumpExtensionValue].activated || certutil.options[opt_BinaryDER].activated) && !certutil.options[opt_Nickname].activated) { PR_fprintf(PR_STDERR, @@ -2951,10 +3037,29 @@ merge_fail: /* List certs (-L) */ if (certutil.commands[cmd_ListCerts].activated) { - rv = ListCerts(certHandle, name, email, slot, - certutil.options[opt_BinaryDER].activated, - certutil.options[opt_ASCIIForIO].activated, - outFile, &pwdata); + if (certutil.options[opt_DumpExtensionValue].activated) { + const char *oid_str; + SECItem oid_item; + SECStatus srv; + oid_item.data = NULL; + oid_item.len = 0; + oid_str = certutil.options[opt_DumpExtensionValue].arg; + srv = GetOidFromString(NULL, &oid_item, oid_str, strlen(oid_str)); + if (srv != SECSuccess) { + SECU_PrintError(progName, "malformed extension OID %s", + oid_str); + goto shutdown; + } + rv = ListCerts(certHandle, name, email, slot, + PR_TRUE /*binary*/, PR_FALSE /*ascii*/, + &oid_item, + outFile, &pwdata); + } else { + rv = ListCerts(certHandle, name, email, slot, + certutil.options[opt_BinaryDER].activated, + certutil.options[opt_ASCIIForIO].activated, + NULL, outFile, &pwdata); + } goto shutdown; } if (certutil.commands[cmd_DumpChain].activated) { @@ -3145,6 +3250,12 @@ merge_fail: certutil_extns[ext_extKeyUsage].arg = certutil.options[opt_AddCmdExtKeyUsageExt].arg; } + certutil_extns[ext_subjectAltName].activated = + certutil.options[opt_AddSubjectAltNameExt].activated; + if (certutil_extns[ext_subjectAltName].activated) { + certutil_extns[ext_subjectAltName].arg = + certutil.options[opt_AddSubjectAltNameExt].arg; + } certutil_extns[ext_authInfoAcc].activated = certutil.options[opt_AddAuthInfoAccExt].activated; @@ -3184,6 +3295,8 @@ merge_fail: certutil.options[opt_ExtendedEmailAddrs].arg, certutil.options[opt_ExtendedDNSNames].arg, certutil_extns, + (certutil.options[opt_GenericExtensions].activated ? + certutil.options[opt_GenericExtensions].arg : NULL), &certReqDER); if (rv) goto shutdown; @@ -3206,6 +3319,8 @@ merge_fail: NULL, NULL, nullextnlist, + (certutil.options[opt_GenericExtensions].activated ? + certutil.options[opt_GenericExtensions].arg : NULL), &certReqDER); if (rv) goto shutdown; @@ -3225,6 +3340,9 @@ merge_fail: certutil.commands[cmd_CreateNewCert].activated, certutil.options[opt_SelfSign].activated, certutil_extns, + (certutil.options[opt_GenericExtensions].activated ? + certutil.options[opt_GenericExtensions].arg : NULL), + certVersion, &certDER); if (rv) goto shutdown; diff --git a/security/nss/cmd/certutil/certutil.h b/security/nss/cmd/certutil/certutil.h index d4388fc..9286649 100644 --- a/security/nss/cmd/certutil/certutil.h +++ b/security/nss/cmd/certutil/certutil.h @@ -35,6 +35,7 @@ enum certutilExtns { ext_inhibitAnyPolicy, ext_subjectKeyID, ext_nameConstraints, + ext_subjectAltName, ext_End }; @@ -47,7 +48,11 @@ typedef ExtensionEntry certutilExtnList[ext_End]; extern SECStatus AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, - certutilExtnList extList); + certutilExtnList extList, const char *extGeneric); + +extern SECStatus +GetOidFromString(PLArenaPool *arena, SECItem *to, + const char *from, size_t fromLen); #endif /* _CERTUTIL_H */ diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c index 48d784b..2665dd4 100644 --- a/security/nss/cmd/certutil/keystuff.c +++ b/security/nss/cmd/certutil/keystuff.c @@ -356,7 +356,7 @@ CERTUTIL_FileForRNG(const char *noise) return SECSuccess; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC typedef struct curveNameTagPairStr { char *curveName; SECOidTag curveOidTag; @@ -484,7 +484,7 @@ getECParams(const char *curve) return ecparams; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SECKEYPrivateKey * CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, @@ -545,14 +545,14 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, params = (void *)&default_pqg_params; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: mechanism = CKM_EC_KEY_PAIR_GEN; /* For EC keys, PQGFile determines EC parameters */ if ((params = (void *) getECParams(pqgFile)) == NULL) return NULL; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: return NULL; } @@ -567,7 +567,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, switch (keytype) { case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break; #endif default: /* nothing to free */ break; diff --git a/security/nss/cmd/fipstest/fipstest.c b/security/nss/cmd/fipstest/fipstest.c index f921c9a..cdd6b1a 100644 --- a/security/nss/cmd/fipstest/fipstest.c +++ b/security/nss/cmd/fipstest/fipstest.c @@ -22,7 +22,7 @@ #include "../../lib/freebl/mpi/mpi.h" #endif -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern SECStatus EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams); extern SECStatus @@ -1849,7 +1849,7 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp) return (c == EOF) ? -1 : ignore; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC typedef struct curveNameTagPairStr { char *curveName; SECOidTag curveOidTag; @@ -2530,7 +2530,7 @@ loser: } fclose(ecdsareq); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* @@ -5327,7 +5327,7 @@ int main(int argc, char **argv) /* Signature Verification Test */ dsa_sigver_test(argv[3]); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /*************/ /* ECDSA */ /*************/ @@ -5346,7 +5346,7 @@ int main(int argc, char **argv) /* Signature Verification Test */ ecdsa_sigver_test(argv[3]); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /*************/ /* RNG */ /*************/ diff --git a/security/nss/cmd/httpserv/httpserv.c b/security/nss/cmd/httpserv/httpserv.c index 6f37e42..875b62b 100644 --- a/security/nss/cmd/httpserv/httpserv.c +++ b/security/nss/cmd/httpserv/httpserv.c @@ -1312,8 +1312,10 @@ main(int argc, char **argv) inFile = PR_Open(revoInfo->crlFilename, PR_RDONLY, 0); if (inFile) { rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); + PR_Close(inFile); + inFile = NULL; } - if (!inFile || rv != SECSuccess) { + if (rv != SECSuccess) { fprintf(stderr, "unable to read crl file %s\n", revoInfo->crlFilename); exit(1); diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 652f2eb..0767be9 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -52,6 +52,19 @@ static char consoleName[] = { #include "ssl.h" #include "sslproto.h" +static PRBool utf8DisplayEnabled = PR_FALSE; + +void +SECU_EnableUtf8Display(PRBool enable) +{ + utf8DisplayEnabled = enable; +} + +PRBool +SECU_GetUtf8DisplayEnabled(void) +{ + return utf8DisplayEnabled; +} static void secu_ClearPassword(char *p) @@ -609,12 +622,22 @@ secu_PrintRawStringQuotesOptional(FILE *out, SECItem *si, const char *m, for (i = 0; i < si->len; i++) { unsigned char val = si->data[i]; + unsigned char c; if (SECU_GetWrapEnabled() && column > 76) { SECU_Newline(out); SECU_Indent(out, level); column = level*INDENT_MULT; } - fprintf(out,"%c", printable[val]); column++; + if (utf8DisplayEnabled) { + if (val < 32) + c = '.'; + else + c = val; + } else { + c = printable[val]; + } + fprintf(out,"%c", c); + column++; } if (quotes) { @@ -1364,7 +1387,7 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level) } } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static void secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) { @@ -1382,7 +1405,7 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) SECU_PrintObjectID(out, &curveOID, "Curve", level +1); } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ void SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) @@ -1426,7 +1449,7 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: secu_PrintECPublicKey(out, pk, "EC Public Key", level +1); break; @@ -2441,19 +2464,19 @@ loser: int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level) { - unsigned char fingerprint[20]; + unsigned char fingerprint[SHA256_LENGTH]; char *fpStr = NULL; int err = PORT_GetError(); SECStatus rv; SECItem fpItem; - /* print MD5 fingerprint */ + /* Print SHA-256 fingerprint */ memset(fingerprint, 0, sizeof fingerprint); - rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len); + rv = PK11_HashBuf(SEC_OID_SHA256, fingerprint, derCert->data, derCert->len); fpItem.data = fingerprint; - fpItem.len = MD5_LENGTH; + fpItem.len = SHA256_LENGTH; fpStr = CERT_Hexify(&fpItem, 1); - SECU_Indent(out, level); fprintf(out, "%s (MD5):", m); + SECU_Indent(out, level); fprintf(out, "%s (SHA-256):", m); if (SECU_GetWrapEnabled()) { fprintf(out, "\n"); SECU_Indent(out, level+1); diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h index 71a7f59..2a29991 100644 --- a/security/nss/cmd/lib/secutil.h +++ b/security/nss/cmd/lib/secutil.h @@ -139,6 +139,9 @@ SECU_GetClientAuthData(void *arg, PRFileDesc *fd, extern PRBool SECU_GetWrapEnabled(void); extern void SECU_EnableWrap(PRBool enable); +extern PRBool SECU_GetUtf8DisplayEnabled(void); +extern void SECU_EnableUtf8Display(PRBool enable); + /* revalidate the cert and print information about cert verification * failure at time == now */ extern void diff --git a/security/nss/cmd/libpkix/pkix/params/test_buildparams.c b/security/nss/cmd/libpkix/pkix/params/test_buildparams.c deleted file mode 100644 index 5584384..0000000 --- a/security/nss/cmd/libpkix/pkix/params/test_buildparams.c +++ /dev/null @@ -1,179 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* - * test_buildparams.c - * - * Test BuildParams Type - * - */ - -#include "testutil.h" -#include "testutil_nss.h" - -static void *plContext = NULL; - -static void -testDestroy(void *goodObject, void *equalObject, void *diffObject) -{ - PKIX_TEST_STD_VARS(); - - subTest("PKIX_BuildParams_Destroy"); - - PKIX_TEST_DECREF_BC(goodObject); - PKIX_TEST_DECREF_BC(equalObject); - PKIX_TEST_DECREF_BC(diffObject); - -cleanup: - - PKIX_TEST_RETURN(); - -} - -static -void testGetProcParams( - PKIX_BuildParams *goodObject, - PKIX_BuildParams *equalObject){ - - PKIX_ProcessingParams *goodProcParams = NULL; - PKIX_ProcessingParams *equalProcParams = NULL; - - PKIX_TEST_STD_VARS(); - subTest("PKIX_BuildParams_GetProcessingParams"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildParams_GetProcessingParams - (goodObject, &goodProcParams, NULL)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildParams_GetProcessingParams - (equalObject, &equalProcParams, NULL)); - - testEqualsHelper - ((PKIX_PL_Object *)goodProcParams, - (PKIX_PL_Object *)equalProcParams, - PKIX_TRUE, - plContext); - -cleanup: - - PKIX_TEST_DECREF_AC(goodProcParams); - PKIX_TEST_DECREF_AC(equalProcParams); - - PKIX_TEST_RETURN(); -} - -static -void printUsage(char *pName){ - printf("\nUSAGE: %s <central-data-dir>\n\n", pName); -} - -int test_buildparams(int argc, char *argv[]) { - - PKIX_BuildParams *goodObject = NULL; - PKIX_BuildParams *equalObject = NULL; - PKIX_BuildParams *diffObject = NULL; - PKIX_UInt32 actualMinorVersion; - PKIX_UInt32 j = 0; - - char *dataCentralDir = NULL; - char *goodInput = "yassir2yassir"; - char *diffInput = "yassir2bcn"; - - char *expectedAscii = - "[\n" - "\tProcessing Params: \n" - "\t********BEGIN PROCESSING PARAMS********\n" - "\t\t" - "[\n" - "\tTrust Anchors: \n" - "\t********BEGIN LIST OF TRUST ANCHORS********\n" - "\t\t" -"([\n" - "\tTrusted CA Name: " - "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" - "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" - "\tInitial Name Constraints:(null)\n" - "]\n" - ", [\n" - "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n" - "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" - "\tInitial Name Constraints:(null)\n" - "]\n" - ")\n" - "\t********END LIST OF TRUST ANCHORS********\n" - "\tDate: \t\t(null)\n" - "\tTarget Constraints: (null)\n" - "\tInitial Policies: (null)\n" - "\tQualifiers Rejected: FALSE\n" - "\tCert Stores: (EMPTY)\n" - "\tResource Limits: (null)\n" - "\tCRL Checking Enabled: 0\n" - "]\n" - "\n" - "\t********END PROCESSING PARAMS********\n" - "]\n"; - - PKIX_TEST_STD_VARS(); - - startTests("BuildParams"); - - PKIX_TEST_EXPECT_NO_ERROR( - PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); - - if (argc < 2){ - printUsage(argv[0]); - return (0); - } - - dataCentralDir = argv[j+1]; - - subTest("PKIX_BuildParams_Create"); - - goodObject = createBuildParams - (dataCentralDir, - goodInput, - diffInput, - NULL, - NULL, - PKIX_FALSE, - plContext); - - equalObject = createBuildParams - (dataCentralDir, - goodInput, - diffInput, - NULL, - NULL, - PKIX_FALSE, - plContext); - - diffObject = createBuildParams - (dataCentralDir, - diffInput, - goodInput, - NULL, - NULL, - PKIX_FALSE, - plContext); - - testGetProcParams(goodObject, equalObject); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodObject, - equalObject, - diffObject, - expectedAscii, - BuildParams, - PKIX_FALSE); - - testDestroy(goodObject, equalObject, diffObject); - -cleanup: - - PKIX_Shutdown(plContext); - - PKIX_TEST_RETURN(); - - endTests("BuildParams"); - - return (0); -} diff --git a/security/nss/cmd/libpkix/pkixutil/pkixutil.c b/security/nss/cmd/libpkix/pkixutil/pkixutil.c index 4d10804..0cd832a 100644 --- a/security/nss/cmd/libpkix/pkixutil/pkixutil.c +++ b/security/nss/cmd/libpkix/pkixutil/pkixutil.c @@ -26,8 +26,6 @@ extern int test_certchainchecker(int argc, char *argv[]); extern int test_comcrlselparams(int argc, char *argv[]); extern int test_crlselector(int argc, char *argv[]); -/* This test fails to build. Need to fix */ -/* extern int test_buildparams(int argc, char *argv[]); */ extern int test_procparams(int argc, char *argv[]); extern int test_resourcelimits(int argc, char *argv[]); extern int test_trustanchor(int argc, char *argv[]); @@ -104,7 +102,6 @@ testFunctionRef testFnRefTable[] = { {"test_certchainchecker", test_certchainchecker}, {"test_comcrlselparams", test_comcrlselparams}, {"test_crlselector", test_crlselector}, -/* {"test_buildparams", test_buildparams}*/ {"test_procparams", test_procparams}, {"test_resourcelimits", test_resourcelimits}, {"test_trustanchor", test_trustanchor}, diff --git a/security/nss/cmd/modutil/install.c b/security/nss/cmd/modutil/install.c index 0665608..839cf40 100644 --- a/security/nss/cmd/modutil/install.c +++ b/security/nss/cmd/modutil/install.c @@ -777,7 +777,7 @@ loser: if(tempname) { PRFileInfo info; if(PR_GetFileInfo(tempname, &info) == PR_SUCCESS) { - if((info.type == PR_FILE_DIRECTORY)) { + if(info.type == PR_FILE_DIRECTORY) { /* Recursively remove temporary directory */ if(rm_dash_r(tempname)) { error(PK11_INSTALL_REMOVE_DIR, diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c index 2cc9a13..ba07bba 100644 --- a/security/nss/cmd/modutil/modutil.c +++ b/security/nss/cmd/modutil/modutil.c @@ -832,6 +832,11 @@ main(int argc, char *argv[]) goto loser; } + errcode = LoadMechanismList(); + if (errcode != SUCCESS) { + goto loser; + } + /* Execute the command */ switch(command) { case ADD_COMMAND: diff --git a/security/nss/cmd/modutil/modutil.h b/security/nss/cmd/modutil/modutil.h index 2505f2e..529d60e 100644 --- a/security/nss/cmd/modutil/modutil.h +++ b/security/nss/cmd/modutil/modutil.h @@ -6,20 +6,22 @@ #define MODUTIL_H #include <stdio.h> +#include <string.h> + #include <prio.h> #include <prprf.h> #include <prinit.h> +#include <prlock.h> #include <prmem.h> #include <plarena.h> -#include <string.h> -#include <seccomon.h> -#include <secmod.h> -#include <secutil.h> -#include <prlock.h> +#include "seccomon.h" +#include "secmod.h" +#include "secutil.h" #include "error.h" +Error LoadMechanismList(void); Error FipsMode(char *arg); Error ChkFipsMode(char *arg); Error AddModule(char *moduleName, char *libFile, char *ciphers, diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c index fc3e722..d630e4e 100644 --- a/security/nss/cmd/modutil/pk11.c +++ b/security/nss/cmd/modutil/pk11.c @@ -2,17 +2,13 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* To edit this file, set TABSTOPS to 4 spaces. - * This is not the normal NSS convention. +/* To edit this file, set TABSTOPS to 4 spaces. + * This is not the normal NSS convention. */ #include "modutil.h" -/* #include "secmodti.h" */ #include "pk11func.h" -static PK11DefaultArrayEntry *pk11_DefaultArray = NULL; -static int pk11_DefaultArraySize = 0; - /************************************************************************* * * F i p s M o d e @@ -110,32 +106,9 @@ ChkFipsMode(char *arg) typedef struct { const char *name; - const unsigned long mask; + unsigned long mask; } MaskString; -static const MaskString mechanismStrings[] = { - {"RSA", PUBLIC_MECH_RSA_FLAG}, - {"DSA", PUBLIC_MECH_DSA_FLAG}, - {"RC2", PUBLIC_MECH_RC2_FLAG}, - {"RC4", PUBLIC_MECH_RC4_FLAG}, - {"RC5", PUBLIC_MECH_RC5_FLAG}, - {"DES", PUBLIC_MECH_DES_FLAG}, - {"DH", PUBLIC_MECH_DH_FLAG}, - {"FORTEZZA", PUBLIC_MECH_FORTEZZA_FLAG}, - {"SHA1", PUBLIC_MECH_SHA1_FLAG}, - {"MD5", PUBLIC_MECH_MD5_FLAG}, - {"MD2", PUBLIC_MECH_MD2_FLAG}, - {"SSL", PUBLIC_MECH_SSL_FLAG}, - {"TLS", PUBLIC_MECH_TLS_FLAG}, - {"AES", PUBLIC_MECH_AES_FLAG}, - {"CAMELLIA", PUBLIC_MECH_CAMELLIA_FLAG}, - {"SHA256", PUBLIC_MECH_SHA256_FLAG}, - {"SHA512", PUBLIC_MECH_SHA512_FLAG}, - {"RANDOM", PUBLIC_MECH_RANDOM_FLAG}, - {"FRIENDLY", PUBLIC_MECH_FRIENDLY_FLAG} -}; -static const int numMechanismStrings = - sizeof(mechanismStrings) / sizeof(mechanismStrings[0]); static const MaskString cipherStrings[] = { {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG} @@ -143,10 +116,68 @@ static const MaskString cipherStrings[] = { static const int numCipherStrings = sizeof(cipherStrings) / sizeof(cipherStrings[0]); -/* Maximum length of a colon-separated list of all the strings in an +/* Initialized by LoadMechanismList */ +static MaskString *mechanismStrings = NULL; +static int numMechanismStrings = 0; +const static PK11DefaultArrayEntry *pk11_DefaultArray = NULL; +static int pk11_DefaultArraySize = 0; + +/* Maximum length of a colon-separated list of all the strings in an * array. */ #define MAX_STRING_LIST_LEN 240 /* or less */ + +Error +LoadMechanismList(void) +{ + int i; + + if (pk11_DefaultArray == NULL) { + pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); + if (pk11_DefaultArray == NULL) { + /* should assert. This shouldn't happen */ + return UNSPECIFIED_ERR; + } + } + if (mechanismStrings != NULL) { + return SUCCESS; + } + + /* build the mechanismStrings array */ + mechanismStrings = PORT_NewArray(MaskString, pk11_DefaultArraySize); + if (mechanismStrings == NULL) { + return OUT_OF_MEM_ERR; + } + numMechanismStrings = pk11_DefaultArraySize; + for (i = 0; i < numMechanismStrings; i++) { + const char *name = pk11_DefaultArray[i].name; + unsigned long flag = pk11_DefaultArray[i].flag; + /* map new name to old */ + switch (flag) { + case SECMOD_FORTEZZA_FLAG: + name = "FORTEZZA"; + break; + case SECMOD_SHA1_FLAG: + name = "SHA1"; + break; + case SECMOD_CAMELLIA_FLAG: + name = "CAMELLIA"; + break; + case SECMOD_RANDOM_FLAG: + name = "RANDOM"; + break; + case SECMOD_FRIENDLY_FLAG: + name = "FRIENDLY"; + break; + default: + break; + } + mechanismStrings[i].name = name; + mechanismStrings[i].mask = SECMOD_InternaltoPubMechFlags(flag); + } + return SUCCESS; +} + /************************************************************************ * * g e t F l a g s F r o m S t r i n g @@ -816,14 +847,6 @@ SetDefaultModule(char *moduleName, char *slotName, char *mechanisms) PRBool found = PR_FALSE; Error errcode = UNSPECIFIED_ERR; - if (pk11_DefaultArray == NULL) { - pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); - if (pk11_DefaultArray == NULL) { - /* should assert. This shouldn't happen */ - goto loser; - } - } - mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); module = SECMOD_FindModule(moduleName); @@ -894,15 +917,6 @@ UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms) PRBool found = PR_FALSE; Error rv; - if (pk11_DefaultArray == NULL) { - pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); - if (pk11_DefaultArray == NULL) { - /* should assert. This shouldn't happen */ - rv = UNSPECIFIED_ERR; - goto loser; - } - } - mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); module = SECMOD_FindModule(moduleName); diff --git a/security/nss/cmd/platlibs.mk b/security/nss/cmd/platlibs.mk index 0f07910..833952a 100644 --- a/security/nss/cmd/platlibs.mk +++ b/security/nss/cmd/platlibs.mk @@ -146,10 +146,6 @@ EXTRA_SHARED_LIBS += \ $(NULL) endif -ifeq ($(OS_TARGET), SunOS) -OS_LIBS += -lbsm -endif - else # USE_STATIC_LIBS # can't do this in manifest.mn because OS_ARCH isn't defined there. ifeq ($(OS_ARCH), WINNT) diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c index c97b3e7..a739a91 100644 --- a/security/nss/cmd/pp/pp.c +++ b/security/nss/cmd/pp/pp.c @@ -22,22 +22,27 @@ extern int fprintf(FILE *, char *, ...); static void Usage(char *progName) { fprintf(stderr, - "Usage: %s -t type [-a] [-i input] [-o output] [-w]\n", + "Usage: %s [-t type] [-a] [-i input] [-o output] [-w] [-u]\n", progName); - fprintf(stderr, "%-20s Specify the input type (must be one of %s,\n", + fprintf(stderr, "Pretty prints a file containing ASN.1 data in DER or ascii format.\n"); + fprintf(stderr, "%-14s Specify input and display type: %s (sk),\n", "-t type", SEC_CT_PRIVATE_KEY); - fprintf(stderr, "%-20s %s, %s, %s,\n", "", SEC_CT_PUBLIC_KEY, + fprintf(stderr, "%-14s %s (pk), %s (c), %s (cr),\n", "", SEC_CT_PUBLIC_KEY, SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST); - fprintf(stderr, "%-20s %s, %s, %s or %s)\n", "", SEC_CT_CERTIFICATE_ID, + fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID, SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); - fprintf(stderr, "%-20s Input is in ascii encoded form (RFC1113)\n", + fprintf(stderr, "%-14s (Use either the long type name or the shortcut.)\n", "", SEC_CT_CERTIFICATE_ID, + SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); + fprintf(stderr, "%-14s Input is in ascii encoded form (RFC1113)\n", "-a"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", + fprintf(stderr, "%-14s Define an input file to use (default is stdin)\n", "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", + fprintf(stderr, "%-14s Define an output file to use (default is stdout)\n", "-o output"); - fprintf(stderr, "%-20s Don't wrap long output lines\n", + fprintf(stderr, "%-14s Don't wrap long output lines\n", "-w"); + fprintf(stderr, "%-14s Use UTF-8 (default is to show non-ascii as .)\n", + "-u"); exit(-1); } @@ -59,7 +64,7 @@ int main(int argc, char **argv) inFile = 0; outFile = 0; typeTag = 0; - optstate = PL_CreateOptState(argc, argv, "at:i:o:w"); + optstate = PL_CreateOptState(argc, argv, "at:i:o:uw"); while ( PL_GetNextOpt(optstate) == PL_OPT_OK ) { switch (optstate->option) { case '?': @@ -92,6 +97,10 @@ int main(int argc, char **argv) typeTag = strdup(optstate->value); break; + case 'u': + SECU_EnableUtf8Display(PR_TRUE); + break; + case 'w': wrap = PR_FALSE; break; @@ -125,27 +134,34 @@ int main(int argc, char **argv) SECU_EnableWrap(wrap); /* Pretty print it */ - if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) { + if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 || + PORT_Strcmp(typeTag, "c") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0, SECU_PrintCertificate); - } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 || + PORT_Strcmp(typeTag, "ci") == 0) { rv = SECU_PrintSignedContent(outFile, &data, 0, 0, SECU_PrintDumpDerIssuerAndSerial); - } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0 || + PORT_Strcmp(typeTag, "cr") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0, SECU_PrintCertificateRequest); - } else if (PORT_Strcmp (typeTag, SEC_CT_CRL) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_CRL) == 0) { rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl); #ifdef HAVE_EPV_TEMPLATE - } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0 || + PORT_Strcmp(typeTag, "sk") == 0) { rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0); #endif - } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0 || + PORT_Strcmp (typeTag, "pk") == 0) { rv = SECU_PrintSubjectPublicKeyInfo(outFile, &data, "Public Key", 0); - } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0 || + PORT_Strcmp (typeTag, "p7") == 0) { rv = SECU_PrintPKCS7ContentInfo(outFile, &data, "PKCS #7 Content Info", 0); - } else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0 || + PORT_Strcmp (typeTag, "n") == 0) { rv = SECU_PrintDERName(outFile, &data, "Name", 0); } else { fprintf(stderr, "%s: don't know how to print out '%s' files\n", diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c index 11f3015..d87f0de 100644 --- a/security/nss/cmd/selfserv/selfserv.c +++ b/security/nss/cmd/selfserv/selfserv.c @@ -107,30 +107,30 @@ const int ssl2CipherSuites[] = { const int ssl3CipherSuites[] = { -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + TLS_RSA_WITH_RC4_128_MD5, /* c */ + TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + TLS_RSA_WITH_DES_CBC_SHA, /* e */ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */ - SSL_RSA_WITH_NULL_MD5, /* i */ + TLS_RSA_WITH_NULL_MD5, /* i */ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ + TLS_RSA_WITH_RC4_128_SHA, /* n */ -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, * o */ - -1, /* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */ - -1, /* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */ - -1, /* SSL_DHE_RSA_WITH_DES_CBC_SHA, * r */ - -1, /* SSL_DHE_DSS_WITH_DES_CBC_SHA, * s */ + -1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */ + -1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */ + -1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA, * r */ + -1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA, * s */ -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA, * t */ -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA, * u */ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA, * w */ -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA, * x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ + TLS_RSA_WITH_NULL_SHA, /* z */ 0 }; @@ -160,11 +160,11 @@ PrintUsageHeader(const char *progName) " [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n" " [-V [min-version]:[max-version]] [-a sni_name]\n" " [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC " [-C SSLCacheEntries] [-e ec_nickname]\n" #else " [-C SSLCacheEntries]\n" -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ ,progName); } @@ -1932,9 +1932,9 @@ server_main( * would like it to be. Turn this cipher on. */ - secStatus = SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE); + secStatus = SSL_CipherPrefSetDefault( TLS_RSA_WITH_NULL_MD5, PR_TRUE); if ( secStatus != SECSuccess ) { - errExit("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5"); + errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5"); } if (expectedHostNameVal) { @@ -2133,7 +2133,7 @@ main(int argc, char **argv) { char * progName = NULL; char * nickName = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC char * ecNickName = NULL; #endif const char * fileName = NULL; @@ -2246,9 +2246,9 @@ main(int argc, char **argv) case 'd': dir = optstate->value; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case 'e': ecNickName = PORT_Strdup(optstate->value); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case 'f': pwdata.source = PW_FROMFILE; @@ -2362,7 +2362,7 @@ main(int argc, char **argv) } if ((nickName == NULL) - #ifdef NSS_ENABLE_ECC + #ifndef NSS_DISABLE_ECC && (ecNickName == NULL) #endif ) { @@ -2593,7 +2593,7 @@ main(int argc, char **argv) setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa, &pwdata); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (ecNickName) { cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata); if (cert[kt_ecdh] == NULL) { @@ -2620,7 +2620,7 @@ main(int argc, char **argv) setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_ecdh], kt_ecdh, &pwdata); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if (testbypass) goto cleanup; @@ -2691,7 +2691,7 @@ cleanup: if (certPrefix && certPrefix != emptyString) { PORT_Free(certPrefix); } - #ifdef NSS_ENABLE_ECC + #ifndef NSS_DISABLE_ECC if (ecNickName) { PORT_Free(ecNickName); } diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c index b1eaaa6..9614f05 100644 --- a/security/nss/cmd/ssltap/ssltap.c +++ b/security/nss/cmd/ssltap/ssltap.c @@ -493,13 +493,13 @@ const char * helloExtensionNameString(int ex_num) static int isNULLmac(int cs_int) { - return (cs_int == SSL_NULL_WITH_NULL_NULL); + return (cs_int == TLS_NULL_WITH_NULL_NULL); } static int isNULLcipher(int cs_int) { - return ((cs_int == SSL_RSA_WITH_NULL_MD5) || - (cs_int == SSL_RSA_WITH_NULL_SHA) || + return ((cs_int == TLS_RSA_WITH_NULL_MD5) || + (cs_int == TLS_RSA_WITH_NULL_SHA) || (cs_int == SSL_FORTEZZA_DMS_WITH_NULL_SHA) || (cs_int == TLS_ECDH_ECDSA_WITH_NULL_SHA) || (cs_int == TLS_ECDHE_ECDSA_WITH_NULL_SHA) || diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index 26b8f92..43d121e 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -59,30 +59,30 @@ int ssl2CipherSuites[] = { int ssl3CipherSuites[] = { -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + TLS_RSA_WITH_RC4_128_MD5, /* c */ + TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + TLS_RSA_WITH_DES_CBC_SHA, /* e */ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA * h */ - SSL_RSA_WITH_NULL_MD5, /* i */ + TLS_RSA_WITH_NULL_MD5, /* i */ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ + TLS_RSA_WITH_RC4_128_SHA, /* n */ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */ - SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */ + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ + TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ + TLS_RSA_WITH_NULL_SHA, /* z */ 0 }; diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index 2e6c068..b92dcb1 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -68,30 +68,30 @@ int ssl2CipherSuites[] = { int ssl3CipherSuites[] = { -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + TLS_RSA_WITH_RC4_128_MD5, /* c */ + TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + TLS_RSA_WITH_DES_CBC_SHA, /* e */ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */ - SSL_RSA_WITH_NULL_MD5, /* i */ + TLS_RSA_WITH_NULL_MD5, /* i */ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ + TLS_RSA_WITH_RC4_128_SHA, /* n */ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */ - SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */ + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ + TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ + TLS_RSA_WITH_NULL_SHA, /* z */ 0 }; diff --git a/security/nss/cmd/vfychain/vfychain.c b/security/nss/cmd/vfychain/vfychain.c index 4d41be8..216fa36 100644 --- a/security/nss/cmd/vfychain/vfychain.c +++ b/security/nss/cmd/vfychain/vfychain.c @@ -719,6 +719,8 @@ breakout: if (node->cert) CERT_DestroyCertificate(node->cert); } + log.head = log.tail = NULL; + log.count = 0; rv = 1; } else { fprintf(stderr, "Chain is good!\n"); diff --git a/security/nss/cmd/vfyserv/vfyserv.c b/security/nss/cmd/vfyserv/vfyserv.c index 768224c..d83fc39 100644 --- a/security/nss/cmd/vfyserv/vfyserv.c +++ b/security/nss/cmd/vfyserv/vfyserv.c @@ -497,7 +497,7 @@ main(int argc, char **argv) /* All cipher suites except RSA_NULL_MD5 are enabled by * Domestic Policy. */ NSS_SetDomesticPolicy(); - SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); + SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE); /* all the SSL2 and SSL3 cipher suites are enabled by default. */ if (cipherString) { diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c index fb6ac6b..15f0d97 100644 --- a/security/nss/cmd/vfyserv/vfyutil.c +++ b/security/nss/cmd/vfyserv/vfyutil.c @@ -27,30 +27,30 @@ int ssl2CipherSuites[] = { int ssl3CipherSuites[] = { -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + TLS_RSA_WITH_RC4_128_MD5, /* c */ + TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + TLS_RSA_WITH_DES_CBC_SHA, /* e */ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */ - SSL_RSA_WITH_NULL_MD5, /* i */ + TLS_RSA_WITH_NULL_MD5, /* i */ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ + TLS_RSA_WITH_RC4_128_SHA, /* n */ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */ - SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */ + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ + TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ + TLS_RSA_WITH_NULL_SHA, /* z */ 0 }; diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index a586e5e..6567f25 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -55,11 +55,18 @@ else ifeq ($(OS_TEST),x86_64) ifeq ($(USE_64),1) CPU_ARCH = x86_64 + ARCHFLAG = -m64 +else +ifeq ($(USE_X32),1) + CPU_ARCH = x86_64 + ARCHFLAG = -mx32 + 64BIT_TAG = _x32 else OS_REL_CFLAGS = -Di386 CPU_ARCH = x86 ARCHFLAG = -m32 endif +endif else ifeq ($(OS_TEST),sparc64) CPU_ARCH = sparc @@ -123,12 +130,7 @@ ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -# See bug 537829, in particular comment 23. -# Place -ansi and *_SOURCE before $(DSO_CFLAGS) so DSO_CFLAGS can override -# -ansi on platforms like Android where the system headers are C99 and do -# not build with -ansi. -STANDARDS_CFLAGS = -D_POSIX_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE -OS_CFLAGS = $(STANDARDS_CFLAGS) $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc ifdef USE_PTHREADS @@ -138,7 +140,7 @@ endif ARCH = linux DSO_CFLAGS = -fPIC -DSO_LDOPTS = -shared $(ARCHFLAG) +DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8) # incorrectly reports undefined references in the libraries we link with, so # we don't use -z defs there. diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index eeab70d..afece49 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -41,6 +41,11 @@ else _CC_BUILD := $(word 4,$(_CC_VERSION_WORDS)) _MSC_VER = $(_CC_VMAJOR)$(_CC_VMINOR) _MSC_VER_6 = 1200 + # VC10 (2010) is 16.00.30319.01, VC10SP1 is 16.00.40219.01. + _MSC_VER_GE_10SP1 := $(shell expr $(_MSC_VER) \> 1600 \| \ + $(_MSC_VER) = 1600 \& $(_CC_RELEASE) \>= 40219) + # VC12 (2013). + _MSC_VER_GE_12 := $(shell expr $(_MSC_VER) \>= 1800) ifeq ($(_CC_VMAJOR),14) # -DYNAMICBASE is only supported on VC8SP1 or newer, # so be very specific here! @@ -171,6 +176,10 @@ ifneq ($(_MSC_VER),$(_MSC_VER_6)) OS_CFLAGS += -we4002 -we4003 -we4004 -we4006 -we4009 -we4013 \ -we4015 -we4028 -we4033 -we4035 -we4045 -we4047 -we4053 -we4054 -we4063 \ -we4064 -we4078 -we4087 -we4090 -we4098 -we4390 -we4551 -we4553 -we4715 + + ifeq ($(_MSC_VER_GE_12),1) + OS_CFLAGS += -FS + endif endif # !MSVC6 endif # NS_USE_GCC @@ -213,10 +222,10 @@ ifdef NS_USE_GCC else ifdef USE_64 AS = ml64.exe - ASFLAGS = -Cp -Sn -Zi $(INCLUDES) + ASFLAGS = -nologo -Cp -Sn -Zi $(INCLUDES) else AS = ml.exe - ASFLAGS = -Cp -Sn -Zi -coff $(INCLUDES) + ASFLAGS = -nologo -Cp -Sn -Zi -coff $(INCLUDES) endif endif diff --git a/security/nss/coreconf/config.mk b/security/nss/coreconf/config.mk index ea1d04b..99c6ce6 100644 --- a/security/nss/coreconf/config.mk +++ b/security/nss/coreconf/config.mk @@ -146,10 +146,10 @@ endif # [16.0] Global environ ment defines ####################################################################### -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC +ifdef NSS_DISABLE_ECC +DEFINES += -DNSS_DISABLE_ECC endif - + ifdef NSS_ECC_MORE_THAN_SUITE_B DEFINES += -DNSS_ECC_MORE_THAN_SUITE_B endif @@ -166,6 +166,10 @@ ifdef NSS_DISABLE_DBM DEFINES += -DNSS_DISABLE_DBM endif +ifdef NSS_PKIX_NO_LDAP +DEFINES += -DNSS_PKIX_NO_LDAP +endif + # Avoid building object leak test code for optimized library ifndef BUILD_OPT ifdef PKIX_OBJECT_LEAK_TEST @@ -181,3 +185,6 @@ USE_UTIL_DIRECTLY = 1 # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features DEFINES += -DNO_NSPR_10_SUPPORT + +# Hide old, deprecated, TLS cipher suite names when building NSS +DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES diff --git a/security/nss/coverage/cov.sh b/security/nss/coverage/cov.sh index 5158751..d2a6894 100755 --- a/security/nss/coverage/cov.sh +++ b/security/nss/coverage/cov.sh @@ -32,7 +32,6 @@ CVS_CHECKOUT_BRANCH="cvs_checkout_${BRANCH}" export HOST=`hostname` export DOMSUF=red.iplanet.com -export NSS_ENABLE_ECC=1 export NSS_ECC_MORE_THAN_SUITE_B=1 export IOPR_HOSTADDR_LIST="dochinups.red.iplanet.com" export NSS_AIA_PATH="/share/builds/mccrel3/security/aia_certs" diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index 32eaf18..8728067 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -196,10 +196,10 @@ If this option is not used, the validity check defaults to the current system ti <para><command>certutil</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). </para> <para>NSS recognizes the following prefixes:</para> <itemizedlist> - <listitem><para><command>sql: requests the newer database</command></para></listitem> - <listitem><para><command>dbm: requests the legacy database</command></para></listitem> + <listitem><para><command>sql:</command> requests the newer database</para></listitem> + <listitem><para><command>dbm:</command> requests the legacy database</para></listitem> </itemizedlist> - <para>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.</para> + <para>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then <command>dbm:</command> is the default.</para> </listitem> </varlistentry> @@ -222,7 +222,7 @@ If this option is not used, the validity check defaults to the current system ti <varlistentry> <term>-g keysize</term> - <listitem><para>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 8192 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</para></listitem> + <listitem><para>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</para></listitem> </varlistentry> @@ -360,7 +360,7 @@ of the attribute codes: <para> The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example: </para> -<para><command>-t "TCu,Cu,Tuw"</command></para> +<para><command>-t "TCu,Cu,Tu"</command></para> <para> Use the -L option to see a list of the current certificates and trust attributes in a certificate database. </para></listitem> </varlistentry> @@ -432,11 +432,11 @@ of the attribute codes: <varlistentry> <term>-1 | --keyUsage keyword,keyword</term> - <listitem><para>Set a Netscape Certificate Type Extension in the certificate. There are several available keywords:</para> + <listitem><para>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</para> <itemizedlist> <listitem> <para> - digital signature + digitalSignature </para> </listitem> <listitem> @@ -498,7 +498,7 @@ of the attribute codes: <varlistentry> <term>-5 | --nsCertType keyword,keyword</term> - <listitem><para>Add a Netscape certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</para> + <listitem><para>Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</para> <itemizedlist> <listitem> <para> diff --git a/security/nss/doc/cmsutil.xml b/security/nss/doc/cmsutil.xml index ba45b99..c7d2408 100644 --- a/security/nss/doc/cmsutil.xml +++ b/security/nss/doc/cmsutil.xml @@ -62,16 +62,16 @@ The options and arguments for the cmsutil command are defined as follows: </para> <variablelist> <varlistentry> - <term>-D </term> - <listitem><para>Decode a message.</para></listitem> - </varlistentry> - - <varlistentry> <term>-C</term> <listitem><para>Encrypt a message.</para></listitem> </varlistentry> <varlistentry> + <term>-D </term> + <listitem><para>Decode a message.</para></listitem> + </varlistentry> + + <varlistentry> <term>-E </term> <listitem><para>Envelope a message.</para></listitem> </varlistentry> @@ -267,23 +267,11 @@ cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [ </refsection> - <refsection> + <refsection id="seealso"> <title>See also</title> <para>certutil(1)</para> </refsection> - - <refsection id="seealso"> - <title>See Also</title> - <para></para> - <para> - </para> - <para> - </para> - <para> - </para> - </refsection> -  <refsection id="resources"> <title>Additional Resources</title> diff --git a/security/nss/doc/crlutil.xml b/security/nss/doc/crlutil.xml index a6dddd4..e77570e 100644 --- a/security/nss/doc/crlutil.xml +++ b/security/nss/doc/crlutil.xml @@ -76,15 +76,6 @@ The options and arguments for the crlutil command are defined as follows: <variablelist> <varlistentry> - <term>-G </term> - <listitem> - <para> -Create new Certificate Revocation List(CRL). - </para> - </listitem> - </varlistentry> - - <varlistentry> <term>-D </term> <listitem> <para> @@ -93,40 +84,38 @@ Delete Certificate Revocation List from cert database. </listitem> </varlistentry> - <varlistentry> - <term>-I </term> + <term>-E </term> <listitem> <para> -Import a CRL to the cert database +Erase all CRLs of specified type from the cert database </para> </listitem> </varlistentry> <varlistentry> - <term>-E </term> + <term>-G </term> <listitem> <para> -Erase all CRLs of specified type from the cert database +Create new Certificate Revocation List (CRL). </para> </listitem> </varlistentry> - <varlistentry> - <term>-L </term> + <term>-I </term> <listitem> <para> -List existing CRL located in cert database file. +Import a CRL to the cert database </para> </listitem> </varlistentry> <varlistentry> - <term>-S </term> + <term>-L </term> <listitem> <para> -Show contents of a CRL file which isn't stored in the database. +List existing CRL located in cert database file. </para> </listitem> </varlistentry> @@ -141,43 +130,34 @@ Modify existing CRL which can be located in cert db or in arbitrary file. If loc </varlistentry> <varlistentry> - <term>-G </term> + <term>-S </term> <listitem> <para> - +Show contents of a CRL file which isn't stored in the database. </para> </listitem> </varlistentry> </variablelist> <para><command>Arguments</command></para> - <para>Option arguments modify an action and are lowercase.</para> + <para>Option arguments modify an action.</para> <variablelist> <varlistentry> - <term>-B </term> - <listitem> - <para> -Bypass CA signature checks. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>-P dbprefix </term> + <term>-a </term> <listitem> <para> -Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. +Use ASCII format or allow the use of ASCII format for input and output. This formatting follows RFC #1113. </para> </listitem> </varlistentry> <varlistentry> - <term>-a </term> + <term>-B </term> <listitem> <para> -Use ASCII format or allow the use of ASCII format for input and output. This formatting follows RFC #1113. +Bypass CA signature checks. </para> </listitem> </varlistentry> @@ -204,19 +184,19 @@ The NSS database files must reside in the same directory. </varlistentry> <varlistentry> - <term>-i crl-file </term> + <term>-f password-file </term> <listitem> <para> -Specify the file which contains the CRL to import or show. +Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file. </para> </listitem> </varlistentry> <varlistentry> - <term>-f password-file </term> + <term>-i crl-file </term> <listitem> <para> -Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file. +Specify the file which contains the CRL to import or show. </para> </listitem> </varlistentry> @@ -249,6 +229,15 @@ Specify the output file name for new CRL. Bracket the output-file string with qu </varlistentry> <varlistentry> + <term>-P dbprefix </term> + <listitem> + <para> +Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-t crl-type </term> <listitem> <para> @@ -355,7 +344,7 @@ Implemented Extensions * Add The Authority Key Identifier extension: </para> <para> - The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. +The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. </para> <para> authKeyId critical [key-id | dn cert-serial] @@ -504,21 +493,9 @@ crlutil -G|-M -c crl-gen-file -n nickname [-i crl] [-u url] [-d keydir] [-P dbpr </programlisting> </refsection> - <refsection> - <title>See also</title> - <para>certutil(1)</para> - </refsection> - - <refsection id="seealso"> <title>See Also</title> - <para></para> - <para> - </para> - <para> - </para> - <para> - </para> + <para>certutil(1)</para> </refsection>  diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html index 968a9d2..c99513f 100644 --- a/security/nss/doc/html/certutil.html +++ b/security/nss/doc/html/certutil.html @@ -1,4 +1,4 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil â Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm224672048528"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil â Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233261230240"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Certificate Database Tool, <span class="command"><strong>certutil</strong></span>, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.</p><p>Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the <span class="command"><strong>modutil</strong></span> manpage.</p></div><div class="refsection"><a name="options"></a><h2>Command Options and Arguments</h2><p>Running <span class="command"><strong>certutil</strong></span> always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option <code class="option">-H</code> will list all the command options and their relevant arguments.</p><p><span class="command"><strong>Command Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A </span></dt><dd><p>Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.</p></dd><dt><span class="term">-B</span></dt><dd><p>Run a series of commands from the specified batch file. This requires the <code class="option">-i</code> argument.</p></dd><dt><span class="term">-C </span></dt><dd><p>Create a new binary certificate file from a binary certificate request file. Use the <code class="option">-i</code> argument to specify the certificate request file. If this argum ent is not used, <span class="command"><strong>certutil</strong></span> prompts for a filename. </p></dd><dt><span class="term">-D </span></dt><dd><p>Delete a certificate from the certificate database.</p></dd><dt><span class="term">-E </span></dt><dd><p>Add an email certificate to the certificate database.</p></dd><dt><span class="term">-F</span></dt><dd><p>Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the <code class="option">-d</code> argument. Use the <code class="option">-k</code> argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the <code class="option">-k</code> argument, the option looks for an RSA key matching the specified nickname. </p><p> @@ -10,9 +10,9 @@ For certificate requests, ASCII output defaults to standard output unless redire </p><p> If this option is not used, the validity check defaults to the current system time.</p></dd><dt><span class="term">-c issuer</span></dt><dd><p>Identify the certificate of the CA from which a new certificate will derive its authenticity. Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string - with quotation marks if it contains spaces. </p></dd><dt><span class="term">-d [prefix]directory</span></dt><dd><p>Specify the database directory containing the certificate and key database files.</p><p><span class="command"><strong>certutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). </p><p>NSS recognizes the following prefixes:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>sql: requests the newer database</strong></span></p></li><li class="listitem"><p><span class="command"><strong>dbm: requests the legacy database</strong></span></p></li></ul></div><p>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.</p></dd><dt><span class="term">-e </span></dt><dd><p>Check a certificate's signature during the process of validating a certificate.</p></dd><dt><span class="term">--email email-address</span></dt><dd><p>Specify the email address of a certificate to list. Used with the -L command option.</p></dd><dt><span class="term">-f password-file</span></dt><dd><p>Specify a file that will automatically supply the password to include in a certificate + with quotation marks if it contains spaces. </p></dd><dt><span class="term">-d [prefix]directory</span></dt><dd><p>Specify the database directory containing the certificate and key database files.</p><p><span class="command"><strong>certutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). </p><p>NSS recognizes the following prefixes:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>sql:</strong></span> requests the newer database</p></li><li class="listitem"><p><span class="command"><strong>dbm:</strong></span> requests the legacy database</p></li></ul></div><p>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then <span class="command"><strong>dbm:</strong></span> is the default.</p></dd><dt><span class="term">-e </span></dt><dd><p>Check a certificate's signature during the process of validating a certificate.</p></dd><dt><span class="term">--email email-address</span></dt><dd><p>Specify the email address of a certificate to list. Used with the -L command option.</p></dd><dt><span class="term">-f password-file</span></dt><dd><p>Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent - unauthorized access to this file.</p></dd><dt><span class="term">-g keysize</span></dt><dd><p>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 8192 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</p></dd><dt><span class="term">-i input_file</span></dt><dd><p>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</p></dd><dt><span class="term">-k key-type-or-id</span></dt><dd><p>Specify the type or specific ID of a key.</p><p> + unauthorized access to this file.</p></dd><dt><span class="term">-g keysize</span></dt><dd><p>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</p></dd><dt><span class="term">-i input_file</span></dt><dd><p>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</p></dd><dt><span class="term">-k key-type-or-id</span></dt><dd><p>Specify the type or specific ID of a key.</p><p> The valid key type options are rsa, dsa, ec, or all. The default value is rsa. Specifying the type of key can avoid mistakes caused by duplicate nicknames. Giving a key type generates a new key pair; @@ -53,14 +53,14 @@ of the attribute codes: <span class="command"><strong>u</strong></span> - user </p></li></ul></div><p> The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example: - </p><p><span class="command"><strong>-t "TCu,Cu,Tuw"</strong></span></p><p> + </p><p><span class="command"><strong>-t "TCu,Cu,Tu"</strong></span></p><p> Use the -L option to see a list of the current certificates and trust attributes in a certificate database. </p></dd><dt><span class="term">-u certusage</span></dt><dd><p>Specify a usage context to apply when validating a certificate with the -V option.</p><p>The contexts are the following:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>C</strong></span> (as an SSL client)</p></li><li class="listitem"><p><span class="command"><strong>V</strong></span> (as an SSL server)</p></li><li class="listitem"><p><span class="command"><strong>S</strong></span> (as an email signer)</p></li><li class="listitem"><p><span class="command"><strong>R</strong></span> (as an email recipient)</p></li><li class="listitem"><p><span class="command"><strong>O</strong></span> (as an OCSP status responder)</p></li><li class="listitem"><p><span class="command"><strong>J</strong></span> (as an object signer)</p></li></u l></div></dd><dt><span class="term">-v valid-months</span></dt><dd><p>Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the <code class="option">-w</code> option. If this argument is not used, the default validity period is three months. </p></dd><dt><span class="term">-w offset-months</span></dt><dd><p>Set an offset from the current system time, in months, for the beginning of a certificate's validity period. Use when creating the certificate or adding it to a database. Express the offset in integers, using a minus sign (-) to indicate a negative offset. If this argument is not used, the validity period begins at the current system time. The length - of the validity period is set with the -v argument. </p></dd><dt><span class="term">-X </span></dt><dd><p>Force the key and certificate database to open in read-write mode. This is used with the <code class="option">-U</code> and <code class="option">-L</code> command options.</p></dd><dt><span class="term">-x </span></dt><dd><p>Use <span class="command"><strong>certutil</strong></span> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</p></dd><dt><span class="term">-y exp</span></dt><dd><p>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</p></dd><dt><span class="term">-z noise-file</span></dt><dd><p>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually crea te a value from the keyboard. The minimum file size is 20 bytes.</p></dd><dt><span class="term">-0 SSO_password</span></dt><dd><p>Set a site security officer password on a token.</p></dd><dt><span class="term">-1 | --keyUsage keyword,keyword</span></dt><dd><p>Set a Netscape Certificate Type Extension in the certificate. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> - digital signature + of the validity period is set with the -v argument. </p></dd><dt><span class="term">-X </span></dt><dd><p>Force the key and certificate database to open in read-write mode. This is used with the <code class="option">-U</code> and <code class="option">-L</code> command options.</p></dd><dt><span class="term">-x </span></dt><dd><p>Use <span class="command"><strong>certutil</strong></span> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</p></dd><dt><span class="term">-y exp</span></dt><dd><p>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</p></dd><dt><span class="term">-z noise-file</span></dt><dd><p>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually crea te a value from the keyboard. The minimum file size is 20 bytes.</p></dd><dt><span class="term">-0 SSO_password</span></dt><dd><p>Set a site security officer password on a token.</p></dd><dt><span class="term">-1 | --keyUsage keyword,keyword</span></dt><dd><p>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> + digitalSignature </p></li><li class="listitem"><p> nonRepudiation </p></li><li class="listitem"><p> @@ -75,7 +75,7 @@ of the attribute codes: crlSigning </p></li><li class="listitem"><p> critical - </p></li></ul></div></dd><dt><span class="term">-2 </span></dt><dd><p>Add a basic constraint extension to a certificate that is being created or added to a database. This extension supports the certificate chain verification process. <span class="command"><strong>certutil</strong></span> prompts for the certificate constraint extension to select.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-3 </span></dt><dd><p>Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-4 </span></dt><dd><p>Add a CRL distribution point extension to a certifica te that is being created or added to a database. This extension identifies the URL of a certificate's associated certificate revocation list (CRL). <span class="command"><strong>certutil</strong></span> prompts for the URL.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-5 | --nsCertType keyword,keyword</span></dt><dd><p>Add a Netscape certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> + </p></li></ul></div></dd><dt><span class="term">-2 </span></dt><dd><p>Add a basic constraint extension to a certificate that is being created or added to a database. This extension supports the certificate chain verification process. <span class="command"><strong>certutil</strong></span> prompts for the certificate constraint extension to select.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-3 </span></dt><dd><p>Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-4 </span></dt><dd><p>Add a CRL distribution point extension to a certifica te that is being created or added to a database. This extension identifies the URL of a certificate's associated certificate revocation list (CRL). <span class="command"><strong>certutil</strong></span> prompts for the URL.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-5 | --nsCertType keyword,keyword</span></dt><dd><p>Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> sslClient </p></li><li class="listitem"><p> sslServer diff --git a/security/nss/doc/html/cmsutil.html b/security/nss/doc/html/cmsutil.html index 2b5249c..1bed3fe 100644 --- a/security/nss/doc/html/cmsutil.html +++ b/security/nss/doc/html/cmsutil.html @@ -1,4 +1,4 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CMSUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CMSUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CMSUTIL</th></tr></table><hr></div><div class="refentry"><a name="cmsutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>cmsutil â Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">cmsutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm207695361776"></a><h2>S TATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CMSUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CMSUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CMSUTIL</th></tr></table><hr></div><div class="refentry"><a name="cmsutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>cmsutil â Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">cmsutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233266717696"></a><h2>S TATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The <span class="command"><strong>cmsutil</strong></span> command-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages. </p><p> To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section. @@ -8,7 +8,7 @@ To see a usage string, issue the command without options. </p><p><span class="command"><strong>Options</strong></span></p><p> Options specify an action. Option arguments modify an action. The options and arguments for the cmsutil command are defined as follows: - </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-D </span></dt><dd><p>Decode a message.</p></dd><dt><span class="term">-C</span></dt><dd><p>Encrypt a message.</p></dd><dt><span class="term">-E </span></dt><dd><p>Envelope a message.</p></dd><dt><span class="term">-O </span></dt><dd><p>Create a certificates-only message.</p></dd><dt><span class="term">-S </span></dt><dd><p>Sign a message.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Option arguments modify an action.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-b </span></dt><dd><p>Decode a batch of files named in infile.</p></dd><dt><span class="term">-c content </span></dt><dd><p>Use this detached content (decode only).</p></dd><dt><span class="term">-d dbdir</span></dt><dd><p>Specify the key/certificate database directory (default is ".")</p></dd><dt><span class="term">-e envfile</span></dt><dd><p>Specify a file containing an e nveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).</p></dd><dt><span class="term">-f pwfile</span></dt><dd><p>Use password file to set password on all PKCS#11 tokens.</p></dd><dt><span class="term">-G</span></dt><dd><p>Include a signing time attribute (sign only).</p></dd><dt><span class="term">-H hash</span></dt><dd><p>Use specified hash algorithm (default:SHA1).</p></dd><dt><span class="term">-h num</span></dt><dd><p>Generate email headers with info about CMS message (decode only).</p></dd><dt><span class="term">-i infile</span></dt><dd><p>Use infile as a source of data (default is stdin).</p></dd><dt><span class="term">-k</span></dt><dd><p>Keep decoded encryption certs in permanent cert db.</p></dd><dt><span class="term">-N nickname</span></dt><dd><p>Specify nickname of cert ificate to sign with (sign only).</p></dd><dt><span class="term">-n </span></dt><dd><p>Suppress output of contents (decode only).</p></dd><dt><span class="term">-o outfile</span></dt><dd><p>Use outfile as a destination of data (default is stdout).</p></dd><dt><span class="term">-P</span></dt><dd><p>Include an S/MIME capabilities attribute.</p></dd><dt><span class="term">-p password</span></dt><dd><p>Use password as key database password.</p></dd><dt><span class="term">-r recipient1,recipient2, ...</span></dt><dd><p> + </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-C</span></dt><dd><p>Encrypt a message.</p></dd><dt><span class="term">-D </span></dt><dd><p>Decode a message.</p></dd><dt><span class="term">-E </span></dt><dd><p>Envelope a message.</p></dd><dt><span class="term">-O </span></dt><dd><p>Create a certificates-only message.</p></dd><dt><span class="term">-S </span></dt><dd><p>Sign a message.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Option arguments modify an action.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-b </span></dt><dd><p>Decode a batch of files named in infile.</p></dd><dt><span class="term">-c content </span></dt><dd><p>Use this detached content (decode only).</p></dd><dt><span class="term">-d dbdir</span></dt><dd><p>Specify the key/certificate database directory (default is ".")</p></dd><dt><span class="term">-e envfile</span></dt><dd><p>Specify a file containing an e nveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).</p></dd><dt><span class="term">-f pwfile</span></dt><dd><p>Use password file to set password on all PKCS#11 tokens.</p></dd><dt><span class="term">-G</span></dt><dd><p>Include a signing time attribute (sign only).</p></dd><dt><span class="term">-H hash</span></dt><dd><p>Use specified hash algorithm (default:SHA1).</p></dd><dt><span class="term">-h num</span></dt><dd><p>Generate email headers with info about CMS message (decode only).</p></dd><dt><span class="term">-i infile</span></dt><dd><p>Use infile as a source of data (default is stdin).</p></dd><dt><span class="term">-k</span></dt><dd><p>Keep decoded encryption certs in permanent cert db.</p></dd><dt><span class="term">-N nickname</span></dt><dd><p>Specify nickname of cert ificate to sign with (sign only).</p></dd><dt><span class="term">-n </span></dt><dd><p>Suppress output of contents (decode only).</p></dd><dt><span class="term">-o outfile</span></dt><dd><p>Use outfile as a destination of data (default is stdout).</p></dd><dt><span class="term">-P</span></dt><dd><p>Include an S/MIME capabilities attribute.</p></dd><dt><span class="term">-p password</span></dt><dd><p>Use password as key database password.</p></dd><dt><span class="term">-r recipient1,recipient2, ...</span></dt><dd><p> Specify list of recipients (email addresses) for an encrypted or enveloped message. For certificates-only message, list of certificates to send. </p></dd><dt><span class="term">-T</span></dt><dd><p>Suppress content in CMS message (sign only).</p></dd><dt><span class="term">-u certusage</span></dt><dd><p>Set type of cert usage (default is certUsageEmailSigner).</p></dd><dt><span class="term">-v</span></dt><dd><p>Print debugging information.</p></dd><dt><span class="term">-Y ekprefnick</span></dt><dd><p>Specify an encryption key preference by nickname.</p></dd></dl></div></div><div class="refsection"><a name="usage"></a><h2>Usage</h2><p>Encrypt Example</p><pre class="programlisting"> @@ -21,10 +21,7 @@ cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,reci cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ." </pre><p>Sign Message Example</p><pre class="programlisting"> cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick] - </pre></div><div class="refsection"><a name="idm207694289248"></a><h2>See also</h2><p>certutil(1)</p></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p></p><p> - </p><p> - </p><p> - </p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p> + </pre></div><div class="refsection"><a name="seealso"></a><h2>See also</h2><p>certutil(1)</p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p> Authors: Elio Maldonado <emaldona(a)redhat.com>, Deon Lackey <dlackey(a)redhat.com>. </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. </p></div></div><div class="navfooter"><hr></div></body></html> diff --git a/security/nss/doc/html/crlutil.html b/security/nss/doc/html/crlutil.html index 3f39545..c27a06e 100644 --- a/security/nss/doc/html/crlutil.html +++ b/security/nss/doc/html/crlutil.html @@ -1,6 +1,6 @@ <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CRLUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CRLUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CRLUTIL</th></tr></table><hr></div><div class="refentry"><a name="crlutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>crlutil â List, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL. - </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">crlutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm207693223392"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> + </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">crlutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233261315520"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Certificate Revocation List (CRL) Management Tool, <span class="command"><strong>crlutil</strong></span>, is a command-line utility that can list, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL. </p><p> The key and certificate management process generally begins with creating keys in the key database, then generating and managing certificates in the certificate database(see certutil tool) and continues with certificates expiration or revocation. @@ -16,44 +16,42 @@ where options and arguments are combinations of the options and arguments listed </p><p><span class="command"><strong>Options</strong></span></p><p> Options specify an action. Option arguments modify an action. The options and arguments for the crlutil command are defined as follows: - </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-G </span></dt><dd><p> -Create new Certificate Revocation List(CRL). - </p></dd><dt><span class="term">-D </span></dt><dd><p> + </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-D </span></dt><dd><p> Delete Certificate Revocation List from cert database. - </p></dd><dt><span class="term">-I </span></dt><dd><p> -Import a CRL to the cert database </p></dd><dt><span class="term">-E </span></dt><dd><p> Erase all CRLs of specified type from the cert database + </p></dd><dt><span class="term">-G </span></dt><dd><p> +Create new Certificate Revocation List (CRL). + </p></dd><dt><span class="term">-I </span></dt><dd><p> +Import a CRL to the cert database </p></dd><dt><span class="term">-L </span></dt><dd><p> List existing CRL located in cert database file. - </p></dd><dt><span class="term">-S </span></dt><dd><p> -Show contents of a CRL file which isn't stored in the database. </p></dd><dt><span class="term">-M </span></dt><dd><p> Modify existing CRL which can be located in cert db or in arbitrary file. If located in file it should be encoded in ASN.1 encode format. - </p></dd><dt><span class="term">-G </span></dt><dd><p> - - </p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Option arguments modify an action and are lowercase.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-B </span></dt><dd><p> -Bypass CA signature checks. - </p></dd><dt><span class="term">-P dbprefix </span></dt><dd><p> -Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. - </p></dd><dt><span class="term">-a </span></dt><dd><p> + </p></dd><dt><span class="term">-S </span></dt><dd><p> +Show contents of a CRL file which isn't stored in the database. + </p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Option arguments modify an action.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-a </span></dt><dd><p> Use ASCII format or allow the use of ASCII format for input and output. This formatting follows RFC #1113. + </p></dd><dt><span class="term">-B </span></dt><dd><p> +Bypass CA signature checks. </p></dd><dt><span class="term">-c crl-gen-file </span></dt><dd><p> Specify script file that will be used to control crl generation/modification. See crl-cript-file format below. If options -M|-G is used and -c crl-script-file is not specified, crlutil will read script data from standard input. </p></dd><dt><span class="term">-d directory </span></dt><dd><p> Specify the database directory containing the certificate and key database files. On Unix the Certificate Database Tool defaults to $HOME/.netscape (that is, ~/.netscape). On Windows NT the default is the current directory. </p><p> The NSS database files must reside in the same directory. - </p></dd><dt><span class="term">-i crl-file </span></dt><dd><p> -Specify the file which contains the CRL to import or show. </p></dd><dt><span class="term">-f password-file </span></dt><dd><p> Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file. + </p></dd><dt><span class="term">-i crl-file </span></dt><dd><p> +Specify the file which contains the CRL to import or show. </p></dd><dt><span class="term">-l algorithm-name </span></dt><dd><p> Specify a specific signature algorithm. List of possible algorithms: MD2 | MD4 | MD5 | SHA1 | SHA256 | SHA384 | SHA512 </p></dd><dt><span class="term">-n nickname </span></dt><dd><p> Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces. </p></dd><dt><span class="term">-o output-file </span></dt><dd><p> Specify the output file name for new CRL. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output. + </p></dd><dt><span class="term">-P dbprefix </span></dt><dd><p> +Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. </p></dd><dt><span class="term">-t crl-type </span></dt><dd><p> Specify type of CRL. possible types are: 0 - SEC_KRL_TYPE, 1 - SEC_CRL_TYPE. This option is obsolete </p></dd><dt><span class="term">-u url </span></dt><dd><p> @@ -103,7 +101,7 @@ Implemented Extensions </p><p> * Add The Authority Key Identifier extension: </p><p> - The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. +The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. </p><p> authKeyId critical [key-id | dn cert-serial] </p><p> @@ -200,10 +198,7 @@ crlutil -G|-M -c crl-gen-file -n nickname [-i crl] [-u url] [-d keydir] [-P dbpr * Import CRL from file: </p><pre class="programlisting"> crlutil -I -i crl [-t crlType] [-u url] [-d keydir] [-P dbprefix] [-B] - </pre></div><div class="refsection"><a name="idm207692123648"></a><h2>See also</h2><p>certutil(1)</p></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p></p><p> - </p><p> - </p><p> - </p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p> + </pre></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil(1)</p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p> Authors: Elio Maldonado <emaldona(a)redhat.com>, Deon Lackey <dlackey(a)redhat.com>. </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. </p></div></div><div class="navfooter"><hr></div></body></html> diff --git a/security/nss/doc/html/modutil.html b/security/nss/doc/html/modutil.html index e67fde2..5c53b0a 100644 --- a/security/nss/doc/html/modutil.html +++ b/security/nss/doc/html/modutil.html @@ -1,7 +1,7 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>MODUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="MODUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">MODUTIL</th></tr></table><hr></div><div class="refentry"><a name="modutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>modutil â Manage PKCS #11 module information within the security module database.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">modutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm224666099264"></a><h2>STATUS</h2><p>This documentation is still work in pr ogress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>MODUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="MODUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">MODUTIL</th></tr></table><hr></div><div class="refentry"><a name="modutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>modutil â Manage PKCS #11 module information within the security module database.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">modutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233245929376"></a><h2>STATUS</h2><p>This documentation is still work in pr ogress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Security Module Database Tool, <span class="command"><strong>modutil</strong></span>, is a command-line utility for managing PKCS #11 module information both within <code class="filename">secmod.db</code> files and within hardware tokens. <span class="command"><strong>modutil</strong></span> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</p><p>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><p> Running <span class="command"><strong>modutil</strong></span> always requires one (and only one) option to specify the type of module operation. Each option may take arguments, anywhere from none to multiple arguments. - </p><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-add modulename</span></dt><dd><p>Add the named PKCS #11 module to the database. Use this option with the <code class="option">-libfile</code>, <code class="option">-ciphers</code>, and <code class="option">-mechanisms</code> arguments.</p></dd><dt><span class="term">-changepw tokenname</span></dt><dd><p>Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the <code class="option">-pwfile</code> and <code class="option">-newpwfile</code> arguments. A <span class="emphasis"><em>password</em></span> is equivalent to a personal identification number (PIN).</p></dd><dt><span class="term">-chkfips</span></dt><dd><p>Verify whether the module is in the given FIPS mode. <span class="command"><strong>true</strong></span> means to verify that the module is in FIPS mode, wh ile <span class="command"><strong>false</strong></span> means to verify that the module is not in FIPS mode.</p></dd><dt><span class="term">-create</span></dt><dd><p>Create new certificate, key, and module databases. Use the <code class="option">-dbdir</code> directory argument to specify a directory. If any of these databases already exist in a specified directory, <span class="command"><strong>modutil</strong></span> returns an error message.</p></dd><dt><span class="term">-default modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd><dt><span class="term">-delete modulename</span></dt><dd><p>Delete the named module. The default NSS PKCS #11 module cannot be deleted.</p></dd><dt><span class="term">-disable modulename</span></dt><dd><p>Disable all slots on the named module. Use the <code class="option">-slot</code> a rgument to disable a specific slot.</p></dd><dt><span class="term">-enable modulename</span></dt><dd><p>Enable all slots on the named module. Use the <code class="option">-slot</code> argument to enable a specific slot.</p></dd><dt><span class="term">-fips [true | false]</span></dt><dd><p>Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.</p></dd><dt><span class="term">-force</span></dt><dd><p>Disable <span class="command"><strong>modutil</strong></span>'s interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.</p></dd><dt><span class="term">-jar JAR-file</span></dt><dd><p>Add a new PKCS #11 module to the database using the named JAR file. Use this command with the <code class="option">-installdir</code> and <code class="option">-tempdir</code> arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with <span class="command"><strong>modutil</strong></span>. </p></dd><dt><span class="term">-list [modulename]</span></dt><dd><p>Display basic information about the contents of the <code class="filename">secmod.db</code> file. Specifying a <span class="emphasis"><em>modulename</em></span> displays detailed information about a particular module and its slots and tokens.</p></dd><dt><span class="term">-rawadd</span></dt><dd><p>Add the module spec string to the <code class="filename">secmod.db</code> database.</p></dd><dt><span class="term">-rawlist</span> </dt><dd><p>Display the module specs for a specified module or for all loadable modules.</p></dd><dt><span class="term">-undefault modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">MODULE</span></dt><dd><p>Give the security module to access.</p></dd><dt><span class="term">MODULESPEC</span></dt><dd><p>Give the security module spec to load into the security database.</p></dd><dt><span class="term">-ciphers cipher-enable-list</span></dt><dd><p>Enable specific ciphers in a module that is being added to the database. The <span class="emphasis"><em>cipher-enable-list</em></span> is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.</p></dd><dt><span class="term">-dbdir [sql:]directory</span></dt><dd><p>Specify the database directory in which to access or create security module database files.</p><p><span class="command"><strong>modutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">--dbprefix prefix</span></dt><dd><p>Specify the prefix used on the database files, such as <code class="filename">my_</code> for <code class="filename">my_cert8.db</code>. This option is provided as a special case. Changing the names of the certi ficate and key databases is not recommended.</p></dd><dt><span class="term">-installdir root-installation-directory</span></dt><dd><p>Specify the root installation directory relative to which files will be installed by the <code class="option">-jar</code> option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.</p></dd><dt><span class="term">-libfile library-file</span></dt><dd><p>Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.</p></dd><dt><span class="term">-mechanisms mechanism-list</span></dt><dd><p>Specify the security mechanisms for which a particular module will be flagged as a default provider. The <span class="emphasis"><em>mechanism-list</em></span> is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.</p><p>The module becomes a default provider for the listed mec hanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.</p><p><span class="command"><strong>modutil</strong></span> supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).</p></dd><dt><span class="term">-newpwfile new-password-file</span></dt><dd><p>Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the <code class="option">-changepw</code> option.</p></dd><dt><span class="term">-nocertdb</span></dt><dd><p>Do not open the certificate or key databases. This has several effects:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>With the <code class="option">-create</code> command, only a module security file is created; certificate and key databases are not created.</p></li><li class="listitem"><p>With the <code class="option">-jar</code> command, signatures on the JAR file are not checked.</p></li><li class="listitem"><p>With the <code class="option">-changepw</code> command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.</p></li></ul></div></dd><dt><span class="term">-pwfile old-password-file</span></dt><dd><p>Specify a text file containing a token's existing password so that a password can be entered automatically when the <code class="option">-changepw</code> option is used to change passwords.</p></dd><dt><span class="term">-secmod secmodname</span></dt><dd><p>Give the name of the security module database (like <code class="filename">secmod.db</code>) to load.</p></dd><dt><span class="term">-slot slotname</span></dt><dd><p>Specify a particular slot to be enabled or disabled with the <code class="op tion">-enable</code> or <code class="option">-disable</code> options.</p></dd><dt><span class="term">-string CONFIG_STRING</span></dt><dd><p>Pass a configuration string for the module being added to the database.</p></dd><dt><span class="term">-tempdir temporary-directory</span></dt><dd><p>Give a directory location where temporary files are created during the installation by the <code class="option">-jar</code> option. If no temporary directory is specified, the current directory is used.</p></dd></dl></div></div><div class="refsection"><a name="usage-and-examples"></a><h2>Usage and Examples</h2><p><span class="command"><strong>Creating Database Files</strong></span></p><p>Before any operations can be performed, there must be a set of security databases available. <span class="command"><strong>modutil</strong></span> can be used to create these files. The only required argument is the database that where the databases will be located.</p><pre class="programlisting">modutil -create - dbdir [sql:]directory</pre><p><span class="command"><strong>Adding a Cryptographic Module</strong></span></p><p>Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through <span class="command"><strong>modutil</strong></span> directly or by running a JAR file and install script. For the most basic case, simply upload the library:</p><pre class="programlisting">modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] </pre><p>For example: + </p><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-add modulename</span></dt><dd><p>Add the named PKCS #11 module to the database. Use this option with the <code class="option">-libfile</code>, <code class="option">-ciphers</code>, and <code class="option">-mechanisms</code> arguments.</p></dd><dt><span class="term">-changepw tokenname</span></dt><dd><p>Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the <code class="option">-pwfile</code> and <code class="option">-newpwfile</code> arguments. A <span class="emphasis"><em>password</em></span> is equivalent to a personal identification number (PIN).</p></dd><dt><span class="term">-chkfips</span></dt><dd><p>Verify whether the module is in the given FIPS mode. <span class="command"><strong>true</strong></span> means to verify that the module is in FIPS mode, wh ile <span class="command"><strong>false</strong></span> means to verify that the module is not in FIPS mode.</p></dd><dt><span class="term">-create</span></dt><dd><p>Create new certificate, key, and module databases. Use the <code class="option">-dbdir</code> directory argument to specify a directory. If any of these databases already exist in a specified directory, <span class="command"><strong>modutil</strong></span> returns an error message.</p></dd><dt><span class="term">-default modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd><dt><span class="term">-delete modulename</span></dt><dd><p>Delete the named module. The default NSS PKCS #11 module cannot be deleted.</p></dd><dt><span class="term">-disable modulename</span></dt><dd><p>Disable all slots on the named module. Use the <code class="option">-slot</code> a rgument to disable a specific slot.</p><p>The internal NSS PKCS #11 module cannot be disabled.</p></dd><dt><span class="term">-enable modulename</span></dt><dd><p>Enable all slots on the named module. Use the <code class="option">-slot</code> argument to enable a specific slot.</p></dd><dt><span class="term">-fips [true | false]</span></dt><dd><p>Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.</p></dd><dt><span class="term">-force</span></dt><dd><p>Disable <span class="command"><strong>modutil</strong></span>'s interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.</p></dd><dt><span class="term">-jar JAR-file</span></dt><dd><p>Add a new PKCS #11 module to the database using the named JAR file. Use this command with the <code class="option">-installdir</code> and < code class="option">-tempdir</code> arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with <span class="command"><strong>modutil</strong></span>. </p></dd><dt><span class="term">-list [modulename]</span></dt><dd><p>Display basic information about the contents of the <code class="filename">secmod.db</code> file. Specifying a <span class="emphasis"><em>modulename</em></span> displays detailed information about a particular module and its slots and tokens.</p></dd><dt><span class="term">-rawadd</span></dt><dd><p>Add the module spec string to the <code class="filename">secmod.db</cod e> database.</p></dd><dt><span class="term">-rawlist</span></dt><dd><p>Display the module specs for a specified module or for all loadable modules.</p></dd><dt><span class="term">-undefault modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">MODULE</span></dt><dd><p>Give the security module to access.</p></dd><dt><span class="term">MODULESPEC</span></dt><dd><p>Give the security module spec to load into the security database.</p></dd><dt><span class="term">-ciphers cipher-enable-list</span></dt><dd><p>Enable specific ciphers in a module that is being added to the database. The <span class="emphasis"><em>cipher-enable-list</em></span> is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.</p></dd><dt><span class="term">-dbdir [sql:]directory</span></dt><dd><p>Specify the database directory in which to access or create security module database files.</p><p><span class="command"><strong>modutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">--dbprefix prefix</span></dt><dd><p>Specify the prefix used on the database files, such as <code class="filename">my_</code> for <code class="filename">my_cert8.db</code>. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-installdir root-installation-directory</span></dt><dd><p>Specify the root installation directory relative to which files will be installed by the <code class="option">-jar</code> option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.</p></dd><dt><span class="term">-libfile library-file</span></dt><dd><p>Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.</p></dd><dt><span class="term">-mechanisms mechanism-list</span></dt><dd><p>Specify the security mechanisms for which a particular module will be flagged as a default provider. The <span class="emphasis"><em>mechanism-list</em></span> is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.</p> <p>The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.</p><p><span class="command"><strong>modutil</strong></span> supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).</p></dd><dt><span class="term">-newpwfile new-password-file</span></dt><dd><p>Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the <code class="option">-changepw</code> option.</p></dd><dt><span class="term">-nocertdb</span></dt><dd><p>Do not open the certificate or key databases. This has several effects:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>With the <code class="option">-create</code> command, only a module security file is created; certificate and key databases are not created.</p></li><li class="listitem"><p>With the <code class="option">-jar</code> command, signatures on the JAR file are not checked.</p></li><li class="listitem"><p>With the <code class="option">-changepw</code> command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.</p></li></ul></div></dd><dt><span class="term">-pwfile old-password-file</span></dt><dd><p>Specify a text file containing a token's existing password so that a password can be entered automatically when the <code class="option">-changepw</code> option is used to change passwords.</p></dd><dt><span class="term">-secmod secmodname</span></dt><dd><p>Give the name of the security module database (like <code class="filename">secmod.db</code>) to load.</p></dd><dt><span class="term">-slot slotname</span></dt><dd><p>Specify a particu lar slot to be enabled or disabled with the <code class="option">-enable</code> or <code class="option">-disable</code> options.</p></dd><dt><span class="term">-string CONFIG_STRING</span></dt><dd><p>Pass a configuration string for the module being added to the database.</p></dd><dt><span class="term">-tempdir temporary-directory</span></dt><dd><p>Give a directory location where temporary files are created during the installation by the <code class="option">-jar</code> option. If no temporary directory is specified, the current directory is used.</p></dd></dl></div></div><div class="refsection"><a name="usage-and-examples"></a><h2>Usage and Examples</h2><p><span class="command"><strong>Creating Database Files</strong></span></p><p>Before any operations can be performed, there must be a set of security databases available. <span class="command"><strong>modutil</strong></span> can be used to create these files. The only required argument is the database that where the databases will b e located.</p><pre class="programlisting">modutil -create -dbdir [sql:]directory</pre><p><span class="command"><strong>Adding a Cryptographic Module</strong></span></p><p>Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through <span class="command"><strong>modutil</strong></span> directly or by running a JAR file and install script. For the most basic case, simply upload the library:</p><pre class="programlisting">modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] </pre><p>For example: </p><pre class="programlisting">modutil -dbdir sql:/home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM Using database directory ... @@ -211,7 +211,8 @@ MD2: 0x00000400 RANDOM: 0x08000000 FRIENDLY: 0x10000000 OWN_PW_DEFAULTS: 0x20000000 -DISABLE: 0x40000000</pre><p><span class="command"><strong>CipherEnableFlags</strong></span> specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS). This is equivalent to the <code class="option">-cipher</code> argument with the <code class="option">-add</code> command. This key is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the <span class="command"><strong>CipherEnableFlags</strong></span> entry is omitted, the value defaults to 0x0.</p><p><span class="command"><strong>EquivalentPlatform</strong></span> specifies that the attributes of the named platform should also be used for the current platform. This makes it easier when more than one platform uses the same settings.</p><p><span class="command"><strong>Per-File Keys</strong></span></p><p>Some keys have meaning only within the value list of an entry in a <span class="command"><strong>Files</strong></span> l ist.</p><p>Each file requires a path key the identifies where the file is. Either <span class="command"><strong>RelativePath</strong></span> or <span class="command"><strong>AbsolutePath</strong></span> must be specified. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program.</p><p><span class="command"><strong>RelativePath</strong></span> specifies the destination directory of the file, relative to some directory decided at install time. Two variables can be used in the relative path: <span class="command"><strong>%root%</strong></span> and <span class="command"><strong>%temp%</strong></span>. <span class="command"><strong>%root%</strong></span> is replaced at run time with the directory relative to which files should be installed; for example, it may be the server's root directory. The <span class="command"><strong>%temp%</strong></span> directory is created at the beginning of the installation and destroyed at the end. The purpose of <span class="command"><strong>%temp%</strong></span> is to hold executable files (such as setup programs) or files that are used by these programs. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished.</p><p><span class="command"><strong>AbsolutePath</strong></span> specifies the destination directory of the file as an absolute path. </p><p><span class="command"><strong>Executable</strong></span> specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.</p><p><span class="command"><strong>FilePermissions</strong></span> sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.</p><pre class="programlisting">user read: 0400 +DISABLE: 0x40000000</pre><p><span class="command"><strong>CipherEnableFlags</strong></span> specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS). This is equivalent to the <code class="option">-cipher</code> argument with the <code class="option">-add</code> command. This key is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the <span class="command"><strong>CipherEnableFlags</strong></span> entry is omitted, the value defaults to 0x0.</p><p><span class="command"><strong>EquivalentPlatform</strong></span> specifies that the attributes of the named platform should also be used for the current platform. This makes it easier when more than one platform uses the same settings.</p><p><span class="command"><strong>Per-File Keys</strong></span></p><p>Some keys have meaning only within the value list of an entry in a <span class="command"><strong>Files</strong></span> l ist.</p><p>Each file requires a path key the identifies where the file is. Either <span class="command"><strong>RelativePath</strong></span> or <span class="command"><strong>AbsolutePath</strong></span> must be specified. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program.</p><p><span class="command"><strong>RelativePath</strong></span> specifies the destination directory of the file, relative to some directory decided at install time. Two variables can be used in the relative path: <span class="command"><strong>%root%</strong></span> and <span class="command"><strong>%temp%</strong></span>. <span class="command"><strong>%root%</strong></span> is replaced at run time with the directory relative to which files should be installed; for example, it may be the server's root directory. The <span class="command"><strong>%temp%</strong></span> directory is created at the beginning of the installation and destroyed at the end. The purpose of <span class="command"><strong>%temp%</strong></span> is to hold executable files (such as setup programs) or files that are used by these programs. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished.</p><p><span class="command"><strong>AbsolutePath</strong></span> specifies the destination directory of the file as an absolute path. </p><p><span class="command"><strong>Executable</strong></span> specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.</p><p><span class="command"><strong>FilePermissions</strong></span> sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.</p><pre class="programlisting"> +user read: 0400 user write: 0200 user execute: 0100 group read: 0040 @@ -219,7 +220,8 @@ group write: 0020 group execute: 0010 other read: 0004 other write: 0002 -other execute: 0001</pre><p>Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. +other execute: 0001 +</pre><p>Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> cert8.db for certificates </p></li><li class="listitem"><p> @@ -236,7 +238,7 @@ BerkleyDB. These new databases provide more accessibility and performance:</p><d </p></li><li class="listitem"><p> pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory </p></li></ul></div><p>Because the SQLite databases are designed to be shared, these are the <span class="emphasis"><em>shared</em></span> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</p><p>By default, the tools (<span class="command"><strong>certutil</strong></span>, <span class="command"><strong>pk12util</strong></span>, <span class="command"><strong>modutil</strong></span>) assume that the given security databases follow the more common legacy type. -Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting">modutil -create -dbdir sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be set added to the <code class="filename">~/.bashrc</code> file to make the change permanent.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> +Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting">modutil -create -dbdir sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be added to the <code class="filename">~/.bashrc</code> file to make the change permanent for the user.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li></ul></div><p>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> https://wiki.mozilla.org/NSS_Shared_DB </p></li></ul></div></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil (1)</p><p>pk12util (1)</p><p>signtool (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> diff --git a/security/nss/doc/html/pk12util.html b/security/nss/doc/html/pk12util.html index 2663bcf..fe516dd 100644 --- a/security/nss/doc/html/pk12util.html +++ b/security/nss/doc/html/pk12util.html @@ -1,13 +1,9 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util â Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code> [-i p12File [-h tokenname] [-v] [common-options] ] [ - -l p12File [-h tokenname] [-r] [common-options] ] [ - -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [common-options] ] [ - -common-options are: -[-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] - ]</p></div></div><div class="refsection"><a name="idm224682436944"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> - </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS#12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS#12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS#12 file.</p></dd></dl></div><p><span class="command"><strong>Argume nts</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificat e and key databases. This option is provided as a special case. - Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-v </span></dt><dd><p>Enable debug logging when importing.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-w p12filePasswordFile</span></dt><dd><p>Specify the text file containing the pkcs #12 file password.</p></dd><dt><span class="term">-W p12filePassword</span></dt><dd><p>Specify the pkcs #12 file password.</p></dd><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the key cert (overall package) encryption algorithm.</p></dd><dt><span cl ass="term">-m | --key-len keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-r</span></dt><dd><p>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</p></dd></dl></div></div><div class="refsection"><a name="return-codes"></a><h2>Return Codes</h2><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> 0 - No error</p></li><li class="listitem"><p> 1 - User Cancelled</p></li><li class="listitem"><p> 2 - Usage error</p></li><li class="listitem"><p> 6 - NLS init error</p></l i><li class="listitem"><p> 8 - Certificate DB open error</p></li><li class="listitem"><p> 9 - Key DB open error</p></li><li class="listitem"><p> 10 - File initialization error</p></li><li class="listitem"><p> 11 - Unicode conversion error</p></li><li class="listitem"><p> 12 - Temporary file creation error</p></li><li class="listitem"><p> 13 - PKCS11 get slot error</p></li><li class="listitem"><p> 14 - PKCS12 decoder start error</p></li><li class="listitem"><p> 15 - error read from import file</p></li><li class="listitem"><p> 16 - pkcs12 decode error</p></li><li class="listitem"><p> 17 - pkcs12 decoder verify error</p></li><li class="listitem"><p> 18 - pkcs12 decoder validate bags error</p></li><li class="listitem"><p> 19 - pkcs12 decoder import bags error</p></li><li class="listitem"><p> 20 - key db conversion version 3 to version 2 error</p></li><li class="listitem"><p> 21 - cert db conversion version 7 to version 5 error</p></li><li class="listitem"><p> 22 - cert and key dbs patch error</p></li><li class="listitem"><p> 23 - get default cert db error</p></li><li class="listitem"><p> 24 - find cert by nickname error</p></li><li class="listitem"><p> 25 - create export context error</p></li><li class="listitem"><p> 26 - PKCS12 add password itegrity error</p></li><li class="listitem"><p> 27 - cert and key Safes creation error</p></li><li class="listitem"><p> 28 - PKCS12 add cert and key error</p></li><li class="listitem"><p> 29 - PKCS12 encode error</p></li></ul></div></div><div class="refsection"><a name="examples"></a><h2>Examples</h2><p><span class="command"><strong>Importing Keys and Certificates</strong></span></p><p>The most basic usage of <span class="command"><strong>pk12util</strong></span> for importing a certificate or key is the PKCS#12 input file (<code class="option">-i</code>) and some way to specify the security database being accessed (either <code class="option">-d</code> for a directory or <code class="option">-h</code> for a token). - </p><pre class="programlisting">pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</pre><p>For example:</p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util â Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code> [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p></div></div><div class="refsecti on"><a name="idm233250345408"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> + </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS#12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS#12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS#12 file.</p></dd></dl></div><p><span class="command"><strong>Argume nts</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the key cert (overall package) encryption algorithm.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old forma t.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-m | --key-len keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificate and key databases. This option is provided as a special case. + Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-r</span></dt><dd><p>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</p></dd><dt><span class="term">-v </span></dt><dd><p>Enable debug logging when importing.</p></dd><dt><span class="term">-w p12filePasswordFile</span></dt><dd><p>Specify the text file containing the pkcs #12 file password.</p></dd><dt><span class="term">-W p12filePassword</span></dt><dd><p>Specify the pkcs #12 file password.</p></dd></dl></div></div><div class="refsection"><a name="return-codes"></a><h2>Return Codes</h2><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> 0 - No error</p></li><li class="listitem"><p> 1 - User Cancelled</p></li><li class="listitem" ><p> 2 - Usage error</p></li><li class="listitem"><p> 6 - NLS init error</p></li><li class="listitem"><p> 8 - Certificate DB open error</p></li><li class="listitem"><p> 9 - Key DB open error</p></li><li class="listitem"><p> 10 - File initialization error</p></li><li class="listitem"><p> 11 - Unicode conversion error</p></li><li class="listitem"><p> 12 - Temporary file creation error</p></li><li class="listitem"><p> 13 - PKCS11 get slot error</p></li><li class="listitem"><p> 14 - PKCS12 decoder start error</p></li><li class="listitem"><p> 15 - error read from import file</p></li><li class="listitem"><p> 16 - pkcs12 decode error</p></li><li class="listitem"><p> 17 - pkcs12 decoder verify error</p></li><li class="listitem"><p> 18 - pkcs12 decoder validate bags error</p></li><li class="listitem"><p> 19 - pkcs12 decoder import bags error</p></li><li class="listitem"><p> 20 - key db conversion version 3 to version 2 error</p></li><li class="listitem"><p> 21 - cert db conversion version 7 to version 5 error</p></li><li class="listitem"><p> 22 - cert and key dbs patch error</p></li><li class="listitem"><p> 23 - get default cert db error</p></li><li class="listitem"><p> 24 - find cert by nickname error</p></li><li class="listitem"><p> 25 - create export context error</p></li><li class="listitem"><p> 26 - PKCS12 add password itegrity error</p></li><li class="listitem"><p> 27 - cert and key Safes creation error</p></li><li class="listitem"><p> 28 - PKCS12 add cert and key error</p></li><li class="listitem"><p> 29 - PKCS12 encode error</p></li></ul></div></div><div class="refsection"><a name="examples"></a><h2>Examples</h2><p><span class="command"><strong>Importing Keys and Certificates</strong></span></p><p>The most basic usage of <span class="command"><strong>pk12util</strong></span> for importing a certificate or key is the PKCS#12 input file (<code class="option">-i</code>) and some way to specify the security database being accessed (either <code class="option">-d</c ode> for a directory or <code class="option">-h</code> for a token). + </p><p> + pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + </p><p>For example:</p><p> </p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, @@ -17,10 +13,10 @@ Enter new password: Re-enter password: Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL</pre><p><span class="command"><strong>Exporting Keys and Certificates</strong></span></p><p>Using the <span class="command"><strong>pk12util</strong></span> command to export certificates and keys requires both the name of the certificate to extract from the database (<code class="option">-n</code>) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material. - </p><pre class="programlisting">pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</pre><p>For example:</p><pre class="programlisting"># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb + </p><p>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p><p>For example:</p><pre class="programlisting"># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb Enter password for PKCS12 file: Re-enter password: </pre><p><span class="command"><strong>Listing Keys and Certificates</strong></span></p><p>The information in a <code class="filename">.p12</code> file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the <code class="filename">.p12</code> file. - </p><pre class="programlisting">pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</pre><p>For example, this prints the default ASCII output:</p><pre class="programlisting"># pk12util -l certs.p12 + </p><p>pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p><p>For example, this prints the default ASCII output:</p><pre class="programlisting"># pk12util -l certs.p12 Enter password for PKCS12 file: Key(shrouded): @@ -39,7 +35,7 @@ Certificate: Issuer: "E=personal-freemail(a)thawte.com,CN=Thawte Personal Freemail C A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T own,ST=Western Cape,C=ZA" -....</pre><p>Alternatively, the <code class="option">-r</code> prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports <code class="filename">.p12</code> files. Each certificate is written to a sequentially-number file, beginning with <code class="filename">file0001.der</code> and continuing through <code class="filename">file000N.der</code>, incrementing the number for every certificate:</p><pre class="programlisting"># pk12util -l test.p12 -r + </pre><p>Alternatively, the <code class="option">-r</code> prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports <code class="filename">.p12</code> files. Each certificate is written to a sequentially-number file, beginning with <code class="filename">file0001.der</code> and continuing through <code class="filename">file000N.der</code>, incrementing the number for every certificate:</p><pre class="programlisting">pk12util -l test.p12 -r Enter password for PKCS12 file: Key(shrouded): Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID @@ -51,7 +47,8 @@ Key(shrouded): Iteration Count: 1 (0x1) Certificate Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting -Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID</pre></div><div class="refsection"><a name="encryption"></a><h2>Password Encryption</h2><p>PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</strong></span> for private key encryption. <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 40 Bit RC4</strong></span> is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.</p><p>The private key is always protected with strong encryption by default.</p><p>Several types of ciphers are supported.</p><div class="variablelist"><dl class="variablelist">< dt><span class="term">Symmetric CBC ciphers for PKCS#5 V2</span></dt><dd><p>DES_CBC</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>RC2-CBC</p></li><li class="listitem"><p>RC5-CBCPad</p></li><li class="listitem"><p>DES-EDE3-CBC (the default for key encryption)</p></li><li class="listitem"><p>AES-128-CBC</p></li><li class="listitem"><p>AES-192-CBC</p></li><li class="listitem"><p>AES-256-CBC</p></li><li class="listitem"><p>CAMELLIA-128-CBC</p></li><li class="listitem"><p>CAMELLIA-192-CBC</p></li><li class="listitem"><p>CAMELLIA-256-CBC</p></li></ul></div></dd><dt><span class="term">PKCS#12 PBE ciphers</span></dt><dd><p>PKCS #12 PBE with Sha1 and 128 Bit RC4</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and Triple DES CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</p></li></ul></div></dd><dt><span class="term">PKCS#5 PBE ciphers</span></dt><dd><p>PKCS #5 Password Based Encryption with MD2 and DES CBC</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #5 Password Based Encryption with MD5 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with SHA1 and DES CBC</p></li></ul></div> </dd></dl></div><p>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <span class="emphasis"><em>no security module can perform the requested operation</em></span>.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. +Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID + </pre></div><div class="refsection"><a name="encryption"></a><h2>Password Encryption</h2><p>PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</strong></span> for private key encryption. <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 40 Bit RC4</strong></span> is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.</p><p>The private key is always protected with strong encryption by default.</p><p>Several types of ciphers are supported.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">Symmetric CBC ciphers for PKCS#5 V2</span></dt><dd><div clas s="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>DES-CBC</p></li><li class="listitem"><p>RC2-CBC</p></li><li class="listitem"><p>RC5-CBCPad</p></li><li class="listitem"><p>DES-EDE3-CBC (the default for key encryption)</p></li><li class="listitem"><p>AES-128-CBC</p></li><li class="listitem"><p>AES-192-CBC</p></li><li class="listitem"><p>AES-256-CBC</p></li><li class="listitem"><p>CAMELLIA-128-CBC</p></li><li class="listitem"><p>CAMELLIA-192-CBC</p></li><li class="listitem"><p>CAMELLIA-256-CBC</p></li></ul></div></dd><dt><span class="term">PKCS#12 PBE ciphers</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and Triple DES CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</p>< /li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</p></li></ul></div></dd><dt><span class="term">PKCS#5 PBE ciphers</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #5 Password Based Encryption with MD2 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with MD5 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with SHA1 and DES CBC</p></li></ul></div></dd ></dl></div><p>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <span class="emphasis"><em>no security module can perform the requested operation</em></span>.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> cert8.db for certificates </p></li><li class="listitem"><p> diff --git a/security/nss/doc/html/pp.html b/security/nss/doc/html/pp.html index 5b2e234..4407ef7 100644 --- a/security/nss/doc/html/pp.html +++ b/security/nss/doc/html/pp.html @@ -1,7 +1,7 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PP</th></tr></table><hr></div><div class="refentry"><a name="pp"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pp â Prints certificates, keys, crls, and pkcs7 files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pp -t type [-a] [-i input] [-o output]</code> </p></div></div><div class="refsection"><a name="idm224681757664"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477 " target="_top">Mozilla NSS bug 836477</a> - </p></div><div class="refsection"><a name="idm224678000880"></a><h2>Description</h2><p><span class="command"><strong>pp </strong></span>pretty-prints private and public key, certificate, certificate-request, +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PP</th></tr></table><hr></div><div class="refentry"><a name="pp"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pp â Prints certificates, keys, crls, and pkcs7 files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pp -t type [-a] [-i input] [-o output]</code> </p></div></div><div class="refsection"><a name="idm233254308544"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477 " target="_top">Mozilla NSS bug 836477</a> + </p></div><div class="refsection"><a name="idm233250605968"></a><h2>Description</h2><p><span class="command"><strong>pp </strong></span>pretty-prints private and public key, certificate, certificate-request, pkcs7 or crl files - </p></div><div class="refsection"><a name="idm224677998992"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-t </code> <em class="replaceable"><code>type</code></em></span></dt><dd><p class="simpara">specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}</p><p class="simpara"></p></dd><dt><span class="term"><code class="option">-a </code></span></dt><dd>Input is in ascii encoded form (RFC1113)</dd><dt><span class="term"><code class="option">-i </code> <em class="replaceable"><code>inputfile</code></em></span></dt><dd>Define an input file to use (default is stdin)</dd><dt><span class="term"><code class="option">-u </code> <em class="replaceable"><code>outputfile</code></em></span></dt><dd>Define an output file to use (default is stdout)</dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>NSS is maintained in conjunctio n with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at <a class="ulink" href="http://pki.fedoraproject.org/wiki/" target="_top">PKI Wiki</a>. </p><p>For information specifically about NSS, the NSS project wiki is located at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">Mozilla NSS site</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: pki-devel(a)redhat.com and pki-users(a)redhat.com</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p> + </p></div><div class="refsection"><a name="idm233250603984"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-t </code> <em class="replaceable"><code>type</code></em></span></dt><dd><p class="simpara">specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}</p><p class="simpara"></p></dd><dt><span class="term"><code class="option">-a </code></span></dt><dd>Input is in ascii encoded form (RFC1113)</dd><dt><span class="term"><code class="option">-i </code> <em class="replaceable"><code>inputfile</code></em></span></dt><dd>Define an input file to use (default is stdin)</dd><dt><span class="term"><code class="option">-u </code> <em class="replaceable"><code>outputfile</code></em></span></dt><dd>Define an output file to use (default is stdout)</dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>NSS is maintained in conjunctio n with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at <a class="ulink" href="http://pki.fedoraproject.org/wiki/" target="_top">PKI Wiki</a>. </p><p>For information specifically about NSS, the NSS project wiki is located at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">Mozilla NSS site</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: pki-devel(a)redhat.com and pki-users(a)redhat.com</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p> Authors: Elio Maldonado <emaldona(a)redhat.com>, Deon Lackey <dlackey(a)redhat.com>. </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. </p></div></div><div class="navfooter"><hr></div></body></html> diff --git a/security/nss/doc/html/signtool.html b/security/nss/doc/html/signtool.html index 1e33a47..84568e1 100644 --- a/security/nss/doc/html/signtool.html +++ b/security/nss/doc/html/signtool.html @@ -1,4 +1,4 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>signtool</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="signtool"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">signtool</th></tr></table><hr></div><div class="refentry"><a name="signtool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>signtool â Digitally sign objects and files.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">signtool</code> [-k keyName] [[-h]] [[-H]] [[-l]] [[-L]] [[-M]] [[-v]] [[-w]] [[-G nickname]] [[--keysize | -s size]] [[-b basename]] [[-c Compression Level] ] [[-d cert-dir] ] [[-i installer script] ] [[-m metafile] ] [[-x name] ] [[-f filename] ] [[-t|--token tokenname] ] [[-e e xtension] ] [[-o] ] [[-z] ] [[-X] ] [[--outfile] ] [[--verbose value] ] [[--norecurse] ] [[--leavearc] ] [[-j directory] ] [[-Z jarfile] ] [[-O] ] [[-p password] ] [directory-tree] [archive]</p></div></div><div class="refsection"><a name="idm224666150896"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>signtool</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="signtool"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">signtool</th></tr></table><hr></div><div class="refentry"><a name="signtool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>signtool â Digitally sign objects and files.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">signtool</code> [[-b basename]] [[-c Compression Level] ] [[-d cert-dir] ] [[-e extension] ] [[-f filename] ] [[-i installer script] ] [[-h]] [[-H]] [[-v]] [[-w]] [[-G nickname]] [[-J]] [[-j directory] ] [-k keyName] [[--keysize | -s size]] [[-l]] [[-L]] [[-M]] [[-m metafile] ] [[ --norecurse] ] [[-O] ] [[-o] ] [[--outfile] ] [[-p password] ] [[-t|--token tokenname] ] [[-z] ] [[-X] ] [[-x name] ] [[--verbose value] ] [[--leavearc] ] [[-Z jarfile] ] [directory-tree] [archive]</p></div></div><div class="refsection"><a name="idm233257546416"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Signing Tool, <span class="command"><strong>signtool</strong></span>, creates digital signatures and uses a Java Archive (JAR) file to associate the signatures with files in a directory. Electronic software distribution over any network involves potential security problems. To help address some of these problems, you can associate digital signatures with the files in a JAR archive. Digital signatures allow SSL-enabled clients to perform two important operations:</p><p>* Confirm the identity of the individual, company, or other entity whose digital signature is associated with the files</p><p>* Check whether the files have been tampered with since being signed</p><p>If you have a signing certificate, you can use Netscape Signing Tool to digitally sign files and package them as a JAR file. An object-signing certificate is a special kind of certificate that allows you to associate your digital si gnature with one or more files.</p><p>An individual file can potentially be signed with multiple digital signatures. For example, a commercial software developer might sign the files that constitute a software product to prove that the files are indeed from a particular company. A network administrator manager might sign the same files with an additional digital signature based on a company-generated certificate to indicate that the product is approved for use within the company.</p><p>The significance of a digital signature is comparable to the significance of a handwritten signature. Once you have signed a file, it is difficult to claim later that you didn't sign it. In some situations, a digital signature may be considered as legally binding as a handwritten signature. Therefore, you should take great care to ensure that you can stand behind any file you sign and distribute.</p><p>For example, if you are a software developer, you should test your code to make sure it is virus-fre e before signing it. Similarly, if you are a network administrator, you should make sure, before signing any code, that it comes from a reliable source and will run correctly with the software installed on the machines to which you are distributing it.</p><p>Before you can use Netscape Signing Tool to sign files, you must have an object-signing certificate, which is a special certificate whose associated private key is used to create digital signatures. For testing purposes only, you can create an object-signing certificate with Netscape Signing Tool 1.3. When testing is finished and you are ready to disitribute your software, you should obtain an object-signing certificate from one of two kinds of sources:</p><p>* An independent certificate authority (CA) that authenticates your identity and charges you a fee. You typically get a certificate from an independent CA if you want to sign software that will be distributed over the Internet.</p><p>* CA server software running on your cor porate intranet or extranet. Netscape Certificate Management System provides a complete management solution for creating, deploying, and managing certificates, including CAs that issue object-signing certificates.</p><p>You must also have a certificate for the CA that issues your signing certificate before you can sign files. If the certificate authority's certificate isn't already installed in your copy of Communicator, you typically install it by clicking the appropriate link on the certificate authority's web site, for example on the page from which you initiated enrollment for your signing certificate. This is the case for some test certificates, as well as certificates issued by Netscape Certificate Management System: you must download the the CA certificate in addition to obtaining your own signing certificate. CA certificates for several certificate authorities are preinstalled in the Communicator certificate database.</p><p>When you receive an object-signing certificate for your own use, it is automatically installed in your copy of the Communicator client software. Communicator supports the public-key cryptography standard known as PKCS #12, which governs key portability. You can, for example, move an object-signing certificate and its associated private key from one computer to another on a credit-card-sized device called a smart card.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-b basename</span></dt><dd><p>Specifies the base filename for the .rsa and .sf files in the META-INF directory to conform with the JAR format. For example, <span class="emphasis"><em>-b signatures</em></span> causes the files to be named signatures.rsa and signatures.sf. The default is signtool.</p></dd><dt><span class="term">-c#</span></dt><dd><p> Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes. @@ -11,18 +11,6 @@ The Unix version of signtool assumes ~/.netscape unless told otherwise. The NT v Tells signtool to sign only files with the given extension; for example, use -e".class" to sign only Java class files. Note that with Netscape Signing Tool version 1.1 and later this option can appear multiple times on one command line, making it possible to specify multiple file types or classes to include. </p></dd><dt><span class="term">-f commandfile</span></dt><dd><p> Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format. All options and arguments can be expressed through this file. For more information about the syntax used with this file, see "Tips and Techniques". -</p></dd><dt><span class="term">-i scriptname</span></dt><dd><p> - Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. -</p></dd><dt><span class="term">-j directory</span></dt><dd><p> - Specifies a special JavaScript directory. This option causes the specified directory to be signed and tags its entries as inline JavaScript. This special type of entry does not have to appear in the JAR file itself. Instead, it is located in the HTML page containing the inline scripts. When you use signtool -v, these entries are displayed with the string NOT PRESENT. -</p></dd><dt><span class="term">-k key ... directory</span></dt><dd><p> - Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory. The directory to sign is always specified as the last command-line argument. Thus, it is possible to write - -signtool -k MyCert -d . signdir - -You may have trouble if the nickname contains a single quotation mark. To avoid problems, escape the quotation mark using the escape conventions for your platform. - -It's also possible to use the -k option without signing any files or specifying a directory. For example, you can use it with the -l option to get detailed information about a particular signing certificate. </p></dd><dt><span class="term">-G nickname</span></dt><dd><p> Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. @@ -30,19 +18,31 @@ The newly generated keys and certificate are installed into the key and certific Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. -The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. For more information about the use of the -G option, see "Generating Test Object-Signing Certificates""Generating Test Object-Signing Certificates" on page 1241. -</p></dd><dt><span class="term">-l</span></dt><dd><p> - Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate. - -The -l option is available in Netscape Signing Tool 1.0 and later versions only. -</p></dd><dt><span class="term">-J</span></dt><dd><p> - Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. +The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. + </p></dd><dt><span class="term">-i scriptname</span></dt><dd><p> +Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. + </p></dd><dt><span class="term">-J</span></dt><dd><p> +Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. If the -c# option is not used with the -J option, the default compression value is 6. Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages. + </p></dd><dt><span class="term">-j directory</span></dt><dd><p> + Specifies a special JavaScript directory. This option causes the specified directory to be signed and tags its entries as inline JavaScript. This special type of entry does not have to appear in the JAR file itself. Instead, it is located in the HTML page containing the inline scripts. When you use signtool -v, these entries are displayed with the string NOT PRESENT. +</p></dd><dt><span class="term">-k key ... directory</span></dt><dd><p> + Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory. The directory to sign is always specified as the last command-line argument. Thus, it is possible to write + +signtool -k MyCert -d . signdir + +You may have trouble if the nickname contains a single quotation mark. To avoid problems, escape the quotation mark using the escape conventions for your platform. + +It's also possible to use the -k option without signing any files or specifying a directory. For example, you can use it with the -l option to get detailed information about a particular signing certificate. +</p></dd><dt><span class="term">-l</span></dt><dd><p> + Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate. + +The -l option is available in Netscape Signing Tool 1.0 and later versions only. </p></dd><dt><span class="term">-L</span></dt><dd><p> Lists the certificates in your database. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool. </p></dd><dt><span class="term">--leavearc</span></dt><dd><p> diff --git a/security/nss/doc/html/signver.html b/security/nss/doc/html/signver.html index 4e6573d..ade57de 100644 --- a/security/nss/doc/html/signver.html +++ b/security/nss/doc/html/signver.html @@ -1,7 +1,7 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SIGNVER</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="SIGNVER"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SIGNVER</th></tr></table><hr></div><div class="refentry"><a name="signver"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>signver â Verify a detached PKCS#7 signature for a file.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">signtool</code> -A | -V -d <em class="replaceable"><code>directory</code></em> [-a] [-i <em class="replaceable"><code>input_file</code></em>] [-o <em class="replaceable"><code>output_file</code></em>] [-s <em class="replaceable"><code>signature_file</code></em>] [ -v]</p></div></div><div class="refsection"><a name="idm224680848704"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> - </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Signature Verification Tool, <span class="command"><strong>signver</strong></span>, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A</span></dt><dd><p>Displays all of the information in the PKCS#7 signature.</p></dd><dt><span class="term">-V</span></dt><dd><p>Verifies the digital signature.</p></dd><dt><span class="term">-d [sql:]<span class="emphasis"><em>directory</em></span></span></dt><dd><p>Specify the database directory which contains the certificates and keys.</p><p><span class="command"><strong>signver</strong></span> supports two types of database s: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-a</span></dt><dd><p>Sets that the given signature file is in ASCII format.</p></dd><dt><span class="term">-i <span class="emphasis"><em>input_file</em></span></span></dt><dd><p>Gives the input file for the object with signed data.</p></dd><dt><span class="term">-o <span class="emphasis"><em>output_file</em></span></span></dt><dd><p>Gives the output file to which to write the results.</p></dd><dt><span class="term">-s <span class="emphasis"><em>signature_file</em></span></span></dt><dd><p>Gives the inpu t file for the digital signature.</p></dd><dt><span class="term">-v</span></dt><dd><p>Enables verbose output.</p></dd></dl></div></div><div class="refsection"><a name="examples"></a><h2>Extended Examples</h2><div class="refsection"><a name="idm224681951616"></a><h3>Verifying a Signature</h3><p>The <code class="option">-V</code> option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).</p><pre class="programlisting">signver -V -s <em class="replaceable"><code>signature_file</code></em> -i <em class="replaceable"><code>signed_file</code></em> -d sql:/home/my/sharednssdb +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SIGNVER</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="SIGNVER"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SIGNVER</th></tr></table><hr></div><div class="refentry"><a name="signver"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>signver â Verify a detached PKCS#7 signature for a file.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">signtool</code> -A | -V -d <em class="replaceable"><code>directory</code></em> [-a] [-i <em class="replaceable"><code>input_file</code></em>] [-o <em class="replaceable"><code>output_file</code></em>] [-s <em class="replaceable"><code>signature_file</code></em>] [ -v]</p></div></div><div class="refsection"><a name="idm233257229808"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> + </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Signature Verification Tool, <span class="command"><strong>signver</strong></span>, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A</span></dt><dd><p>Displays all of the information in the PKCS#7 signature.</p></dd><dt><span class="term">-V</span></dt><dd><p>Verifies the digital signature.</p></dd><dt><span class="term">-d [sql:]<span class="emphasis"><em>directory</em></span></span></dt><dd><p>Specify the database directory which contains the certificates and keys.</p><p><span class="command"><strong>signver</strong></span> supports two types of database s: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-a</span></dt><dd><p>Sets that the given signature file is in ASCII format.</p></dd><dt><span class="term">-i <span class="emphasis"><em>input_file</em></span></span></dt><dd><p>Gives the input file for the object with signed data.</p></dd><dt><span class="term">-o <span class="emphasis"><em>output_file</em></span></span></dt><dd><p>Gives the output file to which to write the results.</p></dd><dt><span class="term">-s <span class="emphasis"><em>signature_file</em></span></span></dt><dd><p>Gives the inpu t file for the digital signature.</p></dd><dt><span class="term">-v</span></dt><dd><p>Enables verbose output.</p></dd></dl></div></div><div class="refsection"><a name="examples"></a><h2>Extended Examples</h2><div class="refsection"><a name="idm233261091008"></a><h3>Verifying a Signature</h3><p>The <code class="option">-V</code> option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).</p><pre class="programlisting">signver -V -s <em class="replaceable"><code>signature_file</code></em> -i <em class="replaceable"><code>signed_file</code></em> -d sql:/home/my/sharednssdb -signatureValid=yes</pre></div><div class="refsection"><a name="idm224679496656"></a><h3>Printing Signature Data</h3><p> +signatureValid=yes</pre></div><div class="refsection"><a name="idm233261087840"></a><h3>Printing Signature Data</h3><p> The <code class="option">-A</code> option prints all of the information contained in a signature file. Using the <code class="option">-o</code> option prints the signature file information to the given output file rather than stdout. </p><pre class="programlisting">signver -A -s <em class="replaceable"><code>signature_file</code></em> -o <em class="replaceable"><code>output_file</code></em></pre></div></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> @@ -20,7 +20,7 @@ BerkleyDB. These new databases provide more accessibility and performance:</p><d </p></li><li class="listitem"><p> pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory </p></li></ul></div><p>Because the SQLite databases are designed to be shared, these are the <span class="emphasis"><em>shared</em></span> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</p><p>By default, the tools (<span class="command"><strong>certutil</strong></span>, <span class="command"><strong>pk12util</strong></span>, <span class="command"><strong>modutil</strong></span>) assume that the given security databases follow the more common legacy type. -Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting"># signver -A -s <em class="replaceable"><code>signature</code></em> -d sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be set added to the <code class="filename">~/.bashrc</code> file to make the change permanent.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem "><p> +Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting"># signver -A -s <em class="replaceable"><code>signature</code></em> -d sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be added to the <code class="filename">~/.bashrc</code> file to make the change permanent for the user.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class= "listitem"><p> https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li></ul></div><p>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> https://wiki.mozilla.org/NSS_Shared_DB </p></li></ul></div></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>signtool (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>Setting up the shared NSS database</p><p>https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li><li class="listitem"><p> diff --git a/security/nss/doc/html/ssltap.html b/security/nss/doc/html/ssltap.html index 61b701a..e69b375 100644 --- a/security/nss/doc/html/ssltap.html +++ b/security/nss/doc/html/ssltap.html @@ -1,18 +1,9 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SSLTAP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="SSLTAP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SSLTAP</th></tr></table><hr></div><div class="refentry"><a name="ssltap"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ssltap â Tap into SSL connections and display the data going by </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">libssltap</code> [-vhfsxl] [-p port] [hostname:port]</p></div></div><div class="refsection"><a name="idm224680842512"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla. mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> - </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The SSL Debugging Tool <span class="command"><strong>ssltap</strong></span> is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-v </span></dt><dd><p>Print a version string for the tool.</p></dd><dt><span class="term">-h </span></dt><dd><p> -Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. - </p></dd><dt><span class="term">-f </span></dt><dd><p> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SSLTAP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="SSLTAP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SSLTAP</th></tr></table><hr></div><div class="refentry"><a name="ssltap"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ssltap â Tap into SSL connections and display the data going by </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ssltap</code> [-fhlsvx] [-p port] [hostname:port]</p></div></div><div class="refsection"><a name="idm233258230400"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.moz illa.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> + </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The SSL Debugging Tool <span class="command"><strong>ssltap</strong></span> is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-f </span></dt><dd><p> Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. - </p></dd><dt><span class="term">-s </span></dt><dd><p> -Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. - </p><p> -If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. - </p><p> -If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. - </p></dd><dt><span class="term">-x </span></dt><dd><p> -Turn on hex/ASCII printing of undecoded data inside parsed SSL records. Used only with the -s option. -This option uses the same output format as the -h option. - </p></dd><dt><span class="term">-l prefix</span></dt><dd><p> + </p></dd><dt><span class="term">-h </span></dt><dd><p> +Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. + </p></dd><dt><span class="term">-l prefix</span></dt><dd><p> Turn on looping; that is, continue to accept connections rather than stopping after the first connection is complete. </p></dd><dt><span class="term">-p port</span></dt><dd><p>Change the default rendezvous port (1924) to another port.</p><p>The following are well-known port numbers:</p><p> * HTTP 80 @@ -30,7 +21,13 @@ Turn on looping; that is, continue to accept connections rather than stopping af * NNTP 119 </p><p> * NNTPS 563 (NNTP over SSL) - </p></dd></dl></div></div><div class="refsection"><a name="basic-usage"></a><h2>Usage and Examples</h2><p> + </p></dd><dt><span class="term">-s </span></dt><dd><p> +Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. + </p><p> +If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. + </p><p> +If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. + </p></dd><dt><span class="term">-v </span></dt><dd><p>Print a version string for the tool.</p></dd><dt><span class="term">-x </span></dt><dd><p>Turn on extra SSL hex dumps.</p></dd></dl></div></div><div class="refsection"><a name="basic-usage"></a><h2>Usage and Examples</h2><p> You can use the SSL Debugging Tool to intercept any connection information. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful. For example, assume your development machine is called intercept. The simplest way to use the debugging tool is to execute the following command from a command shell: </p><pre class="programlisting">$ ssltap www.netscape.com</pre><p> The program waits for an incoming connection on the default port 1924. In your browser window, enter the URL http://intercept:1924. The browser retrieves the requested page from the server at www.netscape.com, but the page is intercepted and passed on to the browser by the debugging tool on intercept. On its way to the browser, the data is printed to the command shell from which you issued the command. Data sent from the client to the server is surrounded by the following symbols: --> [ data ] Data sent from the server to the client is surrounded by the following symbols: diff --git a/security/nss/doc/html/vfychain.html b/security/nss/doc/html/vfychain.html index 49ee65f..a360836 100644 --- a/security/nss/doc/html/vfychain.html +++ b/security/nss/doc/html/vfychain.html @@ -1,4 +1,4 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYCHAIN</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYCHAIN"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYCHAIN</th></tr></table><hr></div><div class="refentry"><a name="vfychain"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfychain â vfychain [options] [revocation options] certfile [[options] certfile] ...</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfychain</code> </p></div></div><div class="refsection"><a name="idm224658292400"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla. org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYCHAIN</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYCHAIN"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYCHAIN</th></tr></table><hr></div><div class="refentry"><a name="vfychain"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfychain â vfychain [options] [revocation options] certfile [[options] certfile] ...</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfychain</code> </p></div></div><div class="refsection"><a name="idm233261246224"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla. org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The verification Tool, <span class="command"><strong>vfychain</strong></span>, verifies certificate chains. <span class="command"><strong>modutil</strong></span> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</p><p>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-a</code></span></dt><dd>the following certfile is base64 encoded</dd><dt><span class="term"><c ode class="option">-b </code> <em class="replaceable"><code>YYMMDDHHMMZ</code></em></span></dt><dd>Validate date (default: now)</dd><dt><span class="term"><code class="option">-d </code> <em class="replaceable"><code>directory</code></em></span></dt><dd>database directory</dd><dt><span class="term"><code class="option">-f </code> </span></dt><dd>Enable cert fetching from AIA URL</dd><dt><span class="term"><code class="option">-o </code> <em class="replaceable"><code>oid</code></em></span></dt><dd>Set policy OID for cert validation(Format OID.1.2.3)</dd><dt><span class="term"><code class="option">-p </code></span></dt><dd><p class="simpara">Use PKIX Library to validate certificate by calling:</p><p class="simpara"> * CERT_VerifyCertificate if specified once,</p><p class="simpara"> * CERT_PKIXVerifyCert if specified twice and more.</p></dd><dt><span class="term"><code class="option">-r </code></span></dt><dd>Following certfile is raw binary DER (default)</dd><dt><span class="ter m"><code class="option">-t</code></span></dt><dd>Following cert is explicitly trusted (overrides db trust)</dd><dt><span class="term"><code class="option">-u </code> <em class="replaceable"><code>usage</code></em></span></dt><dd><p> 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, diff --git a/security/nss/doc/html/vfyserv.html b/security/nss/doc/html/vfyserv.html index 58e227a..dec6dcb 100644 --- a/security/nss/doc/html/vfyserv.html +++ b/security/nss/doc/html/vfyserv.html @@ -1,4 +1,4 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYSERV</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYSERV"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYSERV</th></tr></table><hr></div><div class="refentry"><a name="vfyserv"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfyserv â TBD</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfyserv</code> </p></div></div><div class="refsection"><a name="idm224662974480"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYSERV</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYSERV"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYSERV</th></tr></table><hr></div><div class="refentry"><a name="vfyserv"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfyserv â TBD</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfyserv</code> </p></div></div><div class="refsection"><a name="idm233266435200"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a> </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The <span class="command"><strong>vfyserv </strong></span> tool verifies a certificate chain</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option"></code> <em class="replaceable"><code></code></em></span></dt><dd><p class="simpara"></p><p class="simpara"></p></dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class= "refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p> Authors: Elio Maldonado <emaldona(a)redhat.com>, Deon Lackey <dlackey(a)redhat.com>. </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/doc/modutil.xml b/security/nss/doc/modutil.xml index 24b24e6..142aa69 100644 --- a/security/nss/doc/modutil.xml +++ b/security/nss/doc/modutil.xml @@ -86,7 +86,7 @@ <varlistentry> <term>-disable modulename</term> - <listitem><para>Disable all slots on the named module. Use the <option>-slot</option> argument to disable a specific slot.</para></listitem> + <listitem><para>Disable all slots on the named module. Use the <option>-slot</option> argument to disable a specific slot.</para><para>The internal NSS PKCS #11 module cannot be disabled.</para></listitem> </varlistentry> <varlistentry> @@ -625,7 +625,8 @@ DISABLE: 0x40000000</programlisting> <para><command>Executable</command> specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.</para> <para><command>FilePermissions</command> sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.</para> -<programlisting>user read: 0400 +<programlisting> +user read: 0400 user write: 0200 user execute: 0100 group read: 0040 @@ -633,7 +634,8 @@ group write: 0020 group execute: 0010 other read: 0004 other write: 0002 -other execute: 0001</programlisting> +other execute: 0001 +</programlisting> <para>Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.</para> </refsection> @@ -693,7 +695,7 @@ Using the SQLite databases must be manually specified by using the <command>sql: <para>To set the shared database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>sql</envar>:</para> <programlisting>export NSS_DEFAULT_DB_TYPE="sql"</programlisting> -<para>This line can be set added to the <filename>~/.bashrc</filename> file to make the change permanent.</para> +<para>This line can be added to the <filename>~/.bashrc</filename> file to make the change permanent for the user.</para> <para>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</para> <itemizedlist> diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index 00746cd..1d7f247 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -229,7 +229,8 @@ NSS recognizes the following prefixes: .sp -1 .IP \(bu 2.3 .\} -\fBsql: requests the newer database\fR +\fBsql:\fR +requests the newer database .RE .sp .RS 4 @@ -240,10 +241,13 @@ NSS recognizes the following prefixes: .sp -1 .IP \(bu 2.3 .\} -\fBdbm: requests the legacy database\fR +\fBdbm:\fR +requests the legacy database .RE .sp -If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE\&. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default\&. +If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE\&. If NSS_DEFAULT_DB_TYPE is not set then +\fBdbm:\fR +is the default\&. .RE .PP \-e @@ -263,7 +267,7 @@ Specify a file that will automatically supply the password to include in a certi .PP \-g keysize .RS 4 -Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 8192 bits\&. The default is 1024 bits\&. Any size between the minimum and maximum is allowed\&. +Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 16384 bits\&. The default is 1024 bits\&. Any size between the minimum and maximum is allowed\&. .RE .PP \-h tokenname @@ -414,7 +418,7 @@ for each trust setting\&. In each category position, use none, any, or all of th .sp The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks\&. For example: .sp -\fB\-t "TCu,Cu,Tuw"\fR +\fB\-t "TCu,Cu,Tu"\fR .sp Use the \-L option to see a list of the current certificates and trust attributes in a certificate database\&. .RE @@ -543,7 +547,7 @@ Set a site security officer password on a token\&. .PP \-1 | \-\-keyUsage keyword,keyword .RS 4 -Set a Netscape Certificate Type Extension in the certificate\&. There are several available keywords: +Set an X\&.509 V3 Certificate Type Extension in the certificate\&. There are several available keywords: .sp .RS 4 .ie n \{\ @@ -553,7 +557,7 @@ Set a Netscape Certificate Type Extension in the certificate\&. There are severa .sp -1 .IP \(bu 2.3 .\} -digital signature +digitalSignature .RE .sp .RS 4 @@ -661,7 +665,7 @@ X\&.509 certificate extensions are described in RFC 5280\&. .PP \-5 | \-\-nsCertType keyword,keyword .RS 4 -Add a Netscape certificate type extension to a certificate that is being created or added to the database\&. There are several available keywords: +Add an X\&.509 V3 certificate type extension to a certificate that is being created or added to the database\&. There are several available keywords: .sp .RS 4 .ie n \{\ diff --git a/security/nss/doc/nroff/cmsutil.1 b/security/nss/doc/nroff/cmsutil.1 index 2093d67..9c0bb48 100644 --- a/security/nss/doc/nroff/cmsutil.1 +++ b/security/nss/doc/nroff/cmsutil.1 @@ -2,12 +2,12 @@ .\" Title: CMSUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 19 July 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CMSUTIL" "1" "19 July 2013" "nss-tools" "NSS Security Tools" +.TH "CMSUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -50,14 +50,14 @@ To run cmsutil, type the command cmsutil option [arguments] where option and arg .PP Options specify an action\&. Option arguments modify an action\&. The options and arguments for the cmsutil command are defined as follows: .PP -\-D +\-C .RS 4 -Decode a message\&. +Encrypt a message\&. .RE .PP -\-C +\-D .RS 4 -Encrypt a message\&. +Decode a message\&. .RE .PP \-E @@ -247,11 +247,6 @@ cmsutil \-S [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-N nickname[\ .SH "SEE ALSO" .PP certutil(1) -.SH "SEE ALSO" -.PP -.PP -.PP -.PP .SH "ADDITIONAL RESOURCES" .PP For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at diff --git a/security/nss/doc/nroff/crlutil.1 b/security/nss/doc/nroff/crlutil.1 index 3e2c3ee..866bded 100644 --- a/security/nss/doc/nroff/crlutil.1 +++ b/security/nss/doc/nroff/crlutil.1 @@ -2,12 +2,12 @@ .\" Title: CRLUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 19 July 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CRLUTIL" "1" "19 July 2013" "nss-tools" "NSS Security Tools" +.TH "CRLUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -57,34 +57,29 @@ where options and arguments are combinations of the options and arguments listed .PP Options specify an action\&. Option arguments modify an action\&. The options and arguments for the crlutil command are defined as follows: .PP -\-G -.RS 4 -Create new Certificate Revocation List(CRL)\&. -.RE -.PP \-D .RS 4 Delete Certificate Revocation List from cert database\&. .RE .PP -\-I +\-E .RS 4 -Import a CRL to the cert database +Erase all CRLs of specified type from the cert database .RE .PP -\-E +\-G .RS 4 -Erase all CRLs of specified type from the cert database +Create new Certificate Revocation List (CRL)\&. .RE .PP -\-L +\-I .RS 4 -List existing CRL located in cert database file\&. +Import a CRL to the cert database .RE .PP -\-S +\-L .RS 4 -Show contents of a CRL file which isn\*(Aqt stored in the database\&. +List existing CRL located in cert database file\&. .RE .PP \-M @@ -92,27 +87,23 @@ Show contents of a CRL file which isn\*(Aqt stored in the database\&. Modify existing CRL which can be located in cert db or in arbitrary file\&. If located in file it should be encoded in ASN\&.1 encode format\&. .RE .PP -\-G +\-S .RS 4 +Show contents of a CRL file which isn\*(Aqt stored in the database\&. .RE .PP \fBArguments\fR .PP -Option arguments modify an action and are lowercase\&. -.PP -\-B -.RS 4 -Bypass CA signature checks\&. -.RE +Option arguments modify an action\&. .PP -\-P dbprefix +\-a .RS 4 -Specify the prefix used on the NSS security database files (for example, my_cert8\&.db and my_key3\&.db)\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. +Use ASCII format or allow the use of ASCII format for input and output\&. This formatting follows RFC #1113\&. .RE .PP -\-a +\-B .RS 4 -Use ASCII format or allow the use of ASCII format for input and output\&. This formatting follows RFC #1113\&. +Bypass CA signature checks\&. .RE .PP \-c crl\-gen\-file @@ -127,14 +118,14 @@ Specify the database directory containing the certificate and key database files The NSS database files must reside in the same directory\&. .RE .PP -\-i crl\-file +\-f password\-file .RS 4 -Specify the file which contains the CRL to import or show\&. +Specify a file that will automatically supply the password to include in a certificate or to access a certificate database\&. This is a plain\-text file containing one password\&. Be sure to prevent unauthorized access to this file\&. .RE .PP -\-f password\-file +\-i crl\-file .RS 4 -Specify a file that will automatically supply the password to include in a certificate or to access a certificate database\&. This is a plain\-text file containing one password\&. Be sure to prevent unauthorized access to this file\&. +Specify the file which contains the CRL to import or show\&. .RE .PP \-l algorithm\-name @@ -152,6 +143,11 @@ Specify the nickname of a certificate or key to list, create, add to a database, Specify the output file name for new CRL\&. Bracket the output\-file string with quotation marks if it contains spaces\&. If this argument is not used the output destination defaults to standard output\&. .RE .PP +\-P dbprefix +.RS 4 +Specify the prefix used on the NSS security database files (for example, my_cert8\&.db and my_key3\&.db)\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. +.RE +.PP \-t crl\-type .RS 4 Specify type of CRL\&. possible types are: 0 \- SEC_KRL_TYPE, 1 \- SEC_CRL_TYPE\&. This option is obsolete @@ -369,11 +365,6 @@ crlutil \-G|\-M \-c crl\-gen\-file \-n nickname [\-i crl] [\-u url] [\-d keydir] .SH "SEE ALSO" .PP certutil(1) -.SH "SEE ALSO" -.PP -.PP -.PP -.PP .SH "ADDITIONAL RESOURCES" .PP For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at diff --git a/security/nss/doc/nroff/modutil.1 b/security/nss/doc/nroff/modutil.1 index 09cd45d..1ce9ab2 100644 --- a/security/nss/doc/nroff/modutil.1 +++ b/security/nss/doc/nroff/modutil.1 @@ -1,13 +1,13 @@ '\" t .\" Title: MODUTIL .\" Author: [see the "Authors" section] -.\" Generator: DocBook XSL Stylesheets v1.77.1 <http://docbook.sf.net/> -.\" Date: 15 February 2013 +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "MODUTIL" "1" "15 February 2013" "nss-tools" "NSS Security Tools" +.TH "MODUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -109,6 +109,8 @@ Delete the named module\&. The default NSS PKCS #11 module cannot be deleted\&. Disable all slots on the named module\&. Use the \fB\-slot\fR argument to disable a specific slot\&. +.sp +The internal NSS PKCS #11 module cannot be disabled\&. .RE .PP \-enable modulename @@ -1248,7 +1250,7 @@ group write: 0020 group execute: 0010 other read: 0004 other write: 0002 -other execute: 0001 +other execute: 0001 .fi .if n \{\ .RE @@ -1366,9 +1368,9 @@ export NSS_DEFAULT_DB_TYPE="sql" .RE .\} .PP -This line can be set added to the +This line can be added to the ~/\&.bashrc -file to make the change permanent\&. +file to make the change permanent for the user\&. .PP Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: .sp @@ -1436,12 +1438,12 @@ Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto IRC: Freenode at #dogtag\-pki .SH "AUTHORS" .PP -The NSS tools were written and maintained by developers with Netscape, Red Hat, and Sun\&. +The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&. .PP Authors: Elio Maldonado <emaldona(a)redhat\&.com>, Deon Lackey <dlackey(a)redhat\&.com>\&. .SH "LICENSE" .PP -Licensed under the Mozilla Public License, version 1\&.1, and/or the GNU General Public License, version 2 or later, and/or the GNU Lesser General Public License, version 2\&.1 or later\&. +Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&. .SH "NOTES" .IP " 1." 4 Mozilla NSS bug 836477 diff --git a/security/nss/doc/nroff/pk12util.1 b/security/nss/doc/nroff/pk12util.1 index 55ae2e6..c4fa972 100644 --- a/security/nss/doc/nroff/pk12util.1 +++ b/security/nss/doc/nroff/pk12util.1 @@ -2,12 +2,12 @@ .\" Title: PK12UTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "PK12UTIL" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "PK12UTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -31,7 +31,7 @@ pk12util \- Export and import keys and certificate to or from a PKCS #12 file and the NSS database .SH "SYNOPSIS" .HP \w'\fBpk12util\fR\ 'u -\fBpk12util\fR [\-i\ p12File\ [\-h\ tokenname]\ [\-v]\ [common\-options]] [\-l\ p12File\ [\-h\ tokenname]\ [\-r]\ [common\-options]] [\-o\ p12File\ \-n\ certname\ [\-c\ keyCipher]\ [\-C\ certCipher]\ [\-m|\-\-key_len\ keyLen]\ [\-n|\-\-cert_key_len\ certKeyLen]\ [common\-options]] [common\-options\ are:\ [\-d\ [sql:]directory]\ [\-P\ dbprefix]\ [\-k\ slotPasswordFile|\-K\ slotPassword]\ [\-w\ p12filePasswordFile|\-W\ p12filePassword]] +\fBpk12util\fR [\-i\ p12File|\-l\ p12File|\-o\ p12File] [\-d\ [sql:]directory] [\-h\ tokenname] [\-P\ dbprefix] [\-r] [\-v] [\-k\ slotPasswordFile|\-K\ slotPassword] [\-w\ p12filePasswordFile|\-W\ p12filePassword] .SH "STATUS" .PP This documentation is still work in progress\&. Please contribute to the initial review in @@ -61,9 +61,14 @@ Export keys and certificates from the security database to a PKCS#12 file\&. .PP \fBArguments\fR .PP -\-n certname +\-c keyCipher .RS 4 -Specify the nickname of the cert and private key to export\&. +Specify the key encryption algorithm\&. +.RE +.PP +\-C certCipher +.RS 4 +Specify the key cert (overall package) encryption algorithm\&. .RE .PP \-d [sql:]directory @@ -80,21 +85,11 @@ pkcs11\&.txt)\&. If the prefix is not used, then the tool assumes that the given databases are in the old format\&. .RE .PP -\-P prefix -.RS 4 -Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. -.RE -.PP \-h tokenname .RS 4 Specify the name of the token to import into or export from\&. .RE .PP -\-v -.RS 4 -Enable debug logging when importing\&. -.RE -.PP \-k slotPasswordFile .RS 4 Specify the text file containing the slot\*(Aqs password\&. @@ -105,39 +100,44 @@ Specify the text file containing the slot\*(Aqs password\&. Specify the slot\*(Aqs password\&. .RE .PP -\-w p12filePasswordFile +\-m | \-\-key\-len keyLength .RS 4 -Specify the text file containing the pkcs #12 file password\&. +Specify the desired length of the symmetric key to be used to encrypt the private key\&. .RE .PP -\-W p12filePassword +\-n | \-\-cert\-key\-len certKeyLength .RS 4 -Specify the pkcs #12 file password\&. +Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&. .RE .PP -\-c keyCipher +\-n certname .RS 4 -Specify the key encryption algorithm\&. +Specify the nickname of the cert and private key to export\&. .RE .PP -\-C certCipher +\-P prefix .RS 4 -Specify the key cert (overall package) encryption algorithm\&. +Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. .RE .PP -\-m | \-\-key\-len keyLength +\-r .RS 4 -Specify the desired length of the symmetric key to be used to encrypt the private key\&. +Dumps all of the data in raw (binary) form\&. This must be saved as a DER file\&. The default is to return information in a pretty\-print ASCII format, which displays the information about the certificates and public keys in the p12 file\&. .RE .PP -\-n | \-\-cert\-key\-len certKeyLength +\-v .RS 4 -Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&. +Enable debug logging when importing\&. .RE .PP -\-r +\-w p12filePasswordFile .RS 4 -Dumps all of the data in raw (binary) form\&. This must be saved as a DER file\&. The default is to return information in a pretty\-print ASCII format, which displays the information about the certificates and public keys in the p12 file\&. +Specify the text file containing the pkcs #12 file password\&. +.RE +.PP +\-W p12filePassword +.RS 4 +Specify the pkcs #12 file password\&. .RE .SH "RETURN CODES" .sp @@ -437,18 +437,12 @@ for importing a certificate or key is the PKCS#12 input file (\fB\-i\fR) and som for a directory or \fB\-h\fR for a token)\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf +.PP pk12util \-i p12File [\-h tokenname] [\-v] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] -.fi -.if n \{\ -.RE -.\} .PP For example: +.PP + .sp .if n \{\ .RS 4 @@ -474,16 +468,8 @@ pk12util: PKCS12 IMPORT SUCCESSFUL Using the \fBpk12util\fR command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS#12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf +.PP pk12util \-o p12File \-n certname [\-c keyCipher] [\-C certCipher] [\-m|\-\-key_len keyLen] [\-n|\-\-cert_key_len certKeyLen] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] -.fi -.if n \{\ -.RE -.\} .PP For example: .sp @@ -506,16 +492,8 @@ The information in a file are not human\-readable\&. The certificates and keys in the file can be printed (listed) in a human\-readable pretty\-print format that shows information for every certificate and any public keys in the \&.p12 file\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf +.PP pk12util \-l p12File [\-h tokenname] [\-r] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] -.fi -.if n \{\ -.RE -.\} .PP For example, this prints the default ASCII output: .sp @@ -542,7 +520,7 @@ Certificate: Issuer: "E=personal\-freemail(a)thawte\&.com,CN=Thawte Personal Freemail C A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T own,ST=Western Cape,C=ZA" -\&.\&.\&.\&. + .fi .if n \{\ .RE @@ -561,7 +539,7 @@ file000N\&.der, incrementing the number for every certificate: .RS 4 .\} .nf -# pk12util \-l test\&.p12 \-r +pk12util \-l test\&.p12 \-r Enter password for PKCS12 file: Key(shrouded): Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID @@ -574,6 +552,7 @@ Key(shrouded): Certificate Friendly Name: Thawte Personal Freemail Issuing CA \- Thawte Consulting Certificate Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID + .fi .if n \{\ .RE @@ -592,7 +571,17 @@ Several types of ciphers are supported\&. .PP Symmetric CBC ciphers for PKCS#5 V2 .RS 4 -DES_CBC +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +DES\-CBC +.RE .sp .RS 4 .ie n \{\ @@ -696,7 +685,17 @@ CAMELLIA\-256\-CBC .PP PKCS#12 PBE ciphers .RS 4 +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} PKCS #12 PBE with Sha1 and 128 Bit RC4 +.RE .sp .RS 4 .ie n \{\ @@ -811,7 +810,17 @@ PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC .PP PKCS#5 PBE ciphers .RS 4 +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} PKCS #5 Password Based Encryption with MD2 and DES CBC +.RE .sp .RS 4 .ie n \{\ diff --git a/security/nss/doc/nroff/pp.1 b/security/nss/doc/nroff/pp.1 index 6a8eb63..2c9aa5a6 100644 --- a/security/nss/doc/nroff/pp.1 +++ b/security/nss/doc/nroff/pp.1 @@ -2,12 +2,12 @@ .\" Title: PP .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "PP" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "PP" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/security/nss/doc/nroff/signtool.1 b/security/nss/doc/nroff/signtool.1 index e78f77b..3a91ce6 100644 --- a/security/nss/doc/nroff/signtool.1 +++ b/security/nss/doc/nroff/signtool.1 @@ -2,12 +2,12 @@ .\" Title: signtool .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "SIGNTOOL" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "SIGNTOOL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -31,7 +31,7 @@ signtool \- Digitally sign objects and files\&. .SH "SYNOPSIS" .HP \w'\fBsigntool\fR\ 'u -\fBsigntool\fR [\-k\ keyName] [[\-h]] [[\-H]] [[\-l]] [[\-L]] [[\-M]] [[\-v]] [[\-w]] [[\-G\ nickname]] [[\-\-keysize\ |\ \-s\ size]] [[\-b\ basename]] [[\-c\ Compression\ Level]] [[\-d\ cert\-dir]] [[\-i\ installer\ script]] [[\-m\ metafile]] [[\-x\ name]] [[\-f\ filename]] [[\-t|\-\-token\ tokenname]] [[\-e\ extension]] [[\-o]] [[\-z]] [[\-X]] [[\-\-outfile]] [[\-\-verbose\ value]] [[\-\-norecurse]] [[\-\-leavearc]] [[\-j\ directory]] [[\-Z\ jarfile]] [[\-O]] [[\-p\ password]] [directory\-tree] [archive] +\fBsigntool\fR [[\-b\ basename]] [[\-c\ Compression\ Level]] [[\-d\ cert\-dir]] [[\-e\ extension]] [[\-f\ filename]] [[\-i\ installer\ script]] [[\-h]] [[\-H]] [[\-v]] [[\-w]] [[\-G\ nickname]] [[\-J]] [[\-j\ directory]] [\-k\ keyName] [[\-\-keysize\ |\ \-s\ size]] [[\-l]] [[\-L]] [[\-M]] [[\-m\ metafile]] [[\-\-norecurse]] [[\-O]] [[\-o]] [[\-\-outfile]] [[\-p\ password]] [[\-t|\-\-token\ tokenname]] [[\-z]] [[\-X]] [[\-x\ name]] [[\-\-verbose\ value]] [[\-\-leavearc]] [[\-Z\ jarfile]] [directory\-tree] [archive] .SH "STATUS" .PP This documentation is still work in progress\&. Please contribute to the initial review in @@ -91,11 +91,21 @@ Tells signtool to sign only files with the given extension; for example, use \-e Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format\&. All options and arguments can be expressed through this file\&. For more information about the syntax used with this file, see "Tips and Techniques"\&. .RE .PP +\-G nickname +.RS 4 +Generates a new private\-public key pair and corresponding object\-signing certificate with the given nickname\&. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the \-d option\&. With the NT version of Netscape Signing Tool, you must use the \-d option with the \-G option\&. With the Unix version of Netscape Signing Tool, omitting the \-d option causes the tool to install the keys and certificate in the Communicator key and certificate databases\&. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases\&. In all cases, the certificate is also output to a file named x509\&.cacert, which has the MIME\-type application/x\-x509\-ca\-cert\&. Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with \-G is not signed by a recognize d certificate authority\&. Instead, it is self\-signed\&. In addition, a single test signing certificate functions as both an object\-signing certificate and a CA\&. When you are using it to sign objects, it behaves like an object\-signing certificate\&. When it is imported into browser software such as Communicator, it behaves like an object\-signing CA and cannot be used to sign objects\&. The \-G option is available in Netscape Signing Tool 1\&.0 and later versions only\&. By default, it produces only RSA certificates with 1024\-byte keys in the internal token\&. However, you can use the \-s option specify the required key size and the \-t option to specify the token\&. +.RE +.PP \-i scriptname .RS 4 Specifies the name of an installer script for SmartUpdate\&. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature\&. For more details, see the description of \-m that follows\&. The \-i option provides a straightforward way to provide this information if you don\*(Aqt need to specify any metadata other than an installer script\&. .RE .PP +\-J +.RS 4 +Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags\&. Even if signtool creates more than one archive file, you need to supply the key database password only once\&. The \-J option is available only in Netscape Signing Tool 1\&.0 and later versions\&. The \-J option cannot be used at the same time as the \-Z option\&. If the \-c# option is not used with the \-J option, the default compression value is 6\&. Note that versions 1\&.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages\&. +.RE +.PP \-j directory .RS 4 Specifies a special JavaScript directory\&. This option causes the specified directory to be signed and tags its entries as inline JavaScript\&. This special type of entry does not have to appear in the JAR file itself\&. Instead, it is located in the HTML page containing the inline scripts\&. When you use signtool \-v, these entries are displayed with the string NOT PRESENT\&. @@ -106,21 +116,11 @@ Specifies a special JavaScript directory\&. This option causes the specified dir Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory\&. The directory to sign is always specified as the last command\-line argument\&. Thus, it is possible to write signtool \-k MyCert \-d \&. signdir You may have trouble if the nickname contains a single quotation mark\&. To avoid problems, escape the quotation mark using the escape conventions for your platform\&. It\*(Aqs also possible to use the \-k option without signing any files or specifying a directory\&. For example, you can use it with the \-l option to get detailed information about a particular signing certificate\&. .RE .PP -\-G nickname -.RS 4 -Generates a new private\-public key pair and corresponding object\-signing certificate with the given nickname\&. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the \-d option\&. With the NT version of Netscape Signing Tool, you must use the \-d option with the \-G option\&. With the Unix version of Netscape Signing Tool, omitting the \-d option causes the tool to install the keys and certificate in the Communicator key and certificate databases\&. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases\&. In all cases, the certificate is also output to a file named x509\&.cacert, which has the MIME\-type application/x\-x509\-ca\-cert\&. Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with \-G is not signed by a recognize d certificate authority\&. Instead, it is self\-signed\&. In addition, a single test signing certificate functions as both an object\-signing certificate and a CA\&. When you are using it to sign objects, it behaves like an object\-signing certificate\&. When it is imported into browser software such as Communicator, it behaves like an object\-signing CA and cannot be used to sign objects\&. The \-G option is available in Netscape Signing Tool 1\&.0 and later versions only\&. By default, it produces only RSA certificates with 1024\-byte keys in the internal token\&. However, you can use the \-s option specify the required key size and the \-t option to specify the token\&. For more information about the use of the \-G option, see "Generating Test Object\-Signing Certificates""Generating Test Object\-Signing Certificates" on page 1241\&. -.RE -.PP \-l .RS 4 Lists signing certificates, including issuing CAs\&. If any of your certificates are expired or invalid, the list will so specify\&. This option can be used with the \-k option to list detailed information about a particular signing certificate\&. The \-l option is available in Netscape Signing Tool 1\&.0 and later versions only\&. .RE .PP -\-J -.RS 4 -Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags\&. Even if signtool creates more than one archive file, you need to supply the key database password only once\&. The \-J option is available only in Netscape Signing Tool 1\&.0 and later versions\&. The \-J option cannot be used at the same time as the \-Z option\&. If the \-c# option is not used with the \-J option, the default compression value is 6\&. Note that versions 1\&.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages\&. -.RE -.PP \-L .RS 4 Lists the certificates in your database\&. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool\&. diff --git a/security/nss/doc/nroff/signver.1 b/security/nss/doc/nroff/signver.1 index c327c8a..ad92c11 100644 --- a/security/nss/doc/nroff/signver.1 +++ b/security/nss/doc/nroff/signver.1 @@ -2,12 +2,12 @@ .\" Title: SIGNVER .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "SIGNVER" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "SIGNVER" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -236,9 +236,9 @@ export NSS_DEFAULT_DB_TYPE="sql" .RE .\} .PP -This line can be set added to the +This line can be added to the ~/\&.bashrc -file to make the change permanent\&. +file to make the change permanent for the user\&. .PP Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: .sp diff --git a/security/nss/doc/nroff/ssltap.1 b/security/nss/doc/nroff/ssltap.1 index 950f20b..69129ec 100644 --- a/security/nss/doc/nroff/ssltap.1 +++ b/security/nss/doc/nroff/ssltap.1 @@ -2,12 +2,12 @@ .\" Title: SSLTAP .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "SSLTAP" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "SSLTAP" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -30,8 +30,8 @@ .SH "NAME" ssltap \- Tap into SSL connections and display the data going by .SH "SYNOPSIS" -.HP \w'\fBlibssltap\fR\ 'u -\fBlibssltap\fR [\-vhfsxl] [\-p\ port] [hostname:port] +.HP \w'\fBssltap\fR\ 'u +\fBssltap\fR [\-fhlsvx] [\-p\ port] [hostname:port] .SH "STATUS" .PP This documentation is still work in progress\&. Please contribute to the initial review in @@ -43,33 +43,14 @@ The SSL Debugging Tool is an SSL\-aware command\-line proxy\&. It watches TCP connections and displays the data going by\&. If a connection is SSL, the data display includes interpreted SSL records and handshaking .SH "OPTIONS" .PP -\-v -.RS 4 -Print a version string for the tool\&. -.RE -.PP -\-h -.RS 4 -Turn on hex/ASCII printing\&. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters\&. The two parts are separated by a vertical bar\&. Nonprinting characters are replaced by dots\&. -.RE -.PP \-f .RS 4 Turn on fancy printing\&. Output is printed in colored HTML\&. Data sent from the client to the server is in blue; the server\*(Aqs reply is in red\&. When used with looping mode, the different connections are separated with horizontal lines\&. You can use this option to upload the output into a browser\&. .RE .PP -\-s -.RS 4 -Turn on SSL parsing and decoding\&. The tool does not automatically detect SSL sessions\&. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures\&. -.sp -If the tool detects a certificate chain, it saves the DER\-encoded certificates into files in the current directory\&. The files are named cert\&.0x, where x is the sequence number of the certificate\&. -.sp -If the \-s option is used with \-h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output\&. -.RE -.PP -\-x +\-h .RS 4 -Turn on hex/ASCII printing of undecoded data inside parsed SSL records\&. Used only with the \-s option\&. This option uses the same output format as the \-h option\&. +Turn on hex/ASCII printing\&. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters\&. The two parts are separated by a vertical bar\&. Nonprinting characters are replaced by dots\&. .RE .PP \-l prefix @@ -99,6 +80,25 @@ The following are well\-known port numbers: .sp * NNTPS 563 (NNTP over SSL) .RE +.PP +\-s +.RS 4 +Turn on SSL parsing and decoding\&. The tool does not automatically detect SSL sessions\&. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures\&. +.sp +If the tool detects a certificate chain, it saves the DER\-encoded certificates into files in the current directory\&. The files are named cert\&.0x, where x is the sequence number of the certificate\&. +.sp +If the \-s option is used with \-h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output\&. +.RE +.PP +\-v +.RS 4 +Print a version string for the tool\&. +.RE +.PP +\-x +.RS 4 +Turn on extra SSL hex dumps\&. +.RE .SH "USAGE AND EXAMPLES" .PP You can use the SSL Debugging Tool to intercept any connection information\&. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful\&. For example, assume your development machine is called intercept\&. The simplest way to use the debugging tool is to execute the following command from a command shell: diff --git a/security/nss/doc/nroff/vfychain.1 b/security/nss/doc/nroff/vfychain.1 index 487b7f9..d5e37e4 100644 --- a/security/nss/doc/nroff/vfychain.1 +++ b/security/nss/doc/nroff/vfychain.1 @@ -2,12 +2,12 @@ .\" Title: VFYCHAIN .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "VFYCHAIN" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/security/nss/doc/nroff/vfyserv.1 b/security/nss/doc/nroff/vfyserv.1 index f991ce2..ffe5f36 100644 --- a/security/nss/doc/nroff/vfyserv.1 +++ b/security/nss/doc/nroff/vfyserv.1 @@ -2,12 +2,12 @@ .\" Title: VFYSERV .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "VFYSERV" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "VFYSERV" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/security/nss/doc/pk12util.xml b/security/nss/doc/pk12util.xml index 590aec8..03ee356 100644 --- a/security/nss/doc/pk12util.xml +++ b/security/nss/doc/pk12util.xml @@ -27,16 +27,14 @@ <refsynopsisdiv> <cmdsynopsis> <command>pk12util</command> - <arg>-i p12File [-h tokenname] [-v] [common-options] </arg> - <arg> - -l p12File [-h tokenname] [-r] [common-options] </arg> - <arg> - -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [common-options] </arg> - <arg> - -common-options are: -[-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] - </arg> + <arg>-i p12File|-l p12File|-o p12File</arg> + <arg>-d [sql:]directory</arg> + <arg>-h tokenname</arg> + <arg>-P dbprefix</arg> + <arg>-r</arg> + <arg>-v</arg> + <arg>-k slotPasswordFile|-K slotPassword</arg> + <arg>-w p12filePasswordFile|-W p12filePassword</arg> </cmdsynopsis> </refsynopsisdiv> @@ -73,22 +71,20 @@ common-options are: <para><command>Arguments</command></para> <variablelist> - <varlistentry> - <term>-n certname</term> - <listitem><para>Specify the nickname of the cert and private key to export.</para></listitem> + <term>-c keyCipher</term> + <listitem><para>Specify the key encryption algorithm.</para></listitem> </varlistentry> <varlistentry> - <term>-d [sql:]directory</term> - <listitem><para>Specify the database directory into which to import to or export from certificates and keys.</para> - <para><command>pk12util</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). If the prefix <command>sql:</command> is not used, then the tool assumes that the given databases are in the old format.</para></listitem> + <term>-C certCipher</term> + <listitem><para>Specify the key cert (overall package) encryption algorithm.</para></listitem> </varlistentry> <varlistentry> - <term>-P prefix</term> - <listitem><para>Specify the prefix used on the certificate and key databases. This option is provided as a special case. - Changing the names of the certificate and key databases is not recommended.</para></listitem> + <term>-d [sql:]directory</term> + <listitem><para>Specify the database directory into which to import to or export from certificates and keys.</para> + <para><command>pk12util</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). If the prefix <command>sql:</command> is not used, then the tool assumes that the given databases are in the old format.</para></listitem> </varlistentry> <varlistentry> @@ -97,11 +93,6 @@ common-options are: </varlistentry> <varlistentry> - <term>-v </term> - <listitem><para>Enable debug logging when importing.</para></listitem> - </varlistentry> - - <varlistentry> <term>-k slotPasswordFile</term> <listitem><para>Specify the text file containing the slot's password.</para></listitem> </varlistentry> @@ -112,39 +103,46 @@ common-options are: </varlistentry> <varlistentry> - <term>-w p12filePasswordFile</term> - <listitem><para>Specify the text file containing the pkcs #12 file password.</para></listitem> + <term>-m | --key-len keyLength</term> + <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the private key.</para></listitem> </varlistentry> <varlistentry> - <term>-W p12filePassword</term> - <listitem><para>Specify the pkcs #12 file password.</para></listitem> + <term>-n | --cert-key-len certKeyLength</term> + <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</para></listitem> </varlistentry> <varlistentry> - <term>-c keyCipher</term> - <listitem><para>Specify the key encryption algorithm.</para></listitem> + <term>-n certname</term> + <listitem><para>Specify the nickname of the cert and private key to export.</para></listitem> </varlistentry> <varlistentry> - <term>-C certCipher</term> - <listitem><para>Specify the key cert (overall package) encryption algorithm.</para></listitem> + <term>-P prefix</term> + <listitem><para>Specify the prefix used on the certificate and key databases. This option is provided as a special case. + Changing the names of the certificate and key databases is not recommended.</para></listitem> </varlistentry> <varlistentry> - <term>-m | --key-len keyLength</term> - <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the private key.</para></listitem> + <term>-r</term> + <listitem><para>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</para></listitem> </varlistentry> <varlistentry> - <term>-n | --cert-key-len certKeyLength</term> - <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</para></listitem> + <term>-v </term> + <listitem><para>Enable debug logging when importing.</para></listitem> </varlistentry> <varlistentry> - <term>-r</term> - <listitem><para>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</para></listitem> + <term>-w p12filePasswordFile</term> + <listitem><para>Specify the text file containing the pkcs #12 file password.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-W p12filePassword</term> + <listitem><para>Specify the pkcs #12 file password.</para></listitem> </varlistentry> + </variablelist> </refsection> @@ -237,9 +235,12 @@ common-options are: <para><command>Importing Keys and Certificates</command></para> <para>The most basic usage of <command>pk12util</command> for importing a certificate or key is the PKCS#12 input file (<option>-i</option>) and some way to specify the security database being accessed (either <option>-d</option> for a directory or <option>-h</option> for a token). </para> -<programlisting>pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</programlisting> + <para> + pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + </para> <para>For example:</para> -<programlisting># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb + <para> </para> + <programlisting># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, @@ -253,18 +254,18 @@ pk12util: PKCS12 IMPORT SUCCESSFUL</programlisting> <para><command>Exporting Keys and Certificates</command></para> <para>Using the <command>pk12util</command> command to export certificates and keys requires both the name of the certificate to extract from the database (<option>-n</option>) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material. </para> -<programlisting>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</programlisting> + <para>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</para> <para>For example:</para> -<programlisting># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb + <programlisting># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb Enter password for PKCS12 file: Re-enter password: </programlisting> <para><command>Listing Keys and Certificates</command></para> <para>The information in a <filename>.p12</filename> file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the <filename>.p12</filename> file. </para> -<programlisting>pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</programlisting> + <para>pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</para> <para>For example, this prints the default ASCII output:</para> -<programlisting># pk12util -l certs.p12 + <programlisting># pk12util -l certs.p12 Enter password for PKCS12 file: Key(shrouded): @@ -283,9 +284,9 @@ Certificate: Issuer: "E=personal-freemail(a)thawte.com,CN=Thawte Personal Freemail C A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T own,ST=Western Cape,C=ZA" -....</programlisting> + </programlisting> <para>Alternatively, the <option>-r</option> prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports <filename>.p12</filename> files. Each certificate is written to a sequentially-number file, beginning with <filename>file0001.der</filename> and continuing through <filename>file000N.der</filename>, incrementing the number for every certificate:</para> -<programlisting># pk12util -l test.p12 -r + <programlisting>pk12util -l test.p12 -r Enter password for PKCS12 file: Key(shrouded): Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID @@ -297,7 +298,8 @@ Key(shrouded): Iteration Count: 1 (0x1) Certificate Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting -Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID</programlisting> +Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID + </programlisting> </refsection> <refsection id="encryption"> @@ -309,86 +311,48 @@ Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) L <varlistentry> <term>Symmetric CBC ciphers for PKCS#5 V2</term> - <listitem><para>DES_CBC</para> - <itemizedlist> - <listitem> - <para>RC2-CBC</para> - </listitem> - <listitem> - <para>RC5-CBCPad</para> - </listitem> - <listitem> - <para>DES-EDE3-CBC (the default for key encryption)</para> - </listitem> - <listitem> - <para>AES-128-CBC</para> - </listitem> - <listitem> - <para>AES-192-CBC</para> - </listitem> - <listitem> - <para>AES-256-CBC</para> - </listitem> - <listitem> - <para>CAMELLIA-128-CBC</para> - </listitem> - <listitem> - <para>CAMELLIA-192-CBC</para> - </listitem> - <listitem> - <para>CAMELLIA-256-CBC</para></listitem> - </itemizedlist> - </listitem> + <listitem> + <itemizedlist> + <listitem><para>DES-CBC</para></listitem> + <listitem><para>RC2-CBC</para></listitem> + <listitem><para>RC5-CBCPad</para></listitem> + <listitem><para>DES-EDE3-CBC (the default for key encryption)</para></listitem> + <listitem><para>AES-128-CBC</para></listitem> + <listitem><para>AES-192-CBC</para></listitem> + <listitem><para>AES-256-CBC</para></listitem> + <listitem><para>CAMELLIA-128-CBC</para></listitem> + <listitem><para>CAMELLIA-192-CBC</para></listitem> + <listitem><para>CAMELLIA-256-CBC</para></listitem> + </itemizedlist> + </listitem> </varlistentry> <varlistentry> <term>PKCS#12 PBE ciphers</term> - <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC4</para> - <itemizedlist> - <listitem> - <para>PKCS #12 PBE with Sha1 and 40 Bit RC4</para> - </listitem> - <listitem> - <para>PKCS #12 PBE with Sha1 and Triple DES CBC</para> - </listitem> - <listitem> - <para>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</para> - </listitem> - <listitem> - <para>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</para> - </listitem> - <listitem> - <para>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</para> - </listitem> - <listitem> - <para>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</para> - </listitem> - <listitem> - <para>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</para> - </listitem> - <listitem> - <para>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</para> - </listitem> - <listitem> - <para>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</para> - </listitem> - <listitem> - <para>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</para></listitem> - </itemizedlist> - </listitem> + <listitem> + <itemizedlist> + <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC4</para></listitem> + <listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC4</para></listitem> + <listitem><para>PKCS #12 PBE with Sha1 and Triple DES CBC</para></listitem> + <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</para></listitem> + <listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</para></listitem> + <listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</para></listitem> + <listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</para></listitem> + <listitem><para>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</para></listitem> + <listitem><para>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</para></listitem> + <listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</para></listitem> + <listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</para></listitem> + </itemizedlist> + </listitem> </varlistentry> - - <varlistentry> - <term>PKCS#5 PBE ciphers</term> - <listitem><para>PKCS #5 Password Based Encryption with MD2 and DES CBC</para> - <itemizedlist> - <listitem> - <para>PKCS #5 Password Based Encryption with MD5 and DES CBC</para> - </listitem> - <listitem> - <para>PKCS #5 Password Based Encryption with SHA1 and DES CBC</para></listitem> - </itemizedlist> - </listitem> + <varlistentry><term>PKCS#5 PBE ciphers</term> + <listitem> + <itemizedlist> + <listitem><para>PKCS #5 Password Based Encryption with MD2 and DES CBC</para></listitem> + <listitem><para>PKCS #5 Password Based Encryption with MD5 and DES CBC</para></listitem> + <listitem><para>PKCS #5 Password Based Encryption with SHA1 and DES CBC</para></listitem> + </itemizedlist> + </listitem> </varlistentry> </variablelist> <para>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <emphasis>no security module can perform the requested operation</emphasis>.</para> diff --git a/security/nss/doc/signtool.xml b/security/nss/doc/signtool.xml index 9f9da68..3a6c208 100644 --- a/security/nss/doc/signtool.xml +++ b/security/nss/doc/signtool.xml @@ -27,36 +27,37 @@ <refsynopsisdiv> <cmdsynopsis> <command>signtool</command> - <arg>-k keyName</arg> + <arg>[-b basename]</arg> + <arg>[-c Compression Level] </arg> + <arg>[-d cert-dir] </arg> + <arg>[-e extension] </arg> + <arg>[-f filename] </arg> + <arg>[-i installer script] </arg> <arg>[-h]</arg> <arg>[-H]</arg> - <arg>[-l]</arg> - <arg>[-L]</arg> - <arg>[-M]</arg> <arg>[-v]</arg> <arg>[-w]</arg> <arg>[-G nickname]</arg> + <arg>[-J]</arg> + <arg>[-j directory] </arg> + <arg>-k keyName</arg> <arg>[--keysize | -s size]</arg> - <arg>[-b basename]</arg> - <arg>[-c Compression Level] </arg> - <arg>[-d cert-dir] </arg> - <arg>[-i installer script] </arg> + <arg>[-l]</arg> + <arg>[-L]</arg> + <arg>[-M]</arg> <arg>[-m metafile] </arg> - <arg>[-x name] </arg> - <arg>[-f filename] </arg> - <arg>[-t|--token tokenname] </arg> - <arg>[-e extension] </arg> + <arg>[--norecurse] </arg> + <arg>[-O] </arg> <arg>[-o] </arg> + <arg>[--outfile] </arg> + <arg>[-p password] </arg> + <arg>[-t|--token tokenname] </arg> <arg>[-z] </arg> <arg>[-X] </arg> - <arg>[--outfile] </arg> + <arg>[-x name] </arg> <arg>[--verbose value] </arg> - <arg>[--norecurse] </arg> <arg>[--leavearc] </arg> - <arg>[-j directory] </arg> <arg>[-Z jarfile] </arg> - <arg>[-O] </arg> - <arg>[-p password] </arg> <arg>directory-tree</arg> <arg>archive</arg>  @@ -97,7 +98,7 @@ </varlistentry> <varlistentry> <term>-c#</term> - <listitem><para> + <listitem><para> Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes. If the -c# option is not used with either the -J or the -Z option, the default compression value used by both the -J and -Z options is 6. @@ -124,10 +125,36 @@ The Unix version of signtool assumes ~/.netscape unless told otherwise. The NT v </para></listitem> </varlistentry> <varlistentry> + <term>-G nickname</term> + <listitem><para> + Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. + +The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. + +Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. + +The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. + </para></listitem> + </varlistentry> + <varlistentry> <term>-i scriptname</term> - <listitem><para> - Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. -</para></listitem> + <listitem><para> +Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. + </para></listitem> + </varlistentry> + <varlistentry> + <term>-J</term> + <listitem> + <para> +Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. + +The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. + +If the -c# option is not used with the -J option, the default compression value is 6. + +Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages. + </para> + </listitem> </varlistentry> <varlistentry> <term>-j directory</term> @@ -148,18 +175,6 @@ It's also possible to use the -k option without signing any files or specifying </para></listitem> </varlistentry> <varlistentry> - <term>-G nickname</term> - <listitem><para> - Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. - -The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. - -Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. - -The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. For more information about the use of the -G option, see "Generating Test Object-Signing Certificates""Generating Test Object-Signing Certificates" on page 1241. -</para></listitem> - </varlistentry> - <varlistentry> <term>-l</term> <listitem><para> Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate. @@ -168,18 +183,6 @@ The -l option is available in Netscape Signing Tool 1.0 and later versions only. </para></listitem> </varlistentry> <varlistentry> - <term>-J</term> - <listitem><para> - Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. - -The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. - -If the -c# option is not used with the -J option, the default compression value is 6. - -Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages. -</para></listitem> - </varlistentry> - <varlistentry> <term>-L</term> <listitem><para> Lists the certificates in your database. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool. diff --git a/security/nss/doc/signver.xml b/security/nss/doc/signver.xml index 7c598d8..e645e91 100644 --- a/security/nss/doc/signver.xml +++ b/security/nss/doc/signver.xml @@ -163,7 +163,7 @@ Using the SQLite databases must be manually specified by using the <command>sql: <para>To set the shared database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>sql</envar>:</para> <programlisting>export NSS_DEFAULT_DB_TYPE="sql"</programlisting> -<para>This line can be set added to the <filename>~/.bashrc</filename> file to make the change permanent.</para> +<para>This line can be added to the <filename>~/.bashrc</filename> file to make the change permanent for the user.</para> <para>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</para> <itemizedlist> diff --git a/security/nss/doc/ssltap.xml b/security/nss/doc/ssltap.xml index e66a493..32b9e2f 100644 --- a/security/nss/doc/ssltap.xml +++ b/security/nss/doc/ssltap.xml @@ -26,8 +26,8 @@ <refsynopsisdiv> <cmdsynopsis> - <command>libssltap</command> - <arg choice="opt">-vhfsxl</arg> + <command>ssltap</command> + <arg choice="opt">-fhlsvx</arg> <arg choice="opt">-p port</arg> <arg choice="opt">hostname:port</arg> </cmdsynopsis> @@ -48,8 +48,10 @@ <title>Options</title> <variablelist> <varlistentry> - <term>-v </term> - <listitem><para>Print a version string for the tool.</para></listitem> + <term>-f </term> + <listitem><para> +Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. + </para></listitem> </varlistentry> <varlistentry> <term>-h </term> @@ -58,34 +60,6 @@ Turn on hex/ASCII printing. Instead of outputting raw data, the command interpre </para></listitem> </varlistentry> <varlistentry> - <term>-f </term> - <listitem><para> -Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. - </para></listitem> - </varlistentry> - <varlistentry><term>-s </term> - <listitem> - <para> -Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. - </para> - <para> -If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. - </para> - <para> -If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>-x </term> - <listitem> - <para> -Turn on hex/ASCII printing of undecoded data inside parsed SSL records. Used only with the -s option. -This option uses the same output format as the -h option. - </para> - </listitem> - </varlistentry> - <varlistentry> <term>-l prefix</term> <listitem> <para> @@ -124,6 +98,28 @@ Turn on looping; that is, continue to accept connections rather than stopping af </para> </listitem> </varlistentry> + <varlistentry> + <term>-s </term> + <listitem> + <para> +Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. + </para> + <para> +If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. + </para> + <para> +If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>-v </term> + <listitem><para>Print a version string for the tool.</para></listitem> + </varlistentry> + <varlistentry> + <term>-x </term> + <listitem><para>Turn on extra SSL hex dumps.</para></listitem> + </varlistentry> </variablelist> </refsection> diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c index edb95af..ea1621b 100644 --- a/security/nss/lib/certdb/alg1485.c +++ b/security/nss/lib/certdb/alg1485.c @@ -28,12 +28,12 @@ static const NameToKind name2kinds[] = { * (See: http://www.iana.org/assignments/ldap-parameters) */ /* RFC 3280, 4630 MUST SUPPORT */ - { "CN", 64, SEC_OID_AVA_COMMON_NAME, SEC_ASN1_DS}, + { "CN", 640, SEC_OID_AVA_COMMON_NAME, SEC_ASN1_DS}, { "ST", 128, SEC_OID_AVA_STATE_OR_PROVINCE, SEC_ASN1_DS}, - { "O", 64, SEC_OID_AVA_ORGANIZATION_NAME, + { "O", 128, SEC_OID_AVA_ORGANIZATION_NAME, SEC_ASN1_DS}, - { "OU", 64, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, + { "OU", 128, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, SEC_ASN1_DS}, { "dnQualifier", 32767, SEC_OID_AVA_DN_QUALIFIER, SEC_ASN1_PRINTABLE_STRING}, { "C", 2, SEC_OID_AVA_COUNTRY_NAME, SEC_ASN1_PRINTABLE_STRING}, @@ -377,7 +377,7 @@ ParseRFC1485AVA(PLArenaPool *arena, const char **pbp, const char *endptr) char sep = 0; char tagBuf[32]; - char valBuf[384]; + char valBuf[1024]; PORT_Assert(arena); if (SECSuccess != scanTag(pbp, endptr, tagBuf, sizeof tagBuf) || @@ -889,7 +889,7 @@ get_hex_string(SECItem *data) static SECStatus AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict) { -#define TMPBUF_LEN 384 +#define TMPBUF_LEN 2048 const NameToKind *pn2k = name2kinds; SECItem *avaValue = NULL; char *unknownTag = NULL; diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index 1d4fe9c..4ebdf33 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -79,13 +79,6 @@ extern CERTRDN *CERT_CreateRDN(PLArenaPool *arena, CERTAVA *avas, ...); extern SECStatus CERT_CopyRDN(PLArenaPool *arena, CERTRDN *dest, CERTRDN *src); /* -** Destory an RDN object. -** "rdn" the RDN to destroy -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void CERT_DestroyRDN(CERTRDN *rdn, PRBool freeit); - -/* ** Add an AVA to an RDN. ** "rdn" the RDN to add to ** "ava" the AVA to add diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index b7d22bd..4330437 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -1381,7 +1381,7 @@ cert_TestHostName(char * cn, const char * hn) return rv; } } else { - /* New approach conforms to RFC 2818. */ + /* New approach conforms to RFC 6125. */ char *wildcard = PORT_Strchr(cn, '*'); char *firstcndot = PORT_Strchr(cn, '.'); char *secondcndot = firstcndot ? PORT_Strchr(firstcndot+1, '.') : NULL; @@ -1390,14 +1390,17 @@ cert_TestHostName(char * cn, const char * hn) /* For a cn pattern to be considered valid, the wildcard character... * - may occur only in a DNS name with at least 3 components, and * - may occur only as last character in the first component, and - * - may be preceded by additional characters + * - may be preceded by additional characters, and + * - must not be preceded by an IDNA ACE prefix (xn--) */ if (wildcard && secondcndot && secondcndot[1] && firsthndot - && firstcndot - wildcard == 1 - && secondcndot - firstcndot > 1 - && PORT_Strrchr(cn, '*') == wildcard + && firstcndot - wildcard == 1 /* wildcard is last char in first component */ + && secondcndot - firstcndot > 1 /* second component is non-empty */ + && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */ && !PORT_Strncasecmp(cn, hn, wildcard - cn) - && !PORT_Strcasecmp(firstcndot, firsthndot)) { + && !PORT_Strcasecmp(firstcndot, firsthndot) + /* If hn starts with xn--, then cn must start with wildcard */ + && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) { /* valid wildcard pattern match */ return SECSuccess; } diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h index 41e0b91..d0d53c3 100644 --- a/security/nss/lib/certdb/certdb.h +++ b/security/nss/lib/certdb/certdb.h @@ -7,16 +7,16 @@ /* common flags for all types of certificates */ -#define CERTDB_TERMINAL_RECORD (1<<0) -#define CERTDB_TRUSTED (1<<1) -#define CERTDB_SEND_WARN (1<<2) -#define CERTDB_VALID_CA (1<<3) -#define CERTDB_TRUSTED_CA (1<<4) /* trusted for issuing server certs */ -#define CERTDB_NS_TRUSTED_CA (1<<5) -#define CERTDB_USER (1<<6) -#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */ -#define CERTDB_INVISIBLE_CA (1<<8) /* don't show in UI */ -#define CERTDB_GOVT_APPROVED_CA (1<<9) /* can do strong crypto in export ver */ +#define CERTDB_TERMINAL_RECORD (1u<<0) +#define CERTDB_TRUSTED (1u<<1) +#define CERTDB_SEND_WARN (1u<<2) +#define CERTDB_VALID_CA (1u<<3) +#define CERTDB_TRUSTED_CA (1u<<4) /* trusted for issuing server certs */ +#define CERTDB_NS_TRUSTED_CA (1u<<5) +#define CERTDB_USER (1u<<6) +#define CERTDB_TRUSTED_CLIENT_CA (1u<<7) /* trusted for issuing client certs */ +#define CERTDB_INVISIBLE_CA (1u<<8) /* don't show in UI */ +#define CERTDB_GOVT_APPROVED_CA (1u<<9) /* can do strong crypto in export ver */ /* old usage, to keep old programs compiling */ /* On Windows, Mac, and Linux (and other gcc platforms), we can give compile diff --git a/security/nss/lib/certdb/certi.h b/security/nss/lib/certdb/certi.h index 82a372a..f47af1c 100644 --- a/security/nss/lib/certdb/certi.h +++ b/security/nss/lib/certdb/certi.h @@ -261,6 +261,28 @@ void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked); */ void CERT_MapStanError(); +/* Like CERT_VerifyCert, except with an additional argument, flags. The + * flags are defined immediately below. + */ +SECStatus +cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert, + PRBool checkSig, SECCertUsage certUsage, PRTime t, + PRUint32 flags, void *wincx, CERTVerifyLog *log); + +/* Use the default settings. + * cert_VerifyCertWithFlags(..., CERT_VERIFYCERT_USE_DEFAULTS, ...) is + * equivalent to CERT_VerifyCert(...); + */ +#define CERT_VERIFYCERT_USE_DEFAULTS 0 + +/* Skip all the OCSP checks during certificate verification, regardless of + * the global OCSP settings. By default, certificate |cert| will have its + * revocation status checked via OCSP according to the global OCSP settings. + * + * OCSP checking is always skipped when certUsage is certUsageStatusResponder. + */ +#define CERT_VERIFYCERT_SKIP_OCSP 1 + /* Interface function for libpkix cert validation engine: * cert_verify wrapper. */ SECStatus diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h index 25c87e0..9ab00fd 100644 --- a/security/nss/lib/certdb/certt.h +++ b/security/nss/lib/certdb/certt.h @@ -342,6 +342,7 @@ struct CERTCertListStr { }; #define CERT_LIST_HEAD(l) ((CERTCertListNode *)PR_LIST_HEAD(&l->list)) +#define CERT_LIST_TAIL(l) ((CERTCertListNode *)PR_LIST_TAIL(&l->list)) #define CERT_LIST_NEXT(n) ((CERTCertListNode *)n->links.next) #define CERT_LIST_END(n,l) (((void *)n) == ((void *)&l->list)) #define CERT_LIST_EMPTY(l) CERT_LIST_END(CERT_LIST_HEAD(l), l) diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index b0d35cc..1b0cc97 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -137,6 +137,39 @@ const SEC_ASN1Template CERT_GeneralNamesTemplate[] = { }; +static struct { + CERTGeneralNameType type; + char *name; +} typesArray[] = { + { certOtherName, "other" }, + { certRFC822Name, "email" }, + { certRFC822Name, "rfc822" }, + { certDNSName, "dns" }, + { certX400Address, "x400" }, + { certX400Address, "x400addr" }, + { certDirectoryName, "directory" }, + { certDirectoryName, "dn" }, + { certEDIPartyName, "edi" }, + { certEDIPartyName, "ediparty" }, + { certURI, "uri" }, + { certIPAddress, "ip" }, + { certIPAddress, "ipaddr" }, + { certRegisterID, "registerid" } +}; + +CERTGeneralNameType +CERT_GetGeneralNameTypeFromString(const char *string) +{ + int types_count = sizeof(typesArray)/sizeof(typesArray[0]); + int i; + + for (i=0; i < types_count; i++) { + if (PORT_Strcasecmp(string, typesArray[i].name) == 0) { + return typesArray[i].type; + } + } + return 0; +} CERTGeneralName * CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type) @@ -1523,6 +1556,75 @@ done: return rv; } +/* Add name constraints to certain certs that do not include name constraints + * This is the core of the implementation for bug 952572. + */ + +static SECStatus +getNameExtensionsBuiltIn(CERTCertificate *cert, + SECItem *extensions) +{ + const char constraintFranceGov[] = "\x30\x5D" /* sequence len = 93*/ + "\xA0\x5B" /* element len =91 */ + "\x30\x05" /* sequence len 5 */ + "\x82\x03" /* entry len 3 */ + ".fr" + "\x30\x05\x82\x03" /* sequence len5, entry len 3 */ + ".gp" + "\x30\x05\x82\x03" + ".gf" + "\x30\x05\x82\x03" + ".mq" + "\x30\x05\x82\x03" + ".re" + "\x30\x05\x82\x03" + ".yt" + "\x30\x05\x82\x03" + ".pm" + "\x30\x05\x82\x03" + ".bl" + "\x30\x05\x82\x03" + ".mf" + "\x30\x05\x82\x03" + ".wf" + "\x30\x05\x82\x03" + ".pf" + "\x30\x05\x82\x03" + ".nc" + "\x30\x05\x82\x03" + ".tf"; + + /* The stringified value for the subject is: + E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR + */ + const char rawANSSISubject[] = "\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04" + "\x06\x13\x02\x46\x52\x31\x0F\x30\x0D\x06\x03" + "\x55\x04\x08\x13\x06\x46\x72\x61\x6E\x63\x65" + "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05" + "\x50\x61\x72\x69\x73\x31\x10\x30\x0E\x06\x03" + "\x55\x04\x0A\x13\x07\x50\x4D\x2F\x53\x47\x44" + "\x4E\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13" + "\x05\x44\x43\x53\x53\x49\x31\x0E\x30\x0C\x06" + "\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2F\x41" + "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7" + "\x0D\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40" + "\x73\x67\x64\x6E\x2E\x70\x6D\x2E\x67\x6F\x75" + "\x76\x2E\x66\x72"; + + const SECItem anssi_subject = {0, (unsigned char *) rawANSSISubject, + sizeof(rawANSSISubject)-1}; + const SECItem permitFranceGovNC = {0, (unsigned char *) constraintFranceGov, + sizeof(constraintFranceGov)-1}; + + if (SECITEM_ItemsAreEqual(&cert->derSubject, &anssi_subject)) { + SECStatus rv; + rv = SECITEM_CopyItem(NULL, extensions, &permitFranceGovNC); + return rv; + } + PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); + return SECFailure; +} + /* Extract the name constraints extension from the CA cert. */ SECStatus CERT_FindNameConstraintsExten(PLArenaPool *arena, @@ -1538,10 +1640,16 @@ CERT_FindNameConstraintsExten(PLArenaPool *arena, rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS, &constraintsExtension); if (rv != SECSuccess) { - if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) { - rv = SECSuccess; + if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) { + return rv; + } + rv = getNameExtensionsBuiltIn(cert, &constraintsExtension); + if (rv != SECSuccess) { + if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) { + return SECSuccess; + } + return rv; } - return rv; } mark = PORT_ArenaMark(arena); diff --git a/security/nss/lib/certdb/genname.h b/security/nss/lib/certdb/genname.h index 091c82c..1d94376 100644 --- a/security/nss/lib/certdb/genname.h +++ b/security/nss/lib/certdb/genname.h @@ -26,6 +26,9 @@ cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName); extern SECStatus cert_DestroyGeneralNames(CERTGeneralName *name); +extern CERTGeneralNameType +CERT_GetGeneralNameTypeFromString(const char *string); + extern SECStatus cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena, SECItem *dest); diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index fbed385..3141163 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -506,7 +506,18 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, PORT_SetError (SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID); LOG_ERROR_OR_EXIT(log, issuerCert, count+1, pathLengthLimit); } - + + /* make sure that the entire chain is within the name space of the + * current issuer certificate. + */ + rv = CERT_CompareNameSpace(issuerCert, namesList, certsList, + arena, &badCert); + if (rv != SECSuccess || badCert != NULL) { + PORT_SetError(SEC_ERROR_CERT_NOT_IN_NAME_SPACE); + LOG_ERROR_OR_EXIT(log, badCert, count + 1, 0); + goto loser; + } + /* XXX - the error logging may need to go down into CRL stuff at some * point */ @@ -628,16 +639,6 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, } } - /* make sure that the entire chain is within the name space of the - ** current issuer certificate. - */ - rv = CERT_CompareNameSpace(issuerCert, namesList, certsList, - arena, &badCert); - if (rv != SECSuccess || badCert != NULL) { - PORT_SetError(SEC_ERROR_CERT_NOT_IN_NAME_SPACE); - LOG_ERROR_OR_EXIT(log, badCert, count + 1, 0); - goto loser; - } /* make sure that the issuer is not self signed. If it is, then * stop here to prevent looping. */ @@ -1200,7 +1201,7 @@ CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert, /* * Check OCSP revocation status, but only if the cert we are checking - * is not a status reponder itself. We only do this in the case + * is not a status responder itself. We only do this in the case * where we checked the cert chain (above); explicit trust "wins" * (avoids status checking, just as it avoids CRL checking) by * bypassing this code. @@ -1235,10 +1236,19 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool checkSig, SECCertUsage certUsage, PRTime t, void *wincx, CERTVerifyLog *log) { + return cert_VerifyCertWithFlags(handle, cert, checkSig, certUsage, t, + CERT_VERIFYCERT_USE_DEFAULTS, wincx, log); +} + +SECStatus +cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert, + PRBool checkSig, SECCertUsage certUsage, PRTime t, + PRUint32 flags, void *wincx, CERTVerifyLog *log) +{ SECStatus rv; unsigned int requiredKeyUsage; unsigned int requiredCertType; - unsigned int flags; + unsigned int failedFlags; unsigned int certType; PRBool trusted; PRBool allowOverride; @@ -1307,10 +1317,10 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, LOG_ERROR_OR_EXIT(log,cert,0,requiredCertType); } - rv = cert_CheckLeafTrust(cert,certUsage, &flags, &trusted); + rv = cert_CheckLeafTrust(cert, certUsage, &failedFlags, &trusted); if (rv == SECFailure) { PORT_SetError(SEC_ERROR_UNTRUSTED_CERT); - LOG_ERROR_OR_EXIT(log,cert,0,flags); + LOG_ERROR_OR_EXIT(log, cert, 0, failedFlags); } else if (trusted) { goto done; } @@ -1323,15 +1333,17 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert, } /* - * Check revocation status, but only if the cert we are checking - * is not a status reponder itself. We only do this in the case - * where we checked the cert chain (above); explicit trust "wins" - * (avoids status checking, just as it avoids CRL checking, which - * is all done inside VerifyCertChain) by bypassing this code. + * Check revocation status, but only if the cert we are checking is not a + * status responder itself and the caller did not ask us to skip the check. + * We only do this in the case where we checked the cert chain (above); + * explicit trust "wins" (avoids status checking, just as it avoids CRL + * checking, which is all done inside VerifyCertChain) by bypassing this + * code. */ - statusConfig = CERT_GetStatusConfig(handle); - if (certUsage != certUsageStatusResponder && statusConfig != NULL) { - if (statusConfig->statusChecker != NULL) { + if (!(flags & CERT_VERIFYCERT_SKIP_OCSP) && + certUsage != certUsageStatusResponder) { + statusConfig = CERT_GetStatusConfig(handle); + if (statusConfig && statusConfig->statusChecker) { rv = (* statusConfig->statusChecker)(handle, cert, t, wincx); if (rv != SECSuccess) { diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index d9c3289..59b341f 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -18,6 +18,7 @@ #include "secasn1.h" #include "secder.h" #include "cert.h" +#include "certi.h" #include "xconst.h" #include "secerr.h" #include "secoid.h" @@ -2576,9 +2577,8 @@ loser: static SECStatus ocsp_DecodeResponseBytes(PLArenaPool *arena, ocspResponseBytes *rbytes) { - PORT_Assert(rbytes != NULL); /* internal error, really */ if (rbytes == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); /* XXX set better error? */ + PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE); return SECFailure; } @@ -4184,8 +4184,9 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response, } else { certUsage = certUsageStatusResponder; } - rv = CERT_VerifyCert(handle, signerCert, PR_TRUE, - certUsage, producedAt, pwArg, NULL); + rv = cert_VerifyCertWithFlags(handle, signerCert, PR_TRUE, certUsage, + producedAt, CERT_VERIFYCERT_SKIP_OCSP, + pwArg, NULL); if (rv != SECSuccess) { PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT); goto finish; @@ -4227,8 +4228,7 @@ finish: * algorithm was used. */ static PRBool -ocsp_CertIDsMatch(CERTCertDBHandle *handle, - CERTOCSPCertID *requestCertID, +ocsp_CertIDsMatch(CERTOCSPCertID *requestCertID, CERTOCSPCertID *responseCertID) { PRBool match = PR_FALSE; @@ -4285,7 +4285,7 @@ ocsp_CertIDsMatch(CERTCertDBHandle *handle, break; default: PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; + return PR_FALSE; } if ((keyHash != NULL) @@ -4319,7 +4319,7 @@ ocsp_GetSingleResponseForCertID(CERTOCSPSingleResponse **responses, for (i = 0; responses[i] != NULL; i++) { single = responses[i]; - if (ocsp_CertIDsMatch(handle, certID, single->certID)) { + if (ocsp_CertIDsMatch(certID, single->certID)) { return single; } } @@ -5086,6 +5086,9 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert, } if (cachedResponseFreshness == ocspFresh) { CERT_DestroyOCSPCertID(certID); + if (rvOcsp != SECSuccess) { + PORT_SetError(cachedErrorCode); + } return rvOcsp; } diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt index c584218..ca4c66b 100644 --- a/security/nss/lib/ckfw/builtins/certdata.txt +++ b/security/nss/lib/ckfw/builtins/certdata.txt @@ -607,6 +607,34 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements." +# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US +# Serial Number: 1407252 (0x157914) +# Subject: CN=*.pb.com,OU=Meters,O=Pitney Bowes,L=Danbury,ST=Connecticut,C=US +# Not Valid Before: Mon Feb 01 14:54:04 2010 +# Not Valid After : Tue Sep 30 00:00:00 2014 +# Fingerprint (MD5): 8F:46:BE:99:47:6F:93:DC:5C:01:54:50:D0:4A:BD:AC +# Fingerprint (SHA1): 30:F1:82:CA:1A:5E:4E:4F:F3:6E:D0:E6:38:18:B8:B9:41:CB:5F:8C +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements." +CKA_ISSUER MULTILINE_OCTAL +\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141 +\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151 +\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151 +\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\003\025\171\024 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + # # Certificate "Digital Signature Trust Co. Global CA 1" # @@ -2585,6 +2613,118 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)" +# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Serial Number:4c:00:36:1b:e5:08:2b:a9:aa:ce:74:0a:05:3e:fb:34 +# Subject: CN=Egypt Trust Class 3 Managed PKI Enterprise Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG +# Not Valid Before: Sun May 18 00:00:00 2008 +# Not Valid After : Thu May 17 23:59:59 2018 +# Fingerprint (MD5): A7:91:05:96:B1:56:01:26:4E:BF:80:80:08:86:1B:4D +# Fingerprint (SHA1): 6A:2C:5C:B0:94:D5:E0:B7:57:FB:0F:58:42:AA:C8:13:A5:80:2F:E1 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)" +CKA_ISSUER MULTILINE_OCTAL +\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 +\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 +\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171\040\055\040\107\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\114\000\066\033\345\010\053\251\252\316\164\012\005\076 +\373\064 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + + +# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)" +# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Serial Number:3e:0c:9e:87:69:aa:95:5c:ea:23:d8:45:9e:d4:5b:51 +# Subject: CN=Egypt Trust Class 3 Managed PKI Operational Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG +# Not Valid Before: Sun May 18 00:00:00 2008 +# Not Valid After : Thu May 17 23:59:59 2018 +# Fingerprint (MD5): D0:C3:71:17:3E:39:80:C6:50:4F:04:22:DF:40:E1:34 +# Fingerprint (SHA1): 9C:65:5E:D5:FA:E3:B8:96:4D:89:72:F6:3A:63:53:59:3F:5E:B4:4E +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)" +CKA_ISSUER MULTILINE_OCTAL +\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 +\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 +\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171\040\055\040\107\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\076\014\236\207\151\252\225\134\352\043\330\105\236\324 +\133\121 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)" +# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US +# Serial Number:12:bd:26:a2:ae:33:c0:7f:24:7b:6a:58:69:f2:0a:76 +# Subject: CN=Egypt Trust Class 3 Managed PKI SCO Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG +# Not Valid Before: Sun May 18 00:00:00 2008 +# Not Valid After : Thu May 17 23:59:59 2018 +# Fingerprint (MD5): C2:13:5E:B2:67:8A:5C:F7:91:EF:8F:29:0F:9B:77:6E +# Fingerprint (SHA1): 83:23:F1:4F:BC:9F:9B:80:B7:9D:ED:14:CD:01:57:CD:FB:08:95:D2 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)" +CKA_ISSUER MULTILINE_OCTAL +\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123 +\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125 +\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165 +\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003 +\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145 +\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106 +\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163 +\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023 +\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040 +\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171\040\055\040\107\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\022\275\046\242\256\063\300\177\044\173\152\130\151\362 +\012\166 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + # # Certificate "Verisign Class 4 Public Primary Certification Authority - G3" # @@ -7236,157 +7376,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TDC OCES Root CA" -# -# Issuer: CN=TDC OCES CA,O=TDC,C=DK -# Serial Number: 1044954564 (0x3e48bdc4) -# Subject: CN=TDC OCES CA,O=TDC,C=DK -# Not Valid Before: Tue Feb 11 08:39:30 2003 -# Not Valid After : Wed Feb 11 09:09:30 2037 -# Fingerprint (MD5): 93:7F:90:1C:ED:84:67:17:A4:65:5F:9B:CB:30:02:97 -# Fingerprint (SHA1): 87:81:C2:5A:96:BD:C2:FB:4C:65:06:4F:F9:39:0B:26:04:8A:0E:01 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TDC OCES Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\061\061\013\060\011\006\003\125\004\006\023\002\104\113\061 -\014\060\012\006\003\125\004\012\023\003\124\104\103\061\024\060 -\022\006\003\125\004\003\023\013\124\104\103\040\117\103\105\123 -\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\061\061\013\060\011\006\003\125\004\006\023\002\104\113\061 -\014\060\012\006\003\125\004\012\023\003\124\104\103\061\024\060 -\022\006\003\125\004\003\023\013\124\104\103\040\117\103\105\123 -\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\076\110\275\304 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\031\060\202\004\001\240\003\002\001\002\002\004\076 -\110\275\304\060\015\006\011\052\206\110\206\367\015\001\001\005 -\005\000\060\061\061\013\060\011\006\003\125\004\006\023\002\104 -\113\061\014\060\012\006\003\125\004\012\023\003\124\104\103\061 -\024\060\022\006\003\125\004\003\023\013\124\104\103\040\117\103 -\105\123\040\103\101\060\036\027\015\060\063\060\062\061\061\060 -\070\063\071\063\060\132\027\015\063\067\060\062\061\061\060\071 -\060\071\063\060\132\060\061\061\013\060\011\006\003\125\004\006 -\023\002\104\113\061\014\060\012\006\003\125\004\012\023\003\124 -\104\103\061\024\060\022\006\003\125\004\003\023\013\124\104\103 -\040\117\103\105\123\040\103\101\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\254\142\366\141\040\262\317 -\300\306\205\327\343\171\346\314\355\362\071\222\244\227\056\144 -\243\204\133\207\234\114\375\244\363\304\137\041\275\126\020\353 -\333\056\141\354\223\151\343\243\314\275\231\303\005\374\006\270 -\312\066\034\376\220\216\111\114\304\126\232\057\126\274\317\173 -\014\361\157\107\246\015\103\115\342\351\035\071\064\315\215\054 -\331\022\230\371\343\341\301\112\174\206\070\304\251\304\141\210 -\322\136\257\032\046\115\325\344\240\042\107\204\331\144\267\031 -\226\374\354\031\344\262\227\046\116\112\114\313\217\044\213\124 -\030\034\110\141\173\325\210\150\332\135\265\352\315\032\060\301 -\200\203\166\120\252\117\321\324\335\070\360\357\026\364\341\014 -\120\006\277\352\373\172\111\241\050\053\034\366\374\025\062\243 -\164\152\217\251\303\142\051\161\061\345\073\244\140\027\136\164 -\346\332\023\355\351\037\037\033\321\262\150\163\306\020\064\165 -\106\020\020\343\220\000\166\100\313\213\267\103\011\041\377\253 -\116\223\306\130\351\245\202\333\167\304\072\231\261\162\225\111 -\004\360\267\053\372\173\131\216\335\002\003\001\000\001\243\202 -\002\067\060\202\002\063\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001 -\377\004\004\003\002\001\006\060\201\354\006\003\125\035\040\004 -\201\344\060\201\341\060\201\336\006\010\052\201\120\201\051\001 -\001\001\060\201\321\060\057\006\010\053\006\001\005\005\007\002 -\001\026\043\150\164\164\160\072\057\057\167\167\167\056\143\145 -\162\164\151\146\151\153\141\164\056\144\153\057\162\145\160\157 -\163\151\164\157\162\171\060\201\235\006\010\053\006\001\005\005 -\007\002\002\060\201\220\060\012\026\003\124\104\103\060\003\002 -\001\001\032\201\201\103\145\162\164\151\146\151\153\141\164\145 -\162\040\146\162\141\040\144\145\156\156\145\040\103\101\040\165 -\144\163\164\145\144\145\163\040\165\156\144\145\162\040\117\111 -\104\040\061\056\062\056\062\060\070\056\061\066\071\056\061\056 -\061\056\061\056\040\103\145\162\164\151\146\151\143\141\164\145 -\163\040\146\162\157\155\040\164\150\151\163\040\103\101\040\141 -\162\145\040\151\163\163\165\145\144\040\165\156\144\145\162\040 -\117\111\104\040\061\056\062\056\062\060\070\056\061\066\071\056 -\061\056\061\056\061\056\060\021\006\011\140\206\110\001\206\370 -\102\001\001\004\004\003\002\000\007\060\201\201\006\003\125\035 -\037\004\172\060\170\060\110\240\106\240\104\244\102\060\100\061 -\013\060\011\006\003\125\004\006\023\002\104\113\061\014\060\012 -\006\003\125\004\012\023\003\124\104\103\061\024\060\022\006\003 -\125\004\003\023\013\124\104\103\040\117\103\105\123\040\103\101 -\061\015\060\013\006\003\125\004\003\023\004\103\122\114\061\060 -\054\240\052\240\050\206\046\150\164\164\160\072\057\057\143\162 -\154\056\157\143\145\163\056\143\145\162\164\151\146\151\153\141 -\164\056\144\153\057\157\143\145\163\056\143\162\154\060\053\006 -\003\125\035\020\004\044\060\042\200\017\062\060\060\063\060\062 -\061\061\060\070\063\071\063\060\132\201\017\062\060\063\067\060 -\062\061\061\060\071\060\071\063\060\132\060\037\006\003\125\035 -\043\004\030\060\026\200\024\140\265\205\354\126\144\176\022\031 -\047\147\035\120\025\113\163\256\073\371\022\060\035\006\003\125 -\035\016\004\026\004\024\140\265\205\354\126\144\176\022\031\047 -\147\035\120\025\113\163\256\073\371\022\060\035\006\011\052\206 -\110\206\366\175\007\101\000\004\020\060\016\033\010\126\066\056 -\060\072\064\056\060\003\002\004\220\060\015\006\011\052\206\110 -\206\367\015\001\001\005\005\000\003\202\001\001\000\012\272\046 -\046\106\323\163\250\011\363\153\013\060\231\375\212\341\127\172 -\021\323\270\224\327\011\020\156\243\261\070\003\321\266\362\103 -\101\051\142\247\162\330\373\174\005\346\061\160\047\124\030\116 -\212\174\116\345\321\312\214\170\210\317\033\323\220\213\346\043 -\370\013\016\063\103\175\234\342\012\031\217\311\001\076\164\135 -\164\311\213\034\003\345\030\310\001\114\077\313\227\005\135\230 -\161\246\230\157\266\174\275\067\177\276\341\223\045\155\157\360 -\012\255\027\030\341\003\274\007\051\310\255\046\350\370\141\360 -\375\041\011\176\232\216\251\150\175\110\142\162\275\000\352\001 -\231\270\006\202\121\201\116\361\365\264\221\124\271\043\172\000 -\232\237\135\215\340\074\144\271\032\022\222\052\307\202\104\162 -\071\334\342\074\306\330\125\365\025\116\310\005\016\333\306\320 -\142\246\354\025\264\265\002\202\333\254\214\242\201\360\233\231 -\061\365\040\040\250\210\141\012\007\237\224\374\320\327\033\314 -\056\027\363\004\047\166\147\353\124\203\375\244\220\176\006\075 -\004\243\103\055\332\374\013\142\352\057\137\142\123 -END - -# Trust for Certificate "TDC OCES Root CA" -# Issuer: CN=TDC OCES CA,O=TDC,C=DK -# Serial Number: 1044954564 (0x3e48bdc4) -# Subject: CN=TDC OCES CA,O=TDC,C=DK -# Not Valid Before: Tue Feb 11 08:39:30 2003 -# Not Valid After : Wed Feb 11 09:09:30 2037 -# Fingerprint (MD5): 93:7F:90:1C:ED:84:67:17:A4:65:5F:9B:CB:30:02:97 -# Fingerprint (SHA1): 87:81:C2:5A:96:BD:C2:FB:4C:65:06:4F:F9:39:0B:26:04:8A:0E:01 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TDC OCES Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\207\201\302\132\226\275\302\373\114\145\006\117\371\071\013\046 -\004\212\016\001 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\223\177\220\034\355\204\147\027\244\145\137\233\313\060\002\227 -END -CKA_ISSUER MULTILINE_OCTAL -\060\061\061\013\060\011\006\003\125\004\006\023\002\104\113\061 -\014\060\012\006\003\125\004\012\023\003\124\104\103\061\024\060 -\022\006\003\125\004\003\023\013\124\104\103\040\117\103\105\123 -\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\004\076\110\275\304 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "UTN DATACorp SGC Root CA" # # Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US @@ -9915,163 +9904,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Firmaprofesional Root CA" -# -# Issuer: E=ca(a)firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES -# Serial Number: 1 (0x1) -# Subject: E=ca(a)firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES -# Not Valid Before: Wed Oct 24 22:00:00 2001 -# Not Valid After : Thu Oct 24 22:00:00 2013 -# Fingerprint (MD5): 11:92:79:40:3C:B1:83:40:E5:AB:66:4A:67:92:80:DF -# Fingerprint (SHA1): A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Firmaprofesional Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123 -\061\042\060\040\006\003\125\004\007\023\031\103\057\040\115\165 -\156\164\141\156\145\162\040\062\064\064\040\102\141\162\143\145 -\154\157\156\141\061\102\060\100\006\003\125\004\003\023\071\101 -\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164 -\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141\160 -\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040\101 -\066\062\066\063\064\060\066\070\061\046\060\044\006\011\052\206 -\110\206\367\015\001\011\001\026\027\143\141\100\146\151\162\155 -\141\160\162\157\146\145\163\151\157\156\141\154\056\143\157\155 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123 -\061\042\060\040\006\003\125\004\007\023\031\103\057\040\115\165 -\156\164\141\156\145\162\040\062\064\064\040\102\141\162\143\145 -\154\157\156\141\061\102\060\100\006\003\125\004\003\023\071\101 -\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164 -\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141\160 -\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040\101 -\066\062\066\063\064\060\066\070\061\046\060\044\006\011\052\206 -\110\206\367\015\001\011\001\026\027\143\141\100\146\151\162\155 -\141\160\162\157\146\145\163\151\157\156\141\154\056\143\157\155 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\127\060\202\003\077\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\042\060\040\006\003\125\004\007\023\031\103\057\040\115\165\156 -\164\141\156\145\162\040\062\064\064\040\102\141\162\143\145\154 -\157\156\141\061\102\060\100\006\003\125\004\003\023\071\101\165 -\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164\151 -\146\151\143\141\143\151\157\156\040\106\151\162\155\141\160\162 -\157\146\145\163\151\157\156\141\154\040\103\111\106\040\101\066 -\062\066\063\064\060\066\070\061\046\060\044\006\011\052\206\110 -\206\367\015\001\011\001\026\027\143\141\100\146\151\162\155\141 -\160\162\157\146\145\163\151\157\156\141\154\056\143\157\155\060 -\036\027\015\060\061\061\060\062\064\062\062\060\060\060\060\132 -\027\015\061\063\061\060\062\064\062\062\060\060\060\060\132\060 -\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123\061 -\042\060\040\006\003\125\004\007\023\031\103\057\040\115\165\156 -\164\141\156\145\162\040\062\064\064\040\102\141\162\143\145\154 -\157\156\141\061\102\060\100\006\003\125\004\003\023\071\101\165 -\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164\151 -\146\151\143\141\143\151\157\156\040\106\151\162\155\141\160\162 -\157\146\145\163\151\157\156\141\154\040\103\111\106\040\101\066 -\062\066\063\064\060\066\070\061\046\060\044\006\011\052\206\110 -\206\367\015\001\011\001\026\027\143\141\100\146\151\162\155\141 -\160\162\157\146\145\163\151\157\156\141\154\056\143\157\155\060 -\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001 -\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000 -\347\043\003\157\157\043\245\136\170\316\225\054\355\224\036\156 -\012\236\001\307\352\060\321\054\235\335\067\350\233\230\171\126 -\323\374\163\337\320\212\336\125\217\121\371\132\352\336\265\160 -\304\355\244\355\377\243\015\156\017\144\120\061\257\001\047\130 -\256\376\154\247\112\057\027\055\323\163\325\023\034\217\131\245 -\064\054\035\124\004\105\315\150\270\240\300\003\245\317\205\102 -\107\225\050\133\317\357\200\154\340\220\227\212\001\074\035\363 -\207\020\060\046\110\175\327\374\351\235\221\161\377\101\232\251 -\100\265\067\234\051\040\117\037\122\343\240\175\023\155\124\267 -\012\336\351\152\116\007\254\254\031\137\334\176\142\164\366\262 -\005\000\272\205\240\375\035\070\156\313\132\273\206\274\224\147 -\063\065\203\054\037\043\315\370\310\221\161\314\227\213\357\256 -\017\334\051\003\033\300\071\353\160\355\301\156\016\330\147\013 -\211\251\274\065\344\357\266\064\264\245\266\304\055\245\276\320 -\303\224\044\110\333\337\226\323\000\265\146\032\213\146\005\017 -\335\077\077\313\077\252\136\232\112\370\264\112\357\225\067\033 -\002\003\001\000\001\243\201\237\060\201\234\060\052\006\003\125 -\035\021\004\043\060\041\206\037\150\164\164\160\072\057\057\167 -\167\167\056\146\151\162\155\141\160\162\157\146\145\163\151\157 -\156\141\154\056\143\157\155\060\022\006\003\125\035\023\001\001 -\377\004\010\060\006\001\001\377\002\001\001\060\053\006\003\125 -\035\020\004\044\060\042\200\017\062\060\060\061\061\060\062\064 -\062\062\060\060\060\060\132\201\017\062\060\061\063\061\060\062 -\064\062\062\060\060\060\060\132\060\016\006\003\125\035\017\001 -\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016\004 -\026\004\024\063\013\240\146\321\352\332\316\336\142\223\004\050 -\122\265\024\177\070\150\267\060\015\006\011\052\206\110\206\367 -\015\001\001\005\005\000\003\202\001\001\000\107\163\376\215\047 -\124\360\365\324\167\234\047\171\127\127\267\025\126\354\307\330 -\130\267\001\002\364\063\355\223\120\210\236\174\106\261\275\077 -\024\157\361\263\107\110\213\214\227\006\327\352\176\243\134\052 -\273\115\057\107\342\370\071\006\311\234\056\061\032\003\170\364 -\274\070\306\042\213\063\061\360\026\004\004\175\371\166\344\113 -\327\300\346\203\354\131\314\077\336\377\117\153\267\147\176\246 -\206\201\062\043\003\235\310\367\137\301\112\140\245\222\251\261 -\244\240\140\303\170\207\263\042\363\052\353\133\251\355\005\253 -\067\017\261\342\323\225\166\143\126\164\214\130\162\033\067\345 -\144\241\276\115\014\223\230\014\227\366\207\155\263\077\347\313 -\200\246\355\210\307\137\120\142\002\350\231\164\026\320\346\264 -\071\361\047\313\310\100\326\343\206\020\251\043\022\222\340\151 -\101\143\247\257\045\013\300\305\222\313\036\230\243\132\272\305 -\063\017\240\227\001\335\177\340\173\326\006\124\317\241\342\115 -\070\353\113\120\265\313\046\364\312\332\160\112\152\241\342\171 -\252\341\247\063\366\375\112\037\366\331\140 -END - -# Trust for Certificate "Firmaprofesional Root CA" -# Issuer: E=ca(a)firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES -# Serial Number: 1 (0x1) -# Subject: E=ca(a)firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES -# Not Valid Before: Wed Oct 24 22:00:00 2001 -# Not Valid After : Thu Oct 24 22:00:00 2013 -# Fingerprint (MD5): 11:92:79:40:3C:B1:83:40:E5:AB:66:4A:67:92:80:DF -# Fingerprint (SHA1): A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Firmaprofesional Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\251\142\217\113\230\251\033\110\065\272\322\301\106\062\206\273 -\146\144\152\214 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\021\222\171\100\074\261\203\100\345\253\146\112\147\222\200\337 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123 -\061\042\060\040\006\003\125\004\007\023\031\103\057\040\115\165 -\156\164\141\156\145\162\040\062\064\064\040\102\141\162\143\145 -\154\157\156\141\061\102\060\100\006\003\125\004\003\023\071\101 -\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164 -\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141\160 -\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040\101 -\066\062\066\063\064\060\066\070\061\046\060\044\006\011\052\206 -\110\206\367\015\001\011\001\026\027\143\141\100\146\151\162\155 -\141\160\162\157\146\145\163\151\157\156\141\154\056\143\157\155 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "Swisscom Root CA 1" # # Issuer: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch @@ -21854,188 +21686,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Bogus kuix.de" -# -# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Serial Number:72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0 -# Subject: CN=kuix.de,OU=Comodo Trial SSL,OU=TEST USE ONLY - NO WARRANTY ATTACHED,OU=For Testing Purposes Only,O=Kai Engert,STREET=Test Street,L=Test City,ST=Test State,postalCode=12345,C=DE -# Not Valid Before: Thu Mar 17 00:00:00 2011 -# Not Valid After : Sat Apr 16 23:59:59 2011 -# Fingerprint (MD5): F7:5F:98:BC:D8:64:0C:16:E5:AE:EE:AA:00:F6:1F:07 -# Fingerprint (SHA1): 82:61:4B:EC:97:48:15:DE:CC:9A:CC:6E:84:21:71:79:B2:64:20:40 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Bogus kuix.de" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\361\061\013\060\011\006\003\125\004\006\023\002\104\105 -\061\016\060\014\006\003\125\004\021\023\005\061\062\063\064\065 -\061\023\060\021\006\003\125\004\010\023\012\124\145\163\164\040 -\123\164\141\164\145\061\022\060\020\006\003\125\004\007\023\011 -\124\145\163\164\040\103\151\164\171\061\024\060\022\006\003\125 -\004\011\023\013\124\145\163\164\040\123\164\162\145\145\164\061 -\023\060\021\006\003\125\004\012\023\012\113\141\151\040\105\156 -\147\145\162\164\061\042\060\040\006\003\125\004\013\023\031\106 -\157\162\040\124\145\163\164\151\156\147\040\120\165\162\160\157 -\163\145\163\040\117\156\154\171\061\055\060\053\006\003\125\004 -\013\023\044\124\105\123\124\040\125\123\105\040\117\116\114\131 -\040\055\040\116\117\040\127\101\122\122\101\116\124\131\040\101 -\124\124\101\103\110\105\104\061\031\060\027\006\003\125\004\013 -\023\020\103\157\155\157\144\157\040\124\162\151\141\154\040\123 -\123\114\061\020\060\016\006\003\125\004\003\023\007\153\165\151 -\170\056\144\145 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125 -\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\110\141\162\144\167\141\162\145 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\162\003\041\005\305\014\010\127\075\216\245\060\116\376 -\350\260 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\154\060\202\004\124\240\003\002\001\002\002\020\162 -\003\041\005\305\014\010\127\075\216\245\060\116\376\350\260\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013 -\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006 -\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040 -\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124 -\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164 -\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150 -\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162 -\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003 -\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055 -\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063 -\061\067\060\060\060\060\060\060\132\027\015\061\061\060\064\061 -\066\062\063\065\071\065\071\132\060\201\361\061\013\060\011\006 -\003\125\004\006\023\002\104\105\061\016\060\014\006\003\125\004 -\021\023\005\061\062\063\064\065\061\023\060\021\006\003\125\004 -\010\023\012\124\145\163\164\040\123\164\141\164\145\061\022\060 -\020\006\003\125\004\007\023\011\124\145\163\164\040\103\151\164 -\171\061\024\060\022\006\003\125\004\011\023\013\124\145\163\164 -\040\123\164\162\145\145\164\061\023\060\021\006\003\125\004\012 -\023\012\113\141\151\040\105\156\147\145\162\164\061\042\060\040 -\006\003\125\004\013\023\031\106\157\162\040\124\145\163\164\151 -\156\147\040\120\165\162\160\157\163\145\163\040\117\156\154\171 -\061\055\060\053\006\003\125\004\013\023\044\124\105\123\124\040 -\125\123\105\040\117\116\114\131\040\055\040\116\117\040\127\101 -\122\122\101\116\124\131\040\101\124\124\101\103\110\105\104\061 -\031\060\027\006\003\125\004\013\023\020\103\157\155\157\144\157 -\040\124\162\151\141\154\040\123\123\114\061\020\060\016\006\003 -\125\004\003\023\007\153\165\151\170\056\144\145\060\201\237\060 -\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\201 -\215\000\060\201\211\002\201\201\000\270\252\216\365\227\107\007 -\137\345\170\166\156\223\153\216\337\113\074\333\231\057\161\123 -\051\156\245\363\044\117\110\045\043\100\001\354\012\025\013\354 -\156\310\236\046\043\146\373\351\333\330\050\205\041\117\036\337 -\173\114\345\143\301\013\262\142\126\224\123\313\277\234\241\115 -\331\207\305\151\110\074\261\277\245\150\122\041\035\172\334\224 -\117\104\156\107\045\035\237\234\222\322\067\035\371\133\133\262 -\335\076\030\327\363\207\146\255\243\364\316\217\321\157\360\271 -\264\357\261\352\025\143\012\316\201\002\003\001\000\001\243\202 -\001\332\060\202\001\326\060\037\006\003\125\035\043\004\030\060 -\026\200\024\241\162\137\046\033\050\230\103\225\135\007\067\325 -\205\226\235\113\322\303\105\060\035\006\003\125\035\016\004\026 -\004\024\100\217\071\046\234\114\206\043\231\306\121\011\246\346 -\362\301\376\247\366\267\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\005\240\060\014\006\003\125\035\023\001\001\377 -\004\002\060\000\060\035\006\003\125\035\045\004\026\060\024\006 -\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005 -\007\003\002\060\106\006\003\125\035\040\004\077\060\075\060\073 -\006\014\053\006\001\004\001\262\061\001\002\001\003\004\060\053 -\060\051\006\010\053\006\001\005\005\007\002\001\026\035\150\164 -\164\160\163\072\057\057\163\145\143\165\162\145\056\143\157\155 -\157\144\157\056\143\157\155\057\103\120\123\060\173\006\003\125 -\035\037\004\164\060\162\060\070\240\066\240\064\206\062\150\164 -\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157\143 -\141\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151 -\162\163\164\055\110\141\162\144\167\141\162\145\056\143\162\154 -\060\066\240\064\240\062\206\060\150\164\164\160\072\057\057\143 -\162\154\056\143\157\155\157\144\157\056\156\145\164\057\125\124 -\116\055\125\123\105\122\106\151\162\163\164\055\110\141\162\144 -\167\141\162\145\056\143\162\154\060\161\006\010\053\006\001\005 -\005\007\001\001\004\145\060\143\060\073\006\010\053\006\001\005 -\005\007\060\002\206\057\150\164\164\160\072\057\057\143\162\164 -\056\143\157\155\157\144\157\143\141\056\143\157\155\057\125\124 -\116\101\144\144\124\162\165\163\164\123\145\162\166\145\162\103 -\101\056\143\162\164\060\044\006\010\053\006\001\005\005\007\060 -\001\206\030\150\164\164\160\072\057\057\157\143\163\160\056\143 -\157\155\157\144\157\143\141\056\143\157\155\060\037\006\003\125 -\035\021\004\030\060\026\202\007\153\165\151\170\056\144\145\202 -\013\167\167\167\056\153\165\151\170\056\144\145\060\015\006\011 -\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000 -\216\141\036\046\036\242\331\031\320\360\324\275\211\371\352\222 -\021\171\152\136\173\174\237\176\071\163\011\126\121\346\206\124 -\307\155\106\166\122\312\152\250\064\300\140\076\003\316\263\311 -\110\227\321\237\246\241\152\017\376\167\321\036\020\263\127\200 -\251\006\046\204\246\373\172\067\023\316\204\314\167\171\011\056 -\342\104\276\037\254\167\156\167\106\101\333\260\262\151\221\164 -\321\200\226\141\061\014\057\012\317\265\320\334\010\055\353\366 -\165\202\336\212\056\272\075\007\220\140\071\126\203\341\202\312 -\043\254\337\343\317\115\160\127\301\270\267\223\232\355\334\213 -\336\112\240\125\050\002\253\103\014\124\227\150\030\242\353\071 -\341\271\374\277\163\200\144\063\022\173\207\140\002\347\076\160 -\311\207\312\251\066\074\005\361\006\136\161\012\016\012\066\231 -\260\207\347\151\132\261\240\060\116\175\141\130\313\306\250\226 -\200\136\175\301\052\377\233\112\112\353\051\147\212\017\157\346 -\031\355\202\317\201\127\341\044\255\242\321\372\332\024\227\260 -\154\174\107\306\327\224\021\041\354\326\132\322\335\217\177\221 -END - -# Trust for Certificate "Bogus kuix.de" -# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Serial Number:72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0 -# Subject: CN=kuix.de,OU=Comodo Trial SSL,OU=TEST USE ONLY - NO WARRANTY ATTACHED,OU=For Testing Purposes Only,O=Kai Engert,STREET=Test Street,L=Test City,ST=Test State,postalCode=12345,C=DE -# Not Valid Before: Thu Mar 17 00:00:00 2011 -# Not Valid After : Sat Apr 16 23:59:59 2011 -# Fingerprint (MD5): F7:5F:98:BC:D8:64:0C:16:E5:AE:EE:AA:00:F6:1F:07 -# Fingerprint (SHA1): 82:61:4B:EC:97:48:15:DE:CC:9A:CC:6E:84:21:71:79:B2:64:20:40 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Bogus kuix.de" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\202\141\113\354\227\110\025\336\314\232\314\156\204\041\161\171 -\262\144\040\100 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\367\137\230\274\330\144\014\026\345\256\356\252\000\366\037\007 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125 -\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\110\141\162\144\167\141\162\145 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\162\003\041\005\305\014\010\127\075\216\245\060\116\376 -\350\260 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# # Certificate "Go Daddy Root Certificate Authority - G2" # # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -28969,3 +28619,622 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "TeliaSonera Root CA v1" +# +# Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera +# Serial Number:00:95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96 +# Subject: CN=TeliaSonera Root CA v1,O=TeliaSonera +# Not Valid Before: Thu Oct 18 12:00:50 2007 +# Not Valid After : Mon Oct 18 12:00:50 2032 +# Fingerprint (MD5): 37:41:49:1B:18:56:9A:26:F5:AD:C2:66:FB:40:A5:4C +# Fingerprint (SHA1): 43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TeliaSonera Root CA v1" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154 +\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004 +\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122 +\157\157\164\040\103\101\040\166\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154 +\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004 +\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122 +\157\157\164\040\103\101\040\166\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\225\276\026\240\367\056\106\361\173\071\202\162\372 +\213\315\226 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\070\060\202\003\040\240\003\002\001\002\002\021\000 +\225\276\026\240\367\056\106\361\173\071\202\162\372\213\315\226 +\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 +\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154\151 +\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004\003 +\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122\157 +\157\164\040\103\101\040\166\061\060\036\027\015\060\067\061\060 +\061\070\061\062\060\060\065\060\132\027\015\063\062\061\060\061 +\070\061\062\060\060\065\060\132\060\067\061\024\060\022\006\003 +\125\004\012\014\013\124\145\154\151\141\123\157\156\145\162\141 +\061\037\060\035\006\003\125\004\003\014\026\124\145\154\151\141 +\123\157\156\145\162\141\040\122\157\157\164\040\103\101\040\166 +\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 +\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 +\001\000\302\276\353\047\360\041\243\363\151\046\125\176\235\305 +\125\026\221\134\375\357\041\277\123\200\172\055\322\221\214\143 +\061\360\354\044\360\303\245\322\162\174\020\155\364\067\267\345 +\346\174\171\352\214\265\202\213\256\110\266\254\000\334\145\165 +\354\052\115\137\301\207\365\040\145\053\201\250\107\076\211\043 +\225\060\026\220\177\350\127\007\110\347\031\256\277\105\147\261 +\067\033\006\052\376\336\371\254\175\203\373\136\272\344\217\227 +\147\276\113\216\215\144\007\127\070\125\151\064\066\075\023\110 +\357\117\342\323\146\036\244\317\032\267\136\066\063\324\264\006 +\275\030\001\375\167\204\120\000\105\365\214\135\350\043\274\176 +\376\065\341\355\120\173\251\060\215\031\323\011\216\150\147\135 +\277\074\227\030\123\273\051\142\305\312\136\162\301\307\226\324 +\333\055\240\264\037\151\003\354\352\342\120\361\014\074\360\254 +\363\123\055\360\034\365\355\154\071\071\163\200\026\310\122\260 +\043\315\340\076\334\335\074\107\240\273\065\212\342\230\150\213 +\276\345\277\162\356\322\372\245\355\022\355\374\230\030\251\046 +\166\334\050\113\020\040\034\323\177\026\167\055\355\157\200\367 +\111\273\123\005\273\135\150\307\324\310\165\026\077\211\132\213 +\367\027\107\324\114\361\322\211\171\076\115\075\230\250\141\336 +\072\036\322\370\136\003\340\301\311\034\214\323\215\115\323\225 +\066\263\067\137\143\143\233\063\024\360\055\046\153\123\174\211 +\214\062\302\156\354\075\041\000\071\311\241\150\342\120\203\056 +\260\072\053\363\066\240\254\057\344\157\141\302\121\011\071\076 +\213\123\271\273\147\332\334\123\271\166\131\066\235\103\345\040 +\340\075\062\140\205\042\121\267\307\063\273\335\025\057\244\170 +\246\007\173\201\106\066\004\206\335\171\065\307\225\054\073\260 +\243\027\065\345\163\037\264\134\131\357\332\352\020\145\173\172 +\320\177\237\263\264\052\067\073\160\213\233\133\271\053\267\354 +\262\121\022\227\123\051\132\324\360\022\020\334\117\002\273\022 +\222\057\142\324\077\151\103\174\015\326\374\130\165\001\210\235 +\130\026\113\336\272\220\377\107\001\211\006\152\366\137\262\220 +\152\263\002\246\002\210\277\263\107\176\052\331\325\372\150\170 +\065\115\002\003\001\000\001\243\077\060\075\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\013\006\003 +\125\035\017\004\004\003\002\001\006\060\035\006\003\125\035\016 +\004\026\004\024\360\217\131\070\000\263\365\217\232\226\014\325 +\353\372\173\252\027\350\023\022\060\015\006\011\052\206\110\206 +\367\015\001\001\005\005\000\003\202\002\001\000\276\344\134\142 +\116\044\364\014\010\377\360\323\014\150\344\223\111\042\077\104 +\047\157\273\155\336\203\146\316\250\314\015\374\365\232\006\345 +\167\024\221\353\235\101\173\231\052\204\345\377\374\041\301\135 +\360\344\037\127\267\165\251\241\137\002\046\377\327\307\367\116 +\336\117\370\367\034\106\300\172\117\100\054\042\065\360\031\261 +\320\153\147\054\260\250\340\300\100\067\065\366\204\134\134\343 +\257\102\170\376\247\311\015\120\352\015\204\166\366\121\357\203 +\123\306\172\377\016\126\111\056\217\172\326\014\346\047\124\343 +\115\012\140\162\142\315\221\007\326\245\277\310\231\153\355\304 +\031\346\253\114\021\070\305\157\061\342\156\111\310\077\166\200 +\046\003\046\051\340\066\366\366\040\123\343\027\160\064\027\235 +\143\150\036\153\354\303\115\206\270\023\060\057\135\106\015\107 +\103\325\033\252\131\016\271\134\215\006\110\255\164\207\137\307 +\374\061\124\101\023\342\307\041\016\236\340\036\015\341\300\173 +\103\205\220\305\212\130\306\145\012\170\127\362\306\043\017\001 +\331\040\113\336\017\373\222\205\165\052\134\163\215\155\173\045 +\221\312\356\105\256\006\113\000\314\323\261\131\120\332\072\210 +\073\051\103\106\136\227\053\124\316\123\157\215\112\347\226\372 +\277\161\016\102\213\174\375\050\240\320\110\312\332\304\201\114 +\273\242\163\223\046\310\353\014\326\046\210\266\300\044\317\273 +\275\133\353\165\175\351\010\216\206\063\054\171\167\011\151\245 +\211\374\263\160\220\207\166\217\323\042\273\102\316\275\163\013 +\040\046\052\320\233\075\160\036\044\154\315\207\166\251\027\226 +\267\317\015\222\373\216\030\251\230\111\321\236\376\140\104\162 +\041\271\031\355\302\365\061\361\071\110\210\220\044\165\124\026 +\255\316\364\370\151\024\144\071\373\243\270\272\160\100\307\047 +\034\277\304\126\123\372\143\145\320\363\034\016\026\365\153\206 +\130\115\030\324\344\015\216\245\235\133\221\334\166\044\120\077 +\306\052\373\331\267\234\265\326\346\320\331\350\031\213\025\161 +\110\255\267\352\330\131\210\324\220\277\026\263\331\351\254\131 +\141\124\310\034\272\312\301\312\341\271\040\114\217\072\223\211 +\245\240\314\277\323\366\165\244\165\226\155\126 +END + +# Trust for "TeliaSonera Root CA v1" +# Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera +# Serial Number:00:95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96 +# Subject: CN=TeliaSonera Root CA v1,O=TeliaSonera +# Not Valid Before: Thu Oct 18 12:00:50 2007 +# Not Valid After : Mon Oct 18 12:00:50 2032 +# Fingerprint (MD5): 37:41:49:1B:18:56:9A:26:F5:AD:C2:66:FB:40:A5:4C +# Fingerprint (SHA1): 43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TeliaSonera Root CA v1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\103\023\273\226\361\325\206\233\301\116\152\222\366\317\366\064 +\151\207\202\067 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\067\101\111\033\030\126\232\046\365\255\302\146\373\100\245\114 +END +CKA_ISSUER MULTILINE_OCTAL +\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154 +\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004 +\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122 +\157\157\164\040\103\101\040\166\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\225\276\026\240\367\056\106\361\173\071\202\162\372 +\213\315\226 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "E-Tugra Certification Authority" +# +# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR +# Serial Number:6a:68:3e:9c:51:9b:cb:53 +# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR +# Not Valid Before: Tue Mar 05 12:09:48 2013 +# Not Valid After : Fri Mar 03 12:09:48 2023 +# Fingerprint (MD5): B8:A1:03:63:B0:BD:21:71:70:8A:6F:13:3A:BB:79:49 +# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "E-Tugra Certification Authority" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122 +\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 +\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165 +\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151 +\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040 +\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056 +\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055 +\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163 +\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006 +\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145 +\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 +\157\162\151\164\171 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122 +\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 +\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165 +\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151 +\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040 +\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056 +\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055 +\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163 +\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006 +\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145 +\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 +\157\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\010\152\150\076\234\121\233\313\123 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\006\113\060\202\004\063\240\003\002\001\002\002\010\152 +\150\076\234\121\233\313\123\060\015\006\011\052\206\110\206\367 +\015\001\001\013\005\000\060\201\262\061\013\060\011\006\003\125 +\004\006\023\002\124\122\061\017\060\015\006\003\125\004\007\014 +\006\101\156\153\141\162\141\061\100\060\076\006\003\125\004\012 +\014\067\105\055\124\165\304\237\162\141\040\105\102\107\040\102 +\151\154\151\305\237\151\155\040\124\145\153\156\157\154\157\152 +\151\154\145\162\151\040\166\145\040\110\151\172\155\145\164\154 +\145\162\151\040\101\056\305\236\056\061\046\060\044\006\003\125 +\004\013\014\035\105\055\124\165\147\162\141\040\123\145\162\164 +\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145\172 +\151\061\050\060\046\006\003\125\004\003\014\037\105\055\124\165 +\147\162\141\040\103\145\162\164\151\146\151\143\141\164\151\157 +\156\040\101\165\164\150\157\162\151\164\171\060\036\027\015\061 +\063\060\063\060\065\061\062\060\071\064\070\132\027\015\062\063 +\060\063\060\063\061\062\060\071\064\070\132\060\201\262\061\013 +\060\011\006\003\125\004\006\023\002\124\122\061\017\060\015\006 +\003\125\004\007\014\006\101\156\153\141\162\141\061\100\060\076 +\006\003\125\004\012\014\067\105\055\124\165\304\237\162\141\040 +\105\102\107\040\102\151\154\151\305\237\151\155\040\124\145\153 +\156\157\154\157\152\151\154\145\162\151\040\166\145\040\110\151 +\172\155\145\164\154\145\162\151\040\101\056\305\236\056\061\046 +\060\044\006\003\125\004\013\014\035\105\055\124\165\147\162\141 +\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040\115 +\145\162\153\145\172\151\061\050\060\046\006\003\125\004\003\014 +\037\105\055\124\165\147\162\141\040\103\145\162\164\151\146\151 +\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\342\365\077\223\005\121\036\205\142\124\136\172\013\365\030 +\007\203\256\176\257\174\367\324\212\153\245\143\103\071\271\113 +\367\303\306\144\211\075\224\056\124\200\122\071\071\007\113\113 +\335\205\007\166\207\314\277\057\225\114\314\175\247\075\274\107 +\017\230\160\370\214\205\036\164\216\222\155\033\100\321\231\015 +\273\165\156\310\251\153\232\300\204\061\257\312\103\313\353\053 +\064\350\217\227\153\001\233\325\016\112\010\252\133\222\164\205 +\103\323\200\256\241\210\133\256\263\352\136\313\026\232\167\104 +\310\241\366\124\150\316\336\217\227\053\272\133\100\002\014\144 +\027\300\265\223\315\341\361\023\146\316\014\171\357\321\221\050 +\253\137\240\022\122\060\163\031\216\217\341\214\007\242\303\273 +\112\360\352\037\025\250\356\045\314\244\106\370\033\042\357\263 +\016\103\272\054\044\270\305\054\134\324\034\370\135\144\275\303 +\223\136\050\247\077\047\361\216\036\323\052\120\005\243\125\331 +\313\347\071\123\300\230\236\214\124\142\213\046\260\367\175\215 +\174\344\306\236\146\102\125\202\107\347\262\130\215\146\367\007 +\174\056\066\346\120\034\077\333\103\044\305\277\206\107\171\263 +\171\034\367\132\364\023\354\154\370\077\342\131\037\225\356\102 +\076\271\255\250\062\205\111\227\106\376\113\061\217\132\313\255 +\164\107\037\351\221\267\337\050\004\042\240\324\017\135\342\171 +\117\352\154\205\206\275\250\246\316\344\372\303\341\263\256\336 +\074\121\356\313\023\174\001\177\204\016\135\121\224\236\023\014 +\266\056\245\114\371\071\160\066\157\226\312\056\014\104\125\305 +\312\372\135\002\243\337\326\144\214\132\263\001\012\251\265\012 +\107\027\377\357\221\100\052\216\241\106\072\061\230\345\021\374 +\314\273\111\126\212\374\271\320\141\232\157\145\154\346\303\313 +\076\165\111\376\217\247\342\211\305\147\327\235\106\023\116\061 +\166\073\044\263\236\021\145\206\253\177\357\035\324\370\274\347 +\254\132\134\267\132\107\134\125\316\125\264\042\161\133\133\013 +\360\317\334\240\141\144\352\251\327\150\012\143\247\340\015\077 +\240\257\323\252\322\176\357\121\240\346\121\053\125\222\025\027 +\123\313\267\146\016\146\114\370\371\165\114\220\347\022\160\307 +\105\002\003\001\000\001\243\143\060\141\060\035\006\003\125\035 +\016\004\026\004\024\056\343\333\262\111\320\234\124\171\134\372 +\047\052\376\314\116\322\350\116\124\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125\035 +\043\004\030\060\026\200\024\056\343\333\262\111\320\234\124\171 +\134\372\047\052\376\314\116\322\350\116\124\060\016\006\003\125 +\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\005 +\067\072\364\115\267\105\342\105\165\044\217\266\167\122\350\034 +\330\020\223\145\363\362\131\006\244\076\036\051\354\135\321\320 +\253\174\340\012\220\110\170\355\116\230\003\231\376\050\140\221 +\035\060\035\270\143\174\250\346\065\265\372\323\141\166\346\326 +\007\113\312\151\232\262\204\172\167\223\105\027\025\237\044\320 +\230\023\022\377\273\240\056\375\116\114\207\370\316\134\252\230 +\033\005\340\000\106\112\202\200\245\063\213\050\334\355\070\323 +\337\345\076\351\376\373\131\335\141\204\117\322\124\226\023\141 +\023\076\217\200\151\276\223\107\265\065\103\322\132\273\075\134 +\357\263\102\107\315\073\125\023\006\260\011\333\375\143\366\072 +\210\012\231\157\176\341\316\033\123\152\104\146\043\121\010\173 +\274\133\122\242\375\006\067\070\100\141\217\112\226\270\220\067 +\370\146\307\170\220\000\025\056\213\255\121\065\123\007\250\153 +\150\256\371\116\074\007\046\315\010\005\160\314\071\077\166\275 +\245\323\147\046\001\206\246\123\322\140\073\174\103\177\125\212 +\274\225\032\301\050\071\114\037\103\322\221\364\162\131\212\271 +\126\374\077\264\235\332\160\234\166\132\214\103\120\356\216\060 +\162\115\337\377\111\367\306\251\147\331\155\254\002\021\342\072 +\026\045\247\130\010\313\157\123\101\234\110\070\107\150\063\321 +\327\307\217\324\164\041\324\303\005\220\172\377\316\226\210\261 +\025\051\135\043\253\320\140\241\022\117\336\364\027\315\062\345 +\311\277\310\103\255\375\056\216\361\257\342\364\230\372\022\037 +\040\330\300\247\014\205\305\220\364\073\055\226\046\261\054\276 +\114\253\353\261\322\212\311\333\170\023\017\036\011\235\155\217 +\000\237\002\332\301\372\037\172\172\011\304\112\346\210\052\227 +\237\211\213\375\067\137\137\072\316\070\131\206\113\257\161\013 +\264\330\362\160\117\237\062\023\343\260\247\127\345\332\332\103 +\313\204\064\362\050\304\352\155\364\052\357\301\153\166\332\373 +\176\273\205\074\322\123\302\115\276\161\341\105\321\375\043\147 +\015\023\165\373\317\145\147\042\235\256\260\011\321\011\377\035 +\064\277\376\043\227\067\322\071\372\075\015\006\013\264\333\073 +\243\253\157\134\035\266\176\350\263\202\064\355\006\134\044 +END + +# Trust for "E-Tugra Certification Authority" +# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR +# Serial Number:6a:68:3e:9c:51:9b:cb:53 +# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR +# Not Valid Before: Tue Mar 05 12:09:48 2013 +# Not Valid After : Fri Mar 03 12:09:48 2023 +# Fingerprint (MD5): B8:A1:03:63:B0:BD:21:71:70:8A:6F:13:3A:BB:79:49 +# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "E-Tugra Certification Authority" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\121\306\347\010\111\006\156\363\222\324\134\240\015\155\243\142 +\217\303\122\071 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\270\241\003\143\260\275\041\161\160\212\157\023\072\273\171\111 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122 +\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162 +\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165 +\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151 +\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040 +\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056 +\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055 +\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163 +\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006 +\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145 +\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150 +\157\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\010\152\150\076\234\121\233\313\123 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "T-TeleSec GlobalRoot Class 2" +# +# Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE +# Serial Number: 1 (0x1) +# Subject: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE +# Not Valid Before: Wed Oct 01 10:40:14 2008 +# Not Valid After : Sat Oct 01 23:59:59 2033 +# Fingerprint (MD5): 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A +# Fingerprint (SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 +\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 +\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 +\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 +\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 +\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 +\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 +\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 +\141\163\163\040\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 +\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 +\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 +\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 +\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 +\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 +\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 +\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 +\141\163\163\040\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\001 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164 +\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123 +\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035 +\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163 +\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060 +\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145 +\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141 +\163\163\040\062\060\036\027\015\060\070\061\060\060\061\061\060 +\064\060\061\064\132\027\015\063\063\061\060\060\061\062\063\065 +\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006 +\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124 +\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162 +\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142 +\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171 +\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164 +\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124 +\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157 +\164\040\103\154\141\163\163\040\062\060\202\001\042\060\015\006 +\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 +\000\060\202\001\012\002\202\001\001\000\252\137\332\033\137\350 +\163\221\345\332\134\364\242\346\107\345\363\150\125\140\005\035 +\002\244\263\233\131\363\036\212\257\064\255\374\015\302\331\110 +\031\356\151\217\311\040\374\041\252\007\031\355\260\134\254\145 +\307\137\355\002\174\173\174\055\033\326\272\271\200\302\030\202 +\026\204\372\146\260\010\306\124\043\201\344\315\271\111\077\366 +\117\156\067\110\050\070\017\305\276\347\150\160\375\071\227\115 +\322\307\230\221\120\252\304\104\263\043\175\071\107\351\122\142 +\326\022\223\136\267\061\226\102\005\373\166\247\036\243\365\302 +\374\351\172\305\154\251\161\117\352\313\170\274\140\257\307\336 +\364\331\313\276\176\063\245\156\224\203\360\064\372\041\253\352 +\216\162\240\077\244\336\060\133\357\206\115\152\225\133\103\104 +\250\020\025\034\345\001\127\305\230\361\346\006\050\221\252\040 +\305\267\123\046\121\103\262\013\021\225\130\341\300\017\166\331 +\300\215\174\201\363\162\160\236\157\376\032\216\331\137\065\306 +\262\157\064\174\276\110\117\342\132\071\327\330\235\170\236\237 +\206\076\003\136\031\213\104\242\325\307\002\003\001\000\001\243 +\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060 +\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 +\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\277 +\131\040\066\000\171\240\240\042\153\214\325\362\141\322\270\054 +\313\202\112\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\003\202\001\001\000\061\003\242\141\013\037\164\350\162 +\066\306\155\371\115\236\372\042\250\341\201\126\317\315\273\237 +\352\253\221\031\070\257\252\174\025\115\363\266\243\215\245\364 +\216\366\104\251\247\350\041\225\255\076\000\142\026\210\360\002 +\272\374\141\043\346\063\233\060\172\153\066\142\173\255\004\043 +\204\130\145\342\333\053\212\347\045\123\067\142\123\137\274\332 +\001\142\051\242\246\047\161\346\072\042\176\301\157\035\225\160 +\040\112\007\064\337\352\377\025\200\345\272\327\172\330\133\165 +\174\005\172\051\107\176\100\250\061\023\167\315\100\073\264\121 +\107\172\056\021\343\107\021\336\235\146\320\213\325\124\146\372 +\203\125\352\174\302\051\211\033\351\157\263\316\342\005\204\311 +\057\076\170\205\142\156\311\137\301\170\143\164\130\300\110\030 +\014\231\071\353\244\314\032\265\171\132\215\025\234\330\024\015 +\366\172\007\127\307\042\203\005\055\074\233\045\046\075\030\263 +\251\103\174\310\310\253\144\217\016\243\277\234\033\235\060\333 +\332\320\031\056\252\074\361\373\063\200\166\344\315\255\031\117 +\005\047\216\023\241\156\302 +END + +# Trust for "T-TeleSec GlobalRoot Class 2" +# Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE +# Serial Number: 1 (0x1) +# Subject: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE +# Not Valid Before: Wed Oct 01 10:40:14 2008 +# Not Valid After : Sat Oct 01 23:59:59 2033 +# Fingerprint (MD5): 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A +# Fingerprint (SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\131\015\055\175\210\117\100\056\141\176\245\142\062\027\145\317 +\027\330\224\351 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\053\233\236\344\173\154\037\000\162\032\314\301\167\171\337\152 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 +\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 +\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 +\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 +\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 +\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 +\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 +\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 +\141\163\163\040\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\001 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Atos TrustedRoot 2011" +# +# Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011 +# Serial Number:5c:33:cb:62:2c:5f:b3:32 +# Subject: C=DE,O=Atos,CN=Atos TrustedRoot 2011 +# Not Valid Before: Thu Jul 07 14:58:30 2011 +# Not Valid After : Tue Dec 31 23:59:59 2030 +# Fingerprint (MD5): AE:B9:C4:32:4B:AC:7F:5D:66:CC:77:94:BB:2A:77:56 +# Fingerprint (SHA1): 2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Atos TrustedRoot 2011" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157 +\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060 +\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157 +\163\061\013\060\011\006\003\125\004\006\023\002\104\105 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157 +\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060 +\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157 +\163\061\013\060\011\006\003\125\004\006\023\002\104\105 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\010\134\063\313\142\054\137\263\062 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\167\060\202\002\137\240\003\002\001\002\002\010\134 +\063\313\142\054\137\263\062\060\015\006\011\052\206\110\206\367 +\015\001\001\013\005\000\060\074\061\036\060\034\006\003\125\004 +\003\014\025\101\164\157\163\040\124\162\165\163\164\145\144\122 +\157\157\164\040\062\060\061\061\061\015\060\013\006\003\125\004 +\012\014\004\101\164\157\163\061\013\060\011\006\003\125\004\006 +\023\002\104\105\060\036\027\015\061\061\060\067\060\067\061\064 +\065\070\063\060\132\027\015\063\060\061\062\063\061\062\063\065 +\071\065\071\132\060\074\061\036\060\034\006\003\125\004\003\014 +\025\101\164\157\163\040\124\162\165\163\164\145\144\122\157\157 +\164\040\062\060\061\061\061\015\060\013\006\003\125\004\012\014 +\004\101\164\157\163\061\013\060\011\006\003\125\004\006\023\002 +\104\105\060\202\001\042\060\015\006\011\052\206\110\206\367\015 +\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202 +\001\001\000\225\205\073\227\157\052\073\056\073\317\246\363\051 +\065\276\317\030\254\076\252\331\370\115\240\076\032\107\271\274 +\232\337\362\376\314\076\107\350\172\226\302\044\216\065\364\251 +\014\374\202\375\155\301\162\142\047\275\352\153\353\347\212\314 +\124\076\220\120\317\200\324\225\373\350\265\202\324\024\305\266 +\251\125\045\127\333\261\120\366\260\140\144\131\172\151\317\003 +\267\157\015\276\312\076\157\164\162\352\252\060\052\163\142\276 +\111\221\141\310\021\376\016\003\052\367\152\040\334\002\025\015 +\136\025\152\374\343\202\301\265\305\235\144\011\154\243\131\230 +\007\047\307\033\226\053\141\164\161\154\103\361\367\065\211\020 +\340\236\354\125\241\067\042\242\207\004\005\054\107\175\264\034 +\271\142\051\146\050\312\267\341\223\365\244\224\003\231\271\160 +\205\265\346\110\352\215\120\374\331\336\314\157\007\016\335\013 +\162\235\200\060\026\007\225\077\050\016\375\305\165\117\123\326 +\164\232\264\044\056\216\002\221\317\166\305\233\036\125\164\234 +\170\041\261\360\055\361\013\237\302\325\226\030\037\360\124\042 +\172\214\007\002\003\001\000\001\243\175\060\173\060\035\006\003 +\125\035\016\004\026\004\024\247\245\006\261\054\246\011\140\356 +\321\227\351\160\256\274\073\031\154\333\041\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003 +\125\035\043\004\030\060\026\200\024\247\245\006\261\054\246\011 +\140\356\321\227\351\160\256\274\073\031\154\333\041\060\030\006 +\003\125\035\040\004\021\060\017\060\015\006\013\053\006\001\004 +\001\260\055\003\004\001\001\060\016\006\003\125\035\017\001\001 +\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206\367 +\015\001\001\013\005\000\003\202\001\001\000\046\167\064\333\224 +\110\206\052\101\235\054\076\006\220\140\304\214\254\013\124\270 +\037\271\173\323\007\071\344\372\076\173\262\075\116\355\237\043 +\275\227\363\153\134\357\356\375\100\246\337\241\223\241\012\206 +\254\357\040\320\171\001\275\170\367\031\330\044\061\064\004\001 +\246\272\025\232\303\047\334\330\117\017\314\030\143\377\231\017 +\016\221\153\165\026\341\041\374\330\046\307\107\267\246\317\130 +\162\161\176\272\341\115\225\107\073\311\257\155\241\264\301\354 +\211\366\264\017\070\265\342\144\334\045\317\246\333\353\232\134 +\231\241\305\010\336\375\346\332\325\326\132\105\014\304\267\302 +\265\024\357\264\021\377\016\025\265\365\365\333\306\275\353\132 +\247\360\126\042\251\074\145\124\306\025\250\275\206\236\315\203 +\226\150\172\161\201\211\341\013\341\352\021\033\150\010\314\151 +\236\354\236\101\236\104\062\046\172\342\207\012\161\075\353\344 +\132\244\322\333\305\315\306\336\140\177\271\363\117\104\222\357 +\052\267\030\076\247\031\331\013\175\261\067\101\102\260\272\140 +\035\362\376\011\021\260\360\207\173\247\235 +END + +# Trust for "Atos TrustedRoot 2011" +# Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011 +# Serial Number:5c:33:cb:62:2c:5f:b3:32 +# Subject: C=DE,O=Atos,CN=Atos TrustedRoot 2011 +# Not Valid Before: Thu Jul 07 14:58:30 2011 +# Not Valid After : Tue Dec 31 23:59:59 2030 +# Fingerprint (MD5): AE:B9:C4:32:4B:AC:7F:5D:66:CC:77:94:BB:2A:77:56 +# Fingerprint (SHA1): 2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Atos TrustedRoot 2011" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\053\261\365\076\125\014\035\305\361\324\346\267\152\106\113\125 +\006\002\254\041 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\256\271\304\062\113\254\177\135\146\314\167\224\273\052\167\126 +END +CKA_ISSUER MULTILINE_OCTAL +\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157 +\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060 +\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157 +\163\061\013\060\011\006\003\125\004\006\023\002\104\105 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\010\134\063\313\142\054\137\263\062 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index 370c1b3..ba43e70 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 96 -#define NSS_BUILTINS_LIBRARY_VERSION "1.96" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 98 +#define NSS_BUILTINS_LIBRARY_VERSION "1.98" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/ckfw/capi/cobject.c b/security/nss/lib/ckfw/capi/cobject.c index eba1652..1da5f7d 100644 --- a/security/nss/lib/ckfw/capi/cobject.c +++ b/security/nss/lib/ckfw/capi/cobject.c @@ -2157,7 +2157,7 @@ nss_ckcapi_CreatePrivateKey return (ckcapiInternalObject *)NULL; } containerName = ckcapi_getContainer(pError, &keyID); - if ((char *)NULL == providerName ) { + if ((char *)NULL == containerName) { goto loser; } rc = CryptAcquireContext(&hProv, containerName, providerName, diff --git a/security/nss/lib/cryptohi/cryptohi.h b/security/nss/lib/cryptohi/cryptohi.h index 09297ea..6661b66 100644 --- a/security/nss/lib/cryptohi/cryptohi.h +++ b/security/nss/lib/cryptohi/cryptohi.h @@ -1,5 +1,5 @@ /* - * crypto.h - public data structures and prototypes for the crypto library + * cryptohi.h - public prototypes for the crypto library * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -56,7 +56,7 @@ extern SECItem *DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len); /* ** Create a new signature context used for signing a data stream. -** "alg" the signature algorithm to use (e.g. SEC_OID_RSA_WITH_MD5) +** "alg" the signature algorithm to use (e.g. SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION) ** "privKey" the private key to use */ extern SGNContext *SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *privKey); diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h index 3793b57..88a77f1 100644 --- a/security/nss/lib/cryptohi/keyhi.h +++ b/security/nss/lib/cryptohi/keyhi.h @@ -90,17 +90,7 @@ SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param, ** Create a subject-public-key-info based on a public key. */ extern CERTSubjectPublicKeyInfo * -SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *k); - -/* -** Decode a DER encoded public key into an SECKEYPublicKey structure. -*/ -extern SECKEYPublicKey *SECKEY_DecodeDERPublicKey(const SECItem *pubkder); - -/* -** Convert a base64 ascii encoded DER public key to our internal format. -*/ -extern SECKEYPublicKey *SECKEY_ConvertAndDecodePublicKey(const char *pubkstr); +SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k); /* ** Convert a base64 ascii encoded DER public key and challenge to spki, @@ -115,7 +105,7 @@ SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge, ** DER encoded subject public key info. */ SECItem * -SECKEY_EncodeDERSubjectPublicKeyInfo(SECKEYPublicKey *pubk); +SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk); /* ** Decode a DER encoded subject public key info into a @@ -208,7 +198,7 @@ KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey); /* * Creates a PublicKey from its DER encoding. - * Currently only supports RSA and DSA keys. + * Currently only supports RSA, DSA, and DH keys. */ SECKEYPublicKey* SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type); diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index f63d150..16d2a49 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -1213,18 +1213,13 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk) return NULL; } -CERTSubjectPublicKeyInfo * -SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk) +static CERTSubjectPublicKeyInfo * +seckey_CreateSubjectPublicKeyInfo_helper(SECKEYPublicKey *pubk) { CERTSubjectPublicKeyInfo *spki; PLArenaPool *arena; SECItem params = { siBuffer, NULL, 0 }; - if (!pubk) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { PORT_SetError(SEC_ERROR_NO_MEMORY); @@ -1332,78 +1327,36 @@ SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk) return NULL; } -void -SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki) -{ - if (spki && spki->arena) { - PORT_FreeArena(spki->arena, PR_FALSE); - } -} - -/* - * this only works for RSA keys... need to do something - * similiar to CERT_ExtractPublicKey for other key times. - */ -SECKEYPublicKey * -SECKEY_DecodeDERPublicKey(const SECItem *pubkder) +CERTSubjectPublicKeyInfo * +SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *pubk) { - PLArenaPool *arena; - SECKEYPublicKey *pubk; - SECStatus rv; - SECItem newPubkder; + CERTSubjectPublicKeyInfo *spki; + SECKEYPublicKey *tempKey; - arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - PORT_SetError (SEC_ERROR_NO_MEMORY); - return NULL; + if (!pubk) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; } - pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc (arena, sizeof (SECKEYPublicKey)); - if (pubk != NULL) { - pubk->arena = arena; - pubk->pkcs11Slot = NULL; - pubk->pkcs11ID = 0; - prepare_rsa_pub_key_for_asn1(pubk); - /* copy the DER into the arena, since Quick DER returns data that points - into the DER input, which may get freed by the caller */ - rv = SECITEM_CopyItem(arena, &newPubkder, pubkder); - if ( rv == SECSuccess ) { - rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_RSAPublicKeyTemplate, - &newPubkder); - } - if (rv == SECSuccess) - return pubk; - SECKEY_DestroyPublicKey (pubk); - } else { - PORT_SetError (SEC_ERROR_NO_MEMORY); + tempKey = SECKEY_CopyPublicKey(pubk); + if (!tempKey) { + return NULL; } - - PORT_FreeArena (arena, PR_FALSE); - return NULL; + spki = seckey_CreateSubjectPublicKeyInfo_helper(tempKey); + SECKEY_DestroyPublicKey(tempKey); + return spki; } -/* - * Decode a base64 ascii encoded DER encoded public key. - */ -SECKEYPublicKey * -SECKEY_ConvertAndDecodePublicKey(const char *pubkstr) +void +SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki) { - SECKEYPublicKey *pubk; - SECStatus rv; - SECItem der; - - rv = ATOB_ConvertAsciiToItem (&der, pubkstr); - if (rv != SECSuccess) - return NULL; - - pubk = SECKEY_DecodeDERPublicKey (&der); - - PORT_Free (der.data); - return pubk; + if (spki && spki->arena) { + PORT_FreeArena(spki->arena, PR_FALSE); + } } SECItem * -SECKEY_EncodeDERSubjectPublicKeyInfo(SECKEYPublicKey *pubk) +SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk) { CERTSubjectPublicKeyInfo *spki=NULL; SECItem *spkiDER=NULL; @@ -1757,7 +1710,7 @@ SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type) finish: if (rv != SECSuccess) { if (arena != NULL) { - PORT_FreeArena(arena, PR_TRUE); + PORT_FreeArena(arena, PR_FALSE); } pubk = NULL; } diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c index b93ace4..2ea337b 100644 --- a/security/nss/lib/cryptohi/secsign.c +++ b/security/nss/lib/cryptohi/secsign.c @@ -37,7 +37,7 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key) * PKCS #7 algTag if we were just going to change here you might * ask. Well the answer is for some cards we may have to do the * hashing on card. It may not support CKM_RSA_PKCS sign algorithm, - * it may just support CKM_RSA_PKCS_WITH_SHA1 and/or CKM_RSA_PKCS_WITH_MD5. + * it may just support CKM_SHA1_RSA_PKCS and/or CKM_MD5_RSA_PKCS. */ /* we have a private key, not a public key, so don't pass it in */ rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg); diff --git a/security/nss/lib/dbm/include/mcom_db.h b/security/nss/lib/dbm/include/mcom_db.h index e3b9ccd..f204484 100644 --- a/security/nss/lib/dbm/include/mcom_db.h +++ b/security/nss/lib/dbm/include/mcom_db.h @@ -45,7 +45,11 @@ typedef PRUintn uint; #endif typedef PRUint8 uint8; typedef PRUint16 uint16; +/* On AIX 5.2, sys/inttypes.h (which is included by sys/types.h) + * defines the types int8, int16, int32, and int64. */ +#if !defined(AIX) typedef PRInt32 int32; +#endif typedef PRUint32 uint32; #include <limits.h> diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index 0d293f1..ec6a769 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -95,7 +95,7 @@ endif # NSS_X86_OR_X64 means the target is either x86 or x64 ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH))) DEFINES += -DNSS_X86_OR_X64 -ifdef USE_64 +ifneq (,$(USE_64)$(USE_X32)) DEFINES += -DNSS_X64 else DEFINES += -DNSS_X86 @@ -135,6 +135,13 @@ else ifdef BUILD_OPT OPTIMIZER += -Ox # maximum optimization for freebl endif + # The Intel AES assembly code requires Visual C++ 2010. + # if $(_MSC_VER) >= 1600 (Visual C++ 2010) + ifeq ($(firstword $(sort $(_MSC_VER) 1600)),1600) + DEFINES += -DUSE_HW_AES -DINTEL_GCM + ASFILES += intel-aes-x86-masm.asm intel-gcm-x86-masm.asm + EXTRA_SRCS += intel-gcm-wrap.c + endif endif else # -DMP_NO_MP_WORD @@ -150,6 +157,13 @@ else ASFILES = arcfour-amd64-masm.asm mpi_amd64_masm.asm mp_comba_amd64_masm.asm DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY DEFINES += -DNSS_USE_COMBA + # The Intel AES assembly code requires Visual C++ 2010 (10.0). The _xgetbv + # compiler intrinsic function requires Visual C++ 2010 (10.0) SP1. + ifeq ($(_MSC_VER_GE_10SP1),1) + DEFINES += -DUSE_HW_AES -DINTEL_GCM + ASFILES += intel-aes-x64-masm.asm intel-gcm-x64-masm.asm + EXTRA_SRCS += intel-gcm-wrap.c + endif MPI_SRCS += mpi_amd64.c endif endif @@ -180,13 +194,13 @@ endif # Darwin ifeq ($(OS_TARGET),Linux) ifeq ($(CPU_ARCH),x86_64) ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s - ASFLAGS += -m64 -fPIC -Wa,--noexecstack + ASFLAGS += -fPIC -Wa,--noexecstack DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY DEFINES += -DNSS_USE_COMBA DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN # DEFINES += -DMPI_AMD64_ADD - # comment the next two lines to turn off intel HW accelleration - DEFINES += -DUSE_HW_AES + # comment the next four lines to turn off Intel HW acceleration. + DEFINES += -DUSE_HW_AES -DINTEL_GCM ASFILES += intel-aes.s intel-gcm.s EXTRA_SRCS += intel-gcm-wrap.c INTEL_GCM = 1 @@ -195,7 +209,7 @@ endif ifeq ($(CPU_ARCH),x86) ASFILES = mpi_x86.s DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE - DEFINES += -DMP_ASSEMBLY_DIV_2DX1D + DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN # The floating point ECC code doesn't work on Linux x86 (bug 311432). #ECL_USE_FP = 1 @@ -419,6 +433,11 @@ else ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s ASFLAGS += -march=opteron -m64 -fPIC MPI_SRCS += mp_comba.c + # comment the next four lines to turn off Intel HW acceleration + ASFILES += intel-gcm.s + EXTRA_SRCS += intel-gcm-wrap.c + INTEL_GCM = 1 + DEFINES += -DINTEL_GCM else ASFILES = arcfour-amd64-sun.s mpi_amd64_sun.s sha-fast-amd64-sun.s ASFILES += mp_comba_amd64_sun.s mpcpucache_amd64.s @@ -426,14 +445,13 @@ else SOL_CFLAGS += -xprefetch=no SHA_SRCS = MPCPU_SRCS = + # Intel acceleration for GCM does not build currently with Studio endif DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY DEFINES += -DNSS_USE_COMBA -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN - # comment the next two lines to turn off intel HW accelleration + # comment the next two lines to turn off Intel HW acceleration DEFINES += -DUSE_HW_AES - ASFILES += intel-aes.s intel-gcm.s - EXTRA_SRCS += intel-gcm-wrap.c - INTEL_GCM = 1 + ASFILES += intel-aes.s MPI_SRCS += mpi_amd64.c else # Solaris x86 @@ -449,14 +467,14 @@ else endif # Solaris for non-sparc family CPUs endif # target == SunOS -ifdef NSS_ENABLE_ECC +ifndef NSS_DISABLE_ECC ifdef ECL_USE_FP #enable floating point ECC code DEFINES += -DECL_USE_FP ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c ECL_HDRS += ecp_fp.h endif -endif # NSS_ENABLE_ECC +endif ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # @@ -646,7 +664,7 @@ $(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3 # symbolic names to registers, for example, # .set Htbl, %rdi # So we can't use Clang's integrated assembler with intel-gcm.s. -ifneq (,$(findstring clang,$(AS))) +ifneq (,$(findstring clang,$(shell $(AS) --version))) $(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): ASFLAGS += -no-integrated-as endif endif diff --git a/security/nss/lib/freebl/aeskeywrap.c b/security/nss/lib/freebl/aeskeywrap.c index 16804f5..c1c95b3 100644 --- a/security/nss/lib/freebl/aeskeywrap.c +++ b/security/nss/lib/freebl/aeskeywrap.c @@ -369,6 +369,7 @@ AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output, if (pOutputLen) *pOutputLen = outLen; } else { + s = SECFailure; PORT_SetError(SEC_ERROR_BAD_DATA); if (pOutputLen) *pOutputLen = 0; diff --git a/security/nss/lib/freebl/arcfour.c b/security/nss/lib/freebl/arcfour.c index d89684c..abc9857 100644 --- a/security/nss/lib/freebl/arcfour.c +++ b/security/nss/lib/freebl/arcfour.c @@ -30,7 +30,7 @@ #define USE_WORD #endif -#if (defined(IS_64)) +#if defined(IS_64) || defined(NSS_BEVAND_ARCFOUR) typedef PRUint64 WORD; #else typedef PRUint32 WORD; diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index 0f50130..8324714 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -1,5 +1,5 @@ /* - * crypto.h - public data structures and prototypes for the crypto library + * blapi.h - public prototypes for the freebl library * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -62,7 +62,7 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, /* ** Perform a check of private key parameters for consistency. */ -extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key); +extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key); /* ** Given only minimal private key parameters, fill in the rest of the @@ -1576,6 +1576,18 @@ extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType); extern void BL_SetForkState(PRBool forked); +#ifndef NSS_DISABLE_ECC +/* +** pepare an ECParam structure from DEREncoded params + */ +extern SECStatus EC_FillParams(PLArenaPool *arena, + const SECItem *encodedParams, ECParams *params); +extern SECStatus EC_DecodeParams(const SECItem *encodedParams, + ECParams **ecparams); +extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, + const ECParams *srcParams); +#endif + SEC_END_PROTOS #endif /* _BLAPI_H_ */ diff --git a/security/nss/lib/freebl/blapii.h b/security/nss/lib/freebl/blapii.h index 3ba7b7c..4840fc7 100644 --- a/security/nss/lib/freebl/blapii.h +++ b/security/nss/lib/freebl/blapii.h @@ -1,5 +1,5 @@ /* - * blapii.h - private data structures and prototypes for the crypto library + * blapii.h - private data structures and prototypes for the freebl library * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h index b533743..8e172d4 100644 --- a/security/nss/lib/freebl/blapit.h +++ b/security/nss/lib/freebl/blapit.h @@ -1,5 +1,5 @@ /* - * blapit.h - public data structures for the crypto library + * blapit.h - public data structures for the freebl library * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/security/nss/lib/freebl/config.mk b/security/nss/lib/freebl/config.mk index cf76b49..918a663 100644 --- a/security/nss/lib/freebl/config.mk +++ b/security/nss/lib/freebl/config.mk @@ -54,9 +54,9 @@ RES = $(OBJDIR)/$(LIBRARY_NAME).res RESNAME = freebl.rc ifdef NS_USE_GCC -OS_LIBS += -lshell32 +OS_LIBS += -ladvapi32 else -OS_LIBS += shell32.lib +OS_LIBS += advapi32.lib endif ifdef NS_USE_GCC diff --git a/security/nss/lib/freebl/ctr.c b/security/nss/lib/freebl/ctr.c index 3a2f1a6..1cbf30c 100644 --- a/security/nss/lib/freebl/ctr.c +++ b/security/nss/lib/freebl/ctr.c @@ -12,6 +12,11 @@ #include "pkcs11t.h" #include "secerr.h" +#ifdef USE_HW_AES +#include "intel-aes.h" +#include "rijndael.h" +#endif + SECStatus CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher, const unsigned char *param, unsigned int blocksize) @@ -77,7 +82,7 @@ CTR_DestroyContext(CTRContext *ctr, PRBool freeit) */ static void ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits, - unsigned int blocksize) + unsigned int blocksize) { unsigned char *counterPtr = counter + blocksize - 1; unsigned char mask, count; @@ -101,7 +106,7 @@ ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits, static void ctr_xor(unsigned char *target, const unsigned char *x, - const unsigned char *y, unsigned int count) + const unsigned char *y, unsigned int count) { unsigned int i; for (i=0; i < count; i++) { @@ -111,9 +116,9 @@ ctr_xor(unsigned char *target, const unsigned char *x, SECStatus CTR_Update(CTRContext *ctr, unsigned char *outbuf, - unsigned int *outlen, unsigned int maxout, - const unsigned char *inbuf, unsigned int inlen, - unsigned int blocksize) + unsigned int *outlen, unsigned int maxout, + const unsigned char *inbuf, unsigned int inlen, + unsigned int blocksize) { unsigned int tmp; SECStatus rv; @@ -126,7 +131,7 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, *outlen = 0; if (ctr->bufPtr != blocksize) { unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen); - ctr_xor(outbuf, inbuf, ctr->buffer+ctr->bufPtr, needed); + ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed); ctr->bufPtr += needed; outbuf += needed; inbuf += needed; @@ -137,7 +142,7 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, } PORT_Assert(ctr->bufPtr == blocksize); } - + while (inlen >= blocksize) { rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, ctr->counter, blocksize, blocksize); @@ -165,3 +170,60 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, *outlen += inlen; return SECSuccess; } + +#if defined(USE_HW_AES) && defined(_MSC_VER) +SECStatus +CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf, + unsigned int *outlen, unsigned int maxout, + const unsigned char *inbuf, unsigned int inlen, + unsigned int blocksize) +{ + unsigned int fullblocks; + unsigned int tmp; + SECStatus rv; + + if (maxout < inlen) { + *outlen = inlen; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + *outlen = 0; + if (ctr->bufPtr != blocksize) { + unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen); + ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed); + ctr->bufPtr += needed; + outbuf += needed; + inbuf += needed; + *outlen += needed; + inlen -= needed; + if (inlen == 0) { + return SECSuccess; + } + PORT_Assert(ctr->bufPtr == blocksize); + } + + intel_aes_ctr_worker(((AESContext*)(ctr->context))->Nr)( + ctr, outbuf, outlen, maxout, inbuf, inlen, blocksize); + /* XXX intel_aes_ctr_worker should set *outlen. */ + PORT_Assert(*outlen == 0); + fullblocks = (inlen/blocksize)*blocksize; + *outlen += fullblocks; + outbuf += fullblocks; + inbuf += fullblocks; + inlen -= fullblocks; + + if (inlen == 0) { + return SECSuccess; + } + rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, + ctr->counter, blocksize, blocksize); + ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); + if (rv != SECSuccess) { + return SECFailure; + } + ctr_xor(outbuf, inbuf, ctr->buffer, inlen); + ctr->bufPtr = inlen; + *outlen += inlen; + return SECSuccess; +} +#endif diff --git a/security/nss/lib/freebl/ctr.h b/security/nss/lib/freebl/ctr.h index 69ef150..e7645a2 100644 --- a/security/nss/lib/freebl/ctr.h +++ b/security/nss/lib/freebl/ctr.h @@ -41,4 +41,11 @@ SECStatus CTR_Update(CTRContext *ctr, unsigned char *outbuf, const unsigned char *inbuf, unsigned int inlen, unsigned int blocksize); +#ifdef USE_HW_AES +SECStatus CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf, + unsigned int *outlen, unsigned int maxout, + const unsigned char *inbuf, unsigned int inlen, + unsigned int blocksize); +#endif + #endif diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c index a8c7832..ca53c1a 100644 --- a/security/nss/lib/freebl/ec.c +++ b/security/nss/lib/freebl/ec.c @@ -16,7 +16,7 @@ #include "ec.h" #include "ecl.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* * Returns true if pointP is the point at infinity, false otherwise @@ -192,7 +192,7 @@ cleanup: return rv; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* Generates a new EC key pair. The private key is a supplied * value and the public key is the result of performing a scalar @@ -203,7 +203,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, const unsigned char *privKeyBytes, int privKeyLen) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PLArenaPool *arena; ECPrivateKey *key; mp_int k; @@ -301,7 +301,7 @@ cleanup: #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; @@ -317,15 +317,15 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey, const unsigned char *seed, int seedlen) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC rv = ec_NewKey(ecParams, privKey, seed, seedlen); #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Generate a random private key using the algorithm A.4.1 of ANSI X9.62, * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the * random number generator. @@ -381,7 +381,7 @@ cleanup: } return privKeyBytes; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* Generates a new EC key pair. The private key is a random value and * the public key is the result of performing a scalar point multiplication @@ -391,7 +391,7 @@ SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC int len; unsigned char *privKeyBytes = NULL; @@ -416,7 +416,7 @@ cleanup: #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -430,7 +430,7 @@ cleanup: SECStatus EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue) { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC mp_int Px, Py; ECGroup *group = NULL; SECStatus rv = SECFailure; @@ -506,7 +506,7 @@ cleanup: #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); return SECFailure; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } /* @@ -527,7 +527,7 @@ ECDH_Derive(SECItem *publicValue, SECItem *derivedSecret) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC unsigned int len = 0; SECItem pointQ = {siBuffer, NULL, 0}; mp_int k; /* to hold the private value */ @@ -596,7 +596,7 @@ cleanup: } #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -610,7 +610,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, const SECItem *digest, const unsigned char *kb, const int kblen) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC mp_int x1; mp_int d, k; /* private key, random integer */ mp_int r, s; /* tuple (r, s) is the signature */ @@ -822,7 +822,7 @@ cleanup: #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -835,7 +835,7 @@ SECStatus ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC int len; unsigned char *kBytes= NULL; @@ -863,7 +863,7 @@ cleanup: #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -876,7 +876,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature, const SECItem *digest) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC mp_int r_, s_; /* tuple (r', s') is received signature) */ mp_int c, u1, u2, v; /* intermediate values used in verification */ mp_int x1; @@ -1073,7 +1073,7 @@ cleanup: #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } diff --git a/security/nss/lib/freebl/ecdecode.c b/security/nss/lib/freebl/ecdecode.c new file mode 100644 index 0000000..3c0294d --- /dev/null +++ b/security/nss/lib/freebl/ecdecode.c @@ -0,0 +1,610 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef NSS_DISABLE_ECC + +#ifdef FREEBL_NO_DEPEND +#include "stubs.h" +#endif + +#include "blapi.h" +#include "secoid.h" +#include "secitem.h" +#include "secerr.h" +#include "ec.h" +#include "ecl-curve.h" + +#define CHECK_OK(func) if (func == NULL) goto cleanup +#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup + +/* + * Initializes a SECItem from a hexadecimal string + * + * Warning: This function ignores leading 00's, so any leading 00's + * in the hexadecimal string must be optional. + */ +static SECItem * +hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str) +{ + int i = 0; + int byteval = 0; + int tmp = PORT_Strlen(str); + + if ((tmp % 2) != 0) return NULL; + + /* skip leading 00's unless the hex string is "00" */ + while ((tmp > 2) && (str[0] == '0') && (str[1] == '0')) { + str += 2; + tmp -= 2; + } + + item->data = (unsigned char *) PORT_ArenaAlloc(arena, tmp/2); + if (item->data == NULL) return NULL; + item->len = tmp/2; + + while (str[i]) { + if ((str[i] >= '0') && (str[i] <= '9')) + tmp = str[i] - '0'; + else if ((str[i] >= 'a') && (str[i] <= 'f')) + tmp = str[i] - 'a' + 10; + else if ((str[i] >= 'A') && (str[i] <= 'F')) + tmp = str[i] - 'A' + 10; + else + return NULL; + + byteval = byteval * 16 + tmp; + if ((i % 2) != 0) { + item->data[i/2] = byteval; + byteval = 0; + } + i++; + } + + return item; +} + +/* Copy all of the fields from srcParams into dstParams + */ +SECStatus +EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, + const ECParams *srcParams) +{ + SECStatus rv = SECFailure; + + dstParams->arena = arena; + dstParams->type = srcParams->type; + dstParams->fieldID.size = srcParams->fieldID.size; + dstParams->fieldID.type = srcParams->fieldID.type; + if (srcParams->fieldID.type == ec_field_GFp) { + CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime, + &srcParams->fieldID.u.prime)); + } else { + CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly, + &srcParams->fieldID.u.poly)); + } + dstParams->fieldID.k1 = srcParams->fieldID.k1; + dstParams->fieldID.k2 = srcParams->fieldID.k2; + dstParams->fieldID.k3 = srcParams->fieldID.k3; + CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a, + &srcParams->curve.a)); + CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b, + &srcParams->curve.b)); + CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed, + &srcParams->curve.seed)); + CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base, + &srcParams->base)); + CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order, + &srcParams->order)); + CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding, + &srcParams->DEREncoding)); + dstParams->name = srcParams->name; + CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID, + &srcParams->curveOID)); + dstParams->cofactor = srcParams->cofactor; + + return SECSuccess; + +cleanup: + return SECFailure; +} + +static SECStatus +gf_populate_params(ECCurveName name, ECFieldType field_type, ECParams *params) +{ + SECStatus rv = SECFailure; + const ECCurveParams *curveParams; + /* 2 ['0'+'4'] + MAX_ECKEY_LEN * 2 [x,y] * 2 [hex string] + 1 ['\0'] */ + char genenc[3 + 2 * 2 * MAX_ECKEY_LEN]; + + if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve)) goto cleanup; + params->name = name; + curveParams = ecCurve_map[params->name]; + CHECK_OK(curveParams); + params->fieldID.size = curveParams->size; + params->fieldID.type = field_type; + if (field_type == ec_field_GFp) { + CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.prime, + curveParams->irr)); + } else { + CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.poly, + curveParams->irr)); + } + CHECK_OK(hexString2SECItem(params->arena, &params->curve.a, + curveParams->curvea)); + CHECK_OK(hexString2SECItem(params->arena, &params->curve.b, + curveParams->curveb)); + genenc[0] = '0'; + genenc[1] = '4'; + genenc[2] = '\0'; + strcat(genenc, curveParams->genx); + strcat(genenc, curveParams->geny); + CHECK_OK(hexString2SECItem(params->arena, &params->base, genenc)); + CHECK_OK(hexString2SECItem(params->arena, &params->order, + curveParams->order)); + params->cofactor = curveParams->cofactor; + + rv = SECSuccess; + +cleanup: + return rv; +} + +SECStatus +EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams, + ECParams *params) +{ + SECStatus rv = SECFailure; + SECOidTag tag; + SECItem oid = { siBuffer, NULL, 0}; + +#if EC_DEBUG + int i; + + printf("Encoded params in EC_DecodeParams: "); + for (i = 0; i < encodedParams->len; i++) { + printf("%02x:", encodedParams->data[i]); + } + printf("\n"); +#endif + + if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) && + (encodedParams->len != SECG_CURVE_OID_TOTAL_LEN)) { + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + return SECFailure; + }; + + oid.len = encodedParams->len - 2; + oid.data = encodedParams->data + 2; + if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) || + ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) { + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + return SECFailure; + } + + params->arena = arena; + params->cofactor = 0; + params->type = ec_params_named; + params->name = ECCurve_noName; + + /* For named curves, fill out curveOID */ + params->curveOID.len = oid.len; + params->curveOID.data = (unsigned char *) PORT_ArenaAlloc(arena, oid.len); + if (params->curveOID.data == NULL) goto cleanup; + memcpy(params->curveOID.data, oid.data, oid.len); + +#if EC_DEBUG + printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag)); +#endif + + switch (tag) { + + /* Binary curves */ + + case SEC_OID_ANSIX962_EC_C2PNB163V1: + /* Populate params for c2pnb163v1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2PNB163V2: + /* Populate params for c2pnb163v2 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V2, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2PNB163V3: + /* Populate params for c2pnb163v3 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V3, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2PNB176V1: + /* Populate params for c2pnb176v1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB176V1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2TNB191V1: + /* Populate params for c2tnb191v1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2TNB191V2: + /* Populate params for c2tnb191v2 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V2, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2TNB191V3: + /* Populate params for c2tnb191v3 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V3, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2PNB208W1: + /* Populate params for c2pnb208w1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB208W1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2TNB239V1: + /* Populate params for c2tnb239v1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2TNB239V2: + /* Populate params for c2tnb239v2 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V2, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2TNB239V3: + /* Populate params for c2tnb239v3 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V3, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2PNB272W1: + /* Populate params for c2pnb272w1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB272W1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2PNB304W1: + /* Populate params for c2pnb304w1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB304W1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2TNB359V1: + /* Populate params for c2tnb359v1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB359V1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2PNB368W1: + /* Populate params for c2pnb368w1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB368W1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_ANSIX962_EC_C2TNB431R1: + /* Populate params for c2tnb431r1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB431R1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT113R1: + /* Populate params for sect113r1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT113R2: + /* Populate params for sect113r2 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R2, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT131R1: + /* Populate params for sect131r1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT131R2: + /* Populate params for sect131r2 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R2, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT163K1: + /* Populate params for sect163k1 + * (the NIST K-163 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163K1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT163R1: + /* Populate params for sect163r1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT163R2: + /* Populate params for sect163r2 + * (the NIST B-163 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R2, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT193R1: + /* Populate params for sect193r1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT193R2: + /* Populate params for sect193r2 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R2, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT233K1: + /* Populate params for sect233k1 + * (the NIST K-233 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233K1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT233R1: + /* Populate params for sect233r1 + * (the NIST B-233 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233R1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT239K1: + /* Populate params for sect239k1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_239K1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT283K1: + /* Populate params for sect283k1 + * (the NIST K-283 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283K1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT283R1: + /* Populate params for sect283r1 + * (the NIST B-283 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283R1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT409K1: + /* Populate params for sect409k1 + * (the NIST K-409 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409K1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT409R1: + /* Populate params for sect409r1 + * (the NIST B-409 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409R1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT571K1: + /* Populate params for sect571k1 + * (the NIST K-571 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571K1, ec_field_GF2m, + params) ); + break; + + case SEC_OID_SECG_EC_SECT571R1: + /* Populate params for sect571r1 + * (the NIST B-571 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571R1, ec_field_GF2m, + params) ); + break; + + /* Prime curves */ + + case SEC_OID_ANSIX962_EC_PRIME192V1: + /* Populate params for prime192v1 aka secp192r1 + * (the NIST P-192 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V1, ec_field_GFp, + params) ); + break; + + case SEC_OID_ANSIX962_EC_PRIME192V2: + /* Populate params for prime192v2 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V2, ec_field_GFp, + params) ); + break; + + case SEC_OID_ANSIX962_EC_PRIME192V3: + /* Populate params for prime192v3 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V3, ec_field_GFp, + params) ); + break; + + case SEC_OID_ANSIX962_EC_PRIME239V1: + /* Populate params for prime239v1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V1, ec_field_GFp, + params) ); + break; + + case SEC_OID_ANSIX962_EC_PRIME239V2: + /* Populate params for prime239v2 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V2, ec_field_GFp, + params) ); + break; + + case SEC_OID_ANSIX962_EC_PRIME239V3: + /* Populate params for prime239v3 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V3, ec_field_GFp, + params) ); + break; + + case SEC_OID_ANSIX962_EC_PRIME256V1: + /* Populate params for prime256v1 aka secp256r1 + * (the NIST P-256 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_256V1, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP112R1: + /* Populate params for secp112r1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R1, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP112R2: + /* Populate params for secp112r2 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R2, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP128R1: + /* Populate params for secp128r1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R1, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP128R2: + /* Populate params for secp128r2 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R2, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP160K1: + /* Populate params for secp160k1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160K1, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP160R1: + /* Populate params for secp160r1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R1, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP160R2: + /* Populate params for secp160r1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R2, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP192K1: + /* Populate params for secp192k1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_192K1, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP224K1: + /* Populate params for secp224k1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224K1, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP224R1: + /* Populate params for secp224r1 + * (the NIST P-224 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224R1, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP256K1: + /* Populate params for secp256k1 */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_256K1, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP384R1: + /* Populate params for secp384r1 + * (the NIST P-384 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_384R1, ec_field_GFp, + params) ); + break; + + case SEC_OID_SECG_EC_SECP521R1: + /* Populate params for secp521r1 + * (the NIST P-521 curve) + */ + CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_521R1, ec_field_GFp, + params) ); + break; + + default: + break; + }; + +cleanup: + if (!params->cofactor) { + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); +#if EC_DEBUG + printf("Unrecognized curve, returning NULL params\n"); +#endif + } + + return rv; +} + +SECStatus +EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams) +{ + PLArenaPool *arena; + ECParams *params; + SECStatus rv = SECFailure; + + /* Initialize an arena for the ECParams structure */ + if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE))) + return SECFailure; + + params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams)); + if (!params) { + PORT_FreeArena(arena, PR_TRUE); + return SECFailure; + } + + /* Copy the encoded params */ + SECITEM_AllocItem(arena, &(params->DEREncoding), + encodedParams->len); + memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len); + + /* Fill out the rest of the ECParams structure based on + * the encoded params + */ + rv = EC_FillParams(arena, encodedParams, params); + if (rv == SECFailure) { + PORT_FreeArena(arena, PR_TRUE); + return SECFailure; + } else { + *ecparams = params;; + return SECSuccess; + } +} + +#endif /* NSS_DISABLE_ECC */ diff --git a/security/nss/lib/freebl/intel-aes-x64-masm.asm b/security/nss/lib/freebl/intel-aes-x64-masm.asm new file mode 100644 index 0000000..ef5c76b --- /dev/null +++ b/security/nss/lib/freebl/intel-aes-x64-masm.asm @@ -0,0 +1,971 @@ +; LICENSE: +; This submission to NSS is to be made available under the terms of the +; Mozilla Public License, v. 2.0. You can obtain one at http: +; //mozilla.org/MPL/2.0/. +;############################################################################### +; Copyright(c) 2014, Intel Corp. +; Developers and authors: +; Shay Gueron and Vlad Krasnov +; Intel Corporation, Israel Development Centre, Haifa, Israel +; Please send feedback directly to crypto.feedback.alias(a)intel.com + + +.DATA +ALIGN 16 +Lmask dd 0c0f0e0dh,0c0f0e0dh,0c0f0e0dh,0c0f0e0dh +Lmask192 dd 004070605h, 004070605h, 004070605h, 004070605h +Lmask256 dd 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh +Lcon1 dd 1,1,1,1 +Lcon2 dd 1bh,1bh,1bh,1bh + +.CODE + +ctx textequ <rcx> +output textequ <rdx> +input textequ <r8> +inputLen textequ <r9d> + + +aes_rnd MACRO i + movdqu xmm8, [i*16 + ctx] + aesenc xmm0, xmm8 + aesenc xmm1, xmm8 + aesenc xmm2, xmm8 + aesenc xmm3, xmm8 + aesenc xmm4, xmm8 + aesenc xmm5, xmm8 + aesenc xmm6, xmm8 + aesenc xmm7, xmm8 + ENDM + +aes_last_rnd MACRO i + movdqu xmm8, [i*16 + ctx] + aesenclast xmm0, xmm8 + aesenclast xmm1, xmm8 + aesenclast xmm2, xmm8 + aesenclast xmm3, xmm8 + aesenclast xmm4, xmm8 + aesenclast xmm5, xmm8 + aesenclast xmm6, xmm8 + aesenclast xmm7, xmm8 + ENDM + +aes_dec_rnd MACRO i + movdqu xmm8, [i*16 + ctx] + aesdec xmm0, xmm8 + aesdec xmm1, xmm8 + aesdec xmm2, xmm8 + aesdec xmm3, xmm8 + aesdec xmm4, xmm8 + aesdec xmm5, xmm8 + aesdec xmm6, xmm8 + aesdec xmm7, xmm8 + ENDM + +aes_dec_last_rnd MACRO i + movdqu xmm8, [i*16 + ctx] + aesdeclast xmm0, xmm8 + aesdeclast xmm1, xmm8 + aesdeclast xmm2, xmm8 + aesdeclast xmm3, xmm8 + aesdeclast xmm4, xmm8 + aesdeclast xmm5, xmm8 + aesdeclast xmm6, xmm8 + aesdeclast xmm7, xmm8 + ENDM + + +gen_aes_ecb_func MACRO enc, rnds + +LOCAL loop8 +LOCAL loop1 +LOCAL bail + + xor inputLen, inputLen + mov input, [rsp + 1*8 + 8*4] + mov inputLen, [rsp + 1*8 + 8*5] + + sub rsp, 3*16 + + movdqu [rsp + 0*16], xmm6 + movdqu [rsp + 1*16], xmm7 + movdqu [rsp + 2*16], xmm8 + + lea ctx, [48+ctx] + +loop8: + cmp inputLen, 8*16 + jb loop1 + + movdqu xmm0, [0*16 + input] + movdqu xmm1, [1*16 + input] + movdqu xmm2, [2*16 + input] + movdqu xmm3, [3*16 + input] + movdqu xmm4, [4*16 + input] + movdqu xmm5, [5*16 + input] + movdqu xmm6, [6*16 + input] + movdqu xmm7, [7*16 + input] + + movdqu xmm8, [0*16 + ctx] + pxor xmm0, xmm8 + pxor xmm1, xmm8 + pxor xmm2, xmm8 + pxor xmm3, xmm8 + pxor xmm4, xmm8 + pxor xmm5, xmm8 + pxor xmm6, xmm8 + pxor xmm7, xmm8 + +IF enc eq 1 + rnd textequ <aes_rnd> + lastrnd textequ <aes_last_rnd> + aesinst textequ <aesenc> + aeslastinst textequ <aesenclast> +ELSE + rnd textequ <aes_dec_rnd> + lastrnd textequ <aes_dec_last_rnd> + aesinst textequ <aesdec> + aeslastinst textequ <aesdeclast> +ENDIF + + i = 1 + WHILE i LT rnds + rnd i + i = i+1 + ENDM + lastrnd rnds + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + movdqu [7*16 + output], xmm7 + + lea input, [8*16 + input] + lea output, [8*16 + output] + sub inputLen, 8*16 + jmp loop8 + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [input] + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesinst xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aeslastinst xmm0, xmm7 + + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + xor rax, rax + + movdqu xmm6, [rsp + 0*16] + movdqu xmm7, [rsp + 1*16] + movdqu xmm8, [rsp + 2*16] + add rsp, 3*16 + ret +ENDM + +intel_aes_encrypt_ecb_128 PROC +gen_aes_ecb_func 1, 10 +intel_aes_encrypt_ecb_128 ENDP + +intel_aes_encrypt_ecb_192 PROC +gen_aes_ecb_func 1, 12 +intel_aes_encrypt_ecb_192 ENDP + +intel_aes_encrypt_ecb_256 PROC +gen_aes_ecb_func 1, 14 +intel_aes_encrypt_ecb_256 ENDP + +intel_aes_decrypt_ecb_128 PROC +gen_aes_ecb_func 0, 10 +intel_aes_decrypt_ecb_128 ENDP + +intel_aes_decrypt_ecb_192 PROC +gen_aes_ecb_func 0, 12 +intel_aes_decrypt_ecb_192 ENDP + +intel_aes_decrypt_ecb_256 PROC +gen_aes_ecb_func 0, 14 +intel_aes_decrypt_ecb_256 ENDP + + +KEY textequ <rcx> +KS textequ <rdx> +ITR textequ <r8> + +intel_aes_encrypt_init_128 PROC + + movdqu xmm1, [KEY] + movdqu [KS], xmm1 + movdqa xmm2, xmm1 + + lea ITR, Lcon1 + movdqa xmm0, [ITR] + lea ITR, Lmask + movdqa xmm4, [ITR] + + mov ITR, 8 + +Lenc_128_ks_loop: + lea KS, [16 + KS] + dec ITR + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [KS], xmm1 + movdqa xmm2, xmm1 + + jne Lenc_128_ks_loop + + lea ITR, Lcon2 + movdqa xmm0, [ITR] + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [16 + KS], xmm1 + movdqa xmm2, xmm1 + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [32 + KS], xmm1 + movdqa xmm2, xmm1 + + ret +intel_aes_encrypt_init_128 ENDP + + +intel_aes_decrypt_init_128 PROC + + push KS + push KEY + + call intel_aes_encrypt_init_128 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [10*16 + KS] + movdqu [10*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 5 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(10-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(10-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [5*16 + KS] + aesimc xmm0, xmm0 + movdqu [5*16 + KS], xmm0 + ret +intel_aes_decrypt_init_128 ENDP + + +intel_aes_encrypt_init_192 PROC + + sub rsp, 16*2 + movdqu [16*0 + rsp], xmm6 + movdqu [16*1 + rsp], xmm7 + + movdqu xmm1, [KEY] + mov ITR, [16 + KEY] + movd xmm3, ITR + + movdqu [KS], xmm1 + movdqa xmm5, xmm3 + + lea ITR, Lcon1 + movdqu xmm0, [ITR] + lea ITR, Lmask192 + movdqu xmm4, [ITR] + + mov ITR, 4 + +Lenc_192_ks_loop: + movdqa xmm2, xmm3 + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + + movdqa xmm6, xmm1 + movdqa xmm7, xmm3 + pslldq xmm6, 4 + pslldq xmm7, 4 + pxor xmm1, xmm6 + pxor xmm3, xmm7 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pxor xmm1, xmm2 + pshufd xmm2, xmm1, 0ffh + pxor xmm3, xmm2 + + movdqa xmm6, xmm1 + shufpd xmm5, xmm1, 00h + shufpd xmm6, xmm3, 01h + + movdqu [16 + KS], xmm5 + movdqu [32 + KS], xmm6 + + movdqa xmm2, xmm3 + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + + movdqa xmm6, xmm1 + movdqa xmm7, xmm3 + pslldq xmm6, 4 + pslldq xmm7, 4 + pxor xmm1, xmm6 + pxor xmm3, xmm7 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pxor xmm1, xmm2 + pshufd xmm2, xmm1, 0ffh + pxor xmm3, xmm2 + + movdqu [48 + KS], xmm1 + movdqa xmm5, xmm3 + + lea KS, [48 + KS] + + dec ITR + jnz Lenc_192_ks_loop + + movdqu [16 + KS], xmm5 + + movdqu xmm7, [16*1 + rsp] + movdqu xmm6, [16*0 + rsp] + add rsp, 16*2 + ret +intel_aes_encrypt_init_192 ENDP + +intel_aes_decrypt_init_192 PROC + push KS + push KEY + + call intel_aes_encrypt_init_192 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [12*16 + KS] + movdqu [12*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 6 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(12-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(12-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [6*16 + KS] + aesimc xmm0, xmm0 + movdqu [6*16 + KS], xmm0 + ret +intel_aes_decrypt_init_192 ENDP + + +intel_aes_encrypt_init_256 PROC + sub rsp, 16*2 + movdqu [16*0 + rsp], xmm6 + movdqu [16*1 + rsp], xmm7 + + movdqu xmm1, [16*0 + KEY] + movdqu xmm3, [16*1 + KEY] + + movdqu [16*0 + KS], xmm1 + movdqu [16*1 + KS], xmm3 + + lea ITR, Lcon1 + movdqu xmm0, [ITR] + lea ITR, Lmask256 + movdqu xmm5, [ITR] + + pxor xmm6, xmm6 + + mov ITR, 6 + +Lenc_256_ks_loop: + + movdqa xmm2, xmm3 + pshufb xmm2, xmm5 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm4, xmm1 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pxor xmm1, xmm2 + movdqu [16*2 + KS], xmm1 + + pshufd xmm2, xmm1, 0ffh + aesenclast xmm2, xmm6 + movdqa xmm4, xmm3 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pxor xmm3, xmm2 + movdqu [16*3 + KS], xmm3 + + lea KS, [32 + KS] + dec ITR + jnz Lenc_256_ks_loop + + movdqa xmm2, xmm3 + pshufb xmm2, xmm5 + aesenclast xmm2, xmm0 + movdqa xmm4, xmm1 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pxor xmm1, xmm2 + movdqu [16*2 + KS], xmm1 + + movdqu xmm7, [16*1 + rsp] + movdqu xmm6, [16*0 + rsp] + add rsp, 16*2 + ret + +intel_aes_encrypt_init_256 ENDP + + +intel_aes_decrypt_init_256 PROC + push KS + push KEY + + call intel_aes_encrypt_init_256 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [14*16 + KS] + movdqu [14*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 7 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(14-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(14-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [7*16 + KS] + aesimc xmm0, xmm0 + movdqu [7*16 + KS], xmm0 + ret +intel_aes_decrypt_init_256 ENDP + + + +gen_aes_cbc_enc_func MACRO rnds + +LOCAL loop1 +LOCAL bail + + mov input, [rsp + 1*8 + 8*4] + mov inputLen, [rsp + 1*8 + 8*5] + + sub rsp, 3*16 + + movdqu [rsp + 0*16], xmm6 + movdqu [rsp + 1*16], xmm7 + movdqu [rsp + 2*16], xmm8 + + lea ctx, [48+ctx] + + movdqu xmm0, [-32+ctx] + + movdqu xmm2, [0*16 + ctx] + movdqu xmm3, [1*16 + ctx] + movdqu xmm4, [2*16 + ctx] + movdqu xmm5, [3*16 + ctx] + movdqu xmm6, [4*16 + ctx] + movdqu xmm7, [5*16 + ctx] + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm1, [input] + pxor xmm1, xmm2 + pxor xmm0, xmm1 + + aesenc xmm0, xmm3 + aesenc xmm0, xmm4 + aesenc xmm0, xmm5 + aesenc xmm0, xmm6 + aesenc xmm0, xmm7 + + i = 6 + WHILE i LT rnds + movdqu xmm8, [i*16 + ctx] + aesenc xmm0, xmm8 + i = i+1 + ENDM + movdqu xmm8, [rnds*16 + ctx] + aesenclast xmm0, xmm8 + + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + movdqu [-32+ctx], xmm0 + + xor rax, rax + + movdqu xmm6, [rsp + 0*16] + movdqu xmm7, [rsp + 1*16] + movdqu xmm8, [rsp + 2*16] + add rsp, 3*16 + ret + +ENDM + +gen_aes_cbc_dec_func MACRO rnds + +LOCAL loop8 +LOCAL loop1 +LOCAL dec1 +LOCAL bail + + mov input, [rsp + 1*8 + 8*4] + mov inputLen, [rsp + 1*8 + 8*5] + + sub rsp, 3*16 + + movdqu [rsp + 0*16], xmm6 + movdqu [rsp + 1*16], xmm7 + movdqu [rsp + 2*16], xmm8 + + lea ctx, [48+ctx] + +loop8: + cmp inputLen, 8*16 + jb dec1 + + movdqu xmm0, [0*16 + input] + movdqu xmm1, [1*16 + input] + movdqu xmm2, [2*16 + input] + movdqu xmm3, [3*16 + input] + movdqu xmm4, [4*16 + input] + movdqu xmm5, [5*16 + input] + movdqu xmm6, [6*16 + input] + movdqu xmm7, [7*16 + input] + + movdqu xmm8, [0*16 + ctx] + pxor xmm0, xmm8 + pxor xmm1, xmm8 + pxor xmm2, xmm8 + pxor xmm3, xmm8 + pxor xmm4, xmm8 + pxor xmm5, xmm8 + pxor xmm6, xmm8 + pxor xmm7, xmm8 + + i = 1 + WHILE i LT rnds + aes_dec_rnd i + i = i+1 + ENDM + aes_dec_last_rnd rnds + + movdqu xmm8, [-32 + ctx] + pxor xmm0, xmm8 + movdqu xmm8, [0*16 + input] + pxor xmm1, xmm8 + movdqu xmm8, [1*16 + input] + pxor xmm2, xmm8 + movdqu xmm8, [2*16 + input] + pxor xmm3, xmm8 + movdqu xmm8, [3*16 + input] + pxor xmm4, xmm8 + movdqu xmm8, [4*16 + input] + pxor xmm5, xmm8 + movdqu xmm8, [5*16 + input] + pxor xmm6, xmm8 + movdqu xmm8, [6*16 + input] + pxor xmm7, xmm8 + movdqu xmm8, [7*16 + input] + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + movdqu [7*16 + output], xmm7 + movdqu [-32 + ctx], xmm8 + + lea input, [8*16 + input] + lea output, [8*16 + output] + sub inputLen, 8*16 + jmp loop8 +dec1: + + movdqu xmm3, [-32 + ctx] + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [input] + movdqa xmm4, xmm0 + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesdec xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aesdeclast xmm0, xmm7 + pxor xmm3, xmm0 + + movdqu [output], xmm3 + movdqa xmm3, xmm4 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + movdqu [-32 + ctx], xmm3 + xor rax, rax + + movdqu xmm6, [rsp + 0*16] + movdqu xmm7, [rsp + 1*16] + movdqu xmm8, [rsp + 2*16] + add rsp, 3*16 + ret +ENDM + +intel_aes_encrypt_cbc_128 PROC +gen_aes_cbc_enc_func 10 +intel_aes_encrypt_cbc_128 ENDP + +intel_aes_encrypt_cbc_192 PROC +gen_aes_cbc_enc_func 12 +intel_aes_encrypt_cbc_192 ENDP + +intel_aes_encrypt_cbc_256 PROC +gen_aes_cbc_enc_func 14 +intel_aes_encrypt_cbc_256 ENDP + +intel_aes_decrypt_cbc_128 PROC +gen_aes_cbc_dec_func 10 +intel_aes_decrypt_cbc_128 ENDP + +intel_aes_decrypt_cbc_192 PROC +gen_aes_cbc_dec_func 12 +intel_aes_decrypt_cbc_192 ENDP + +intel_aes_decrypt_cbc_256 PROC +gen_aes_cbc_dec_func 14 +intel_aes_decrypt_cbc_256 ENDP + + + +ctrCtx textequ <r10> +CTR textequ <r11d> +CTRSave textequ <eax> + +gen_aes_ctr_func MACRO rnds + +LOCAL loop8 +LOCAL loop1 +LOCAL enc1 +LOCAL bail + + mov input, [rsp + 8*1 + 4*8] + mov inputLen, [rsp + 8*1 + 5*8] + + mov ctrCtx, ctx + mov ctx, [8+ctrCtx] + lea ctx, [48+ctx] + + sub rsp, 3*16 + movdqu [rsp + 0*16], xmm6 + movdqu [rsp + 1*16], xmm7 + movdqu [rsp + 2*16], xmm8 + + + push rbp + mov rbp, rsp + sub rsp, 8*16 + and rsp, -16 + + + movdqu xmm0, [16+ctrCtx] + mov CTRSave, DWORD PTR [ctrCtx + 16 + 3*4] + bswap CTRSave + movdqu xmm1, [ctx + 0*16] + + pxor xmm0, xmm1 + + movdqa [rsp + 0*16], xmm0 + movdqa [rsp + 1*16], xmm0 + movdqa [rsp + 2*16], xmm0 + movdqa [rsp + 3*16], xmm0 + movdqa [rsp + 4*16], xmm0 + movdqa [rsp + 5*16], xmm0 + movdqa [rsp + 6*16], xmm0 + movdqa [rsp + 7*16], xmm0 + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 1*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 2*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 3*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 4*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 5*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 6*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 7*16 + 3*4], CTR + + +loop8: + cmp inputLen, 8*16 + jb loop1 + + movdqu xmm0, [0*16 + rsp] + movdqu xmm1, [1*16 + rsp] + movdqu xmm2, [2*16 + rsp] + movdqu xmm3, [3*16 + rsp] + movdqu xmm4, [4*16 + rsp] + movdqu xmm5, [5*16 + rsp] + movdqu xmm6, [6*16 + rsp] + movdqu xmm7, [7*16 + rsp] + + i = 1 + WHILE i LE 8 + aes_rnd i + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + (i-1)*16 + 3*4], CTR + + i = i+1 + ENDM + WHILE i LT rnds + aes_rnd i + i = i+1 + ENDM + aes_last_rnd rnds + + movdqu xmm8, [0*16 + input] + pxor xmm0, xmm8 + movdqu xmm8, [1*16 + input] + pxor xmm1, xmm8 + movdqu xmm8, [2*16 + input] + pxor xmm2, xmm8 + movdqu xmm8, [3*16 + input] + pxor xmm3, xmm8 + movdqu xmm8, [4*16 + input] + pxor xmm4, xmm8 + movdqu xmm8, [5*16 + input] + pxor xmm5, xmm8 + movdqu xmm8, [6*16 + input] + pxor xmm6, xmm8 + movdqu xmm8, [7*16 + input] + pxor xmm7, xmm8 + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + movdqu [7*16 + output], xmm7 + + lea input, [8*16 + input] + lea output, [8*16 + output] + sub inputLen, 8*16 + jmp loop8 + + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [rsp] + add rsp, 16 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesenc xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aesenclast xmm0, xmm7 + + movdqu xmm7, [input] + pxor xmm0, xmm7 + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + + movdqu xmm0, [rsp] + movdqu xmm1, [ctx + 0*16] + pxor xmm0, xmm1 + movdqu [16+ctrCtx], xmm0 + + + xor rax, rax + mov rsp, rbp + pop rbp + + movdqu xmm6, [rsp + 0*16] + movdqu xmm7, [rsp + 1*16] + movdqu xmm8, [rsp + 2*16] + add rsp, 3*16 + + ret +ENDM + + +intel_aes_encrypt_ctr_128 PROC +gen_aes_ctr_func 10 +intel_aes_encrypt_ctr_128 ENDP + +intel_aes_encrypt_ctr_192 PROC +gen_aes_ctr_func 12 +intel_aes_encrypt_ctr_192 ENDP + +intel_aes_encrypt_ctr_256 PROC +gen_aes_ctr_func 14 +intel_aes_encrypt_ctr_256 ENDP + + +END diff --git a/security/nss/lib/freebl/intel-aes-x86-masm.asm b/security/nss/lib/freebl/intel-aes-x86-masm.asm new file mode 100644 index 0000000..7d805e7 --- /dev/null +++ b/security/nss/lib/freebl/intel-aes-x86-masm.asm @@ -0,0 +1,949 @@ +; LICENSE: +; This submission to NSS is to be made available under the terms of the +; Mozilla Public License, v. 2.0. You can obtain one at http: +; //mozilla.org/MPL/2.0/. +;############################################################################### +; Copyright(c) 2014, Intel Corp. +; Developers and authors: +; Shay Gueron and Vlad Krasnov +; Intel Corporation, Israel Development Centre, Haifa, Israel +; Please send feedback directly to crypto.feedback.alias(a)intel.com + + +.MODEL FLAT, C +.XMM + +.DATA +ALIGN 16 +Lmask dd 0c0f0e0dh,0c0f0e0dh,0c0f0e0dh,0c0f0e0dh +Lmask192 dd 004070605h, 004070605h, 004070605h, 004070605h +Lmask256 dd 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh +Lcon1 dd 1,1,1,1 +Lcon2 dd 1bh,1bh,1bh,1bh + +.CODE + +ctx textequ <ecx> +output textequ <edx> +input textequ <eax> +inputLen textequ <edi> + + +aes_rnd MACRO i + movdqu xmm7, [i*16 + ctx] + aesenc xmm0, xmm7 + aesenc xmm1, xmm7 + aesenc xmm2, xmm7 + aesenc xmm3, xmm7 + aesenc xmm4, xmm7 + aesenc xmm5, xmm7 + aesenc xmm6, xmm7 + ENDM + +aes_last_rnd MACRO i + movdqu xmm7, [i*16 + ctx] + aesenclast xmm0, xmm7 + aesenclast xmm1, xmm7 + aesenclast xmm2, xmm7 + aesenclast xmm3, xmm7 + aesenclast xmm4, xmm7 + aesenclast xmm5, xmm7 + aesenclast xmm6, xmm7 + ENDM + +aes_dec_rnd MACRO i + movdqu xmm7, [i*16 + ctx] + aesdec xmm0, xmm7 + aesdec xmm1, xmm7 + aesdec xmm2, xmm7 + aesdec xmm3, xmm7 + aesdec xmm4, xmm7 + aesdec xmm5, xmm7 + aesdec xmm6, xmm7 + ENDM + +aes_dec_last_rnd MACRO i + movdqu xmm7, [i*16 + ctx] + aesdeclast xmm0, xmm7 + aesdeclast xmm1, xmm7 + aesdeclast xmm2, xmm7 + aesdeclast xmm3, xmm7 + aesdeclast xmm4, xmm7 + aesdeclast xmm5, xmm7 + aesdeclast xmm6, xmm7 + ENDM + + +gen_aes_ecb_func MACRO enc, rnds + +LOCAL loop7 +LOCAL loop1 +LOCAL bail + + push inputLen + + mov ctx, [esp + 2*4 + 0*4] + mov output, [esp + 2*4 + 1*4] + mov input, [esp + 2*4 + 4*4] + mov inputLen, [esp + 2*4 + 5*4] + + lea ctx, [44+ctx] + +loop7: + cmp inputLen, 7*16 + jb loop1 + + movdqu xmm0, [0*16 + input] + movdqu xmm1, [1*16 + input] + movdqu xmm2, [2*16 + input] + movdqu xmm3, [3*16 + input] + movdqu xmm4, [4*16 + input] + movdqu xmm5, [5*16 + input] + movdqu xmm6, [6*16 + input] + + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + pxor xmm1, xmm7 + pxor xmm2, xmm7 + pxor xmm3, xmm7 + pxor xmm4, xmm7 + pxor xmm5, xmm7 + pxor xmm6, xmm7 + +IF enc eq 1 + rnd textequ <aes_rnd> + lastrnd textequ <aes_last_rnd> + aesinst textequ <aesenc> + aeslastinst textequ <aesenclast> +ELSE + rnd textequ <aes_dec_rnd> + lastrnd textequ <aes_dec_last_rnd> + aesinst textequ <aesdec> + aeslastinst textequ <aesdeclast> +ENDIF + + i = 1 + WHILE i LT rnds + rnd i + i = i+1 + ENDM + lastrnd rnds + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + + lea input, [7*16 + input] + lea output, [7*16 + output] + sub inputLen, 7*16 + jmp loop7 + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [input] + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesinst xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aeslastinst xmm0, xmm7 + + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + xor eax, eax + pop inputLen + ret + +ENDM + +ALIGN 16 +intel_aes_encrypt_ecb_128 PROC +gen_aes_ecb_func 1, 10 +intel_aes_encrypt_ecb_128 ENDP + +ALIGN 16 +intel_aes_encrypt_ecb_192 PROC +gen_aes_ecb_func 1, 12 +intel_aes_encrypt_ecb_192 ENDP + +ALIGN 16 +intel_aes_encrypt_ecb_256 PROC +gen_aes_ecb_func 1, 14 +intel_aes_encrypt_ecb_256 ENDP + +ALIGN 16 +intel_aes_decrypt_ecb_128 PROC +gen_aes_ecb_func 0, 10 +intel_aes_decrypt_ecb_128 ENDP + +ALIGN 16 +intel_aes_decrypt_ecb_192 PROC +gen_aes_ecb_func 0, 12 +intel_aes_decrypt_ecb_192 ENDP + +ALIGN 16 +intel_aes_decrypt_ecb_256 PROC +gen_aes_ecb_func 0, 14 +intel_aes_decrypt_ecb_256 ENDP + + +KEY textequ <ecx> +KS textequ <edx> +ITR textequ <eax> + +ALIGN 16 +intel_aes_encrypt_init_128 PROC + + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + + + movdqu xmm1, [KEY] + movdqu [KS], xmm1 + movdqa xmm2, xmm1 + + lea ITR, Lcon1 + movdqa xmm0, [ITR] + lea ITR, Lmask + movdqa xmm4, [ITR] + + mov ITR, 8 + +Lenc_128_ks_loop: + lea KS, [16 + KS] + dec ITR + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [KS], xmm1 + movdqa xmm2, xmm1 + + jne Lenc_128_ks_loop + + lea ITR, Lcon2 + movdqa xmm0, [ITR] + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [16 + KS], xmm1 + movdqa xmm2, xmm1 + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [32 + KS], xmm1 + movdqa xmm2, xmm1 + + ret +intel_aes_encrypt_init_128 ENDP + + +ALIGN 16 +intel_aes_decrypt_init_128 PROC + + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + + push KS + push KEY + + call intel_aes_encrypt_init_128 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [10*16 + KS] + movdqu [10*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 5 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(10-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(10-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [5*16 + KS] + aesimc xmm0, xmm0 + movdqu [5*16 + KS], xmm0 + ret +intel_aes_decrypt_init_128 ENDP + + +ALIGN 16 +intel_aes_encrypt_init_192 PROC + + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + + pxor xmm3, xmm3 + movdqu xmm1, [KEY] + pinsrd xmm3, DWORD PTR [16 + KEY], 0 + pinsrd xmm3, DWORD PTR [20 + KEY], 1 + + movdqu [KS], xmm1 + movdqa xmm5, xmm3 + + lea ITR, Lcon1 + movdqu xmm0, [ITR] + lea ITR, Lmask192 + movdqu xmm4, [ITR] + + mov ITR, 4 + +Lenc_192_ks_loop: + movdqa xmm2, xmm3 + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + + movdqa xmm6, xmm1 + movdqa xmm7, xmm3 + pslldq xmm6, 4 + pslldq xmm7, 4 + pxor xmm1, xmm6 + pxor xmm3, xmm7 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pxor xmm1, xmm2 + pshufd xmm2, xmm1, 0ffh + pxor xmm3, xmm2 + + movdqa xmm6, xmm1 + shufpd xmm5, xmm1, 00h + shufpd xmm6, xmm3, 01h + + movdqu [16 + KS], xmm5 + movdqu [32 + KS], xmm6 + + movdqa xmm2, xmm3 + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + + movdqa xmm6, xmm1 + movdqa xmm7, xmm3 + pslldq xmm6, 4 + pslldq xmm7, 4 + pxor xmm1, xmm6 + pxor xmm3, xmm7 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pxor xmm1, xmm2 + pshufd xmm2, xmm1, 0ffh + pxor xmm3, xmm2 + + movdqu [48 + KS], xmm1 + movdqa xmm5, xmm3 + + lea KS, [48 + KS] + + dec ITR + jnz Lenc_192_ks_loop + + movdqu [16 + KS], xmm5 +ret +intel_aes_encrypt_init_192 ENDP + +ALIGN 16 +intel_aes_decrypt_init_192 PROC + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + + push KS + push KEY + + call intel_aes_encrypt_init_192 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [12*16 + KS] + movdqu [12*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 6 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(12-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(12-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [6*16 + KS] + aesimc xmm0, xmm0 + movdqu [6*16 + KS], xmm0 + ret +intel_aes_decrypt_init_192 ENDP + +ALIGN 16 +intel_aes_encrypt_init_256 PROC + + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + movdqu xmm1, [16*0 + KEY] + movdqu xmm3, [16*1 + KEY] + + movdqu [16*0 + KS], xmm1 + movdqu [16*1 + KS], xmm3 + + lea ITR, Lcon1 + movdqu xmm0, [ITR] + lea ITR, Lmask256 + movdqu xmm5, [ITR] + + pxor xmm6, xmm6 + + mov ITR, 6 + +Lenc_256_ks_loop: + + movdqa xmm2, xmm3 + pshufb xmm2, xmm5 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm4, xmm1 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pxor xmm1, xmm2 + movdqu [16*2 + KS], xmm1 + + pshufd xmm2, xmm1, 0ffh + aesenclast xmm2, xmm6 + movdqa xmm4, xmm3 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pxor xmm3, xmm2 + movdqu [16*3 + KS], xmm3 + + lea KS, [32 + KS] + dec ITR + jnz Lenc_256_ks_loop + + movdqa xmm2, xmm3 + pshufb xmm2, xmm5 + aesenclast xmm2, xmm0 + movdqa xmm4, xmm1 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pxor xmm1, xmm2 + movdqu [16*2 + KS], xmm1 + + ret +intel_aes_encrypt_init_256 ENDP + +ALIGN 16 +intel_aes_decrypt_init_256 PROC + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + + push KS + push KEY + + call intel_aes_encrypt_init_256 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [14*16 + KS] + movdqu [14*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 7 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(14-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(14-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [7*16 + KS] + aesimc xmm0, xmm0 + movdqu [7*16 + KS], xmm0 + ret +intel_aes_decrypt_init_256 ENDP + + + +gen_aes_cbc_enc_func MACRO rnds + +LOCAL loop1 +LOCAL bail + + push inputLen + + mov ctx, [esp + 2*4 + 0*4] + mov output, [esp + 2*4 + 1*4] + mov input, [esp + 2*4 + 4*4] + mov inputLen, [esp + 2*4 + 5*4] + + lea ctx, [44+ctx] + + movdqu xmm0, [-32+ctx] + + movdqu xmm2, [0*16 + ctx] + movdqu xmm3, [1*16 + ctx] + movdqu xmm4, [2*16 + ctx] + movdqu xmm5, [3*16 + ctx] + movdqu xmm6, [4*16 + ctx] + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm1, [input] + pxor xmm1, xmm2 + pxor xmm0, xmm1 + + aesenc xmm0, xmm3 + aesenc xmm0, xmm4 + aesenc xmm0, xmm5 + aesenc xmm0, xmm6 + + i = 5 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesenc xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aesenclast xmm0, xmm7 + + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + movdqu [-32+ctx], xmm0 + + xor eax, eax + pop inputLen + ret + +ENDM + +gen_aes_cbc_dec_func MACRO rnds + +LOCAL loop7 +LOCAL loop1 +LOCAL dec1 +LOCAL bail + + push inputLen + + mov ctx, [esp + 2*4 + 0*4] + mov output, [esp + 2*4 + 1*4] + mov input, [esp + 2*4 + 4*4] + mov inputLen, [esp + 2*4 + 5*4] + + lea ctx, [44+ctx] + +loop7: + cmp inputLen, 7*16 + jb dec1 + + movdqu xmm0, [0*16 + input] + movdqu xmm1, [1*16 + input] + movdqu xmm2, [2*16 + input] + movdqu xmm3, [3*16 + input] + movdqu xmm4, [4*16 + input] + movdqu xmm5, [5*16 + input] + movdqu xmm6, [6*16 + input] + + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + pxor xmm1, xmm7 + pxor xmm2, xmm7 + pxor xmm3, xmm7 + pxor xmm4, xmm7 + pxor xmm5, xmm7 + pxor xmm6, xmm7 + + i = 1 + WHILE i LT rnds + aes_dec_rnd i + i = i+1 + ENDM + aes_dec_last_rnd rnds + + movdqu xmm7, [-32 + ctx] + pxor xmm0, xmm7 + movdqu xmm7, [0*16 + input] + pxor xmm1, xmm7 + movdqu xmm7, [1*16 + input] + pxor xmm2, xmm7 + movdqu xmm7, [2*16 + input] + pxor xmm3, xmm7 + movdqu xmm7, [3*16 + input] + pxor xmm4, xmm7 + movdqu xmm7, [4*16 + input] + pxor xmm5, xmm7 + movdqu xmm7, [5*16 + input] + pxor xmm6, xmm7 + movdqu xmm7, [6*16 + input] + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + movdqu [-32 + ctx], xmm7 + + lea input, [7*16 + input] + lea output, [7*16 + output] + sub inputLen, 7*16 + jmp loop7 +dec1: + + movdqu xmm3, [-32 + ctx] + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [input] + movdqa xmm4, xmm0 + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesdec xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aesdeclast xmm0, xmm7 + pxor xmm3, xmm0 + + movdqu [output], xmm3 + movdqa xmm3, xmm4 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + movdqu [-32 + ctx], xmm3 + xor eax, eax + pop inputLen + ret +ENDM + +ALIGN 16 +intel_aes_encrypt_cbc_128 PROC +gen_aes_cbc_enc_func 10 +intel_aes_encrypt_cbc_128 ENDP + +ALIGN 16 +intel_aes_encrypt_cbc_192 PROC +gen_aes_cbc_enc_func 12 +intel_aes_encrypt_cbc_192 ENDP + +ALIGN 16 +intel_aes_encrypt_cbc_256 PROC +gen_aes_cbc_enc_func 14 +intel_aes_encrypt_cbc_256 ENDP + +ALIGN 16 +intel_aes_decrypt_cbc_128 PROC +gen_aes_cbc_dec_func 10 +intel_aes_decrypt_cbc_128 ENDP + +ALIGN 16 +intel_aes_decrypt_cbc_192 PROC +gen_aes_cbc_dec_func 12 +intel_aes_decrypt_cbc_192 ENDP + +ALIGN 16 +intel_aes_decrypt_cbc_256 PROC +gen_aes_cbc_dec_func 14 +intel_aes_decrypt_cbc_256 ENDP + + + +ctrCtx textequ <esi> +CTR textequ <ebx> + +gen_aes_ctr_func MACRO rnds + +LOCAL loop7 +LOCAL loop1 +LOCAL enc1 +LOCAL bail + + push inputLen + push ctrCtx + push CTR + push ebp + + mov ctrCtx, [esp + 4*5 + 0*4] + mov output, [esp + 4*5 + 1*4] + mov input, [esp + 4*5 + 4*4] + mov inputLen, [esp + 4*5 + 5*4] + + mov ctx, [4+ctrCtx] + lea ctx, [44+ctx] + + mov ebp, esp + sub esp, 7*16 + and esp, -16 + + movdqu xmm0, [8+ctrCtx] + mov ctrCtx, [ctrCtx + 8 + 3*4] + bswap ctrCtx + movdqu xmm1, [ctx + 0*16] + + pxor xmm0, xmm1 + + movdqa [esp + 0*16], xmm0 + movdqa [esp + 1*16], xmm0 + movdqa [esp + 2*16], xmm0 + movdqa [esp + 3*16], xmm0 + movdqa [esp + 4*16], xmm0 + movdqa [esp + 5*16], xmm0 + movdqa [esp + 6*16], xmm0 + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 1*16 + 3*4], CTR + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 2*16 + 3*4], CTR + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 3*16 + 3*4], CTR + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 4*16 + 3*4], CTR + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 5*16 + 3*4], CTR + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 6*16 + 3*4], CTR + + +loop7: + cmp inputLen, 7*16 + jb loop1 + + movdqu xmm0, [0*16 + esp] + movdqu xmm1, [1*16 + esp] + movdqu xmm2, [2*16 + esp] + movdqu xmm3, [3*16 + esp] + movdqu xmm4, [4*16 + esp] + movdqu xmm5, [5*16 + esp] + movdqu xmm6, [6*16 + esp] + + i = 1 + WHILE i LE 7 + aes_rnd i + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + (i-1)*16 + 3*4], CTR + + i = i+1 + ENDM + WHILE i LT rnds + aes_rnd i + i = i+1 + ENDM + aes_last_rnd rnds + + movdqu xmm7, [0*16 + input] + pxor xmm0, xmm7 + movdqu xmm7, [1*16 + input] + pxor xmm1, xmm7 + movdqu xmm7, [2*16 + input] + pxor xmm2, xmm7 + movdqu xmm7, [3*16 + input] + pxor xmm3, xmm7 + movdqu xmm7, [4*16 + input] + pxor xmm4, xmm7 + movdqu xmm7, [5*16 + input] + pxor xmm5, xmm7 + movdqu xmm7, [6*16 + input] + pxor xmm6, xmm7 + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + + lea input, [7*16 + input] + lea output, [7*16 + output] + sub inputLen, 7*16 + jmp loop7 + + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [esp] + add esp, 16 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesenc xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aesenclast xmm0, xmm7 + + movdqu xmm7, [input] + pxor xmm0, xmm7 + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + + mov ctrCtx, [ebp + 4*5 + 0*4] + movdqu xmm0, [esp] + movdqu xmm1, [ctx + 0*16] + pxor xmm0, xmm1 + movdqu [8+ctrCtx], xmm0 + + + xor eax, eax + mov esp, ebp + pop ebp + pop CTR + pop ctrCtx + pop inputLen + ret +ENDM + + +ALIGN 16 +intel_aes_encrypt_ctr_128 PROC +gen_aes_ctr_func 10 +intel_aes_encrypt_ctr_128 ENDP + +ALIGN 16 +intel_aes_encrypt_ctr_192 PROC +gen_aes_ctr_func 12 +intel_aes_encrypt_ctr_192 ENDP + +ALIGN 16 +intel_aes_encrypt_ctr_256 PROC +gen_aes_ctr_func 14 +intel_aes_encrypt_ctr_256 ENDP + + +END diff --git a/security/nss/lib/freebl/intel-aes.h b/security/nss/lib/freebl/intel-aes.h index 1e18007..3b71e5f 100644 --- a/security/nss/lib/freebl/intel-aes.h +++ b/security/nss/lib/freebl/intel-aes.h @@ -33,6 +33,12 @@ SECStatus intel_aes_decrypt_cbc_128(AESContext *cx, unsigned char *output, const unsigned char *input, unsigned int inputLen, unsigned int blocksize); +SECStatus intel_aes_encrypt_ctr_128(CTRContext *cx, unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen, + unsigned int blocksize); SECStatus intel_aes_encrypt_ecb_192(AESContext *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, @@ -57,6 +63,12 @@ SECStatus intel_aes_decrypt_cbc_192(AESContext *cx, unsigned char *output, const unsigned char *input, unsigned int inputLen, unsigned int blocksize); +SECStatus intel_aes_encrypt_ctr_192(CTRContext *cx, unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen, + unsigned int blocksize); SECStatus intel_aes_encrypt_ecb_256(AESContext *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, @@ -81,6 +93,12 @@ SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output, const unsigned char *input, unsigned int inputLen, unsigned int blocksize); +SECStatus intel_aes_encrypt_ctr_256(CTRContext *cx, unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen, + unsigned int blocksize); #define intel_aes_ecb_worker(encrypt, keysize) \ @@ -102,6 +120,11 @@ SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output, (keysize) == 24 ? intel_aes_decrypt_cbc_192 : \ intel_aes_decrypt_cbc_256)) +#define intel_aes_ctr_worker(nr) \ + ((nr) == 10 ? intel_aes_encrypt_ctr_128 : \ + (nr) == 12 ? intel_aes_encrypt_ctr_192 : \ + intel_aes_encrypt_ctr_256) + #define intel_aes_init(encrypt, keysize) \ do { \ diff --git a/security/nss/lib/freebl/intel-gcm-wrap.c b/security/nss/lib/freebl/intel-gcm-wrap.c index b2f6f5e..9b0a542 100644 --- a/security/nss/lib/freebl/intel-gcm-wrap.c +++ b/security/nss/lib/freebl/intel-gcm-wrap.c @@ -3,7 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* Copyright(c) 2013, Intel Corp. */ -/* Wrapper funcions for Intel optimized implementation of AES-GCM */ +/* Wrapper functions for Intel optimized implementation of AES-GCM */ #ifdef USE_HW_AES @@ -24,12 +24,8 @@ #include "intel-gcm.h" #include "rijndael.h" -#if defined(__INTEL_COMPILER) -#include <ia32intrin.h> -#elif defined(__GNUC__) #include <emmintrin.h> #include <tmmintrin.h> -#endif struct intel_AES_GCMContextStr{ @@ -43,21 +39,21 @@ struct intel_AES_GCMContextStr{ unsigned long Mlen; }; -intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, +intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFunc cipher, - const unsigned char *params, + const unsigned char *params, unsigned int blocksize) { intel_AES_GCMContext *gcm = NULL; AESContext *aes = (AESContext*)context; const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params; unsigned char buff[AES_BLOCK_SIZE]; /* aux buffer */ - - int IV_whole_len = gcmParams->ulIvLen&(~0xf); - int IV_remainder_len = gcmParams->ulIvLen&0xf; - int AAD_whole_len = gcmParams->ulAADLen&(~0xf); - int AAD_remainder_len = gcmParams->ulAADLen&0xf; - + + unsigned long IV_whole_len = gcmParams->ulIvLen & (~0xful); + unsigned int IV_remainder_len = gcmParams->ulIvLen & 0xful; + unsigned long AAD_whole_len = gcmParams->ulAADLen & (~0xful); + unsigned int AAD_remainder_len = gcmParams->ulAADLen & 0xful; + __m128i BSWAP_MASK = _mm_setr_epi8(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0); __m128i ONE = _mm_set_epi32(0,0,0,1); unsigned int j; @@ -68,66 +64,80 @@ intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, return NULL; } gcm = PORT_ZNew(intel_AES_GCMContext); - + if (gcm == NULL) { return NULL; } + /* initialize context fields */ gcm->aes_context = aes; gcm->tagBits = gcmParams->ulTagBits; gcm->Alen = 0; gcm->Mlen = 0; + /* first prepare H and its derivatives for ghash */ intel_aes_gcmINIT(gcm->Htbl, (unsigned char*)aes->expandedKey, aes->Nr); - /* Initial TAG value is zero*/ + + /* Initial TAG value is zero */ _mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128()); _mm_storeu_si128((__m128i*)gcm->X0, _mm_setzero_si128()); + /* Init the counter */ - if(gcmParams->ulIvLen == 12) { - _mm_storeu_si128((__m128i*)gcm->CTR, _mm_setr_epi32(((unsigned int*)gcmParams->pIv)[0], ((unsigned int*)gcmParams->pIv)[1], ((unsigned int*)gcmParams->pIv)[2], 0x01000000)); + if (gcmParams->ulIvLen == 12) { + _mm_storeu_si128((__m128i*)gcm->CTR, + _mm_setr_epi32(((unsigned int*)gcmParams->pIv)[0], + ((unsigned int*)gcmParams->pIv)[1], + ((unsigned int*)gcmParams->pIv)[2], + 0x01000000)); } else { - /* If IV size is not 96 bits, then the initial counter value is GHASH of the IV */ + /* If IV size is not 96 bits, then the initial counter value is GHASH + * of the IV */ intel_aes_gcmAAD(gcm->Htbl, gcmParams->pIv, IV_whole_len, gcm->T); + /* Partial block */ - if(IV_remainder_len) { + if (IV_remainder_len) { PORT_Memset(buff, 0, AES_BLOCK_SIZE); PORT_Memcpy(buff, gcmParams->pIv + IV_whole_len, IV_remainder_len); intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T); - } - - intel_aes_gcmTAG - ( + } + + intel_aes_gcmTAG( gcm->Htbl, gcm->T, gcmParams->ulIvLen, 0, gcm->X0, - gcm->CTR - ); + gcm->CTR); + /* TAG should be zero again */ _mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128()); } - /* Encrypt the initial counter, will be used to encrypt the GHASH value, in the end */ - rv = (*cipher)(context, gcm->X0, &j, AES_BLOCK_SIZE, gcm->CTR, AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + /* Encrypt the initial counter, will be used to encrypt the GHASH value, + * in the end */ + rv = (*cipher)(context, gcm->X0, &j, AES_BLOCK_SIZE, gcm->CTR, + AES_BLOCK_SIZE, AES_BLOCK_SIZE); if (rv != SECSuccess) { goto loser; } + /* Promote the counter by 1 */ _mm_storeu_si128((__m128i*)gcm->CTR, _mm_shuffle_epi8(_mm_add_epi32(ONE, _mm_shuffle_epi8(_mm_loadu_si128((__m128i*)gcm->CTR), BSWAP_MASK)), BSWAP_MASK)); -/* Now hash AAD - it would actually make sense to seperate the context creation from the AAD, - * because that would allow to reuse the H, which only changes when the AES key changes, - * and not every package, like the IV and AAD */ + /* Now hash AAD - it would actually make sense to seperate the context + * creation from the AAD, because that would allow to reuse the H, which + * only changes when the AES key changes, and not every package, like the + * IV and AAD */ intel_aes_gcmAAD(gcm->Htbl, gcmParams->pAAD, AAD_whole_len, gcm->T); - if(AAD_remainder_len) { + if (AAD_remainder_len) { PORT_Memset(buff, 0, AES_BLOCK_SIZE); PORT_Memcpy(buff, gcmParams->pAAD + AAD_whole_len, AAD_remainder_len); intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T); } gcm->Alen += gcmParams->ulAADLen; return gcm; - - loser: + +loser: if (gcm) { PORT_Free(gcm); } @@ -141,17 +151,17 @@ void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit) } } -SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, +SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf, - unsigned int *outlen, unsigned int maxout, - const unsigned char *inbuf, unsigned int inlen, - unsigned int blocksize) + unsigned int *outlen, unsigned int maxout, + const unsigned char *inbuf, unsigned int inlen, + unsigned int blocksize) { unsigned int tagBytes; unsigned char T[AES_BLOCK_SIZE]; - int j; + unsigned int j; - tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE; + tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE; if (UINT_MAX - inlen < tagBytes) { PORT_SetError(SEC_ERROR_INPUT_LEN); return SECFailure; @@ -169,7 +179,7 @@ SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, inlen); gcm->Mlen += inlen; - + intel_aes_gcmTAG( gcm->Htbl, gcm->T, @@ -180,34 +190,39 @@ SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, *outlen = inlen + tagBytes; - for(j=0; j<tagBytes; j++) - { - outbuf[inlen+j] = T[j]; + for (j = 0; j < tagBytes; j++) { + outbuf[inlen + j] = T[j]; } return SECSuccess; } -SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, +SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf, - unsigned int *outlen, unsigned int maxout, - const unsigned char *inbuf, unsigned int inlen, - unsigned int blocksize) + unsigned int *outlen, unsigned int maxout, + const unsigned char *inbuf, unsigned int inlen, + unsigned int blocksize) { unsigned int tagBytes; unsigned char T[AES_BLOCK_SIZE]; const unsigned char *intag; - tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE; - + tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE; + /* get the authentication block */ if (inlen < tagBytes) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); + PORT_SetError(SEC_ERROR_INPUT_LEN); return SECFailure; } inlen -= tagBytes; intag = inbuf + inlen; + if (maxout < inlen) { + *outlen = inlen; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + intel_aes_gcmDEC( inbuf, outbuf, @@ -224,6 +239,8 @@ SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, T); if (NSS_SecureMemcmp(T, intag, tagBytes) != 0) { + memset(outbuf, 0, inlen); + *outlen = 0; /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */ PORT_SetError(SEC_ERROR_BAD_DATA); return SECFailure; diff --git a/security/nss/lib/freebl/intel-gcm-x64-masm.asm b/security/nss/lib/freebl/intel-gcm-x64-masm.asm new file mode 100644 index 0000000..8b68b76 --- /dev/null +++ b/security/nss/lib/freebl/intel-gcm-x64-masm.asm @@ -0,0 +1,1295 @@ +; LICENSE: +; This submission to NSS is to be made available under the terms of the +; Mozilla Public License, v. 2.0. You can obtain one at http: +; //mozilla.org/MPL/2.0/. +;############################################################################### +; Copyright(c) 2014, Intel Corp. +; Developers and authors: +; Shay Gueron and Vlad Krasnov +; Intel Corporation, Israel Development Centre, Haifa, Israel +; Please send feedback directly to crypto.feedback.alias(a)intel.com + + +.DATA +ALIGN 16 +Lone dq 1,0 +Ltwo dq 2,0 +Lbswap_mask db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +Lshuff_mask dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh +Lpoly dq 01h, 0c200000000000000h + +.CODE + + +GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4 + vpclmulqdq TMP1, SRC2, SRC1, 0h + vpclmulqdq TMP4, SRC2, SRC1, 011h + + vpshufd TMP2, SRC2, 78 + vpshufd TMP3, SRC1, 78 + vpxor TMP2, TMP2, SRC2 + vpxor TMP3, TMP3, SRC1 + + vpclmulqdq TMP2, TMP2, TMP3, 0h + vpxor TMP2, TMP2, TMP1 + vpxor TMP2, TMP2, TMP4 + + vpslldq TMP3, TMP2, 8 + vpsrldq TMP2, TMP2, 8 + + vpxor TMP1, TMP1, TMP3 + vpxor TMP4, TMP4, TMP2 + + vpclmulqdq TMP2, TMP1, [Lpoly], 010h + vpshufd TMP3, TMP1, 78 + vpxor TMP1, TMP2, TMP3 + + vpclmulqdq TMP2, TMP1, [Lpoly], 010h + vpshufd TMP3, TMP1, 78 + vpxor TMP1, TMP2, TMP3 + + vpxor DST, TMP1, TMP4 + + ENDM + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Generates the final GCM tag +; void intel_aes_gcmTAG(unsigned char Htbl[16*16], +; unsigned char *Tp, +; unsigned int Mlen, +; unsigned int Alen, +; unsigned char *X0, +; unsigned char *TAG); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmTAG PROC + +Htbl textequ <rcx> +Tp textequ <rdx> +Mlen textequ <r8> +Alen textequ <r9> +X0 textequ <r10> +TAG textequ <r11> + +T textequ <xmm0> +TMP0 textequ <xmm1> + + mov X0, [rsp + 1*8 + 4*8] + mov TAG, [rsp + 1*8 + 5*8] + + vzeroupper + vmovdqu T, XMMWORD PTR[Tp] + vpxor TMP0, TMP0, TMP0 + + shl Mlen, 3 + shl Alen, 3 + + ;vpinsrq TMP0, TMP0, Mlen, 0 + ;vpinsrq TMP0, TMP0, Alen, 1 + ; workaround the ml64.exe vpinsrq issue + vpinsrd TMP0, TMP0, r8d, 0 + vpinsrd TMP0, TMP0, r9d, 2 + shr Mlen, 32 + shr Alen, 32 + vpinsrd TMP0, TMP0, r8d, 1 + vpinsrd TMP0, TMP0, r9d, 3 + + vpxor T, T, TMP0 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, xmm2, xmm3, xmm4, xmm5 + + vpshufb T, T, [Lbswap_mask] + vpxor T, T, [X0] + vmovdqu XMMWORD PTR[TAG], T + vzeroupper + + ret + +intel_aes_gcmTAG ENDP + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Generates the H table +; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmINIT PROC + +Htbl textequ <rcx> +KS textequ <rdx> +NR textequ <r8d> + +T textequ <xmm0> +TMP0 textequ <xmm1> + + vzeroupper + ; AES-ENC(0) + vmovdqu T, XMMWORD PTR[KS] + lea KS, [16 + KS] + dec NR +Lenc_loop: + vaesenc T, T, [KS] + lea KS, [16 + KS] + dec NR + jnz Lenc_loop + + vaesenclast T, T, [KS] + vpshufb T, T, [Lbswap_mask] + + ;Calculate H` = GFMUL(H, 2) + vpsrad xmm3, T, 31 + vpshufd xmm3, xmm3, 0ffh + vpand xmm5, xmm3, [Lpoly] + vpsrld xmm3, T, 31 + vpslld xmm4, T, 1 + vpslldq xmm3, xmm3, 4 + vpxor T, xmm4, xmm3 + vpxor T, T, xmm5 + + vmovdqu TMP0, T + vmovdqu XMMWORD PTR[Htbl + 0*16], T + + vpshufd xmm2, T, 78 + vpxor xmm2, xmm2, T + vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2 + + i = 1 + WHILE i LT 8 + GFMUL T, T, TMP0, xmm2, xmm3, xmm4, xmm5 + vmovdqu XMMWORD PTR[Htbl + i*16], T + vpshufd xmm2, T, 78 + vpxor xmm2, xmm2, T + vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2 + i = i+1 + ENDM + vzeroupper + ret +intel_aes_gcmINIT ENDP + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Authenticate only +; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmAAD PROC + +Htbl textequ <rcx> +inp textequ <rdx> +len textequ <r8> +Tp textequ <r9> +hlp0 textequ <r10> + +DATA textequ <xmm0> +T textequ <xmm1> +TMP0 textequ <xmm2> +TMP1 textequ <xmm3> +TMP2 textequ <xmm4> +TMP3 textequ <xmm5> +TMP4 textequ <xmm6> +Xhi textequ <xmm7> + +KARATSUBA_AAD MACRO i + vpclmulqdq TMP3, DATA, [Htbl + i*16], 0h + vpxor TMP0, TMP0, TMP3 + vpclmulqdq TMP3, DATA, [Htbl + i*16], 011h + vpxor TMP1, TMP1, TMP3 + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP3, TMP3, [Htbl + 8*16 + i*16], 0h + vpxor TMP2, TMP2, TMP3 +ENDM + + test len, len + jnz LbeginAAD + ret + +LbeginAAD: + vzeroupper + + sub rsp, 2*16 + vmovdqu XMMWORD PTR[rsp + 0*16], xmm6 + vmovdqu XMMWORD PTR[rsp + 1*16], xmm7 + + vpxor Xhi, Xhi, Xhi + + vmovdqu T, XMMWORD PTR[Tp] + ;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first + mov hlp0, len + and hlp0, 128-1 + jz Lmod_loop + + and len, -128 + sub hlp0, 16 + + ; Prefix block + vmovdqu DATA, XMMWORD PTR[inp] + vpshufb DATA, DATA, [Lbswap_mask] + vpxor DATA, DATA, T + + vpclmulqdq TMP0, DATA, [Htbl + hlp0], 0h + vpclmulqdq TMP1, DATA, [Htbl + hlp0], 011h + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP2, TMP3, [Htbl + 8*16 + hlp0], 0h + + lea inp, [inp+16] + test hlp0, hlp0 + jnz Lpre_loop + jmp Lred1 + + ;hash remaining prefix bocks (up to 7 total prefix blocks) +Lpre_loop: + + sub hlp0, 16 + + vmovdqu DATA, XMMWORD PTR[inp] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP3, DATA, [Htbl + hlp0], 0h + vpxor TMP0, TMP0, TMP3 + vpclmulqdq TMP3, DATA, [Htbl + hlp0], 011h + vpxor TMP1, TMP1, TMP3 + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP3, TMP3, [Htbl + 8*16 + hlp0], 0h + vpxor TMP2, TMP2, TMP3 + + test hlp0, hlp0 + lea inp, [inp+16] + jnz Lpre_loop + +Lred1: + + vpxor TMP2, TMP2, TMP0 + vpxor TMP2, TMP2, TMP1 + vpsrldq TMP3, TMP2, 8 + vpslldq TMP2, TMP2, 8 + + vpxor Xhi, TMP1, TMP3 + vpxor T, TMP0, TMP2 + + +Lmod_loop: + + sub len, 16*8 + jb Ldone + ; Block #0 + vmovdqu DATA, XMMWORD PTR[inp + 16*7] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP0, DATA, [Htbl + 0*16], 0h + vpclmulqdq TMP1, DATA, [Htbl + 0*16], 011h + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP2, TMP3, [Htbl + 8*16 + 0*16], 0h + + ; Block #1 + vmovdqu DATA, XMMWORD PTR[inp + 16*6] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 1 + + ; Block #2 + vmovdqu DATA, XMMWORD PTR[inp + 16*5] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP4, T, [Lpoly], 010h ;reduction stage 1a + vpalignr T, T, T, 8 + + KARATSUBA_AAD 2 + + vpxor T, T, TMP4 ;reduction stage 1b + + ; Block #3 + vmovdqu DATA, XMMWORD PTR[inp + 16*4] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 3 + ; Block #4 + vmovdqu DATA, XMMWORD PTR[inp + 16*3] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP4, T, [Lpoly], 010h ;reduction stage 2a + vpalignr T, T, T, 8 + + KARATSUBA_AAD 4 + + vpxor T, T, TMP4 ;reduction stage 2b + ; Block #5 + vmovdqu DATA, XMMWORD PTR[inp + 16*2] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 5 + + vpxor T, T, Xhi ;reduction finalize + ; Block #6 + vmovdqu DATA, XMMWORD PTR[inp + 16*1] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 6 + ; Block #7 + vmovdqu DATA, XMMWORD PTR[inp + 16*0] + vpshufb DATA, DATA, [Lbswap_mask] + vpxor DATA, DATA, T + KARATSUBA_AAD 7 + ; Aggregated 8 blocks, now karatsuba fixup + vpxor TMP2, TMP2, TMP0 + vpxor TMP2, TMP2, TMP1 + vpsrldq TMP3, TMP2, 8 + vpslldq TMP2, TMP2, 8 + + vpxor Xhi, TMP1, TMP3 + vpxor T, TMP0, TMP2 + + lea inp, [inp + 16*8] + jmp Lmod_loop + +Ldone: + vpclmulqdq TMP4, T, [Lpoly], 010h + vpalignr T, T, T, 8 + vpxor T, T, TMP4 + + vpclmulqdq TMP4, T, [Lpoly], 010h + vpalignr T, T, T, 8 + vpxor T, T, TMP4 + + vpxor T, T, Xhi + vmovdqu XMMWORD PTR[Tp], T + vzeroupper + + vmovdqu xmm6, XMMWORD PTR[rsp + 0*16] + vmovdqu xmm7, XMMWORD PTR[rsp + 1*16] + add rsp, 16*2 + + ret + +intel_aes_gcmAAD ENDP + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Encrypt and Authenticate +; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmENC PROC + +PT textequ <rcx> +CT textequ <rdx> +Htbl textequ <r8> +Gctx textequ <r8> +len textequ <r9> +KS textequ <r10> +NR textequ <eax> + +aluCTR textequ <r11d> +aluKSl textequ <r12d> +aluTMP textequ <r13d> + +T textequ <xmm0> +TMP0 textequ <xmm1> +TMP1 textequ <xmm2> +TMP2 textequ <xmm3> +TMP3 textequ <xmm4> +TMP4 textequ <xmm5> +TMP5 textequ <xmm6> +CTR0 textequ <xmm7> +CTR1 textequ <xmm8> +CTR2 textequ <xmm9> +CTR3 textequ <xmm10> +CTR4 textequ <xmm11> +CTR5 textequ <xmm12> +CTR6 textequ <xmm13> +CTR7 textequ <xmm14> +BSWAPMASK textequ <xmm15> + +ROUND MACRO i + vmovdqu TMP3, XMMWORD PTR[i*16 + KS] + vaesenc CTR0, CTR0, TMP3 + vaesenc CTR1, CTR1, TMP3 + vaesenc CTR2, CTR2, TMP3 + vaesenc CTR3, CTR3, TMP3 + vaesenc CTR4, CTR4, TMP3 + vaesenc CTR5, CTR5, TMP3 + vaesenc CTR6, CTR6, TMP3 + vaesenc CTR7, CTR7, TMP3 +ENDM +ROUNDMUL MACRO i + vmovdqu TMP3, XMMWORD PTR[i*16 + KS] + + vaesenc CTR0, CTR0, TMP3 + vaesenc CTR1, CTR1, TMP3 + vaesenc CTR2, CTR2, TMP3 + vaesenc CTR3, CTR3, TMP3 + + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + + vaesenc CTR4, CTR4, TMP3 + vaesenc CTR5, CTR5, TMP3 + vaesenc CTR6, CTR6, TMP3 + vaesenc CTR7, CTR7, TMP3 + + vpclmulqdq TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h + vpxor TMP0, TMP0, TMP3 + vmovdqu TMP4, XMMWORD PTR[i*16 + Htbl] + vpclmulqdq TMP3, TMP5, TMP4, 011h + vpxor TMP1, TMP1, TMP3 + vpclmulqdq TMP3, TMP5, TMP4, 000h + vpxor TMP2, TMP2, TMP3 +ENDM +KARATSUBA MACRO i + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h + vpxor TMP0, TMP0, TMP3 + vmovdqu TMP4, XMMWORD PTR[i*16 + Htbl] + vpclmulqdq TMP3, TMP5, TMP4, 011h + vpxor TMP1, TMP1, TMP3 + vpclmulqdq TMP3, TMP5, TMP4, 000h + vpxor TMP2, TMP2, TMP3 +ENDM +NEXTCTR MACRO i + add aluCTR, 1 + mov aluTMP, aluCTR + xor aluTMP, aluKSl + bswap aluTMP + mov [3*4 + 8*16 + i*16 + rsp], aluTMP +ENDM + + + test len, len + jnz LbeginENC + ret + +LbeginENC: + + vzeroupper + push r11 + push r12 + push r13 + push rbp + sub rsp, 10*16 + vmovdqu XMMWORD PTR[rsp + 0*16], xmm6 + vmovdqu XMMWORD PTR[rsp + 1*16], xmm7 + vmovdqu XMMWORD PTR[rsp + 2*16], xmm8 + vmovdqu XMMWORD PTR[rsp + 3*16], xmm9 + vmovdqu XMMWORD PTR[rsp + 4*16], xmm10 + vmovdqu XMMWORD PTR[rsp + 5*16], xmm11 + vmovdqu XMMWORD PTR[rsp + 6*16], xmm12 + vmovdqu XMMWORD PTR[rsp + 7*16], xmm13 + vmovdqu XMMWORD PTR[rsp + 8*16], xmm14 + vmovdqu XMMWORD PTR[rsp + 9*16], xmm15 + + mov rbp, rsp + sub rsp, 16*16 + and rsp, -16 + + vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx] + vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask] + mov KS, [16*16 + 3*16 + Gctx] + mov NR, [4 + KS] + lea KS, [48 + KS] + + vpshufb CTR0, CTR0, BSWAPMASK + + mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx] + mov aluKSl, [3*4 + KS] + bswap aluCTR + bswap aluKSl + + vmovdqu TMP0, XMMWORD PTR[0*16 + KS] + vpxor TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu XMMWORD PTR[8*16 + 0*16 + rsp], TMP0 + + cmp len, 128 + jb LEncDataSingles +; Prepare the "top" counters + vmovdqu XMMWORD PTR[8*16 + 1*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 2*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 3*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 4*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 5*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 6*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 7*16 + rsp], TMP0 + +; Encrypt the initial 8 blocks + sub len, 128 + vpaddd CTR1, CTR0, XMMWORD PTR[Lone] + vpaddd CTR2, CTR0, XMMWORD PTR[Ltwo] + vpaddd CTR3, CTR2, XMMWORD PTR[Lone] + vpaddd CTR4, CTR2, XMMWORD PTR[Ltwo] + vpaddd CTR5, CTR4, XMMWORD PTR[Lone] + vpaddd CTR6, CTR4, XMMWORD PTR[Ltwo] + vpaddd CTR7, CTR6, XMMWORD PTR[Lone] + + vpshufb CTR0, CTR0, BSWAPMASK + vpshufb CTR1, CTR1, BSWAPMASK + vpshufb CTR2, CTR2, BSWAPMASK + vpshufb CTR3, CTR3, BSWAPMASK + vpshufb CTR4, CTR4, BSWAPMASK + vpshufb CTR5, CTR5, BSWAPMASK + vpshufb CTR6, CTR6, BSWAPMASK + vpshufb CTR7, CTR7, BSWAPMASK + + vmovdqu TMP3, XMMWORD PTR[0*16 + KS] + vpxor CTR0, CTR0, TMP3 + vpxor CTR1, CTR1, TMP3 + vpxor CTR2, CTR2, TMP3 + vpxor CTR3, CTR3, TMP3 + vpxor CTR4, CTR4, TMP3 + vpxor CTR5, CTR5, TMP3 + vpxor CTR6, CTR6, TMP3 + vpxor CTR7, CTR7, TMP3 + + ROUND 1 + + add aluCTR, 8 + mov aluTMP, aluCTR + xor aluTMP, aluKSl + bswap aluTMP + mov [8*16 + 0*16 + 3*4 + rsp], aluTMP + + ROUND 2 + NEXTCTR 1 + ROUND 3 + NEXTCTR 2 + ROUND 4 + NEXTCTR 3 + ROUND 5 + NEXTCTR 4 + ROUND 6 + NEXTCTR 5 + ROUND 7 + NEXTCTR 6 + ROUND 8 + NEXTCTR 7 + ROUND 9 + vmovdqu TMP5, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu TMP5, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu TMP5, XMMWORD PTR[14*16 + KS] +@@: + vpxor TMP3, TMP5, XMMWORD PTR[0*16 + PT] + vaesenclast CTR0, CTR0, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[1*16 + PT] + vaesenclast CTR1, CTR1, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[2*16 + PT] + vaesenclast CTR2, CTR2, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[3*16 + PT] + vaesenclast CTR3, CTR3, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[4*16 + PT] + vaesenclast CTR4, CTR4, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[5*16 + PT] + vaesenclast CTR5, CTR5, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[6*16 + PT] + vaesenclast CTR6, CTR6, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[7*16 + PT] + vaesenclast CTR7, CTR7, TMP3 + + vmovdqu XMMWORD PTR[0*16 + CT], CTR0 + vpshufb CTR0, CTR0, BSWAPMASK + vmovdqu XMMWORD PTR[1*16 + CT], CTR1 + vpshufb CTR1, CTR1, BSWAPMASK + vmovdqu XMMWORD PTR[2*16 + CT], CTR2 + vpshufb CTR2, CTR2, BSWAPMASK + vmovdqu XMMWORD PTR[3*16 + CT], CTR3 + vpshufb CTR3, CTR3, BSWAPMASK + vmovdqu XMMWORD PTR[4*16 + CT], CTR4 + vpshufb CTR4, CTR4, BSWAPMASK + vmovdqu XMMWORD PTR[5*16 + CT], CTR5 + vpshufb CTR5, CTR5, BSWAPMASK + vmovdqu XMMWORD PTR[6*16 + CT], CTR6 + vpshufb CTR6, CTR6, BSWAPMASK + vmovdqu XMMWORD PTR[7*16 + CT], CTR7 + vpshufb TMP5, CTR7, BSWAPMASK + + vmovdqa XMMWORD PTR[1*16 + rsp], CTR6 + vmovdqa XMMWORD PTR[2*16 + rsp], CTR5 + vmovdqa XMMWORD PTR[3*16 + rsp], CTR4 + vmovdqa XMMWORD PTR[4*16 + rsp], CTR3 + vmovdqa XMMWORD PTR[5*16 + rsp], CTR2 + vmovdqa XMMWORD PTR[6*16 + rsp], CTR1 + vmovdqa XMMWORD PTR[7*16 + rsp], CTR0 + + lea CT, [8*16 + CT] + lea PT, [8*16 + PT] + jmp LEncDataOctets + +LEncDataOctets: + cmp len, 128 + jb LEndEncOctets + sub len, 128 + + vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + rsp] + vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + rsp] + vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + rsp] + vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + rsp] + vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + rsp] + vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + rsp] + vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + rsp] + vmovdqa CTR7, XMMWORD PTR[8*16 + 7*16 + rsp] + + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[0*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + vmovdqu TMP5, XMMWORD PTR[1*16 + rsp] + ROUNDMUL 1 + NEXTCTR 0 + vmovdqu TMP5, XMMWORD PTR[2*16 + rsp] + ROUNDMUL 2 + NEXTCTR 1 + vmovdqu TMP5, XMMWORD PTR[3*16 + rsp] + ROUNDMUL 3 + NEXTCTR 2 + vmovdqu TMP5, XMMWORD PTR[4*16 + rsp] + ROUNDMUL 4 + NEXTCTR 3 + vmovdqu TMP5, XMMWORD PTR[5*16 + rsp] + ROUNDMUL 5 + NEXTCTR 4 + vmovdqu TMP5, XMMWORD PTR[6*16 + rsp] + ROUNDMUL 6 + NEXTCTR 5 + vpxor TMP5, T, XMMWORD PTR[7*16 + rsp] + ROUNDMUL 7 + NEXTCTR 6 + + ROUND 8 + NEXTCTR 7 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor T, TMP2, TMP3 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + ROUND 9 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + vmovdqu TMP5, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu TMP5, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu TMP5, XMMWORD PTR[14*16 + KS] +@@: + vpxor TMP3, TMP5, XMMWORD PTR[0*16 + PT] + vaesenclast CTR0, CTR0, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[1*16 + PT] + vaesenclast CTR1, CTR1, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[2*16 + PT] + vaesenclast CTR2, CTR2, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[3*16 + PT] + vaesenclast CTR3, CTR3, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[4*16 + PT] + vaesenclast CTR4, CTR4, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[5*16 + PT] + vaesenclast CTR5, CTR5, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[6*16 + PT] + vaesenclast CTR6, CTR6, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[7*16 + PT] + vaesenclast CTR7, CTR7, TMP3 + + vmovdqu XMMWORD PTR[0*16 + CT], CTR0 + vpshufb CTR0, CTR0, BSWAPMASK + vmovdqu XMMWORD PTR[1*16 + CT], CTR1 + vpshufb CTR1, CTR1, BSWAPMASK + vmovdqu XMMWORD PTR[2*16 + CT], CTR2 + vpshufb CTR2, CTR2, BSWAPMASK + vmovdqu XMMWORD PTR[3*16 + CT], CTR3 + vpshufb CTR3, CTR3, BSWAPMASK + vmovdqu XMMWORD PTR[4*16 + CT], CTR4 + vpshufb CTR4, CTR4, BSWAPMASK + vmovdqu XMMWORD PTR[5*16 + CT], CTR5 + vpshufb CTR5, CTR5, BSWAPMASK + vmovdqu XMMWORD PTR[6*16 + CT], CTR6 + vpshufb CTR6, CTR6, BSWAPMASK + vmovdqu XMMWORD PTR[7*16 + CT], CTR7 + vpshufb TMP5, CTR7, BSWAPMASK + + vmovdqa XMMWORD PTR[1*16 + rsp], CTR6 + vmovdqa XMMWORD PTR[2*16 + rsp], CTR5 + vmovdqa XMMWORD PTR[3*16 + rsp], CTR4 + vmovdqa XMMWORD PTR[4*16 + rsp], CTR3 + vmovdqa XMMWORD PTR[5*16 + rsp], CTR2 + vmovdqa XMMWORD PTR[6*16 + rsp], CTR1 + vmovdqa XMMWORD PTR[7*16 + rsp], CTR0 + + vpxor T, T, TMP4 + + lea CT, [8*16 + CT] + lea PT, [8*16 + PT] + jmp LEncDataOctets + +LEndEncOctets: + + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[0*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + vmovdqu TMP5, XMMWORD PTR[1*16 + rsp] + KARATSUBA 1 + vmovdqu TMP5, XMMWORD PTR[2*16 + rsp] + KARATSUBA 2 + vmovdqu TMP5, XMMWORD PTR[3*16 + rsp] + KARATSUBA 3 + vmovdqu TMP5, XMMWORD PTR[4*16 + rsp] + KARATSUBA 4 + vmovdqu TMP5, XMMWORD PTR[5*16 + rsp] + KARATSUBA 5 + vmovdqu TMP5, XMMWORD PTR[6*16 + rsp] + KARATSUBA 6 + vpxor TMP5, T, XMMWORD PTR[7*16 + rsp] + KARATSUBA 7 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor T, TMP2, TMP3 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + vpxor T, T, TMP4 + + sub aluCTR, 7 + +LEncDataSingles: + + cmp len, 16 + jb LEncDataTail + sub len, 16 + + vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp] + NEXTCTR 0 + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 + vpxor TMP1, TMP1, XMMWORD PTR[PT] + vmovdqu XMMWORD PTR[CT], TMP1 + + lea PT, [16+PT] + lea CT, [16+CT] + + vpshufb TMP1, TMP1, BSWAPMASK + vpxor T, T, TMP1 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, TMP1, TMP2, TMP3, TMP4 + + jmp LEncDataSingles + +LEncDataTail: + + test len, len + jz LEncDataEnd + + vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp] + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 +; zero a temp location + vpxor TMP2, TMP2, TMP2 + vmovdqa XMMWORD PTR[rsp], TMP2 +; copy as many bytes as needed + xor KS, KS + +@@: + cmp len, KS + je @f + mov al, [PT + KS] + mov [rsp + KS], al + inc KS + jmp @b +@@: + vpxor TMP1, TMP1, XMMWORD PTR[rsp] + vmovdqa XMMWORD PTR[rsp], TMP1 + xor KS, KS +@@: + cmp len, KS + je @f + mov al, [rsp + KS] + mov [CT + KS], al + inc KS + jmp @b +@@: + cmp KS, 16 + je @f + mov BYTE PTR[rsp + KS], 0 + inc KS + jmp @b +@@: +BAIL: + vmovdqa TMP1, XMMWORD PTR[rsp] + vpshufb TMP1, TMP1, BSWAPMASK + vpxor T, T, TMP1 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, TMP1, TMP2, TMP3, TMP4 + +LEncDataEnd: + + vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T + bswap aluCTR + mov [16*16 + 2*16 + 3*4 + Gctx], aluCTR + + mov rsp, rbp + + vmovdqu xmm6, XMMWORD PTR[rsp + 0*16] + vmovdqu xmm7, XMMWORD PTR[rsp + 1*16] + vmovdqu xmm8, XMMWORD PTR[rsp + 2*16] + vmovdqu xmm9, XMMWORD PTR[rsp + 3*16] + vmovdqu xmm10, XMMWORD PTR[rsp + 4*16] + vmovdqu xmm11, XMMWORD PTR[rsp + 5*16] + vmovdqu xmm12, XMMWORD PTR[rsp + 6*16] + vmovdqu xmm13, XMMWORD PTR[rsp + 7*16] + vmovdqu xmm14, XMMWORD PTR[rsp + 8*16] + vmovdqu xmm15, XMMWORD PTR[rsp + 9*16] + + add rsp, 10*16 + pop rbp + pop r13 + pop r12 + pop r11 + + vzeroupper + + ret +intel_aes_gcmENC ENDP + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Decrypt and Authenticate +; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmDEC PROC + +NEXTCTR MACRO i + add aluCTR, 1 + mov aluTMP, aluCTR + xor aluTMP, aluKSl + bswap aluTMP + mov [3*4 + i*16 + rsp], aluTMP +ENDM + +PT textequ <rdx> +CT textequ <rcx> + + test len, len + jnz LbeginDEC + ret + +LbeginDEC: + + vzeroupper + push r11 + push r12 + push r13 + push rbp + sub rsp, 10*16 + vmovdqu XMMWORD PTR[rsp + 0*16], xmm6 + vmovdqu XMMWORD PTR[rsp + 1*16], xmm7 + vmovdqu XMMWORD PTR[rsp + 2*16], xmm8 + vmovdqu XMMWORD PTR[rsp + 3*16], xmm9 + vmovdqu XMMWORD PTR[rsp + 4*16], xmm10 + vmovdqu XMMWORD PTR[rsp + 5*16], xmm11 + vmovdqu XMMWORD PTR[rsp + 6*16], xmm12 + vmovdqu XMMWORD PTR[rsp + 7*16], xmm13 + vmovdqu XMMWORD PTR[rsp + 8*16], xmm14 + vmovdqu XMMWORD PTR[rsp + 9*16], xmm15 + + mov rbp, rsp + sub rsp, 8*16 + and rsp, -16 + + vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx] + vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask] + mov KS, [16*16 + 3*16 + Gctx] + mov NR, [4 + KS] + lea KS, [48 + KS] + + vpshufb CTR0, CTR0, BSWAPMASK + + mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx] + mov aluKSl, [3*4 + KS] + bswap aluCTR + bswap aluKSl + + vmovdqu TMP0, XMMWORD PTR[0*16 + KS] + vpxor TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu XMMWORD PTR[0*16 + rsp], TMP0 + + cmp len, 128 + jb LDecDataSingles +; Prepare the "top" counters + vmovdqu XMMWORD PTR[1*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[2*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[3*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[4*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[5*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[6*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[7*16 + rsp], TMP0 + + NEXTCTR 1 + NEXTCTR 2 + NEXTCTR 3 + NEXTCTR 4 + NEXTCTR 5 + NEXTCTR 6 + NEXTCTR 7 + +LDecDataOctets: + cmp len, 128 + jb LEndDecOctets + sub len, 128 + + vmovdqa CTR0, XMMWORD PTR[0*16 + rsp] + vmovdqa CTR1, XMMWORD PTR[1*16 + rsp] + vmovdqa CTR2, XMMWORD PTR[2*16 + rsp] + vmovdqa CTR3, XMMWORD PTR[3*16 + rsp] + vmovdqa CTR4, XMMWORD PTR[4*16 + rsp] + vmovdqa CTR5, XMMWORD PTR[5*16 + rsp] + vmovdqa CTR6, XMMWORD PTR[6*16 + rsp] + vmovdqa CTR7, XMMWORD PTR[7*16 + rsp] + + vmovdqu TMP5, XMMWORD PTR[7*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[0*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + vmovdqu TMP5, XMMWORD PTR[6*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 1 + NEXTCTR 0 + vmovdqu TMP5, XMMWORD PTR[5*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 2 + NEXTCTR 1 + vmovdqu TMP5, XMMWORD PTR[4*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 3 + NEXTCTR 2 + vmovdqu TMP5, XMMWORD PTR[3*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 4 + NEXTCTR 3 + vmovdqu TMP5, XMMWORD PTR[2*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 5 + NEXTCTR 4 + vmovdqu TMP5, XMMWORD PTR[1*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 6 + NEXTCTR 5 + vmovdqu TMP5, XMMWORD PTR[0*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + vpxor TMP5, TMP5, T + ROUNDMUL 7 + NEXTCTR 6 + + ROUND 8 + NEXTCTR 7 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor T, TMP2, TMP3 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + ROUND 9 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + vmovdqu TMP5, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu TMP5, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu TMP5, XMMWORD PTR[14*16 + KS] +@@: + vpxor TMP3, TMP5, XMMWORD PTR[0*16 + CT] + vaesenclast CTR0, CTR0, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[1*16 + CT] + vaesenclast CTR1, CTR1, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[2*16 + CT] + vaesenclast CTR2, CTR2, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[3*16 + CT] + vaesenclast CTR3, CTR3, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[4*16 + CT] + vaesenclast CTR4, CTR4, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[5*16 + CT] + vaesenclast CTR5, CTR5, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[6*16 + CT] + vaesenclast CTR6, CTR6, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[7*16 + CT] + vaesenclast CTR7, CTR7, TMP3 + + vmovdqu XMMWORD PTR[0*16 + PT], CTR0 + vmovdqu XMMWORD PTR[1*16 + PT], CTR1 + vmovdqu XMMWORD PTR[2*16 + PT], CTR2 + vmovdqu XMMWORD PTR[3*16 + PT], CTR3 + vmovdqu XMMWORD PTR[4*16 + PT], CTR4 + vmovdqu XMMWORD PTR[5*16 + PT], CTR5 + vmovdqu XMMWORD PTR[6*16 + PT], CTR6 + vmovdqu XMMWORD PTR[7*16 + PT], CTR7 + + vpxor T, T, TMP4 + + lea CT, [8*16 + CT] + lea PT, [8*16 + PT] + jmp LDecDataOctets + +LEndDecOctets: + + sub aluCTR, 7 + +LDecDataSingles: + + cmp len, 16 + jb LDecDataTail + sub len, 16 + + vmovdqa TMP1, XMMWORD PTR[0*16 + rsp] + NEXTCTR 0 + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 + + vmovdqu TMP2, XMMWORD PTR[CT] + vpxor TMP1, TMP1, TMP2 + vmovdqu XMMWORD PTR[PT], TMP1 + + lea PT, [16+PT] + lea CT, [16+CT] + + vpshufb TMP2, TMP2, BSWAPMASK + vpxor T, T, TMP2 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, TMP1, TMP2, TMP3, TMP4 + + jmp LDecDataSingles + +LDecDataTail: + + test len, len + jz LDecDataEnd + + vmovdqa TMP1, XMMWORD PTR[0*16 + rsp] + inc aluCTR + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 +; copy as many bytes as needed + xor KS, KS +@@: + cmp len, KS + je @f + mov al, [CT + KS] + mov [rsp + KS], al + inc KS + jmp @b +@@: + cmp KS, 16 + je @f + mov BYTE PTR[rsp + KS], 0 + inc KS + jmp @b +@@: + vmovdqa TMP2, XMMWORD PTR[rsp] + vpshufb TMP2, TMP2, BSWAPMASK + vpxor T, T, TMP2 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, TMP5, TMP2, TMP3, TMP4 + + + vpxor TMP1, TMP1, XMMWORD PTR[rsp] + vmovdqa XMMWORD PTR[rsp], TMP1 + xor KS, KS +@@: + cmp len, KS + je @f + mov al, [rsp + KS] + mov [PT + KS], al + inc KS + jmp @b +@@: + +LDecDataEnd: + + vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T + bswap aluCTR + mov [16*16 + 2*16 + 3*4 + Gctx], aluCTR + + mov rsp, rbp + + vmovdqu xmm6, XMMWORD PTR[rsp + 0*16] + vmovdqu xmm7, XMMWORD PTR[rsp + 1*16] + vmovdqu xmm8, XMMWORD PTR[rsp + 2*16] + vmovdqu xmm9, XMMWORD PTR[rsp + 3*16] + vmovdqu xmm10, XMMWORD PTR[rsp + 4*16] + vmovdqu xmm11, XMMWORD PTR[rsp + 5*16] + vmovdqu xmm12, XMMWORD PTR[rsp + 6*16] + vmovdqu xmm13, XMMWORD PTR[rsp + 7*16] + vmovdqu xmm14, XMMWORD PTR[rsp + 8*16] + vmovdqu xmm15, XMMWORD PTR[rsp + 9*16] + + add rsp, 10*16 + pop rbp + pop r13 + pop r12 + pop r11 + + vzeroupper + + ret +ret +intel_aes_gcmDEC ENDP + + +END diff --git a/security/nss/lib/freebl/intel-gcm-x86-masm.asm b/security/nss/lib/freebl/intel-gcm-x86-masm.asm new file mode 100644 index 0000000..6362ad8 --- /dev/null +++ b/security/nss/lib/freebl/intel-gcm-x86-masm.asm @@ -0,0 +1,1209 @@ +; LICENSE: +; This submission to NSS is to be made available under the terms of the +; Mozilla Public License, v. 2.0. You can obtain one at http: +; //mozilla.org/MPL/2.0/. +;############################################################################### +; Copyright(c) 2014, Intel Corp. +; Developers and authors: +; Shay Gueron and Vlad Krasnov +; Intel Corporation, Israel Development Centre, Haifa, Israel +; Please send feedback directly to crypto.feedback.alias(a)intel.com + + +.MODEL FLAT, C +.XMM + +.DATA +ALIGN 16 +Lone dq 1,0 +Ltwo dq 2,0 +Lbswap_mask db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +Lshuff_mask dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh +Lpoly dq 01h, 0c200000000000000h + +.CODE + + +GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4 + vpclmulqdq TMP1, SRC2, SRC1, 0h + vpclmulqdq TMP4, SRC2, SRC1, 011h + + vpshufd TMP2, SRC2, 78 + vpshufd TMP3, SRC1, 78 + vpxor TMP2, TMP2, SRC2 + vpxor TMP3, TMP3, SRC1 + + vpclmulqdq TMP2, TMP2, TMP3, 0h + vpxor TMP2, TMP2, TMP1 + vpxor TMP2, TMP2, TMP4 + + vpslldq TMP3, TMP2, 8 + vpsrldq TMP2, TMP2, 8 + + vpxor TMP1, TMP1, TMP3 + vpxor TMP4, TMP4, TMP2 + + vpclmulqdq TMP2, TMP1, [Lpoly], 010h + vpshufd TMP3, TMP1, 78 + vpxor TMP1, TMP2, TMP3 + + vpclmulqdq TMP2, TMP1, [Lpoly], 010h + vpshufd TMP3, TMP1, 78 + vpxor TMP1, TMP2, TMP3 + + vpxor DST, TMP1, TMP4 + + ENDM + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Generates the final GCM tag +; void intel_aes_gcmTAG(unsigned char Htbl[16*16], +; unsigned char *Tp, +; unsigned int Mlen, +; unsigned int Alen, +; unsigned char* X0, +; unsigned char* TAG); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmTAG PROC + +Htbl textequ <eax> +Tp textequ <ecx> +X0 textequ <edx> +TAG textequ <ebx> + +T textequ <xmm0> +TMP0 textequ <xmm1> + + push ebx + + mov Htbl, [esp + 2*4 + 0*4] + mov Tp, [esp + 2*4 + 1*4] + mov X0, [esp + 2*4 + 4*4] + mov TAG, [esp + 2*4 + 5*4] + + vzeroupper + vmovdqu T, XMMWORD PTR[Tp] + + vpxor TMP0, TMP0, TMP0 + vpinsrd TMP0, TMP0, DWORD PTR[esp + 2*4 + 2*4], 0 + vpinsrd TMP0, TMP0, DWORD PTR[esp + 2*4 + 3*4], 2 + vpsllq TMP0, TMP0, 3 + + vpxor T, T, TMP0 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, xmm2, xmm3, xmm4, xmm5 + + vpshufb T, T, [Lbswap_mask] + vpxor T, T, [X0] + vmovdqu XMMWORD PTR[TAG], T + vzeroupper + + pop ebx + + ret + +intel_aes_gcmTAG ENDP + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Generates the H table +; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmINIT PROC + +Htbl textequ <eax> +KS textequ <ecx> +NR textequ <edx> + +T textequ <xmm0> +TMP0 textequ <xmm1> + + mov Htbl, [esp + 4*1 + 0*4] + mov KS, [esp + 4*1 + 1*4] + mov NR, [esp + 4*1 + 2*4] + + vzeroupper + ; AES-ENC(0) + vmovdqu T, XMMWORD PTR[KS] + lea KS, [16 + KS] + dec NR +Lenc_loop: + vaesenc T, T, [KS] + lea KS, [16 + KS] + dec NR + jnz Lenc_loop + + vaesenclast T, T, [KS] + vpshufb T, T, [Lbswap_mask] + + ;Calculate H` = GFMUL(H, 2) + vpsrad xmm3, T, 31 + vpshufd xmm3, xmm3, 0ffh + vpand xmm5, xmm3, [Lpoly] + vpsrld xmm3, T, 31 + vpslld xmm4, T, 1 + vpslldq xmm3, xmm3, 4 + vpxor T, xmm4, xmm3 + vpxor T, T, xmm5 + + vmovdqu TMP0, T + vmovdqu XMMWORD PTR[Htbl + 0*16], T + + vpshufd xmm2, T, 78 + vpxor xmm2, xmm2, T + vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2 + + i = 1 + WHILE i LT 8 + GFMUL T, T, TMP0, xmm2, xmm3, xmm4, xmm5 + vmovdqu XMMWORD PTR[Htbl + i*16], T + vpshufd xmm2, T, 78 + vpxor xmm2, xmm2, T + vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2 + i = i+1 + ENDM + vzeroupper + ret +intel_aes_gcmINIT ENDP + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Authenticate only +; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmAAD PROC + +Htbl textequ <eax> +inp textequ <ecx> +len textequ <edx> +Tp textequ <ebx> +hlp0 textequ <esi> + +DATA textequ <xmm0> +T textequ <xmm1> +TMP0 textequ <xmm2> +TMP1 textequ <xmm3> +TMP2 textequ <xmm4> +TMP3 textequ <xmm5> +TMP4 textequ <xmm6> +Xhi textequ <xmm7> + +KARATSUBA_AAD MACRO i + vpclmulqdq TMP3, DATA, [Htbl + i*16], 0h + vpxor TMP0, TMP0, TMP3 + vpclmulqdq TMP3, DATA, [Htbl + i*16], 011h + vpxor TMP1, TMP1, TMP3 + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP3, TMP3, [Htbl + 8*16 + i*16], 0h + vpxor TMP2, TMP2, TMP3 +ENDM + + cmp DWORD PTR[esp + 1*3 + 2*4], 0 + jnz LbeginAAD + ret + +LbeginAAD: + push ebx + push esi + + mov Htbl, [esp + 4*3 + 0*4] + mov inp, [esp + 4*3 + 1*4] + mov len, [esp + 4*3 + 2*4] + mov Tp, [esp + 4*3 + 3*4] + + vzeroupper + + vpxor Xhi, Xhi, Xhi + + vmovdqu T, XMMWORD PTR[Tp] + ;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first + mov hlp0, len + and hlp0, 128-1 + jz Lmod_loop + + and len, -128 + sub hlp0, 16 + + ; Prefix block + vmovdqu DATA, XMMWORD PTR[inp] + vpshufb DATA, DATA, [Lbswap_mask] + vpxor DATA, DATA, T + + vpclmulqdq TMP0, DATA, XMMWORD PTR[Htbl + hlp0], 0h + vpclmulqdq TMP1, DATA, XMMWORD PTR[Htbl + hlp0], 011h + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP2, TMP3, XMMWORD PTR[Htbl + 8*16 + hlp0], 0h + + lea inp, [inp+16] + test hlp0, hlp0 + jnz Lpre_loop + jmp Lred1 + + ;hash remaining prefix bocks (up to 7 total prefix blocks) +Lpre_loop: + + sub hlp0, 16 + + vmovdqu DATA, XMMWORD PTR[inp] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP3, DATA, XMMWORD PTR[Htbl + hlp0], 0h + vpxor TMP0, TMP0, TMP3 + vpclmulqdq TMP3, DATA, XMMWORD PTR[Htbl + hlp0], 011h + vpxor TMP1, TMP1, TMP3 + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP3, TMP3, XMMWORD PTR[Htbl + 8*16 + hlp0], 0h + vpxor TMP2, TMP2, TMP3 + + test hlp0, hlp0 + lea inp, [inp+16] + jnz Lpre_loop + +Lred1: + + vpxor TMP2, TMP2, TMP0 + vpxor TMP2, TMP2, TMP1 + vpsrldq TMP3, TMP2, 8 + vpslldq TMP2, TMP2, 8 + + vpxor Xhi, TMP1, TMP3 + vpxor T, TMP0, TMP2 + +Lmod_loop: + + sub len, 16*8 + jb Ldone + ; Block #0 + vmovdqu DATA, XMMWORD PTR[inp + 16*7] + vpshufb DATA, DATA, XMMWORD PTR[Lbswap_mask] + + vpclmulqdq TMP0, DATA, XMMWORD PTR[Htbl + 0*16], 0h + vpclmulqdq TMP1, DATA, XMMWORD PTR[Htbl + 0*16], 011h + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP2, TMP3, XMMWORD PTR[Htbl + 8*16 + 0*16], 0h + + ; Block #1 + vmovdqu DATA, XMMWORD PTR[inp + 16*6] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 1 + + ; Block #2 + vmovdqu DATA, XMMWORD PTR[inp + 16*5] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP4, T, [Lpoly], 010h ;reduction stage 1a + vpalignr T, T, T, 8 + + KARATSUBA_AAD 2 + + vpxor T, T, TMP4 ;reduction stage 1b + + ; Block #3 + vmovdqu DATA, XMMWORD PTR[inp + 16*4] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 3 + ; Block #4 + vmovdqu DATA, XMMWORD PTR[inp + 16*3] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP4, T, [Lpoly], 010h ;reduction stage 2a + vpalignr T, T, T, 8 + + KARATSUBA_AAD 4 + + vpxor T, T, TMP4 ;reduction stage 2b + ; Block #5 + vmovdqu DATA, XMMWORD PTR[inp + 16*2] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 5 + + vpxor T, T, Xhi ;reduction finalize + ; Block #6 + vmovdqu DATA, XMMWORD PTR[inp + 16*1] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 6 + ; Block #7 + vmovdqu DATA, XMMWORD PTR[inp + 16*0] + vpshufb DATA, DATA, [Lbswap_mask] + vpxor DATA, DATA, T + KARATSUBA_AAD 7 + ; Aggregated 8 blocks, now karatsuba fixup + vpxor TMP2, TMP2, TMP0 + vpxor TMP2, TMP2, TMP1 + vpsrldq TMP3, TMP2, 8 + vpslldq TMP2, TMP2, 8 + + vpxor Xhi, TMP1, TMP3 + vpxor T, TMP0, TMP2 + + lea inp, [inp + 16*8] + jmp Lmod_loop + +Ldone: + vpclmulqdq TMP4, T, [Lpoly], 010h + vpalignr T, T, T, 8 + vpxor T, T, TMP4 + + vpclmulqdq TMP4, T, [Lpoly], 010h + vpalignr T, T, T, 8 + vpxor T, T, TMP4 + + vpxor T, T, Xhi + vmovdqu XMMWORD PTR[Tp], T + vzeroupper + + pop esi + pop ebx + ret + +intel_aes_gcmAAD ENDP + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Encrypt and Authenticate +; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmENC PROC + +PT textequ <eax> +CT textequ <ecx> +Htbl textequ <edx> +Gctx textequ <edx> +len textequ <DWORD PTR[ebp + 5*4 + 3*4]> +KS textequ <esi> +NR textequ <DWORD PTR[-40 + KS]> + +aluCTR textequ <ebx> +aluTMP textequ <edi> + +T textequ <XMMWORD PTR[16*16 + 1*16 + Gctx]> +TMP0 textequ <xmm1> +TMP1 textequ <xmm2> +TMP2 textequ <xmm3> +TMP3 textequ <xmm4> +TMP4 textequ <xmm5> +TMP5 textequ <xmm6> + +CTR0 textequ <xmm0> +CTR1 textequ <xmm1> +CTR2 textequ <xmm2> +CTR3 textequ <xmm3> +CTR4 textequ <xmm4> +CTR5 textequ <xmm5> +CTR6 textequ <xmm6> + +ROUND MACRO i + vmovdqu xmm7, XMMWORD PTR[i*16 + KS] + vaesenc CTR0, CTR0, xmm7 + vaesenc CTR1, CTR1, xmm7 + vaesenc CTR2, CTR2, xmm7 + vaesenc CTR3, CTR3, xmm7 + vaesenc CTR4, CTR4, xmm7 + vaesenc CTR5, CTR5, xmm7 + vaesenc CTR6, CTR6, xmm7 +ENDM + +KARATSUBA MACRO i + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h + vpxor TMP0, TMP0, TMP3 + vmovdqu TMP4, XMMWORD PTR[i*16 + Htbl] + vpclmulqdq TMP3, TMP5, TMP4, 011h + vpxor TMP1, TMP1, TMP3 + vpclmulqdq TMP3, TMP5, TMP4, 000h + vpxor TMP2, TMP2, TMP3 +ENDM + +NEXTCTR MACRO i + add aluCTR, 1 + mov aluTMP, aluCTR + bswap aluTMP + xor aluTMP, [3*4 + KS] + mov [3*4 + 8*16 + i*16 + esp], aluTMP +ENDM + + cmp DWORD PTR[1*4 + 3*4 + esp], 0 + jne LbeginENC + ret + +LbeginENC: + + vzeroupper + push ebp + push ebx + push esi + push edi + + mov ebp, esp + sub esp, 16*16 + and esp, -16 + + mov PT, [ebp + 5*4 + 0*4] + mov CT, [ebp + 5*4 + 1*4] + mov Gctx, [ebp + 5*4 + 2*4] + + mov KS, [16*16 + 3*16 + Gctx] + lea KS, [44 + KS] + + mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx] + bswap aluCTR + + + vmovdqu TMP0, XMMWORD PTR[0*16 + KS] + vpxor TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu XMMWORD PTR[8*16 + 0*16 + esp], TMP0 + + cmp len, 16*7 + jb LEncDataSingles +; Prepare the "top" counters + vmovdqu XMMWORD PTR[8*16 + 1*16 + esp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 2*16 + esp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 3*16 + esp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 4*16 + esp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 5*16 + esp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 6*16 + esp], TMP0 + + vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask] +; Encrypt the initial 7 blocks + sub len, 16*7 + vpaddd CTR1, CTR0, XMMWORD PTR[Lone] + vpaddd CTR2, CTR0, XMMWORD PTR[Ltwo] + vpaddd CTR3, CTR2, XMMWORD PTR[Lone] + vpaddd CTR4, CTR2, XMMWORD PTR[Ltwo] + vpaddd CTR5, CTR4, XMMWORD PTR[Lone] + vpaddd CTR6, CTR4, XMMWORD PTR[Ltwo] + + vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask] + vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask] + vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask] + vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask] + vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask] + vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask] + vpshufb CTR6, CTR6, XMMWORD PTR[Lbswap_mask] + + vmovdqu xmm7, XMMWORD PTR[0*16 + KS] + vpxor CTR0, CTR0, xmm7 + vpxor CTR1, CTR1, xmm7 + vpxor CTR2, CTR2, xmm7 + vpxor CTR3, CTR3, xmm7 + vpxor CTR4, CTR4, xmm7 + vpxor CTR5, CTR5, xmm7 + vpxor CTR6, CTR6, xmm7 + + ROUND 1 + + add aluCTR, 7 + mov aluTMP, aluCTR + bswap aluTMP + xor aluTMP, [KS + 3*4] + mov [8*16 + 0*16 + 3*4 + esp], aluTMP + + ROUND 2 + NEXTCTR 1 + ROUND 3 + NEXTCTR 2 + ROUND 4 + NEXTCTR 3 + ROUND 5 + NEXTCTR 4 + ROUND 6 + NEXTCTR 5 + ROUND 7 + NEXTCTR 6 + ROUND 8 + ROUND 9 + vmovdqu xmm7, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu xmm7, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu xmm7, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast CTR0, CTR0, xmm7 + vaesenclast CTR1, CTR1, xmm7 + vaesenclast CTR2, CTR2, xmm7 + vaesenclast CTR3, CTR3, xmm7 + vaesenclast CTR4, CTR4, xmm7 + vaesenclast CTR5, CTR5, xmm7 + vaesenclast CTR6, CTR6, xmm7 + + vpxor CTR0, CTR0, XMMWORD PTR[0*16 + PT] + vpxor CTR1, CTR1, XMMWORD PTR[1*16 + PT] + vpxor CTR2, CTR2, XMMWORD PTR[2*16 + PT] + vpxor CTR3, CTR3, XMMWORD PTR[3*16 + PT] + vpxor CTR4, CTR4, XMMWORD PTR[4*16 + PT] + vpxor CTR5, CTR5, XMMWORD PTR[5*16 + PT] + vpxor CTR6, CTR6, XMMWORD PTR[6*16 + PT] + + vmovdqu XMMWORD PTR[0*16 + CT], CTR0 + vmovdqu XMMWORD PTR[1*16 + CT], CTR1 + vmovdqu XMMWORD PTR[2*16 + CT], CTR2 + vmovdqu XMMWORD PTR[3*16 + CT], CTR3 + vmovdqu XMMWORD PTR[4*16 + CT], CTR4 + vmovdqu XMMWORD PTR[5*16 + CT], CTR5 + vmovdqu XMMWORD PTR[6*16 + CT], CTR6 + + vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask] + vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask] + vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask] + vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask] + vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask] + vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask] + vpshufb TMP5, CTR6, XMMWORD PTR[Lbswap_mask] + + vmovdqa XMMWORD PTR[1*16 + esp], CTR5 + vmovdqa XMMWORD PTR[2*16 + esp], CTR4 + vmovdqa XMMWORD PTR[3*16 + esp], CTR3 + vmovdqa XMMWORD PTR[4*16 + esp], CTR2 + vmovdqa XMMWORD PTR[5*16 + esp], CTR1 + vmovdqa XMMWORD PTR[6*16 + esp], CTR0 + + lea CT, [7*16 + CT] + lea PT, [7*16 + PT] + jmp LEncData7 + +LEncData7: + cmp len, 16*7 + jb LEndEnc7 + sub len, 16*7 + + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[0*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + vmovdqu TMP5, XMMWORD PTR[1*16 + esp] + KARATSUBA 1 + vmovdqu TMP5, XMMWORD PTR[2*16 + esp] + KARATSUBA 2 + vmovdqu TMP5, XMMWORD PTR[3*16 + esp] + KARATSUBA 3 + vmovdqu TMP5, XMMWORD PTR[4*16 + esp] + KARATSUBA 4 + vmovdqu TMP5, XMMWORD PTR[5*16 + esp] + KARATSUBA 5 + vmovdqu TMP5, XMMWORD PTR[6*16 + esp] + vpxor TMP5, TMP5, T + KARATSUBA 6 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor TMP5, TMP2, TMP3 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpxor TMP5, TMP5, TMP4 + vmovdqu T, TMP5 + + vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + esp] + vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + esp] + vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + esp] + vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + esp] + vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + esp] + vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + esp] + vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + esp] + + ROUND 1 + NEXTCTR 0 + ROUND 2 + NEXTCTR 1 + ROUND 3 + NEXTCTR 2 + ROUND 4 + NEXTCTR 3 + ROUND 5 + NEXTCTR 4 + ROUND 6 + NEXTCTR 5 + ROUND 7 + NEXTCTR 6 + + ROUND 8 + ROUND 9 + + vmovdqu xmm7, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu xmm7, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu xmm7, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast CTR0, CTR0, xmm7 + vaesenclast CTR1, CTR1, xmm7 + vaesenclast CTR2, CTR2, xmm7 + vaesenclast CTR3, CTR3, xmm7 + vaesenclast CTR4, CTR4, xmm7 + vaesenclast CTR5, CTR5, xmm7 + vaesenclast CTR6, CTR6, xmm7 + + vpxor CTR0, CTR0, XMMWORD PTR[0*16 + PT] + vpxor CTR1, CTR1, XMMWORD PTR[1*16 + PT] + vpxor CTR2, CTR2, XMMWORD PTR[2*16 + PT] + vpxor CTR3, CTR3, XMMWORD PTR[3*16 + PT] + vpxor CTR4, CTR4, XMMWORD PTR[4*16 + PT] + vpxor CTR5, CTR5, XMMWORD PTR[5*16 + PT] + vpxor CTR6, CTR6, XMMWORD PTR[6*16 + PT] + + vmovdqu XMMWORD PTR[0*16 + CT], CTR0 + vmovdqu XMMWORD PTR[1*16 + CT], CTR1 + vmovdqu XMMWORD PTR[2*16 + CT], CTR2 + vmovdqu XMMWORD PTR[3*16 + CT], CTR3 + vmovdqu XMMWORD PTR[4*16 + CT], CTR4 + vmovdqu XMMWORD PTR[5*16 + CT], CTR5 + vmovdqu XMMWORD PTR[6*16 + CT], CTR6 + + vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask] + vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask] + vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask] + vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask] + vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask] + vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask] + vpshufb TMP5, CTR6, XMMWORD PTR[Lbswap_mask] + + vmovdqa XMMWORD PTR[1*16 + esp], CTR5 + vmovdqa XMMWORD PTR[2*16 + esp], CTR4 + vmovdqa XMMWORD PTR[3*16 + esp], CTR3 + vmovdqa XMMWORD PTR[4*16 + esp], CTR2 + vmovdqa XMMWORD PTR[5*16 + esp], CTR1 + vmovdqa XMMWORD PTR[6*16 + esp], CTR0 + + lea CT, [7*16 + CT] + lea PT, [7*16 + PT] + jmp LEncData7 + +LEndEnc7: + + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[0*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + vmovdqu TMP5, XMMWORD PTR[1*16 + esp] + KARATSUBA 1 + vmovdqu TMP5, XMMWORD PTR[2*16 + esp] + KARATSUBA 2 + vmovdqu TMP5, XMMWORD PTR[3*16 + esp] + KARATSUBA 3 + vmovdqu TMP5, XMMWORD PTR[4*16 + esp] + KARATSUBA 4 + vmovdqu TMP5, XMMWORD PTR[5*16 + esp] + KARATSUBA 5 + vmovdqu TMP5, XMMWORD PTR[6*16 + esp] + vpxor TMP5, TMP5, T + KARATSUBA 6 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor TMP5, TMP2, TMP3 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpxor TMP5, TMP5, TMP4 + vmovdqu T, TMP5 + + sub aluCTR, 6 + +LEncDataSingles: + + cmp len, 16 + jb LEncDataTail + sub len, 16 + + vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + esp] + NEXTCTR 0 + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 + vpxor TMP1, TMP1, XMMWORD PTR[PT] + vmovdqu XMMWORD PTR[CT], TMP1 + + lea PT, [16+PT] + lea CT, [16+CT] + + vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask] + vpxor TMP1, TMP1, T + + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4 + vmovdqu T, TMP1 + + jmp LEncDataSingles + +LEncDataTail: + + cmp len, 0 + je LEncDataEnd + + vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + esp] + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 +; zero a temp location + vpxor TMP2, TMP2, TMP2 + vmovdqa XMMWORD PTR[esp], TMP2 +; copy as many bytes as needed + xor KS, KS + mov aluTMP, edx +@@: + cmp len, KS + je @f + mov dl, BYTE PTR[PT + KS] + mov BYTE PTR[esp + KS], dl + inc KS + jmp @b +@@: + vpxor TMP1, TMP1, XMMWORD PTR[esp] + vmovdqa XMMWORD PTR[esp], TMP1 + xor KS, KS +@@: + cmp len, KS + je @f + mov dl, BYTE PTR[esp + KS] + mov BYTE PTR[CT + KS], dl + inc KS + jmp @b +@@: + cmp KS, 16 + je @f + mov BYTE PTR[esp + KS], 0 + inc KS + jmp @b +@@: + mov edx, aluTMP + vmovdqa TMP1, XMMWORD PTR[esp] + vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask] + vpxor TMP1, TMP1, T + + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4 + vmovdqu T, TMP1 + +LEncDataEnd: + inc aluCTR + bswap aluCTR + mov [16*16 + 2*16 + 3*4 + Gctx], aluCTR + + mov esp, ebp + pop edi + pop esi + pop ebx + pop ebp + + + vzeroupper + + ret +intel_aes_gcmENC ENDP + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Decrypt and Authenticate +; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + + +NEXTCTR MACRO i + add aluCTR, 1 + mov aluTMP, aluCTR + bswap aluTMP + xor aluTMP, [3*4 + KS] + mov [3*4 + i*16 + esp], aluTMP +ENDM + +intel_aes_gcmDEC PROC + + cmp DWORD PTR[1*4 + 3*4 + esp], 0 + jne LbeginDEC + ret + +LbeginDEC: + + vzeroupper + push ebp + push ebx + push esi + push edi + + mov ebp, esp + sub esp, 8*16 + and esp, -16 + + mov CT, [ebp + 5*4 + 0*4] + mov PT, [ebp + 5*4 + 1*4] + mov Gctx, [ebp + 5*4 + 2*4] + + mov KS, [16*16 + 3*16 + Gctx] + lea KS, [44 + KS] + + mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx] + bswap aluCTR + + + vmovdqu TMP0, XMMWORD PTR[0*16 + KS] + vpxor TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu XMMWORD PTR[0*16 + esp], TMP0 + + cmp len, 16*7 + jb LDecDataSingles + vmovdqu XMMWORD PTR[1*16 + esp], TMP0 + vmovdqu XMMWORD PTR[2*16 + esp], TMP0 + vmovdqu XMMWORD PTR[3*16 + esp], TMP0 + vmovdqu XMMWORD PTR[4*16 + esp], TMP0 + vmovdqu XMMWORD PTR[5*16 + esp], TMP0 + vmovdqu XMMWORD PTR[6*16 + esp], TMP0 + dec aluCTR + +LDecData7: + cmp len, 16*7 + jb LDecData7End + sub len, 16*7 + + vmovdqu TMP5, XMMWORD PTR[0*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + vpxor TMP5, TMP5, T + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[6*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[6*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + NEXTCTR 0 + vmovdqu TMP5, XMMWORD PTR[1*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 5 + NEXTCTR 1 + vmovdqu TMP5, XMMWORD PTR[2*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 4 + NEXTCTR 2 + vmovdqu TMP5, XMMWORD PTR[3*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 3 + NEXTCTR 3 + vmovdqu TMP5, XMMWORD PTR[4*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 2 + NEXTCTR 4 + vmovdqu TMP5, XMMWORD PTR[5*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 1 + NEXTCTR 5 + vmovdqu TMP5, XMMWORD PTR[6*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 0 + NEXTCTR 6 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor TMP5, TMP2, TMP3 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpxor TMP5, TMP5, TMP4 + vmovdqu T, TMP5 + + vmovdqa CTR0, XMMWORD PTR[0*16 + esp] + vmovdqa CTR1, XMMWORD PTR[1*16 + esp] + vmovdqa CTR2, XMMWORD PTR[2*16 + esp] + vmovdqa CTR3, XMMWORD PTR[3*16 + esp] + vmovdqa CTR4, XMMWORD PTR[4*16 + esp] + vmovdqa CTR5, XMMWORD PTR[5*16 + esp] + vmovdqa CTR6, XMMWORD PTR[6*16 + esp] + + ROUND 1 + ROUND 2 + ROUND 3 + ROUND 4 + ROUND 5 + ROUND 6 + ROUND 7 + ROUND 8 + ROUND 9 + vmovdqu xmm7, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu xmm7, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu xmm7, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast CTR0, CTR0, xmm7 + vaesenclast CTR1, CTR1, xmm7 + vaesenclast CTR2, CTR2, xmm7 + vaesenclast CTR3, CTR3, xmm7 + vaesenclast CTR4, CTR4, xmm7 + vaesenclast CTR5, CTR5, xmm7 + vaesenclast CTR6, CTR6, xmm7 + + vpxor CTR0, CTR0, XMMWORD PTR[0*16 + CT] + vpxor CTR1, CTR1, XMMWORD PTR[1*16 + CT] + vpxor CTR2, CTR2, XMMWORD PTR[2*16 + CT] + vpxor CTR3, CTR3, XMMWORD PTR[3*16 + CT] + vpxor CTR4, CTR4, XMMWORD PTR[4*16 + CT] + vpxor CTR5, CTR5, XMMWORD PTR[5*16 + CT] + vpxor CTR6, CTR6, XMMWORD PTR[6*16 + CT] + + vmovdqu XMMWORD PTR[0*16 + PT], CTR0 + vmovdqu XMMWORD PTR[1*16 + PT], CTR1 + vmovdqu XMMWORD PTR[2*16 + PT], CTR2 + vmovdqu XMMWORD PTR[3*16 + PT], CTR3 + vmovdqu XMMWORD PTR[4*16 + PT], CTR4 + vmovdqu XMMWORD PTR[5*16 + PT], CTR5 + vmovdqu XMMWORD PTR[6*16 + PT], CTR6 + + lea CT, [7*16 + CT] + lea PT, [7*16 + PT] + jmp LDecData7 + +LDecData7End: + + NEXTCTR 0 + +LDecDataSingles: + + cmp len, 16 + jb LDecDataTail + sub len, 16 + + vmovdqu TMP1, XMMWORD PTR[CT] + vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask] + vpxor TMP1, TMP1, T + + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4 + vmovdqu T, TMP1 + + vmovdqa TMP1, XMMWORD PTR[0*16 + esp] + NEXTCTR 0 + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 + vpxor TMP1, TMP1, XMMWORD PTR[CT] + vmovdqu XMMWORD PTR[PT], TMP1 + + lea PT, [16+PT] + lea CT, [16+CT] + jmp LDecDataSingles + +LDecDataTail: + + cmp len, 0 + je LDecDataEnd + + vmovdqa TMP1, XMMWORD PTR[0*16 + esp] + inc aluCTR + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast xmm7, TMP1, TMP2 + +; copy as many bytes as needed + xor KS, KS + mov aluTMP, edx +@@: + cmp len, KS + je @f + mov dl, BYTE PTR[CT + KS] + mov BYTE PTR[esp + KS], dl + inc KS + jmp @b +@@: + cmp KS, 16 + je @f + mov BYTE PTR[esp + KS], 0 + inc KS + jmp @b +@@: + mov edx, aluTMP + vmovdqa TMP1, XMMWORD PTR[esp] + vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask] + vpxor TMP1, TMP1, T + + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4 + vmovdqu T, TMP1 + + vpxor xmm7, xmm7, XMMWORD PTR[esp] + vmovdqa XMMWORD PTR[esp], xmm7 + xor KS, KS + mov aluTMP, edx +@@: + cmp len, KS + je @f + mov dl, BYTE PTR[esp + KS] + mov BYTE PTR[PT + KS], dl + inc KS + jmp @b +@@: + mov edx, aluTMP + +LDecDataEnd: + + bswap aluCTR + mov [16*16 + 2*16 + 3*4 + Gctx], aluCTR + + mov esp, ebp + pop edi + pop esi + pop ebx + pop ebp + + vzeroupper + + ret +intel_aes_gcmDEC ENDP + + +END diff --git a/security/nss/lib/freebl/intel-gcm.h b/security/nss/lib/freebl/intel-gcm.h index 9360ff1..22f364d 100644 --- a/security/nss/lib/freebl/intel-gcm.h +++ b/security/nss/lib/freebl/intel-gcm.h @@ -31,7 +31,7 @@ intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFun void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit); -SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf, +SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf, unsigned int *outlen, unsigned int maxout, const unsigned char *inbuf, unsigned int inlen, unsigned int blocksize); diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c index 36239e3..deb6770 100644 --- a/security/nss/lib/freebl/ldvector.c +++ b/security/nss/lib/freebl/ldvector.c @@ -280,12 +280,18 @@ static const struct FREEBLVectorStr vector = RSA_CheckSignPSS, RSA_Sign, RSA_CheckSign, - RSA_CheckSignRecover + RSA_CheckSignRecover, /* End of Version 3.016 */ + + EC_FillParams, + EC_DecodeParams, + EC_CopyParams + + /* End of Version 3.017 */ }; -const FREEBLVector * +const FREEBLVector * FREEBL_GetVector(void) { extern const char __nss_freebl_rcsid[]; @@ -294,7 +300,7 @@ FREEBL_GetVector(void) /* force a reference that won't get optimized away */ volatile char c; - c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0]; + c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0]; #ifdef FREEBL_NO_DEPEND FREEBL_InitStubs(); #endif diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 374c472..5eb50de 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -80,6 +80,8 @@ getLibName(void) } #elif defined(HPUX) && !defined(NSS_USE_64) && !defined(__ia64) +#include <unistd.h> + /* This code tests to see if we're running on a PA2.x CPU. ** It returns true (1) if so, and false (0) otherwise. */ @@ -212,7 +214,7 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, } SECStatus -RSA_PrivateKeyCheck(RSAPrivateKey *key) +RSA_PrivateKeyCheck(const RSAPrivateKey *key) { if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) return SECFailure; @@ -2091,3 +2093,29 @@ SECStatus RSA_CheckSignRecover(RSAPublicKey *key, return (vector->p_RSA_CheckSignRecover)(key, output, outputLen, maxOutputLen, sig, sigLen); } + +SECStatus EC_FillParams(PLArenaPool *arena, + const SECItem *encodedParams, + ECParams *params) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_EC_FillParams)(arena, encodedParams, params); +} + +SECStatus EC_DecodeParams(const SECItem *encodedParams, + ECParams **ecparams) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_EC_DecodeParams)(encodedParams, ecparams); +} + +SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, + const ECParams *srcParams) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_EC_CopyParams)(arena, dstParams, srcParams); +} + diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h index c51669f..65cfd76 100644 --- a/security/nss/lib/freebl/loader.h +++ b/security/nss/lib/freebl/loader.h @@ -10,7 +10,7 @@ #include "blapi.h" -#define FREEBL_VERSION 0x0310 +#define FREEBL_VERSION 0x0311 struct FREEBLVectorStr { @@ -229,7 +229,7 @@ struct FREEBLVectorStr { unsigned char *output, const unsigned char *input); - SECStatus (* p_RSA_PrivateKeyCheck)(RSAPrivateKey *key); + SECStatus (* p_RSA_PrivateKeyCheck)(const RSAPrivateKey *key); void (* p_BL_Cleanup)(void); @@ -698,6 +698,15 @@ struct FREEBLVectorStr { /* Version 3.016 came to here */ + SECStatus (* p_EC_FillParams)(PLArenaPool *arena, + const SECItem *encodedParams, ECParams *params); + SECStatus (* p_EC_DecodeParams)(const SECItem *encodedParams, + ECParams **ecparams); + SECStatus (* p_EC_CopyParams)(PLArenaPool *arena, ECParams *dstParams, + const ECParams *srcParams); + + /* Version 3.017 came to here */ + /* Add new function pointers at the end of this struct and bump * FREEBL_VERSION at the beginning of this file. */ }; diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn index eb4f8b1..1137e85 100644 --- a/security/nss/lib/freebl/manifest.mn +++ b/security/nss/lib/freebl/manifest.mn @@ -69,7 +69,7 @@ MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c ECL_HDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h -ifdef NSS_ENABLE_ECC +ifndef NSS_DISABLE_ECC ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \ ecp_aff.c ecp_jac.c ecp_mont.c \ ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \ @@ -110,6 +110,7 @@ CSRCS = \ camellia.c \ dh.c \ ec.c \ + ecdecode.c \ pqg.c \ dsa.c \ rsa.c \ diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h index ba215ba..a556c17 100644 --- a/security/nss/lib/freebl/mpi/mpi.h +++ b/security/nss/lib/freebl/mpi/mpi.h @@ -56,11 +56,11 @@ typedef int mp_err; #error "USHRT_MAX not defined" #endif -#if defined(ULONG_LONG_MAX) /* GCC, HPUX */ -#define MP_ULONG_LONG_MAX ULONG_LONG_MAX -#elif defined(ULLONG_MAX) /* Solaris */ +#if defined(ULLONG_MAX) /* C99, Solaris */ #define MP_ULONG_LONG_MAX ULLONG_MAX /* MP_ULONG_LONG_MAX was defined to be ULLONG_MAX */ +#elif defined(ULONG_LONG_MAX) /* HPUX */ +#define MP_ULONG_LONG_MAX ULONG_LONG_MAX #elif defined(ULONGLONG_MAX) /* IRIX, AIX */ #define MP_ULONG_LONG_MAX ULONGLONG_MAX #endif diff --git a/security/nss/lib/freebl/mpi/target.mk b/security/nss/lib/freebl/mpi/target.mk index 2392faf..dbd2fb9 100644 --- a/security/nss/lib/freebl/mpi/target.mk +++ b/security/nss/lib/freebl/mpi/target.mk @@ -205,7 +205,7 @@ ifeq ($(TARGET),WIN32) ifeq ($(CPU_ARCH),x86_64) AS_OBJS = mpi_amd64.obj mpi_amd64_masm.obj mp_comba_amd64_masm.asm CFLAGS = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER) -CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC -DNSS_ENABLE_ECC +CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC CFLAGS += $(MPICMN) $(AS_OBJS): %.obj : %.asm @@ -220,7 +220,7 @@ MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -DMP_API_COMPATIBLE MPICMN += -DMP_MONT_USE_MP_MUL MPICMN += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN CFLAGS = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER) -CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC -DNSS_ENABLE_ECC +CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC CFLAGS += $(MPICMN) $(AS_OBJS): %.obj : %.asm diff --git a/security/nss/lib/freebl/rijndael.c b/security/nss/lib/freebl/rijndael.c index 8bb8905..4e4be79 100644 --- a/security/nss/lib/freebl/rijndael.c +++ b/security/nss/lib/freebl/rijndael.c @@ -18,17 +18,20 @@ #include "ctr.h" #include "gcm.h" -#if USE_HW_AES -#include "intel-gcm.h" +#ifdef USE_HW_AES #include "intel-aes.h" #include "mpi.h" static int has_intel_aes = 0; +static PRBool use_hw_aes = PR_FALSE; + +#ifdef INTEL_GCM +#include "intel-gcm.h" static int has_intel_avx = 0; static int has_intel_clmul = 0; -static PRBool use_hw_aes = PR_FALSE; static PRBool use_hw_gcm = PR_FALSE; #endif +#endif /* USE_HW_AES */ /* * There are currently five ways to build this code, varying in performance @@ -833,7 +836,6 @@ rijndael_encryptECB(AESContext *cx, unsigned char *output, SECStatus rv; AESBlockFunc *encryptor; - encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) ? &rijndael_encryptBlock128 : &rijndael_encryptBlock; @@ -966,17 +968,28 @@ AESContext * AES_AllocateContext(void) } -#if USE_HW_AES +#ifdef INTEL_GCM /* * Adapted from the example code in "How to detect New Instruction support in * the 4th generation Intel Core processor family" by Max Locktyukhin. + * + * XGETBV: + * Reads an extended control register (XCR) specified by ECX into EDX:EAX. */ static PRBool check_xcr0_ymm() { PRUint32 xcr0; #if defined(_MSC_VER) +#if defined(_M_IX86) + __asm { + mov ecx, 0 + xgetbv + mov xcr0, eax + } +#else xcr0 = (PRUint32)_xgetbv(0); /* Requires VS2010 SP1 or later. */ +#endif #else __asm__ ("xgetbv" : "=a" (xcr0) : "c" (0) : "%edx"); #endif @@ -1022,7 +1035,7 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } -#if USE_HW_AES +#ifdef USE_HW_AES if (has_intel_aes == 0) { unsigned long eax, ebx, ecx, edx; char *disable_hw_aes = getenv("NSS_DISABLE_HW_AES"); @@ -1030,6 +1043,7 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, if (disable_hw_aes == NULL) { freebl_cpuid(1, &eax, &ebx, &ecx, &edx); has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1; +#ifdef INTEL_GCM has_intel_clmul = (ecx & (1 << 1)) != 0 ? 1 : -1; if ((ecx & (1 << 27)) != 0 && (ecx & (1 << 28)) != 0 && check_xcr0_ymm()) { @@ -1037,17 +1051,22 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, } else { has_intel_avx = -1; } +#endif } else { has_intel_aes = -1; +#ifdef INTEL_GCM has_intel_avx = -1; has_intel_clmul = -1; +#endif } } use_hw_aes = (PRBool) (has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16); +#ifdef INTEL_GCM use_hw_gcm = (PRBool) (use_hw_aes && has_intel_avx>0 && has_intel_clmul>0); #endif +#endif /* USE_HW_AES */ /* Nb = (block size in bits) / 32 */ cx->Nb = blocksize / 4; /* Nk = (key size in bits) / 32 */ @@ -1057,23 +1076,27 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, /* copy in the iv, if neccessary */ if (mode == NSS_AES_CBC) { memcpy(cx->iv, iv, blocksize); -#if USE_HW_AES +#ifdef USE_HW_AES if (use_hw_aes) { cx->worker = (freeblCipherFunc) intel_aes_cbc_worker(encrypt, keysize); } else #endif + { cx->worker = (freeblCipherFunc) (encrypt ? &rijndael_encryptCBC : &rijndael_decryptCBC); + } } else { -#if USE_HW_AES +#ifdef USE_HW_AES if (use_hw_aes) { cx->worker = (freeblCipherFunc) intel_aes_ecb_worker(encrypt, keysize); } else #endif + { cx->worker = (freeblCipherFunc) (encrypt ? &rijndael_encryptECB : &rijndael_decryptECB); + } } PORT_Assert((cx->Nb * (cx->Nr + 1)) <= RIJNDAEL_MAX_EXP_KEY_SIZE); if ((cx->Nb * (cx->Nr + 1)) > RIJNDAEL_MAX_EXP_KEY_SIZE) { @@ -1152,7 +1175,7 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, cx->isBlock = PR_FALSE; break; case NSS_AES_GCM: -#if USE_HW_AES +#ifdef INTEL_GCM if(use_hw_gcm) { cx->worker_cx = intel_AES_GCM_CreateContext(cx, cx->worker, iv, blocksize); cx->worker = (freeblCipherFunc) @@ -1171,7 +1194,14 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, break; case NSS_AES_CTR: cx->worker_cx = CTR_CreateContext(cx, cx->worker, iv, blocksize); - cx->worker = (freeblCipherFunc) CTR_Update ; +#if defined(USE_HW_AES) && defined(_MSC_VER) + if (use_hw_aes) { + cx->worker = (freeblCipherFunc) CTR_Update_HW_AES; + } else +#endif + { + cx->worker = (freeblCipherFunc) CTR_Update; + } cx->destroy = (freeblDestroyFunc) CTR_DestroyContext; cx->isBlock = PR_FALSE; break; diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c index 8a9a112..cc7d4fe 100644 --- a/security/nss/lib/freebl/rsa.c +++ b/security/nss/lib/freebl/rsa.c @@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, return rsa_PrivateKeyOp(key, output, input, PR_TRUE); } -static SECStatus -swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer) -{ - int len; - mp_err err = MP_OKAY; - memset(buffer->data, 0, buffer->len); - len = mp_unsigned_octet_size(mpval); - if (len <= 0) return SECFailure; - if ((unsigned int)len <= buffer->len) { - /* The new value is no longer than the old buffer, so use it */ - err = mp_to_unsigned_octets(mpval, buffer->data, len); - if (err >= 0) err = MP_OKAY; - buffer->len = len; - } else if (arena) { - /* The new value is longer, but working within an arena */ - (void)SECITEM_AllocItem(arena, buffer, len); - err = mp_to_unsigned_octets(mpval, buffer->data, len); - if (err >= 0) err = MP_OKAY; - } else { - /* The new value is longer, no arena, can't handle this key */ - return SECFailure; - } - return (err == MP_OKAY) ? SECSuccess : SECFailure; -} - SECStatus -RSA_PrivateKeyCheck(RSAPrivateKey *key) +RSA_PrivateKeyCheck(const RSAPrivateKey *key) { mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res; mp_err err = MP_OKAY; @@ -1406,6 +1381,17 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) CHECK_MPI_OK( mp_init(&d_q) ); CHECK_MPI_OK( mp_init(&qInv) ); CHECK_MPI_OK( mp_init(&res) ); + + if (!key->modulus.data || !key->prime1.data || !key->prime2.data || + !key->publicExponent.data || !key->privateExponent.data || + !key->exponent1.data || !key->exponent2.data || + !key->coefficient.data) { + /* call RSA_PopulatePrivateKey first, if the application wishes to + * recover these parameters */ + err = MP_BADARG; + goto cleanup; + } + SECITEM_TO_MPINT(key->modulus, &n); SECITEM_TO_MPINT(key->prime1, &p); SECITEM_TO_MPINT(key->prime2, &q); @@ -1414,18 +1400,10 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) SECITEM_TO_MPINT(key->exponent1, &d_p); SECITEM_TO_MPINT(key->exponent2, &d_q); SECITEM_TO_MPINT(key->coefficient, &qInv); - /* p > q */ + /* p > q */ if (mp_cmp(&p, &q) <= 0) { - /* mind the p's and q's (and d_p's and d_q's) */ - SECItem tmp; - mp_exch(&p, &q); - mp_exch(&d_p,&d_q); - tmp = key->prime1; - key->prime1 = key->prime2; - key->prime2 = tmp; - tmp = key->exponent1; - key->exponent1 = key->exponent2; - key->exponent2 = tmp; + rv = SECFailure; + goto cleanup; } #define VERIFY_MPI_EQUAL(m1, m2) \ if (mp_cmp(m1, m2) != 0) { \ @@ -1437,9 +1415,6 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) rv = SECFailure; \ goto cleanup; \ } - /* - * The following errors cannot be recovered from. - */ /* n == p * q */ CHECK_MPI_OK( mp_mul(&p, &q, &res) ); VERIFY_MPI_EQUAL(&res, &n); @@ -1457,28 +1432,16 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) /* d*e == 1 mod q-1 */ CHECK_MPI_OK( mp_mulmod(&d, &e, &qsub1, &res) ); VERIFY_MPI_EQUAL_1(&res); - /* - * The following errors can be recovered from. - */ /* d_p == d mod p-1 */ CHECK_MPI_OK( mp_mod(&d, &psub1, &res) ); - if (mp_cmp(&d_p, &res) != 0) { - /* swap in the correct value */ - CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent1) ); - } + VERIFY_MPI_EQUAL(&res, &d_p); /* d_q == d mod q-1 */ CHECK_MPI_OK( mp_mod(&d, &qsub1, &res) ); - if (mp_cmp(&d_q, &res) != 0) { - /* swap in the correct value */ - CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent2) ); - } + VERIFY_MPI_EQUAL(&res, &d_q); /* q * q**-1 == 1 mod p */ CHECK_MPI_OK( mp_mulmod(&q, &qInv, &p, &res) ); - if (mp_cmp_d(&res, 1) != 0) { - /* compute the correct value */ - CHECK_MPI_OK( mp_invmod(&q, &p, &qInv) ); - CHECK_SEC_OK( swap_in_key_value(key->arena, &qInv, &key->coefficient) ); - } + VERIFY_MPI_EQUAL_1(&res); + cleanup: mp_clear(&n); mp_clear(&p); diff --git a/security/nss/lib/freebl/rsapkcs.c b/security/nss/lib/freebl/rsapkcs.c index a28e6c6..c1e3d54 100644 --- a/security/nss/lib/freebl/rsapkcs.c +++ b/security/nss/lib/freebl/rsapkcs.c @@ -24,16 +24,14 @@ /* * RSA block types * - * The actual values are important -- they are fixed, *not* arbitrary. - * The explicit value assignments are not needed (because C would give - * us those same values anyway) but are included as a reminder... + * The values of RSA_BlockPrivate and RSA_BlockPublic are fixed. + * The value of RSA_BlockRaw isn't fixed by definition, but we are keeping + * the value that NSS has been using in the past. */ typedef enum { - RSA_BlockUnused = 0, /* unused */ RSA_BlockPrivate = 1, /* pad for a private-key operation */ RSA_BlockPublic = 2, /* pad for a public-key operation */ - RSA_BlockRaw = 4, /* simply justify the block appropriately */ - RSA_BlockTotal + RSA_BlockRaw = 4 /* simply justify the block appropriately */ } RSA_BlockType; /* Needed for RSA-PSS functions */ diff --git a/security/nss/lib/freebl/sha-fast-amd64-sun.s b/security/nss/lib/freebl/sha-fast-amd64-sun.s index 71996f0..6430469 100644 --- a/security/nss/lib/freebl/sha-fast-amd64-sun.s +++ b/security/nss/lib/freebl/sha-fast-amd64-sun.s @@ -1907,7 +1907,10 @@ SHA1_End: /NO_APP movq (%rsp), %rbx movl %eax, 16(%r13) + cmpq $0, %r14 + je .L133 movl $20, (%r14) +.L133: movq 16(%rsp), %r13 movq 24(%rsp), %r14 leave @@ -2108,3 +2111,41 @@ SHA1_TraceState: jmp PORT_SetError_Util@PLT .LFE16: .size SHA1_TraceState, .-SHA1_TraceState + .align 16 +.globl SHA1_EndRaw + .type SHA1_EndRaw, @function +SHA1_EndRaw: +.LFB50: + movq 72(%rdi), %rax +/APP + bswap %eax +/NO_APP + movl %eax, (%rsi) + movq 80(%rdi), %rax +/APP + bswap %eax +/NO_APP + movl %eax, 4(%rsi) + movq 88(%rdi), %rax +/APP + bswap %eax +/NO_APP + movl %eax, 8(%rsi) + movq 96(%rdi), %rax +/APP + bswap %eax +/NO_APP + movl %eax, 12(%rsi) + movq 104(%rdi), %rax +/APP + bswap %eax +/NO_APP + testq %rdx, %rdx + movl %eax, 16(%rsi) + je .L14 + movl $20, (%rdx) +.L14: + rep + ret +.LFE50: + .size SHA1_EndRaw, .-SHA1_EndRaw diff --git a/security/nss/lib/freebl/stubs.c b/security/nss/lib/freebl/stubs.c index 163f07f..1de9b49 100644 --- a/security/nss/lib/freebl/stubs.c +++ b/security/nss/lib/freebl/stubs.c @@ -105,6 +105,7 @@ STUB_DECLARE(void *,PORT_Alloc_Util,(size_t len)); +STUB_DECLARE(void *,PORT_ArenaAlloc_Util,(PLArenaPool *arena, size_t size)); STUB_DECLARE(void *,PORT_ArenaZAlloc_Util,(PLArenaPool *arena, size_t size)); STUB_DECLARE(void ,PORT_Free_Util,(void *ptr)); STUB_DECLARE(void ,PORT_FreeArena_Util,(PLArenaPool *arena, PRBool zero)); @@ -141,12 +142,13 @@ STUB_DECLARE(PRStatus,PR_WaitCondVar,(PRCondVar *cvar, STUB_DECLARE(SECItem *,SECITEM_AllocItem_Util,(PLArenaPool *arena, SECItem *item,unsigned int len)); -STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a, +STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a, const SECItem *b)); STUB_DECLARE(SECStatus,SECITEM_CopyItem_Util,(PLArenaPool *arena, SECItem *to,const SECItem *from)); STUB_DECLARE(void,SECITEM_FreeItem_Util,(SECItem *zap, PRBool freeit)); STUB_DECLARE(void,SECITEM_ZfreeItem_Util,(SECItem *zap, PRBool freeit)); +STUB_DECLARE(SECOidTag,SECOID_FindOIDTag_Util,(const SECItem *oid)); STUB_DECLARE(int, NSS_SecureMemcmp,(const void *a, const void *b, size_t n)); @@ -212,7 +214,7 @@ PR_Free_stub(void *ptr) * */ extern PLArenaPool * -PORT_NewArena_stub(unsigned long chunksize) +PORT_NewArena_stub(unsigned long chunksize) { STUB_SAFE_CALL1(PORT_NewArena_Util, chunksize); abort(); @@ -220,6 +222,15 @@ PORT_NewArena_stub(unsigned long chunksize) } extern void * +PORT_ArenaAlloc_stub(PLArenaPool *arena, size_t size) +{ + + STUB_SAFE_CALL2(PORT_ArenaZAlloc_Util, arena, size); + abort(); + return NULL; +} + +extern void * PORT_ArenaZAlloc_stub(PLArenaPool *arena, size_t size) { @@ -500,7 +511,7 @@ SECITEM_CompareItem_stub(const SECItem *a, const SECItem *b) return SECEqual; } -extern SECStatus +extern SECStatus SECITEM_CopyItem_stub(PLArenaPool *arena, SECItem *to, const SECItem *from) { STUB_SAFE_CALL3(SECITEM_CopyItem_Util, arena, to, from); @@ -508,6 +519,14 @@ SECITEM_CopyItem_stub(PLArenaPool *arena, SECItem *to, const SECItem *from) return SECFailure; } +extern SECOidTag +SECOID_FindOIDTag_stub(const SECItem *oid) +{ + STUB_SAFE_CALL1(SECOID_FindOIDTag_Util, oid); + abort(); + return SEC_OID_UNKNOWN; +} + extern void SECITEM_ZfreeItem_stub(SECItem *zap, PRBool freeit) { @@ -560,6 +579,7 @@ freebl_InitNSSUtil(void *lib) STUB_FETCH_FUNCTION(PORT_ZAlloc_Util); STUB_FETCH_FUNCTION(PORT_ZFree_Util); STUB_FETCH_FUNCTION(PORT_NewArena_Util); + STUB_FETCH_FUNCTION(PORT_ArenaAlloc_Util); STUB_FETCH_FUNCTION(PORT_ArenaZAlloc_Util); STUB_FETCH_FUNCTION(PORT_FreeArena_Util); STUB_FETCH_FUNCTION(PORT_GetError_Util); @@ -569,6 +589,7 @@ freebl_InitNSSUtil(void *lib) STUB_FETCH_FUNCTION(SECITEM_CompareItem_Util); STUB_FETCH_FUNCTION(SECITEM_CopyItem_Util); STUB_FETCH_FUNCTION(SECITEM_ZfreeItem_Util); + STUB_FETCH_FUNCTION(SECOID_FindOIDTag_Util); STUB_FETCH_FUNCTION(NSS_SecureMemcmp); return SECSuccess; } diff --git a/security/nss/lib/freebl/stubs.h b/security/nss/lib/freebl/stubs.h index 8f77e01..72f3000 100644 --- a/security/nss/lib/freebl/stubs.h +++ b/security/nss/lib/freebl/stubs.h @@ -14,13 +14,14 @@ #ifdef _LIBUTIL_H_ /* must be included before util */ /*#error stubs.h included too late */ -#define MP_DIGITES(x) "stubs included too late" +#define MP_DIGITES(x) "stubs included too late" #endif /* hide libutil rename */ #define _LIBUTIL_H_ 1 #define PORT_Alloc PORT_Alloc_stub +#define PORT_ArenaAlloc PORT_ArenaAlloc_stub #define PORT_ArenaZAlloc PORT_ArenaZAlloc_stub #define PORT_Free PORT_Free_stub #define PORT_FreeArena PORT_FreeArena_stub @@ -35,6 +36,7 @@ #define SECITEM_CopyItem SECITEM_CopyItem_stub #define SECITEM_FreeItem SECITEM_FreeItem_stub #define SECITEM_ZfreeItem SECITEM_ZfreeItem_stub +#define SECOID_FindOIDTag SECOID_FindOIDTag_stub #define NSS_SecureMemcmp NSS_SecureMemcmp_stub #define PR_Assert PR_Assert_stub diff --git a/security/nss/lib/freebl/sysrand.c b/security/nss/lib/freebl/sysrand.c index 0dfb081..e6dd56a 100644 --- a/security/nss/lib/freebl/sysrand.c +++ b/security/nss/lib/freebl/sysrand.c @@ -8,7 +8,9 @@ #include "seccomon.h" +#ifndef XP_WIN static size_t rng_systemFromNoise(unsigned char *dest, size_t maxLen); +#endif #if defined(XP_UNIX) || defined(XP_BEOS) #include "unix_rand.c" @@ -20,6 +22,7 @@ static size_t rng_systemFromNoise(unsigned char *dest, size_t maxLen); #include "os2_rand.c" #endif +#ifndef XP_WIN /* * Normal RNG_SystemRNG() isn't available, use the system noise to collect * the required amount of entropy. @@ -43,4 +46,4 @@ rng_systemFromNoise(unsigned char *dest, size_t maxLen) } return retBytes; } - +#endif diff --git a/security/nss/lib/freebl/win_rand.c b/security/nss/lib/freebl/win_rand.c index 2ddac8d..2918d58 100644 --- a/security/nss/lib/freebl/win_rand.c +++ b/security/nss/lib/freebl/win_rand.c @@ -3,24 +3,10 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "secrng.h" -#include "secerr.h" #ifdef XP_WIN #include <windows.h> -#include <shlobj.h> /* for CSIDL constants */ #include <time.h> -#include <io.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <stdio.h> -#include "prio.h" -#include "prerror.h" - -static PRInt32 filesToRead; -static DWORD totalFileBytes; -static DWORD maxFileBytes = 250000; /* 250 thousand */ -static DWORD dwNumFiles, dwReadEvery, dwFileToRead; -static PRBool usedWindowsPRNG; static BOOL CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow) @@ -84,168 +70,6 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf) return n; } -typedef PRInt32 (* Handler)(const PRUnichar *); -#define MAX_DEPTH 2 -#define MAX_FOLDERS 4 -#define MAX_FILES 1024 - -static void -EnumSystemFilesInFolder(Handler func, PRUnichar* szSysDir, int maxDepth) -{ - int iContinue; - unsigned int uFolders = 0; - unsigned int uFiles = 0; - HANDLE lFindHandle; - WIN32_FIND_DATAW fdData; - PRUnichar szFileName[_MAX_PATH]; - - if (maxDepth < 0) - return; - // append *.* so we actually look for files. - _snwprintf(szFileName, _MAX_PATH, L"%s\\*.*", szSysDir); - szFileName[_MAX_PATH - 1] = L'\0'; - - lFindHandle = FindFirstFileW(szFileName, &fdData); - if (lFindHandle == INVALID_HANDLE_VALUE) - return; - do { - iContinue = 1; - if (wcscmp(fdData.cFileName, L".") == 0 || - wcscmp(fdData.cFileName, L"..") == 0) { - // skip "." and ".." - } else { - // pass the full pathname to the callback - _snwprintf(szFileName, _MAX_PATH, L"%s\\%s", szSysDir, - fdData.cFileName); - szFileName[_MAX_PATH - 1] = L'\0'; - if (fdData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { - if (++uFolders <= MAX_FOLDERS) - EnumSystemFilesInFolder(func, szFileName, maxDepth - 1); - } else { - iContinue = (++uFiles <= MAX_FILES) && !(*func)(szFileName); - } - } - if (iContinue) - iContinue = FindNextFileW(lFindHandle, &fdData); - } while (iContinue); - FindClose(lFindHandle); -} - -static BOOL -EnumSystemFiles(Handler func) -{ - PRUnichar szSysDir[_MAX_PATH]; - static const int folders[] = { - CSIDL_BITBUCKET, - CSIDL_RECENT, - CSIDL_INTERNET_CACHE, - CSIDL_HISTORY, - 0 - }; - int i = 0; - if (_MAX_PATH > (i = GetTempPathW(_MAX_PATH, szSysDir))) { - if (i > 0 && szSysDir[i-1] == L'\\') - szSysDir[i-1] = L'\0'; // we need to lop off the trailing slash - EnumSystemFilesInFolder(func, szSysDir, MAX_DEPTH); - } - for(i = 0; folders[i]; i++) { - DWORD rv = SHGetSpecialFolderPathW(NULL, szSysDir, folders[i], 0); - if (szSysDir[0]) - EnumSystemFilesInFolder(func, szSysDir, MAX_DEPTH); - szSysDir[0] = L'\0'; - } - return PR_TRUE; -} - -static PRInt32 -CountFiles(const PRUnichar *file) -{ - dwNumFiles++; - return 0; -} - -static int -ReadSingleFile(const char *filename) -{ - PRFileDesc * file; - unsigned char buffer[1024]; - - file = PR_Open(filename, PR_RDONLY, 0); - if (file != NULL) { - while (PR_Read(file, buffer, sizeof buffer) > 0) - ; - PR_Close(file); - } - return (file != NULL); -} - -static PRInt32 -ReadOneFile(const PRUnichar *szFileName) -{ - char narrowFileName[_MAX_PATH]; - - if (dwNumFiles == dwFileToRead) { - int success = WideCharToMultiByte(CP_ACP, 0, szFileName, -1, - narrowFileName, _MAX_PATH, - NULL, NULL); - if (success) - success = ReadSingleFile(narrowFileName); - if (!success) - dwFileToRead++; /* couldn't read this one, read the next one. */ - } - dwNumFiles++; - return dwNumFiles > dwFileToRead; -} - -static PRInt32 -ReadFiles(const PRUnichar *szFileName) -{ - char narrowFileName[_MAX_PATH]; - - if ((dwNumFiles % dwReadEvery) == 0) { - ++filesToRead; - } - if (filesToRead) { - DWORD prevFileBytes = totalFileBytes; - int iContinue = WideCharToMultiByte(CP_ACP, 0, szFileName, -1, - narrowFileName, _MAX_PATH, - NULL, NULL); - if (iContinue) { - RNG_FileForRNG(narrowFileName); - } - if (prevFileBytes < totalFileBytes) { - --filesToRead; - } - } - dwNumFiles++; - return (totalFileBytes >= maxFileBytes); -} - -static void -ReadSystemFiles(void) -{ - // first count the number of files - dwNumFiles = 0; - if (!EnumSystemFiles(CountFiles)) - return; - - RNG_RandomUpdate(&dwNumFiles, sizeof(dwNumFiles)); - - // now read the first 10 readable files, then 10 or 11 files - // spread throughout the system directory - filesToRead = 10; - if (dwNumFiles == 0) - return; - - dwReadEvery = dwNumFiles / 10; - if (dwReadEvery == 0) - dwReadEvery = 1; // less than 10 files - - dwNumFiles = 0; - totalFileBytes = 0; - EnumSystemFiles(ReadFiles); -} - void RNG_SystemInfoForRNG(void) { DWORD dwVal; @@ -308,91 +132,28 @@ void RNG_SystemInfoForRNG(void) RNG_RandomUpdate(&dwNumClusters, sizeof(dwNumClusters)); } - // Skip the potentially slow file scanning if the OS's PRNG worked. - if (!usedWindowsPRNG) - ReadSystemFiles(); - - nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes - RNG_RandomUpdate(buffer, nBytes); -} - -static void rng_systemJitter(void) -{ - dwNumFiles = 0; - EnumSystemFiles(ReadOneFile); - dwFileToRead++; - if (dwFileToRead >= dwNumFiles) { - dwFileToRead = 0; - } -} - - -void RNG_FileForRNG(const char *filename) -{ - FILE* file; - int nBytes; - struct stat stat_buf; - unsigned char buffer[1024]; - - /* windows doesn't initialize all the bytes in the stat buf, - * so initialize them all here to avoid UMRs. - */ - memset(&stat_buf, 0, sizeof stat_buf); - - if (stat((char *)filename, &stat_buf) < 0) - return; - - RNG_RandomUpdate((unsigned char*)&stat_buf, sizeof(stat_buf)); - - file = fopen((char *)filename, "r"); - if (file != NULL) { - for (;;) { - size_t bytes = fread(buffer, 1, sizeof(buffer), file); - - if (bytes == 0) - break; - - RNG_RandomUpdate(buffer, bytes); - totalFileBytes += bytes; - if (totalFileBytes > maxFileBytes) - break; - } - - fclose(file); - } - nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes RNG_RandomUpdate(buffer, nBytes); } /* - * Windows XP and Windows Server 2003 and later have RtlGenRandom, - * which must be looked up by the name SystemFunction036. + * The RtlGenRandom function is declared in <ntsecapi.h>, but the + * declaration is missing a calling convention specifier. So we + * declare it manually here. */ -typedef BOOLEAN -(APIENTRY *RtlGenRandomFn)( +#define RtlGenRandom SystemFunction036 +DECLSPEC_IMPORT BOOLEAN WINAPI RtlGenRandom( PVOID RandomBuffer, ULONG RandomBufferLength); size_t RNG_SystemRNG(void *dest, size_t maxLen) { - HMODULE hModule; - RtlGenRandomFn pRtlGenRandom; size_t bytes = 0; - usedWindowsPRNG = PR_FALSE; - hModule = LoadLibrary("advapi32.dll"); - if (hModule == NULL) { - return bytes; - } - pRtlGenRandom = (RtlGenRandomFn) - GetProcAddress(hModule, "SystemFunction036"); - if (pRtlGenRandom && pRtlGenRandom(dest, maxLen)) { + if (RtlGenRandom(dest, maxLen)) { bytes = maxLen; - usedWindowsPRNG = PR_TRUE; } - FreeLibrary(hModule); return bytes; } #endif /* is XP_WIN */ diff --git a/security/nss/lib/jar/jarver.c b/security/nss/lib/jar/jarver.c index d06b4e0..fa3c8a0 100644 --- a/security/nss/lib/jar/jarver.c +++ b/security/nss/lib/jar/jarver.c @@ -14,13 +14,8 @@ #include "certdb.h" #include "certt.h" #include "secpkcs7.h" - -/*#include "cdbhdl.h" */ #include "secder.h" -/* from certdb.h */ -#define CERTDB_USER (1<<6) - #define SZ 512 static int diff --git a/security/nss/lib/libpkix/include/pkix_errorstrings.h b/security/nss/lib/libpkix/include/pkix_errorstrings.h index 3cc550e..c9910e7 100755 --- a/security/nss/lib/libpkix/include/pkix_errorstrings.h +++ b/security/nss/lib/libpkix/include/pkix_errorstrings.h @@ -238,7 +238,6 @@ PKIX_ERRORENTRY(CERTTOSTRINGHELPERFAILED,pkix_pl_Cert_ToString_Helper failed,0), PKIX_ERRORENTRY(CERTVERIFYCERTTYPEFAILED,PKIX_PL_Cert_VerifyCertAndKeyType failed,0), PKIX_ERRORENTRY(CERTVERIFYKEYUSAGEFAILED,PKIX_PL_Cert_VerifyKeyUsage failed,0), PKIX_ERRORENTRY(CERTVERIFYSIGNATUREFAILED,PKIX_PL_Cert_VerifySignature failed,0), -PKIX_ERRORENTRY(CHAINREJECTEDBYREVOCATIONCHECKER,Chain rejected by Revocation Checker,0), PKIX_ERRORENTRY(CHAINVERIFYCALLBACKFAILED,Chain rejected by Application Callback,SEC_ERROR_APPLICATION_CALLBACK_ERROR), PKIX_ERRORENTRY(CHECKCERTAGAINSTANCHORFAILED,pkix_CheckCertAgainstAnchor failed,0), PKIX_ERRORENTRY(CHECKCERTFAILED,pkix_CheckCert failed,0), @@ -474,7 +473,6 @@ PKIX_ERRORENTRY(FANOUTEXCEEDSRESOURCELIMITS,Fanout exceeds Resource Limits,0), PKIX_ERRORENTRY(FETCHINGCACHEDCRLFAILED,Fetching Cached CRLfailed,0), PKIX_ERRORENTRY(FILLINPROCESSINGPARAMSFAILED,Fail to fill in parameters,0), PKIX_ERRORENTRY(FILLINRETURNRESULTSFAILED,Fail to fill in return results,0), -PKIX_ERRORENTRY(FIRSTARGUMENTNOTANOID,FirstObject is not an OID,0), PKIX_ERRORENTRY(FIRSTARGUMENTNOTBYTEARRAY,FirstObject is not a ByteArray,0), PKIX_ERRORENTRY(FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT,First argument is not a CertBasicConstraints Object,0), PKIX_ERRORENTRY(FIRSTDOUBLEHEXMUSTNOTBE00,First DoubleHex MUST NOT be 00,SEC_ERROR_INVALID_ARGS), @@ -578,7 +576,9 @@ PKIX_ERRORENTRY(INFOACCESSCREATELISTFAILED,pkix_pl_InfoAccess_CreateList failed, PKIX_ERRORENTRY(INFOACCESSGETLOCATIONFAILED,PKIX_PL_InfoAccess_GetLocation failed,0), PKIX_ERRORENTRY(INFOACCESSGETLOCATIONTYPEFAILED,PKIX_PL_InfoAccess_GetLocationType failed,0), PKIX_ERRORENTRY(INFOACCESSGETMETHODFAILED,PKIX_PL_InfoAccess_GetMethod failed,0), +#ifndef NSS_PKIX_NO_LDAP PKIX_ERRORENTRY(INFOACCESSPARSELOCATIONFAILED,pkix_pl_InfoAccess_ParseLocation failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), +#endif PKIX_ERRORENTRY(INFOACCESSPARSETOKENSFAILED,pkix_pl_InfoAccess_ParseTokens failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), PKIX_ERRORENTRY(INITIALIZECHECKERSFAILED,pkix_InitializeCheckers failed,0), PKIX_ERRORENTRY(INITIALIZEFAILED,PKIX_PL_Initialize failed,0), diff --git a/security/nss/lib/libpkix/include/pkix_pl_pki.h b/security/nss/lib/libpkix/include/pkix_pl_pki.h index 1157916..0a449b9 100755 --- a/security/nss/lib/libpkix/include/pkix_pl_pki.h +++ b/security/nss/lib/libpkix/include/pkix_pl_pki.h @@ -1269,6 +1269,9 @@ PKIX_PL_Cert_AreCertPoliciesCritical( * Must be non-NULL. * "nameConstraints" * Address of CertNameConstraints that need to be satisfied. + * "treatCommonNameAsDNSName" + * PKIX_TRUE if the subject common name should be considered a dNSName + * when evaluating name constraints. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: @@ -1282,6 +1285,7 @@ PKIX_Error * PKIX_PL_Cert_CheckNameConstraints( PKIX_PL_Cert *cert, PKIX_PL_CertNameConstraints *nameConstraints, + PKIX_Boolean treatCommonNameAsDNSName, void *plContext); /* @@ -1511,7 +1515,7 @@ typedef enum PKIX_PL_TrustAnchorModeEnum { * explicitly untrustworthy, explicitly configured trust anchors * MAY be ignored/rejected. */ - PKIX_PL_TrustAnchorMode_Exclusive, + PKIX_PL_TrustAnchorMode_Exclusive } PKIX_PL_TrustAnchorMode; /* @@ -1827,7 +1831,9 @@ PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert, #define PKIX_INFOACCESS_LOCATION_UNKNOWN 0 #define PKIX_INFOACCESS_LOCATION_HTTP 1 +#ifndef NSS_PKIX_NO_LDAP #define PKIX_INFOACCESS_LOCATION_LDAP 2 +#endif /* * FUNCTION: PKIX_PL_InfoAccess_GetMethod diff --git a/security/nss/lib/libpkix/include/pkix_sample_modules.h b/security/nss/lib/libpkix/include/pkix_sample_modules.h index c031a12..75d9618 100755 --- a/security/nss/lib/libpkix/include/pkix_sample_modules.h +++ b/security/nss/lib/libpkix/include/pkix_sample_modules.h @@ -117,6 +117,7 @@ PKIX_PL_Pk11CertStore_Create( PKIX_CertStore **pPk11CertStore, void *plContext); +#ifndef NSS_PKIX_NO_LDAP /* PKIX_PL_LdapCertStore * * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server @@ -249,6 +250,7 @@ PKIX_PL_LdapCertStore_Create( PKIX_PL_LdapClient *client, PKIX_CertStore **pCertStore, void *plContext); +#endif /* !NSS_PKIX_NO_LDAP */ /* PKIX_PL_NssContext * diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c index b9cde16..89bddd9 100755 --- a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c +++ b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c @@ -425,9 +425,13 @@ pkix_CertSelector_Match_NameConstraints( PKIX_COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED); if (nameConstraints != NULL) { - + /* As only the end-entity certificate should have + * the common name constrained as if it was a dNSName, + * do not constrain the common name when building a + * forward path. + */ PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints - (cert, nameConstraints, plContext), + (cert, nameConstraints, PKIX_FALSE, plContext), PKIX_CERTCHECKNAMECONSTRAINTSFAILED); } diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c index 63bccd5..c77ac8e 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c @@ -201,7 +201,6 @@ pkix_CrlChecker_CheckLocal( PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn; PKIX_CertStore *certStore = NULL; pkix_CrlChecker *state = NULL; - PKIX_UInt32 reasonCode = 0; PKIX_UInt32 crlStoreIndex = 0; PKIX_UInt32 numCrlStores = 0; PKIX_Boolean storeIsLocal = PKIX_FALSE; @@ -242,7 +241,7 @@ pkix_CrlChecker_CheckLocal( chainVerificationState ? date : NULL, /* crl downloading is not done. */ PKIX_FALSE, - &reasonCode, &revStatus, plContext), + pReasonCode, &revStatus, plContext), PKIX_CERTSTORECRLCHECKFAILED); if (revStatus == PKIX_RevStatus_Revoked) { break; @@ -307,7 +306,6 @@ pkix_CrlChecker_CheckExternal( PKIX_CRLSelector *crlSelector = NULL; PKIX_PL_X500Name *issuerName = NULL; pkix_CrlChecker *state = NULL; - PKIX_UInt32 reasonCode = 0; PKIX_UInt32 crlStoreIndex = 0; PKIX_UInt32 numCrlStores = 0; PKIX_Boolean storeIsLocal = PKIX_FALSE; @@ -410,7 +408,7 @@ pkix_CrlChecker_CheckExternal( (*storeCheckRevocationFn)(certStore, cert, issuer, date, /* done with crl downloading */ PKIX_TRUE, - &reasonCode, &revStatus, plContext), + pReasonCode, &revStatus, plContext), PKIX_CERTSTORECRLCHECKFAILED); if (revStatus != PKIX_RevStatus_NoInfo) { break; diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c index c04aa26..7c9430d 100755 --- a/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c @@ -167,6 +167,7 @@ pkix_NameConstraintsChecker_Check( PKIX_PL_CertNameConstraints *nameConstraints = NULL; PKIX_PL_CertNameConstraints *mergedNameConstraints = NULL; PKIX_Boolean selfIssued = PKIX_FALSE; + PKIX_Boolean lastCert = PKIX_FALSE; PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Check"); PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); @@ -178,6 +179,7 @@ pkix_NameConstraintsChecker_Check( PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); state->certsRemaining--; + lastCert = state->certsRemaining == 0; /* Get status of self issued */ PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext), @@ -185,13 +187,14 @@ pkix_NameConstraintsChecker_Check( /* Check on non self-issued and if so only for last cert */ if (selfIssued == PKIX_FALSE || - (selfIssued == PKIX_TRUE && state->certsRemaining == 0)) { + (selfIssued == PKIX_TRUE && lastCert)) { PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints - (cert, state->nameConstraints, plContext), + (cert, state->nameConstraints, lastCert, + plContext), PKIX_CERTCHECKNAMECONSTRAINTSFAILED); } - if (state->certsRemaining != 0) { + if (!lastCert) { PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints (cert, &nameConstraints, plContext), diff --git a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c b/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c deleted file mode 100755 index de5d203..0000000 --- a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c +++ /dev/null @@ -1,284 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* - * pkix_buildparams.c - * - * Build Params Object Functions - * - */ - -#include "pkix_buildparams.h" - -/* --Private-Functions-------------------------------------------- */ - -/* - * FUNCTION: pkix_BuildParams_Destroy - * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_BuildParams_Destroy( - PKIX_PL_Object *object, - void *plContext) -{ - PKIX_BuildParams *params = NULL; - - PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Destroy"); - PKIX_NULLCHECK_ONE(object); - - /* Check that this object is a build params object */ - PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext), - "Object is not a build params object"); - - params = (PKIX_BuildParams *)object; - - PKIX_DECREF(params->procParams); - -cleanup: - - PKIX_RETURN(BUILDPARAMS); -} - -/* - * FUNCTION: pkix_BuildParams_Equals - * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_BuildParams_Equals( - PKIX_PL_Object *first, - PKIX_PL_Object *second, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_UInt32 secondType; - PKIX_Boolean cmpResult; - PKIX_BuildParams *firstBuildParams = NULL; - PKIX_BuildParams *secondBuildParams = NULL; - - PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Equals"); - PKIX_NULLCHECK_THREE(first, second, pResult); - - PKIX_CHECK(pkix_CheckType(first, PKIX_BUILDPARAMS_TYPE, plContext), - "First Argument is not a BuildParams object"); - - PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), - PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); - - *pResult = PKIX_FALSE; - - if (secondType != PKIX_BUILDPARAMS_TYPE) goto cleanup; - - firstBuildParams = (PKIX_BuildParams *)first; - secondBuildParams = (PKIX_BuildParams *)second; - - PKIX_CHECK(PKIX_PL_Object_Equals - ((PKIX_PL_Object *)firstBuildParams->procParams, - (PKIX_PL_Object *)secondBuildParams->procParams, - &cmpResult, - plContext), - PKIX_OBJECTEQUALSFAILED); - - if (!cmpResult) goto cleanup; - - *pResult = cmpResult; - -cleanup: - - PKIX_RETURN(BUILDPARAMS); -} - -/* - * FUNCTION: pkix_BuildParams_Hashcode - * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_BuildParams_Hashcode( - PKIX_PL_Object *object, - PKIX_UInt32 *pHashcode, - void *plContext) -{ - PKIX_BuildParams *buildParams = NULL; - PKIX_UInt32 hash = 0; - PKIX_UInt32 procParamsHash = 0; - - PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Hashcode"); - PKIX_NULLCHECK_TWO(object, pHashcode); - - PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext), - "Object is not a processingParams object"); - - buildParams = (PKIX_BuildParams*)object; - - PKIX_CHECK(PKIX_PL_Object_Hashcode - ((PKIX_PL_Object *)buildParams->procParams, - &procParamsHash, - plContext), - PKIX_OBJECTHASHCODEFAILED); - - hash = 31 * procParamsHash; - - *pHashcode = hash; - -cleanup: - - PKIX_RETURN(BUILDPARAMS); -} - -/* - * FUNCTION: pkix_BuildParams_ToString - * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_BuildParams_ToString( - PKIX_PL_Object *object, - PKIX_PL_String **pString, - void *plContext) -{ - PKIX_BuildParams *buildParams = NULL; - char *asciiFormat = NULL; - PKIX_PL_String *formatString = NULL; - PKIX_PL_String *buildParamsString = NULL; - - PKIX_PL_String *procParamsString = NULL; - - PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_ToString"); - PKIX_NULLCHECK_TWO(object, pString); - - PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext), - PKIX_OBJECTNOTBUILDPARAMS); - - asciiFormat = - "[\n" - "\tProcessing Params: \n" - "\t********BEGIN PROCESSING PARAMS********\n" - "\t\t%s\n" - "\t********END PROCESSING PARAMS********\n" - "]\n"; - - PKIX_CHECK(PKIX_PL_String_Create - (PKIX_ESCASCII, - asciiFormat, - 0, - &formatString, - plContext), - PKIX_STRINGCREATEFAILED); - - buildParams = (PKIX_BuildParams*)object; - - PKIX_CHECK(PKIX_PL_Object_ToString - ((PKIX_PL_Object*)buildParams->procParams, - &procParamsString, - plContext), - PKIX_OBJECTTOSTRINGFAILED); - - PKIX_CHECK(PKIX_PL_Sprintf - (&buildParamsString, - plContext, - formatString, - procParamsString), - PKIX_SPRINTFFAILED); - - *pString = buildParamsString; - -cleanup: - - PKIX_DECREF(formatString); - PKIX_DECREF(procParamsString); - - PKIX_RETURN(BUILDPARAMS); -} - -/* - * FUNCTION: pkix_BuildParams_RegisterSelf - * DESCRIPTION: - * Registers PKIX_BUILDPARAMS_TYPE and its related functions with - * systemClasses[] - * THREAD SAFETY: - * Not Thread Safe - for performance and complexity reasons - * - * Since this function is only called by PKIX_PL_Initialize, which should - * only be called once, it is acceptable that this function is not - * thread-safe. - */ -PKIX_Error * -pkix_BuildParams_RegisterSelf(void *plContext) -{ - - extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; - pkix_ClassTable_Entry entry; - - PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_RegisterSelf"); - - entry.description = "BuildParams"; - entry.objCounter = 0; - entry.typeObjectSize = sizeof(PKIX_BuildParams); - entry.destructor = pkix_BuildParams_Destroy; - entry.equalsFunction = pkix_BuildParams_Equals; - entry.hashcodeFunction = pkix_BuildParams_Hashcode; - entry.toStringFunction = pkix_BuildParams_ToString; - entry.comparator = NULL; - entry.duplicateFunction = NULL; - - systemClasses[PKIX_BUILDPARAMS_TYPE] = entry; - - PKIX_RETURN(BUILDPARAMS); -} - -/* --Public-Functions--------------------------------------------- */ - -/* - * FUNCTION: PKIX_BuildParams_Create (see comments in pkix_params.h) - */ -PKIX_Error * -PKIX_BuildParams_Create( - PKIX_ProcessingParams *procParams, - PKIX_BuildParams **pParams, - void *plContext) -{ - PKIX_BuildParams *params = NULL; - - PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_Create"); - PKIX_NULLCHECK_TWO(procParams, pParams); - - PKIX_CHECK(PKIX_PL_Object_Alloc - (PKIX_BUILDPARAMS_TYPE, - sizeof (PKIX_BuildParams), - (PKIX_PL_Object **)&params, - plContext), - PKIX_COULDNOTCREATEBUILDPARAMSOBJECT); - - /* initialize fields */ - PKIX_INCREF(procParams); - params->procParams = procParams; - - *pParams = params; - params = NULL; - -cleanup: - - PKIX_DECREF(params); - - PKIX_RETURN(BUILDPARAMS); - -} - -/* - * FUNCTION: PKIX_BuildParams_GetProcessingParams - * (see comments in pkix_params.h) - */ -PKIX_Error * -PKIX_BuildParams_GetProcessingParams( - PKIX_BuildParams *buildParams, - PKIX_ProcessingParams **pProcParams, - void *plContext) -{ - PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_GetProcessingParams"); - PKIX_NULLCHECK_TWO(buildParams, pProcParams); - - PKIX_INCREF(buildParams->procParams); - - *pProcParams = buildParams->procParams; - -cleanup: - PKIX_RETURN(BUILDPARAMS); -} diff --git a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h b/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h deleted file mode 100755 index 4bf130b..0000000 --- a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h +++ /dev/null @@ -1,32 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* - * pkix_buildparams.h - * - * BuildParams Object Type Definition - * - */ - -#ifndef _PKIX_BUILDPARAMS_H -#define _PKIX_BUILDPARAMS_H - -#include "pkix_tools.h" - -#ifdef __cplusplus -extern "C" { -#endif - -struct PKIX_BuildParamsStruct { - PKIX_ProcessingParams *procParams; /* Never NULL */ -}; - -/* see source file for function documentation */ - -PKIX_Error *pkix_BuildParams_RegisterSelf(void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_BUILDPARAMS_H */ diff --git a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c index 5693569..ced16d2 100755 --- a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c +++ b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c @@ -369,7 +369,11 @@ PKIX_TrustAnchor_CreateWithCert( anchor->caName = NULL; anchor->caPubKey = NULL; - anchor->nameConstraints = NULL; + + PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints + (anchor->trustedCert, &anchor->nameConstraints, plContext), + PKIX_CERTGETNAMECONSTRAINTSFAILED); + *pAnchor = anchor; anchor = NULL; diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c index c35163a..0fd4fad 100755 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.c +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c @@ -65,7 +65,6 @@ pkix_ForwardBuilderState_Destroy( state->numFanout = 0; state->numDepth = 0; state->reasonCode = 0; - state->revCheckDelayed = PKIX_FALSE; state->canBeCached = PKIX_FALSE; state->useOnlyLocal = PKIX_FALSE; state->revChecking = PKIX_FALSE; @@ -126,9 +125,6 @@ cleanup: * Number of Certs that can be considered at this level (0 = no limit) * "numDepth" * Number of additional levels that can be searched (0 = no limit) - * "revCheckDelayed" - * Boolean value indicating whether rev check is delayed until after - * entire chain is built. * "canBeCached" * Boolean value indicating whether all certs on the chain can be cached. * "validityDate" @@ -159,7 +155,6 @@ pkix_ForwardBuilderState_Create( PKIX_Int32 traversedCACerts, PKIX_UInt32 numFanout, PKIX_UInt32 numDepth, - PKIX_Boolean revCheckDelayed, PKIX_Boolean canBeCached, PKIX_PL_Date *validityDate, PKIX_PL_Cert *prevCert, @@ -195,7 +190,6 @@ pkix_ForwardBuilderState_Create( state->numDepth = numDepth; state->reasonCode = 0; state->revChecking = numDepth; - state->revCheckDelayed = revCheckDelayed; state->canBeCached = canBeCached; state->useOnlyLocal = PKIX_TRUE; state->revChecking = PKIX_FALSE; @@ -371,7 +365,6 @@ pkix_ForwardBuilderState_ToString "\tnumFanout: \t%d\n" "\tnumDepth: \t%d\n" "\treasonCode: \t%d\n" - "\trevCheckDelayed: \t%d\n" "\tcanBeCached: \t%d\n" "\tuseOnlyLocal: \t%d\n" "\trevChecking: \t%d\n" @@ -416,10 +409,6 @@ pkix_ForwardBuilderState_ToString break; case BUILD_ABANDONNODE: asciiStatus = "BUILD_ABANDONNODE"; break; - case BUILD_CRLPREP: asciiStatus = "BUILD_CRLPREP"; - break; - case BUILD_CRL1: asciiStatus = "BUILD_CRL1"; - break; case BUILD_DATEPREP: asciiStatus = "BUILD_DATEPREP"; break; case BUILD_CHECKTRUSTED: asciiStatus = "BUILD_CHECKTRUSTED"; @@ -428,8 +417,6 @@ pkix_ForwardBuilderState_ToString break; case BUILD_ADDTOCHAIN: asciiStatus = "BUILD_ADDTOCHAIN"; break; - case BUILD_CRL2: asciiStatus = "BUILD_CRL2"; - break; case BUILD_VALCHAIN: asciiStatus = "BUILD_VALCHAIN"; break; case BUILD_VALCHAIN2: asciiStatus = "BUILD_VALCHAIN2"; @@ -498,7 +485,6 @@ pkix_ForwardBuilderState_ToString (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth, (PKIX_UInt32)state->reasonCode, - state->revCheckDelayed, state->canBeCached, state->useOnlyLocal, state->revChecking, @@ -656,8 +642,6 @@ pkix_ForwardBuilderState_IsIOPending( PKIX_NULLCHECK_TWO(state, pPending); if ((state->status == BUILD_GATHERPENDING) || - (state->status == BUILD_CRL1) || - (state->status == BUILD_CRL2) || (state->status == BUILD_CHECKTRUSTED2) || (state->status == BUILD_VALCHAIN2) || (state->status == BUILD_AIAPENDING)) { @@ -780,16 +764,12 @@ cleanup: * Checks whether the previous Cert stored in the ForwardBuilderState pointed * to by "state" successfully chains, including signature verification, to the * candidate Cert also stored in "state", using the Boolean value in "trusted" - * to determine whether "candidateCert" is trusted. Using the Boolean value in - * "revocationChecking" for the existence of revocation checking, it sets - * "pNeedsCRLChecking" to PKIX_TRUE if the candidate Cert needs to be checked - * against Certificate Revocation Lists. + * to determine whether "candidateCert" is trusted. * * First it checks whether "candidateCert" has already been traversed by - * determining whether it is contained in the List of traversed Certs. It + * determining whether it is contained in the List of traversed Certs. It then * checks the candidate Cert with user checkers, if any, in the List pointed to - * by "userCheckers". It then runs the signature validation. Finally, it - * determines the appropriate value for "pNeedsCRLChecking". + * by "userCheckers". Finally, it runs the signature validation. * * If this Certificate fails verification, and state->verifyNode is non-NULL, * this function sets the Error code into the verifyNode. @@ -800,14 +780,8 @@ cleanup: * "userCheckers" * Address of a List of CertChainCheckers to be used, if present, to * validate the candidateCert. - * "revocationChecking" - * Boolean indication of whether revocation checking is available, either - * as a CertChainChecker or a List of RevocationCheckers. * "trusted" * Boolean value of trust for the candidate Cert - * "pNeedsCRLChecking" - * Address where Boolean CRL-checking-needed value is stored. - * Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: @@ -821,9 +795,7 @@ static PKIX_Error * pkix_Build_VerifyCertificate( PKIX_ForwardBuilderState *state, PKIX_List *userCheckers, - PKIX_Boolean revocationChecking, PKIX_Boolean *pTrusted, - PKIX_Boolean *pNeedsCRLChecking, PKIX_VerifyNode *verifyNode, void *plContext) { @@ -841,12 +813,10 @@ pkix_Build_VerifyCertificate( void *nbioContext = NULL; PKIX_ENTER(BUILD, "pkix_Build_VerifyCertificate"); - PKIX_NULLCHECK_THREE(state, pTrusted, pNeedsCRLChecking); + PKIX_NULLCHECK_TWO(state, pTrusted); PKIX_NULLCHECK_THREE (state->candidateCerts, state->prevCert, state->trustChain); - *pNeedsCRLChecking = PKIX_FALSE; - PKIX_INCREF(state->candidateCert); candidateCert = state->candidateCert; @@ -944,26 +914,6 @@ pkix_Build_VerifyCertificate( PKIX_ERROR(PKIX_MISSINGDSAPARAMETERS); } } - - - if (revocationChecking) { - if (!trusted) { - if (state->revCheckDelayed) { - goto cleanup; - } else { - PKIX_Boolean isSelfIssued = PKIX_FALSE; - PKIX_CHECK( - pkix_IsCertSelfIssued(candidateCert, &isSelfIssued, - plContext), - PKIX_ISCERTSELFISSUEDFAILED); - if (isSelfIssued) { - state->revCheckDelayed = PKIX_TRUE; - goto cleanup; - } - } - } - *pNeedsCRLChecking = PKIX_TRUE; - } cleanup: PKIX_DECREF(candidateCert); @@ -1348,9 +1298,8 @@ pkix_Build_ValidateEntireChain( ERROR_CHECK(PKIX_CHECKCHAINFAILED); - if (state->reasonCode != 0) { - PKIX_ERROR(PKIX_CHAINREJECTEDBYREVOCATIONCHECKER); - } + /* XXX Remove this assertion after 2014-12-31. See bug 946984. */ + PORT_Assert(state->reasonCode == 0); PKIX_CHECK(pkix_ValidateResult_Create (subjPubKey, anchor, policyTree, &valResult, plContext), @@ -2080,8 +2029,6 @@ pkix_BuildForwardDepthFirstSearch( PKIX_Boolean trusted = PKIX_FALSE; PKIX_Boolean isSelfIssued = PKIX_FALSE; PKIX_Boolean canBeCached = PKIX_FALSE; - PKIX_Boolean revocationCheckingExists = PKIX_FALSE; - PKIX_Boolean needsCRLChecking = PKIX_FALSE; PKIX_Boolean ioPending = PKIX_FALSE; PKIX_PL_Date *validityDate = NULL; PKIX_PL_Date *currTime = NULL; @@ -2392,9 +2339,6 @@ pkix_BuildForwardDepthFirstSearch( #endif if (state->status == BUILD_CERTVALIDATING) { - revocationCheckingExists = - (state->buildConstants.revChecker != NULL); - PKIX_DECREF(state->candidateCert); PKIX_CHECK(PKIX_List_GetItem (state->candidateCerts, @@ -2417,9 +2361,7 @@ pkix_BuildForwardDepthFirstSearch( verifyError = pkix_Build_VerifyCertificate (state, state->buildConstants.userCheckers, - revocationCheckingExists, &trusted, - &needsCRLChecking, verifyNode, plContext); @@ -2454,63 +2396,11 @@ pkix_BuildForwardDepthFirstSearch( (PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED); } state->status = BUILD_GETNEXTCERT; - } else if (needsCRLChecking) { - state->status = BUILD_CRLPREP; } else { state->status = BUILD_DATEPREP; } } - if (state->status == BUILD_CRLPREP) { - PKIX_RevocationStatus revStatus; - PKIX_UInt32 reasonCode; - - verifyError = - PKIX_RevocationChecker_Check( - state->prevCert, state->candidateCert, - state->buildConstants.revChecker, - state->buildConstants.procParams, - PKIX_FALSE, - (state->parentState == NULL) ? - PKIX_TRUE : PKIX_FALSE, - &revStatus, &reasonCode, - &nbio, plContext); - if (nbio != NULL) { - *pNBIOContext = nbio; - goto cleanup; - } - if (revStatus == PKIX_RevStatus_Revoked || verifyError) { - if (!verifyError) { - /* if verifyError is returned then use it as - * it has a detailed revocation error code. - * Otherwise create a new error */ - PKIX_ERROR_CREATE(VALIDATE, PKIX_CERTIFICATEREVOKED, - verifyError); - } - if (state->verifyNode != NULL) { - PKIX_CHECK_FATAL(pkix_VerifyNode_SetError - (verifyNode, verifyError, plContext), - PKIX_VERIFYNODESETERRORFAILED); - PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree - (state->verifyNode, - verifyNode, - plContext), - PKIX_VERIFYNODEADDTOTREEFAILED); - PKIX_DECREF(verifyNode); - } - PKIX_DECREF(finalError); - finalError = verifyError; - verifyError = NULL; - if (state->certLoopingDetected) { - PKIX_ERROR - (PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED); - } - state->status = BUILD_GETNEXTCERT; - } else { - state->status = BUILD_DATEPREP; - } - } - if (state->status == BUILD_DATEPREP) { /* Keep track of whether this chain can be cached */ PKIX_CHECK(pkix_Build_UpdateDate(state, plContext), @@ -2712,7 +2602,6 @@ pkix_BuildForwardDepthFirstSearch( (childTraversedCACerts, state->buildConstants.maxFanout, state->numDepth - 1, - state->revCheckDelayed, canBeCached, validityDate, state->candidateCert, @@ -3522,7 +3411,6 @@ pkix_Build_InitiateBuildChain( (0, /* PKIX_UInt32 traversedCACerts */ buildConstants.maxFanout, buildConstants.maxDepth, - PKIX_FALSE, /* PKIX_Boolean revCheckDelayed */ PKIX_TRUE, /* PKIX_Boolean canBeCached */ NULL, /* PKIX_Date *validityDate */ targetCert, /* PKIX_PL_Cert *prevCert */ diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.h b/security/nss/lib/libpkix/pkix/top/pkix_build.h index 91916d4..eeba923 100755 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.h +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.h @@ -11,7 +11,9 @@ #ifndef _PKIX_BUILD_H #define _PKIX_BUILD_H #include "pkix_tools.h" +#ifndef NSS_PKIX_NO_LDAP #include "pkix_pl_ldapt.h" +#endif #include "pkix_ekuchecker.h" #ifdef __cplusplus @@ -27,14 +29,10 @@ typedef enum { BUILD_GATHERPENDING, BUILD_CERTVALIDATING, BUILD_ABANDONNODE, - BUILD_CRLPREP, - BUILD_CRL1, BUILD_DATEPREP, BUILD_CHECKTRUSTED, BUILD_CHECKTRUSTED2, BUILD_ADDTOCHAIN, - BUILD_CRL2PREP, - BUILD_CRL2, BUILD_VALCHAIN, BUILD_VALCHAIN2, BUILD_EXTENDCHAIN, @@ -85,7 +83,6 @@ struct PKIX_ForwardBuilderStateStruct{ PKIX_UInt32 numFanout; PKIX_UInt32 numDepth; PKIX_UInt32 reasonCode; - PKIX_Boolean revCheckDelayed; PKIX_Boolean canBeCached; PKIX_Boolean useOnlyLocal; PKIX_Boolean revChecking; diff --git a/security/nss/lib/libpkix/pkix/top/pkix_validate.c b/security/nss/lib/libpkix/pkix/top/pkix_validate.c index edee9f3..1e5dec7 100755 --- a/security/nss/lib/libpkix/pkix/top/pkix_validate.c +++ b/security/nss/lib/libpkix/pkix/top/pkix_validate.c @@ -1113,7 +1113,7 @@ PKIX_ValidateChain( pVerifyTree, plContext); - if (chainFailed || (reasonCode != 0)) { + if (chainFailed) { /* cert chain failed to validate */ @@ -1129,6 +1129,10 @@ PKIX_ValidateChain( } else { + /* XXX Remove this assertion after 2014-12-31. + * See bug 946984. */ + PORT_Assert(reasonCode == 0); + /* cert chain successfully validated! */ PKIX_CHECK(pkix_ValidateResult_Create (finalPubKey, @@ -1393,7 +1397,7 @@ PKIX_ValidateChain_NB( goto cleanup; } - if (chainFailed || (reasonCode != 0)) { + if (chainFailed) { /* cert chain failed to validate */ @@ -1409,6 +1413,10 @@ PKIX_ValidateChain_NB( } else { + /* XXX Remove this assertion after 2014-12-31. + * See bug 946984. */ + PORT_Assert(reasonCode == 0); + /* cert chain successfully validated! */ PKIX_CHECK(pkix_ValidateResult_Create (finalPubKey, diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk b/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk index b8c03de..2926747 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk @@ -13,3 +13,23 @@ SHARED_LIBRARY = IMPORT_LIBRARY = PROGRAM = +ifdef NSS_PKIX_NO_LDAP +LDAP_HEADERS = +LDAP_CSRCS = +else +LDAP_HEADERS = \ + pkix_pl_ldapt.h \ + pkix_pl_ldapcertstore.h \ + pkix_pl_ldapresponse.h \ + pkix_pl_ldaprequest.h \ + pkix_pl_ldapdefaultclient.h \ + $(NULL) + +LDAP_CSRCS = \ + pkix_pl_ldaptemplates.c \ + pkix_pl_ldapcertstore.c \ + pkix_pl_ldapresponse.c \ + pkix_pl_ldaprequest.c \ + pkix_pl_ldapdefaultclient.c \ + $(NULL) +endif diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn b/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn index 12d3cee..63bfd70 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn @@ -12,11 +12,7 @@ PRIVATE_EXPORTS = \ pkix_pl_colcertstore.h \ pkix_pl_httpcertstore.h \ pkix_pl_httpdefaultclient.h \ - pkix_pl_ldapt.h \ - pkix_pl_ldapcertstore.h \ - pkix_pl_ldapresponse.h \ - pkix_pl_ldaprequest.h \ - pkix_pl_ldapdefaultclient.h \ + $(LDAP_HEADERS) \ pkix_pl_nsscontext.h \ pkix_pl_pk11certstore.h \ pkix_pl_socket.h \ @@ -32,11 +28,7 @@ CSRCS = \ pkix_pl_colcertstore.c \ pkix_pl_httpcertstore.c \ pkix_pl_httpdefaultclient.c \ - pkix_pl_ldaptemplates.c \ - pkix_pl_ldapcertstore.c \ - pkix_pl_ldapresponse.c \ - pkix_pl_ldaprequest.c \ - pkix_pl_ldapdefaultclient.c \ + $(LDAP_CSRCS) \ pkix_pl_nsscontext.c \ pkix_pl_pk11certstore.c \ pkix_pl_socket.c \ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c index 5dc7248..148c2c1 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c @@ -11,6 +11,7 @@ #include "pkix_pl_aiamgr.h" extern PKIX_PL_HashTable *aiaConnectionCache; +#ifndef NSS_PKIX_NO_LDAP /* --Virtual-LdapClient-Functions------------------------------------ */ PKIX_Error * @@ -51,6 +52,7 @@ cleanup: PKIX_RETURN(LDAPCLIENT); } +#endif /* !NSS_PKIX_NO_LDAP */ /* --Private-AIAMgr-Functions----------------------------------*/ @@ -81,7 +83,9 @@ pkix_pl_AIAMgr_Destroy( PKIX_DECREF(aiaMgr->aia); PKIX_DECREF(aiaMgr->location); PKIX_DECREF(aiaMgr->results); +#ifndef NSS_PKIX_NO_LDAP PKIX_DECREF(aiaMgr->client.ldapClient); +#endif cleanup: @@ -114,6 +118,7 @@ pkix_pl_AIAMgr_RegisterSelf(void *plContext) PKIX_RETURN(AIAMGR); } +#ifndef NSS_PKIX_NO_LDAP /* * FUNCTION: pkix_pl_AiaMgr_FindLDAPClient * DESCRIPTION: @@ -131,6 +136,8 @@ pkix_pl_AIAMgr_RegisterSelf(void *plContext) * non-NULL. * "domainName" * Address of a string pointing to a server name. Must be non-NULL. + * An empty string (which means no <host> is given in the LDAP URL) is + * not supported. * "pClient" * Address at which the returned LDAPClient is stored. Must be non-NULL. * "plContext" @@ -155,6 +162,17 @@ pkix_pl_AiaMgr_FindLDAPClient( PKIX_ENTER(AIAMGR, "pkix_pl_AiaMgr_FindLDAPClient"); PKIX_NULLCHECK_THREE(aiaMgr, domainName, pClient); + /* + * An LDAP URL may not have a <host> part, for example, + * ldap:///o=University%20of%20Michigan,c=US + * PKIX_PL_LdapDefaultClient doesn't know how to discover the default + * LDAP server, so we don't support this kind of LDAP URL. + */ + if (*domainName == '\0') { + /* Simulate a PKIX_PL_LdapDefaultClient_CreateByName failure. */ + PKIX_ERROR(PKIX_LDAPDEFAULTCLIENTCREATEBYNAMEFAILED); + } + /* create PKIX_PL_String from domain name */ PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, domainName, 0, &domainString, plContext), @@ -199,6 +217,7 @@ cleanup: PKIX_RETURN(AIAMGR); } +#endif /* !NSS_PKIX_NO_LDAP */ PKIX_Error * pkix_pl_AIAMgr_GetHTTPCerts( @@ -375,6 +394,7 @@ cleanup: PKIX_RETURN(AIAMGR); } +#ifndef NSS_PKIX_NO_LDAP PKIX_Error * pkix_pl_AIAMgr_GetLDAPCerts( PKIX_PL_AIAMgr *aiaMgr, @@ -483,6 +503,7 @@ cleanup: PKIX_RETURN(AIAMGR); } +#endif /* !NSS_PKIX_NO_LDAP */ /* * FUNCTION: PKIX_PL_AIAMgr_Create @@ -619,10 +640,12 @@ PKIX_PL_AIAMgr_GetAIACerts( PKIX_CHECK(pkix_pl_AIAMgr_GetHTTPCerts (aiaMgr, ia, &nbio, &certs, plContext), PKIX_AIAMGRGETHTTPCERTSFAILED); +#ifndef NSS_PKIX_NO_LDAP } else if (iaType == PKIX_INFOACCESS_LOCATION_LDAP) { PKIX_CHECK(pkix_pl_AIAMgr_GetLDAPCerts (aiaMgr, ia, &nbio, &certs, plContext), PKIX_AIAMGRGETLDAPCERTSFAILED); +#endif } else { /* We only support http and ldap requests. */ PKIX_DECREF(ia); @@ -664,7 +687,9 @@ cleanup: if (PKIX_ERROR_RECEIVED) { PKIX_DECREF(aiaMgr->aia); PKIX_DECREF(aiaMgr->results); +#ifndef NSS_PKIX_NO_LDAP PKIX_DECREF(aiaMgr->client.ldapClient); +#endif } PKIX_DECREF(certs); diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h index 00b872f..356c1ec 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h @@ -27,7 +27,9 @@ struct PKIX_PL_AIAMgrStruct { PKIX_PL_GeneralName *location; PKIX_List *results; union { +#ifndef NSS_PKIX_NO_LDAP PKIX_PL_LdapClient *ldapClient; +#endif struct { const SEC_HttpClientFcn *httpClient; SEC_HTTP_SERVER_SESSION serverSession; @@ -41,6 +43,7 @@ struct PKIX_PL_AIAMgrStruct { PKIX_Error *pkix_pl_AIAMgr_RegisterSelf(void *plContext); +#ifndef NSS_PKIX_NO_LDAP PKIX_Error *PKIX_PL_LdapClient_InitiateRequest( PKIX_PL_LdapClient *client, LDAPRequestParams *requestParams, @@ -53,6 +56,7 @@ PKIX_Error *PKIX_PL_LdapClient_ResumeRequest( void **pPollDesc, PKIX_List **pResponse, void *plContext); +#endif /* !NSS_PKIX_NO_LDAP */ #ifdef __cplusplus } diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index f13c835..2036f5c 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -3135,6 +3135,7 @@ PKIX_Error * PKIX_PL_Cert_CheckNameConstraints( PKIX_PL_Cert *cert, PKIX_PL_CertNameConstraints *nameConstraints, + PKIX_Boolean treatCommonNameAsDNSName, void *plContext) { PKIX_Boolean checkPass = PKIX_TRUE; @@ -3151,11 +3152,14 @@ PKIX_PL_Cert_CheckNameConstraints( PKIX_ERROR(PKIX_OUTOFMEMORY); } - /* This NSS call returns both Subject and Subject Alt Names */ + /* This NSS call returns Subject Alt Names. If + * treatCommonNameAsDNSName is true, it also returns the + * Subject Common Name + */ PKIX_CERT_DEBUG ("\t\tCalling CERT_GetConstrainedCertificateNames\n"); nssSubjectNames = CERT_GetConstrainedCertificateNames - (cert->nssCert, arena, PR_TRUE); + (cert->nssCert, arena, treatCommonNameAsDNSName); PKIX_CHECK(pkix_pl_CertNameConstraints_CheckNameSpaceNssNames (nssSubjectNames, diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c index 3ce6cbe..9fa8e92 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c @@ -481,9 +481,11 @@ PKIX_PL_InfoAccess_GetLocationType( PKIX_STRINGGETENCODEDFAILED); PKIX_OID_DEBUG("\tCalling PORT_Strcmp).\n"); +#ifndef NSS_PKIX_NO_LDAP if (PORT_Strncmp(location, "ldap:", 5) == 0){ type = PKIX_INFOACCESS_LOCATION_LDAP; } else +#endif if (PORT_Strncmp(location, "http:", 5) == 0){ type = PKIX_INFOACCESS_LOCATION_HTTP; } @@ -499,6 +501,7 @@ cleanup: PKIX_RETURN(INFOACCESS); } +#ifndef NSS_PKIX_NO_LDAP /* * FUNCTION: pkix_pl_InfoAccess_ParseTokens * DESCRIPTION: @@ -868,3 +871,4 @@ cleanup: PKIX_RETURN(INFOACCESS); } +#endif /* !NSS_PKIX_NO_LDAP */ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h index f56bfe1..e69d7b4 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h @@ -32,6 +32,7 @@ pkix_pl_InfoAccess_CreateList( PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */ void *plContext); +#ifndef NSS_PKIX_NO_LDAP PKIX_Error * pkix_pl_InfoAccess_ParseLocation( PKIX_PL_GeneralName *generalName, @@ -39,6 +40,7 @@ pkix_pl_InfoAccess_ParseLocation( LDAPRequestParams *request, char **pDomainName, void *plContext); +#endif /* !NSS_PKIX_NO_LDAP */ #ifdef __cplusplus } diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h index e1cb028..2946e07 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h @@ -38,7 +38,9 @@ /* private PKIX_PL_NSS system headers */ #include "pkix_pl_object.h" #include "pkix_pl_string.h" +#ifndef NSS_PKIX_NO_LDAP #include "pkix_pl_ldapt.h" +#endif /* !NSS_PKIX_NO_LDAP */ #include "pkix_pl_aiamgr.h" #include "pkix_pl_bigint.h" #include "pkix_pl_oid.h" @@ -62,9 +64,11 @@ #include "pkix_pl_ocspresponse.h" #include "pkix_pl_pk11certstore.h" #include "pkix_pl_socket.h" +#ifndef NSS_PKIX_NO_LDAP #include "pkix_pl_ldapcertstore.h" #include "pkix_pl_ldaprequest.h" #include "pkix_pl_ldapresponse.h" +#endif /* !NSS_PKIX_NO_LDAP */ #include "pkix_pl_nsscontext.h" #include "pkix_pl_httpcertstore.h" #include "pkix_pl_httpdefaultclient.h" diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c index 33381e6..6bc74b61 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c @@ -204,9 +204,11 @@ PKIX_PL_Initialize( pkix_ForwardBuilderState_RegisterSelf(plContext); pkix_SignatureCheckerState_RegisterSelf(plContext); pkix_NameConstraintsCheckerState_RegisterSelf(plContext); +#ifndef NSS_PKIX_NO_LDAP pkix_pl_LdapRequest_RegisterSelf(plContext); pkix_pl_LdapResponse_RegisterSelf(plContext); pkix_pl_LdapDefaultClient_RegisterSelf(plContext); +#endif pkix_pl_Socket_RegisterSelf(plContext); pkix_ResourceLimits_RegisterSelf(plContext); /* 51-59 */ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h index 21c2033..9660af1 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h @@ -33,10 +33,12 @@ #include "pkix_pl_crlentry.h" #include "pkix_pl_crl.h" #include "pkix_pl_colcertstore.h" +#ifndef NSS_PKIX_NO_LDAP #include "pkix_pl_ldapcertstore.h" #include "pkix_pl_ldapdefaultclient.h" #include "pkix_pl_ldaprequest.h" #include "pkix_pl_ldapresponse.h" +#endif /* !NSS_PKIX_NO_LDAP */ #include "pkix_pl_socket.h" #include "pkix_pl_infoaccess.h" #include "pkix_store.h" diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c index e628c02..a6e0503 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c @@ -107,33 +107,16 @@ pkix_pl_OID_Equals( PKIX_Boolean *pResult, void *plContext) { - PKIX_UInt32 secondType; - SECComparison cmpResult; + PKIX_Int32 cmpResult; PKIX_ENTER(OID, "pkix_pl_OID_Equals"); PKIX_NULLCHECK_THREE(first, second, pResult); - PKIX_CHECK(pkix_CheckType(first, PKIX_OID_TYPE, plContext), - PKIX_FIRSTARGUMENTNOTANOID); - - PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), - PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); - - *pResult = PKIX_FALSE; - - /* - * Do a quick check that the second object is an OID. - * If so, check that their lengths are equal. - */ - if (secondType != PKIX_OID_TYPE) { - goto cleanup; - } - PKIX_CHECK(pkix_pl_OID_Comparator (first, second, &cmpResult, plContext), PKIX_OIDCOMPARATORFAILED); - *pResult = (cmpResult == SECEqual); + *pResult = (cmpResult == 0); cleanup: PKIX_RETURN(OID); diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 9804777..6f6b670 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1045,3 +1045,20 @@ CERT_GetSubjectPublicKeyDigest; ;+ local: ;+ *; ;+}; +;+NSS_3.16.1 { # NSS 3.16.1 release +;+ global: +PK11_ExportDERPrivateKeyInfo; +PK11_ExportPrivKeyInfo; +SECMOD_InternaltoPubMechFlags; +;+ local: +;+ *; +;+}; +;+NSS_3.16.2 { # NSS 3.16.2 release +;+ global: +CERT_AddExtensionByOID; +CERT_GetGeneralNameTypeFromString; +PK11_PubEncrypt; +PK11_PrivDecrypt; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 4cdf7242..ccd954c 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -9,7 +9,7 @@ #define __nss_h_ /* The private macro _NSS_ECC_STRING is for NSS internal use only. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifdef NSS_ECC_MORE_THAN_SUITE_B #define _NSS_ECC_STRING " Extended ECC" #else @@ -33,10 +33,10 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]" */ -#define NSS_VERSION "3.15.4" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.16.2" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 15 -#define NSS_VPATCH 4 +#define NSS_VMINOR 16 +#define NSS_VPATCH 2 #define NSS_VBUILD 0 #define NSS_BETA PR_FALSE diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c index 13cdaee..6218a7e 100644 --- a/security/nss/lib/nss/nssinit.c +++ b/security/nss/lib/nss/nssinit.c @@ -1091,14 +1091,6 @@ nss_Shutdown(void) shutdownRV = SECFailure; } pk11sdr_Shutdown(); - /* - * A thread's error stack is automatically destroyed when the thread - * terminates, except for the primordial thread, whose error stack is - * destroyed by PR_Cleanup. Since NSS is usually shut down by the - * primordial thread and many NSS-based apps don't call PR_Cleanup, - * we destroy the calling thread's error stack here. - */ - nss_DestroyErrorStack(); nssArena_Shutdown(); if (status == PR_FAILURE) { if (NSS_GetError() == NSS_ERROR_BUSY) { @@ -1106,6 +1098,16 @@ nss_Shutdown(void) } shutdownRV = SECFailure; } + /* + * A thread's error stack is automatically destroyed when the thread + * terminates, except for the primordial thread, whose error stack is + * destroyed by PR_Cleanup. Since NSS is usually shut down by the + * primordial thread and many NSS-based apps don't call PR_Cleanup, + * we destroy the calling thread's error stack here. This must be + * done after any NSS_GetError call, otherwise NSS_GetError will + * create the error stack again. + */ + nss_DestroyErrorStack(); nssIsInitted = PR_FALSE; temp = nssInitContextList; nssInitContextList = NULL; diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index 12e2149..5ad45a5 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -1713,7 +1713,13 @@ done: SECKEYPrivateKeyInfo * PK11_ExportPrivateKeyInfo(CERTCertificate *cert, void *wincx) { - return NULL; + SECKEYPrivateKeyInfo *pki = NULL; + SECKEYPrivateKey *pk = PK11_FindKeyByAnyCert(cert, wincx); + if (pk != NULL) { + pki = PK11_ExportPrivKeyInfo(pk, wincx); + SECKEY_DestroyPrivateKey(pk); + } + return pki; } SECKEYEncryptedPrivateKeyInfo * @@ -1892,7 +1898,7 @@ PK11_ExportEncryptedPrivateKeyInfo( } SECItem* -PK11_DEREncodePublicKey(SECKEYPublicKey *pubk) +PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk) { return SECKEY_EncodeDERSubjectPublicKeyInfo(pubk); } diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 39168b9..3f3edb1 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, * CERTCertificate, and finish */ nssPKIObject_AddInstance(&c->object, certobj); + /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and + * replace 'c' by a different value. So we add a reference to 'c' to + * prevent 'c' from being destroyed. */ + nssCertificate_AddRef(c); nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); + /* XXX should we pass the original value of 'c' to + * STAN_ForceCERTCertificateUpdate? */ (void)STAN_ForceCERTCertificateUpdate(c); + nssCertificate_Destroy(c); SECITEM_FreeItem(keyID,PR_TRUE); return SECSuccess; loser: diff --git a/security/nss/lib/pk11wrap/pk11cxt.c b/security/nss/lib/pk11wrap/pk11cxt.c index 8aeb63e..d626ba7 100644 --- a/security/nss/lib/pk11wrap/pk11cxt.c +++ b/security/nss/lib/pk11wrap/pk11cxt.c @@ -754,6 +754,9 @@ PK11_DigestOp(PK11Context *context, const unsigned char * in, unsigned inLen) CK_RV crv = CKR_OK; SECStatus rv = SECSuccess; + if (inLen == 0) { + return SECSuccess; + } if (!in) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c index e1e764b..6700180 100644 --- a/security/nss/lib/pk11wrap/pk11load.c +++ b/security/nss/lib/pk11wrap/pk11load.c @@ -55,6 +55,11 @@ static const CK_C_INITIALIZE_ARGS secmodLockFunctions = { CKF_OS_LOCKING_OK ,NULL }; +static const CK_C_INITIALIZE_ARGS secmodNoLockArgs = { + NULL, NULL, NULL, NULL, + CKF_LIBRARY_CANT_CREATE_OS_THREADS + ,NULL +}; static PRBool loadSingleThreadedModules = PR_TRUE; static PRBool enforceAlreadyInitializedError = PR_TRUE; @@ -209,12 +214,18 @@ secmod_ModuleInit(SECMODModule *mod, SECMODModule **reload, return SECFailure; } - if (mod->isThreadSafe == PR_FALSE) { - pInitArgs = NULL; - } else if (mod->libraryParams == NULL) { - pInitArgs = (void *) &secmodLockFunctions; + if (mod->libraryParams == NULL) { + if (mod->isThreadSafe) { + pInitArgs = (void *) &secmodLockFunctions; + } else { + pInitArgs = NULL; + } } else { - moduleArgs = secmodLockFunctions; + if (mod->isThreadSafe) { + moduleArgs = secmodLockFunctions; + } else { + moduleArgs = secmodNoLockArgs; + } moduleArgs.LibraryParameters = (void *) mod->libraryParams; pInitArgs = &moduleArgs; } @@ -251,18 +262,30 @@ secmod_ModuleInit(SECMODModule *mod, SECMODModule **reload, } } if (crv != CKR_OK) { - if (pInitArgs == NULL || + if (!mod->isThreadSafe || crv == CKR_NETSCAPE_CERTDB_FAILED || crv == CKR_NETSCAPE_KEYDB_FAILED) { PORT_SetError(PK11_MapError(crv)); return SECFailure; } + /* If we had attempted to init a single threaded module "with" + * parameters and it failed, should we retry "without" parameters? + * (currently we don't retry in this scenario) */ + if (!loadSingleThreadedModules) { PORT_SetError(SEC_ERROR_INCOMPATIBLE_PKCS11); return SECFailure; } + /* If we arrive here, the module failed a ThreadSafe init. */ mod->isThreadSafe = PR_FALSE; - crv = PK11_GETTAB(mod)->C_Initialize(NULL); + if (!mod->libraryParams) { + pInitArgs = NULL; + } else { + moduleArgs = secmodNoLockArgs; + moduleArgs.LibraryParameters = (void *) mod->libraryParams; + pInitArgs = &moduleArgs; + } + crv = PK11_GETTAB(mod)->C_Initialize(pInitArgs); if ((CKR_CRYPTOKI_ALREADY_INITIALIZED == crv) && (!enforceAlreadyInitializedError)) { *alreadyLoaded = PR_TRUE; diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index 2db8e8e..70802948 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -81,6 +81,9 @@ PK11_DestroyTokenObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object) { * Read in a single attribute into a SECItem. Allocate space for it with * PORT_Alloc unless an arena is supplied. In the latter case use the arena * to allocate the space. + * + * PK11_ReadAttribute sets the 'data' and 'len' fields of the SECItem but + * does not modify its 'type' field. */ SECStatus PK11_ReadAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id, @@ -911,17 +914,11 @@ PK11_Encrypt(PK11SymKey *symKey, return SECSuccess; } -/* - * Now SSL 2.0 uses raw RSA stuff. These next to functions *must* use - * RSA keys, or they'll fail. We do the checks up front. If anyone comes - * up with a meaning for rawdecrypt for any other public key operation, - * then we need to move this check into some of PK11_PubDecrypt callers, - * (namely SSL 2.0). - */ static SECStatus -pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, - unsigned encLen, CK_MECHANISM_PTR mech) +pk11_PrivDecryptRaw(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, unsigned int maxLen, + const unsigned char *enc, unsigned encLen, + CK_MECHANISM_PTR mech) { PK11SlotInfo *slot = key->pkcs11Slot; CK_ULONG out = maxLen; @@ -957,11 +954,12 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, * do C_Login with CKU_CONTEXT_SPECIFIC * between C_DecryptInit and C_Decrypt * ... But see note above about servers */ - if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) { + if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) { PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE); } - crv = PK11_GETTAB(slot)->C_Decrypt(session,enc, encLen, data, &out); + crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen, + data, &out); if (haslock) PK11_ExitSlotMonitor(slot); pk11_CloseSession(slot,session,owner); *outLen = out; @@ -973,41 +971,37 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, } SECStatus -PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, - unsigned encLen) +PK11_PubDecryptRaw(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, unsigned int maxLen, + const unsigned char *enc, unsigned encLen) { CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 }; return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech); } SECStatus -PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, - unsigned encLen) +PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, unsigned int maxLen, + const unsigned char *enc, unsigned encLen) { CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0 }; return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech); } static SECStatus -pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, - CK_MECHANISM_PTR mech, void *wincx) +pk11_PubEncryptRaw(SECKEYPublicKey *key, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *data, unsigned dataLen, + CK_MECHANISM_PTR mech, void *wincx) { PK11SlotInfo *slot; CK_OBJECT_HANDLE id; - CK_ULONG out; + CK_ULONG len = maxLen; PRBool owner = PR_TRUE; CK_SESSION_HANDLE session; CK_RV crv; - if (!key || key->keyType != rsaKey) { - PORT_SetError( SEC_ERROR_BAD_KEY ); - return SECFailure; - } - out = SECKEY_PublicKeyStrength(key); - slot = PK11_GetBestSlotWithAttributes(mech->mechanism,CKF_ENCRYPT,0,wincx); if (slot == NULL) { PORT_SetError( SEC_ERROR_NO_MODULE ); @@ -1032,10 +1026,12 @@ pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, PORT_SetError( PK11_MapError(crv) ); return SECFailure; } - crv = PK11_GETTAB(slot)->C_Encrypt(session,data,dataLen,enc,&out); + crv = PK11_GETTAB(slot)->C_Encrypt(session,(unsigned char *)data,dataLen, + out,&len); if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); pk11_CloseSession(slot,session,owner); PK11_FreeSlot(slot); + *outLen = len; if (crv != CKR_OK) { PORT_SetError( PK11_MapError(crv) ); return SECFailure; @@ -1044,19 +1040,69 @@ pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, } SECStatus -PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx) +PK11_PubEncryptRaw(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx) { CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 }; - return pk11_PubEncryptRaw(key, enc, data, dataLen, &mech, wincx); + unsigned int outLen; + if (!key || key->keyType != rsaKey) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } + outLen = SECKEY_PublicKeyStrength(key); + return pk11_PubEncryptRaw(key, enc, &outLen, outLen, data, dataLen, &mech, + wincx); } SECStatus -PK11_PubEncryptPKCS1(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx) +PK11_PubEncryptPKCS1(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx) { CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0 }; - return pk11_PubEncryptRaw(key, enc, data, dataLen, &mech, wincx); + unsigned int outLen; + if (!key || key->keyType != rsaKey) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } + outLen = SECKEY_PublicKeyStrength(key); + return pk11_PubEncryptRaw(key, enc, &outLen, outLen, data, dataLen, &mech, + wincx); +} + +SECStatus +PK11_PrivDecrypt(SECKEYPrivateKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned encLen) +{ + CK_MECHANISM mech = { mechanism, NULL, 0 }; + if (param) { + mech.pParameter = param->data; + mech.ulParameterLen = param->len; + } + return pk11_PrivDecryptRaw(key, out, outLen, maxLen, enc, encLen, &mech); +} + +SECStatus +PK11_PubEncrypt(SECKEYPublicKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *data, unsigned dataLen, + void *wincx) +{ + CK_MECHANISM mech = { mechanism, NULL, 0 }; + if (param) { + mech.pParameter = param->data; + mech.ulParameterLen = param->len; + } + return pk11_PubEncryptRaw(key, out, outLen, maxLen, data, dataLen, &mech, + wincx); } SECKEYPrivateKey * diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c index 806b387..471e57b 100644 --- a/security/nss/lib/pk11wrap/pk11pk12.c +++ b/security/nss/lib/pk11wrap/pk11pk12.c @@ -18,6 +18,7 @@ #include "secoid.h" #include "secasn1.h" #include "secerr.h" +#include "prerror.h" @@ -516,3 +517,112 @@ PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, } +SECItem * +PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx) +{ + SECKEYPrivateKeyInfo *pki = PK11_ExportPrivKeyInfo(pk, wincx); + SECItem *derPKI; + + if (!pki) { + return NULL; + } + derPKI = SEC_ASN1EncodeItem(NULL, NULL, pki, + SECKEY_PrivateKeyInfoTemplate); + SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE); + return derPKI; +} + +static PRBool +ReadAttribute(SECKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, + PLArenaPool *arena, SECItem *output) +{ + SECStatus rv = PK11_ReadAttribute(key->pkcs11Slot, key->pkcs11ID, type, + arena, output); + return rv == SECSuccess; +} + +/* + * The caller is responsible for freeing the return value by passing it to + * SECKEY_DestroyPrivateKeyInfo(..., PR_TRUE). + */ +SECKEYPrivateKeyInfo * +PK11_ExportPrivKeyInfo(SECKEYPrivateKey *pk, void *wincx) +{ + /* PrivateKeyInfo version (always zero) */ + const unsigned char pkiVersion = 0; + /* RSAPrivateKey version (always zero) */ + const unsigned char rsaVersion = 0; + PLArenaPool *arena = NULL; + SECKEYRawPrivateKey rawKey; + SECKEYPrivateKeyInfo *pki; + SECItem *encoded; + SECStatus rv; + + if (pk->keyType != rsaKey) { + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); + goto loser; + } + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) { + goto loser; + } + memset(&rawKey, 0, sizeof(rawKey)); + rawKey.keyType = pk->keyType; + rawKey.u.rsa.version.type = siUnsignedInteger; + rawKey.u.rsa.version.data = (unsigned char *)PORT_ArenaAlloc(arena, 1); + if (!rawKey.u.rsa.version.data) { + goto loser; + } + rawKey.u.rsa.version.data[0] = rsaVersion; + rawKey.u.rsa.version.len = 1; + + /* Read the component attributes of the private key */ + prepare_rsa_priv_key_export_for_asn1(&rawKey); + if (!ReadAttribute(pk, CKA_MODULUS, arena, &rawKey.u.rsa.modulus) || + !ReadAttribute(pk, CKA_PUBLIC_EXPONENT, arena, + &rawKey.u.rsa.publicExponent) || + !ReadAttribute(pk, CKA_PRIVATE_EXPONENT, arena, + &rawKey.u.rsa.privateExponent) || + !ReadAttribute(pk, CKA_PRIME_1, arena, &rawKey.u.rsa.prime1) || + !ReadAttribute(pk, CKA_PRIME_2, arena, &rawKey.u.rsa.prime2) || + !ReadAttribute(pk, CKA_EXPONENT_1, arena, + &rawKey.u.rsa.exponent1) || + !ReadAttribute(pk, CKA_EXPONENT_2, arena, + &rawKey.u.rsa.exponent2) || + !ReadAttribute(pk, CKA_COEFFICIENT, arena, + &rawKey.u.rsa.coefficient)) { + goto loser; + } + + pki = PORT_ArenaZNew(arena, SECKEYPrivateKeyInfo); + if (!pki) { + goto loser; + } + encoded = SEC_ASN1EncodeItem(arena, &pki->privateKey, &rawKey, + SECKEY_RSAPrivateKeyExportTemplate); + if (!encoded) { + goto loser; + } + rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, + SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); + if (rv != SECSuccess) { + goto loser; + } + pki->version.type = siUnsignedInteger; + pki->version.data = (unsigned char *)PORT_ArenaAlloc(arena, 1); + if (!pki->version.data) { + goto loser; + } + pki->version.data[0] = pkiVersion; + pki->version.len = 1; + pki->arena = arena; + + return pki; + +loser: + if (arena) { + PORT_FreeArena(arena, PR_TRUE); + } + return NULL; +} diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h index 2c08324..f0bf2c8 100644 --- a/security/nss/lib/pk11wrap/pk11pub.h +++ b/security/nss/lib/pk11wrap/pk11pub.h @@ -520,18 +520,38 @@ SECStatus PK11_Encrypt(PK11SymKey *symKey, const unsigned char *data, unsigned int dataLen); /* note: despite the name, this function takes a private key. */ -SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen); +SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned encLen); #define PK11_PrivDecryptRaw PK11_PubDecryptRaw /* The encrypt function that complements the above decrypt function. */ -SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx); - -SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen); +SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx); + +SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned encLen); /* The encrypt function that complements the above decrypt function. */ -SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx); +SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx); + +SECStatus PK11_PrivDecrypt(SECKEYPrivateKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned int encLen); +SECStatus PK11_PubEncrypt(SECKEYPublicKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *data, unsigned int dataLen, + void *wincx); SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, SECItem *nickname, @@ -559,6 +579,9 @@ SECStatus PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *nickname, SECItem *publicValue, PRBool isPerm, PRBool isPrivate, KeyType type, unsigned int usage, SECKEYPrivateKey** privk, void *wincx); +SECItem *PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx); +SECKEYPrivateKeyInfo *PK11_ExportPrivKeyInfo( + SECKEYPrivateKey *pk, void *wincx); SECKEYPrivateKeyInfo *PK11_ExportPrivateKeyInfo( CERTCertificate *cert, void *wincx); SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivKeyInfo( @@ -585,7 +608,7 @@ SECStatus PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey, * The caller of PK11_DEREncodePublicKey should free the returned SECItem with * a SECITEM_FreeItem(..., PR_TRUE) call. */ -SECItem* PK11_DEREncodePublicKey(SECKEYPublicKey *pubk); +SECItem* PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk); PK11SymKey* PK11_CopySymKeyForSigning(PK11SymKey *originalKey, CK_MECHANISM_TYPE mech); SECKEYPrivateKeyList* PK11_ListPrivKeysInSlot(PK11SlotInfo *slot, @@ -770,9 +793,10 @@ PK11_GetPBECryptoMechanism(SECAlgorithmID *algid, /********************************************************************** * Functions to manage secmod flags **********************************************************************/ -PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size); +const PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size); SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *slot, - PK11DefaultArrayEntry *entry, PRBool add); + const PK11DefaultArrayEntry *entry, + PRBool add); /********************************************************************** * Functions to look at PKCS #11 dependent data diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index 4e26e44..4c5b9f1 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -2229,7 +2229,9 @@ PK11_PubDeriveWithKDF(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, return pk11_PubDeriveECKeyWithKDF( privKey, pubKey, isSender, randomA, randomB, derive, target, operation, keySize, kdf, sharedData, wincx); - default: break; + default: + PORT_SetError(SEC_ERROR_BAD_KEY); + break; } return NULL; diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index dede1e2..1f6597b 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -29,9 +29,10 @@ * to make the config files understand more entries, add them * to this table. */ -PK11DefaultArrayEntry PK11_DefaultArray[] = { +const PK11DefaultArrayEntry PK11_DefaultArray[] = { { "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS }, { "DSA", SECMOD_DSA_FLAG, CKM_DSA }, + { "ECC", SECMOD_ECC_FLAG, CKM_ECDSA }, { "DH", SECMOD_DH_FLAG, CKM_DH_PKCS_DERIVE }, { "RC2", SECMOD_RC2_FLAG, CKM_RC2_CBC }, { "RC4", SECMOD_RC4_FLAG, CKM_RC4 }, @@ -56,7 +57,7 @@ PK11DefaultArrayEntry PK11_DefaultArray[] = { const int num_pk11_default_mechanisms = sizeof(PK11_DefaultArray) / sizeof(PK11_DefaultArray[0]); -PK11DefaultArrayEntry * +const PK11DefaultArrayEntry * PK11_GetDefaultArray(int *size) { if (size) { @@ -948,9 +949,10 @@ PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count) * returns: SECSuccess if nothing to do or add/delete is successful */ SECStatus -PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry, - PRBool add) - /* add: PR_TRUE if want to turn on */ +PK11_UpdateSlotAttribute(PK11SlotInfo *slot, + const PK11DefaultArrayEntry *entry, + PRBool add) + /* add: PR_TRUE if want to turn on */ { SECStatus result = SECSuccess; PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism); @@ -1501,6 +1503,12 @@ PK11_GetDisabledReason(PK11SlotInfo *slot) /* returns PR_FALSE otherwise */ PRBool PK11_UserDisableSlot(PK11SlotInfo *slot) { + /* Prevent users from disabling the internal module. */ + if (slot->isInternal) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return PR_FALSE; + } + slot->defaultFlags |= PK11_DISABLE_FLAG; slot->disabled = PR_TRUE; slot->reason = PK11_DIS_USER_SELECTED; diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c index 35cef9e..58ff5da 100644 --- a/security/nss/lib/pk11wrap/pk11util.c +++ b/security/nss/lib/pk11wrap/pk11util.c @@ -27,8 +27,8 @@ static SECMODListLock *moduleLock = NULL; int secmod_PrivateModuleCount = 0; -extern PK11DefaultArrayEntry PK11_DefaultArray[]; -extern int num_pk11_default_mechanisms; +extern const PK11DefaultArrayEntry PK11_DefaultArray[]; +extern const int num_pk11_default_mechanisms; void diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h index 0557334..9cc4cfb 100644 --- a/security/nss/lib/pk11wrap/secmod.h +++ b/security/nss/lib/pk11wrap/secmod.h @@ -28,6 +28,7 @@ #define PUBLIC_MECH_SHA512_FLAG 0x00008000ul #define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul #define PUBLIC_MECH_SEED_FLAG 0x00020000ul +#define PUBLIC_MECH_ECC_FLAG 0x00040000ul #define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul #define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul @@ -138,6 +139,7 @@ PRBool SECMOD_GetDefaultModDBFlag(SECMODModule *mod); /* Functions used to convert between internal & public representation * of Mechanism Flags and Cipher Enable Flags */ extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags); +extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags); extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags); PRBool SECMOD_HasRemovableSlots(SECMODModule *mod); diff --git a/security/nss/lib/pk11wrap/secmodi.h b/security/nss/lib/pk11wrap/secmodi.h index 4a86756..830fb67 100644 --- a/security/nss/lib/pk11wrap/secmodi.h +++ b/security/nss/lib/pk11wrap/secmodi.h @@ -50,7 +50,6 @@ extern SECMODModuleList *SECMOD_DestroyModuleListElement(SECMODModuleList *); extern void SECMOD_DestroyModuleList(SECMODModuleList *); extern SECStatus SECMOD_AddModule(SECMODModule *newModule); -extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags); extern unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags); /* Library functions */ diff --git a/security/nss/lib/pk11wrap/secmodt.h b/security/nss/lib/pk11wrap/secmodt.h index 73d2a7e..33e7f1b 100644 --- a/security/nss/lib/pk11wrap/secmodt.h +++ b/security/nss/lib/pk11wrap/secmodt.h @@ -127,12 +127,12 @@ typedef enum { } PK11CertListType; /* - * Entry into the Array which lists all the legal bits for the default flags - * in the slot, their definition, and the PKCS #11 mechanism the represent - * Always Statically allocated. + * Entry into the array which lists all the legal bits for the default flags + * in the slot, their definition, and the PKCS #11 mechanism they represent. + * Always statically allocated. */ struct PK11DefaultArrayEntryStr { - char *name; + const char *name; unsigned long flag; unsigned long mechanism; /* this is a long so we don't include the * whole pkcs 11 world to use this header */ diff --git a/security/nss/lib/pkcs12/p12creat.c b/security/nss/lib/pkcs12/p12creat.c index 235ddfb..65bf086 100644 --- a/security/nss/lib/pkcs12/p12creat.c +++ b/security/nss/lib/pkcs12/p12creat.c @@ -54,7 +54,7 @@ sec_pkcs12_new_asafe(PLArenaPool *poolp) if(asafe == NULL) goto loser; asafe->poolp = poolp; - PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS7ContentInfo)); + PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS12Baggage_OLD)); PORT_ArenaUnmark(poolp, mark); return asafe; diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c index 826ba6b..0842d8b 100644 --- a/security/nss/lib/pki/tdcache.c +++ b/security/nss/lib/pki/tdcache.c @@ -468,10 +468,10 @@ nssTrustDomain_UpdateCachedTokenCerts ( if (count > 0) { cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1); if (!cached) { + nssList_Destroy(certList); return PR_FAILURE; } nssList_GetArray(certList, (void **)cached, count); - nssList_Destroy(certList); for (cp = cached; *cp; cp++) { nssCryptokiObject *instance; NSSCertificate *c = *cp; @@ -490,6 +490,7 @@ nssTrustDomain_UpdateCachedTokenCerts ( } nssCertificateArray_Destroy(cached); } + nssList_Destroy(certList); return PR_SUCCESS; } diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def index 57c9b1c..a5e1a37 100644 --- a/security/nss/lib/smime/smime.def +++ b/security/nss/lib/smime/smime.def @@ -273,3 +273,9 @@ SEC_PKCS7VerifyDetachedSignatureAtTime; ;+ local: ;+ *; ;+}; +;+NSS_3.16 { # NSS 3.16 release +;+ global: +NSS_CMSSignerInfo_Verify; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/softoken/config.mk b/security/nss/lib/softoken/config.mk index 908d1d9..6058e71 100644 --- a/security/nss/lib/softoken/config.mk +++ b/security/nss/lib/softoken/config.mk @@ -61,7 +61,3 @@ endif ifeq ($(OS_TARGET),AIX) OS_LIBS += -lpthread endif - -ifeq ($(OS_TARGET),SunOS) -OS_LIBS += -lbsm -endif diff --git a/security/nss/lib/softoken/ecdecode.c b/security/nss/lib/softoken/ecdecode.c deleted file mode 100644 index b04d022..0000000 --- a/security/nss/lib/softoken/ecdecode.c +++ /dev/null @@ -1,606 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifdef NSS_ENABLE_ECC - -#include "blapi.h" -#include "secoid.h" -#include "secitem.h" -#include "secerr.h" -#include "ec.h" -#include "ecl-curve.h" - -#define CHECK_OK(func) if (func == NULL) goto cleanup -#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup - -/* - * Initializes a SECItem from a hexadecimal string - * - * Warning: This function ignores leading 00's, so any leading 00's - * in the hexadecimal string must be optional. - */ -static SECItem * -hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str) -{ - int i = 0; - int byteval = 0; - int tmp = PORT_Strlen(str); - - if ((tmp % 2) != 0) return NULL; - - /* skip leading 00's unless the hex string is "00" */ - while ((tmp > 2) && (str[0] == '0') && (str[1] == '0')) { - str += 2; - tmp -= 2; - } - - item->data = (unsigned char *) PORT_ArenaAlloc(arena, tmp/2); - if (item->data == NULL) return NULL; - item->len = tmp/2; - - while (str[i]) { - if ((str[i] >= '0') && (str[i] <= '9')) - tmp = str[i] - '0'; - else if ((str[i] >= 'a') && (str[i] <= 'f')) - tmp = str[i] - 'a' + 10; - else if ((str[i] >= 'A') && (str[i] <= 'F')) - tmp = str[i] - 'A' + 10; - else - return NULL; - - byteval = byteval * 16 + tmp; - if ((i % 2) != 0) { - item->data[i/2] = byteval; - byteval = 0; - } - i++; - } - - return item; -} - -/* Copy all of the fields from srcParams into dstParams - */ -SECStatus -EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, - const ECParams *srcParams) -{ - SECStatus rv = SECFailure; - - dstParams->arena = arena; - dstParams->type = srcParams->type; - dstParams->fieldID.size = srcParams->fieldID.size; - dstParams->fieldID.type = srcParams->fieldID.type; - if (srcParams->fieldID.type == ec_field_GFp) { - CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime, - &srcParams->fieldID.u.prime)); - } else { - CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly, - &srcParams->fieldID.u.poly)); - } - dstParams->fieldID.k1 = srcParams->fieldID.k1; - dstParams->fieldID.k2 = srcParams->fieldID.k2; - dstParams->fieldID.k3 = srcParams->fieldID.k3; - CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a, - &srcParams->curve.a)); - CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b, - &srcParams->curve.b)); - CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed, - &srcParams->curve.seed)); - CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base, - &srcParams->base)); - CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order, - &srcParams->order)); - CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding, - &srcParams->DEREncoding)); - dstParams->name = srcParams->name; - CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID, - &srcParams->curveOID)); - dstParams->cofactor = srcParams->cofactor; - - return SECSuccess; - -cleanup: - return SECFailure; -} - -static SECStatus -gf_populate_params(ECCurveName name, ECFieldType field_type, ECParams *params) -{ - SECStatus rv = SECFailure; - const ECCurveParams *curveParams; - /* 2 ['0'+'4'] + MAX_ECKEY_LEN * 2 [x,y] * 2 [hex string] + 1 ['\0'] */ - char genenc[3 + 2 * 2 * MAX_ECKEY_LEN]; - - if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve)) goto cleanup; - params->name = name; - curveParams = ecCurve_map[params->name]; - CHECK_OK(curveParams); - params->fieldID.size = curveParams->size; - params->fieldID.type = field_type; - if (field_type == ec_field_GFp) { - CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.prime, - curveParams->irr)); - } else { - CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.poly, - curveParams->irr)); - } - CHECK_OK(hexString2SECItem(params->arena, &params->curve.a, - curveParams->curvea)); - CHECK_OK(hexString2SECItem(params->arena, &params->curve.b, - curveParams->curveb)); - genenc[0] = '0'; - genenc[1] = '4'; - genenc[2] = '\0'; - strcat(genenc, curveParams->genx); - strcat(genenc, curveParams->geny); - CHECK_OK(hexString2SECItem(params->arena, &params->base, genenc)); - CHECK_OK(hexString2SECItem(params->arena, &params->order, - curveParams->order)); - params->cofactor = curveParams->cofactor; - - rv = SECSuccess; - -cleanup: - return rv; -} - -SECStatus -EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams, - ECParams *params) -{ - SECStatus rv = SECFailure; - SECOidTag tag; - SECItem oid = { siBuffer, NULL, 0}; - -#if EC_DEBUG - int i; - - printf("Encoded params in EC_DecodeParams: "); - for (i = 0; i < encodedParams->len; i++) { - printf("%02x:", encodedParams->data[i]); - } - printf("\n"); -#endif - - if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) && - (encodedParams->len != SECG_CURVE_OID_TOTAL_LEN)) { - PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); - return SECFailure; - }; - - oid.len = encodedParams->len - 2; - oid.data = encodedParams->data + 2; - if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) || - ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) { - PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); - return SECFailure; - } - - params->arena = arena; - params->cofactor = 0; - params->type = ec_params_named; - params->name = ECCurve_noName; - - /* For named curves, fill out curveOID */ - params->curveOID.len = oid.len; - params->curveOID.data = (unsigned char *) PORT_ArenaAlloc(arena, oid.len); - if (params->curveOID.data == NULL) goto cleanup; - memcpy(params->curveOID.data, oid.data, oid.len); - -#if EC_DEBUG - printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag)); -#endif - - switch (tag) { - - /* Binary curves */ - - case SEC_OID_ANSIX962_EC_C2PNB163V1: - /* Populate params for c2pnb163v1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2PNB163V2: - /* Populate params for c2pnb163v2 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V2, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2PNB163V3: - /* Populate params for c2pnb163v3 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V3, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2PNB176V1: - /* Populate params for c2pnb176v1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB176V1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2TNB191V1: - /* Populate params for c2tnb191v1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2TNB191V2: - /* Populate params for c2tnb191v2 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V2, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2TNB191V3: - /* Populate params for c2tnb191v3 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V3, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2PNB208W1: - /* Populate params for c2pnb208w1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB208W1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2TNB239V1: - /* Populate params for c2tnb239v1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2TNB239V2: - /* Populate params for c2tnb239v2 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V2, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2TNB239V3: - /* Populate params for c2tnb239v3 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V3, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2PNB272W1: - /* Populate params for c2pnb272w1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB272W1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2PNB304W1: - /* Populate params for c2pnb304w1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB304W1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2TNB359V1: - /* Populate params for c2tnb359v1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB359V1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2PNB368W1: - /* Populate params for c2pnb368w1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB368W1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_ANSIX962_EC_C2TNB431R1: - /* Populate params for c2tnb431r1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB431R1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT113R1: - /* Populate params for sect113r1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT113R2: - /* Populate params for sect113r2 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R2, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT131R1: - /* Populate params for sect131r1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT131R2: - /* Populate params for sect131r2 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R2, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT163K1: - /* Populate params for sect163k1 - * (the NIST K-163 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163K1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT163R1: - /* Populate params for sect163r1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT163R2: - /* Populate params for sect163r2 - * (the NIST B-163 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R2, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT193R1: - /* Populate params for sect193r1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT193R2: - /* Populate params for sect193r2 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R2, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT233K1: - /* Populate params for sect233k1 - * (the NIST K-233 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233K1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT233R1: - /* Populate params for sect233r1 - * (the NIST B-233 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233R1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT239K1: - /* Populate params for sect239k1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_239K1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT283K1: - /* Populate params for sect283k1 - * (the NIST K-283 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283K1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT283R1: - /* Populate params for sect283r1 - * (the NIST B-283 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283R1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT409K1: - /* Populate params for sect409k1 - * (the NIST K-409 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409K1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT409R1: - /* Populate params for sect409r1 - * (the NIST B-409 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409R1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT571K1: - /* Populate params for sect571k1 - * (the NIST K-571 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571K1, ec_field_GF2m, - params) ); - break; - - case SEC_OID_SECG_EC_SECT571R1: - /* Populate params for sect571r1 - * (the NIST B-571 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571R1, ec_field_GF2m, - params) ); - break; - - /* Prime curves */ - - case SEC_OID_ANSIX962_EC_PRIME192V1: - /* Populate params for prime192v1 aka secp192r1 - * (the NIST P-192 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V1, ec_field_GFp, - params) ); - break; - - case SEC_OID_ANSIX962_EC_PRIME192V2: - /* Populate params for prime192v2 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V2, ec_field_GFp, - params) ); - break; - - case SEC_OID_ANSIX962_EC_PRIME192V3: - /* Populate params for prime192v3 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V3, ec_field_GFp, - params) ); - break; - - case SEC_OID_ANSIX962_EC_PRIME239V1: - /* Populate params for prime239v1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V1, ec_field_GFp, - params) ); - break; - - case SEC_OID_ANSIX962_EC_PRIME239V2: - /* Populate params for prime239v2 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V2, ec_field_GFp, - params) ); - break; - - case SEC_OID_ANSIX962_EC_PRIME239V3: - /* Populate params for prime239v3 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V3, ec_field_GFp, - params) ); - break; - - case SEC_OID_ANSIX962_EC_PRIME256V1: - /* Populate params for prime256v1 aka secp256r1 - * (the NIST P-256 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_256V1, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP112R1: - /* Populate params for secp112r1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R1, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP112R2: - /* Populate params for secp112r2 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R2, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP128R1: - /* Populate params for secp128r1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R1, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP128R2: - /* Populate params for secp128r2 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R2, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP160K1: - /* Populate params for secp160k1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160K1, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP160R1: - /* Populate params for secp160r1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R1, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP160R2: - /* Populate params for secp160r1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R2, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP192K1: - /* Populate params for secp192k1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_192K1, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP224K1: - /* Populate params for secp224k1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224K1, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP224R1: - /* Populate params for secp224r1 - * (the NIST P-224 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224R1, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP256K1: - /* Populate params for secp256k1 */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_256K1, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP384R1: - /* Populate params for secp384r1 - * (the NIST P-384 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_384R1, ec_field_GFp, - params) ); - break; - - case SEC_OID_SECG_EC_SECP521R1: - /* Populate params for secp521r1 - * (the NIST P-521 curve) - */ - CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_521R1, ec_field_GFp, - params) ); - break; - - default: - break; - }; - -cleanup: - if (!params->cofactor) { - PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); -#if EC_DEBUG - printf("Unrecognized curve, returning NULL params\n"); -#endif - } - - return rv; -} - -SECStatus -EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams) -{ - PLArenaPool *arena; - ECParams *params; - SECStatus rv = SECFailure; - - /* Initialize an arena for the ECParams structure */ - if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE))) - return SECFailure; - - params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams)); - if (!params) { - PORT_FreeArena(arena, PR_TRUE); - return SECFailure; - } - - /* Copy the encoded params */ - SECITEM_AllocItem(arena, &(params->DEREncoding), - encodedParams->len); - memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len); - - /* Fill out the rest of the ECParams structure based on - * the encoded params - */ - rv = EC_FillParams(arena, encodedParams, params); - if (rv == SECFailure) { - PORT_FreeArena(arena, PR_TRUE); - return SECFailure; - } else { - *ecparams = params;; - return SECSuccess; - } -} - -#endif /* NSS_ENABLE_ECC */ diff --git a/security/nss/lib/softoken/fipstest.c b/security/nss/lib/softoken/fipstest.c index 6fc424f..aed33bb 100644 --- a/security/nss/lib/softoken/fipstest.c +++ b/security/nss/lib/softoken/fipstest.c @@ -13,7 +13,7 @@ #include "pkcs11.h" /* Required for PKCS #11. */ #include "secerr.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "ec.h" /* Required for ECDSA */ #endif @@ -1612,7 +1612,7 @@ rsa_loser: return( CKR_DEVICE_ERROR ); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static CK_RV sftk_fips_ECDSA_Test(const PRUint8 *encodedParams, @@ -1795,7 +1795,7 @@ sftk_fips_ECDSA_PowerUpSelfTest() { return( CKR_OK ); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static CK_RV sftk_fips_DSA_PowerUpSelfTest( void ) @@ -2080,7 +2080,7 @@ sftk_fipsPowerUpSelfTest( void ) if( rv != CKR_OK ) return rv; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ECDSA Power-Up SelfTest(s). */ rv = sftk_fips_ECDSA_PowerUpSelfTest(); diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c index 1381e6a..9435e71 100644 --- a/security/nss/lib/softoken/fipstokn.c +++ b/security/nss/lib/softoken/fipstokn.c @@ -33,11 +33,6 @@ #include <unistd.h> #endif -#ifdef SOLARIS -#include <bsm/libbsm.h> -#define AUE_FIPS_AUDIT 34444 -#endif - #ifdef LINUX #include <pthread.h> #include <dlfcn.h> @@ -407,34 +402,6 @@ sftk_LogAuditMessage(NSSAuditSeverity severity, NSSAuditType auditType, PR_smprintf_free(message); } #endif /* LINUX */ -#ifdef SOLARIS - { - int rd; - char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg); - - if (!message) { - return; - } - - /* open the record descriptor */ - if ((rd = au_open()) == -1) { - PR_smprintf_free(message); - return; - } - - /* write the audit tokens to the audit record */ - if (au_write(rd, au_to_text(message))) { - (void)au_close(rd, AU_TO_NO_WRITE, AUE_FIPS_AUDIT); - PR_smprintf_free(message); - return; - } - - /* close the record and send it to the audit trail */ - (void)au_close(rd, AU_TO_WRITE, AUE_FIPS_AUDIT); - - PR_smprintf_free(message); - } -#endif /* SOLARIS */ #else /* do nothing */ #endif diff --git a/security/nss/lib/softoken/legacydb/config.mk b/security/nss/lib/softoken/legacydb/config.mk index 4835ae2..ac7240e 100644 --- a/security/nss/lib/softoken/legacydb/config.mk +++ b/security/nss/lib/softoken/legacydb/config.mk @@ -55,7 +55,3 @@ EXTRA_SHARED_LIBS += \ -lnspr4 \ $(NULL) endif - -ifeq ($(OS_TARGET),SunOS) -OS_LIBS += -lbsm -endif diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c index 4778bfb..085b2be 100644 --- a/security/nss/lib/softoken/legacydb/keydb.c +++ b/security/nss/lib/softoken/legacydb/keydb.c @@ -1143,12 +1143,12 @@ nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cer namekey.data = pubkey->u.dh.publicValue.data; namekey.size = pubkey->u.dh.publicValue.len; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: namekey.data = pubkey->u.ec.publicValue.data; namekey.size = pubkey->u.ec.publicValue.len; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: /* XXX We don't do Fortezza or DH yet. */ return PR_FALSE; @@ -1475,7 +1475,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, SECItem *der_item = NULL; SECItem *cipherText = NULL; SECItem *dummy = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *fordebug = NULL; int savelen; #endif @@ -1555,7 +1555,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, goto loser; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: lg_prepare_low_ec_priv_key_for_asn1(pk); /* Public value is encoded as a bit string so adjust length @@ -1594,7 +1594,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, pk->keyType, fordebug); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: /* We don't support DH or Fortezza private keys yet */ PORT_Assert(PR_FALSE); @@ -1704,7 +1704,7 @@ seckey_decrypt_private_key(SECItem*epki, SECStatus rv = SECFailure; PLArenaPool *temparena = NULL, *permarena = NULL; SECItem *dest = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *fordebug = NULL; #endif @@ -1812,7 +1812,7 @@ seckey_decrypt_private_key(SECItem*epki, lg_nsslowkey_DHPrivateKeyTemplate, &newPrivateKey); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: pk->keyType = NSSLOWKEYECKey; lg_prepare_low_ec_priv_key_for_asn1(pk); @@ -1849,7 +1849,7 @@ seckey_decrypt_private_key(SECItem*epki, } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; break; diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index abdbeff..00a0a74 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -423,11 +423,11 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) { case NSSLOWKEYDHKey: pubItem = &pubKey->u.dh.publicValue; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: pubItem = &pubKey->u.ec.publicValue; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: break; } @@ -551,7 +551,7 @@ lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, return lg_invalidAttribute(attribute); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static CK_RV lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute) @@ -601,7 +601,7 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, } return lg_invalidAttribute(attribute); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static CK_RV @@ -653,10 +653,10 @@ lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type, return lg_FindDSAPublicKeyAttribute(key,type,attribute); case NSSLOWKEYDHKey: return lg_FindDHPublicKeyAttribute(key,type,attribute); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: return lg_FindECPublicKeyAttribute(key,type,attribute); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: break; } @@ -945,7 +945,7 @@ lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, return lg_invalidAttribute(attribute); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static CK_RV lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute, SDB *sdbpw) @@ -983,7 +983,7 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, } return lg_invalidAttribute(attribute); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static CK_RV lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type, @@ -1030,10 +1030,10 @@ lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type, return lg_FindDSAPrivateKeyAttribute(key,type,attribute,obj->sdb); case NSSLOWKEYDHKey: return lg_FindDHPrivateKeyAttribute(key,type,attribute,obj->sdb); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: return lg_FindECPrivateKeyAttribute(key,type,attribute,obj->sdb); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: break; } @@ -1372,7 +1372,7 @@ lg_GetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *templ, { LGObjectCache *obj = lg_NewObjectCache(sdb, NULL, handle & ~LG_TOKEN_MASK); CK_RV crv, crvCollect = CKR_OK; - int i; + unsigned int i; if (obj == NULL) { return CKR_OBJECT_HANDLE_INVALID; @@ -1434,7 +1434,7 @@ lg_tokenMatch(SDB *sdb, const SECItem *dbKey, CK_OBJECT_HANDLE class, { PRBool match = PR_TRUE; LGObjectCache *obj = lg_NewObjectCache(sdb, dbKey, class); - int i; + unsigned int i; if (obj == NULL) { return PR_FALSE; @@ -1758,7 +1758,7 @@ lg_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle, LGObjectCache *obj = lg_NewObjectCache(sdb, NULL, handle & ~LG_TOKEN_MASK); CK_RV crv, crvCollect = CKR_OK; PRBool writePrivate = PR_FALSE; - int i; + unsigned int i; if (obj == NULL) { return CKR_OBJECT_HANDLE_INVALID; diff --git a/security/nss/lib/softoken/legacydb/lgcreate.c b/security/nss/lib/softoken/legacydb/lgcreate.c index ac40031..c5ce99e 100644 --- a/security/nss/lib/softoken/legacydb/lgcreate.c +++ b/security/nss/lib/softoken/legacydb/lgcreate.c @@ -399,10 +399,10 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, NSSLOWKEYPrivateKey *priv; SECItem pubKeySpace = {siBuffer, NULL, 0}; SECItem *pubKey; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem pubKey2Space = {siBuffer, NULL, 0}; PLArenaPool *arena = NULL; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ NSSLOWKEYDBHandle *keyHandle = NULL; @@ -410,11 +410,11 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, case CKK_RSA: pubKeyAttr = CKA_MODULUS; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: pubKeyAttr = CKA_EC_POINT; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case CKK_DSA: case CKK_DH: break; @@ -427,7 +427,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, crv = lg_Attribute2SSecItem(NULL,pubKeyAttr,templ,count,pubKey); if (crv != CKR_OK) return crv; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (key_type == CKK_EC) { SECStatus rv; /* @@ -450,7 +450,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, pubKey = &pubKey2Space; } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ PORT_Assert(pubKey->data); if (pubKey->data == NULL) { @@ -471,7 +471,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, /* make sure the associated private key already exists */ /* only works if we are logged in */ priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /*password*/); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (priv == NULL && pubKey == &pubKey2Space) { /* no match on the decoded key, match the original pubkey */ pubKey = &pubKeySpace; @@ -492,7 +492,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, done: PORT_Free(pubKeySpace.data); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (arena) PORT_FreeArena(arena, PR_FALSE); #endif @@ -599,7 +599,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count, } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: privKey->keyType = NSSLOWKEYECKey; crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS,templ,count, @@ -628,7 +628,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count, NSSLOWKEY_EC_PRIVATE_KEY_VERSION); if (rv != SECSuccess) crv = CKR_HOST_MEMORY; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; diff --git a/security/nss/lib/softoken/legacydb/lgutil.c b/security/nss/lib/softoken/legacydb/lgutil.c index 1b9600f..88e46d6 100644 --- a/security/nss/lib/softoken/legacydb/lgutil.c +++ b/security/nss/lib/softoken/legacydb/lgutil.c @@ -18,7 +18,7 @@ const CK_ATTRIBUTE * lg_FindAttribute(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ, CK_ULONG count ) { - int i; + unsigned int i; for (i=0; i < count; i++) { if (templ[i].type == type) { diff --git a/security/nss/lib/softoken/legacydb/lowcert.c b/security/nss/lib/softoken/legacydb/lowcert.c index f0869db..0b0540b 100644 --- a/security/nss/lib/softoken/legacydb/lowcert.c +++ b/security/nss/lib/softoken/legacydb/lowcert.c @@ -793,7 +793,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert) nsslowcert_DHPublicKeyTemplate, &os); if (rv == SECSuccess) return pubk; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: pubk->keyType = NSSLOWKEYECKey; /* Since PKCS#11 directly takes the DER encoding of EC params @@ -814,7 +814,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert) rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os); if (rv == SECSuccess) return pubk; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; break; diff --git a/security/nss/lib/softoken/legacydb/lowkey.c b/security/nss/lib/softoken/legacydb/lowkey.c index f455cf9..7521dac 100644 --- a/security/nss/lib/softoken/legacydb/lowkey.c +++ b/security/nss/lib/softoken/legacydb/lowkey.c @@ -99,7 +99,7 @@ const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[] = { { 0, } }; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* XXX This is just a placeholder for later when we support * generic curves and need full-blown support for parsing EC @@ -216,7 +216,7 @@ LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams, loser: return SECFailure; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* * See bugzilla bug 125359 * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints, @@ -266,7 +266,7 @@ lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.dh.privateValue.type = siUnsignedInteger; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC void lg_prepare_low_ecparams_for_asn1(ECParams *params) { @@ -283,7 +283,7 @@ lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.ec.privateValue.type = siUnsignedInteger; key->u.ec.publicValue.type = siUnsignedInteger; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ void lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk) @@ -378,7 +378,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey)); @@ -397,7 +397,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* No Fortezza in Low Key implementations (Fortezza keys aren't * stored in our data base */ default: diff --git a/security/nss/lib/softoken/legacydb/lowkeyi.h b/security/nss/lib/softoken/legacydb/lowkeyi.h index 8054cc8..6739888 100644 --- a/security/nss/lib/softoken/legacydb/lowkeyi.h +++ b/security/nss/lib/softoken/legacydb/lowkeyi.h @@ -26,10 +26,10 @@ extern void lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void lg_prepare_low_pqg_params_for_asn1(PQGParams *params); extern void lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern void lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void lg_prepare_low_ecparams_for_asn1(ECParams *params); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion); @@ -135,7 +135,7 @@ extern char * nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle, SECItem *modulus, SDB *sdb); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* * smaller version of EC_FillParams. In this code, we only need * oid and DER data. diff --git a/security/nss/lib/softoken/legacydb/lowkeyti.h b/security/nss/lib/softoken/legacydb/lowkeyti.h index 5be6b0a..47fff7d 100644 --- a/security/nss/lib/softoken/legacydb/lowkeyti.h +++ b/security/nss/lib/softoken/legacydb/lowkeyti.h @@ -43,11 +43,11 @@ extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[]; extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[]; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */ extern const SEC_ASN1Template lg_nsslowkey_ECParamsTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[]; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ extern const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[]; extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[]; diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c index d3c757d..58fe27a 100644 --- a/security/nss/lib/softoken/legacydb/pcertdb.c +++ b/security/nss/lib/softoken/legacydb/pcertdb.c @@ -4598,9 +4598,12 @@ nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, } return (SECSuccess); - -loser: +loser: + if (handle->dbMon) { + PZ_DestroyMonitor(handle->dbMon); + handle->dbMon = NULL; + } PORT_SetError(SEC_ERROR_BAD_DATABASE); return(SECFailure); } diff --git a/security/nss/lib/softoken/legacydb/pcertt.h b/security/nss/lib/softoken/legacydb/pcertt.h index b4c9128..fd5e17c 100644 --- a/security/nss/lib/softoken/legacydb/pcertt.h +++ b/security/nss/lib/softoken/legacydb/pcertt.h @@ -397,18 +397,18 @@ typedef union { #define DB_CERT_ENTRY_HEADER_LEN 10 /* common flags for all types of certificates */ -#define CERTDB_TERMINAL_RECORD (1<<0) -#define CERTDB_TRUSTED (1<<1) -#define CERTDB_SEND_WARN (1<<2) -#define CERTDB_VALID_CA (1<<3) -#define CERTDB_TRUSTED_CA (1<<4) /* trusted for issuing server certs */ -#define CERTDB_NS_TRUSTED_CA (1<<5) -#define CERTDB_USER (1<<6) -#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */ -#define CERTDB_INVISIBLE_CA (1<<8) /* don't show in UI */ -#define CERTDB_GOVT_APPROVED_CA (1<<9) /* can do strong crypto in export ver */ -#define CERTDB_MUST_VERIFY (1<<10) /* explicitly don't trust this cert */ -#define CERTDB_TRUSTED_UNKNOWN (1<<11) /* accept trust from another source */ +#define CERTDB_TERMINAL_RECORD (1u<<0) +#define CERTDB_TRUSTED (1u<<1) +#define CERTDB_SEND_WARN (1u<<2) +#define CERTDB_VALID_CA (1u<<3) +#define CERTDB_TRUSTED_CA (1u<<4) /* trusted for issuing server certs */ +#define CERTDB_NS_TRUSTED_CA (1u<<5) +#define CERTDB_USER (1u<<6) +#define CERTDB_TRUSTED_CLIENT_CA (1u<<7) /* trusted for issuing client certs */ +#define CERTDB_INVISIBLE_CA (1u<<8) /* don't show in UI */ +#define CERTDB_GOVT_APPROVED_CA (1u<<9) /* can do strong crypto in export ver */ +#define CERTDB_MUST_VERIFY (1u<<10) /* explicitly don't trust this cert */ +#define CERTDB_TRUSTED_UNKNOWN (1u<<11) /* accept trust from another source */ /* bits not affected by the CKO_NETSCAPE_TRUST object */ #define CERTDB_PRESERVE_TRUST_BITS (CERTDB_USER | \ diff --git a/security/nss/lib/softoken/lowkey.c b/security/nss/lib/softoken/lowkey.c index d7f9713..d043342 100644 --- a/security/nss/lib/softoken/lowkey.c +++ b/security/nss/lib/softoken/lowkey.c @@ -9,7 +9,7 @@ #include "secasn1.h" #include "secerr.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "softoken.h" #endif @@ -91,7 +91,7 @@ const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = { { 0, } }; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* XXX This is just a placeholder for later when we support * generic curves and need full-blown support for parsing EC @@ -140,7 +140,7 @@ const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = { SEC_ASN1_SUB(SEC_BitStringTemplate) }, { 0, } }; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* * See bugzilla bug 125359 * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints, @@ -196,7 +196,7 @@ prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.dh.privateValue.type = siUnsignedInteger; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC void prepare_low_ecparams_for_asn1(ECParams *params) { @@ -213,7 +213,7 @@ prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.ec.privateValue.type = siUnsignedInteger; key->u.ec.publicValue.type = siUnsignedInteger; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ void nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk) @@ -341,7 +341,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey)); @@ -360,7 +360,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* No Fortezza in Low Key implementations (Fortezza keys aren't * stored in our data base */ default: @@ -459,7 +459,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey) &(privKey->u.dh.base)); if(rv != SECSuccess) break; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version), &(privKey->u.ec.version)); @@ -476,7 +476,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey) &(privKey->u.ec.ecParams)); if (rv != SECSuccess) break; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; } diff --git a/security/nss/lib/softoken/lowkeyi.h b/security/nss/lib/softoken/lowkeyi.h index 1420abb..7282ffe 100644 --- a/security/nss/lib/softoken/lowkeyi.h +++ b/security/nss/lib/softoken/lowkeyi.h @@ -25,10 +25,10 @@ extern void prepare_low_pqg_params_for_asn1(PQGParams *params); extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key); extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void prepare_low_ecparams_for_asn1(ECParams *params); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* ** Destroy a private key object. diff --git a/security/nss/lib/softoken/lowkeyti.h b/security/nss/lib/softoken/lowkeyti.h index 76c15aa..a4c94d8 100644 --- a/security/nss/lib/softoken/lowkeyti.h +++ b/security/nss/lib/softoken/lowkeyti.h @@ -20,11 +20,11 @@ extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[]; extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[]; extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[]; extern const SEC_ASN1Template nsslowkey_DHPrivateKeyExportTemplate[]; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */ extern const SEC_ASN1Template nsslowkey_ECParamsTemplate[]; extern const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[]; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ extern const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[]; extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[]; diff --git a/security/nss/lib/softoken/manifest.mn b/security/nss/lib/softoken/manifest.mn index 71c99b7..2f43bb3 100644 --- a/security/nss/lib/softoken/manifest.mn +++ b/security/nss/lib/softoken/manifest.mn @@ -33,7 +33,6 @@ PRIVATE_EXPORTS = \ $(NULL) CSRCS = \ - ecdecode.c \ fipsaudt.c \ fipstest.c \ fipstokn.c \ diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 50a0109..6fa4e4e 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -266,6 +266,8 @@ static const struct mechanismList mechanisms[] = { CKF_DUZ_IT_ALL}, PR_TRUE}, {CKM_RSA_PKCS_PSS, {RSA_MIN_MODULUS_BITS,CK_MAX, CKF_SN_VR}, PR_TRUE}, + {CKM_RSA_PKCS_OAEP, {RSA_MIN_MODULUS_BITS,CK_MAX, + CKF_EN_DE_WR_UN}, PR_TRUE}, #ifdef SFTK_RSA9796_SUPPORTED {CKM_RSA_9796, {RSA_MIN_MODULUS_BITS,CK_MAX, CKF_DUZ_IT_ALL}, PR_TRUE}, @@ -302,7 +304,7 @@ static const struct mechanismList mechanisms[] = { CKF_GENERATE_KEY_PAIR}, PR_TRUE}, {CKM_DH_PKCS_DERIVE, {DH_MIN_P_BITS, DH_MAX_P_BITS, CKF_DERIVE}, PR_TRUE}, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* -------------------- Elliptic Curve Operations --------------------- */ {CKM_EC_KEY_PAIR_GEN, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_GENERATE_KEY_PAIR|CKF_EC_BPNU}, PR_TRUE}, @@ -312,7 +314,7 @@ static const struct mechanismList mechanisms[] = { CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, {CKM_ECDSA_SHA1, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* ------------------------- RC2 Operations --------------------------- */ {CKM_RC2_KEY_GEN, {1, 128, CKF_GENERATE}, PR_TRUE}, {CKM_RC2_ECB, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE}, @@ -927,7 +929,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object, recover = CK_FALSE; wrap = CK_FALSE; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { return CKR_TEMPLATE_INCOMPLETE; @@ -941,7 +943,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object, recover = CK_FALSE; wrap = CK_FALSE; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: return CKR_ATTRIBUTE_VALUE_INVALID; } @@ -987,7 +989,7 @@ static NSSLOWKEYPrivateKey * sftk_mkPrivKey(SFTKObject *object,CK_KEY_TYPE key, CK_RV *rvp); static SECStatus -sftk_fillRSAPrivateKey(SFTKObject *object); +sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded); /* * check the consistancy and initialize a Private Key Object @@ -1003,12 +1005,14 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE CK_BBOOL derive = CK_TRUE; CK_BBOOL ckfalse = CK_FALSE; PRBool createObjectInfo = PR_TRUE; + PRBool fillPrivateKey = PR_FALSE; int missing_rsa_mod_component = 0; int missing_rsa_exp_component = 0; int missing_rsa_crt_component = 0; - + SECItem mod; CK_RV crv; + SECStatus rv; switch (key_type) { case CKK_RSA: @@ -1043,19 +1047,19 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE int have_exp = 2- missing_rsa_exp_component; int have_component = 5- (missing_rsa_exp_component+missing_rsa_mod_component); - SECStatus rv; if ((have_exp == 0) || (have_component < 3)) { /* nope, not enough to reconstruct the private key */ return CKR_TEMPLATE_INCOMPLETE; } - /*fill in the missing parameters */ - rv = sftk_fillRSAPrivateKey(object); - if (rv != SECSuccess) { + fillPrivateKey = PR_TRUE; + } + /*verify the parameters for consistency*/ + rv = sftk_verifyRSAPrivateKey(object, fillPrivateKey); + if (rv != SECSuccess) { return CKR_TEMPLATE_INCOMPLETE; - } } - + /* make sure Netscape DB attribute is set correctly */ crv = sftk_Attribute2SSecItem(NULL, &mod, object, CKA_MODULUS); if (crv != CKR_OK) return crv; @@ -1088,7 +1092,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE recover = CK_FALSE; wrap = CK_FALSE; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { return CKR_TEMPLATE_INCOMPLETE; @@ -1101,11 +1105,11 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE recover = CK_FALSE; wrap = CK_FALSE; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case CKK_NSS_JPAKE_ROUND1: - if (!sftk_hasAttribute(object, CKA_PRIME || + if (!sftk_hasAttribute(object, CKA_PRIME) || !sftk_hasAttribute(object, CKA_SUBPRIME) || - !sftk_hasAttribute(object, CKA_BASE))) { + !sftk_hasAttribute(object, CKA_BASE)) { return CKR_TEMPLATE_INCOMPLETE; } /* fall through */ @@ -1149,7 +1153,6 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE if (sftk_isTrue(object,CKA_TOKEN)) { SFTKSlot *slot = session->slot; SFTKDBHandle *keyHandle = sftk_getKeyDB(slot); - CK_RV crv; if (keyHandle == NULL) { return CKR_TOKEN_WRITE_PROTECTED; @@ -1708,7 +1711,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue, object,CKA_VALUE); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: pubKey->keyType = NSSLOWKEYECKey; crv = sftk_Attribute2SSecItem(arena, @@ -1768,7 +1771,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = CKR_ATTRIBUTE_VALUE_INVALID; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -1877,7 +1880,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) * if we don't set it explicitly */ break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: privKey->keyType = NSSLOWKEYECKey; crv = sftk_Attribute2SSecItem(arena, @@ -1919,7 +1922,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) #endif } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; @@ -1940,10 +1943,11 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) } /* - * we have a partial rsa private key, fill in the rest + * If a partial RSA private key is present, fill in the rest if necessary, + * and then verify the parameters are well-formed */ static SECStatus -sftk_fillRSAPrivateKey(SFTKObject *object) +sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded) { RSAPrivateKey tmpKey = { 0 }; SFTKAttribute *modulus = NULL; @@ -1951,6 +1955,9 @@ sftk_fillRSAPrivateKey(SFTKObject *object) SFTKAttribute *prime2 = NULL; SFTKAttribute *privateExponent = NULL; SFTKAttribute *publicExponent = NULL; + SFTKAttribute *exponent1 = NULL; + SFTKAttribute *exponent2 = NULL; + SFTKAttribute *coefficient = NULL; SECStatus rv; CK_RV crv; @@ -1981,44 +1988,82 @@ sftk_fillRSAPrivateKey(SFTKObject *object) if (publicExponent) { tmpKey.publicExponent.data = publicExponent->attrib.pValue; tmpKey.publicExponent.len = publicExponent->attrib.ulValueLen; - } + } + exponent1 = sftk_FindAttribute(object, CKA_EXPONENT_1); + if (exponent1) { + tmpKey.exponent1.data = exponent1->attrib.pValue; + tmpKey.exponent1.len = exponent1->attrib.ulValueLen; + } + exponent2 = sftk_FindAttribute(object, CKA_EXPONENT_2); + if (exponent2) { + tmpKey.exponent2.data = exponent2->attrib.pValue; + tmpKey.exponent2.len = exponent2->attrib.ulValueLen; + } + coefficient = sftk_FindAttribute(object, CKA_COEFFICIENT); + if (coefficient) { + tmpKey.coefficient.data = coefficient->attrib.pValue; + tmpKey.coefficient.len = coefficient->attrib.ulValueLen; + } - /* - * populate requires one exponent plus 2 other components to work. - * we expected our caller to check that first. If that didn't happen, - * populate will simply return an error here. - */ - rv = RSA_PopulatePrivateKey(&tmpKey); + if (fillIfNeeded) { + /* + * populate requires one exponent plus 2 other components to work. + * we expected our caller to check that first. If that didn't happen, + * populate will simply return an error here. + */ + rv = RSA_PopulatePrivateKey(&tmpKey); + if (rv != SECSuccess) { + goto loser; + } + } + rv = RSA_PrivateKeyCheck(&tmpKey); if (rv != SECSuccess) { goto loser; } - /* now that we have a fully populated key, set all our attribute values */ rv = SECFailure; - crv = sftk_forceAttribute(object,CKA_MODULUS, - sftk_item_expand(&tmpKey.modulus)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PUBLIC_EXPONENT, - sftk_item_expand(&tmpKey.publicExponent)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PRIVATE_EXPONENT, - sftk_item_expand(&tmpKey.privateExponent)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PRIME_1, - sftk_item_expand(&tmpKey.prime1)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PRIME_2, - sftk_item_expand(&tmpKey.prime2)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_EXPONENT_1, - sftk_item_expand(&tmpKey.exponent1)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_EXPONENT_2, - sftk_item_expand(&tmpKey.exponent2)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_COEFFICIENT, - sftk_item_expand(&tmpKey.coefficient)); - if (crv != CKR_OK) goto loser; + if (!modulus || modulus->attrib.pValue != tmpKey.modulus.data) { + crv = sftk_forceAttribute(object,CKA_MODULUS, + sftk_item_expand(&tmpKey.modulus)); + if (crv != CKR_OK) goto loser; + } + if (!publicExponent || + publicExponent->attrib.pValue != tmpKey.publicExponent.data) { + crv = sftk_forceAttribute(object, CKA_PUBLIC_EXPONENT, + sftk_item_expand(&tmpKey.publicExponent)); + if (crv != CKR_OK) goto loser; + } + if (!privateExponent || + privateExponent->attrib.pValue != tmpKey.privateExponent.data) { + crv = sftk_forceAttribute(object, CKA_PRIVATE_EXPONENT, + sftk_item_expand(&tmpKey.privateExponent)); + if (crv != CKR_OK) goto loser; + } + if (!prime1 || prime1->attrib.pValue != tmpKey.prime1.data) { + crv = sftk_forceAttribute(object, CKA_PRIME_1, + sftk_item_expand(&tmpKey.prime1)); + if (crv != CKR_OK) goto loser; + } + if (!prime2 || prime2->attrib.pValue != tmpKey.prime2.data) { + crv = sftk_forceAttribute(object, CKA_PRIME_2, + sftk_item_expand(&tmpKey.prime2)); + if (crv != CKR_OK) goto loser; + } + if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { + crv = sftk_forceAttribute(object, CKA_EXPONENT_1, + sftk_item_expand(&tmpKey.exponent1)); + if (crv != CKR_OK) goto loser; + } + if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) { + crv = sftk_forceAttribute(object, CKA_EXPONENT_2, + sftk_item_expand(&tmpKey.exponent2)); + if (crv != CKR_OK) goto loser; + } + if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) { + crv = sftk_forceAttribute(object, CKA_COEFFICIENT, + sftk_item_expand(&tmpKey.coefficient)); + if (crv != CKR_OK) goto loser; + } rv = SECSuccess; /* we're done (one way or the other), clean up all our stuff */ @@ -2041,15 +2086,18 @@ loser: if (publicExponent) { sftk_FreeAttribute(publicExponent); } + if (exponent1) { + sftk_FreeAttribute(exponent1); + } + if (exponent2) { + sftk_FreeAttribute(exponent2); + } + if (coefficient) { + sftk_FreeAttribute(coefficient); + } return rv; } - - - - - - /* Generate a low private key structure from an object */ NSSLOWKEYPrivateKey * sftk_GetPrivKey(SFTKObject *object,CK_KEY_TYPE key_type, CK_RV *crvp) @@ -3128,9 +3176,6 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) if (slot == NULL) return CKR_SLOT_ID_INVALID; - pInfo->firmwareVersion.major = 0; - pInfo->firmwareVersion.minor = 0; - PORT_Memcpy(pInfo->manufacturerID,manufacturerID, sizeof(pInfo->manufacturerID)); PORT_Memcpy(pInfo->slotDescription,slot->slotDescription, @@ -3157,6 +3202,8 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) /* pInfo->hardwareVersion.major = NSSLOWKEY_DB_FILE_VERSION; */ pInfo->hardwareVersion.major = SOFTOKEN_VMAJOR; pInfo->hardwareVersion.minor = SOFTOKEN_VMINOR; + pInfo->firmwareVersion.major = SOFTOKEN_VPATCH; + pInfo->firmwareVersion.minor = SOFTOKEN_VBUILD; return CKR_OK; } diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 8093dca..8f50882 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -62,7 +62,7 @@ static void sftk_Null(void *data, PRBool freeit) return; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifdef EC_DEBUG #define SEC_PRINT(str1, str2, num, sitem) \ printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \ @@ -74,7 +74,7 @@ static void sftk_Null(void *data, PRBool freeit) #else #define SEC_PRINT(a, b, c, d) #endif -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* * free routines.... Free local type allocated data, and convert @@ -120,7 +120,7 @@ sftk_MapCryptError(int error) return CKR_KEY_SIZE_RANGE; /* the closest error code */ case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM: return CKR_TEMPLATE_INCONSISTENT; - /* EC functions set this error if NSS_ENABLE_ECC is not defined */ + /* EC functions set this error if NSS_DISABLE_ECC is defined */ case SEC_ERROR_UNSUPPORTED_KEYALG: return CKR_MECHANISM_INVALID; case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE: @@ -302,6 +302,46 @@ GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech) } } +/* + * Returns true if "params" contains a valid set of PSS parameters + */ +static PRBool +sftk_ValidatePssParams(const CK_RSA_PKCS_PSS_PARAMS *params) +{ + if (!params) { + return PR_FALSE; + } + if (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL || + GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) { + return PR_FALSE; + } + return PR_TRUE; +} + +/* + * Returns true if "params" contains a valid set of OAEP parameters + */ +static PRBool +sftk_ValidateOaepParams(const CK_RSA_PKCS_OAEP_PARAMS *params) +{ + if (!params) { + return PR_FALSE; + } + /* The requirements of ulSourceLen/pSourceData come from PKCS #11, which + * state: + * If the parameter is empty, pSourceData must be NULL and + * ulSourceDataLen must be zero. + */ + if (params->source != CKZ_DATA_SPECIFIED || + (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL) || + (GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) || + (params->ulSourceDataLen == 0 && params->pSourceData != NULL) || + (params->ulSourceDataLen != 0 && params->pSourceData == NULL)) { + return PR_FALSE; + } + return PR_TRUE; +} + /* * return a context based on the SFTKContext type. */ @@ -588,11 +628,6 @@ sftk_RSAEncryptOAEP(SFTKOAEPEncryptInfo *info, unsigned char *output, hashAlg = GetHashTypeFromMechanism(info->params->hashAlg); maskHashAlg = GetHashTypeFromMechanism(info->params->mgf); - if (info->params->source != CKZ_DATA_SPECIFIED) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; - } - return RSA_EncryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg, (const unsigned char*)info->params->pSourceData, info->params->ulSourceDataLen, NULL, 0, @@ -617,11 +652,6 @@ sftk_RSADecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, hashAlg = GetHashTypeFromMechanism(info->params->hashAlg); maskHashAlg = GetHashTypeFromMechanism(info->params->mgf); - if (info->params->source != CKZ_DATA_SPECIFIED) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; - } - rv = RSA_DecryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg, (const unsigned char*)info->params->pSourceData, info->params->ulSourceDataLen, @@ -710,19 +740,18 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, } context->destroy = sftk_Null; break; -/* XXX: Disabled until unit tests land. case CKM_RSA_PKCS_OAEP: if (key_type != CKK_RSA) { crv = CKR_KEY_TYPE_INCONSISTENT; break; } - context->multi = PR_FALSE; - context->rsa = PR_TRUE; - if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS)) { + if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS) || + !sftk_ValidateOaepParams((CK_RSA_PKCS_OAEP_PARAMS*)pMechanism->pParameter)) { crv = CKR_MECHANISM_PARAM_INVALID; break; } - /\* XXX: Need Parameter validation here *\/ + context->multi = PR_FALSE; + context->rsa = PR_TRUE; if (isEncrypt) { SFTKOAEPEncryptInfo *info = PORT_New(SFTKOAEPEncryptInfo); if (info == NULL) { @@ -758,7 +787,6 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, } context->destroy = (SFTKDestroy) sftk_Space; break; -*/ case CKM_RC2_CBC_PAD: context->doPad = PR_TRUE; /* fall thru */ @@ -2242,7 +2270,7 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, return rv; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static SECStatus nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, void *dataBuf, unsigned int dataLen) @@ -2277,7 +2305,7 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf, *sigLen = signature.len; return rv; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* NSC_SignInit setups up the signing operations. There are three basic * types of signing: @@ -2386,7 +2414,8 @@ finish_rsa: break; } context->rsa = PR_TRUE; - if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) { + if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) || + !sftk_ValidatePssParams((const CK_RSA_PKCS_PSS_PARAMS*)pMechanism->pParameter)) { crv = CKR_MECHANISM_PARAM_INVALID; break; } @@ -2429,7 +2458,7 @@ finish_rsa: break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_ECDSA_SHA1: context->multi = PR_TRUE; crv = sftk_doSubSHA1(context); @@ -2452,7 +2481,7 @@ finish_rsa: context->maxLen = MAX_ECKEY_LEN * 2; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ #define INIT_HMAC_MECH(mmm) \ case CKM_ ## mmm ## _HMAC_GENERAL: \ @@ -3023,7 +3052,8 @@ finish_rsa: break; } context->rsa = PR_TRUE; - if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) { + if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) || + !sftk_ValidatePssParams((const CK_RSA_PKCS_PSS_PARAMS*)pMechanism->pParameter)) { crv = CKR_MECHANISM_PARAM_INVALID; break; } @@ -3060,7 +3090,7 @@ finish_rsa: context->verify = (SFTKVerify) nsc_DSA_Verify_Stub; context->destroy = sftk_Null; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_ECDSA_SHA1: context->multi = PR_TRUE; crv = sftk_doSubSHA1(context); @@ -3080,7 +3110,7 @@ finish_rsa: context->verify = (SFTKVerify) nsc_ECDSAVerifyStub; context->destroy = sftk_Null; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ INIT_HMAC_MECH(MD2) INIT_HMAC_MECH(MD5) @@ -3906,6 +3936,7 @@ jpake1: } if (sftk_isTrue(key, CKA_TOKEN)) { crv = CKR_TEMPLATE_INCONSISTENT; + break; } crv = CKR_OK; break; @@ -4208,7 +4239,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, pairwise_digest_length = subPrimeLen; mech.mechanism = CKM_DSA; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: signature_length = MAX_ECKEY_LEN * 2; mech.mechanism = CKM_ECDSA; @@ -4331,12 +4362,12 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, int private_value_bits = 0; DHPrivateKey * dhPriv; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Elliptic Curve Cryptography */ SECItem ecEncodedParams; /* DER Encoded parameters */ ECPrivateKey * ecPriv; ECParams * ecParams; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ CHECK_FORK(); @@ -4666,7 +4697,7 @@ dhgn_done: PORT_FreeArena(dhPriv->arena, PR_TRUE); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_EC_KEY_PAIR_GEN: sftk_DeleteAttributeType(privateKey,CKA_EC_PARAMS); sftk_DeleteAttributeType(privateKey,CKA_VALUE); @@ -4729,7 +4760,7 @@ ecgn_done: /* should zeroize, since this function doesn't. */ PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_MECHANISM_INVALID; @@ -4849,7 +4880,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) void *dummy, *param = NULL; SECStatus rv = SECSuccess; SECItem *encodedKey = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *fordebug; int savelen; #endif @@ -4904,7 +4935,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PQGParamsTemplate); algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: prepare_low_ec_priv_key_for_asn1(lk); /* Public value is encoded as a bit string so adjust length @@ -4931,7 +4962,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case NSSLOWKEYDHKey: default: dummy = NULL; @@ -4964,7 +4995,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PrivateKeyInfoTemplate); *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC fordebug = encodedKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, fordebug); @@ -5190,7 +5221,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params); break; /* case NSSLOWKEYDHKey: */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: keyTemplate = nsslowkey_ECPrivateKeyTemplate; paramTemplate = NULL; @@ -5199,7 +5230,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) prepare_low_ec_priv_key_for_asn1(lpk); prepare_low_ecparams_for_asn1(&lpk->u.ec.ecParams); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: keyTemplate = NULL; paramTemplate = NULL; @@ -5214,7 +5245,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) /* decode the private key and any algorithm parameters */ rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (lpk->keyType == NSSLOWKEYECKey) { /* convert length in bits to length in bytes */ lpk->u.ec.publicValue.len >>= 3; @@ -5225,7 +5256,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) goto loser; } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if(rv != SECSuccess) { goto loser; @@ -5320,7 +5351,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) break; #endif /* what about fortezza??? */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: keyType = CKK_EC; crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : @@ -5346,7 +5377,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) if(crv != CKR_OK) break; /* XXX Do we need to decode the EC Params here ?? */ break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -5656,6 +5687,7 @@ sftk_MapKeySize(CK_KEY_TYPE keyType) return 0; } +#ifndef NSS_DISABLE_ECC /* Inputs: * key_len: Length of derived key to be generated. * SharedSecret: a shared secret that is the output of a key agreement primitive. @@ -5674,12 +5706,13 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte unsigned char *buffer = NULL, *output_buffer = NULL; PRUint32 buffer_len, max_counter, i; SECStatus rv; + CK_RV crv; /* Check that key_len isn't too long. The maximum key length could be * greatly increased if the code below did not limit the 4-byte counter * to a maximum value of 255. */ if (key_len > 254 * HashLen) - return SEC_ERROR_INVALID_ARGS; + return CKR_ARGUMENTS_BAD; if (SharedInfo == NULL) SharedInfoLen = 0; @@ -5687,7 +5720,7 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte buffer_len = SharedSecret->len + 4 + SharedInfoLen; buffer = (CK_BYTE *)PORT_Alloc(buffer_len); if (buffer == NULL) { - rv = SEC_ERROR_NO_MEMORY; + crv = CKR_HOST_MEMORY; goto loser; } @@ -5697,7 +5730,7 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte output_buffer = (CK_BYTE *)PORT_Alloc(max_counter * HashLen); if (output_buffer == NULL) { - rv = SEC_ERROR_NO_MEMORY; + crv = CKR_HOST_MEMORY; goto loser; } @@ -5714,8 +5747,11 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte for(i=0; i < max_counter; i++) { rv = Hash(&output_buffer[i * HashLen], buffer, buffer_len); - if (rv != SECSuccess) + if (rv != SECSuccess) { + /* 'Hash' should not fail. */ + crv = CKR_FUNCTION_FAILED; goto loser; + } /* Increment counter (assumes max_counter < 255) */ buffer[SharedSecret->len + 3]++; @@ -5727,7 +5763,7 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte } *key = output_buffer; - return SECSuccess; + return CKR_OK; loser: if (buffer) { @@ -5736,7 +5772,7 @@ static CK_RV sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECIte if (output_buffer) { PORT_ZFree(output_buffer, max_counter * HashLen); } - return rv; + return crv; } static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, @@ -5760,8 +5796,9 @@ static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInfo, SharedInfoLen, SHA512_HashBuf, SHA512_LENGTH); else - return SEC_ERROR_INVALID_ALGORITHM; + return CKR_MECHANISM_INVALID; } +#endif /* NSS_DISABLE_ECC */ /* * SSL Key generation given pre master secret @@ -6707,7 +6744,7 @@ key_and_mac_derive_fail: break; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_ECDH1_DERIVE: case CKM_ECDH1_COFACTOR_DERIVE: { @@ -6813,12 +6850,11 @@ key_and_mac_derive_fail: secretlen = tmp.len; } else { secretlen = keySize; - rv = sftk_ANSI_X9_63_kdf(&secret, keySize, + crv = sftk_ANSI_X9_63_kdf(&secret, keySize, &tmp, mechParams->pSharedData, mechParams->ulSharedDataLen, mechParams->kdf); PORT_ZFree(tmp.data, tmp.len); - if (rv != SECSuccess) { - crv = CKR_HOST_MEMORY; + if (crv != CKR_OK) { break; } tmp.data = secret; @@ -6866,7 +6902,7 @@ ec_loser: break; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* See RFC 5869 and CK_NSS_HKDFParams for documentation. */ case CKM_NSS_HKDF_SHA1: hashType = HASH_AlgSHA1; goto hkdf; diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index 770fb0e..78e2fdc 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -1246,7 +1246,7 @@ static const CK_ATTRIBUTE_TYPE dhPubKeyAttrs[] = { }; static const CK_ULONG dhPubKeyAttrsCount = sizeof(dhPubKeyAttrs)/sizeof(dhPubKeyAttrs[0]); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static const CK_ATTRIBUTE_TYPE ecPubKeyAttrs[] = { CKA_EC_PARAMS, CKA_EC_POINT }; @@ -1279,7 +1279,7 @@ static const CK_ATTRIBUTE_TYPE dhPrivKeyAttrs[] = { }; static const CK_ULONG dhPrivKeyAttrsCount = sizeof(dhPrivKeyAttrs)/sizeof(dhPrivKeyAttrs[0]); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static const CK_ATTRIBUTE_TYPE ecPrivKeyAttrs[] = { CKA_EC_PARAMS, CKA_VALUE }; @@ -1390,7 +1390,7 @@ stfk_CopyTokenPrivateKey(SFTKObject *destObject,SFTKTokenObject *src_to) crv = stfk_CopyTokenAttributes(destObject, src_to, dhPrivKeyAttrs, dhPrivKeyAttrsCount); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: crv = stfk_CopyTokenAttributes(destObject, src_to, ecPrivKeyAttrs, ecPrivKeyAttrsCount); @@ -1452,7 +1452,7 @@ stfk_CopyTokenPublicKey(SFTKObject *destObject,SFTKTokenObject *src_to) crv = stfk_CopyTokenAttributes(destObject, src_to, dhPubKeyAttrs, dhPubKeyAttrsCount); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: crv = stfk_CopyTokenAttributes(destObject, src_to, ecPubKeyAttrs, ecPubKeyAttrsCount); diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c index e93c662..ffb221b 100644 --- a/security/nss/lib/softoken/sdb.c +++ b/security/nss/lib/softoken/sdb.c @@ -2012,7 +2012,17 @@ s_open(const char *directory, const char *certPrefix, const char *keyPrefix, /* how long does it take to test for a non-existant file in our working * directory? Allows us to test if we may be on a network file system */ - accessOps = sdb_measureAccess(directory); + accessOps = 1; + { + char *env; + env = PR_GetEnv("NSS_SDB_USE_CACHE"); + /* If the environment variable is set to yes or no, sdb_init() will + * ignore the value of accessOps, and we can skip the measuring.*/ + if (!env || ((PORT_Strcasecmp(env, "no") != 0) && + (PORT_Strcasecmp(env, "yes") != 0))){ + accessOps = sdb_measureAccess(directory); + } + } /* * open the cert data base diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 8bcc948..eb8f06a 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -8,7 +8,7 @@ #ifndef _SOFTKVER_H_ #define _SOFTKVER_H_ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifdef NSS_ECC_MORE_THAN_SUITE_B #define SOFTOKEN_ECC_STRING " Extended ECC" #else @@ -25,10 +25,10 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]" */ -#define SOFTOKEN_VERSION "3.15.4" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.16.2" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 15 -#define SOFTOKEN_VPATCH 4 +#define SOFTOKEN_VMINOR 16 +#define SOFTOKEN_VPATCH 2 #define SOFTOKEN_VBUILD 0 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/softoken/softoken.h b/security/nss/lib/softoken/softoken.h index f8606da..fbd00b6 100644 --- a/security/nss/lib/softoken/softoken.h +++ b/security/nss/lib/softoken/softoken.h @@ -35,19 +35,6 @@ RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, const unsigned char *sig, unsigned int sigLen, const unsigned char *hash, unsigned int hashLen); -#ifdef NSS_ENABLE_ECC -/* -** pepare an ECParam structure from DEREncoded params - */ -extern SECStatus EC_FillParams(PLArenaPool *arena, - const SECItem *encodedParams, ECParams *params); -extern SECStatus EC_DecodeParams(const SECItem *encodedParams, - ECParams **ecparams); -extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, - const ECParams *srcParams); -#endif - - /* ** Prepare a buffer for padded CBC encryption, growing to the appropriate ** boundary, filling with the appropriate padding. diff --git a/security/nss/lib/sqlite/config.mk b/security/nss/lib/sqlite/config.mk index c7b93ed..b0e9390 100644 --- a/security/nss/lib/sqlite/config.mk +++ b/security/nss/lib/sqlite/config.mk @@ -22,10 +22,6 @@ OPTIMIZER= endif endif -ifeq ($(OS_TARGET),SunOS) -OS_LIBS += -lbsm -endif - ifeq ($(OS_TARGET),Darwin) # These version numbers come from the -version-info 8:6:8 libtool option in # sqlite upstream's Makefile.in. (Given -version-info current:revision:age, diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h index c14d5d8..bbe2bd9 100644 --- a/security/nss/lib/ssl/SSLerrs.h +++ b/security/nss/lib/ssl/SSLerrs.h @@ -412,3 +412,9 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127), ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128), "Incorrect signature algorithm specified in a digitally-signed element.") + +ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129), +"The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.") + +ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130), +"The server supports no protocols that the client advertises in the ALPN extension.") diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c index 35cfe25..b7c38c3 100644 --- a/security/nss/lib/ssl/derive.c +++ b/security/nss/lib/ssl/derive.c @@ -617,7 +617,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, PRBool testrsa_export = PR_FALSE; PRBool testecdh = PR_FALSE; PRBool testecdhe = PR_FALSE; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECKEYECParams ecParams = { siBuffer, NULL, 0 }; #endif @@ -634,7 +634,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, rv = SECFailure; /* determine which KEAs to test */ - /* 0 (SSL_NULL_WITH_NULL_NULL) is used as a list terminator because + /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because * SSL3 and TLS specs forbid negotiating that cipher suite number. */ for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) { @@ -647,8 +647,8 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, switch (csdef.cipherSuite) { case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA: case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA: - case SSL_RSA_EXPORT_WITH_RC4_40_MD5: - case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: + case TLS_RSA_EXPORT_WITH_RC4_40_MD5: + case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: testrsa_export = PR_TRUE; } if (!testrsa_export) @@ -755,7 +755,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, if (enc_pms.data != NULL) { SECITEM_FreeItem(&enc_pms, PR_FALSE); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC for (; (privKeytype == ecKey && ( testecdh || testecdhe)) || (privKeytype == rsaKey && testecdhe); ) { CK_MECHANISM_TYPE target; @@ -859,7 +859,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, PORT_Free(ecParams.data); ecParams.data = NULL; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if (pms) PK11_FreeSymKey(pms); } @@ -877,12 +877,12 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, if (enc_pms.data != NULL) { SECITEM_FreeItem(&enc_pms, PR_FALSE); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (ecParams.data != NULL) { PORT_Free(ecParams.data); ecParams.data = NULL; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if (srvPubkey) { SECKEY_DestroyPublicKey(srvPubkey); diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c index 78371e6..4e38461 100644 --- a/security/nss/lib/ssl/dtlscon.c +++ b/security/nss/lib/ssl/dtlscon.c @@ -30,19 +30,19 @@ static const PRUint16 COMMON_MTU_VALUES[] = { /* List copied from ssl3con.c:cipherSuites */ static const ssl3CipherSuite nonDTLSSuites[] = { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ TLS_DHE_DSS_WITH_RC4_128_SHA, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ - SSL_RSA_WITH_RC4_128_MD5, - SSL_RSA_WITH_RC4_128_SHA, +#endif /* NSS_DISABLE_ECC */ + TLS_RSA_WITH_RC4_128_MD5, + TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC4_40_MD5, 0 /* End of list marker */ }; @@ -51,16 +51,21 @@ static const ssl3CipherSuite nonDTLSSuites[] = { * * TLS DTLS * 1.1 (0302) 1.0 (feff) + * 1.2 (0303) 1.2 (fefd) */ SSL3ProtocolVersion dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv) { - /* Anything other than TLS 1.1 is an error, so return - * the invalid version ffff. */ - if (tlsv != SSL_LIBRARY_VERSION_TLS_1_1) - return 0xffff; + if (tlsv == SSL_LIBRARY_VERSION_TLS_1_1) { + return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE; + } + if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) { + return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE; + } - return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE; + /* Anything other than TLS 1.1 or 1.2 is an error, so return + * the invalid version 0xffff. */ + return 0xffff; } /* Map known DTLS versions to known TLS versions. @@ -71,14 +76,18 @@ SSL3ProtocolVersion dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv) { if (MSB(dtlsv) == 0xff) { - return 0; + return 0; } - if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) - return SSL_LIBRARY_VERSION_TLS_1_1; + if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) { + return SSL_LIBRARY_VERSION_TLS_1_1; + } + if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) { + return SSL_LIBRARY_VERSION_TLS_1_2; + } /* Return a fictional higher version than we know of */ - return SSL_LIBRARY_VERSION_TLS_1_1 + 1; + return SSL_LIBRARY_VERSION_TLS_1_2 + 1; } /* On this socket, Disable non-DTLS cipher suites in the argument's list */ @@ -88,9 +97,9 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) const ssl3CipherSuite * suite; for (suite = nonDTLSSuites; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); + SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_Assert(rv == SECSuccess); /* else is coding error */ } return SECSuccess; } @@ -101,17 +110,17 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) */ static DTLSQueuedMessage * dtls_AllocQueuedMessage(PRUint16 epoch, SSL3ContentType type, - const unsigned char *data, PRUint32 len) + const unsigned char *data, PRUint32 len) { DTLSQueuedMessage *msg = NULL; msg = PORT_ZAlloc(sizeof(DTLSQueuedMessage)); if (!msg) - return NULL; + return NULL; msg->data = PORT_Alloc(len); if (!msg->data) { - PORT_Free(msg); + PORT_Free(msg); return NULL; } PORT_Memcpy(msg->data, data, len); @@ -132,7 +141,7 @@ static void dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg) { if (!msg) - return; + return; PORT_ZFree(msg->data, msg->len); PORT_Free(msg); @@ -151,9 +160,9 @@ dtls_FreeHandshakeMessages(PRCList *list) PRCList *cur_p; while (!PR_CLIST_IS_EMPTY(list)) { - cur_p = PR_LIST_TAIL(list); - PR_REMOVE_LINK(cur_p); - dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p); + cur_p = PR_LIST_TAIL(list); + PR_REMOVE_LINK(cur_p); + dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p); } } @@ -204,18 +213,18 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) } /* Parse the header */ - type = buf.buf[0]; + type = buf.buf[0]; message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3]; message_seq = (buf.buf[4] << 8) | buf.buf[5]; fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8]; fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11]; - -#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ - if (message_length > MAX_HANDSHAKE_MSG_LEN) { - (void)ssl3_DecodeError(ss); - PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); - return SECFailure; - } + +#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ + if (message_length > MAX_HANDSHAKE_MSG_LEN) { + (void)ssl3_DecodeError(ss); + PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); + return SECFailure; + } #undef MAX_HANDSHAKE_MSG_LEN buf.buf += 12; @@ -229,7 +238,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) } /* Sanity check the packet contents */ - if ((fragment_length + fragment_offset) > message_length) { + if ((fragment_length + fragment_offset) > message_length) { PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); rv = SECFailure; break; @@ -245,8 +254,8 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * This is the common case for short messages */ if ((message_seq == ss->ssl3.hs.recvMessageSeq) - && (fragment_offset == 0) - && (fragment_length == message_length)) { + && (fragment_offset == 0) + && (fragment_length == message_length)) { /* Complete next message. Process immediately */ ss->ssl3.hs.msg_type = (SSL3HandshakeType)type; ss->ssl3.hs.msg_len = message_length; @@ -254,14 +263,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) /* At this point we are advancing our state machine, so * we can free our last flight of messages */ dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight); - ss->ssl3.hs.recvdHighWater = -1; - dtls_CancelTimer(ss); + ss->ssl3.hs.recvdHighWater = -1; + dtls_CancelTimer(ss); - /* Reset the timer to the initial value if the retry counter - * is 0, per Sec. 4.2.4.1 */ - if (ss->ssl3.hs.rtRetries == 0) { - ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; - } + /* Reset the timer to the initial value if the retry counter + * is 0, per Sec. 4.2.4.1 */ + if (ss->ssl3.hs.rtRetries == 0) { + ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; + } rv = ssl3_HandleHandshakeMessage(ss, buf.buf, ss->ssl3.hs.msg_len); if (rv == SECFailure) { @@ -269,68 +278,68 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) break; } } else { - if (message_seq < ss->ssl3.hs.recvMessageSeq) { - /* Case 3: we do an immediate retransmit if we're - * in a waiting state*/ - if (ss->ssl3.hs.rtTimerCb == NULL) { - /* Ignore */ - } else if (ss->ssl3.hs.rtTimerCb == - dtls_RetransmitTimerExpiredCb) { - SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected", - SSL_GETPID(), ss->fd)); - /* Check to see if we retransmitted recently. If so, - * suppress the triggered retransmit. This avoids - * retransmit wars after packet loss. - * This is not in RFC 5346 but should be - */ - if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) > - (ss->ssl3.hs.rtTimeoutMs / 4)) { - SSL_TRC(30, - ("%d: SSL3[%d]: Shortcutting retransmit timer", + if (message_seq < ss->ssl3.hs.recvMessageSeq) { + /* Case 3: we do an immediate retransmit if we're + * in a waiting state*/ + if (ss->ssl3.hs.rtTimerCb == NULL) { + /* Ignore */ + } else if (ss->ssl3.hs.rtTimerCb == + dtls_RetransmitTimerExpiredCb) { + SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected", + SSL_GETPID(), ss->fd)); + /* Check to see if we retransmitted recently. If so, + * suppress the triggered retransmit. This avoids + * retransmit wars after packet loss. + * This is not in RFC 5346 but should be + */ + if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) > + (ss->ssl3.hs.rtTimeoutMs / 4)) { + SSL_TRC(30, + ("%d: SSL3[%d]: Shortcutting retransmit timer", SSL_GETPID(), ss->fd)); - /* Cancel the timer and call the CB, - * which re-arms the timer */ - dtls_CancelTimer(ss); - dtls_RetransmitTimerExpiredCb(ss); - rv = SECSuccess; - break; - } else { - SSL_TRC(30, - ("%d: SSL3[%d]: We just retransmitted. Ignoring.", + /* Cancel the timer and call the CB, + * which re-arms the timer */ + dtls_CancelTimer(ss); + dtls_RetransmitTimerExpiredCb(ss); + rv = SECSuccess; + break; + } else { + SSL_TRC(30, + ("%d: SSL3[%d]: We just retransmitted. Ignoring.", SSL_GETPID(), ss->fd)); - rv = SECSuccess; - break; - } - } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) { - /* Retransmit the messages and re-arm the timer - * Note that we are not backing off the timer here. - * The spec isn't clear and my reasoning is that this - * may be a re-ordered packet rather than slowness, - * so let's be aggressive. */ - dtls_CancelTimer(ss); - rv = dtls_TransmitMessageFlight(ss); - if (rv == SECSuccess) { - rv = dtls_StartTimer(ss, dtls_FinishedTimerCb); - } - if (rv != SECSuccess) - return rv; - break; - } - } else if (message_seq > ss->ssl3.hs.recvMessageSeq) { - /* Case 2 + rv = SECSuccess; + break; + } + } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) { + /* Retransmit the messages and re-arm the timer + * Note that we are not backing off the timer here. + * The spec isn't clear and my reasoning is that this + * may be a re-ordered packet rather than slowness, + * so let's be aggressive. */ + dtls_CancelTimer(ss); + rv = dtls_TransmitMessageFlight(ss); + if (rv == SECSuccess) { + rv = dtls_StartTimer(ss, dtls_FinishedTimerCb); + } + if (rv != SECSuccess) + return rv; + break; + } + } else if (message_seq > ss->ssl3.hs.recvMessageSeq) { + /* Case 2 * - * Ignore this message. This means we don't handle out of - * order complete messages that well, but we're still - * compliant and this probably does not happen often + * Ignore this message. This means we don't handle out of + * order complete messages that well, but we're still + * compliant and this probably does not happen often * - * XXX OK for now. Maybe do something smarter at some point? - */ - } else { - /* Case 1 + * XXX OK for now. Maybe do something smarter at some point? + */ + } else { + /* Case 1 * - * Buffer the fragment for reassembly - */ + * Buffer the fragment for reassembly + */ /* Make room for the message */ if (ss->ssl3.hs.recvdHighWater == -1) { PRUint32 map_length = OFFSET_BYTE(message_length) + 1; @@ -347,8 +356,8 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) /* Reset the reassembly map */ ss->ssl3.hs.recvdHighWater = 0; PORT_Memset(ss->ssl3.hs.recvdFragments.buf, 0, - ss->ssl3.hs.recvdFragments.space); - ss->ssl3.hs.msg_type = (SSL3HandshakeType)type; + ss->ssl3.hs.recvdFragments.space); + ss->ssl3.hs.msg_type = (SSL3HandshakeType)type; ss->ssl3.hs.msg_len = message_length; } @@ -381,7 +390,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * case of adjacent fragments received in sequence */ if (fragment_offset <= ss->ssl3.hs.recvdHighWater) { - /* Either this is the adjacent fragment or an overlapping + /* Either this is the adjacent fragment or an overlapping * fragment */ ss->ssl3.hs.recvdHighWater = fragment_offset + fragment_length; @@ -397,9 +406,9 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) /* Now figure out the new high water mark if appropriate */ for (offset = ss->ssl3.hs.recvdHighWater; offset < ss->ssl3.hs.msg_len; offset++) { - /* Note that this loop is not efficient, since it counts - * bit by bit. If we have a lot of out-of-order packets, - * we should optimize this */ + /* Note that this loop is not efficient, since it counts + * bit by bit. If we have a lot of out-of-order packets, + * we should optimize this */ if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] & OFFSET_MASK(offset)) { ss->ssl3.hs.recvdHighWater++; @@ -418,25 +427,25 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) if (rv == SECFailure) break; /* Skip rest of record */ - /* At this point we are advancing our state machine, so - * we can free our last flight of messages */ - dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight); - dtls_CancelTimer(ss); + /* At this point we are advancing our state machine, so + * we can free our last flight of messages */ + dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight); + dtls_CancelTimer(ss); - /* If there have been no retries this time, reset the - * timer value to the default per Section 4.2.4.1 */ - if (ss->ssl3.hs.rtRetries == 0) { - ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; - } + /* If there have been no retries this time, reset the + * timer value to the default per Section 4.2.4.1 */ + if (ss->ssl3.hs.rtRetries == 0) { + ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; + } } } } - buf.buf += fragment_length; + buf.buf += fragment_length; buf.len -= fragment_length; } - origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */ + origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */ /* XXX OK for now. In future handle rv == SECWouldBlock safely in order * to deal with asynchronous certificate verification */ @@ -461,10 +470,10 @@ SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, msg = dtls_AllocQueuedMessage(ss->ssl3.cwSpec->epoch, type, pIn, nIn); if (!msg) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - rv = SECFailure; + PORT_SetError(SEC_ERROR_NO_MEMORY); + rv = SECFailure; } else { - PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight); + PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight); } return rv; @@ -490,7 +499,7 @@ dtls_StageHandshakeMessage(sslSocket *ss) /* This function is sometimes called when no data is actually to * be staged, so just return SECSuccess. */ if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len) - return rv; + return rv; rv = dtls_QueueMessage(ss, content_handshake, ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len); @@ -522,11 +531,11 @@ dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) rv = dtls_TransmitMessageFlight(ss); if (rv != SECSuccess) return rv; - - if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) { - ss->ssl3.hs.rtRetries = 0; - rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb); - } + + if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) { + ss->ssl3.hs.rtRetries = 0; + rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb); + } } return rv; @@ -546,22 +555,22 @@ dtls_RetransmitTimerExpiredCb(sslSocket *ss) ss->ssl3.hs.rtRetries++; if (!(ss->ssl3.hs.rtRetries % 3)) { - /* If one of the messages was potentially greater than > MTU, - * then downgrade. Do this every time we have retransmitted a - * message twice, per RFC 6347 Sec. 4.1.1 */ - dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1); + /* If one of the messages was potentially greater than > MTU, + * then downgrade. Do this every time we have retransmitted a + * message twice, per RFC 6347 Sec. 4.1.1 */ + dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1); } - + rv = dtls_TransmitMessageFlight(ss); if (rv == SECSuccess) { - /* Re-arm the timer */ - rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb); + /* Re-arm the timer */ + rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb); } if (rv == SECFailure) { - /* XXX OK for now. In future maybe signal the stack that we couldn't - * transmit. For now, let the read handle any real network errors */ + /* XXX OK for now. In future maybe signal the stack that we couldn't + * transmit. For now, let the read handle any real network errors */ } } @@ -591,87 +600,87 @@ dtls_TransmitMessageFlight(sslSocket *ss) */ PORT_Assert(!ss->pendingBuf.len); for (msg_p = PR_LIST_HEAD(&ss->ssl3.hs.lastMessageFlight); - msg_p != &ss->ssl3.hs.lastMessageFlight; - msg_p = PR_NEXT_LINK(msg_p)) { + msg_p != &ss->ssl3.hs.lastMessageFlight; + msg_p = PR_NEXT_LINK(msg_p)) { DTLSQueuedMessage *msg = (DTLSQueuedMessage *)msg_p; /* The logic here is: * - * 1. If this is a message that will not fit into the remaining - * space, then flush. - * 2. If the message will now fit into the remaining space, + * 1. If this is a message that will not fit into the remaining + * space, then flush. + * 2. If the message will now fit into the remaining space, * encrypt, buffer, and loop. * 3. If the message will not fit, then fragment. * - * At the end of the function, flush. + * At the end of the function, flush. */ if ((msg->len + SSL3_BUFFER_FUDGE) > room_left) { - /* The message will not fit into the remaining space, so flush */ - rv = dtls_SendSavedWriteData(ss); - if (rv != SECSuccess) - break; + /* The message will not fit into the remaining space, so flush */ + rv = dtls_SendSavedWriteData(ss); + if (rv != SECSuccess) + break; room_left = ss->ssl3.mtu; - } + } if ((msg->len + SSL3_BUFFER_FUDGE) <= room_left) { /* The message will fit, so encrypt and then continue with the - * next packet */ + * next packet */ sent = ssl3_SendRecord(ss, msg->epoch, msg->type, - msg->data, msg->len, - ssl_SEND_FLAG_FORCE_INTO_BUFFER | - ssl_SEND_FLAG_USE_EPOCH); + msg->data, msg->len, + ssl_SEND_FLAG_FORCE_INTO_BUFFER | + ssl_SEND_FLAG_USE_EPOCH); if (sent != msg->len) { - rv = SECFailure; - if (sent != -1) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - } + rv = SECFailure; + if (sent != -1) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + } break; - } + } room_left = ss->ssl3.mtu - ss->pendingBuf.len; } else { /* The message will not fit, so fragment. * - * XXX OK for now. Arrange to coalesce the last fragment - * of this message with the next message if possible. - * That would be more efficient. - */ + * XXX OK for now. Arrange to coalesce the last fragment + * of this message with the next message if possible. + * That would be more efficient. + */ PRUint32 fragment_offset = 0; unsigned char fragment[DTLS_MAX_MTU]; /* >= than largest * plausible MTU */ - /* Assert that we have already flushed */ - PORT_Assert(room_left == ss->ssl3.mtu); + /* Assert that we have already flushed */ + PORT_Assert(room_left == ss->ssl3.mtu); /* Case 3: We now need to fragment this message * DTLS only supports fragmenting handshaking messages */ PORT_Assert(msg->type == content_handshake); - /* The headers consume 12 bytes so the smalles possible - * message (i.e., an empty one) is 12 bytes - */ - PORT_Assert(msg->len >= 12); + /* The headers consume 12 bytes so the smalles possible + * message (i.e., an empty one) is 12 bytes + */ + PORT_Assert(msg->len >= 12); while ((fragment_offset + 12) < msg->len) { PRUint32 fragment_len; const unsigned char *content = msg->data + 12; PRUint32 content_len = msg->len - 12; - /* The reason we use 8 here is that that's the length of - * the new DTLS data that we add to the header */ + /* The reason we use 8 here is that that's the length of + * the new DTLS data that we add to the header */ fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8), content_len - fragment_offset); - PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); - /* Make totally sure that we are within the buffer. - * Note that the only way that fragment len could get - * adjusted here is if + PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); + /* Make totally sure that we are within the buffer. + * Note that the only way that fragment len could get + * adjusted here is if * - * (a) we are in release mode so the PORT_Assert is compiled out - * (b) either the MTU table is inconsistent with DTLS_MAX_MTU - * or ss->ssl3.mtu has become corrupt. - */ - fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12); + * (a) we are in release mode so the PORT_Assert is compiled out + * (b) either the MTU table is inconsistent with DTLS_MAX_MTU + * or ss->ssl3.mtu has become corrupt. + */ + fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12); /* Construct an appropriate-sized fragment */ /* Type, length, sequence */ @@ -691,25 +700,25 @@ dtls_TransmitMessageFlight(sslSocket *ss) fragment_len); /* - * Send the record. We do this in two stages - * 1. Encrypt - */ + * Send the record. We do this in two stages + * 1. Encrypt + */ sent = ssl3_SendRecord(ss, msg->epoch, msg->type, fragment, fragment_len + 12, ssl_SEND_FLAG_FORCE_INTO_BUFFER | - ssl_SEND_FLAG_USE_EPOCH); + ssl_SEND_FLAG_USE_EPOCH); if (sent != (fragment_len + 12)) { - rv = SECFailure; - if (sent != -1) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - } - break; - } - - /* 2. Flush */ - rv = dtls_SendSavedWriteData(ss); - if (rv != SECSuccess) - break; + rv = SECFailure; + if (sent != -1) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + } + break; + } + + /* 2. Flush */ + rv = dtls_SendSavedWriteData(ss); + if (rv != SECSuccess) + break; fragment_offset += fragment_len; } @@ -718,7 +727,7 @@ dtls_TransmitMessageFlight(sslSocket *ss) /* Finally, we need to flush */ if (rv == SECSuccess) - rv = dtls_SendSavedWriteData(ss); + rv = dtls_SendSavedWriteData(ss); /* Give up the locks */ ssl_ReleaseSpecReadLock(ss); @@ -740,19 +749,19 @@ SECStatus dtls_SendSavedWriteData(sslSocket *ss) sent = ssl_SendSavedWriteData(ss); if (sent < 0) - return SECFailure; + return SECFailure; /* We should always have complete writes b/c datagram sockets * don't really block */ if (ss->pendingBuf.len > 0) { - ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE); - return SECFailure; + ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE); + return SECFailure; } /* Update the largest message sent so we can adjust the MTU * estimate if necessary */ if (sent > ss->ssl3.hs.maxMessageSent) - ss->ssl3.hs.maxMessageSent = sent; + ss->ssl3.hs.maxMessageSent = sent; return SECSuccess; } @@ -767,16 +776,16 @@ SECStatus dtls_SendSavedWriteData(sslSocket *ss) SECStatus dtls_CompressMACEncryptRecord(sslSocket * ss, DTLSEpoch epoch, - PRBool use_epoch, + PRBool use_epoch, SSL3ContentType type, - const SSL3Opaque * pIn, - PRUint32 contentLen, - sslBuffer * wrBuf) + const SSL3Opaque * pIn, + PRUint32 contentLen, + sslBuffer * wrBuf) { SECStatus rv = SECFailure; ssl3CipherSpec * cwSpec; - ssl_GetSpecReadLock(ss); /********************************/ + ssl_GetSpecReadLock(ss); /********************************/ /* The reason for this switch-hitting code is that we might have * a flight of records spanning an epoch boundary, e.g., @@ -789,23 +798,23 @@ dtls_CompressMACEncryptRecord(sslSocket * ss, * about which epoch to use is carried with the record. */ if (use_epoch) { - if (ss->ssl3.cwSpec->epoch == epoch) - cwSpec = ss->ssl3.cwSpec; - else if (ss->ssl3.pwSpec->epoch == epoch) - cwSpec = ss->ssl3.pwSpec; - else - cwSpec = NULL; + if (ss->ssl3.cwSpec->epoch == epoch) + cwSpec = ss->ssl3.cwSpec; + else if (ss->ssl3.pwSpec->epoch == epoch) + cwSpec = ss->ssl3.pwSpec; + else + cwSpec = NULL; } else { - cwSpec = ss->ssl3.cwSpec; + cwSpec = ss->ssl3.cwSpec; } if (cwSpec) { rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE, - PR_FALSE, type, pIn, contentLen, - wrBuf); + PR_FALSE, type, pIn, contentLen, + wrBuf); } else { PR_NOT_REACHED("Couldn't find a cipher spec matching epoch"); - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } ssl_ReleaseSpecReadLock(ss); /************************************/ @@ -838,9 +847,9 @@ SECStatus dtls_RestartTimer(sslSocket *ss, PRBool backoff, DTLSTimerCb cb) { if (backoff) { - ss->ssl3.hs.rtTimeoutMs *= 2; - if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS) - ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS; + ss->ssl3.hs.rtTimeoutMs *= 2; + if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS) + ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS; } return dtls_StartTimer(ss, cb); @@ -868,18 +877,18 @@ void dtls_CheckTimer(sslSocket *ss) { if (!ss->ssl3.hs.rtTimerCb) - return; + return; if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) > - PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) { - /* Timer has expired */ - DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb; - - /* Cancel the timer so that we can call the CB safely */ - dtls_CancelTimer(ss); - - /* Now call the CB */ - cb(ss); + PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) { + /* Timer has expired */ + DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb; + + /* Cancel the timer so that we can call the CB safely */ + dtls_CancelTimer(ss); + + /* Now call the CB */ + cb(ss); } } @@ -928,17 +937,17 @@ dtls_SetMTU(sslSocket *ss, PRUint16 advertised) int i; if (advertised == 0) { - ss->ssl3.mtu = COMMON_MTU_VALUES[0]; - SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); - return; + ss->ssl3.mtu = COMMON_MTU_VALUES[0]; + SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); + return; } - + for (i = 0; i < PR_ARRAY_SIZE(COMMON_MTU_VALUES); i++) { - if (COMMON_MTU_VALUES[i] <= advertised) { - ss->ssl3.mtu = COMMON_MTU_VALUES[i]; - SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); - return; - } + if (COMMON_MTU_VALUES[i] <= advertised) { + ss->ssl3.mtu = COMMON_MTU_VALUES[i]; + SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); + return; + } } /* Fallback */ @@ -953,57 +962,57 @@ dtls_SetMTU(sslSocket *ss, PRUint16 advertised) SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) { - int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST; + int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST; SECStatus rv; PRInt32 temp; SECItem cookie = {siBuffer, NULL, 0}; SSL3AlertDescription desc = illegal_parameter; SSL_TRC(3, ("%d: SSL3[%d]: handle hello_verify_request handshake", - SSL_GETPID(), ss->fd)); + SSL_GETPID(), ss->fd)); PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss)); PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); if (ss->ssl3.hs.ws != wait_server_hello) { errCode = SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST; - desc = unexpected_message; - goto alert_loser; + desc = unexpected_message; + goto alert_loser; } /* The version */ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); if (temp < 0) { - goto loser; /* alert has been sent */ + goto loser; /* alert has been sent */ } - if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) { - /* Note: this will need adjustment for DTLS 1.2 per Section 4.2.1 */ - goto alert_loser; + if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE && + temp != SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) { + goto alert_loser; } /* The cookie */ rv = ssl3_ConsumeHandshakeVariable(ss, &cookie, 1, &b, &length); if (rv != SECSuccess) { - goto loser; /* alert has been sent */ + goto loser; /* alert has been sent */ } if (cookie.len > DTLS_COOKIE_BYTES) { - desc = decode_error; - goto alert_loser; /* malformed. */ + desc = decode_error; + goto alert_loser; /* malformed. */ } PORT_Memcpy(ss->ssl3.hs.cookie, cookie.data, cookie.len); ss->ssl3.hs.cookieLen = cookie.len; - ssl_GetXmitBufLock(ss); /*******************************/ + ssl_GetXmitBufLock(ss); /*******************************/ /* Now re-send the client hello */ rv = ssl3_SendClientHello(ss, PR_TRUE); - ssl_ReleaseXmitBufLock(ss); /*******************************/ + ssl_ReleaseXmitBufLock(ss); /*******************************/ if (rv == SECSuccess) - return rv; + return rv; alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); @@ -1042,14 +1051,14 @@ dtls_RecordGetRecvd(DTLSRecvdRecords *records, PRUint64 seq) /* Out of range to the left */ if (seq < records->left) { - return -1; + return -1; } /* Out of range to the right; since we advance the window on * receipt, that means that this packet has not been received * yet */ if (seq > records->right) - return 0; + return 0; offset = seq % DTLS_RECVD_RECORDS_WINDOW; @@ -1066,34 +1075,34 @@ dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq) PRUint64 offset; if (seq < records->left) - return; + return; if (seq > records->right) { - PRUint64 new_left; - PRUint64 new_right; - PRUint64 right; + PRUint64 new_left; + PRUint64 new_right; + PRUint64 right; - /* Slide to the right; this is the tricky part + /* Slide to the right; this is the tricky part * - * 1. new_top is set to have room for seq, on the - * next byte boundary by setting the right 8 - * bits of seq + * 1. new_top is set to have room for seq, on the + * next byte boundary by setting the right 8 + * bits of seq * 2. new_left is set to compensate. * 3. Zero all bits between top and new_top. Since * this is a ring, this zeroes everything as-yet - * unseen. Because we always operate on byte - * boundaries, we can zero one byte at a time - */ - new_right = seq | 0x07; - new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1; - - for (right = records->right + 8; right <= new_right; right += 8) { - offset = right % DTLS_RECVD_RECORDS_WINDOW; - records->data[offset / 8] = 0; - } - - records->right = new_right; - records->left = new_left; + * unseen. Because we always operate on byte + * boundaries, we can zero one byte at a time + */ + new_right = seq | 0x07; + new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1; + + for (right = records->right + 8; right <= new_right; right += 8) { + offset = right % DTLS_RECVD_RECORDS_WINDOW; + records->data[offset / 8] = 0; + } + + records->right = new_right; + records->left = new_left; } offset = seq % DTLS_RECVD_RECORDS_WINDOW; diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index 79987e6..35418e3 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -162,6 +162,26 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); #define SSL_CBC_RANDOM_IV 23 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ +/* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial + * handshake when application layer protocol negotiation is used. + * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the + * application layer protocol negotiation; otherwise, the NPN extension will + * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this + * may change in future versions. + */ +#define SSL_ENABLE_NPN 25 + +/* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the + * initial handshake when application layer protocol negotiation is used. + * SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control + * the application layer protocol negotiation; otherwise, the ALPN extension + * will not be negotiated. ALPN is not negotiated for renegotiation handshakes, + * even though the ALPN specification defines a way to use ALPN during + * renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this + * may change in future versions. + */ +#define SSL_ENABLE_ALPN 26 + #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); @@ -206,6 +226,16 @@ SSL_IMPORT SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd, * protocol in server-preference order. If no matching protocol is found it * selects the first supported protocol. * + * Using this function also allows the client to transparently support ALPN. + * The same set of protocols will be advertised via ALPN and, if the server + * uses ALPN to select a protocol, SSL_GetNextProto will return + * SSL_NEXT_PROTO_SELECTED as the state. + * + * Since NPN uses the first protocol as the fallback protocol, when sending an + * ALPN extension, the first protocol is moved to the end of the list. This + * indicates that the fallback protocol is the least preferred. The other + * protocols should be in preference order. + * * The supported protocols are specified in |data| in wire-format (8-bit * length-prefixed). For example: "\010http/1.1\006spdy/2". */ SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd, @@ -215,7 +245,8 @@ SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd, typedef enum SSLNextProtoState { SSL_NEXT_PROTO_NO_SUPPORT = 0, /* No peer support */ SSL_NEXT_PROTO_NEGOTIATED = 1, /* Mutual agreement */ - SSL_NEXT_PROTO_NO_OVERLAP = 2 /* No protocol overlap found */ + SSL_NEXT_PROTO_NO_OVERLAP = 2, /* No protocol overlap found */ + SSL_NEXT_PROTO_SELECTED = 3 /* Server selected proto (ALPN) */ } SSLNextProtoState; /* SSL_GetNextProto can be used in the HandshakeCallback or any time after diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index a7144ea..01164e5 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -89,7 +89,7 @@ static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt, static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { /* cipher_suite policy enabled isPresent */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around @@ -105,7 +105,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -118,11 +118,11 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, @@ -131,7 +131,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* RSA */ { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -143,34 +143,34 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { SSL_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { SSL_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE}, /* 56-bit DES "domestic" cipher suites */ - { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* export ciphersuites with 1024-bit public key exchange keys */ { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* export ciphersuites with 512-bit public key exchange keys */ - { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* ciphersuites with no encryption */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ - { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +#endif /* NSS_DISABLE_ECC */ + { TLS_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, }; /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order. @@ -224,9 +224,9 @@ compressionEnabled(sslSocket *ss, SSLCompressionMethod compression) static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { ct_RSA_sign, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ct_ECDSA_sign, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ ct_DSS_sign, }; @@ -238,7 +238,7 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { * CertificateVerify messages that use the handshake hash. */ static const PRUint8 supported_signature_algorithms[] = { tls_hash_sha256, tls_sig_rsa, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC tls_hash_sha256, tls_sig_ecdsa, #endif tls_hash_sha256, tls_sig_dsa, @@ -299,13 +299,13 @@ static const ssl3KEADef kea_defs[] = {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE}, {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE}, {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ }; /* must use ssl_LookupCipherSuiteDef to access */ @@ -313,49 +313,49 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = { /* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */ - {SSL_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null}, - {SSL_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa}, - {SSL_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa}, + {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null}, + {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa}, + {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa}, {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa}, - {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export}, - {SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa}, - {SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa}, - {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export}, + {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa}, + {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa}, + {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, cipher_rc2_40, mac_md5, kea_rsa_export}, #if 0 /* not implemented */ - {SSL_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa}, - {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, + {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa}, + {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_rsa_export}, #endif - {SSL_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa}, - {SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa}, - {SSL_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss}, - {SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa}, + {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss}, + {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_dhe_dss}, {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss}, #if 0 /* not implemented */ - {SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_dh_dss_export}, - {SSL_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss}, - {SSL_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss}, - {SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss}, + {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss}, + {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_dh_rsa_export}, - {SSL_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa}, - {SSL_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa}, - {SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa}, + {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa}, + {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_dh_dss_export}, - {SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_dh_rsa_export}, #endif - {SSL_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa}, - {SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa}, + {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_dhe_rsa}, #if 0 {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export}, - {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_dh_anon_export}, - {SSL_DH_ANON_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon}, - {SSL_DH_ANON_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon}, + {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon}, + {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon}, #endif @@ -373,10 +373,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = #if 0 {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss}, {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa}, - {TLS_DH_ANON_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon}, + {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon}, {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss}, {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa}, - {TLS_DH_ANON_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon}, + {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon}, #endif {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa}, @@ -405,7 +405,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa}, @@ -439,7 +439,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon}, {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon}, #endif -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ }; static const CK_MECHANISM_TYPE kea_alg_defs[] = { @@ -512,7 +512,7 @@ const char * const ssl3_cipherName[] = { "missing" }; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* The ECCWrappedKeyInfo structure defines how various pieces of * information are laid out within wrappedSymmetricWrappingkey * for ECDH key exchange. Since wrappedSymmetricWrappingkey is @@ -534,7 +534,7 @@ typedef struct ECCWrappedKeyInfoStr { PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */ /* EC public-key params, the EC public value and the wrapped key */ } ECCWrappedKeyInfo; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ #if defined(TRACE) @@ -622,17 +622,18 @@ ssl3_CipherSuiteAllowedForVersionRange( * later. This set of cipher suites is similar to, but different from, the * set of cipher suites considered exportable by SSL_IsExportCipherSuite. */ - case SSL_RSA_EXPORT_WITH_RC4_40_MD5: - case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: - /* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented - * SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented - * SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented - * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented - * SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented - * SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented - * SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented + case TLS_RSA_EXPORT_WITH_RC4_40_MD5: + case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: + /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented + * TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented + * TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented + * TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented + * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented + * TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: never implemented + * TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: never implemented */ return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0; + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: case TLS_RSA_WITH_AES_256_CBC_SHA256: case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: @@ -645,6 +646,31 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_RSA_WITH_AES_128_GCM_SHA256: case TLS_RSA_WITH_NULL_SHA256: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; + + /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and + * point formats.*/ + case TLS_ECDH_ECDSA_WITH_NULL_SHA: + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: + case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_NULL_SHA: + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: + case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: + case TLS_ECDH_RSA_WITH_NULL_SHA: + case TLS_ECDH_RSA_WITH_RC4_128_SHA: + case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: + case TLS_ECDHE_RSA_WITH_NULL_SHA: + case TLS_ECDHE_RSA_WITH_RC4_128_SHA: + case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: + return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0; + default: return PR_TRUE; } @@ -731,7 +757,7 @@ ssl3_config_match_init(sslSocket *ss) cipher_mech = alg2Mech[cipher_alg].cmech; exchKeyType = kea_defs[cipher_def->key_exchange_alg].exchKeyType; -#ifndef NSS_ENABLE_ECC +#ifdef NSS_DISABLE_ECC svrAuth = ss->serverCerts + exchKeyType; #else /* XXX SSLKEAType isn't really a good choice for @@ -765,7 +791,7 @@ ssl3_config_match_init(sslSocket *ss) svrAuth = ss->serverCerts + exchKeyType; break; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* Mark the suites that are backed by real tokens, certs and keys */ suite->isPresent = (PRBool) @@ -924,7 +950,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, hashItem.len = hash->len; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: doDerEncode = PR_TRUE; /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. @@ -937,7 +963,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, hashItem.len = hash->len; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: PORT_SetError(SEC_ERROR_INVALID_KEY); goto done; @@ -1035,7 +1061,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. @@ -1053,7 +1079,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, hashItem.len = hash->len; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: SECKEY_DestroyPublicKey(key); @@ -3471,6 +3497,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) SSL_GETPID(), ss->fd)); if (ws != wait_change_cipher) { + if (IS_DTLS(ss)) { + /* Ignore this because it's out of order. */ + SSL_TRC(3, ("%d: SSL3[%d]: discard out of order " + "DTLS change_cipher_spec", + SSL_GETPID(), ss->fd)); + buf->len = 0; + return SECSuccess; + } (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER); return SECFailure; @@ -4840,6 +4874,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) int actual_count = 0; PRBool isTLS = PR_FALSE; PRInt32 total_exten_len = 0; + unsigned paddingExtensionLen; unsigned numCompressionMethods; PRInt32 flags; @@ -5077,12 +5112,12 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) total_exten_len += 2; } -#if defined(NSS_ENABLE_ECC) +#ifndef NSS_DISABLE_ECC if (!total_exten_len || !isTLS) { /* not sending the elliptic_curves and ec_point_formats extensions */ ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ } -#endif +#endif /* NSS_DISABLE_ECC */ if (IS_DTLS(ss)) { ssl3_DisableNonDTLSSuites(ss); @@ -5113,6 +5148,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) length += 1 + ss->ssl3.hs.cookieLen; } + /* A padding extension may be included to ensure that the record containing + * the ClientHello doesn't have a length between 256 and 511 bytes + * (inclusive). Initial, ClientHello records with such lengths trigger bugs + * in F5 devices. + * + * This is not done for DTLS nor for renegotiation. */ + if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) { + paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length); + total_exten_len += paddingExtensionLen; + length += paddingExtensionLen; + } else { + paddingExtensionLen = 0; + } + rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); if (rv != SECSuccess) { if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } @@ -5156,7 +5205,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeVariable( ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); else - rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + rv = ssl3_AppendHandshakeNumber(ss, 0, 1); if (rv != SECSuccess) { if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } return rv; /* err set by ssl3_AppendHandshake* */ @@ -5247,6 +5296,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) return SECFailure; } maxBytes -= extLen; + + extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes); + if (extLen < 0) { + if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } + return SECFailure; + } + maxBytes -= extLen; + PORT_Assert(!maxBytes); } @@ -5371,11 +5428,11 @@ ssl_UnwrapSymWrappingKey( { PK11SymKey * unwrappedWrappingKey = NULL; SECItem wrappedKey; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PK11SymKey * Ks; SECKEYPublicKey pubWrapKey; ECCWrappedKeyInfo *ecWrapped; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* found the wrapping key on disk. */ PORT_Assert(pWswk->symWrapMechanism == masterWrapMech); @@ -5397,7 +5454,7 @@ ssl_UnwrapSymWrappingKey( masterWrapMech, CKA_UNWRAP, 0); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: /* * For kt_ecdh, we first create an EC public key based on @@ -5536,12 +5593,12 @@ getWrappingKey( sslSocket * ss, SECStatus rv; SECItem wrappedKey; SSLWrappedSymWrappingKey wswk; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PK11SymKey * Ks = NULL; SECKEYPublicKey *pubWrapKey = NULL; SECKEYPrivateKey *privWrapKey = NULL; ECCWrappedKeyInfo *ecWrapped; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ svrPrivKey = ss->serverCerts[exchKeyType].SERVERKEY; PORT_Assert(svrPrivKey != NULL); @@ -5624,7 +5681,7 @@ getWrappingKey( sslSocket * ss, unwrappedWrappingKey, &wrappedKey); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: /* * We generate an ephemeral EC key pair. Perform an ECDH @@ -5710,7 +5767,7 @@ ec_cleanup: if (Ks) PK11_FreeSymKey(Ks); asymWrapMechanism = masterWrapMech; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; @@ -6023,11 +6080,11 @@ ssl3_SendClientKeyExchange(sslSocket *ss) rv = sendDHClientKeyExchange(ss, serverKey); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: rv = ssl3_SendECDHClientKeyExchange(ss, serverKey); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: /* got an unknown or unsupported Key Exchange Algorithm. */ @@ -6755,11 +6812,11 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) return SECSuccess; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: rv = ssl3_HandleECDHServerKeyExchange(ss, b, length); return rv; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: desc = handshake_failure; @@ -7497,14 +7554,14 @@ ssl3_SendServerHelloSequence(sslSocket *ss) return rv; #endif } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC } else if ((kea_def->kea == kea_ecdhe_rsa) || (kea_def->kea == kea_ecdhe_ecdsa)) { rv = ssl3_SendServerKeyExchange(ss); if (rv != SECSuccess) { return rv; /* err code was set. */ } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } if (ss->opt.requestCertificate) { @@ -7792,7 +7849,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Disable any ECC cipher suites for which we have no cert. */ ssl3_FilterECCipherSuitesByServerCerts(ss); #endif @@ -8409,7 +8466,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0], SSL3_RANDOM_LENGTH)); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Disable any ECC cipher suites for which we have no cert. */ ssl3_FilterECCipherSuitesByServerCerts(ss); #endif @@ -8591,7 +8648,7 @@ ssl3_SendServerHello(sslSocket *ss) rv = ssl3_AppendHandshakeVariable( ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); else - rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + rv = ssl3_AppendHandshakeNumber(ss, 0, 1); if (rv != SECSuccess) { return rv; /* err set by AppendHandshake. */ } @@ -8798,12 +8855,12 @@ ssl3_SendServerKeyExchange(sslSocket *ss) PORT_Free(signed_hash.data); return SECSuccess; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: { rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash); return rv; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case kt_dh: case kt_null: @@ -9226,9 +9283,9 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECStatus rv; const ssl3KEADef *kea_def; ssl3KeyPair *serverKeyPair = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECKEYPublicKey *serverPubKey = NULL; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake", SSL_GETPID(), ss->fd)); @@ -9258,7 +9315,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB; } else skip: -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* XXX Using SSLKEAType to index server certifiates * does not work for (EC)DHE ciphers. Until we have * an indexing mechanism general enough for all key @@ -9304,7 +9361,7 @@ skip: break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: /* XXX We really ought to be able to store multiple * EC certs (a requirement if we wish to support both @@ -9326,7 +9383,7 @@ skip: return SECFailure; /* error code set */ } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: (void) ssl3_HandshakeFailure(ss); @@ -9386,17 +9443,21 @@ ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length) (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length); rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length); - if (length != 0 || rv != SECSuccess) { + if (rv != SECSuccess || length != 0) { (void)SSL3_SendAlert(ss, alert_fatal, decode_error); PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); return SECFailure; /* malformed */ } - rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket, - &ticketData); - if (rv != SECSuccess) { - return rv; + /* If the server sent a zero-length ticket, ignore it and keep the + * existing ticket. */ + if (ticketData.len != 0) { + rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket, + &ticketData); + if (rv != SECSuccess) { + return rv; + } + ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE; } - ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE; ss->ssl3.hs.ws = wait_change_cipher; return SECSuccess; @@ -9931,7 +9992,7 @@ ssl3_AuthCertificate(sslSocket *ss) if (pubKey) { ss->sec.keaKeyBits = ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (ss->sec.keaType == kt_ecdh) { /* Get authKeyBits from signing key. * XXX The code below uses a quick approximation of @@ -9957,7 +10018,7 @@ ssl3_AuthCertificate(sslSocket *ss) */ } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SECKEY_DestroyPublicKey(pubKey); pubKey = NULL; } @@ -9965,10 +10026,10 @@ ssl3_AuthCertificate(sslSocket *ss) ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ if (ss->ssl3.hs.kea_def->is_limited || /* XXX OR server cert is signing only. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ } @@ -10162,8 +10223,10 @@ ssl3_SendNextProto(sslSocket *ss) int padding_len; static const unsigned char padding[32] = {0}; - if (ss->ssl3.nextProto.len == 0) + if (ss->ssl3.nextProto.len == 0 || + ss->ssl3.nextProtoState == SSL_NEXT_PROTO_SELECTED) { return SECSuccess; + } PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); @@ -10540,7 +10603,7 @@ xmit_loser: sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; sid->u.ssl3.compression = ss->ssl3.hs.compression; sid->u.ssl3.policy = ss->ssl3.policy; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves; #endif sid->u.ssl3.exchKeyType = effectiveExchKeyType; @@ -11676,7 +11739,7 @@ ssl3_InitState(sslSocket *ss) ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); #endif ssl_ReleaseSpecWriteLock(ss); diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 6380cfe..e8ee590 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -10,7 +10,7 @@ #include "nss.h" #include "cert.h" #include "ssl.h" -#include "cryptohi.h" /* for DSAU_ stuff */ +#include "cryptohi.h" /* for DSAU_ stuff */ #include "keyhi.h" #include "secder.h" #include "secitem.h" @@ -30,11 +30,11 @@ #include <stdio.h> -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifndef PK11_SETATTRS #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ - (x)->pValue=(v); (x)->ulValueLen = (l); + (x)->pValue=(v); (x)->ulValueLen = (l); #endif #define SSL_GET_SERVER_PUBLIC_KEY(sock, type) \ @@ -56,61 +56,61 @@ static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve); * ECC-TLS IETF draft. */ static const SECOidTag ecName2OIDTag[] = { - 0, - SEC_OID_SECG_EC_SECT163K1, /* 1 */ - SEC_OID_SECG_EC_SECT163R1, /* 2 */ - SEC_OID_SECG_EC_SECT163R2, /* 3 */ - SEC_OID_SECG_EC_SECT193R1, /* 4 */ - SEC_OID_SECG_EC_SECT193R2, /* 5 */ - SEC_OID_SECG_EC_SECT233K1, /* 6 */ - SEC_OID_SECG_EC_SECT233R1, /* 7 */ - SEC_OID_SECG_EC_SECT239K1, /* 8 */ - SEC_OID_SECG_EC_SECT283K1, /* 9 */ - SEC_OID_SECG_EC_SECT283R1, /* 10 */ - SEC_OID_SECG_EC_SECT409K1, /* 11 */ - SEC_OID_SECG_EC_SECT409R1, /* 12 */ - SEC_OID_SECG_EC_SECT571K1, /* 13 */ - SEC_OID_SECG_EC_SECT571R1, /* 14 */ - SEC_OID_SECG_EC_SECP160K1, /* 15 */ - SEC_OID_SECG_EC_SECP160R1, /* 16 */ - SEC_OID_SECG_EC_SECP160R2, /* 17 */ - SEC_OID_SECG_EC_SECP192K1, /* 18 */ - SEC_OID_SECG_EC_SECP192R1, /* 19 */ - SEC_OID_SECG_EC_SECP224K1, /* 20 */ - SEC_OID_SECG_EC_SECP224R1, /* 21 */ - SEC_OID_SECG_EC_SECP256K1, /* 22 */ - SEC_OID_SECG_EC_SECP256R1, /* 23 */ - SEC_OID_SECG_EC_SECP384R1, /* 24 */ - SEC_OID_SECG_EC_SECP521R1, /* 25 */ + 0, + SEC_OID_SECG_EC_SECT163K1, /* 1 */ + SEC_OID_SECG_EC_SECT163R1, /* 2 */ + SEC_OID_SECG_EC_SECT163R2, /* 3 */ + SEC_OID_SECG_EC_SECT193R1, /* 4 */ + SEC_OID_SECG_EC_SECT193R2, /* 5 */ + SEC_OID_SECG_EC_SECT233K1, /* 6 */ + SEC_OID_SECG_EC_SECT233R1, /* 7 */ + SEC_OID_SECG_EC_SECT239K1, /* 8 */ + SEC_OID_SECG_EC_SECT283K1, /* 9 */ + SEC_OID_SECG_EC_SECT283R1, /* 10 */ + SEC_OID_SECG_EC_SECT409K1, /* 11 */ + SEC_OID_SECG_EC_SECT409R1, /* 12 */ + SEC_OID_SECG_EC_SECT571K1, /* 13 */ + SEC_OID_SECG_EC_SECT571R1, /* 14 */ + SEC_OID_SECG_EC_SECP160K1, /* 15 */ + SEC_OID_SECG_EC_SECP160R1, /* 16 */ + SEC_OID_SECG_EC_SECP160R2, /* 17 */ + SEC_OID_SECG_EC_SECP192K1, /* 18 */ + SEC_OID_SECG_EC_SECP192R1, /* 19 */ + SEC_OID_SECG_EC_SECP224K1, /* 20 */ + SEC_OID_SECG_EC_SECP224R1, /* 21 */ + SEC_OID_SECG_EC_SECP256K1, /* 22 */ + SEC_OID_SECG_EC_SECP256R1, /* 23 */ + SEC_OID_SECG_EC_SECP384R1, /* 24 */ + SEC_OID_SECG_EC_SECP521R1, /* 25 */ }; static const PRUint16 curve2bits[] = { - 0, /* ec_noName = 0, */ - 163, /* ec_sect163k1 = 1, */ - 163, /* ec_sect163r1 = 2, */ - 163, /* ec_sect163r2 = 3, */ - 193, /* ec_sect193r1 = 4, */ - 193, /* ec_sect193r2 = 5, */ - 233, /* ec_sect233k1 = 6, */ - 233, /* ec_sect233r1 = 7, */ - 239, /* ec_sect239k1 = 8, */ - 283, /* ec_sect283k1 = 9, */ - 283, /* ec_sect283r1 = 10, */ - 409, /* ec_sect409k1 = 11, */ - 409, /* ec_sect409r1 = 12, */ - 571, /* ec_sect571k1 = 13, */ - 571, /* ec_sect571r1 = 14, */ - 160, /* ec_secp160k1 = 15, */ - 160, /* ec_secp160r1 = 16, */ - 160, /* ec_secp160r2 = 17, */ - 192, /* ec_secp192k1 = 18, */ - 192, /* ec_secp192r1 = 19, */ - 224, /* ec_secp224k1 = 20, */ - 224, /* ec_secp224r1 = 21, */ - 256, /* ec_secp256k1 = 22, */ - 256, /* ec_secp256r1 = 23, */ - 384, /* ec_secp384r1 = 24, */ - 521, /* ec_secp521r1 = 25, */ + 0, /* ec_noName = 0, */ + 163, /* ec_sect163k1 = 1, */ + 163, /* ec_sect163r1 = 2, */ + 163, /* ec_sect163r2 = 3, */ + 193, /* ec_sect193r1 = 4, */ + 193, /* ec_sect193r2 = 5, */ + 233, /* ec_sect233k1 = 6, */ + 233, /* ec_sect233r1 = 7, */ + 239, /* ec_sect239k1 = 8, */ + 283, /* ec_sect283k1 = 9, */ + 283, /* ec_sect283r1 = 10, */ + 409, /* ec_sect409k1 = 11, */ + 409, /* ec_sect409r1 = 12, */ + 571, /* ec_sect571k1 = 13, */ + 571, /* ec_sect571r1 = 14, */ + 160, /* ec_secp160k1 = 15, */ + 160, /* ec_secp160r1 = 16, */ + 160, /* ec_secp160r2 = 17, */ + 192, /* ec_secp192k1 = 18, */ + 192, /* ec_secp192r1 = 19, */ + 224, /* ec_secp224k1 = 20, */ + 224, /* ec_secp224r1 = 21, */ + 256, /* ec_secp256k1 = 22, */ + 256, /* ec_secp256r1 = 23, */ + 384, /* ec_secp384r1 = 24, */ + 521, /* ec_secp521r1 = 25, */ 65535 /* ec_pastLastName */ }; @@ -120,31 +120,31 @@ typedef struct Bits2CurveStr { } Bits2Curve; static const Bits2Curve bits2curve [] = { - { 192, ec_secp192r1 /* = 19, fast */ }, - { 160, ec_secp160r2 /* = 17, fast */ }, - { 160, ec_secp160k1 /* = 15, */ }, - { 160, ec_secp160r1 /* = 16, */ }, - { 163, ec_sect163k1 /* = 1, */ }, - { 163, ec_sect163r1 /* = 2, */ }, - { 163, ec_sect163r2 /* = 3, */ }, - { 192, ec_secp192k1 /* = 18, */ }, - { 193, ec_sect193r1 /* = 4, */ }, - { 193, ec_sect193r2 /* = 5, */ }, - { 224, ec_secp224r1 /* = 21, fast */ }, - { 224, ec_secp224k1 /* = 20, */ }, - { 233, ec_sect233k1 /* = 6, */ }, - { 233, ec_sect233r1 /* = 7, */ }, - { 239, ec_sect239k1 /* = 8, */ }, - { 256, ec_secp256r1 /* = 23, fast */ }, - { 256, ec_secp256k1 /* = 22, */ }, - { 283, ec_sect283k1 /* = 9, */ }, - { 283, ec_sect283r1 /* = 10, */ }, - { 384, ec_secp384r1 /* = 24, fast */ }, - { 409, ec_sect409k1 /* = 11, */ }, - { 409, ec_sect409r1 /* = 12, */ }, - { 521, ec_secp521r1 /* = 25, fast */ }, - { 571, ec_sect571k1 /* = 13, */ }, - { 571, ec_sect571r1 /* = 14, */ }, + { 192, ec_secp192r1 /* = 19, fast */ }, + { 160, ec_secp160r2 /* = 17, fast */ }, + { 160, ec_secp160k1 /* = 15, */ }, + { 160, ec_secp160r1 /* = 16, */ }, + { 163, ec_sect163k1 /* = 1, */ }, + { 163, ec_sect163r1 /* = 2, */ }, + { 163, ec_sect163r2 /* = 3, */ }, + { 192, ec_secp192k1 /* = 18, */ }, + { 193, ec_sect193r1 /* = 4, */ }, + { 193, ec_sect193r2 /* = 5, */ }, + { 224, ec_secp224r1 /* = 21, fast */ }, + { 224, ec_secp224k1 /* = 20, */ }, + { 233, ec_sect233k1 /* = 6, */ }, + { 233, ec_sect233r1 /* = 7, */ }, + { 239, ec_sect239k1 /* = 8, */ }, + { 256, ec_secp256r1 /* = 23, fast */ }, + { 256, ec_secp256k1 /* = 22, */ }, + { 283, ec_sect283k1 /* = 9, */ }, + { 283, ec_sect283r1 /* = 10, */ }, + { 384, ec_secp384r1 /* = 24, fast */ }, + { 409, ec_sect409k1 /* = 11, */ }, + { 409, ec_sect409r1 /* = 12, */ }, + { 521, ec_secp521r1 /* = 25, fast */ }, + { 571, ec_sect571k1 /* = 13, */ }, + { 571, ec_sect571r1 /* = 14, */ }, { 65535, ec_noName } }; @@ -157,21 +157,21 @@ typedef struct ECDHEKeyPairStr { /* arrays of ECDHE KeyPairs */ static ECDHEKeyPair gECDHEKeyPairs[ec_pastLastName]; -SECStatus +SECStatus ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params) { SECOidData *oidData = NULL; if ((curve <= ec_noName) || (curve >= ec_pastLastName) || - ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) { + ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); - return SECFailure; + return SECFailure; } SECITEM_AllocItem(arena, params, (2 + oidData->oid.len)); - /* + /* * params->data needs to contain the ASN encoding of an object ID (OID) - * representing the named curve. The actual OID is in + * representing the named curve. The actual OID is in * oidData->oid.data so we simply prepend 0x06 and OID length */ params->data[0] = SEC_ASN1_OBJECT_ID; @@ -181,14 +181,14 @@ ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params) return SECSuccess; } -static ECName +static ECName params2ecName(SECKEYECParams * params) { SECItem oid = { siBuffer, NULL, 0}; SECOidData *oidData = NULL; ECName i; - /* + /* * params->data needs to contain the ASN encoding of an object ID (OID) * representing a named curve. Here, we strip away everything * before the actual OID and use the OID to look up a named curve. @@ -198,8 +198,8 @@ params2ecName(SECKEYECParams * params) oid.data = params->data + 2; if ((oidData = SECOID_FindOID(&oid)) == NULL) return ec_noName; for (i = ec_noName + 1; i < ec_pastLastName; i++) { - if (ecName2OIDTag[i] == oidData->offset) - return i; + if (ecName2OIDTag[i] == oidData->offset) + return i; } return ec_noName; @@ -208,13 +208,13 @@ params2ecName(SECKEYECParams * params) /* Caller must set hiLevel error code. */ static SECStatus ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, - SECItem ec_params, SECItem server_ecpoint, - SSL3Random *client_rand, SSL3Random *server_rand, - SSL3Hashes *hashes, PRBool bypassPKCS11) + SECItem ec_params, SECItem server_ecpoint, + SSL3Random *client_rand, SSL3Random *server_rand, + SSL3Hashes *hashes, PRBool bypassPKCS11) { PRUint8 * hashBuf; PRUint8 * pBuf; - SECStatus rv = SECSuccess; + SECStatus rv = SECSuccess; unsigned int bufLen; /* * XXX For now, we only support named curves (the appropriate @@ -226,37 +226,37 @@ ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, bufLen = 2*SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len; if (bufLen <= sizeof buf) { - hashBuf = buf; + hashBuf = buf; } else { - hashBuf = PORT_Alloc(bufLen); - if (!hashBuf) { - return SECFailure; - } + hashBuf = PORT_Alloc(bufLen); + if (!hashBuf) { + return SECFailure; + } } - memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH); - pBuf = hashBuf + SSL3_RANDOM_LENGTH; + memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH); + pBuf = hashBuf + SSL3_RANDOM_LENGTH; memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH); - pBuf += SSL3_RANDOM_LENGTH; + pBuf += SSL3_RANDOM_LENGTH; memcpy(pBuf, ec_params.data, ec_params.len); - pBuf += ec_params.len; + pBuf += ec_params.len; pBuf[0] = (PRUint8)(server_ecpoint.len); pBuf += 1; memcpy(pBuf, server_ecpoint.data, server_ecpoint.len); - pBuf += server_ecpoint.len; + pBuf += server_ecpoint.len; PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen); rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes, - bypassPKCS11); + bypassPKCS11); PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen)); PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result", - hashes->u.s.md5, MD5_LENGTH)); + hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result", - hashes->u.s.sha, SHA1_LENGTH)); + hashes->u.s.sha, SHA1_LENGTH)); if (hashBuf != buf) - PORT_Free(hashBuf); + PORT_Free(hashBuf); return rv; } @@ -265,12 +265,12 @@ ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) { - PK11SymKey * pms = NULL; - SECStatus rv = SECFailure; + PK11SymKey * pms = NULL; + SECStatus rv = SECFailure; PRBool isTLS, isTLS12; - CK_MECHANISM_TYPE target; - SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */ - SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */ + CK_MECHANISM_TYPE target; + SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */ + SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); @@ -280,39 +280,39 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) /* Generate ephemeral EC keypair */ if (svrPubKey->keyType != ecKey) { - PORT_SetError(SEC_ERROR_BAD_KEY); - goto loser; + PORT_SetError(SEC_ERROR_BAD_KEY); + goto loser; } /* XXX SHOULD CALL ssl3_CreateECDHEphemeralKeys here, instead! */ - privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams, - &pubKey, ss->pkcs11PinArg); + privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams, + &pubKey, ss->pkcs11PinArg); if (!privKey || !pubKey) { - ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); - rv = SECFailure; - goto loser; + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + rv = SECFailure; + goto loser; } PRINT_BUF(50, (ss, "ECDH public value:", - pubKey->u.ec.publicValue.data, - pubKey->u.ec.publicValue.len)); + pubKey->u.ec.publicValue.data, + pubKey->u.ec.publicValue.len)); if (isTLS12) { - target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; } else if (isTLS) { - target = CKM_TLS_MASTER_KEY_DERIVE_DH; + target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { - target = CKM_SSL3_MASTER_KEY_DERIVE_DH; + target = CKM_SSL3_MASTER_KEY_DERIVE_DH; } /* Determine the PMS */ pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL, - CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, - CKD_NULL, NULL, NULL); + CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, + CKD_NULL, NULL, NULL); if (pms == NULL) { - SSL3AlertDescription desc = illegal_parameter; - (void)SSL3_SendAlert(ss, alert_fatal, desc); - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; + SSL3AlertDescription desc = illegal_parameter; + (void)SSL3_SendAlert(ss, alert_fatal, desc); + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; } SECKEY_DestroyPrivateKey(privKey); @@ -322,24 +322,24 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) PK11_FreeSymKey(pms); pms = NULL; if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; } - rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, - pubKey->u.ec.publicValue.len + 1); + rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, + pubKey->u.ec.publicValue.len + 1); if (rv != SECSuccess) { - goto loser; /* err set by ssl3_AppendHandshake* */ + goto loser; /* err set by ssl3_AppendHandshake* */ } - rv = ssl3_AppendHandshakeVariable(ss, - pubKey->u.ec.publicValue.data, - pubKey->u.ec.publicValue.len, 1); + rv = ssl3_AppendHandshakeVariable(ss, + pubKey->u.ec.publicValue.data, + pubKey->u.ec.publicValue.len, 1); SECKEY_DestroyPublicKey(pubKey); pubKey = NULL; if (rv != SECSuccess) { - goto loser; /* err set by ssl3_AppendHandshake* */ + goto loser; /* err set by ssl3_AppendHandshake* */ } rv = SECSuccess; @@ -357,59 +357,59 @@ loser: */ SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, - PRUint32 length, + PRUint32 length, SECKEYPublicKey *srvrPubKey, SECKEYPrivateKey *srvrPrivKey) { PK11SymKey * pms; SECStatus rv; SECKEYPublicKey clntPubKey; - CK_MECHANISM_TYPE target; + CK_MECHANISM_TYPE target; PRBool isTLS, isTLS12; PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); clntPubKey.keyType = ecKey; - clntPubKey.u.ec.DEREncodedParams.len = - srvrPubKey->u.ec.DEREncodedParams.len; - clntPubKey.u.ec.DEREncodedParams.data = - srvrPubKey->u.ec.DEREncodedParams.data; + clntPubKey.u.ec.DEREncodedParams.len = + srvrPubKey->u.ec.DEREncodedParams.len; + clntPubKey.u.ec.DEREncodedParams.data = + srvrPubKey->u.ec.DEREncodedParams.data; - rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue, - 1, &b, &length); + rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue, + 1, &b, &length); if (rv != SECSuccess) { - SEND_ALERT - return SECFailure; /* XXX Who sets the error code?? */ + SEND_ALERT + return SECFailure; /* XXX Who sets the error code?? */ } isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); if (isTLS12) { - target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; } else if (isTLS) { - target = CKM_TLS_MASTER_KEY_DERIVE_DH; + target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { - target = CKM_SSL3_MASTER_KEY_DERIVE_DH; + target = CKM_SSL3_MASTER_KEY_DERIVE_DH; } /* Determine the PMS */ pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL, - CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, - CKD_NULL, NULL, NULL); + CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, + CKD_NULL, NULL, NULL); if (pms == NULL) { - /* last gasp. */ - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - return SECFailure; + /* last gasp. */ + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + return SECFailure; } rv = ssl3_InitPendingCipherSpec(ss, pms); PK11_FreeSymKey(pms); if (rv != SECSuccess) { - SEND_ALERT - return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ + SEND_ALERT + return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ } return SECSuccess; } @@ -418,13 +418,13 @@ ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits) { int i; - + for ( i = 0; bits2curve[i].curve != ec_noName; i++) { - if (bits2curve[i].bits < requiredECCbits) - continue; - if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) { - return bits2curve[i].curve; - } + if (bits2curve[i].bits < requiredECCbits) + continue; + if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) { + return bits2curve[i].curve; + } } PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); return ec_noName; @@ -442,24 +442,24 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss) int requiredECCbits = ss->sec.secretKeyBits * 2; if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa) { - svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh); - if (svrPublicKey) - ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams); - if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) { - PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); - return ec_noName; - } - signatureKeyStrength = curve2bits[ ec_curve ]; + svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh); + if (svrPublicKey) + ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams); + if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) { + PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); + return ec_noName; + } + signatureKeyStrength = curve2bits[ ec_curve ]; } else { /* RSA is our signing cert */ int serverKeyStrengthInBits; - + svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_rsa); if (!svrPublicKey) { PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); return ec_noName; } - + /* currently strength in bytes */ serverKeyStrengthInBits = svrPublicKey->u.rsa.modulus.len; if (svrPublicKey->u.rsa.modulus.data[0] == 0) { @@ -467,28 +467,28 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss) } /* convert to strength in bits */ serverKeyStrengthInBits *= BPB; - + signatureKeyStrength = - SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits); + SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits); } - if ( requiredECCbits > signatureKeyStrength ) + if ( requiredECCbits > signatureKeyStrength ) requiredECCbits = signatureKeyStrength; return ssl3_GetCurveWithECKeyStrength(ss->ssl3.hs.negotiatedECCurves, - requiredECCbits); + requiredECCbits); } /* function to clear out the lists */ -static SECStatus +static SECStatus ssl3_ShutdownECDHECurves(void *appData, void *nssData) { int i; ECDHEKeyPair *keyPair = &gECDHEKeyPairs[0]; for (i=0; i < ec_pastLastName; i++, keyPair++) { - if (keyPair->pair) { - ssl3_FreeKeyPair(keyPair->pair); - } + if (keyPair->pair) { + ssl3_FreeKeyPair(keyPair->pair); + } } memset(gECDHEKeyPairs, 0, sizeof gECDHEKeyPairs); return SECSuccess; @@ -500,18 +500,18 @@ ssl3_ECRegister(void) SECStatus rv; rv = NSS_RegisterShutdown(ssl3_ShutdownECDHECurves, gECDHEKeyPairs); if (rv != SECSuccess) { - gECDHEKeyPairs[ec_noName].error = PORT_GetError(); + gECDHEKeyPairs[ec_noName].error = PORT_GetError(); } return (PRStatus)rv; } /* CallOnce function, called once for each named curve. */ -static PRStatus +static PRStatus ssl3_CreateECDHEphemeralKeyPair(void * arg) { SECKEYPrivateKey * privKey = NULL; SECKEYPublicKey * pubKey = NULL; - ssl3KeyPair * keyPair = NULL; + ssl3KeyPair * keyPair = NULL; ECName ec_curve = (ECName)arg; SECKEYECParams ecParams = { siBuffer, NULL, 0 }; @@ -519,23 +519,23 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg) /* ok, no one has generated a global key for this curve yet, do so */ if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) { - gECDHEKeyPairs[ec_curve].error = PORT_GetError(); - return PR_FAILURE; + gECDHEKeyPairs[ec_curve].error = PORT_GetError(); + return PR_FAILURE; } - privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL); + privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL); SECITEM_FreeItem(&ecParams, PR_FALSE); if (!privKey || !pubKey || !(keyPair = ssl3_NewKeyPair(privKey, pubKey))) { - if (privKey) { - SECKEY_DestroyPrivateKey(privKey); - } - if (pubKey) { - SECKEY_DestroyPublicKey(pubKey); - } - ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); - gECDHEKeyPairs[ec_curve].error = PORT_GetError(); - return PR_FAILURE; + if (privKey) { + SECKEY_DestroyPrivateKey(privKey); + } + if (pubKey) { + SECKEY_DestroyPublicKey(pubKey); + } + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + gECDHEKeyPairs[ec_curve].error = PORT_GetError(); + return PR_FAILURE; } gECDHEKeyPairs[ec_curve].pair = keyPair; @@ -554,30 +554,30 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg) static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve) { - ssl3KeyPair * keyPair = NULL; + ssl3KeyPair * keyPair = NULL; /* if there's no global key for this curve, make one. */ if (gECDHEKeyPairs[ec_curve].pair == NULL) { - PRStatus status; + PRStatus status; - status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister); + status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister); if (status != PR_SUCCESS) { - PORT_SetError(gECDHEKeyPairs[ec_noName].error); - return SECFailure; - } - status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once, - ssl3_CreateECDHEphemeralKeyPair, - (void *)ec_curve); + PORT_SetError(gECDHEKeyPairs[ec_noName].error); + return SECFailure; + } + status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once, + ssl3_CreateECDHEphemeralKeyPair, + (void *)ec_curve); if (status != PR_SUCCESS) { - PORT_SetError(gECDHEKeyPairs[ec_curve].error); - return SECFailure; - } + PORT_SetError(gECDHEKeyPairs[ec_curve].error); + return SECFailure; + } } keyPair = gECDHEKeyPairs[ec_curve].pair; PORT_Assert(keyPair != NULL); - if (!keyPair) - return SECFailure; + if (!keyPair) + return SECFailure; ss->ephemeralECDHKeyPair = ssl3_GetKeyPairRef(keyPair); return SECSuccess; @@ -612,55 +612,55 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ec_params.data = paramBuf; rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length); if (rv != SECSuccess) { - goto loser; /* malformed. */ + goto loser; /* malformed. */ } /* Fail if the curve is not a named curve */ - if ((ec_params.data[0] != ec_type_named) || - (ec_params.data[1] != 0) || - !supportedCurve(ec_params.data[2])) { - errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; - desc = handshake_failure; - goto alert_loser; + if ((ec_params.data[0] != ec_type_named) || + (ec_params.data[1] != 0) || + !supportedCurve(ec_params.data[2])) { + errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; + desc = handshake_failure; + goto alert_loser; } rv = ssl3_ConsumeHandshakeVariable(ss, &ec_point, 1, &b, &length); if (rv != SECSuccess) { - goto loser; /* malformed. */ + goto loser; /* malformed. */ } /* Fail if the ec point uses compressed representation */ if (ec_point.data[0] != EC_POINT_FORM_UNCOMPRESSED) { - errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM; - desc = handshake_failure; - goto alert_loser; + errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM; + desc = handshake_failure; + goto alert_loser; } if (isTLS12) { - rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, - &sigAndHash); - if (rv != SECSuccess) { - goto loser; /* malformed or unsupported. */ - } - rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( - &sigAndHash, ss->sec.peerCert); - if (rv != SECSuccess) { - goto loser; - } + rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, + &sigAndHash); + if (rv != SECSuccess) { + goto loser; /* malformed or unsupported. */ + } + rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( + &sigAndHash, ss->sec.peerCert); + if (rv != SECSuccess) { + goto loser; + } } rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); if (rv != SECSuccess) { - goto loser; /* malformed. */ + goto loser; /* malformed. */ } if (length != 0) { - if (isTLS) - desc = decode_error; - goto alert_loser; /* malformed. */ + if (isTLS) + desc = decode_error; + goto alert_loser; /* malformed. */ } - PRINT_BUF(60, (NULL, "Server EC params", ec_params.data, - ec_params.len)); + PRINT_BUF(60, (NULL, "Server EC params", ec_params.data, + ec_params.len)); PRINT_BUF(60, (NULL, "Server EC point", ec_point.data, ec_point.len)); /* failures after this point are not malformed handshakes. */ @@ -671,51 +671,51 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * check to make sure the hash is signed by right guy */ rv = ssl3_ComputeECDHKeyHash(sigAndHash.hashAlg, ec_params, ec_point, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { - errCode = - ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto alert_loser; + errCode = + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto alert_loser; } rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature, - isTLS, ss->pkcs11PinArg); + isTLS, ss->pkcs11PinArg); if (rv != SECSuccess) { - errCode = - ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto alert_loser; + errCode = + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto alert_loser; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { - goto no_memory; + goto no_memory; } ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { - goto no_memory; + goto no_memory; } peerKey->arena = arena; peerKey->keyType = ecKey; /* set up EC parameters in peerKey */ - if (ssl3_ECName2Params(arena, ec_params.data[2], - &peerKey->u.ec.DEREncodedParams) != SECSuccess) { - /* we should never get here since we already - * checked that we are dealing with a supported curve - */ - errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; - goto alert_loser; + if (ssl3_ECName2Params(arena, ec_params.data[2], + &peerKey->u.ec.DEREncodedParams) != SECSuccess) { + /* we should never get here since we already + * checked that we are dealing with a supported curve + */ + errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; + goto alert_loser; } /* copy publicValue in peerKey */ if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point)) { - PORT_FreeArena(arena, PR_FALSE); - goto no_memory; + PORT_FreeArena(arena, PR_FALSE); + goto no_memory; } peerKey->pkcs11Slot = NULL; peerKey->pkcs11ID = CK_INVALID_HANDLE; @@ -731,7 +731,7 @@ loser: PORT_SetError( errCode ); return SECFailure; -no_memory: /* no-memory error has already been set. */ +no_memory: /* no-memory error has already been set. */ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); return SECFailure; } @@ -757,104 +757,104 @@ ssl3_SendECDHServerKeyExchange( /* Generate ephemeral ECDH key pair and send the public key */ curve = ssl3_GetCurveNameForServerSocket(ss); if (curve == ec_noName) { - goto loser; + goto loser; } rv = ssl3_CreateECDHEphemeralKeys(ss, curve); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ - } + goto loser; /* err set by AppendHandshake. */ + } ecdhePub = ss->ephemeralECDHKeyPair->pubKey; PORT_Assert(ecdhePub != NULL); if (!ecdhePub) { - PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - return SECFailure; - } - + PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + return SECFailure; + } + ec_params.len = sizeof paramBuf; ec_params.data = paramBuf; curve = params2ecName(&ecdhePub->u.ec.DEREncodedParams); if (curve != ec_noName) { - ec_params.data[0] = ec_type_named; - ec_params.data[1] = 0x00; - ec_params.data[2] = curve; + ec_params.data[0] = ec_type_named; + ec_params.data[1] = 0x00; + ec_params.data[2] = curve; } else { - PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); - goto loser; - } + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + goto loser; + } rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg, - ec_params, - ecdhePub->u.ec.publicValue, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + ec_params, + ecdhePub->u.ec.publicValue, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto loser; + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto loser; } isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - /* XXX SSLKEAType isn't really a good choice for + /* XXX SSLKEAType isn't really a good choice for * indexing certificates but that's all we have * for now. */ if (kea_def->kea == kea_ecdhe_rsa) - certIndex = kt_rsa; + certIndex = kt_rsa; else /* kea_def->kea == kea_ecdhe_ecdsa */ - certIndex = kt_ecdh; + certIndex = kt_ecdh; - rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, - &signed_hash, isTLS); + rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, + &signed_hash, isTLS); if (rv != SECSuccess) { - goto loser; /* ssl3_SignHashes has set err. */ + goto loser; /* ssl3_SignHashes has set err. */ } if (signed_hash.data == NULL) { - /* how can this happen and rv == SECSuccess ?? */ - PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto loser; + /* how can this happen and rv == SECSuccess ?? */ + PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto loser; } - length = ec_params.len + - 1 + ecdhePub->u.ec.publicValue.len + - (isTLS12 ? 2 : 0) + 2 + signed_hash.len; + length = ec_params.len + + 1 + ecdhePub->u.ec.publicValue.len + + (isTLS12 ? 2 : 0) + 2 + signed_hash.len; rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } rv = ssl3_AppendHandshake(ss, ec_params.data, ec_params.len); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } rv = ssl3_AppendHandshakeVariable(ss, ecdhePub->u.ec.publicValue.data, - ecdhePub->u.ec.publicValue.len, 1); + ecdhePub->u.ec.publicValue.len, 1); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } if (isTLS12) { - rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash); - if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ - } + rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } } rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data, - signed_hash.len, 2); + signed_hash.len, 2); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } PORT_Free(signed_hash.data); return SECSuccess; loser: - if (signed_hash.data != NULL) - PORT_Free(signed_hash.data); + if (signed_hash.data != NULL) + PORT_Free(signed_hash.data); return SECFailure; } @@ -948,11 +948,11 @@ SECStatus ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite) { if (!suite) - suite = ecSuites; + suite = ecSuites; for (; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); + SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_Assert(rv == SECSuccess); /* else is coding error */ } return SECSuccess; } @@ -967,41 +967,41 @@ ssl3_FilterECCipherSuitesByServerCerts(sslSocket * ss) svrCert = ss->serverCerts[kt_rsa].serverCert; if (!svrCert) { - ssl3_DisableECCSuites(ss, ecdhe_rsa_suites); + ssl3_DisableECCSuites(ss, ecdhe_rsa_suites); } svrCert = ss->serverCerts[kt_ecdh].serverCert; if (!svrCert) { - ssl3_DisableECCSuites(ss, ecdh_suites); - ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); + ssl3_DisableECCSuites(ss, ecdh_suites); + ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); } else { - SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature); - - switch (sigTag) { - case SEC_OID_PKCS1_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: - ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); - break; - case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: - case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: - ssl3_DisableECCSuites(ss, ecdh_rsa_suites); - break; - default: - ssl3_DisableECCSuites(ss, ecdh_suites); - break; - } + SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature); + + switch (sigTag) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: + ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); + break; + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: + ssl3_DisableECCSuites(ss, ecdh_rsa_suites); + break; + default: + ssl3_DisableECCSuites(ss, ecdh_suites); + break; + } } } @@ -1016,18 +1016,18 @@ ssl3_IsECCEnabled(sslSocket * ss) /* make sure we can do ECC */ slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE, ss->pkcs11PinArg); if (!slot) { - return PR_FALSE; + return PR_FALSE; } PK11_FreeSlot(slot); /* make sure an ECC cipher is enabled */ for (suite = ecSuites; *suite; ++suite) { - PRBool enabled = PR_FALSE; - SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled); + PRBool enabled = PR_FALSE; + SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled); - PORT_Assert(rv == SECSuccess); /* else is coding error */ - if (rv == SECSuccess && enabled) - return PR_TRUE; + PORT_Assert(rv == SECSuccess); /* else is coding error */ + if (rv == SECSuccess && enabled) + return PR_TRUE; } return PR_FALSE; } @@ -1035,7 +1035,7 @@ ssl3_IsECCEnabled(sslSocket * ss) #define BE(n) 0, n /* Prefabricated TLS client hello extension, Elliptic Curves List, - * offers only 3 curves, the Suite B curves, 23-25 + * offers only 3 curves, the Suite B curves, 23-25 */ static const PRUint8 suiteBECList[12] = { BE(10), /* Extension type */ @@ -1051,9 +1051,9 @@ static const PRUint8 tlsECList[56] = { BE(10), /* Extension type */ BE(52), /* octets that follow (25 pairs + 1 length pair) */ BE(50), /* octets that follow (25 pairs) */ - BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7), - BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15), - BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23), + BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7), + BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15), + BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23), BE(24), BE(25) }; @@ -1076,12 +1076,12 @@ ssl3_SuiteBOnly(sslSocket *ss) /* See if we can support small curves (like 163). If not, assume we can * only support Suite-B curves (P-256, P-384, P-521). */ PK11SlotInfo *slot = - PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163, - ss ? ss->pkcs11PinArg : NULL); + PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163, + ss ? ss->pkcs11PinArg : NULL); if (!slot) { - /* nope, presume we can only do suite B */ - return PR_TRUE; + /* nope, presume we can only do suite B */ + return PR_TRUE; } /* we can, presume we can do all curves */ PK11_FreeSlot(slot); @@ -1093,33 +1093,33 @@ ssl3_SuiteBOnly(sslSocket *ss) */ PRInt32 ssl3_SendSupportedCurvesXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 ecListSize = 0; const PRUint8 *ecList = NULL; if (!ss || !ssl3_IsECCEnabled(ss)) - return 0; + return 0; if (ssl3_SuiteBOnly(ss)) { - ecListSize = sizeof suiteBECList; - ecList = suiteBECList; + ecListSize = sizeof suiteBECList; + ecList = suiteBECList; } else { - ecListSize = sizeof tlsECList; - ecList = tlsECList; + ecListSize = sizeof tlsECList; + ecList = tlsECList; } - + if (append && maxBytes >= ecListSize) { - SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); - if (rv != SECSuccess) - return -1; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_elliptic_curves_xtn; - } + SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); + if (rv != SECSuccess) + return -1; + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_elliptic_curves_xtn; + } } return ecListSize; } @@ -1128,7 +1128,7 @@ PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss) { if (ssl3_SuiteBOnly(ss)) { - return SSL3_SUITE_B_SUPPORTED_CURVES_MASK; + return SSL3_SUITE_B_SUPPORTED_CURVES_MASK; } return SSL3_ALL_SUPPORTED_CURVES_MASK; } @@ -1138,21 +1138,21 @@ ssl3_GetSupportedECCurveMask(sslSocket *ss) */ PRInt32 ssl3_SendSupportedPointFormatsXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { if (!ss || !ssl3_IsECCEnabled(ss)) - return 0; + return 0; if (append && maxBytes >= (sizeof ecPtFmt)) { - SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt)); - if (rv != SECSuccess) - return -1; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_ec_point_formats_xtn; - } + SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt)); + if (rv != SECSuccess) + return -1; + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_ec_point_formats_xtn; + } } return (sizeof ecPtFmt); } @@ -1168,17 +1168,17 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, if (data->len < 2 || data->len > 255 || !data->data || data->len != (unsigned int)data->data[0] + 1) { - /* malformed */ - goto loser; + /* malformed */ + goto loser; } for (i = data->len; --i > 0; ) { - if (data->data[i] == 0) { - /* indicate that we should send a reply */ - SECStatus rv; - rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - &ssl3_SendSupportedPointFormatsXtn); - return rv; - } + if (data->data[i] == 0) { + /* indicate that we should send a reply */ + SECStatus rv; + rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, + &ssl3_SendSupportedPointFormatsXtn); + return rv; + } } loser: /* evil client doesn't support uncompressed */ @@ -1192,14 +1192,14 @@ loser: ss->serverCerts[type].serverKeyPair->pubKey : NULL) /* Extract the TLS curve name for the public key in our EC server cert. */ -ECName ssl3_GetSvrCertCurveName(sslSocket *ss) +ECName ssl3_GetSvrCertCurveName(sslSocket *ss) { - SECKEYPublicKey *srvPublicKey; - ECName ec_curve = ec_noName; + SECKEYPublicKey *srvPublicKey; + ECName ec_curve = ec_noName; srvPublicKey = SSL3_GET_SERVER_PUBLICKEY(ss, kt_ecdh); if (srvPublicKey) { - ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams); + ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams); } return ec_curve; } @@ -1216,37 +1216,37 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) PRUint16 svrCertCurveName; if (!data->data || data->len < 4 || data->len > 65535) - goto loser; + goto loser; /* get the length of elliptic_curve_list */ list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) { - /* malformed */ - goto loser; + /* malformed */ + goto loser; } /* build bit vector of peer's supported curve names */ while (data->len) { - PRInt32 curve_name = - ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (curve_name > ec_noName && curve_name < ec_pastLastName) { - peerCurves |= (1U << curve_name); - } + PRInt32 curve_name = + ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + if (curve_name > ec_noName && curve_name < ec_pastLastName) { + peerCurves |= (1U << curve_name); + } } /* What curves do we support in common? */ mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves; if (!mutualCurves) { /* no mutually supported EC Curves */ - goto loser; + goto loser; } - /* if our ECC cert doesn't use one of these supported curves, - * disable ECC cipher suites that require an ECC cert. + /* if our ECC cert doesn't use one of these supported curves, + * disable ECC cipher suites that require an ECC cert. */ svrCertCurveName = ssl3_GetSvrCertCurveName(ss); if (svrCertCurveName != ec_noName && (mutualCurves & (1U << svrCertCurveName)) != 0) { - return SECSuccess; + return SECSuccess; } /* Our EC cert doesn't contain a mutually supported curve. - * Disable all ECC cipher suites that require an EC cert + * Disable all ECC cipher suites that require an EC cert */ ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); @@ -1258,4 +1258,4 @@ loser: return SECFailure; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index da42bfd..1d1f39cc 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -48,19 +48,27 @@ static SECStatus ssl3_GetSessionTicketKeys(const unsigned char **aes_key, #endif static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes); -static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, +static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, - PRUint16 ex_type, SECItem *data); + PRUint16 ex_type, SECItem *data); +static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss, + PRUint16 ex_type, SECItem *data); static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, - PRUint16 ex_type, SECItem *data); + PRUint16 ex_type, SECItem *data); +static SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, + SECItem *data); static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); + PRUint32 maxBytes); +static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data); -static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss, +static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); @@ -83,7 +91,7 @@ static SECStatus ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes) { if (bytes > item->len) - return SECFailure; + return SECFailure; PORT_Memcpy(item->data, buf, bytes); item->data += bytes; @@ -105,13 +113,13 @@ ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize) switch (lenSize) { case 4: - *p++ = (PRUint8) (num >> 24); + *p++ = (PRUint8) (num >> 24); case 3: - *p++ = (PRUint8) (num >> 16); + *p++ = (PRUint8) (num >> 16); case 2: - *p++ = (PRUint8) (num >> 8); + *p++ = (PRUint8) (num >> 8); case 1: - *p = (PRUint8) num; + *p = (PRUint8) num; } rv = ssl3_AppendToItem(item, &b[0], lenSize); return rv; @@ -120,15 +128,15 @@ ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize) static SECStatus ssl3_SessionTicketShutdown(void* appData, void* nssData) { if (session_ticket_enc_key_pkcs11) { - PK11_FreeSymKey(session_ticket_enc_key_pkcs11); - session_ticket_enc_key_pkcs11 = NULL; + PK11_FreeSymKey(session_ticket_enc_key_pkcs11); + session_ticket_enc_key_pkcs11 = NULL; } if (session_ticket_mac_key_pkcs11) { - PK11_FreeSymKey(session_ticket_mac_key_pkcs11); - session_ticket_mac_key_pkcs11 = NULL; + PK11_FreeSymKey(session_ticket_mac_key_pkcs11); + session_ticket_mac_key_pkcs11 = NULL; } PORT_Memset(&generate_session_keys_once, 0, - sizeof(generate_session_keys_once)); + sizeof(generate_session_keys_once)); return SECSuccess; } @@ -142,22 +150,22 @@ ssl3_GenerateSessionTicketKeysPKCS11(void *data) SECKEYPublicKey *svrPubKey = ss->serverCerts[kt_rsa].serverKeyPair->pubKey; if (svrPrivKey == NULL || svrPubKey == NULL) { - SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.", - SSL_GETPID(), ss->fd)); - goto loser; + SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.", + SSL_GETPID(), ss->fd)); + goto loser; } /* Get a copy of the session keys from shared memory. */ PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX, - sizeof(SESS_TICKET_KEY_NAME_PREFIX)); + sizeof(SESS_TICKET_KEY_NAME_PREFIX)); if (!ssl_GetSessionTicketKeysPKCS11(svrPrivKey, svrPubKey, - ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN], - &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11)) - return PR_FAILURE; + ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN], + &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11)) + return PR_FAILURE; rv = NSS_RegisterShutdown(ssl3_SessionTicketShutdown, NULL); if (rv != SECSuccess) - goto loser; + goto loser; return PR_SUCCESS; @@ -171,12 +179,12 @@ ssl3_GetSessionTicketKeysPKCS11(sslSocket *ss, PK11SymKey **aes_key, PK11SymKey **mac_key) { if (PR_CallOnceWithArg(&generate_session_keys_once, - ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS) - return SECFailure; + ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS) + return SECFailure; if (session_ticket_enc_key_pkcs11 == NULL || - session_ticket_mac_key_pkcs11 == NULL) - return SECFailure; + session_ticket_mac_key_pkcs11 == NULL) + return SECFailure; *aes_key = session_ticket_enc_key_pkcs11; *mac_key = session_ticket_mac_key_pkcs11; @@ -188,11 +196,11 @@ static PRStatus ssl3_GenerateSessionTicketKeys(void) { PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX, - sizeof(SESS_TICKET_KEY_NAME_PREFIX)); + sizeof(SESS_TICKET_KEY_NAME_PREFIX)); if (!ssl_GetSessionTicketKeys(&key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN], - session_ticket_enc_key, session_ticket_mac_key)) - return PR_FAILURE; + session_ticket_enc_key, session_ticket_mac_key)) + return PR_FAILURE; session_ticket_keys_initialized = PR_TRUE; return PR_SUCCESS; @@ -204,11 +212,11 @@ ssl3_GetSessionTicketKeys(const unsigned char **aes_key, PRUint32 *mac_key_length) { if (PR_CallOnce(&generate_session_keys_once, - ssl3_GenerateSessionTicketKeys) != PR_SUCCESS) - return SECFailure; + ssl3_GenerateSessionTicketKeys) != PR_SUCCESS) + return SECFailure; if (!session_ticket_keys_initialized) - return SECFailure; + return SECFailure; *aes_key = session_ticket_enc_key; *aes_key_length = sizeof(session_ticket_enc_key); @@ -226,13 +234,14 @@ ssl3_GetSessionTicketKeys(const unsigned char **aes_key, /* This table is used by the server, to handle client hello extensions. */ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn }, { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn }, #endif { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, + { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, @@ -247,6 +256,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, + { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, { -1, NULL } @@ -263,23 +273,24 @@ static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { * The server's table of hello senders is dynamic, in the socket struct, * and sender functions are registered there. */ -static const +static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, #endif { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, + { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn } /* any extra entries will appear as { 0, NULL } */ }; -static const +static const ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } /* any extra entries will appear as { 0, NULL } */ @@ -290,8 +301,8 @@ arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) { int i; for (i = 0; i < len; i++) { - if (ex_type == array[i]) - return PR_TRUE; + if (ex_type == array[i]) + return PR_TRUE; } return PR_FALSE; } @@ -300,14 +311,14 @@ PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) { TLSExtensionData *xtnData = &ss->xtnData; return arrayContainsExtension(xtnData->negotiated, - xtnData->numNegotiated, ex_type); + xtnData->numNegotiated, ex_type); } static PRBool ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) { TLSExtensionData *xtnData = &ss->xtnData; return arrayContainsExtension(xtnData->advertised, - xtnData->numAdvertised, ex_type); + xtnData->numAdvertised, ex_type); } /* Format an SNI extension, using the name from the socket's URL, @@ -320,11 +331,11 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, { SECStatus rv; if (!ss) - return 0; + return 0; if (!ss->sec.isServer) { PRUint32 len; PRNetAddr netAddr; - + /* must have a hostname */ if (!ss->url || !ss->url[0]) return 0; @@ -336,10 +347,10 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, len = PORT_Strlen(ss->url); if (append && maxBytes >= len + 9) { /* extension_type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); + rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); if (rv != SECSuccess) return -1; /* length of extension_data */ - rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2); + rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2); if (rv != SECSuccess) return -1; /* length of server_name_list */ rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2); @@ -352,8 +363,8 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, if (rv != SECSuccess) return -1; if (!ss->sec.isServer) { TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_server_name_xtn; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_server_name_xtn; } } return len + 9; @@ -395,7 +406,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) return SECSuccess; } /* length of server_name_list */ - listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (listLenBytes == 0 || listLenBytes != data->len) { return SECFailure; } @@ -406,7 +417,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; PRInt32 type; /* Name Type (sni_host_name) */ - type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); + type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); if (!ldata.len) { return SECFailure; } @@ -434,7 +445,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; PRBool nametypePresent = PR_FALSE; /* Name Type (sni_host_name) */ - type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); + type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); /* Check if we have such type in the list */ for (j = 0;j < listCount && names[j].data;j++) { if (names[j].type == type) { @@ -466,16 +477,16 @@ loser: PORT_Free(names); return SECFailure; } - + /* Called by both clients and servers. * Clients sends a filled in session ticket if one is available, and otherwise * sends an empty ticket. Servers always send empty tickets. */ PRInt32 ssl3_SendSessionTicketXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 extension_length; NewSessionTicket *session_ticket = NULL; @@ -483,7 +494,7 @@ ssl3_SendSessionTicketXtn( /* Ignore the SessionTicket extension if processing is disabled. */ if (!ss->opt.enableSessionTickets) - return 0; + return 0; /* Empty extension length = extension_type (2-bytes) + * length(extension_data) (2-bytes) @@ -495,53 +506,53 @@ ssl3_SendSessionTicketXtn( * the extension always respond with an empty extension. */ if (!ss->sec.isServer) { - /* The caller must be holding sid->u.ssl3.lock for reading. We cannot - * just acquire and release the lock within this function because the - * caller will call this function twice, and we need the inputs to be - * consistent between the two calls. Note that currently the caller - * will only be holding the lock when we are the client and when we're - * attempting to resume an existing session. - */ - - session_ticket = &sid->u.ssl3.locked.sessionTicket; - if (session_ticket->ticket.data) { - if (ss->xtnData.ticketTimestampVerified) { - extension_length += session_ticket->ticket.len; - } else if (!append && - (session_ticket->ticket_lifetime_hint == 0 || - (session_ticket->ticket_lifetime_hint + - session_ticket->received_timestamp > ssl_Time()))) { - extension_length += session_ticket->ticket.len; - ss->xtnData.ticketTimestampVerified = PR_TRUE; - } - } + /* The caller must be holding sid->u.ssl3.lock for reading. We cannot + * just acquire and release the lock within this function because the + * caller will call this function twice, and we need the inputs to be + * consistent between the two calls. Note that currently the caller + * will only be holding the lock when we are the client and when we're + * attempting to resume an existing session. + */ + + session_ticket = &sid->u.ssl3.locked.sessionTicket; + if (session_ticket->ticket.data) { + if (ss->xtnData.ticketTimestampVerified) { + extension_length += session_ticket->ticket.len; + } else if (!append && + (session_ticket->ticket_lifetime_hint == 0 || + (session_ticket->ticket_lifetime_hint + + session_ticket->received_timestamp > ssl_Time()))) { + extension_length += session_ticket->ticket.len; + ss->xtnData.ticketTimestampVerified = PR_TRUE; + } + } } if (append && maxBytes >= extension_length) { - SECStatus rv; - /* extension_type */ + SECStatus rv; + /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); if (rv != SECSuccess) - goto loser; - if (session_ticket && session_ticket->ticket.data && - ss->xtnData.ticketTimestampVerified) { - rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data, - session_ticket->ticket.len, 2); - ss->xtnData.ticketTimestampVerified = PR_FALSE; - ss->xtnData.sentSessionTicketInClientHello = PR_TRUE; - } else { - rv = ssl3_AppendHandshakeNumber(ss, 0, 2); - } + goto loser; + if (session_ticket && session_ticket->ticket.data && + ss->xtnData.ticketTimestampVerified) { + rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data, + session_ticket->ticket.len, 2); + ss->xtnData.ticketTimestampVerified = PR_FALSE; + ss->xtnData.sentSessionTicketInClientHello = PR_TRUE; + } else { + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + } if (rv != SECSuccess) - goto loser; + goto loser; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_session_ticket_xtn; - } + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_session_ticket_xtn; + } } else if (maxBytes < extension_length) { - PORT_Assert(0); + PORT_Assert(0); return 0; } return extension_length; @@ -553,12 +564,13 @@ ssl3_SendSessionTicketXtn( /* handle an incoming Next Protocol Negotiation extension. */ static SECStatus -ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data) { if (ss->firstHsDone || data->len != 0) { - /* Clients MUST send an empty NPN extension, if any. */ - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; + /* Clients MUST send an empty NPN extension, if any. */ + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; } ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -579,60 +591,57 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length) unsigned int offset = 0; while (offset < length) { - unsigned int newOffset = offset + 1 + (unsigned int) data[offset]; - /* Reject embedded nulls to protect against buggy applications that - * store protocol identifiers in null-terminated strings. - */ - if (newOffset > length || data[offset] == 0) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; - } - offset = newOffset; + unsigned int newOffset = offset + 1 + (unsigned int) data[offset]; + /* Reject embedded nulls to protect against buggy applications that + * store protocol identifiers in null-terminated strings. + */ + if (newOffset > length || data[offset] == 0) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; + } + offset = newOffset; } if (offset > length) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; } return SECSuccess; } +/* protocol selection handler for ALPN (server side) and NPN (client side) */ static SECStatus -ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, - SECItem *data) +ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) { SECStatus rv; unsigned char resultBuffer[255]; SECItem result = { siBuffer, resultBuffer, 0 }; - PORT_Assert(!ss->firstHsDone); - rv = ssl3_ValidateNextProtoNego(data->data, data->len); if (rv != SECSuccess) - return rv; - - /* ss->nextProtoCallback cannot normally be NULL if we negotiated the - * extension. However, It is possible that an application erroneously - * cleared the callback between the time we sent the ClientHello and now. - */ - PORT_Assert(ss->nextProtoCallback != NULL); - if (!ss->nextProtoCallback) { - /* XXX Use a better error code. This is an application error, not an - * NSS bug. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } + return rv; + PORT_Assert(ss->nextProtoCallback); rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, - result.data, &result.len, sizeof resultBuffer); + result.data, &result.len, sizeof resultBuffer); if (rv != SECSuccess) - return rv; + return rv; /* If the callback wrote more than allowed to |result| it has corrupted our * stack. */ if (result.len > sizeof resultBuffer) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + + if (ex_type == ssl_app_layer_protocol_xtn && + ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) { + /* The callback might say OK, but then it's picked a default. + * That's OK for NPN, but not ALPN. */ + SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); + (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol); + return SECFailure; } ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -641,39 +650,258 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); } +/* handle an incoming ALPN extension at the server */ +static SECStatus +ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) +{ + int count; + SECStatus rv; + + /* We expressly don't want to allow ALPN on renegotiation, + * despite it being permitted by the spec. */ + if (ss->firstHsDone || data->len == 0) { + /* Clients MUST send a non-empty ALPN extension. */ + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; + } + + /* unlike NPN, ALPN has extra redundant length information so that + * the extension is the same in both ClientHello and ServerHello */ + count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + if (count < 0) { + return SECFailure; /* fatal alert was sent */ + } + if (count != data->len) { + return ssl3_DecodeError(ss); + } + + if (!ss->nextProtoCallback) { + /* we're not configured for it */ + return SECSuccess; + } + + rv = ssl3_SelectAppProtocol(ss, ex_type, data); + if (rv != SECSuccess) { + return rv; + } + + /* prepare to send back a response, if we negotiated */ + if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) { + return ssl3_RegisterServerHelloExtensionSender( + ss, ex_type, ssl3_ServerSendAppProtoXtn); + } + return SECSuccess; +} + +static SECStatus +ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, + SECItem *data) +{ + PORT_Assert(!ss->firstHsDone); + + if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) { + /* If the server negotiated ALPN then it has already told us what + * protocol to use, so it doesn't make sense for us to try to negotiate + * a different one by sending the NPN handshake message. However, if + * we've negotiated NPN then we're required to send the NPN handshake + * message. Thus, these two extensions cannot both be negotiated on the + * same connection. */ + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + /* We should only get this call if we sent the extension, so + * ss->nextProtoCallback needs to be non-NULL. However, it is possible + * that an application erroneously cleared the callback between the time + * we sent the ClientHello and now. */ + if (!ss->nextProtoCallback) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); + return SECFailure; + } + + return ssl3_SelectAppProtocol(ss, ex_type, data); +} + +static SECStatus +ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) +{ + const unsigned char* d = data->data; + PRUint16 name_list_len; + SECItem protocol_name; + + if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + /* The extension data from the server has the following format: + * uint16 name_list_len; + * uint8 len; + * uint8 protocol_name[len]; */ + if (data->len < 4 || data->len > 2 + 1 + 255) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; + } + + name_list_len = ((PRUint16) d[0]) << 8 | + ((PRUint16) d[1]); + if (name_list_len != data->len - 2 || d[2] != data->len - 3) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; + } + + protocol_name.data = data->data + 3; + protocol_name.len = data->len - 3; + + SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + ss->ssl3.nextProtoState = SSL_NEXT_PROTO_SELECTED; + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; + return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &protocol_name); +} + static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, - PRUint32 maxBytes) + PRUint32 maxBytes) { PRInt32 extension_length; /* Renegotiations do not send this extension. */ - if (!ss->nextProtoCallback || ss->firstHsDone) { - return 0; + if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) { + return 0; } extension_length = 4; if (append && maxBytes >= extension_length) { - SECStatus rv; - rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeNumber(ss, 0, 2); - if (rv != SECSuccess) - goto loser; - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_next_proto_nego_xtn; + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_next_proto_nego_xtn; + } else if (maxBytes < extension_length) { + return 0; + } + + return extension_length; + +loser: + return -1; +} + +static PRInt32 +ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) +{ + PRInt32 extension_length; + unsigned char *alpn_protos = NULL; + + /* Renegotiations do not send this extension. */ + if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) { + return 0; + } + + extension_length = 2 /* extension type */ + 2 /* extension length */ + + 2 /* protocol name list length */ + + ss->opt.nextProtoNego.len; + + if (append && maxBytes >= extension_length) { + /* NPN requires that the client's fallback protocol is first in the + * list. However, ALPN sends protocols in preference order. So we + * allocate a buffer and move the first protocol to the end of the + * list. */ + SECStatus rv; + const unsigned int len = ss->opt.nextProtoNego.len; + + alpn_protos = PORT_Alloc(len); + if (alpn_protos == NULL) { + return SECFailure; + } + if (len > 0) { + /* Each protocol string is prefixed with a single byte length. */ + unsigned int i = ss->opt.nextProtoNego.data[0] + 1; + if (i <= len) { + memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i); + memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i); + } else { + /* This seems to be invalid data so we'll send as-is. */ + memcpy(alpn_protos, ss->opt.nextProtoNego.data, len); + } + } + + rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); + if (rv != SECSuccess) { + goto loser; + } + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) { + goto loser; + } + rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2); + PORT_Free(alpn_protos); + alpn_protos = NULL; + if (rv != SECSuccess) { + goto loser; + } + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_app_layer_protocol_xtn; } else if (maxBytes < extension_length) { - return 0; + return 0; } return extension_length; loser: + if (alpn_protos) { + PORT_Free(alpn_protos); + } return -1; } +static PRInt32 +ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) +{ + PRInt32 extension_length; + + /* we're in over our heads if any of these fail */ + PORT_Assert(ss->opt.enableALPN); + PORT_Assert(ss->ssl3.nextProto.data); + PORT_Assert(ss->ssl3.nextProto.len > 0); + PORT_Assert(ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED); + PORT_Assert(!ss->firstHsDone); + + extension_length = 2 /* extension type */ + 2 /* extension length */ + + 2 /* protocol name list */ + 1 /* name length */ + + ss->ssl3.nextProto.len; + + if (append && maxBytes >= extension_length) { + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.nextProto.len + 1, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.nextProto.data, + ss->ssl3.nextProto.len, 1); + if (rv != SECSuccess) { + return -1; + } + } else if (maxBytes < extension_length) { + return 0; + } + + return extension_length; +} + static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) @@ -690,9 +918,9 @@ ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, static PRInt32 ssl3_ServerSendStatusRequestXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 extension_length; SECStatus rv; @@ -700,29 +928,29 @@ ssl3_ServerSendStatusRequestXtn( PRBool haveStatus = PR_FALSE; for (i = kt_null; i < kt_kea_size; i++) { - /* TODO: This is a temporary workaround. - * The correct code needs to see if we have an OCSP response for - * the server certificate being used, rather than if we have any - * OCSP response. See also ssl3_SendCertificateStatus. - */ - if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) { - haveStatus = PR_TRUE; - break; - } + /* TODO: This is a temporary workaround. + * The correct code needs to see if we have an OCSP response for + * the server certificate being used, rather than if we have any + * OCSP response. See also ssl3_SendCertificateStatus. + */ + if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) { + haveStatus = PR_TRUE; + break; + } } if (!haveStatus) - return 0; + return 0; extension_length = 2 + 2; if (append && maxBytes >= extension_length) { - /* extension_type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); - if (rv != SECSuccess) - return -1; - /* length of extension_data */ - rv = ssl3_AppendHandshakeNumber(ss, 0, 2); - if (rv != SECSuccess) - return -1; + /* extension_type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); + if (rv != SECSuccess) + return -1; + /* length of extension_data */ + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + if (rv != SECSuccess) + return -1; } return extension_length; @@ -832,14 +1060,14 @@ ssl3_SendNewSessionTicket(sslSocket *ss) * must be >= 0 */ SSL_TRC(3, ("%d: SSL3[%d]: send session_ticket handshake", - SSL_GETPID(), ss->fd)); + SSL_GETPID(), ss->fd)); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); ticket.ticket_lifetime_hint = TLS_EX_SESS_TICKET_LIFETIME_HINT; cert_length = (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) ? - 3 + ss->sec.ci.sid->peerCert->derCert.len : 0; + 3 + ss->sec.ci.sid->peerCert->derCert.len : 0; /* Get IV and encryption keys */ ivItem.data = iv; @@ -849,47 +1077,47 @@ ssl3_SendNewSessionTicket(sslSocket *ss) #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { - rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, - &mac_key, &mac_key_length); - } else + rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, + &mac_key, &mac_key_length); + } else #endif { - rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, - &mac_key_pkcs11); + rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, + &mac_key_pkcs11); } if (rv != SECSuccess) goto loser; if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) { - /* The master secret is available unwrapped. */ - ms_item.data = ss->ssl3.pwSpec->msItem.data; - ms_item.len = ss->ssl3.pwSpec->msItem.len; - ms_is_wrapped = PR_FALSE; + /* The master secret is available unwrapped. */ + ms_item.data = ss->ssl3.pwSpec->msItem.data; + ms_item.len = ss->ssl3.pwSpec->msItem.len; + ms_is_wrapped = PR_FALSE; } else { - /* Extract the master secret wrapped. */ - sslSessionID sid; - PORT_Memset(&sid, 0, sizeof(sslSessionID)); - - if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { - effectiveExchKeyType = kt_rsa; - } else { - effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; - } - - rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec, - effectiveExchKeyType); - if (rv == SECSuccess) { - if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms)) - goto loser; - memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret, - sid.u.ssl3.keys.wrapped_master_secret_len); - ms_item.data = wrapped_ms; - ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len; - msWrapMech = sid.u.ssl3.masterWrapMech; - } else { - /* TODO: else send an empty ticket. */ - goto loser; - } - ms_is_wrapped = PR_TRUE; + /* Extract the master secret wrapped. */ + sslSessionID sid; + PORT_Memset(&sid, 0, sizeof(sslSessionID)); + + if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { + effectiveExchKeyType = kt_rsa; + } else { + effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; + } + + rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec, + effectiveExchKeyType); + if (rv == SECSuccess) { + if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms)) + goto loser; + memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret, + sid.u.ssl3.keys.wrapped_master_secret_len); + ms_item.data = wrapped_ms; + ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len; + msWrapMech = sid.u.ssl3.masterWrapMech; + } else { + /* TODO: else send an empty ticket. */ + goto loser; + } + ms_is_wrapped = PR_TRUE; } /* Prep to send negotiated name */ srvName = &ss->ssl3.pwSpec->srvVirtName; @@ -897,55 +1125,55 @@ ssl3_SendNewSessionTicket(sslSocket *ss) srvNameLen = 2 + srvName->len; /* len bytes + name len */ } - ciphertext_length = - sizeof(PRUint16) /* ticket_version */ - + sizeof(SSL3ProtocolVersion) /* ssl_version */ - + sizeof(ssl3CipherSuite) /* ciphersuite */ - + 1 /* compression */ - + 10 /* cipher spec parameters */ - + 1 /* SessionTicket.ms_is_wrapped */ - + 1 /* effectiveExchKeyType */ - + 4 /* msWrapMech */ - + 2 /* master_secret.length */ - + ms_item.len /* master_secret */ - + 1 /* client_auth_type */ - + cert_length /* cert */ + ciphertext_length = + sizeof(PRUint16) /* ticket_version */ + + sizeof(SSL3ProtocolVersion) /* ssl_version */ + + sizeof(ssl3CipherSuite) /* ciphersuite */ + + 1 /* compression */ + + 10 /* cipher spec parameters */ + + 1 /* SessionTicket.ms_is_wrapped */ + + 1 /* effectiveExchKeyType */ + + 4 /* msWrapMech */ + + 2 /* master_secret.length */ + + ms_item.len /* master_secret */ + + 1 /* client_auth_type */ + + cert_length /* cert */ + 1 /* server name type */ + srvNameLen /* name len + length field */ - + sizeof(ticket.ticket_lifetime_hint); + + sizeof(ticket.ticket_lifetime_hint); padding_length = AES_BLOCK_SIZE - - (ciphertext_length % AES_BLOCK_SIZE); + (ciphertext_length % AES_BLOCK_SIZE); ciphertext_length += padding_length; message_length = - sizeof(ticket.ticket_lifetime_hint) /* ticket_lifetime_hint */ - + 2 /* length field for NewSessionTicket.ticket */ - + SESS_TICKET_KEY_NAME_LEN /* key_name */ - + AES_BLOCK_SIZE /* iv */ - + 2 /* length field for NewSessionTicket.ticket.encrypted_state */ - + ciphertext_length /* encrypted_state */ - + TLS_EX_SESS_TICKET_MAC_LENGTH; /* mac */ + sizeof(ticket.ticket_lifetime_hint) /* ticket_lifetime_hint */ + + 2 /* length field for NewSessionTicket.ticket */ + + SESS_TICKET_KEY_NAME_LEN /* key_name */ + + AES_BLOCK_SIZE /* iv */ + + 2 /* length field for NewSessionTicket.ticket.encrypted_state */ + + ciphertext_length /* encrypted_state */ + + TLS_EX_SESS_TICKET_MAC_LENGTH; /* mac */ if (SECITEM_AllocItem(NULL, &plaintext_item, ciphertext_length) == NULL) - goto loser; + goto loser; plaintext = plaintext_item; /* ticket_version */ rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION, - sizeof(PRUint16)); + sizeof(PRUint16)); if (rv != SECSuccess) goto loser; /* ssl_version */ rv = ssl3_AppendNumberToItem(&plaintext, ss->version, - sizeof(SSL3ProtocolVersion)); + sizeof(SSL3ProtocolVersion)); if (rv != SECSuccess) goto loser; /* ciphersuite */ - rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite, - sizeof(ssl3CipherSuite)); + rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite, + sizeof(ssl3CipherSuite)); if (rv != SECSuccess) goto loser; - + /* compression */ rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.compression, 1); if (rv != SECSuccess) goto loser; @@ -974,24 +1202,24 @@ ssl3_SendNewSessionTicket(sslSocket *ss) /* client_identity */ if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) { - rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1); - if (rv != SECSuccess) goto loser; - rv = ssl3_AppendNumberToItem(&plaintext, - ss->sec.ci.sid->peerCert->derCert.len, 3); - if (rv != SECSuccess) goto loser; - rv = ssl3_AppendToItem(&plaintext, - ss->sec.ci.sid->peerCert->derCert.data, - ss->sec.ci.sid->peerCert->derCert.len); - if (rv != SECSuccess) goto loser; + rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1); + if (rv != SECSuccess) goto loser; + rv = ssl3_AppendNumberToItem(&plaintext, + ss->sec.ci.sid->peerCert->derCert.len, 3); + if (rv != SECSuccess) goto loser; + rv = ssl3_AppendToItem(&plaintext, + ss->sec.ci.sid->peerCert->derCert.data, + ss->sec.ci.sid->peerCert->derCert.len); + if (rv != SECSuccess) goto loser; } else { - rv = ssl3_AppendNumberToItem(&plaintext, 0, 1); - if (rv != SECSuccess) goto loser; + rv = ssl3_AppendNumberToItem(&plaintext, 0, 1); + if (rv != SECSuccess) goto loser; } /* timestamp */ now = ssl_Time(); rv = ssl3_AppendNumberToItem(&plaintext, now, - sizeof(ticket.ticket_lifetime_hint)); + sizeof(ticket.ticket_lifetime_hint)); if (rv != SECSuccess) goto loser; if (srvNameLen) { @@ -1012,39 +1240,39 @@ ssl3_SendNewSessionTicket(sslSocket *ss) PORT_Assert(plaintext.len == padding_length); for (i = 0; i < padding_length; i++) - plaintext.data[i] = (unsigned char)padding_length; + plaintext.data[i] = (unsigned char)padding_length; if (SECITEM_AllocItem(NULL, &ciphertext, ciphertext_length) == NULL) { - rv = SECFailure; - goto loser; + rv = SECFailure; + goto loser; } /* Generate encrypted portion of ticket. */ #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { - aes_ctx = (AESContext *)aes_ctx_buf; - rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv, - NSS_AES_CBC, 1, AES_BLOCK_SIZE); - if (rv != SECSuccess) goto loser; - - rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len, - ciphertext.len, plaintext_item.data, - plaintext_item.len); - if (rv != SECSuccess) goto loser; - } else + aes_ctx = (AESContext *)aes_ctx_buf; + rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv, + NSS_AES_CBC, 1, AES_BLOCK_SIZE); + if (rv != SECSuccess) goto loser; + + rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len, + ciphertext.len, plaintext_item.data, + plaintext_item.len); + if (rv != SECSuccess) goto loser; + } else #endif { - aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, - CKA_ENCRYPT, aes_key_pkcs11, &ivItem); - if (!aes_ctx_pkcs11) - goto loser; + aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, + CKA_ENCRYPT, aes_key_pkcs11, &ivItem); + if (!aes_ctx_pkcs11) + goto loser; - rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data, - (int *)&ciphertext.len, ciphertext.len, - plaintext_item.data, plaintext_item.len); - PK11_Finalize(aes_ctx_pkcs11); - PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) goto loser; + rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data, + (int *)&ciphertext.len, ciphertext.len, + plaintext_item.data, plaintext_item.len); + PK11_Finalize(aes_ctx_pkcs11); + PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) goto loser; } /* Convert ciphertext length to network order. */ @@ -1054,40 +1282,40 @@ ssl3_SendNewSessionTicket(sslSocket *ss) /* Compute MAC. */ #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { - hmac_ctx = (HMACContext *)hmac_ctx_buf; - hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); - if (HMAC_Init(hmac_ctx, hashObj, mac_key, - mac_key_length, PR_FALSE) != SECSuccess) - goto loser; - - HMAC_Begin(hmac_ctx); - HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN); - HMAC_Update(hmac_ctx, iv, sizeof(iv)); - HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2); - HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len); - HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, - sizeof(computed_mac)); - } else + hmac_ctx = (HMACContext *)hmac_ctx_buf; + hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); + if (HMAC_Init(hmac_ctx, hashObj, mac_key, + mac_key_length, PR_FALSE) != SECSuccess) + goto loser; + + HMAC_Begin(hmac_ctx); + HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN); + HMAC_Update(hmac_ctx, iv, sizeof(iv)); + HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2); + HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len); + HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, + sizeof(computed_mac)); + } else #endif { - SECItem macParam; - macParam.data = NULL; - macParam.len = 0; - hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, - CKA_SIGN, mac_key_pkcs11, &macParam); - if (!hmac_ctx_pkcs11) - goto loser; - - rv = PK11_DigestBegin(hmac_ctx_pkcs11); - rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name, - SESS_TICKET_KEY_NAME_LEN); - rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv)); - rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2); - rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len); - rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, - &computed_mac_length, sizeof(computed_mac)); - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) goto loser; + SECItem macParam; + macParam.data = NULL; + macParam.len = 0; + hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, + CKA_SIGN, mac_key_pkcs11, &macParam); + if (!hmac_ctx_pkcs11) + goto loser; + + rv = PK11_DigestBegin(hmac_ctx_pkcs11); + rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name, + SESS_TICKET_KEY_NAME_LEN); + rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv)); + rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2); + rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len); + rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, + &computed_mac_length, sizeof(computed_mac)); + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) goto loser; } /* Serialize the handshake message. */ @@ -1095,11 +1323,11 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (rv != SECSuccess) goto loser; rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_lifetime_hint, - sizeof(ticket.ticket_lifetime_hint)); + sizeof(ticket.ticket_lifetime_hint)); if (rv != SECSuccess) goto loser; rv = ssl3_AppendHandshakeNumber(ss, - message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2); + message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2); if (rv != SECSuccess) goto loser; rv = ssl3_AppendHandshake(ss, key_name, SESS_TICKET_KEY_NAME_LEN); @@ -1116,9 +1344,9 @@ ssl3_SendNewSessionTicket(sslSocket *ss) loser: if (plaintext_item.data) - SECITEM_FreeItem(&plaintext_item, PR_FALSE); + SECITEM_FreeItem(&plaintext_item, PR_FALSE); if (ciphertext.data) - SECITEM_FreeItem(&ciphertext, PR_FALSE); + SECITEM_FreeItem(&ciphertext, PR_FALSE); return rv; } @@ -1131,7 +1359,7 @@ ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { if (data->len != 0) - return SECFailure; + return SECFailure; /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1150,7 +1378,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, /* Ignore the SessionTicket extension if processing is disabled. */ if (!ss->opt.enableSessionTickets) - return SECSuccess; + return SECSuccess; /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1160,302 +1388,302 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, * instead of terminating the current connection. */ if (data->len == 0) { - ss->xtnData.emptySessionTicket = PR_TRUE; + ss->xtnData.emptySessionTicket = PR_TRUE; } else { - int i; - SECItem extension_data; - EncryptedSessionTicket enc_session_ticket; - unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; - unsigned int computed_mac_length; + int i; + SECItem extension_data; + EncryptedSessionTicket enc_session_ticket; + unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; + unsigned int computed_mac_length; #ifndef NO_PKCS11_BYPASS - const SECHashObject *hashObj; - const unsigned char *aes_key; - const unsigned char *mac_key; - PRUint32 aes_key_length; - PRUint32 mac_key_length; - PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS]; - HMACContext *hmac_ctx; - PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS]; - AESContext *aes_ctx; + const SECHashObject *hashObj; + const unsigned char *aes_key; + const unsigned char *mac_key; + PRUint32 aes_key_length; + PRUint32 mac_key_length; + PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS]; + HMACContext *hmac_ctx; + PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS]; + AESContext *aes_ctx; #endif - PK11SymKey *aes_key_pkcs11; - PK11SymKey *mac_key_pkcs11; - PK11Context *hmac_ctx_pkcs11; - CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; - PK11Context *aes_ctx_pkcs11; - CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; - unsigned char * padding; - PRUint32 padding_length; - unsigned char *buffer; - unsigned int buffer_len; - PRInt32 temp; - SECItem cert_item; + PK11SymKey *aes_key_pkcs11; + PK11SymKey *mac_key_pkcs11; + PK11Context *hmac_ctx_pkcs11; + CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; + PK11Context *aes_ctx_pkcs11; + CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; + unsigned char * padding; + PRUint32 padding_length; + unsigned char *buffer; + unsigned int buffer_len; + PRInt32 temp; + SECItem cert_item; PRInt8 nameType = TLS_STE_NO_SERVER_NAME; - /* Turn off stateless session resumption if the client sends a - * SessionTicket extension, even if the extension turns out to be - * malformed (ss->sec.ci.sid is non-NULL when doing session - * renegotiation.) - */ - if (ss->sec.ci.sid != NULL) { - if (ss->sec.uncache) - ss->sec.uncache(ss->sec.ci.sid); - ssl_FreeSID(ss->sec.ci.sid); - ss->sec.ci.sid = NULL; - } - - extension_data.data = data->data; /* Keep a copy for future use. */ - extension_data.len = data->len; - - if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) - != SECSuccess) - return SECFailure; - - /* Get session ticket keys. */ + /* Turn off stateless session resumption if the client sends a + * SessionTicket extension, even if the extension turns out to be + * malformed (ss->sec.ci.sid is non-NULL when doing session + * renegotiation.) + */ + if (ss->sec.ci.sid != NULL) { + if (ss->sec.uncache) + ss->sec.uncache(ss->sec.ci.sid); + ssl_FreeSID(ss->sec.ci.sid); + ss->sec.ci.sid = NULL; + } + + extension_data.data = data->data; /* Keep a copy for future use. */ + extension_data.len = data->len; + + if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) + != SECSuccess) + return SECFailure; + + /* Get session ticket keys. */ #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11) { - rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, - &mac_key, &mac_key_length); - } else + if (ss->opt.bypassPKCS11) { + rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, + &mac_key, &mac_key_length); + } else #endif - { - rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, - &mac_key_pkcs11); - } - if (rv != SECSuccess) { - SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.", - SSL_GETPID(), ss->fd)); - goto loser; - } - - /* If the ticket sent by the client was generated under a key different - * from the one we have, bypass ticket processing. - */ - if (PORT_Memcmp(enc_session_ticket.key_name, key_name, - SESS_TICKET_KEY_NAME_LEN) != 0) { - SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } - - /* Verify the MAC on the ticket. MAC verification may also - * fail if the MAC key has been recently refreshed. - */ + { + rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, + &mac_key_pkcs11); + } + if (rv != SECSuccess) { + SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.", + SSL_GETPID(), ss->fd)); + goto loser; + } + + /* If the ticket sent by the client was generated under a key different + * from the one we have, bypass ticket processing. + */ + if (PORT_Memcmp(enc_session_ticket.key_name, key_name, + SESS_TICKET_KEY_NAME_LEN) != 0) { + SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } + + /* Verify the MAC on the ticket. MAC verification may also + * fail if the MAC key has been recently refreshed. + */ #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11) { - hmac_ctx = (HMACContext *)hmac_ctx_buf; - hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); - if (HMAC_Init(hmac_ctx, hashObj, mac_key, - sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess) - goto no_ticket; - HMAC_Begin(hmac_ctx); - HMAC_Update(hmac_ctx, extension_data.data, - extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); - if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, - sizeof(computed_mac)) != SECSuccess) - goto no_ticket; - } else + if (ss->opt.bypassPKCS11) { + hmac_ctx = (HMACContext *)hmac_ctx_buf; + hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); + if (HMAC_Init(hmac_ctx, hashObj, mac_key, + sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess) + goto no_ticket; + HMAC_Begin(hmac_ctx); + HMAC_Update(hmac_ctx, extension_data.data, + extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); + if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, + sizeof(computed_mac)) != SECSuccess) + goto no_ticket; + } else #endif - { - SECItem macParam; - macParam.data = NULL; - macParam.len = 0; - hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, - CKA_SIGN, mac_key_pkcs11, &macParam); - if (!hmac_ctx_pkcs11) { - SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.", - SSL_GETPID(), ss->fd, PORT_GetError())); - goto no_ticket; - } else { - SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.", - SSL_GETPID(), ss->fd)); - } - rv = PK11_DigestBegin(hmac_ctx_pkcs11); - rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data, - extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); - if (rv != SECSuccess) { - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); - goto no_ticket; - } - rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, - &computed_mac_length, sizeof(computed_mac)); - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) - goto no_ticket; - } - if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac, - computed_mac_length) != 0) { - SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } - - /* We ignore key_name for now. - * This is ok as MAC verification succeeded. - */ - - /* Decrypt the ticket. */ - - /* Plaintext is shorter than the ciphertext due to padding. */ - decrypted_state = SECITEM_AllocItem(NULL, NULL, - enc_session_ticket.encrypted_state.len); + { + SECItem macParam; + macParam.data = NULL; + macParam.len = 0; + hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, + CKA_SIGN, mac_key_pkcs11, &macParam); + if (!hmac_ctx_pkcs11) { + SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.", + SSL_GETPID(), ss->fd, PORT_GetError())); + goto no_ticket; + } else { + SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.", + SSL_GETPID(), ss->fd)); + } + rv = PK11_DigestBegin(hmac_ctx_pkcs11); + rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data, + extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); + if (rv != SECSuccess) { + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); + goto no_ticket; + } + rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, + &computed_mac_length, sizeof(computed_mac)); + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) + goto no_ticket; + } + if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac, + computed_mac_length) != 0) { + SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } + + /* We ignore key_name for now. + * This is ok as MAC verification succeeded. + */ + + /* Decrypt the ticket. */ + + /* Plaintext is shorter than the ciphertext due to padding. */ + decrypted_state = SECITEM_AllocItem(NULL, NULL, + enc_session_ticket.encrypted_state.len); #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11) { - aes_ctx = (AESContext *)aes_ctx_buf; - rv = AES_InitContext(aes_ctx, aes_key, - sizeof(session_ticket_enc_key), enc_session_ticket.iv, - NSS_AES_CBC, 0,AES_BLOCK_SIZE); - if (rv != SECSuccess) { - SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } - - rv = AES_Decrypt(aes_ctx, decrypted_state->data, - &decrypted_state->len, decrypted_state->len, - enc_session_ticket.encrypted_state.data, - enc_session_ticket.encrypted_state.len); - if (rv != SECSuccess) - goto no_ticket; - } else + if (ss->opt.bypassPKCS11) { + aes_ctx = (AESContext *)aes_ctx_buf; + rv = AES_InitContext(aes_ctx, aes_key, + sizeof(session_ticket_enc_key), enc_session_ticket.iv, + NSS_AES_CBC, 0,AES_BLOCK_SIZE); + if (rv != SECSuccess) { + SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } + + rv = AES_Decrypt(aes_ctx, decrypted_state->data, + &decrypted_state->len, decrypted_state->len, + enc_session_ticket.encrypted_state.data, + enc_session_ticket.encrypted_state.len); + if (rv != SECSuccess) + goto no_ticket; + } else #endif - { - SECItem ivItem; - ivItem.data = enc_session_ticket.iv; - ivItem.len = AES_BLOCK_SIZE; - aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, - CKA_DECRYPT, aes_key_pkcs11, &ivItem); - if (!aes_ctx_pkcs11) { - SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } - - rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data, - (int *)&decrypted_state->len, decrypted_state->len, - enc_session_ticket.encrypted_state.data, - enc_session_ticket.encrypted_state.len); - PK11_Finalize(aes_ctx_pkcs11); - PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) - goto no_ticket; - } - - /* Check padding. */ - padding_length = - (PRUint32)decrypted_state->data[decrypted_state->len - 1]; - if (padding_length == 0 || padding_length > AES_BLOCK_SIZE) - goto no_ticket; - - padding = &decrypted_state->data[decrypted_state->len - padding_length]; - for (i = 0; i < padding_length; i++, padding++) { - if (padding_length != (PRUint32)*padding) - goto no_ticket; - } - - /* Deserialize session state. */ - buffer = decrypted_state->data; - buffer_len = decrypted_state->len; - - parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket)); - if (parsed_session_ticket == NULL) { - rv = SECFailure; - goto loser; - } - - /* Read ticket_version (which is ignored for now.) */ - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp; - - /* Read SSLVersion. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp; - - /* Read cipher_suite. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp; - - /* Read compression_method. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->compression_method = (SSLCompressionMethod)temp; - - /* Read cipher spec parameters. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->authAlgorithm = (SSLSignType)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->authKeyBits = (PRUint32)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->keaType = (SSLKEAType)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->keaKeyBits = (PRUint32)temp; - - /* Read wrapped master_secret. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ms_is_wrapped = (PRBool)temp; - - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->exchKeyType = (SSL3KEAType)temp; - - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp; - - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ms_length = (PRUint16)temp; - if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */ - parsed_session_ticket->ms_length > - sizeof(parsed_session_ticket->master_secret)) - goto no_ticket; - - /* Allow for the wrapped master secret to be longer. */ - if (buffer_len < parsed_session_ticket->ms_length) - goto no_ticket; - PORT_Memcpy(parsed_session_ticket->master_secret, buffer, - parsed_session_ticket->ms_length); - buffer += parsed_session_ticket->ms_length; - buffer_len -= parsed_session_ticket->ms_length; - - /* Read client_identity */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) - goto no_ticket; - parsed_session_ticket->client_identity.client_auth_type = - (ClientAuthenticationType)temp; - switch(parsed_session_ticket->client_identity.client_auth_type) { + { + SECItem ivItem; + ivItem.data = enc_session_ticket.iv; + ivItem.len = AES_BLOCK_SIZE; + aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, + CKA_DECRYPT, aes_key_pkcs11, &ivItem); + if (!aes_ctx_pkcs11) { + SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } + + rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data, + (int *)&decrypted_state->len, decrypted_state->len, + enc_session_ticket.encrypted_state.data, + enc_session_ticket.encrypted_state.len); + PK11_Finalize(aes_ctx_pkcs11); + PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) + goto no_ticket; + } + + /* Check padding. */ + padding_length = + (PRUint32)decrypted_state->data[decrypted_state->len - 1]; + if (padding_length == 0 || padding_length > AES_BLOCK_SIZE) + goto no_ticket; + + padding = &decrypted_state->data[decrypted_state->len - padding_length]; + for (i = 0; i < padding_length; i++, padding++) { + if (padding_length != (PRUint32)*padding) + goto no_ticket; + } + + /* Deserialize session state. */ + buffer = decrypted_state->data; + buffer_len = decrypted_state->len; + + parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket)); + if (parsed_session_ticket == NULL) { + rv = SECFailure; + goto loser; + } + + /* Read ticket_version (which is ignored for now.) */ + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp; + + /* Read SSLVersion. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp; + + /* Read cipher_suite. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp; + + /* Read compression_method. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->compression_method = (SSLCompressionMethod)temp; + + /* Read cipher spec parameters. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->authAlgorithm = (SSLSignType)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->authKeyBits = (PRUint32)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->keaType = (SSLKEAType)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->keaKeyBits = (PRUint32)temp; + + /* Read wrapped master_secret. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ms_is_wrapped = (PRBool)temp; + + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->exchKeyType = (SSL3KEAType)temp; + + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp; + + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ms_length = (PRUint16)temp; + if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */ + parsed_session_ticket->ms_length > + sizeof(parsed_session_ticket->master_secret)) + goto no_ticket; + + /* Allow for the wrapped master secret to be longer. */ + if (buffer_len < parsed_session_ticket->ms_length) + goto no_ticket; + PORT_Memcpy(parsed_session_ticket->master_secret, buffer, + parsed_session_ticket->ms_length); + buffer += parsed_session_ticket->ms_length; + buffer_len -= parsed_session_ticket->ms_length; + + /* Read client_identity */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) + goto no_ticket; + parsed_session_ticket->client_identity.client_auth_type = + (ClientAuthenticationType)temp; + switch(parsed_session_ticket->client_identity.client_auth_type) { case CLIENT_AUTH_ANONYMOUS: - break; + break; case CLIENT_AUTH_CERTIFICATE: - rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3, - &buffer, &buffer_len); - if (rv != SECSuccess) goto no_ticket; - rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert, - &cert_item); - if (rv != SECSuccess) goto no_ticket; - break; + rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3, + &buffer, &buffer_len); + if (rv != SECSuccess) goto no_ticket; + rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert, + &cert_item); + if (rv != SECSuccess) goto no_ticket; + break; default: - goto no_ticket; - } - /* Read timestamp. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) - goto no_ticket; - parsed_session_ticket->timestamp = (PRUint32)temp; + goto no_ticket; + } + /* Read timestamp. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) + goto no_ticket; + parsed_session_ticket->timestamp = (PRUint32)temp; /* Read server name */ nameType = - ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); if (nameType != TLS_STE_NO_SERVER_NAME) { SECItem name_item; rv = ssl3_ConsumeHandshakeVariable(ss, &name_item, 2, &buffer, @@ -1467,99 +1695,99 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, parsed_session_ticket->srvName.type = nameType; } - /* Done parsing. Check that all bytes have been consumed. */ - if (buffer_len != padding_length) - goto no_ticket; - - /* Use the ticket if it has not expired, otherwise free the allocated - * memory since the ticket is of no use. - */ - if (parsed_session_ticket->timestamp != 0 && - parsed_session_ticket->timestamp + - TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) { - - sid = ssl3_NewSessionID(ss, PR_TRUE); - if (sid == NULL) { - rv = SECFailure; - goto loser; - } - - /* Copy over parameters. */ - sid->version = parsed_session_ticket->ssl_version; - sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite; - sid->u.ssl3.compression = parsed_session_ticket->compression_method; - sid->authAlgorithm = parsed_session_ticket->authAlgorithm; - sid->authKeyBits = parsed_session_ticket->authKeyBits; - sid->keaType = parsed_session_ticket->keaType; - sid->keaKeyBits = parsed_session_ticket->keaKeyBits; - - /* Copy master secret. */ + /* Done parsing. Check that all bytes have been consumed. */ + if (buffer_len != padding_length) + goto no_ticket; + + /* Use the ticket if it has not expired, otherwise free the allocated + * memory since the ticket is of no use. + */ + if (parsed_session_ticket->timestamp != 0 && + parsed_session_ticket->timestamp + + TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) { + + sid = ssl3_NewSessionID(ss, PR_TRUE); + if (sid == NULL) { + rv = SECFailure; + goto loser; + } + + /* Copy over parameters. */ + sid->version = parsed_session_ticket->ssl_version; + sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite; + sid->u.ssl3.compression = parsed_session_ticket->compression_method; + sid->authAlgorithm = parsed_session_ticket->authAlgorithm; + sid->authKeyBits = parsed_session_ticket->authKeyBits; + sid->keaType = parsed_session_ticket->keaType; + sid->keaKeyBits = parsed_session_ticket->keaKeyBits; + + /* Copy master secret. */ #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11 && - parsed_session_ticket->ms_is_wrapped) - goto no_ticket; + if (ss->opt.bypassPKCS11 && + parsed_session_ticket->ms_is_wrapped) + goto no_ticket; #endif - if (parsed_session_ticket->ms_length > - sizeof(sid->u.ssl3.keys.wrapped_master_secret)) - goto no_ticket; - PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret, - parsed_session_ticket->master_secret, - parsed_session_ticket->ms_length); - sid->u.ssl3.keys.wrapped_master_secret_len = - parsed_session_ticket->ms_length; - sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType; - sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech; - sid->u.ssl3.keys.msIsWrapped = - parsed_session_ticket->ms_is_wrapped; - sid->u.ssl3.masterValid = PR_TRUE; - sid->u.ssl3.keys.resumable = PR_TRUE; - - /* Copy over client cert from session ticket if there is one. */ - if (parsed_session_ticket->peer_cert.data != NULL) { - if (sid->peerCert != NULL) - CERT_DestroyCertificate(sid->peerCert); - sid->peerCert = CERT_NewTempCertificate(ss->dbHandle, - &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE); - if (sid->peerCert == NULL) { - rv = SECFailure; - goto loser; - } - } - if (parsed_session_ticket->srvName.data != NULL) { + if (parsed_session_ticket->ms_length > + sizeof(sid->u.ssl3.keys.wrapped_master_secret)) + goto no_ticket; + PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret, + parsed_session_ticket->master_secret, + parsed_session_ticket->ms_length); + sid->u.ssl3.keys.wrapped_master_secret_len = + parsed_session_ticket->ms_length; + sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType; + sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech; + sid->u.ssl3.keys.msIsWrapped = + parsed_session_ticket->ms_is_wrapped; + sid->u.ssl3.masterValid = PR_TRUE; + sid->u.ssl3.keys.resumable = PR_TRUE; + + /* Copy over client cert from session ticket if there is one. */ + if (parsed_session_ticket->peer_cert.data != NULL) { + if (sid->peerCert != NULL) + CERT_DestroyCertificate(sid->peerCert); + sid->peerCert = CERT_NewTempCertificate(ss->dbHandle, + &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE); + if (sid->peerCert == NULL) { + rv = SECFailure; + goto loser; + } + } + if (parsed_session_ticket->srvName.data != NULL) { sid->u.ssl3.srvName = parsed_session_ticket->srvName; } - ss->statelessResume = PR_TRUE; - ss->sec.ci.sid = sid; - } + ss->statelessResume = PR_TRUE; + ss->sec.ci.sid = sid; + } } if (0) { no_ticket: - SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.", - SSL_GETPID(), ss->fd)); - ssl3stats = SSL_GetStatistics(); - SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures ); + SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.", + SSL_GETPID(), ss->fd)); + ssl3stats = SSL_GetStatistics(); + SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures ); } rv = SECSuccess; loser: - /* ss->sec.ci.sid == sid if it did NOT come here via goto statement - * in that case do not free sid - */ - if (sid && (ss->sec.ci.sid != sid)) { - ssl_FreeSID(sid); - sid = NULL; - } + /* ss->sec.ci.sid == sid if it did NOT come here via goto statement + * in that case do not free sid + */ + if (sid && (ss->sec.ci.sid != sid)) { + ssl_FreeSID(sid); + sid = NULL; + } if (decrypted_state != NULL) { - SECITEM_FreeItem(decrypted_state, PR_TRUE); - decrypted_state = NULL; + SECITEM_FreeItem(decrypted_state, PR_TRUE); + decrypted_state = NULL; } if (parsed_session_ticket != NULL) { - if (parsed_session_ticket->peer_cert.data) { - SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE); - } - PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket)); + if (parsed_session_ticket->peer_cert.data) { + SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE); + } + PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket)); } return rv; @@ -1570,11 +1798,11 @@ loser: * cannot be freed. The caller is expected to call this function * on a shallow copy of the structure. */ -static SECStatus +static SECStatus ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes) { if (bytes > item->len) - return SECFailure; + return SECFailure; *buf = item->data; item->data += bytes; @@ -1587,30 +1815,30 @@ ssl3_ParseEncryptedSessionTicket(sslSocket *ss, SECItem *data, EncryptedSessionTicket *enc_session_ticket) { if (ssl3_ConsumeFromItem(data, &enc_session_ticket->key_name, - SESS_TICKET_KEY_NAME_LEN) != SECSuccess) - return SECFailure; + SESS_TICKET_KEY_NAME_LEN) != SECSuccess) + return SECFailure; if (ssl3_ConsumeFromItem(data, &enc_session_ticket->iv, - AES_BLOCK_SIZE) != SECSuccess) - return SECFailure; + AES_BLOCK_SIZE) != SECSuccess) + return SECFailure; if (ssl3_ConsumeHandshakeVariable(ss, &enc_session_ticket->encrypted_state, - 2, &data->data, &data->len) != SECSuccess) - return SECFailure; + 2, &data->data, &data->len) != SECSuccess) + return SECFailure; if (ssl3_ConsumeFromItem(data, &enc_session_ticket->mac, - TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess) - return SECFailure; + TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess) + return SECFailure; if (data->len != 0) /* Make sure that we have consumed all bytes. */ - return SECFailure; + return SECFailure; return SECSuccess; } /* go through hello extensions in buffer "b". - * For each one, find the extension handler in the table, and - * if present, invoke that handler. + * For each one, find the extension handler in the table, and + * if present, invoke that handler. * Servers ignore any extensions with unknown extension types. * Clients reject any extensions with unadvertised extension types. */ -SECStatus +SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) { const ssl3HelloExtensionHandler * handlers; @@ -1624,68 +1852,68 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) } while (*length) { - const ssl3HelloExtensionHandler * handler; - SECStatus rv; - PRInt32 extension_type; - SECItem extension_data; - - /* Get the extension's type field */ - extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length); - if (extension_type < 0) /* failure to decode extension_type */ - return SECFailure; /* alert already sent */ - - /* get the data for this extension, so we can pass it or skip it. */ - rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length); - if (rv != SECSuccess) - return rv; - - /* Check whether the server sent an extension which was not advertised - * in the ClientHello. - */ - if (!ss->sec.isServer && - !ssl3_ClientExtensionAdvertised(ss, extension_type)) - return SECFailure; /* TODO: send unsupported_extension alert */ - - /* Check whether an extension has been sent multiple times. */ - if (ssl3_ExtensionNegotiated(ss, extension_type)) - return SECFailure; - - /* find extension_type in table of Hello Extension Handlers */ - for (handler = handlers; handler->ex_type >= 0; handler++) { - /* if found, call this handler */ - if (handler->ex_type == extension_type) { - rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, - &extension_data); - /* Ignore this result */ - /* Treat all bad extensions as unrecognized types. */ - break; - } - } + const ssl3HelloExtensionHandler * handler; + SECStatus rv; + PRInt32 extension_type; + SECItem extension_data; + + /* Get the extension's type field */ + extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length); + if (extension_type < 0) /* failure to decode extension_type */ + return SECFailure; /* alert already sent */ + + /* get the data for this extension, so we can pass it or skip it. */ + rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length); + if (rv != SECSuccess) + return rv; + + /* Check whether the server sent an extension which was not advertised + * in the ClientHello. + */ + if (!ss->sec.isServer && + !ssl3_ClientExtensionAdvertised(ss, extension_type)) + return SECFailure; /* TODO: send unsupported_extension alert */ + + /* Check whether an extension has been sent multiple times. */ + if (ssl3_ExtensionNegotiated(ss, extension_type)) + return SECFailure; + + /* find extension_type in table of Hello Extension Handlers */ + for (handler = handlers; handler->ex_type >= 0; handler++) { + /* if found, call this handler */ + if (handler->ex_type == extension_type) { + rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, + &extension_data); + /* Ignore this result */ + /* Treat all bad extensions as unrecognized types. */ + break; + } + } } return SECSuccess; } /* Add a callback function to the table of senders of server hello extensions. */ -SECStatus +SECStatus ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type, - ssl3HelloExtensionSenderFunc cb) + ssl3HelloExtensionSenderFunc cb) { int i; ssl3HelloExtensionSender *sender = &ss->xtnData.serverSenders[0]; for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) { if (!sender->ex_sender) { - sender->ex_type = ex_type; - sender->ex_sender = cb; - return SECSuccess; - } - /* detect duplicate senders */ - PORT_Assert(sender->ex_type != ex_type); - if (sender->ex_type == ex_type) { - /* duplicate */ - break; - } + sender->ex_type = ex_type; + sender->ex_sender = cb; + return SECSuccess; + } + /* detect duplicate senders */ + PORT_Assert(sender->ex_type != ex_type); + if (sender->ex_type == ex_type) { + /* duplicate */ + break; + } } PORT_Assert(i < SSL_MAX_EXTENSIONS); /* table needs to grow */ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); @@ -1701,18 +1929,18 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, int i; if (!sender) { - sender = ss->version > SSL_LIBRARY_VERSION_3_0 ? + sender = ss->version > SSL_LIBRARY_VERSION_3_0 ? &clientHelloSendersTLS[0] : &clientHelloSendersSSL3[0]; } for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) { - if (sender->ex_sender) { - PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes); - if (extLen < 0) - return -1; - maxBytes -= extLen; - total_exten_len += extLen; - } + if (sender->ex_sender) { + PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes); + if (extLen < 0) + return -1; + maxBytes -= extLen; + total_exten_len += extLen; + } } return total_exten_len; } @@ -1725,48 +1953,48 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, * Verify Data (TLS): 12 bytes (client) or 24 bytes (server) * Verify Data (SSL): 36 bytes (client) or 72 bytes (server) */ -static PRInt32 +static PRInt32 ssl3_SendRenegotiationInfoXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 len, needed; /* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send - * both the SCSV and the empty RI, so when we send SCSV in + * both the SCSV and the empty RI, so when we send SCSV in * the initial handshake, we don't also send RI. */ if (!ss || ss->ssl3.hs.sendingSCSV) - return 0; - len = !ss->firstHsDone ? 0 : - (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 - : ss->ssl3.hs.finishedBytes); + return 0; + len = !ss->firstHsDone ? 0 : + (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 + : ss->ssl3.hs.finishedBytes); needed = 5 + len; if (append && maxBytes >= needed) { - SECStatus rv; - /* extension_type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); - if (rv != SECSuccess) return -1; - /* length of extension_data */ - rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2); - if (rv != SECSuccess) return -1; - /* verify_Data from previous Finished message(s) */ - rv = ssl3_AppendHandshakeVariable(ss, - ss->ssl3.hs.finishedMsgs.data, len, 1); - if (rv != SECSuccess) return -1; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_renegotiation_info_xtn; - } + SECStatus rv; + /* extension_type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); + if (rv != SECSuccess) return -1; + /* length of extension_data */ + rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2); + if (rv != SECSuccess) return -1; + /* verify_Data from previous Finished message(s) */ + rv = ssl3_AppendHandshakeVariable(ss, + ss->ssl3.hs.finishedMsgs.data, len, 1); + if (rv != SECSuccess) return -1; + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_renegotiation_info_xtn; + } } return needed; } static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, - SECItem *data) + SECItem *data) { SECStatus rv = SECSuccess; @@ -1775,7 +2003,7 @@ ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, PORT_Assert(ss->sec.isServer); /* prepare to send back the appropriate response */ rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - ssl3_ServerSendStatusRequestXtn); + ssl3_ServerSendStatusRequestXtn); return rv; } @@ -1787,25 +2015,25 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) PRUint32 len = 0; if (ss->firstHsDone) { - len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes - : ss->ssl3.hs.finishedBytes * 2; + len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes + : ss->ssl3.hs.finishedBytes * 2; } if (data->len != 1 + len || - data->data[0] != len || (len && - NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, - data->data + 1, len))) { - /* Can we do this here? Or, must we arrange for the caller to do it? */ - (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); - PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); - return SECFailure; + data->data[0] != len || (len && + NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, + data->data + 1, len))) { + /* Can we do this here? Or, must we arrange for the caller to do it? */ + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); + return SECFailure; } /* remember that we got this extension and it was correct. */ ss->peerRequestedProtection = 1; ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; if (ss->sec.isServer) { - /* prepare to send back the appropriate response */ - rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - ssl3_SendRenegotiationInfoXtn); + /* prepare to send back the appropriate response */ + rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, + ssl3_SendRenegotiationInfoXtn); } return rv; } @@ -1818,60 +2046,60 @@ ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) SECStatus rv; if (!ss) - return 0; + return 0; if (!ss->sec.isServer) { - /* Client side */ - - if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) - return 0; /* Not relevant */ - - ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - - if (append && maxBytes >= 4 + ext_data_len) { - /* Extension type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); - if (rv != SECSuccess) return -1; - /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); - if (rv != SECSuccess) return -1; - /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, - 2 * ss->ssl3.dtlsSRTPCipherCount, - 2); - if (rv != SECSuccess) return -1; - /* The SRTP ciphers */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - rv = ssl3_AppendHandshakeNumber(ss, - ss->ssl3.dtlsSRTPCiphers[i], - 2); - } - /* Empty MKI value */ - ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); - - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_use_srtp_xtn; - } - - return 4 + ext_data_len; + /* Client side */ + + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) + return 0; /* Not relevant */ + + ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; + + if (append && maxBytes >= 4 + ext_data_len) { + /* Extension type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); + if (rv != SECSuccess) return -1; + /* Length of extension data */ + rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); + if (rv != SECSuccess) return -1; + /* Length of the SRTP cipher list */ + rv = ssl3_AppendHandshakeNumber(ss, + 2 * ss->ssl3.dtlsSRTPCipherCount, + 2); + if (rv != SECSuccess) return -1; + /* The SRTP ciphers */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + rv = ssl3_AppendHandshakeNumber(ss, + ss->ssl3.dtlsSRTPCiphers[i], + 2); + } + /* Empty MKI value */ + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_use_srtp_xtn; + } + + return 4 + ext_data_len; } /* Server side */ if (append && maxBytes >= 9) { - /* Extension type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); - if (rv != SECSuccess) return -1; - /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, 5, 2); - if (rv != SECSuccess) return -1; - /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, 2, 2); - if (rv != SECSuccess) return -1; - /* The selected cipher */ - rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); - if (rv != SECSuccess) return -1; - /* Empty MKI value */ - ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + /* Extension type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); + if (rv != SECSuccess) return -1; + /* Length of extension data */ + rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + if (rv != SECSuccess) return -1; + /* Length of the SRTP cipher list */ + rv = ssl3_AppendHandshakeNumber(ss, 2, 2); + if (rv != SECSuccess) return -1; + /* The selected cipher */ + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + if (rv != SECSuccess) return -1; + /* Empty MKI value */ + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); } return 9; @@ -1889,121 +2117,121 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECItem litem; if (!ss->sec.isServer) { - /* Client side */ - if (!data->data || !data->len) { + /* Client side */ + if (!data->data || !data->len) { /* malformed */ return SECFailure; - } - - /* Get the cipher list */ - rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } - /* Now check that the number of ciphers listed is 1 (len = 2) */ - if (ciphers.len != 2) { - return SECFailure; - } - - /* Get the selected cipher */ - cipher = (ciphers.data[0] << 8) | ciphers.data[1]; - - /* Now check that this is one of the ciphers we offered */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { - found = PR_TRUE; - break; - } - } - - if (!found) { - return SECFailure; - } - - /* Get the srtp_mki value */ + } + + /* Get the cipher list */ + rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; + } + /* Now check that the number of ciphers listed is 1 (len = 2) */ + if (ciphers.len != 2) { + return SECFailure; + } + + /* Get the selected cipher */ + cipher = (ciphers.data[0] << 8) | ciphers.data[1]; + + /* Now check that this is one of the ciphers we offered */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { + found = PR_TRUE; + break; + } + } + + if (!found) { + return SECFailure; + } + + /* Get the srtp_mki value */ rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, - &data->data, &data->len); + &data->data, &data->len); if (rv != SECSuccess) { return SECFailure; } - /* We didn't offer an MKI, so this must be 0 length */ - /* XXX RFC 5764 Section 4.1.3 says: - * If the client detects a nonzero-length MKI in the server's - * response that is different than the one the client offered, - * then the client MUST abort the handshake and SHOULD send an - * invalid_parameter alert. - * - * Due to a limitation of the ssl3_HandleHelloExtensions function, - * returning SECFailure here won't abort the handshake. It will - * merely cause the use_srtp extension to be not negotiated. We - * should fix this. See NSS bug 753136. - */ - if (litem.len != 0) { - return SECFailure; - } - - if (data->len != 0) { + /* We didn't offer an MKI, so this must be 0 length */ + /* XXX RFC 5764 Section 4.1.3 says: + * If the client detects a nonzero-length MKI in the server's + * response that is different than the one the client offered, + * then the client MUST abort the handshake and SHOULD send an + * invalid_parameter alert. + * + * Due to a limitation of the ssl3_HandleHelloExtensions function, + * returning SECFailure here won't abort the handshake. It will + * merely cause the use_srtp extension to be not negotiated. We + * should fix this. See NSS bug 753136. + */ + if (litem.len != 0) { + return SECFailure; + } + + if (data->len != 0) { /* malformed */ return SECFailure; - } + } - /* OK, this looks fine. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; - ss->ssl3.dtlsSRTPCipherSuite = cipher; - return SECSuccess; + /* OK, this looks fine. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; + ss->ssl3.dtlsSRTPCipherSuite = cipher; + return SECSuccess; } /* Server side */ if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) { - /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP - * preferences have been set. */ - return SECSuccess; + /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP + * preferences have been set. */ + return SECSuccess; } if (!data->data || data->len < 5) { - /* malformed */ - return SECFailure; + /* malformed */ + return SECFailure; } /* Get the cipher list */ rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, - &data->data, &data->len); + &data->data, &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; } /* Check that the list is even length */ if (ciphers.len % 2) { - return SECFailure; + return SECFailure; } /* Walk through the offered list and pick the most preferred of our * ciphers, if any */ for (i = 0; !found && i < ss->ssl3.dtlsSRTPCipherCount; i++) { - for (j = 0; j + 1 < ciphers.len; j += 2) { - cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1]; - if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { - found = PR_TRUE; - break; - } - } + for (j = 0; j + 1 < ciphers.len; j += 2) { + cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1]; + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { + found = PR_TRUE; + break; + } + } } /* Get the srtp_mki value */ rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, &data->data, &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; } if (data->len != 0) { - return SECFailure; /* Malformed */ + return SECFailure; /* Malformed */ } /* Now figure out what to do */ if (!found) { - /* No matching ciphers */ - return SECSuccess; + /* No matching ciphers */ + return SECSuccess; } /* OK, we have a valid cipher and we've selected it */ @@ -2011,7 +2239,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn, - ssl3_SendUseSRTPXtn); + ssl3_SendUseSRTPXtn); } /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension @@ -2027,59 +2255,59 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* Ignore this extension if we aren't doing TLS 1.2 or greater. */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { - return SECSuccess; + return SECSuccess; } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data, - &data->len); + &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; } /* Trailing data, empty value, or odd-length value is invalid. */ if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); - return SECFailure; + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + return SECFailure; } numAlgorithms = algorithms.len/2; /* We don't care to process excessive numbers of algorithms. */ if (numAlgorithms > 512) { - numAlgorithms = 512; + numAlgorithms = 512; } ss->ssl3.hs.clientSigAndHash = - PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); + PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { - return SECFailure; + return SECFailure; } ss->ssl3.hs.numClientSigAndHash = 0; b = algorithms.data; for (i = 0; i < numAlgorithms; i++) { - unsigned char tls_hash = *(b++); - unsigned char tls_sig = *(b++); - SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); + unsigned char tls_hash = *(b++); + unsigned char tls_sig = *(b++); + SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); - if (hash == SEC_OID_UNKNOWN) { - /* We ignore formats that we don't understand. */ - continue; - } - /* tls_sig support will be checked later in - * ssl3_PickSignatureHashAlgorithm. */ - ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash; - ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig; - ss->ssl3.hs.numClientSigAndHash++; + if (hash == SEC_OID_UNKNOWN) { + /* We ignore formats that we don't understand. */ + continue; + } + /* tls_sig support will be checked later in + * ssl3_PickSignatureHashAlgorithm. */ + ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash; + ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig; + ss->ssl3.hs.numClientSigAndHash++; } if (!ss->ssl3.hs.numClientSigAndHash) { - /* We didn't understand any of the client's requested signature - * formats. We'll use the defaults. */ - PORT_Free(ss->ssl3.hs.clientSigAndHash); - ss->ssl3.hs.clientSigAndHash = NULL; + /* We didn't understand any of the client's requested signature + * formats. We'll use the defaults. */ + PORT_Free(ss->ssl3.hs.clientSigAndHash); + ss->ssl3.hs.clientSigAndHash = NULL; } return SECSuccess; @@ -2091,49 +2319,49 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) { static const unsigned char signatureAlgorithms[] = { - /* This block is the contents of our signature_algorithms extension, in - * wire format. See - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ - tls_hash_sha256, tls_sig_rsa, - tls_hash_sha384, tls_sig_rsa, - tls_hash_sha1, tls_sig_rsa, -#ifdef NSS_ENABLE_ECC - tls_hash_sha256, tls_sig_ecdsa, - tls_hash_sha384, tls_sig_ecdsa, - tls_hash_sha1, tls_sig_ecdsa, + /* This block is the contents of our signature_algorithms extension, in + * wire format. See + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ + tls_hash_sha256, tls_sig_rsa, + tls_hash_sha384, tls_sig_rsa, + tls_hash_sha1, tls_sig_rsa, +#ifndef NSS_DISABLE_ECC + tls_hash_sha256, tls_sig_ecdsa, + tls_hash_sha384, tls_sig_ecdsa, + tls_hash_sha1, tls_sig_ecdsa, #endif - tls_hash_sha256, tls_sig_dsa, - tls_hash_sha1, tls_sig_dsa, + tls_hash_sha256, tls_sig_dsa, + tls_hash_sha1, tls_sig_dsa, }; PRInt32 extension_length; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { - return 0; + return 0; } extension_length = - 2 /* extension type */ + - 2 /* extension length */ + - 2 /* supported_signature_algorithms length */ + - sizeof(signatureAlgorithms); + 2 /* extension type */ + + 2 /* extension length */ + + 2 /* supported_signature_algorithms length */ + + sizeof(signatureAlgorithms); if (append && maxBytes >= extension_length) { - SECStatus rv; - rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, - sizeof(signatureAlgorithms), 2); - if (rv != SECSuccess) - goto loser; - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_signature_algorithms_xtn; + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, + sizeof(signatureAlgorithms), 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_signature_algorithms_xtn; } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; + PORT_Assert(0); + return 0; } return extension_length; @@ -2141,3 +2369,55 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) loser: return -1; } + +unsigned int +ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) +{ + unsigned int recordLength = 1 /* handshake message type */ + + 3 /* handshake message length */ + + clientHelloLength; + unsigned int extensionLength; + + if (recordLength < 256 || recordLength >= 512) { + return 0; + } + + extensionLength = 512 - recordLength; + /* Extensions take at least four bytes to encode. */ + if (extensionLength < 4) { + extensionLength = 4; + } + + return extensionLength; +} + +/* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a + * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures + * that we don't trigger bugs in F5 products. */ +PRInt32 +ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, + PRUint32 maxBytes) +{ + unsigned int paddingLen = extensionLen - 4; + static unsigned char padding[256]; + + if (extensionLen == 0) { + return 0; + } + + if (extensionLen < 4 || + extensionLen > maxBytes || + paddingLen > sizeof(padding)) { + PORT_Assert(0); + return -1; + } + + if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2)) + return -1; + if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2)) + return -1; + if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen)) + return -1; + + return extensionLen; +} diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h index d341ff9..4d4aa10 100644 --- a/security/nss/lib/ssl/ssl3prot.h +++ b/security/nss/lib/ssl/ssl3prot.h @@ -17,25 +17,25 @@ typedef PRUint16 SSL3ProtocolVersion; typedef PRUint16 ssl3CipherSuite; /* The cipher suites are defined in sslproto.h */ -#define MAX_CERT_TYPES 10 -#define MAX_COMPRESSION_METHODS 10 -#define MAX_MAC_LENGTH 64 -#define MAX_PADDING_LENGTH 64 -#define MAX_KEY_LENGTH 64 -#define EXPORT_KEY_LENGTH 5 -#define SSL3_RANDOM_LENGTH 32 +#define MAX_CERT_TYPES 10 +#define MAX_COMPRESSION_METHODS 10 +#define MAX_MAC_LENGTH 64 +#define MAX_PADDING_LENGTH 64 +#define MAX_KEY_LENGTH 64 +#define EXPORT_KEY_LENGTH 5 +#define SSL3_RANDOM_LENGTH 32 -#define SSL3_RECORD_HEADER_LENGTH 5 +#define SSL3_RECORD_HEADER_LENGTH 5 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ #define DTLS_RECORD_HEADER_LENGTH 13 -#define MAX_FRAGMENT_LENGTH 16384 - +#define MAX_FRAGMENT_LENGTH 16384 + typedef enum { - content_change_cipher_spec = 20, + content_change_cipher_spec = 20, content_alert = 21, - content_handshake = 22, + content_handshake = 22, content_application_data = 23 } SSL3ContentType; @@ -77,11 +77,11 @@ typedef enum { close_notify = 0, unexpected_message = 10, bad_record_mac = 20, - decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ - record_overflow = 22, /* TLS only */ + decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ + record_overflow = 22, /* TLS only */ decompression_failure = 30, handshake_failure = 40, - no_certificate = 41, /* SSL3 only, NOT TLS */ + no_certificate = 41, /* SSL3 only, NOT TLS */ bad_certificate = 42, unsupported_certificate = 43, certificate_revoked = 44, @@ -106,7 +106,8 @@ typedef enum { certificate_unobtainable = 111, unrecognized_name = 112, bad_certificate_status_response = 113, - bad_certificate_hash_value = 114 + bad_certificate_hash_value = 114, + no_application_protocol = 120 } SSL3AlertDescription; @@ -116,44 +117,44 @@ typedef struct { } SSL3Alert; typedef enum { - hello_request = 0, - client_hello = 1, - server_hello = 2, + hello_request = 0, + client_hello = 1, + server_hello = 2, hello_verify_request = 3, - new_session_ticket = 4, - certificate = 11, + new_session_ticket = 4, + certificate = 11, server_key_exchange = 12, - certificate_request = 13, - server_hello_done = 14, - certificate_verify = 15, - client_key_exchange = 16, - finished = 20, + certificate_request = 13, + server_hello_done = 14, + certificate_verify = 15, + client_key_exchange = 16, + finished = 20, certificate_status = 22, - next_proto = 67 + next_proto = 67 } SSL3HandshakeType; typedef struct { PRUint8 empty; } SSL3HelloRequest; - + typedef struct { SSL3Opaque rand[SSL3_RANDOM_LENGTH]; } SSL3Random; - + typedef struct { SSL3Opaque id[32]; PRUint8 length; } SSL3SessionID; - + typedef struct { SSL3ProtocolVersion client_version; SSL3Random random; SSL3SessionID session_id; SECItem cipher_suites; - PRUint8 cm_count; + PRUint8 cm_count; SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; } SSL3ClientHello; - + typedef struct { SSL3ProtocolVersion server_version; SSL3Random random; @@ -161,29 +162,29 @@ typedef struct { ssl3CipherSuite cipher_suite; SSLCompressionMethod compression_method; } SSL3ServerHello; - + typedef struct { SECItem list; } SSL3Certificate; /* SSL3SignType moved to ssl.h */ -/* The SSL key exchange method used */ +/* The SSL key exchange method used */ typedef enum { - kea_null, - kea_rsa, + kea_null, + kea_rsa, kea_rsa_export, kea_rsa_export_1024, - kea_dh_dss, - kea_dh_dss_export, - kea_dh_rsa, + kea_dh_dss, + kea_dh_dss_export, + kea_dh_rsa, kea_dh_rsa_export, - kea_dhe_dss, - kea_dhe_dss_export, - kea_dhe_rsa, + kea_dhe_dss, + kea_dhe_dss_export, + kea_dhe_rsa, kea_dhe_rsa_export, - kea_dh_anon, - kea_dh_anon_export, + kea_dh_anon, + kea_dh_anon_export, kea_rsa_fips, kea_ecdh_ecdsa, kea_ecdhe_ecdsa, @@ -191,7 +192,7 @@ typedef enum { kea_ecdhe_rsa, kea_ecdh_anon } SSL3KeyExchangeAlgorithm; - + typedef struct { SECItem modulus; SECItem exponent; @@ -205,8 +206,8 @@ typedef struct { typedef struct { union { - SSL3ServerDHParams dh; - SSL3ServerRSAParams rsa; + SSL3ServerDHParams dh; + SSL3ServerRSAParams rsa; } u; } SSL3ServerParams; @@ -250,56 +251,56 @@ typedef struct { unsigned int len; SECOidTag hashAlg; union { - PRUint8 raw[64]; - SSL3HashesIndividually s; + PRUint8 raw[64]; + SSL3HashesIndividually s; } u; } SSL3Hashes; typedef struct { union { - SSL3Opaque anonymous; - SSL3Hashes certified; + SSL3Opaque anonymous; + SSL3Hashes certified; } u; } SSL3ServerKeyExchange; - + typedef enum { - ct_RSA_sign = 1, - ct_DSS_sign = 2, - ct_RSA_fixed_DH = 3, - ct_DSS_fixed_DH = 4, - ct_RSA_ephemeral_DH = 5, + ct_RSA_sign = 1, + ct_DSS_sign = 2, + ct_RSA_fixed_DH = 3, + ct_DSS_fixed_DH = 4, + ct_RSA_ephemeral_DH = 5, ct_DSS_ephemeral_DH = 6, - ct_ECDSA_sign = 64, - ct_RSA_fixed_ECDH = 65, - ct_ECDSA_fixed_ECDH = 66 + ct_ECDSA_sign = 64, + ct_RSA_fixed_ECDH = 65, + ct_ECDSA_fixed_ECDH = 66 } SSL3ClientCertificateType; - + typedef SECItem *SSL3DistinquishedName; typedef struct { SSL3Opaque client_version[2]; SSL3Opaque random[46]; } SSL3RSAPreMasterSecret; - + typedef SECItem SSL3EncryptedPreMasterSecret; typedef SSL3Opaque SSL3MasterSecret[48]; typedef enum { implicit, explicit } SSL3PublicValueEncoding; - + typedef struct { union { - SSL3Opaque implicit; - SECItem explicit; + SSL3Opaque implicit; + SECItem explicit; } dh_public; } SSL3ClientDiffieHellmanPublic; - + typedef struct { union { - SSL3EncryptedPreMasterSecret rsa; - SSL3ClientDiffieHellmanPublic diffie_helman; + SSL3EncryptedPreMasterSecret rsa; + SSL3ClientDiffieHellmanPublic diffie_helman; } exchange_keys; } SSL3ClientKeyExchange; @@ -312,7 +313,7 @@ typedef enum { sender_server = 0x53525652 } SSL3Sender; -typedef SSL3HashesIndividually SSL3Finished; +typedef SSL3HashesIndividually SSL3Finished; typedef struct { SSL3Opaque verify_data[12]; @@ -320,7 +321,7 @@ typedef struct { /* * TLS extension related data structures and constants. - */ + */ /* SessionTicket extension related data structures. */ @@ -339,7 +340,7 @@ typedef enum { typedef struct { ClientAuthenticationType client_auth_type; union { - SSL3Opaque *certificate_list; + SSL3Opaque *certificate_list; } identity; } ClientIdentity; @@ -355,7 +356,7 @@ typedef struct { unsigned char *mac; } EncryptedSessionTicket; -#define TLS_EX_SESS_TICKET_MAC_LENGTH 32 +#define TLS_EX_SESS_TICKET_MAC_LENGTH 32 #define TLS_STE_NO_SERVER_NAME -1 diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index 2763654..891b409 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -3101,7 +3101,7 @@ ssl2_BeginClientHandshake(sslSocket *ss) return rv; } -#if defined(NSS_ENABLE_ECC) +#ifndef NSS_DISABLE_ECC /* ensure we don't neogtiate ECC cipher suites with SSL2 hello */ ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ if (ss->cipherSpecs != NULL) { @@ -3109,7 +3109,7 @@ ssl2_BeginClientHandshake(sslSocket *ss) ss->cipherSpecs = NULL; ss->sizeCipherSpecs = 0; } -#endif +#endif /* NSS_DISABLE_ECC */ if (!ss->cipherSpecs) { rv = ssl2_ConstructCipherSpecs(ss); diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index defc202..09ce43f 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -37,17 +37,17 @@ * * Exception: Because some servers ignore the high-order byte of the cipher * suite ID, we must be careful about adding cipher suites with IDs larger - * than 0x00ff; see bug 946147. For these broken servers, the first four cipher - * suites, with the MSB zeroed, look like: - * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 {0x00,0x2B } - * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } - * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } - * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } + * than 0x00ff; see bug 946147. For these broken servers, the first four cipher + * suites, with the MSB zeroed, look like: + * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B } + * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } + * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } + * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } * The broken server only supports the third and fourth ones and will select * the third one. */ const PRUint16 SSL_ImplementedCiphers[] = { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before @@ -63,7 +63,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, @@ -76,11 +76,11 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_RC4_128_SHA, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, @@ -89,7 +89,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, @@ -100,34 +100,34 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_RSA_WITH_SEED_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, - SSL_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_RSA_WITH_RC4_128_SHA, - SSL_RSA_WITH_RC4_128_MD5, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, /* 56-bit DES "domestic" cipher suites */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, - SSL_DHE_DSS_WITH_DES_CBC_SHA, + TLS_DHE_RSA_WITH_DES_CBC_SHA, + TLS_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, - SSL_RSA_WITH_DES_CBC_SHA, + TLS_RSA_WITH_DES_CBC_SHA, /* export ciphersuites with 1024-bit public key exchange keys */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* export ciphersuites with 512-bit public key exchange keys */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* ciphersuites with no encryption */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, -#endif /* NSS_ENABLE_ECC */ - SSL_RSA_WITH_NULL_SHA, +#endif /* NSS_DISABLE_ECC */ + TLS_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256, - SSL_RSA_WITH_NULL_MD5, + TLS_RSA_WITH_NULL_MD5, /* SSL2 cipher suites. */ SSL_EN_RC4_128_WITH_MD5, diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h index 07b61d5..3852085 100644 --- a/security/nss/lib/ssl/sslerr.h +++ b/security/nss/lib/ssl/sslerr.h @@ -8,179 +8,179 @@ #define __SSL_ERR_H_ -#define SSL_ERROR_BASE (-0x3000) -#define SSL_ERROR_LIMIT (SSL_ERROR_BASE + 1000) +#define SSL_ERROR_BASE (-0x3000) +#define SSL_ERROR_LIMIT (SSL_ERROR_BASE + 1000) #define IS_SSL_ERROR(code) \ (((code) >= SSL_ERROR_BASE) && ((code) < SSL_ERROR_LIMIT)) #ifndef NO_SECURITY_ERROR_ENUM typedef enum { -SSL_ERROR_EXPORT_ONLY_SERVER = (SSL_ERROR_BASE + 0), -SSL_ERROR_US_ONLY_SERVER = (SSL_ERROR_BASE + 1), -SSL_ERROR_NO_CYPHER_OVERLAP = (SSL_ERROR_BASE + 2), -/* +SSL_ERROR_EXPORT_ONLY_SERVER = (SSL_ERROR_BASE + 0), +SSL_ERROR_US_ONLY_SERVER = (SSL_ERROR_BASE + 1), +SSL_ERROR_NO_CYPHER_OVERLAP = (SSL_ERROR_BASE + 2), +/* * Received an alert reporting what we did wrong. (more alerts below) */ -SSL_ERROR_NO_CERTIFICATE /*_ALERT */ = (SSL_ERROR_BASE + 3), -SSL_ERROR_BAD_CERTIFICATE = (SSL_ERROR_BASE + 4), -SSL_ERROR_UNUSED_5 = (SSL_ERROR_BASE + 5), - /* error 5 is obsolete */ -SSL_ERROR_BAD_CLIENT = (SSL_ERROR_BASE + 6), -SSL_ERROR_BAD_SERVER = (SSL_ERROR_BASE + 7), -SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = (SSL_ERROR_BASE + 8), -SSL_ERROR_UNSUPPORTED_VERSION = (SSL_ERROR_BASE + 9), -SSL_ERROR_UNUSED_10 = (SSL_ERROR_BASE + 10), - /* error 10 is obsolete */ -SSL_ERROR_WRONG_CERTIFICATE = (SSL_ERROR_BASE + 11), -SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12), -SSL_ERROR_POST_WARNING = (SSL_ERROR_BASE + 13), -SSL_ERROR_SSL2_DISABLED = (SSL_ERROR_BASE + 14), -SSL_ERROR_BAD_MAC_READ = (SSL_ERROR_BASE + 15), -/* +SSL_ERROR_NO_CERTIFICATE /*_ALERT */ = (SSL_ERROR_BASE + 3), +SSL_ERROR_BAD_CERTIFICATE = (SSL_ERROR_BASE + 4), +SSL_ERROR_UNUSED_5 = (SSL_ERROR_BASE + 5), + /* error 5 is obsolete */ +SSL_ERROR_BAD_CLIENT = (SSL_ERROR_BASE + 6), +SSL_ERROR_BAD_SERVER = (SSL_ERROR_BASE + 7), +SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = (SSL_ERROR_BASE + 8), +SSL_ERROR_UNSUPPORTED_VERSION = (SSL_ERROR_BASE + 9), +SSL_ERROR_UNUSED_10 = (SSL_ERROR_BASE + 10), + /* error 10 is obsolete */ +SSL_ERROR_WRONG_CERTIFICATE = (SSL_ERROR_BASE + 11), +SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12), +SSL_ERROR_POST_WARNING = (SSL_ERROR_BASE + 13), +SSL_ERROR_SSL2_DISABLED = (SSL_ERROR_BASE + 14), +SSL_ERROR_BAD_MAC_READ = (SSL_ERROR_BASE + 15), +/* * Received an alert reporting what we did wrong. * (two more alerts above, and many more below) */ -SSL_ERROR_BAD_MAC_ALERT = (SSL_ERROR_BASE + 16), +SSL_ERROR_BAD_MAC_ALERT = (SSL_ERROR_BASE + 16), SSL_ERROR_BAD_CERT_ALERT = (SSL_ERROR_BASE + 17), -SSL_ERROR_REVOKED_CERT_ALERT = (SSL_ERROR_BASE + 18), -SSL_ERROR_EXPIRED_CERT_ALERT = (SSL_ERROR_BASE + 19), - -SSL_ERROR_SSL_DISABLED = (SSL_ERROR_BASE + 20), -SSL_ERROR_FORTEZZA_PQG = (SSL_ERROR_BASE + 21), -SSL_ERROR_UNKNOWN_CIPHER_SUITE = (SSL_ERROR_BASE + 22), -SSL_ERROR_NO_CIPHERS_SUPPORTED = (SSL_ERROR_BASE + 23), -SSL_ERROR_BAD_BLOCK_PADDING = (SSL_ERROR_BASE + 24), -SSL_ERROR_RX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 25), -SSL_ERROR_TX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 26), -/* +SSL_ERROR_REVOKED_CERT_ALERT = (SSL_ERROR_BASE + 18), +SSL_ERROR_EXPIRED_CERT_ALERT = (SSL_ERROR_BASE + 19), + +SSL_ERROR_SSL_DISABLED = (SSL_ERROR_BASE + 20), +SSL_ERROR_FORTEZZA_PQG = (SSL_ERROR_BASE + 21), +SSL_ERROR_UNKNOWN_CIPHER_SUITE = (SSL_ERROR_BASE + 22), +SSL_ERROR_NO_CIPHERS_SUPPORTED = (SSL_ERROR_BASE + 23), +SSL_ERROR_BAD_BLOCK_PADDING = (SSL_ERROR_BASE + 24), +SSL_ERROR_RX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 25), +SSL_ERROR_TX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 26), +/* * Received a malformed (too long or short) SSL handshake. */ -SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = (SSL_ERROR_BASE + 27), -SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = (SSL_ERROR_BASE + 28), -SSL_ERROR_RX_MALFORMED_SERVER_HELLO = (SSL_ERROR_BASE + 29), -SSL_ERROR_RX_MALFORMED_CERTIFICATE = (SSL_ERROR_BASE + 30), -SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 31), -SSL_ERROR_RX_MALFORMED_CERT_REQUEST = (SSL_ERROR_BASE + 32), -SSL_ERROR_RX_MALFORMED_HELLO_DONE = (SSL_ERROR_BASE + 33), -SSL_ERROR_RX_MALFORMED_CERT_VERIFY = (SSL_ERROR_BASE + 34), -SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 35), -SSL_ERROR_RX_MALFORMED_FINISHED = (SSL_ERROR_BASE + 36), -/* +SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = (SSL_ERROR_BASE + 27), +SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = (SSL_ERROR_BASE + 28), +SSL_ERROR_RX_MALFORMED_SERVER_HELLO = (SSL_ERROR_BASE + 29), +SSL_ERROR_RX_MALFORMED_CERTIFICATE = (SSL_ERROR_BASE + 30), +SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 31), +SSL_ERROR_RX_MALFORMED_CERT_REQUEST = (SSL_ERROR_BASE + 32), +SSL_ERROR_RX_MALFORMED_HELLO_DONE = (SSL_ERROR_BASE + 33), +SSL_ERROR_RX_MALFORMED_CERT_VERIFY = (SSL_ERROR_BASE + 34), +SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 35), +SSL_ERROR_RX_MALFORMED_FINISHED = (SSL_ERROR_BASE + 36), +/* * Received a malformed (too long or short) SSL record. */ -SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = (SSL_ERROR_BASE + 37), -SSL_ERROR_RX_MALFORMED_ALERT = (SSL_ERROR_BASE + 38), -SSL_ERROR_RX_MALFORMED_HANDSHAKE = (SSL_ERROR_BASE + 39), -SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40), +SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = (SSL_ERROR_BASE + 37), +SSL_ERROR_RX_MALFORMED_ALERT = (SSL_ERROR_BASE + 38), +SSL_ERROR_RX_MALFORMED_HANDSHAKE = (SSL_ERROR_BASE + 39), +SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40), /* * Received an SSL handshake that was inappropriate for the state we're in. * E.g. Server received message from server, or wrong state in state machine. */ -SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = (SSL_ERROR_BASE + 41), -SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = (SSL_ERROR_BASE + 42), -SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = (SSL_ERROR_BASE + 43), -SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = (SSL_ERROR_BASE + 44), -SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45), -SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = (SSL_ERROR_BASE + 46), -SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = (SSL_ERROR_BASE + 47), -SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = (SSL_ERROR_BASE + 48), -SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49), -SSL_ERROR_RX_UNEXPECTED_FINISHED = (SSL_ERROR_BASE + 50), +SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = (SSL_ERROR_BASE + 41), +SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = (SSL_ERROR_BASE + 42), +SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = (SSL_ERROR_BASE + 43), +SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = (SSL_ERROR_BASE + 44), +SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45), +SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = (SSL_ERROR_BASE + 46), +SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = (SSL_ERROR_BASE + 47), +SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = (SSL_ERROR_BASE + 48), +SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49), +SSL_ERROR_RX_UNEXPECTED_FINISHED = (SSL_ERROR_BASE + 50), /* * Received an SSL record that was inappropriate for the state we're in. */ -SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = (SSL_ERROR_BASE + 51), -SSL_ERROR_RX_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 52), -SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = (SSL_ERROR_BASE + 53), -SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA= (SSL_ERROR_BASE + 54), +SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = (SSL_ERROR_BASE + 51), +SSL_ERROR_RX_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 52), +SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = (SSL_ERROR_BASE + 53), +SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA = (SSL_ERROR_BASE + 54), /* * Received record/message with unknown discriminant. */ -SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = (SSL_ERROR_BASE + 55), -SSL_ERROR_RX_UNKNOWN_HANDSHAKE = (SSL_ERROR_BASE + 56), -SSL_ERROR_RX_UNKNOWN_ALERT = (SSL_ERROR_BASE + 57), -/* +SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = (SSL_ERROR_BASE + 55), +SSL_ERROR_RX_UNKNOWN_HANDSHAKE = (SSL_ERROR_BASE + 56), +SSL_ERROR_RX_UNKNOWN_ALERT = (SSL_ERROR_BASE + 57), +/* * Received an alert reporting what we did wrong. (more alerts above) */ -SSL_ERROR_CLOSE_NOTIFY_ALERT = (SSL_ERROR_BASE + 58), -SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 59), -SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = (SSL_ERROR_BASE + 60), -SSL_ERROR_HANDSHAKE_FAILURE_ALERT = (SSL_ERROR_BASE + 61), -SSL_ERROR_ILLEGAL_PARAMETER_ALERT = (SSL_ERROR_BASE + 62), -SSL_ERROR_UNSUPPORTED_CERT_ALERT = (SSL_ERROR_BASE + 63), -SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = (SSL_ERROR_BASE + 64), - -SSL_ERROR_GENERATE_RANDOM_FAILURE = (SSL_ERROR_BASE + 65), -SSL_ERROR_SIGN_HASHES_FAILURE = (SSL_ERROR_BASE + 66), -SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = (SSL_ERROR_BASE + 67), -SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 68), -SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 69), - -SSL_ERROR_ENCRYPTION_FAILURE = (SSL_ERROR_BASE + 70), -SSL_ERROR_DECRYPTION_FAILURE = (SSL_ERROR_BASE + 71), /* don't use */ -SSL_ERROR_SOCKET_WRITE_FAILURE = (SSL_ERROR_BASE + 72), - -SSL_ERROR_MD5_DIGEST_FAILURE = (SSL_ERROR_BASE + 73), -SSL_ERROR_SHA_DIGEST_FAILURE = (SSL_ERROR_BASE + 74), -SSL_ERROR_MAC_COMPUTATION_FAILURE = (SSL_ERROR_BASE + 75), -SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = (SSL_ERROR_BASE + 76), -SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = (SSL_ERROR_BASE + 77), -SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = (SSL_ERROR_BASE + 78), -SSL_ERROR_IV_PARAM_FAILURE = (SSL_ERROR_BASE + 79), -SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = (SSL_ERROR_BASE + 80), -SSL_ERROR_SESSION_KEY_GEN_FAILURE = (SSL_ERROR_BASE + 81), -SSL_ERROR_NO_SERVER_KEY_FOR_ALG = (SSL_ERROR_BASE + 82), -SSL_ERROR_TOKEN_INSERTION_REMOVAL = (SSL_ERROR_BASE + 83), -SSL_ERROR_TOKEN_SLOT_NOT_FOUND = (SSL_ERROR_BASE + 84), -SSL_ERROR_NO_COMPRESSION_OVERLAP = (SSL_ERROR_BASE + 85), -SSL_ERROR_HANDSHAKE_NOT_COMPLETED = (SSL_ERROR_BASE + 86), -SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = (SSL_ERROR_BASE + 87), -SSL_ERROR_CERT_KEA_MISMATCH = (SSL_ERROR_BASE + 88), +SSL_ERROR_CLOSE_NOTIFY_ALERT = (SSL_ERROR_BASE + 58), +SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 59), +SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = (SSL_ERROR_BASE + 60), +SSL_ERROR_HANDSHAKE_FAILURE_ALERT = (SSL_ERROR_BASE + 61), +SSL_ERROR_ILLEGAL_PARAMETER_ALERT = (SSL_ERROR_BASE + 62), +SSL_ERROR_UNSUPPORTED_CERT_ALERT = (SSL_ERROR_BASE + 63), +SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = (SSL_ERROR_BASE + 64), + +SSL_ERROR_GENERATE_RANDOM_FAILURE = (SSL_ERROR_BASE + 65), +SSL_ERROR_SIGN_HASHES_FAILURE = (SSL_ERROR_BASE + 66), +SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = (SSL_ERROR_BASE + 67), +SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 68), +SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 69), + +SSL_ERROR_ENCRYPTION_FAILURE = (SSL_ERROR_BASE + 70), +SSL_ERROR_DECRYPTION_FAILURE = (SSL_ERROR_BASE + 71), /* don't use */ +SSL_ERROR_SOCKET_WRITE_FAILURE = (SSL_ERROR_BASE + 72), + +SSL_ERROR_MD5_DIGEST_FAILURE = (SSL_ERROR_BASE + 73), +SSL_ERROR_SHA_DIGEST_FAILURE = (SSL_ERROR_BASE + 74), +SSL_ERROR_MAC_COMPUTATION_FAILURE = (SSL_ERROR_BASE + 75), +SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = (SSL_ERROR_BASE + 76), +SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = (SSL_ERROR_BASE + 77), +SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = (SSL_ERROR_BASE + 78), +SSL_ERROR_IV_PARAM_FAILURE = (SSL_ERROR_BASE + 79), +SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = (SSL_ERROR_BASE + 80), +SSL_ERROR_SESSION_KEY_GEN_FAILURE = (SSL_ERROR_BASE + 81), +SSL_ERROR_NO_SERVER_KEY_FOR_ALG = (SSL_ERROR_BASE + 82), +SSL_ERROR_TOKEN_INSERTION_REMOVAL = (SSL_ERROR_BASE + 83), +SSL_ERROR_TOKEN_SLOT_NOT_FOUND = (SSL_ERROR_BASE + 84), +SSL_ERROR_NO_COMPRESSION_OVERLAP = (SSL_ERROR_BASE + 85), +SSL_ERROR_HANDSHAKE_NOT_COMPLETED = (SSL_ERROR_BASE + 86), +SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = (SSL_ERROR_BASE + 87), +SSL_ERROR_CERT_KEA_MISMATCH = (SSL_ERROR_BASE + 88), /* SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA became obsolete in NSS 3.14. */ -SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = (SSL_ERROR_BASE + 89), -SSL_ERROR_SESSION_NOT_FOUND = (SSL_ERROR_BASE + 90), - -SSL_ERROR_DECRYPTION_FAILED_ALERT = (SSL_ERROR_BASE + 91), -SSL_ERROR_RECORD_OVERFLOW_ALERT = (SSL_ERROR_BASE + 92), -SSL_ERROR_UNKNOWN_CA_ALERT = (SSL_ERROR_BASE + 93), -SSL_ERROR_ACCESS_DENIED_ALERT = (SSL_ERROR_BASE + 94), -SSL_ERROR_DECODE_ERROR_ALERT = (SSL_ERROR_BASE + 95), -SSL_ERROR_DECRYPT_ERROR_ALERT = (SSL_ERROR_BASE + 96), -SSL_ERROR_EXPORT_RESTRICTION_ALERT = (SSL_ERROR_BASE + 97), -SSL_ERROR_PROTOCOL_VERSION_ALERT = (SSL_ERROR_BASE + 98), -SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = (SSL_ERROR_BASE + 99), -SSL_ERROR_INTERNAL_ERROR_ALERT = (SSL_ERROR_BASE + 100), -SSL_ERROR_USER_CANCELED_ALERT = (SSL_ERROR_BASE + 101), -SSL_ERROR_NO_RENEGOTIATION_ALERT = (SSL_ERROR_BASE + 102), - -SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED = (SSL_ERROR_BASE + 103), - -SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT = (SSL_ERROR_BASE + 104), -SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105), -SSL_ERROR_UNRECOGNIZED_NAME_ALERT = (SSL_ERROR_BASE + 106), -SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107), -SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT = (SSL_ERROR_BASE + 108), +SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = (SSL_ERROR_BASE + 89), +SSL_ERROR_SESSION_NOT_FOUND = (SSL_ERROR_BASE + 90), + +SSL_ERROR_DECRYPTION_FAILED_ALERT = (SSL_ERROR_BASE + 91), +SSL_ERROR_RECORD_OVERFLOW_ALERT = (SSL_ERROR_BASE + 92), +SSL_ERROR_UNKNOWN_CA_ALERT = (SSL_ERROR_BASE + 93), +SSL_ERROR_ACCESS_DENIED_ALERT = (SSL_ERROR_BASE + 94), +SSL_ERROR_DECODE_ERROR_ALERT = (SSL_ERROR_BASE + 95), +SSL_ERROR_DECRYPT_ERROR_ALERT = (SSL_ERROR_BASE + 96), +SSL_ERROR_EXPORT_RESTRICTION_ALERT = (SSL_ERROR_BASE + 97), +SSL_ERROR_PROTOCOL_VERSION_ALERT = (SSL_ERROR_BASE + 98), +SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = (SSL_ERROR_BASE + 99), +SSL_ERROR_INTERNAL_ERROR_ALERT = (SSL_ERROR_BASE + 100), +SSL_ERROR_USER_CANCELED_ALERT = (SSL_ERROR_BASE + 101), +SSL_ERROR_NO_RENEGOTIATION_ALERT = (SSL_ERROR_BASE + 102), + +SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED = (SSL_ERROR_BASE + 103), + +SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT = (SSL_ERROR_BASE + 104), +SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105), +SSL_ERROR_UNRECOGNIZED_NAME_ALERT = (SSL_ERROR_BASE + 106), +SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107), +SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT = (SSL_ERROR_BASE + 108), SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 109), -SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110), +SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110), -SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111), +SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111), SSL_ERROR_RENEGOTIATION_NOT_ALLOWED = (SSL_ERROR_BASE + 112), SSL_ERROR_UNSAFE_NEGOTIATION = (SSL_ERROR_BASE + 113), -SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), +SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY = (SSL_ERROR_BASE + 115), -SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID = (SSL_ERROR_BASE + 116), +SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID = (SSL_ERROR_BASE + 116), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = (SSL_ERROR_BASE + 117), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119), -SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120), -SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121), +SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120), +SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121), SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 122), SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123), @@ -189,11 +189,14 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = (SSL_ERROR_BASE + 124), SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 125), -SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126), -SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127), +SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126), +SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127), SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128), -SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ +SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK = (SSL_ERROR_BASE + 129), +SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130), + +SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/ssl/sslgathr.c b/security/nss/lib/ssl/sslgathr.c index 6c17eb0..bdf470b 100644 --- a/security/nss/lib/ssl/sslgathr.c +++ b/security/nss/lib/ssl/sslgathr.c @@ -364,34 +364,6 @@ ssl2_GatherRecord(sslSocket *ss, int flags) return ssl2_GatherData(ss, &ss->gs, flags); } -/* - * Returns +1 when it has gathered a complete SSLV2 record. - * Returns 0 if it hits EOF. - * Returns -1 (SECFailure) on any error - * Returns -2 (SECWouldBlock) - * - * Called from SocksStartGather in sslsocks.c - * Caller must hold RecvBufLock. - */ -int -ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, unsigned int count) -{ - int rv; - - PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); - gs->state = GS_DATA; - gs->remainder = count; - gs->count = count; - gs->offset = 0; - if (count > gs->buf.space) { - rv = sslBuffer_Grow(&gs->buf, count); - if (rv) { - return rv; - } - } - return ssl2_GatherData(ss, gs, 0); -} - /* Caller should hold RecvBufLock. */ SECStatus ssl_InitGather(sslGather *gs) diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index eaf17af..af3c191 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -226,6 +226,13 @@ extern PRInt32 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, const ssl3HelloExtensionSender *sender); +extern unsigned int +ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength); + +extern PRInt32 +ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, + PRUint32 maxBytes); + /* Socket ops */ struct sslSocketOpsStr { int (*connect) (sslSocket *, const PRNetAddr *); @@ -281,11 +288,11 @@ typedef struct { #endif } ssl3CipherSuiteCfg; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #define ssl_V3_SUITES_IMPLEMENTED 61 #else #define ssl_V3_SUITES_IMPLEMENTED 37 -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ #define MAX_DTLS_SRTP_CIPHER_SUITES 4 @@ -317,6 +324,8 @@ typedef struct sslOptionsStr { unsigned int enableFalseStart : 1; /* 23 */ unsigned int cbcRandomIV : 1; /* 24 */ unsigned int enableOCSPStapling : 1; /* 25 */ + unsigned int enableNPN : 1; /* 26 */ + unsigned int enableALPN : 1; /* 27 */ } sslOptions; typedef enum { sslHandshakingUndetermined = 0, @@ -644,9 +653,9 @@ struct sslSessionIDStr { SSL3KEAType exchKeyType; /* key type used in exchange algorithm, * and to wrap the sym wrapping key. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRUint32 negotiatedECCurves; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* The following values are NOT restored from the server's on-disk * session cache, but are restored from the client's cache. @@ -876,9 +885,9 @@ const ssl3CipherSuiteDef *suite_def; SSL3Finished sFinished[2]; SSL3Opaque data[72]; } finishedMsgs; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRUint32 negotiatedECCurves; /* bit mask */ -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ PRBool authCertificatePending; /* Which function should SSL_RestartHandshake* call if we're blocked? @@ -1371,8 +1380,6 @@ extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss); extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss); extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss); -extern int ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, - unsigned int count); extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss); extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os); @@ -1587,7 +1594,7 @@ int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); */ extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); extern PRBool ssl3_IsECCEnabled(sslSocket *ss); extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, @@ -1642,7 +1649,7 @@ extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve, ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); @@ -1677,7 +1684,7 @@ extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, extern SECStatus ssl_GetPeerInfo(sslSocket *ss); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ECDH functions */ extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey); @@ -1762,7 +1769,7 @@ extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, const CERTCertificateList *certChain, ssl3KeyPair *keyPair, SSLKEAType kea); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss, diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 89545e0..00f2f38 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -148,30 +148,30 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, -{0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, -{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, +{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, +{0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, }, -{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, -{0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, }, -{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, +{0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, -{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, -{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, +{0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, }, -{0,CS(SSL_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, }, +{0,CS(TLS_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, }, {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA, 0, 1, 0, }, {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, }, -{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, }, -{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, }, +{0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, }, +{0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, }, {0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA256, 0, 1, 0, }, -{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, }, -{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, }, +{0,CS(TLS_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, }, +{0,CS(TLS_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ECC cipher suites */ {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, @@ -201,7 +201,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* SSL 2 table */ {0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c index ae94012..2e861f1 100644 --- a/security/nss/lib/ssl/sslnonce.c +++ b/security/nss/lib/ssl/sslnonce.c @@ -165,10 +165,8 @@ static void ssl_DestroySID(sslSessionID *sid) { SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached)); - PORT_Assert((sid->references == 0)); - - if (sid->cached == in_client_cache) - return; /* it will get taken care of next time cache is traversed. */ + PORT_Assert(sid->references == 0); + PORT_Assert(sid->cached != in_client_cache); if (sid->version < SSL_LIBRARY_VERSION_3_0) { SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE); @@ -264,9 +262,9 @@ ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID, SSL_TRC(8, ("SSL: Lookup1: sid=0x%x", sid)); - if (sid->expirationTime < now || !sid->references) { + if (sid->expirationTime < now) { /* - ** This session-id timed out, or was orphaned. + ** This session-id timed out. ** Don't even care who it belongs to, blow it out of our cache. */ SSL_TRC(7, ("SSL: lookup1, throwing sid out, age=%d refs=%d", @@ -274,11 +272,7 @@ ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID, *sidp = sid->next; /* delink it from the list. */ sid->cached = invalid_cache; /* mark not on list. */ - if (!sid->references) - ssl_DestroySID(sid); - else - ssl_FreeLockedSID(sid); /* drop ref count, free. */ - + ssl_FreeLockedSID(sid); /* drop ref count, free. */ } else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */ (sid->port == port) && /* server port matches */ /* proxy (peerID) matches */ @@ -489,6 +483,8 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid, { PORT_Assert(sid); PORT_Assert(newSessionTicket); + PORT_Assert(newSessionTicket->ticket.data); + PORT_Assert(newSessionTicket->ticket.len != 0); /* if sid->u.ssl3.lock, we are updating an existing entry that is already * cached or was once cached, so we need to acquire and release the write @@ -497,10 +493,6 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid, */ if (sid->u.ssl3.lock) { PR_RWLock_Wlock(sid->u.ssl3.lock); - - /* A server might have sent us an empty ticket, which has the - * effect of clearing the previously known ticket. - */ if (sid->u.ssl3.locked.sessionTicket.ticket.data) { SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket, PR_FALSE); diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 53bba01..7a283c7 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -1,5 +1,5 @@ /* - * Various and sundry protocol constants. DON'T CHANGE THESE. These values + * Various and sundry protocol constants. DON'T CHANGE THESE. These values * are mostly defined by the SSL2, SSL3, or TLS protocol specifications. * Cipher kinds and ciphersuites are part of the public API. * @@ -11,138 +11,174 @@ #define __sslproto_h_ /* All versions less than 3_0 are treated as SSL version 2 */ -#define SSL_LIBRARY_VERSION_2 0x0002 -#define SSL_LIBRARY_VERSION_3_0 0x0300 -#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 -#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 -#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 +#define SSL_LIBRARY_VERSION_2 0x0002 +#define SSL_LIBRARY_VERSION_3_0 0x0300 +#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 +#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 +#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 /* Note: this is the internal format, not the wire format */ -#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 +#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 +#define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303 /* deprecated old name */ -#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 +#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 -/* The DTLS version used in the spec */ +/* The DTLS versions used in the spec */ #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) +#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff) /* Header lengths of some of the messages */ -#define SSL_HL_ERROR_HBYTES 3 -#define SSL_HL_CLIENT_HELLO_HBYTES 9 -#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 -#define SSL_HL_CLIENT_FINISHED_HBYTES 1 -#define SSL_HL_SERVER_HELLO_HBYTES 11 -#define SSL_HL_SERVER_VERIFY_HBYTES 1 -#define SSL_HL_SERVER_FINISHED_HBYTES 1 -#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 -#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 +#define SSL_HL_ERROR_HBYTES 3 +#define SSL_HL_CLIENT_HELLO_HBYTES 9 +#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 +#define SSL_HL_CLIENT_FINISHED_HBYTES 1 +#define SSL_HL_SERVER_HELLO_HBYTES 11 +#define SSL_HL_SERVER_VERIFY_HBYTES 1 +#define SSL_HL_SERVER_FINISHED_HBYTES 1 +#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 +#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 /* Security handshake protocol codes */ -#define SSL_MT_ERROR 0 -#define SSL_MT_CLIENT_HELLO 1 -#define SSL_MT_CLIENT_MASTER_KEY 2 -#define SSL_MT_CLIENT_FINISHED 3 -#define SSL_MT_SERVER_HELLO 4 -#define SSL_MT_SERVER_VERIFY 5 -#define SSL_MT_SERVER_FINISHED 6 -#define SSL_MT_REQUEST_CERTIFICATE 7 -#define SSL_MT_CLIENT_CERTIFICATE 8 +#define SSL_MT_ERROR 0 +#define SSL_MT_CLIENT_HELLO 1 +#define SSL_MT_CLIENT_MASTER_KEY 2 +#define SSL_MT_CLIENT_FINISHED 3 +#define SSL_MT_SERVER_HELLO 4 +#define SSL_MT_SERVER_VERIFY 5 +#define SSL_MT_SERVER_FINISHED 6 +#define SSL_MT_REQUEST_CERTIFICATE 7 +#define SSL_MT_CLIENT_CERTIFICATE 8 /* Certificate types */ -#define SSL_CT_X509_CERTIFICATE 0x01 +#define SSL_CT_X509_CERTIFICATE 0x01 #if 0 /* XXX Not implemented yet */ -#define SSL_PKCS6_CERTIFICATE 0x02 +#define SSL_PKCS6_CERTIFICATE 0x02 #endif -#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 +#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 /* Error codes */ -#define SSL_PE_NO_CYPHERS 0x0001 -#define SSL_PE_NO_CERTIFICATE 0x0002 -#define SSL_PE_BAD_CERTIFICATE 0x0004 -#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 +#define SSL_PE_NO_CYPHERS 0x0001 +#define SSL_PE_NO_CERTIFICATE 0x0002 +#define SSL_PE_BAD_CERTIFICATE 0x0004 +#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 /* Cypher kinds (not the spec version!) */ -#define SSL_CK_RC4_128_WITH_MD5 0x01 -#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 -#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 -#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 -#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 -#define SSL_CK_DES_64_CBC_WITH_MD5 0x06 -#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 - -/* Cipher enables. These are used only for SSL_EnableCipher - * These values define the SSL2 suites, and do not colide with the +#define SSL_CK_RC4_128_WITH_MD5 0x01 +#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 +#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 +#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 +#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 +#define SSL_CK_DES_64_CBC_WITH_MD5 0x06 +#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 + +/* Cipher enables. These are used only for SSL_EnableCipher + * These values define the SSL2 suites, and do not colide with the * SSL3 Cipher suites defined below. */ -#define SSL_EN_RC4_128_WITH_MD5 0xFF01 -#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 -#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 -#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 -#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 -#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 -#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 - -/* SSL v3 Cipher Suites */ -#define SSL_NULL_WITH_NULL_NULL 0x0000 - -#define SSL_RSA_WITH_NULL_MD5 0x0001 -#define SSL_RSA_WITH_NULL_SHA 0x0002 -#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 -#define SSL_RSA_WITH_RC4_128_MD5 0x0004 -#define SSL_RSA_WITH_RC4_128_SHA 0x0005 -#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 -#define SSL_RSA_WITH_IDEA_CBC_SHA 0x0007 -#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 -#define SSL_RSA_WITH_DES_CBC_SHA 0x0009 -#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000a - -#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b -#define SSL_DH_DSS_WITH_DES_CBC_SHA 0x000c -#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d -#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e -#define SSL_DH_RSA_WITH_DES_CBC_SHA 0x000f -#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 - -#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 -#define SSL_DHE_DSS_WITH_DES_CBC_SHA 0x0012 -#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 -#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 -#define SSL_DHE_RSA_WITH_DES_CBC_SHA 0x0015 -#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 - -#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 0x0017 -#define SSL_DH_ANON_WITH_RC4_128_MD5 0x0018 -#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA 0x0019 -#define SSL_DH_ANON_WITH_DES_CBC_SHA 0x001a -#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA 0x001b - -#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ -#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ -#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ - -/* New TLS cipher suites */ -#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 -#define TLS_DH_ANON_WITH_AES_128_CBC_SHA 0x0034 - -#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 -#define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A -#define TLS_RSA_WITH_NULL_SHA256 0x003B -#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C -#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D - -#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 -#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 -#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 -#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 -#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 -#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA 0x0046 +#define SSL_EN_RC4_128_WITH_MD5 0xFF01 +#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 +#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 +#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 +#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 +#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 +#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 + +/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */ +#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES +#define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL +#define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5 +#define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA +#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 +#define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5 +#define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA +#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 +#define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA +#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA +#define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA +#define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA +#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA +#define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA +#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA +#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA +#define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA +#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA +#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA +#define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA +#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA +#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA +#define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA +#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA +#define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5 +#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA +#define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA +#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA +#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 +#define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA +#define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA +#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA +#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA +#endif + +#define TLS_NULL_WITH_NULL_NULL 0x0000 + +#define TLS_RSA_WITH_NULL_MD5 0x0001 +#define TLS_RSA_WITH_NULL_SHA 0x0002 +#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 +#define TLS_RSA_WITH_RC4_128_MD5 0x0004 +#define TLS_RSA_WITH_RC4_128_SHA 0x0005 +#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 +#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 +#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 +#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a + +#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b +#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d +#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e +#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 + +#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 +#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 +#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 +#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 + +#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 +#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 +#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 +#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a +#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b + +#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ +#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ +#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ + +#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 +#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 + +#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 +#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A +#define TLS_RSA_WITH_NULL_SHA256 0x003B +#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C +#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D + +#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 +#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 +#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 +#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 +#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 +#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 @@ -153,14 +189,14 @@ #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B -#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 -#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 -#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 -#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 -#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 -#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA 0x0089 +#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 +#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 +#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 +#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 +#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 +#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 -#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 +#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E @@ -170,7 +206,7 @@ * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending * back an empty Renegotiation Info (RI) server hello extension. */ -#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF +#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF /* Cipher Suite Values starting with 0xC000 are defined in informational * RFCs. @@ -214,18 +250,18 @@ #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /* Netscape "experimental" cipher suites. */ -#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 -#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 +#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 +#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 /* New non-experimental openly spec'ed versions of those cipher suites. */ -#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff -#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe +#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff +#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe /* DTLS-SRTP cipher suites from RFC 5764 */ /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ -#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 -#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 -#define SRTP_NULL_HMAC_SHA1_80 0x0005 -#define SRTP_NULL_HMAC_SHA1_32 0x0006 +#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 +#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 +#define SRTP_NULL_HMAC_SHA1_80 0x0005 +#define SRTP_NULL_HMAC_SHA1_32 0x0006 #endif /* __sslproto_h_ */ diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c index 35658d7..a32e3d5 100644 --- a/security/nss/lib/ssl/sslsecur.c +++ b/security/nss/lib/ssl/sslsecur.c @@ -696,11 +696,11 @@ NSS_FindCertKEAType(CERTCertificate * cert) case SEC_OID_X942_DIFFIE_HELMAN_KEY: keaType = kt_dh; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: keaType = kt_ecdh; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: keaType = kt_null; } diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index b0446ad..4d9ef38 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -522,7 +522,6 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from) /* ** Convert shared memory cache-entry to local memory based one ** This is only called from ServerSessionIDLookup(). -** Caller must hold cache lock when calling this. */ static sslSessionID * ConvertToSID(sidCacheEntry * from, diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index 6091677..ee357b6 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -1,5 +1,5 @@ /* - * vtables (and methods that call through them) for the 4 types of + * vtables (and methods that call through them) for the 4 types of * SSLSockets supported. Only one type is still supported. * Various other functions. * @@ -21,7 +21,7 @@ #define SET_ERROR_CODE /* reminder */ -static const sslSocketOps ssl_default_ops = { /* No SSL. */ +static const sslSocketOps ssl_default_ops = { /* No SSL. */ ssl_DefConnect, NULL, ssl_DefBind, @@ -36,7 +36,7 @@ static const sslSocketOps ssl_default_ops = { /* No SSL. */ ssl_DefGetsockname }; -static const sslSocketOps ssl_secure_ops = { /* SSL. */ +static const sslSocketOps ssl_secure_ops = { /* SSL. */ ssl_SecureConnect, NULL, ssl_DefBind, @@ -56,19 +56,19 @@ static const sslSocketOps ssl_secure_ops = { /* SSL. */ */ static sslOptions ssl_defaults = { { siBuffer, NULL, 0 }, /* nextProtoNego */ - PR_TRUE, /* useSecurity */ - PR_FALSE, /* useSocks */ - PR_FALSE, /* requestCertificate */ - 2, /* requireCertificate */ - PR_FALSE, /* handshakeAsClient */ - PR_FALSE, /* handshakeAsServer */ - PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */ - PR_FALSE, /* unusedBit9 */ - PR_FALSE, /* unusedBit10 */ - PR_FALSE, /* noCache */ - PR_FALSE, /* fdx */ - PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */ - PR_TRUE, /* detectRollBack */ + PR_TRUE, /* useSecurity */ + PR_FALSE, /* useSocks */ + PR_FALSE, /* requestCertificate */ + 2, /* requireCertificate */ + PR_FALSE, /* handshakeAsClient */ + PR_FALSE, /* handshakeAsServer */ + PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */ + PR_FALSE, /* unusedBit9 */ + PR_FALSE, /* unusedBit10 */ + PR_FALSE, /* noCache */ + PR_FALSE, /* fdx */ + PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */ + PR_TRUE, /* detectRollBack */ PR_FALSE, /* noStepDown */ PR_FALSE, /* bypassPKCS11 */ PR_FALSE, /* noLocks */ @@ -78,7 +78,9 @@ static sslOptions ssl_defaults = { PR_FALSE, /* requireSafeNegotiation */ PR_FALSE, /* enableFalseStart */ PR_TRUE, /* cbcRandomIV */ - PR_FALSE /* enableOCSPStapling */ + PR_FALSE, /* enableOCSPStapling */ + PR_TRUE, /* enableNPN */ + PR_FALSE /* enableALPN */ }; /* @@ -105,9 +107,9 @@ sslSessionIDUncacheFunc ssl_sid_uncache; static PRBool ssl_inited = PR_FALSE; static PRDescIdentity ssl_layer_id; -PRBool locksEverDisabled; /* implicitly PR_FALSE */ -PRBool ssl_force_locks; /* implicitly PR_FALSE */ -int ssl_lock_readers = 1; /* default true. */ +PRBool locksEverDisabled; /* implicitly PR_FALSE */ +PRBool ssl_force_locks; /* implicitly PR_FALSE */ +int ssl_lock_readers = 1; /* default true. */ char ssl_debug; char ssl_trace; FILE * ssl_trace_iob; @@ -126,7 +128,7 @@ static const PRUint16 srtpCiphers[] = { static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant); static SECStatus ssl_MakeLocks(sslSocket *ss); static void ssl_SetDefaultsFromEnvironment(void); -static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, +static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id); /************************************************************************/ @@ -147,18 +149,23 @@ ssl_GetPrivate(PRFileDesc *fd) if (fd->methods->file_type != PR_DESC_LAYERED || fd->identity != ssl_layer_id) { - PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); - return NULL; + PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); + return NULL; } ss = (sslSocket *)fd->secret; + /* Set ss->fd lazily. We can't rely on the value of ss->fd set by + * ssl_PushIOLayer because another PR_PushIOLayer call will switch the + * contents of the PRFileDesc pointed by ss->fd and the new layer. + * See bug 807250. + */ ss->fd = fd; return ss; } -/* This function tries to find the SSL layer in the stack. +/* This function tries to find the SSL layer in the stack. * It searches for the first SSL layer at or below the argument fd, - * and failing that, it searches for the nearest SSL layer above the + * and failing that, it searches for the nearest SSL layer above the * argument fd. It returns the private sslSocket from the found layer. */ sslSocket * @@ -172,11 +179,16 @@ ssl_FindSocket(PRFileDesc *fd) layer = PR_GetIdentitiesLayer(fd, ssl_layer_id); if (layer == NULL) { - PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); - return NULL; + PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); + return NULL; } ss = (sslSocket *)layer->secret; + /* Set ss->fd lazily. We can't rely on the value of ss->fd set by + * ssl_PushIOLayer because another PR_PushIOLayer call will switch the + * contents of the PRFileDesc pointed by ss->fd and the new layer. + * See bug 807250. + */ ss->fd = layer; return ss; } @@ -189,94 +201,94 @@ ssl_DupSocket(sslSocket *os) ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant); if (ss) { - ss->opt = os->opt; - ss->opt.useSocks = PR_FALSE; - ss->vrange = os->vrange; - - ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); - ss->url = !os->url ? NULL : PORT_Strdup(os->url); - - ss->ops = os->ops; - ss->rTimeout = os->rTimeout; - ss->wTimeout = os->wTimeout; - ss->cTimeout = os->cTimeout; - ss->dbHandle = os->dbHandle; - - /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */ - ss->allowedByPolicy = os->allowedByPolicy; - ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; - ss->chosenPreference = os->chosenPreference; - PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites); - PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, - sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); - ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; - - if (os->cipherSpecs) { - ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); - if (ss->cipherSpecs) - PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, - os->sizeCipherSpecs); - ss->sizeCipherSpecs = os->sizeCipherSpecs; - ss->preferredCipher = os->preferredCipher; - } else { - ss->cipherSpecs = NULL; /* produced lazily */ - ss->sizeCipherSpecs = 0; - ss->preferredCipher = NULL; - } - if (ss->opt.useSecurity) { - /* This int should be SSLKEAType, but CC on Irix complains, - * during the for loop. - */ - int i; - sslServerCerts * oc = os->serverCerts; - sslServerCerts * sc = ss->serverCerts; - - for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) { - if (oc->serverCert && oc->serverCertChain) { - sc->serverCert = CERT_DupCertificate(oc->serverCert); - sc->serverCertChain = CERT_DupCertList(oc->serverCertChain); - if (!sc->serverCertChain) - goto loser; - } else { - sc->serverCert = NULL; - sc->serverCertChain = NULL; - } - sc->serverKeyPair = oc->serverKeyPair ? - ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; - if (oc->serverKeyPair && !sc->serverKeyPair) - goto loser; - sc->serverKeyBits = oc->serverKeyBits; - ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : - SECITEM_DupArray(NULL, os->certStatusArray[i]); - } - ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : - ssl3_GetKeyPairRef(os->stepDownKeyPair); - ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : - ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); + ss->opt = os->opt; + ss->opt.useSocks = PR_FALSE; + ss->vrange = os->vrange; + + ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); + ss->url = !os->url ? NULL : PORT_Strdup(os->url); + + ss->ops = os->ops; + ss->rTimeout = os->rTimeout; + ss->wTimeout = os->wTimeout; + ss->cTimeout = os->cTimeout; + ss->dbHandle = os->dbHandle; + + /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */ + ss->allowedByPolicy = os->allowedByPolicy; + ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; + ss->chosenPreference = os->chosenPreference; + PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites); + PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, + sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); + ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; + + if (os->cipherSpecs) { + ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); + if (ss->cipherSpecs) + PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, + os->sizeCipherSpecs); + ss->sizeCipherSpecs = os->sizeCipherSpecs; + ss->preferredCipher = os->preferredCipher; + } else { + ss->cipherSpecs = NULL; /* produced lazily */ + ss->sizeCipherSpecs = 0; + ss->preferredCipher = NULL; + } + if (ss->opt.useSecurity) { + /* This int should be SSLKEAType, but CC on Irix complains, + * during the for loop. + */ + int i; + sslServerCerts * oc = os->serverCerts; + sslServerCerts * sc = ss->serverCerts; + + for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) { + if (oc->serverCert && oc->serverCertChain) { + sc->serverCert = CERT_DupCertificate(oc->serverCert); + sc->serverCertChain = CERT_DupCertList(oc->serverCertChain); + if (!sc->serverCertChain) + goto loser; + } else { + sc->serverCert = NULL; + sc->serverCertChain = NULL; + } + sc->serverKeyPair = oc->serverKeyPair ? + ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; + if (oc->serverKeyPair && !sc->serverKeyPair) + goto loser; + sc->serverKeyBits = oc->serverKeyBits; + ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : + SECITEM_DupArray(NULL, os->certStatusArray[i]); + } + ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : + ssl3_GetKeyPairRef(os->stepDownKeyPair); + ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : + ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); /* * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL. * XXX We should detect this, and not just march on with NULL pointers. */ - ss->authCertificate = os->authCertificate; - ss->authCertificateArg = os->authCertificateArg; - ss->getClientAuthData = os->getClientAuthData; - ss->getClientAuthDataArg = os->getClientAuthDataArg; + ss->authCertificate = os->authCertificate; + ss->authCertificateArg = os->authCertificateArg; + ss->getClientAuthData = os->getClientAuthData; + ss->getClientAuthDataArg = os->getClientAuthDataArg; ss->sniSocketConfig = os->sniSocketConfig; ss->sniSocketConfigArg = os->sniSocketConfigArg; - ss->handleBadCert = os->handleBadCert; - ss->badCertArg = os->badCertArg; - ss->handshakeCallback = os->handshakeCallback; - ss->handshakeCallbackData = os->handshakeCallbackData; - ss->canFalseStartCallback = os->canFalseStartCallback; - ss->canFalseStartCallbackData = os->canFalseStartCallbackData; - ss->pkcs11PinArg = os->pkcs11PinArg; - - /* Create security data */ - rv = ssl_CopySecurityInfo(ss, os); - if (rv != SECSuccess) { - goto loser; - } - } + ss->handleBadCert = os->handleBadCert; + ss->badCertArg = os->badCertArg; + ss->handshakeCallback = os->handshakeCallback; + ss->handshakeCallbackData = os->handshakeCallbackData; + ss->canFalseStartCallback = os->canFalseStartCallback; + ss->canFalseStartCallbackData = os->canFalseStartCallbackData; + ss->pkcs11PinArg = os->pkcs11PinArg; + + /* Create security data */ + rv = ssl_CopySecurityInfo(ss, os); + if (rv != SECSuccess) { + goto loser; + } + } } return ss; @@ -290,33 +302,33 @@ ssl_DestroyLocks(sslSocket *ss) { /* Destroy locks. */ if (ss->firstHandshakeLock) { - PZ_DestroyMonitor(ss->firstHandshakeLock); - ss->firstHandshakeLock = NULL; + PZ_DestroyMonitor(ss->firstHandshakeLock); + ss->firstHandshakeLock = NULL; } if (ss->ssl3HandshakeLock) { - PZ_DestroyMonitor(ss->ssl3HandshakeLock); - ss->ssl3HandshakeLock = NULL; + PZ_DestroyMonitor(ss->ssl3HandshakeLock); + ss->ssl3HandshakeLock = NULL; } if (ss->specLock) { - NSSRWLock_Destroy(ss->specLock); - ss->specLock = NULL; + NSSRWLock_Destroy(ss->specLock); + ss->specLock = NULL; } if (ss->recvLock) { - PZ_DestroyLock(ss->recvLock); - ss->recvLock = NULL; + PZ_DestroyLock(ss->recvLock); + ss->recvLock = NULL; } if (ss->sendLock) { - PZ_DestroyLock(ss->sendLock); - ss->sendLock = NULL; + PZ_DestroyLock(ss->sendLock); + ss->sendLock = NULL; } if (ss->xmitBufLock) { - PZ_DestroyMonitor(ss->xmitBufLock); - ss->xmitBufLock = NULL; + PZ_DestroyMonitor(ss->xmitBufLock); + ss->xmitBufLock = NULL; } if (ss->recvBufLock) { - PZ_DestroyMonitor(ss->recvBufLock); - ss->recvBufLock = NULL; + PZ_DestroyMonitor(ss->recvBufLock); + ss->recvBufLock = NULL; } } @@ -339,36 +351,36 @@ ssl_DestroySocketContents(sslSocket *ss) ssl_DestroyGather(&ss->gs); if (ss->peerID != NULL) - PORT_Free(ss->peerID); + PORT_Free(ss->peerID); if (ss->url != NULL) - PORT_Free((void *)ss->url); /* CONST */ + PORT_Free((void *)ss->url); /* CONST */ if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; } /* Clean up server configuration */ for (i=kt_null; i < kt_kea_size; i++) { - sslServerCerts * sc = ss->serverCerts + i; - if (sc->serverCert != NULL) - CERT_DestroyCertificate(sc->serverCert); - if (sc->serverCertChain != NULL) - CERT_DestroyCertificateList(sc->serverCertChain); - if (sc->serverKeyPair != NULL) - ssl3_FreeKeyPair(sc->serverKeyPair); - if (ss->certStatusArray[i] != NULL) { - SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); - ss->certStatusArray[i] = NULL; - } + sslServerCerts * sc = ss->serverCerts + i; + if (sc->serverCert != NULL) + CERT_DestroyCertificate(sc->serverCert); + if (sc->serverCertChain != NULL) + CERT_DestroyCertificateList(sc->serverCertChain); + if (sc->serverKeyPair != NULL) + ssl3_FreeKeyPair(sc->serverKeyPair); + if (ss->certStatusArray[i] != NULL) { + SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); + ss->certStatusArray[i] = NULL; + } } if (ss->stepDownKeyPair) { - ssl3_FreeKeyPair(ss->stepDownKeyPair); - ss->stepDownKeyPair = NULL; + ssl3_FreeKeyPair(ss->stepDownKeyPair); + ss->stepDownKeyPair = NULL; } if (ss->ephemeralECDHKeyPair) { - ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); - ss->ephemeralECDHKeyPair = NULL; + ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); + ss->ephemeralECDHKeyPair = NULL; } SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); PORT_Assert(!ss->xtnData.sniNameArr); @@ -416,7 +428,7 @@ ssl_FreeSocket(sslSocket *ss) } /************************************************************************/ -SECStatus +SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled) { PRFileDesc * osfd = ss->fd->lower; @@ -494,26 +506,26 @@ static void ssl_EnableTLS(SSLVersionRange *vrange, PRBool on) { if (SSL3_ALL_VERSIONS_DISABLED(vrange)) { - if (on) { - vrange->min = SSL_LIBRARY_VERSION_TLS_1_0; - vrange->max = SSL_LIBRARY_VERSION_TLS_1_0; - } /* else don't change anything */ - return; + if (on) { + vrange->min = SSL_LIBRARY_VERSION_TLS_1_0; + vrange->max = SSL_LIBRARY_VERSION_TLS_1_0; + } /* else don't change anything */ + return; } if (on) { - /* Expand the range of enabled version to include TLS 1.0 */ - vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); - vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0); + /* Expand the range of enabled version to include TLS 1.0 */ + vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); + vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0); } else { - /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */ - if (vrange->min == SSL_LIBRARY_VERSION_3_0) { - vrange->max = SSL_LIBRARY_VERSION_3_0; - } else { - /* Only TLS was enabled, so now no versions are. */ - vrange->min = SSL_LIBRARY_VERSION_NONE; - vrange->max = SSL_LIBRARY_VERSION_NONE; - } + /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */ + if (vrange->min == SSL_LIBRARY_VERSION_3_0) { + vrange->max = SSL_LIBRARY_VERSION_3_0; + } else { + /* Only TLS was enabled, so now no versions are. */ + vrange->min = SSL_LIBRARY_VERSION_NONE; + vrange->max = SSL_LIBRARY_VERSION_NONE; + } } } @@ -524,28 +536,28 @@ static void ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on) { if (SSL3_ALL_VERSIONS_DISABLED(vrange)) { - if (on) { - vrange->min = SSL_LIBRARY_VERSION_3_0; - vrange->max = SSL_LIBRARY_VERSION_3_0; - } /* else don't change anything */ - return; + if (on) { + vrange->min = SSL_LIBRARY_VERSION_3_0; + vrange->max = SSL_LIBRARY_VERSION_3_0; + } /* else don't change anything */ + return; } if (on) { - /* Expand the range of enabled versions to include SSL 3.0. We know - * SSL 3.0 or some version of TLS is already enabled at this point, so - * we don't need to change vrange->max. - */ - vrange->min = SSL_LIBRARY_VERSION_3_0; + /* Expand the range of enabled versions to include SSL 3.0. We know + * SSL 3.0 or some version of TLS is already enabled at this point, so + * we don't need to change vrange->max. + */ + vrange->min = SSL_LIBRARY_VERSION_3_0; } else { - /* Disable SSL 3.0, leaving TLS unaffected. */ - if (vrange->max > SSL_LIBRARY_VERSION_3_0) { - vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); - } else { - /* Only SSL 3.0 was enabled, so now no versions are. */ - vrange->min = SSL_LIBRARY_VERSION_NONE; - vrange->max = SSL_LIBRARY_VERSION_NONE; - } + /* Disable SSL 3.0, leaving TLS unaffected. */ + if (vrange->max > SSL_LIBRARY_VERSION_3_0) { + vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); + } else { + /* Only SSL 3.0 was enabled, so now no versions are. */ + vrange->min = SSL_LIBRARY_VERSION_NONE; + vrange->max = SSL_LIBRARY_VERSION_NONE; + } } } @@ -557,8 +569,8 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) PRBool holdingLocks; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); + return SECFailure; } holdingLocks = (!ss->opt.noLocks); @@ -567,140 +579,140 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) switch (which) { case SSL_SOCKS: - ss->opt.useSocks = PR_FALSE; - rv = PrepareSocket(ss); - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - } - break; + ss->opt.useSocks = PR_FALSE; + rv = PrepareSocket(ss); + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } + break; case SSL_SECURITY: - ss->opt.useSecurity = on; - rv = PrepareSocket(ss); - break; + ss->opt.useSecurity = on; + rv = PrepareSocket(ss); + break; case SSL_REQUEST_CERTIFICATE: - ss->opt.requestCertificate = on; - break; + ss->opt.requestCertificate = on; + break; case SSL_REQUIRE_CERTIFICATE: - ss->opt.requireCertificate = on; - break; + ss->opt.requireCertificate = on; + break; case SSL_HANDSHAKE_AS_CLIENT: - if ( ss->opt.handshakeAsServer && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - break; - } - ss->opt.handshakeAsClient = on; - break; + if ( ss->opt.handshakeAsServer && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + break; + } + ss->opt.handshakeAsClient = on; + break; case SSL_HANDSHAKE_AS_SERVER: - if ( ss->opt.handshakeAsClient && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - break; - } - ss->opt.handshakeAsServer = on; - break; + if ( ss->opt.handshakeAsClient && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + break; + } + ss->opt.handshakeAsServer = on; + break; case SSL_ENABLE_TLS: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ssl_EnableTLS(&ss->vrange, on); - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; - } - break; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ssl_EnableTLS(&ss->vrange, on); + ss->preferredCipher = NULL; + if (ss->cipherSpecs) { + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; + } + break; case SSL_ENABLE_SSL3: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ssl_EnableSSL3(&ss->vrange, on); - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; - } - break; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ssl_EnableSSL3(&ss->vrange, on); + ss->preferredCipher = NULL; + if (ss->cipherSpecs) { + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; + } + break; case SSL_ENABLE_SSL2: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ss->opt.enableSSL2 = on; - if (on) { - ss->opt.v2CompatibleHello = on; - } - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; - } - break; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ss->opt.enableSSL2 = on; + if (on) { + ss->opt.v2CompatibleHello = on; + } + ss->preferredCipher = NULL; + if (ss->cipherSpecs) { + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; + } + break; case SSL_NO_CACHE: - ss->opt.noCache = on; - break; + ss->opt.noCache = on; + break; case SSL_ENABLE_FDX: - if (on && ss->opt.noLocks) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - } - ss->opt.fdx = on; - break; + if (on && ss->opt.noLocks) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } + ss->opt.fdx = on; + break; case SSL_V2_COMPATIBLE_HELLO: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ss->opt.v2CompatibleHello = on; - if (!on) { - ss->opt.enableSSL2 = on; - } - break; - - case SSL_ROLLBACK_DETECTION: - ss->opt.detectRollBack = on; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ss->opt.v2CompatibleHello = on; + if (!on) { + ss->opt.enableSSL2 = on; + } break; - case SSL_NO_STEP_DOWN: - ss->opt.noStepDown = on; - if (on) - SSL_DisableExportCipherSuites(fd); - break; + case SSL_ROLLBACK_DETECTION: + ss->opt.detectRollBack = on; + break; + + case SSL_NO_STEP_DOWN: + ss->opt.noStepDown = on; + if (on) + SSL_DisableExportCipherSuites(fd); + break; case SSL_BYPASS_PKCS11: - if (ss->handshakeBegun) { - PORT_SetError(PR_INVALID_STATE_ERROR); - rv = SECFailure; - } else { + if (ss->handshakeBegun) { + PORT_SetError(PR_INVALID_STATE_ERROR); + rv = SECFailure; + } else { if (PR_FALSE != on) { if (PR_SUCCESS == SSL_BypassSetup() ) { #ifdef NO_PKCS11_BYPASS @@ -714,59 +726,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) } else { ss->opt.bypassPKCS11 = PR_FALSE; } - } - break; + } + break; case SSL_NO_LOCKS: - if (on && ss->opt.fdx) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - } - if (on && ssl_force_locks) - on = PR_FALSE; /* silent override */ - ss->opt.noLocks = on; - if (on) { - locksEverDisabled = PR_TRUE; - strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); - } else if (!holdingLocks) { - rv = ssl_MakeLocks(ss); - if (rv != SECSuccess) { - ss->opt.noLocks = PR_TRUE; - } - } - break; + if (on && ss->opt.fdx) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } + if (on && ssl_force_locks) + on = PR_FALSE; /* silent override */ + ss->opt.noLocks = on; + if (on) { + locksEverDisabled = PR_TRUE; + strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); + } else if (!holdingLocks) { + rv = ssl_MakeLocks(ss); + if (rv != SECSuccess) { + ss->opt.noLocks = PR_TRUE; + } + } + break; case SSL_ENABLE_SESSION_TICKETS: - ss->opt.enableSessionTickets = on; - break; + ss->opt.enableSessionTickets = on; + break; case SSL_ENABLE_DEFLATE: - ss->opt.enableDeflate = on; - break; + ss->opt.enableDeflate = on; + break; case SSL_ENABLE_RENEGOTIATION: - ss->opt.enableRenegotiation = on; - break; + ss->opt.enableRenegotiation = on; + break; case SSL_REQUIRE_SAFE_NEGOTIATION: - ss->opt.requireSafeNegotiation = on; - break; + ss->opt.requireSafeNegotiation = on; + break; case SSL_ENABLE_FALSE_START: - ss->opt.enableFalseStart = on; - break; + ss->opt.enableFalseStart = on; + break; case SSL_CBC_RANDOM_IV: - ss->opt.cbcRandomIV = on; - break; + ss->opt.cbcRandomIV = on; + break; case SSL_ENABLE_OCSP_STAPLING: ss->opt.enableOCSPStapling = on; break; + case SSL_ENABLE_NPN: + ss->opt.enableNPN = on; + break; + + case SSL_ENABLE_ALPN: + ss->opt.enableALPN = on; + break; + default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; } /* We can't use the macros for releasing the locks here, @@ -775,8 +795,8 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) * regardless of the current value of ss->opt.noLocks. */ if (holdingLocks) { - PZ_ExitMonitor((ss)->ssl3HandshakeLock); - PZ_ExitMonitor((ss)->firstHandshakeLock); + PZ_ExitMonitor((ss)->ssl3HandshakeLock); + PZ_ExitMonitor((ss)->firstHandshakeLock); } return rv; @@ -790,13 +810,13 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) PRBool on = PR_FALSE; if (!pOn) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); - *pOn = PR_FALSE; - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); + *pOn = PR_FALSE; + return SECFailure; } ssl_Get1stHandshakeLock(ss); @@ -810,11 +830,11 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break; case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break; case SSL_ENABLE_TLS: - on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0; - break; + on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0; + break; case SSL_ENABLE_SSL3: - on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0; - break; + on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0; + break; case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break; case SSL_NO_CACHE: on = ss->opt.noCache; break; case SSL_ENABLE_FDX: on = ss->opt.fdx; break; @@ -824,20 +844,22 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_BYPASS_PKCS11: on = ss->opt.bypassPKCS11; break; case SSL_NO_LOCKS: on = ss->opt.noLocks; break; case SSL_ENABLE_SESSION_TICKETS: - on = ss->opt.enableSessionTickets; - break; + on = ss->opt.enableSessionTickets; + break; case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; - case SSL_ENABLE_RENEGOTIATION: + case SSL_ENABLE_RENEGOTIATION: on = ss->opt.enableRenegotiation; break; - case SSL_REQUIRE_SAFE_NEGOTIATION: + case SSL_REQUIRE_SAFE_NEGOTIATION: on = ss->opt.requireSafeNegotiation; break; case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; + case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break; + case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; } ssl_ReleaseSSL3HandshakeLock(ss); @@ -854,8 +876,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) PRBool on = PR_FALSE; if (!pOn) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } ssl_SetDefaultsFromEnvironment(); @@ -868,13 +890,13 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break; case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break; case SSL_ENABLE_TLS: - on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0; - break; + on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0; + break; case SSL_ENABLE_SSL3: - on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0; - break; + on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0; + break; case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break; - case SSL_NO_CACHE: on = ssl_defaults.noCache; break; + case SSL_NO_CACHE: on = ssl_defaults.noCache; break; case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break; case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break; case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break; @@ -882,23 +904,25 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break; case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break; case SSL_ENABLE_SESSION_TICKETS: - on = ssl_defaults.enableSessionTickets; - break; + on = ssl_defaults.enableSessionTickets; + break; case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break; - case SSL_ENABLE_RENEGOTIATION: + case SSL_ENABLE_RENEGOTIATION: on = ssl_defaults.enableRenegotiation; break; - case SSL_REQUIRE_SAFE_NEGOTIATION: - on = ssl_defaults.requireSafeNegotiation; - break; + case SSL_REQUIRE_SAFE_NEGOTIATION: + on = ssl_defaults.requireSafeNegotiation; + break; case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; case SSL_ENABLE_OCSP_STAPLING: on = ssl_defaults.enableOCSPStapling; break; + case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break; + case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; } *pOn = on; @@ -918,91 +942,91 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) SECStatus status = ssl_Init(); if (status != SECSuccess) { - return status; + return status; } ssl_SetDefaultsFromEnvironment(); switch (which) { case SSL_SOCKS: - ssl_defaults.useSocks = PR_FALSE; - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - break; + ssl_defaults.useSocks = PR_FALSE; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + break; case SSL_SECURITY: - ssl_defaults.useSecurity = on; - break; + ssl_defaults.useSecurity = on; + break; case SSL_REQUEST_CERTIFICATE: - ssl_defaults.requestCertificate = on; - break; + ssl_defaults.requestCertificate = on; + break; case SSL_REQUIRE_CERTIFICATE: - ssl_defaults.requireCertificate = on; - break; + ssl_defaults.requireCertificate = on; + break; case SSL_HANDSHAKE_AS_CLIENT: - if ( ssl_defaults.handshakeAsServer && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - ssl_defaults.handshakeAsClient = on; - break; + if ( ssl_defaults.handshakeAsServer && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + ssl_defaults.handshakeAsClient = on; + break; case SSL_HANDSHAKE_AS_SERVER: - if ( ssl_defaults.handshakeAsClient && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - ssl_defaults.handshakeAsServer = on; - break; + if ( ssl_defaults.handshakeAsClient && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + ssl_defaults.handshakeAsServer = on; + break; case SSL_ENABLE_TLS: - ssl_EnableTLS(&versions_defaults_stream, on); - break; + ssl_EnableTLS(&versions_defaults_stream, on); + break; case SSL_ENABLE_SSL3: - ssl_EnableSSL3(&versions_defaults_stream, on); - break; + ssl_EnableSSL3(&versions_defaults_stream, on); + break; case SSL_ENABLE_SSL2: - ssl_defaults.enableSSL2 = on; - if (on) { - ssl_defaults.v2CompatibleHello = on; - } - break; + ssl_defaults.enableSSL2 = on; + if (on) { + ssl_defaults.v2CompatibleHello = on; + } + break; case SSL_NO_CACHE: - ssl_defaults.noCache = on; - break; + ssl_defaults.noCache = on; + break; case SSL_ENABLE_FDX: - if (on && ssl_defaults.noLocks) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - ssl_defaults.fdx = on; - break; + if (on && ssl_defaults.noLocks) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + ssl_defaults.fdx = on; + break; case SSL_V2_COMPATIBLE_HELLO: - ssl_defaults.v2CompatibleHello = on; - if (!on) { - ssl_defaults.enableSSL2 = on; - } - break; - - case SSL_ROLLBACK_DETECTION: - ssl_defaults.detectRollBack = on; - break; - - case SSL_NO_STEP_DOWN: - ssl_defaults.noStepDown = on; - if (on) - SSL_DisableDefaultExportCipherSuites(); - break; + ssl_defaults.v2CompatibleHello = on; + if (!on) { + ssl_defaults.enableSSL2 = on; + } + break; + + case SSL_ROLLBACK_DETECTION: + ssl_defaults.detectRollBack = on; + break; + + case SSL_NO_STEP_DOWN: + ssl_defaults.noStepDown = on; + if (on) + SSL_DisableDefaultExportCipherSuites(); + break; case SSL_BYPASS_PKCS11: if (PR_FALSE != on) { @@ -1018,68 +1042,76 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) } else { ssl_defaults.bypassPKCS11 = PR_FALSE; } - break; + break; case SSL_NO_LOCKS: - if (on && ssl_defaults.fdx) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - if (on && ssl_force_locks) - on = PR_FALSE; /* silent override */ - ssl_defaults.noLocks = on; - if (on) { - locksEverDisabled = PR_TRUE; - strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); - } - break; + if (on && ssl_defaults.fdx) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (on && ssl_force_locks) + on = PR_FALSE; /* silent override */ + ssl_defaults.noLocks = on; + if (on) { + locksEverDisabled = PR_TRUE; + strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); + } + break; case SSL_ENABLE_SESSION_TICKETS: - ssl_defaults.enableSessionTickets = on; - break; + ssl_defaults.enableSessionTickets = on; + break; case SSL_ENABLE_DEFLATE: - ssl_defaults.enableDeflate = on; - break; + ssl_defaults.enableDeflate = on; + break; case SSL_ENABLE_RENEGOTIATION: - ssl_defaults.enableRenegotiation = on; - break; + ssl_defaults.enableRenegotiation = on; + break; case SSL_REQUIRE_SAFE_NEGOTIATION: - ssl_defaults.requireSafeNegotiation = on; - break; + ssl_defaults.requireSafeNegotiation = on; + break; case SSL_ENABLE_FALSE_START: - ssl_defaults.enableFalseStart = on; - break; + ssl_defaults.enableFalseStart = on; + break; case SSL_CBC_RANDOM_IV: - ssl_defaults.cbcRandomIV = on; - break; + ssl_defaults.cbcRandomIV = on; + break; case SSL_ENABLE_OCSP_STAPLING: ssl_defaults.enableOCSPStapling = on; break; + case SSL_ENABLE_NPN: + ssl_defaults.enableNPN = on; + break; + + case SSL_ENABLE_ALPN: + ssl_defaults.enableALPN = on; + break; + default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SECSuccess; } /* function tells us if the cipher suite is one that we no longer support. */ -static PRBool +static PRBool ssl_IsRemovedCipherSuite(PRInt32 suite) { switch (suite) { case SSL_FORTEZZA_DMS_WITH_NULL_SHA: case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA: - return PR_TRUE; + return PR_TRUE; default: - return PR_FALSE; + return PR_FALSE; } } @@ -1091,14 +1123,14 @@ SECStatus SSL_SetPolicy(long which, int policy) { if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) { - /* one of the two old FIPS ciphers */ - if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) - which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; - else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) - which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; + /* one of the two old FIPS ciphers */ + if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) + which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; + else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) + which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; return SSL_CipherPolicySet(which, policy); } @@ -1108,15 +1140,15 @@ SSL_CipherPolicySet(PRInt32 which, PRInt32 policy) SECStatus rv = ssl_Init(); if (rv != SECSuccess) { - return rv; + return rv; } if (ssl_IsRemovedCipherSuite(which)) { - rv = SECSuccess; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_SetPolicy(which, policy); + rv = ssl2_SetPolicy(which, policy); } else { - rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); + rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); } return rv; } @@ -1127,16 +1159,16 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) SECStatus rv; if (!oPolicy) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) { - *oPolicy = SSL_NOT_ALLOWED; - rv = SECSuccess; + *oPolicy = SSL_NOT_ALLOWED; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_GetPolicy(which, oPolicy); + rv = ssl2_GetPolicy(which, oPolicy); } else { - rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy); + rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy); } return rv; } @@ -1144,20 +1176,20 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) /* Part of the public NSS API. * Since this is a global (not per-socket) setting, we cannot use the * HandshakeLock to protect this. Probably want a global lock. - * These changes have no effect on any sslSockets already created. + * These changes have no effect on any sslSockets already created. */ SECStatus SSL_EnableCipher(long which, PRBool enabled) { if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) { - /* one of the two old FIPS ciphers */ - if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) - which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; - else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) - which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; + /* one of the two old FIPS ciphers */ + if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) + which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; + else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) + which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; return SSL_CipherPrefSetDefault(which, enabled); } @@ -1167,39 +1199,39 @@ SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled) SECStatus rv = ssl_Init(); if (rv != SECSuccess) { - return rv; + return rv; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; } if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefSetDefault(which, enabled); + rv = ssl2_CipherPrefSetDefault(which, enabled); } else { - rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled); } return rv; } -SECStatus +SECStatus SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled) { SECStatus rv; - + if (!enabled) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) { - *enabled = PR_FALSE; - rv = SECSuccess; + *enabled = PR_FALSE; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefGetDefault(which, enabled); + rv = ssl2_CipherPrefGetDefault(which, enabled); } else { - rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled); } return rv; } @@ -1209,47 +1241,47 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) { SECStatus rv; sslSocket *ss = ssl_FindSocket(fd); - + if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd)); + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; } if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefSet(ss, which, enabled); + rv = ssl2_CipherPrefSet(ss, which, enabled); } else { - rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled); } return rv; } -SECStatus +SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled) { SECStatus rv; sslSocket *ss = ssl_FindSocket(fd); - + if (!enabled) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd)); - *enabled = PR_FALSE; - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd)); + *enabled = PR_FALSE; + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) { - *enabled = PR_FALSE; - rv = SECSuccess; + *enabled = PR_FALSE; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefGet(ss, which, enabled); + rv = ssl2_CipherPrefGet(ss, which, enabled); } else { - rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); } return rv; } @@ -1261,9 +1293,9 @@ NSS_SetDomesticPolicy(void) const PRUint16 *cipher; for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) { - status = SSL_SetPolicy(*cipher, SSL_ALLOWED); - if (status != SECSuccess) - break; + status = SSL_SetPolicy(*cipher, SSL_ALLOWED); + if (status != SECSuccess) + break; } return status; } @@ -1289,37 +1321,40 @@ ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant) sslSocket * ns = NULL; PRStatus rv; PRNetAddr addr; - SECStatus status = ssl_Init(); + SECStatus status = ssl_Init(); if (status != SECSuccess) { - return NULL; + return NULL; } if (model == NULL) { - /* Just create a default socket if we're given NULL for the model */ - ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant); + /* Just create a default socket if we're given NULL for the model */ + ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant); } else { - sslSocket * ss = ssl_FindSocket(model); - if (ss == NULL || ss->protocolVariant != variant) { - SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", - SSL_GETPID(), model)); - return NULL; - } - ns = ssl_DupSocket(ss); + sslSocket * ss = ssl_FindSocket(model); + if (ss == NULL || ss->protocolVariant != variant) { + SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", + SSL_GETPID(), model)); + return NULL; + } + ns = ssl_DupSocket(ss); } if (ns == NULL) - return NULL; + return NULL; rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER); if (rv != PR_SUCCESS) { - ssl_FreeSocket(ns); - SET_ERROR_CODE - return NULL; - } - ns = ssl_FindSocket(fd); - PORT_Assert(ns); - if (ns) - ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr)); + ssl_FreeSocket(ns); + SET_ERROR_CODE + return NULL; + } +#if defined(DEBUG) || defined(FORCE_PR_ASSERT) + { + sslSocket * ss = ssl_FindSocket(fd); + PORT_Assert(ss == ns); + } +#endif + ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr)); return fd; } @@ -1335,16 +1370,21 @@ DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd) return ssl_ImportFD(model, fd, ssl_variant_datagram); } +/* SSL_SetNextProtoCallback is used to select an application protocol + * for ALPN and NPN. For ALPN, this runs on the server; for NPN it + * runs on the client. */ +/* Note: The ALPN version doesn't allow for the use of a default, setting a + * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */ SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback, - void *arg) + void *arg) { sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(), - fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(), + fd)); + return SECFailure; } ssl_GetSSL3HandshakeLock(ss); @@ -1355,55 +1395,52 @@ SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback, return SECSuccess; } -/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when +/* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when * SSL_SetNextProtoNego is used. */ static SECStatus ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd, - const unsigned char *protos, unsigned int protos_len, - unsigned char *protoOut, unsigned int *protoOutLen, - unsigned int protoMaxLen) + const unsigned char *protos, unsigned int protos_len, + unsigned char *protoOut, unsigned int *protoOutLen, + unsigned int protoMaxLen) { unsigned int i, j; const unsigned char *result; sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback", - SSL_GETPID(), fd)); - return SECFailure; - } - - if (protos_len == 0) { - /* The server supports the extension, but doesn't have any protocols - * configured. In this case we request our favoured protocol. */ - goto pick_first; + SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback", + SSL_GETPID(), fd)); + return SECFailure; } /* For each protocol in server preference, see if we support it. */ for (i = 0; i < protos_len; ) { - for (j = 0; j < ss->opt.nextProtoNego.len; ) { - if (protos[i] == ss->opt.nextProtoNego.data[j] && - PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1], - protos[i]) == 0) { - /* We found a match. */ - ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED; - result = &protos[i]; - goto found; - } - j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j]; - } - i += 1 + (unsigned int)protos[i]; - } - -pick_first: + for (j = 0; j < ss->opt.nextProtoNego.len; ) { + if (protos[i] == ss->opt.nextProtoNego.data[j] && + PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1], + protos[i]) == 0) { + /* We found a match. */ + ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED; + result = &protos[i]; + goto found; + } + j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j]; + } + i += 1 + (unsigned int)protos[i]; + } + + /* The other side supports the extension, and either doesn't have any + * protocols configured, or none of its options match ours. In this case we + * request our favoured protocol. */ + /* This will be treated as a failure for ALPN. */ ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP; result = ss->opt.nextProtoNego.data; found: if (protoMaxLen < result[0]) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; } memcpy(protoOut, result + 1, result[0]); *protoOutLen = result[0]; @@ -1412,7 +1449,7 @@ found: SECStatus SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data, - unsigned int length) + unsigned int length) { sslSocket *ss; SECStatus rv; @@ -1420,13 +1457,13 @@ SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data, ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", + SSL_GETPID(), fd)); + return SECFailure; } if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess) - return SECFailure; + return SECFailure; ssl_GetSSL3HandshakeLock(ss); SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); @@ -1434,87 +1471,87 @@ SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data, ssl_ReleaseSSL3HandshakeLock(ss); if (rv != SECSuccess) - return rv; + return rv; return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL); } SECStatus SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf, - unsigned int *bufLen, unsigned int bufLenMax) + unsigned int *bufLen, unsigned int bufLenMax) { sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(), - fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(), + fd)); + return SECFailure; } if (!state || !buf || !bufLen) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } *state = ss->ssl3.nextProtoState; if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT && - ss->ssl3.nextProto.data) { - if (ss->ssl3.nextProto.len > bufLenMax) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } - PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); - *bufLen = ss->ssl3.nextProto.len; + ss->ssl3.nextProto.data) { + if (ss->ssl3.nextProto.len > bufLenMax) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); + *bufLen = ss->ssl3.nextProto.len; } else { - *bufLen = 0; + *bufLen = 0; } return SECSuccess; } SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd, - const PRUint16 *ciphers, - unsigned int numCiphers) + const PRUint16 *ciphers, + unsigned int numCiphers) { sslSocket *ss; unsigned int i; ss = ssl_FindSocket(fd); if (!ss || !IS_DTLS(ss)) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers", - SSL_GETPID(), fd)); - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers", + SSL_GETPID(), fd)); + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } ss->ssl3.dtlsSRTPCipherCount = 0; for (i = 0; i < numCiphers; i++) { - const PRUint16 *srtpCipher = srtpCiphers; - - while (*srtpCipher) { - if (ciphers[i] == *srtpCipher) - break; - srtpCipher++; - } - if (*srtpCipher) { - ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] = - ciphers[i]; - } else { - SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher " - "suite specified: 0x%04hx", SSL_GETPID(), fd, - ciphers[i])); - } + const PRUint16 *srtpCipher = srtpCiphers; + + while (*srtpCipher) { + if (ciphers[i] == *srtpCipher) + break; + srtpCipher++; + } + if (*srtpCipher) { + ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] = + ciphers[i]; + } else { + SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher " + "suite specified: 0x%04hx", SSL_GETPID(), fd, + ciphers[i])); + } } if (ss->ssl3.dtlsSRTPCipherCount == 0) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SECSuccess; @@ -1527,15 +1564,15 @@ SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher) ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher", - SSL_GETPID(), fd)); - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher", + SSL_GETPID(), fd)); + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (!ss->ssl3.dtlsSRTPCipherSuite) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } *cipher = ss->ssl3.dtlsSRTPCipherSuite; @@ -1556,7 +1593,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) } sm = ssl_FindSocket(model); if (sm == NULL) { - SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD", + SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD", SSL_GETPID(), model)); return NULL; } @@ -1566,7 +1603,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } - + ss->opt = sm->opt; ss->vrange = sm->vrange; PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites); @@ -1595,15 +1632,15 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) sc->serverCertChain = CERT_DupCertList(mc->serverCertChain); if (!sc->serverCertChain) goto loser; - if (sm->certStatusArray[i]) { - if (ss->certStatusArray[i]) { - SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); - ss->certStatusArray[i] = NULL; - } - ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]); - if (!ss->certStatusArray[i]) - goto loser; - } + if (sm->certStatusArray[i]) { + if (ss->certStatusArray[i]) { + SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); + ss->certStatusArray[i] = NULL; + } + ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]); + if (!ss->certStatusArray[i]) + goto loser; + } } if (mc->serverKeyPair) { if (sc->serverKeyPair) { @@ -1636,7 +1673,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) goto loser; } } - + if (sm->authCertificate) ss->authCertificate = sm->authCertificate; if (sm->authCertificateArg) @@ -1666,19 +1703,19 @@ loser: PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, - SSL3ProtocolVersion version) + SSL3ProtocolVersion version) { switch (protocolVariant) { case ssl_variant_stream: - return (version >= SSL_LIBRARY_VERSION_3_0 && - version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); + return (version >= SSL_LIBRARY_VERSION_3_0 && + version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); case ssl_variant_datagram: - return (version >= SSL_LIBRARY_VERSION_TLS_1_1 && - version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); + return (version >= SSL_LIBRARY_VERSION_TLS_1_1 && + version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); default: - /* Can't get here */ - PORT_Assert(PR_FALSE); - return PR_FALSE; + /* Can't get here */ + PORT_Assert(PR_FALSE); + return PR_FALSE; } } @@ -1687,35 +1724,35 @@ ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, */ static PRBool ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant, - const SSLVersionRange *vrange) + const SSLVersionRange *vrange) { return vrange && - vrange->min <= vrange->max && - ssl3_VersionIsSupported(protocolVariant, vrange->min) && - ssl3_VersionIsSupported(protocolVariant, vrange->max); + vrange->min <= vrange->max && + ssl3_VersionIsSupported(protocolVariant, vrange->min) && + ssl3_VersionIsSupported(protocolVariant, vrange->max); } SECStatus SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant, - SSLVersionRange *vrange) + SSLVersionRange *vrange) { if (!vrange) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } switch (protocolVariant) { case ssl_variant_stream: - vrange->min = SSL_LIBRARY_VERSION_3_0; - vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; - break; + vrange->min = SSL_LIBRARY_VERSION_3_0; + vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; + break; case ssl_variant_datagram: - vrange->min = SSL_LIBRARY_VERSION_TLS_1_1; - vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; - break; + vrange->min = SSL_LIBRARY_VERSION_TLS_1_1; + vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; + break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SECSuccess; @@ -1723,12 +1760,12 @@ SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant, SECStatus SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant, - SSLVersionRange *vrange) + SSLVersionRange *vrange) { if ((protocolVariant != ssl_variant_stream && - protocolVariant != ssl_variant_datagram) || !vrange) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + protocolVariant != ssl_variant_datagram) || !vrange) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } *vrange = *VERSIONS_DEFAULTS(protocolVariant); @@ -1738,11 +1775,11 @@ SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant, SECStatus SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant, - const SSLVersionRange *vrange) + const SSLVersionRange *vrange) { if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) { - PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); - return SECFailure; + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); + return SECFailure; } *VERSIONS_DEFAULTS(protocolVariant) = *vrange; @@ -1756,14 +1793,14 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange) sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet", + SSL_GETPID(), fd)); + return SECFailure; } if (!vrange) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } ssl_Get1stHandshakeLock(ss); @@ -1783,14 +1820,14 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet", + SSL_GETPID(), fd)); + return SECFailure; } if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) { - PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); - return SECFailure; + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); + return SECFailure; } ssl_Get1stHandshakeLock(ss); @@ -1819,7 +1856,7 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd) PORT_SetError(SEC_ERROR_NOT_INITIALIZED); return NULL; } - + return &ss->sec.ci.sid->peerCertStatus; } @@ -1832,15 +1869,15 @@ static PRFileDesc * PR_CALLBACK ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout) { sslSocket *ss; - sslSocket *ns = NULL; - PRFileDesc *newfd = NULL; + sslSocket *ns = NULL; + PRFileDesc *newfd = NULL; PRFileDesc *osfd; PRStatus status; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd)); - return NULL; + SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd)); + return NULL; } /* IF this is a listen socket, there shouldn't be any I/O going on */ @@ -1856,46 +1893,46 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout) /* First accept connection */ newfd = osfd->methods->accept(osfd, sockaddr, timeout); if (newfd == NULL) { - SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d", - SSL_GETPID(), ss->fd, PORT_GetError())); + SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d", + SSL_GETPID(), ss->fd, PORT_GetError())); } else { - /* Create ssl module */ - ns = ssl_DupSocket(ss); + /* Create ssl module */ + ns = ssl_DupSocket(ss); } ssl_ReleaseSSL3HandshakeLock(ss); ssl_Release1stHandshakeLock(ss); SSL_UNLOCK_WRITER(ss); - SSL_UNLOCK_READER(ss); /* ss isn't used below here. */ + SSL_UNLOCK_READER(ss); /* ss isn't used below here. */ if (ns == NULL) - goto loser; + goto loser; /* push ssl module onto the new socket */ status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER); if (status != PR_SUCCESS) - goto loser; + goto loser; /* Now start server connection handshake with client. ** Don't need locks here because nobody else has a reference to ns yet. */ if ( ns->opt.useSecurity ) { - if ( ns->opt.handshakeAsClient ) { - ns->handshake = ssl2_BeginClientHandshake; - ss->handshaking = sslHandshakingAsClient; - } else { - ns->handshake = ssl2_BeginServerHandshake; - ss->handshaking = sslHandshakingAsServer; - } + if ( ns->opt.handshakeAsClient ) { + ns->handshake = ssl2_BeginClientHandshake; + ss->handshaking = sslHandshakingAsClient; + } else { + ns->handshake = ssl2_BeginServerHandshake; + ss->handshaking = sslHandshakingAsServer; + } } ns->TCPconnected = 1; return newfd; loser: if (ns != NULL) - ssl_FreeSocket(ns); + ssl_FreeSocket(ns); if (newfd != NULL) - PR_Close(newfd); + PR_Close(newfd); return NULL; } @@ -1907,8 +1944,8 @@ ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd)); + return PR_FAILURE; } /* IF this is a listen socket, there shouldn't be any I/O going on */ @@ -1931,8 +1968,8 @@ ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr) PRStatus rv; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd)); + return PR_FAILURE; } SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); @@ -1951,8 +1988,8 @@ ssl_Listen(PRFileDesc *fd, PRIntn backlog) PRStatus rv; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd)); + return PR_FAILURE; } SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); @@ -1971,23 +2008,23 @@ ssl_Shutdown(PRFileDesc *fd, PRIntn how) PRStatus rv; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd)); + return PR_FAILURE; } if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) { - SSL_LOCK_READER(ss); + SSL_LOCK_READER(ss); } if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) { - SSL_LOCK_WRITER(ss); + SSL_LOCK_WRITER(ss); } rv = (PRStatus)(*ss->ops->shutdown)(ss, how); if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) { - SSL_UNLOCK_WRITER(ss); + SSL_UNLOCK_WRITER(ss); } if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) { - SSL_UNLOCK_READER(ss); + SSL_UNLOCK_READER(ss); } return rv; } @@ -2000,16 +2037,16 @@ ssl_Close(PRFileDesc *fd) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd)); + return PR_FAILURE; } /* There must not be any I/O going on */ SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); - /* By the time this function returns, - ** ss is an invalid pointer, and the locks to which it points have + /* By the time this function returns, + ** ss is an invalid pointer, and the locks to which it points have ** been unlocked and freed. So, this is the ONE PLACE in all of SSL ** where the LOCK calls and the corresponding UNLOCK calls are not in ** the same function scope. The unlock calls are in ssl_FreeSocket(). @@ -2021,20 +2058,20 @@ ssl_Close(PRFileDesc *fd) static int PR_CALLBACK ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags, - PRIntervalTime timeout) + PRIntervalTime timeout) { sslSocket *ss; int rv; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_READER(ss); ss->rTimeout = timeout; if (!ss->opt.fdx) - ss->wTimeout = timeout; + ss->wTimeout = timeout; rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags); SSL_UNLOCK_READER(ss); return rv; @@ -2042,20 +2079,20 @@ ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags, static int PR_CALLBACK ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags, - PRIntervalTime timeout) + PRIntervalTime timeout) { sslSocket *ss; int rv; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_WRITER(ss); ss->wTimeout = timeout; if (!ss->opt.fdx) - ss->rTimeout = timeout; + ss->rTimeout = timeout; rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags); SSL_UNLOCK_WRITER(ss); return rv; @@ -2069,13 +2106,13 @@ ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_READER(ss); ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; if (!ss->opt.fdx) - ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; rv = (*ss->ops->read)(ss, (unsigned char*)buf, len); SSL_UNLOCK_READER(ss); return rv; @@ -2089,13 +2126,13 @@ ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_WRITER(ss); ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; if (!ss->opt.fdx) - ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len); SSL_UNLOCK_WRITER(ss); return rv; @@ -2108,8 +2145,8 @@ ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd)); + return PR_FAILURE; } return (PRStatus)(*ss->ops->getpeername)(ss, addr); } @@ -2128,18 +2165,18 @@ ssl_GetPeerInfo(sslSocket *ss) PORT_Memset(&sin, 0, sizeof(sin)); rv = osfd->methods->getpeername(osfd, &sin); if (rv < 0) { - return SECFailure; + return SECFailure; } ss->TCPconnected = 1; if (sin.inet.family == PR_AF_INET) { PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer); - ss->sec.ci.port = sin.inet.port; + ss->sec.ci.port = sin.inet.port; } else if (sin.ipv6.family == PR_AF_INET6) { - ss->sec.ci.peer = sin.ipv6.ip; - ss->sec.ci.port = sin.ipv6.port; + ss->sec.ci.peer = sin.ipv6.ip; + ss->sec.ci.port = sin.ipv6.port; } else { - PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR); - return SECFailure; + PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR); + return SECFailure; } return SECSuccess; } @@ -2151,29 +2188,29 @@ ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd)); + return PR_FAILURE; } return (PRStatus)(*ss->ops->getsockname)(ss, name); } SECStatus SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses, - SSLKEAType kea) + SSLKEAType kea) { sslSocket *ss; ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses", + SSL_GETPID(), fd)); + return SECFailure; } if ( kea <= 0 || kea >= kt_kea_size) { - SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses", + SSL_GETPID(), fd)); + return SECFailure; } if (ss->certStatusArray[kea]) { @@ -2181,7 +2218,7 @@ SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses, ss->certStatusArray[kea] = NULL; } if (responses) { - ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses); + ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses); } return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure; } @@ -2193,17 +2230,17 @@ SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID) ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID", + SSL_GETPID(), fd)); + return SECFailure; } if (ss->peerID) { - PORT_Free(ss->peerID); - ss->peerID = NULL; + PORT_Free(ss->peerID); + ss->peerID = NULL; } if (peerID) - ss->peerID = PORT_Strdup(peerID); + ss->peerID = PORT_Strdup(peerID); return (ss->peerID || !peerID) ? SECSuccess : SECFailure; } @@ -2213,117 +2250,117 @@ static PRInt16 PR_CALLBACK ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) { sslSocket *ss; - PRInt16 new_flags = how_flags; /* should select on these flags. */ + PRInt16 new_flags = how_flags; /* should select on these flags. */ PRNetAddr addr; *p_out_flags = 0; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll", - SSL_GETPID(), fd)); - return 0; /* don't poll on this socket */ + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll", + SSL_GETPID(), fd)); + return 0; /* don't poll on this socket */ } - if (ss->opt.useSecurity && - ss->handshaking != sslHandshakingUndetermined && + if (ss->opt.useSecurity && + ss->handshaking != sslHandshakingUndetermined && !ss->firstHsDone && - (how_flags & PR_POLL_RW)) { - if (!ss->TCPconnected) { - ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr)); - } - /* If it's not connected, then presumably the application is polling - ** on read or write appropriately, so don't change it. - */ - if (ss->TCPconnected) { - if (!ss->handshakeBegun) { - /* If the handshake has not begun, poll on read or write - ** based on the local application's role in the handshake, - ** not based on what the application requested. - */ - new_flags &= ~PR_POLL_RW; - if (ss->handshaking == sslHandshakingAsClient) { - new_flags |= PR_POLL_WRITE; - } else { /* handshaking as server */ - new_flags |= PR_POLL_READ; - } - } else - /* First handshake is in progress */ - if (ss->lastWriteBlocked) { - if (new_flags & PR_POLL_READ) { - /* The caller is waiting for data to be received, - ** but the initial handshake is blocked on write, or the - ** client's first handshake record has not been written. - ** The code should select on write, not read. - */ - new_flags ^= PR_POLL_READ; /* don't select on read. */ - new_flags |= PR_POLL_WRITE; /* do select on write. */ - } - } else if (new_flags & PR_POLL_WRITE) { - /* The caller is trying to write, but the handshake is - ** blocked waiting for data to read, and the first - ** handshake has been sent. So do NOT to poll on write - ** unless we did false start. - */ - if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 && - ss->ssl3.hs.canFalseStart)) { - new_flags ^= PR_POLL_WRITE; /* don't select on write. */ - } - new_flags |= PR_POLL_READ; /* do select on read. */ - } - } + (how_flags & PR_POLL_RW)) { + if (!ss->TCPconnected) { + ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr)); + } + /* If it's not connected, then presumably the application is polling + ** on read or write appropriately, so don't change it. + */ + if (ss->TCPconnected) { + if (!ss->handshakeBegun) { + /* If the handshake has not begun, poll on read or write + ** based on the local application's role in the handshake, + ** not based on what the application requested. + */ + new_flags &= ~PR_POLL_RW; + if (ss->handshaking == sslHandshakingAsClient) { + new_flags |= PR_POLL_WRITE; + } else { /* handshaking as server */ + new_flags |= PR_POLL_READ; + } + } else + /* First handshake is in progress */ + if (ss->lastWriteBlocked) { + if (new_flags & PR_POLL_READ) { + /* The caller is waiting for data to be received, + ** but the initial handshake is blocked on write, or the + ** client's first handshake record has not been written. + ** The code should select on write, not read. + */ + new_flags ^= PR_POLL_READ; /* don't select on read. */ + new_flags |= PR_POLL_WRITE; /* do select on write. */ + } + } else if (new_flags & PR_POLL_WRITE) { + /* The caller is trying to write, but the handshake is + ** blocked waiting for data to read, and the first + ** handshake has been sent. So do NOT to poll on write + ** unless we did false start. + */ + if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 && + ss->ssl3.hs.canFalseStart)) { + new_flags ^= PR_POLL_WRITE; /* don't select on write. */ + } + new_flags |= PR_POLL_READ; /* do select on read. */ + } + } } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) { - *p_out_flags = PR_POLL_READ; /* it's ready already. */ - return new_flags; + *p_out_flags = PR_POLL_READ; /* it's ready already. */ + return new_flags; } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) && - (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */ - new_flags |= PR_POLL_WRITE; /* also select on write. */ + (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */ + new_flags |= PR_POLL_WRITE; /* also select on write. */ } if (ss->version >= SSL_LIBRARY_VERSION_3_0 && - ss->ssl3.hs.restartTarget != NULL) { - /* Read and write will block until the asynchronous callback completes - * (e.g. until SSL_AuthCertificateComplete is called), so don't tell - * the caller to poll the socket unless there is pending write data. - */ - if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) { - /* Ignore any newly-received data on the socket, but do wait for - * the socket to become writable again. Here, it is OK for an error - * to be detected, because our logic for sending pending write data - * will allow us to report the error to the caller without the risk - * of the application spinning. - */ - new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT); - } else { - /* Unfortunately, clearing new_flags will make it impossible for - * the application to detect errors that it would otherwise be - * able to detect with PR_POLL_EXCEPT, until the asynchronous - * callback completes. However, we must clear all the flags to - * prevent the application from spinning (alternating between - * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv - * which won't actually report the I/O error while we are waiting - * for the asynchronous callback to complete). - */ - new_flags = 0; - } + ss->ssl3.hs.restartTarget != NULL) { + /* Read and write will block until the asynchronous callback completes + * (e.g. until SSL_AuthCertificateComplete is called), so don't tell + * the caller to poll the socket unless there is pending write data. + */ + if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) { + /* Ignore any newly-received data on the socket, but do wait for + * the socket to become writable again. Here, it is OK for an error + * to be detected, because our logic for sending pending write data + * will allow us to report the error to the caller without the risk + * of the application spinning. + */ + new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT); + } else { + /* Unfortunately, clearing new_flags will make it impossible for + * the application to detect errors that it would otherwise be + * able to detect with PR_POLL_EXCEPT, until the asynchronous + * callback completes. However, we must clear all the flags to + * prevent the application from spinning (alternating between + * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv + * which won't actually report the I/O error while we are waiting + * for the asynchronous callback to complete). + */ + new_flags = 0; + } } if (new_flags && (fd->lower->methods->poll != NULL)) { - PRInt16 lower_out_flags = 0; - PRInt16 lower_new_flags; - lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags, - &lower_out_flags); - if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) { - PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW; - if (lower_out_flags & PR_POLL_READ) - out_flags |= PR_POLL_WRITE; - if (lower_out_flags & PR_POLL_WRITE) - out_flags |= PR_POLL_READ; - *p_out_flags = out_flags; - new_flags = how_flags; - } else { - *p_out_flags = lower_out_flags; - new_flags = lower_new_flags; - } + PRInt16 lower_out_flags = 0; + PRInt16 lower_new_flags; + lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags, + &lower_out_flags); + if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) { + PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW; + if (lower_out_flags & PR_POLL_READ) + out_flags |= PR_POLL_WRITE; + if (lower_out_flags & PR_POLL_WRITE) + out_flags |= PR_POLL_READ; + *p_out_flags = out_flags; + new_flags = how_flags; + } else { + *p_out_flags = lower_out_flags; + new_flags = lower_new_flags; + } } return new_flags; @@ -2331,8 +2368,8 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) static PRInt32 PR_CALLBACK ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd, - const void *headers, PRInt32 hlen, - PRTransmitFileFlags flags, PRIntervalTime timeout) + const void *headers, PRInt32 hlen, + PRTransmitFileFlags flags, PRIntervalTime timeout) { PRSendFileData sfd; @@ -2358,7 +2395,7 @@ ssl_FdIsBlocking(PRFileDesc *fd) opt.value.non_blocking = PR_FALSE; status = PR_GetSocketOption(fd, &opt); if (status != PR_SUCCESS) - return PR_FALSE; + return PR_FALSE; return (PRBool)!opt.value.non_blocking; } @@ -2372,9 +2409,10 @@ PRInt32 sslFirstBufSize = 8 * 1024; PRInt32 sslCopyLimit = 1024; static PRInt32 PR_CALLBACK -ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, +ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, PRIntervalTime timeout) { + PRInt32 i; PRInt32 bufLen; PRInt32 left; PRInt32 rv; @@ -2382,12 +2420,22 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, const PRInt32 first_len = sslFirstBufSize; const PRInt32 limit = sslCopyLimit; PRBool blocking; - PRIOVec myIov = { 0, 0 }; + PRIOVec myIov = { 0, 0 }; char buf[MAX_FRAGMENT_LENGTH]; + if (vectors < 0) { + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); + return -1; + } if (vectors > PR_MAX_IOVECTOR_SIZE) { - PORT_SetError(PR_BUFFER_OVERFLOW_ERROR); - return -1; + PORT_SetError(PR_BUFFER_OVERFLOW_ERROR); + return -1; + } + for (i = 0; i < vectors; i++) { + if (iov[i].iov_len < 0) { + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); + return -1; + } } blocking = ssl_FdIsBlocking(fd); @@ -2396,105 +2444,105 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, #define GET_VECTOR do { myIov = *iov++; --vectors; KILL_VECTORS } while (0) #define HANDLE_ERR(rv, len) \ if (rv != len) { \ - if (rv < 0) { \ - if (!blocking \ - && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \ - && (sent > 0)) { \ - return sent; \ - } else { \ - return -1; \ - } \ - } \ - /* Only a nonblocking socket can have partial sends */ \ - PR_ASSERT(!blocking); \ - return sent + rv; \ - } + if (rv < 0) { \ + if (!blocking \ + && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \ + && (sent > 0)) { \ + return sent; \ + } else { \ + return -1; \ + } \ + } \ + /* Only a nonblocking socket can have partial sends */ \ + PR_ASSERT(!blocking); \ + return sent + rv; \ + } #define SEND(bfr, len) \ do { \ - rv = ssl_Send(fd, bfr, len, 0, timeout); \ - HANDLE_ERR(rv, len) \ - sent += len; \ + rv = ssl_Send(fd, bfr, len, 0, timeout); \ + HANDLE_ERR(rv, len) \ + sent += len; \ } while (0) /* Make sure the first write is at least 8 KB, if possible. */ KILL_VECTORS if (!vectors) - return ssl_Send(fd, 0, 0, 0, timeout); + return ssl_Send(fd, 0, 0, 0, timeout); GET_VECTOR; if (!vectors) { - return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout); + return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout); } if (myIov.iov_len < first_len) { - PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); - bufLen = myIov.iov_len; - left = first_len - bufLen; - while (vectors && left) { - int toCopy; - GET_VECTOR; - toCopy = PR_MIN(left, myIov.iov_len); - PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy); - bufLen += toCopy; - left -= toCopy; - myIov.iov_base += toCopy; - myIov.iov_len -= toCopy; - } - SEND( buf, bufLen ); + PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); + bufLen = myIov.iov_len; + left = first_len - bufLen; + while (vectors && left) { + int toCopy; + GET_VECTOR; + toCopy = PR_MIN(left, myIov.iov_len); + PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy); + bufLen += toCopy; + left -= toCopy; + myIov.iov_base += toCopy; + myIov.iov_len -= toCopy; + } + SEND( buf, bufLen ); } while (vectors || myIov.iov_len) { - PRInt32 addLen; - if (!myIov.iov_len) { - GET_VECTOR; - } - while (myIov.iov_len >= K16) { - SEND(myIov.iov_base, K16); - myIov.iov_base += K16; - myIov.iov_len -= K16; - } - if (!myIov.iov_len) - continue; - - if (!vectors || myIov.iov_len > limit) { - addLen = 0; - } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) { - /* Addlen is already computed. */; - } else if (vectors > 1 && - iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) { - addLen = limit - myIov.iov_len; - } else - addLen = 0; - - if (!addLen) { - SEND( myIov.iov_base, myIov.iov_len ); - myIov.iov_len = 0; - continue; - } - PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); - bufLen = myIov.iov_len; - do { - GET_VECTOR; - PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen); - myIov.iov_base += addLen; - myIov.iov_len -= addLen; - bufLen += addLen; - - left = PR_MIN( limit, K16 - bufLen); - if (!vectors /* no more left */ - || myIov.iov_len > 0 /* we didn't use that one all up */ - || bufLen >= K16 /* it's full. */ - ) { - addLen = 0; - } else if ((addLen = iov->iov_len % K16) <= left) { - /* Addlen is already computed. */; - } else if (vectors > 1 && - iov[1].iov_len % K16 + addLen <= left + limit) { - addLen = left; - } else - addLen = 0; - - } while (addLen); - SEND( buf, bufLen ); - } + PRInt32 addLen; + if (!myIov.iov_len) { + GET_VECTOR; + } + while (myIov.iov_len >= K16) { + SEND(myIov.iov_base, K16); + myIov.iov_base += K16; + myIov.iov_len -= K16; + } + if (!myIov.iov_len) + continue; + + if (!vectors || myIov.iov_len > limit) { + addLen = 0; + } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) { + /* Addlen is already computed. */; + } else if (vectors > 1 && + iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) { + addLen = limit - myIov.iov_len; + } else + addLen = 0; + + if (!addLen) { + SEND( myIov.iov_base, myIov.iov_len ); + myIov.iov_len = 0; + continue; + } + PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); + bufLen = myIov.iov_len; + do { + GET_VECTOR; + PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen); + myIov.iov_base += addLen; + myIov.iov_len -= addLen; + bufLen += addLen; + + left = PR_MIN( limit, K16 - bufLen); + if (!vectors /* no more left */ + || myIov.iov_len > 0 /* we didn't use that one all up */ + || bufLen >= K16 /* it's full. */ + ) { + addLen = 0; + } else if ((addLen = iov->iov_len % K16) <= left) { + /* Addlen is already computed. */; + } else if (vectors > 1 && + iov[1].iov_len % K16 + addLen <= left + limit) { + addLen = left; + } else + addLen = 0; + + } while (addLen); + SEND( buf, bufLen ); + } return sent; } @@ -2564,7 +2612,7 @@ ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info) static PRInt32 PR_CALLBACK ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags, - PRNetAddr *addr, PRIntervalTime timeout) + PRNetAddr *addr, PRIntervalTime timeout) { PORT_Assert(0); PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0); @@ -2573,7 +2621,7 @@ ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags, static PRInt32 PR_CALLBACK ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags, - const PRNetAddr *addr, PRIntervalTime timeout) + const PRNetAddr *addr, PRIntervalTime timeout) { PORT_Assert(0); PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0); @@ -2582,41 +2630,41 @@ ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags, static const PRIOMethods ssl_methods = { PR_DESC_LAYERED, - ssl_Close, /* close */ - ssl_Read, /* read */ - ssl_Write, /* write */ - ssl_Available, /* available */ - ssl_Available64, /* available64 */ - ssl_FSync, /* fsync */ - ssl_Seek, /* seek */ - ssl_Seek64, /* seek64 */ - ssl_FileInfo, /* fileInfo */ - ssl_FileInfo64, /* fileInfo64 */ - ssl_WriteV, /* writev */ - ssl_Connect, /* connect */ - ssl_Accept, /* accept */ - ssl_Bind, /* bind */ - ssl_Listen, /* listen */ - ssl_Shutdown, /* shutdown */ - ssl_Recv, /* recv */ - ssl_Send, /* send */ - ssl_RecvFrom, /* recvfrom */ - ssl_SendTo, /* sendto */ - ssl_Poll, /* poll */ + ssl_Close, /* close */ + ssl_Read, /* read */ + ssl_Write, /* write */ + ssl_Available, /* available */ + ssl_Available64, /* available64 */ + ssl_FSync, /* fsync */ + ssl_Seek, /* seek */ + ssl_Seek64, /* seek64 */ + ssl_FileInfo, /* fileInfo */ + ssl_FileInfo64, /* fileInfo64 */ + ssl_WriteV, /* writev */ + ssl_Connect, /* connect */ + ssl_Accept, /* accept */ + ssl_Bind, /* bind */ + ssl_Listen, /* listen */ + ssl_Shutdown, /* shutdown */ + ssl_Recv, /* recv */ + ssl_Send, /* send */ + ssl_RecvFrom, /* recvfrom */ + ssl_SendTo, /* sendto */ + ssl_Poll, /* poll */ PR_EmulateAcceptRead, /* acceptread */ ssl_TransmitFile, /* transmitfile */ - ssl_GetSockName, /* getsockname */ - ssl_GetPeerName, /* getpeername */ - NULL, /* getsockopt OBSOLETE */ - NULL, /* setsockopt OBSOLETE */ - NULL, /* getsocketoption */ - NULL, /* setsocketoption */ - PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/ - NULL, /* reserved for future use */ - NULL, /* reserved for future use */ - NULL, /* reserved for future use */ - NULL, /* reserved for future use */ - NULL /* reserved for future use */ + ssl_GetSockName, /* getsockname */ + ssl_GetPeerName, /* getpeername */ + NULL, /* getsockopt OBSOLETE */ + NULL, /* setsockopt OBSOLETE */ + NULL, /* getsocketoption */ + NULL, /* setsocketoption */ + PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/ + NULL, /* reserved for future use */ + NULL, /* reserved for future use */ + NULL, /* reserved for future use */ + NULL, /* reserved for future use */ + NULL /* reserved for future use */ }; @@ -2657,15 +2705,15 @@ ssl_SetupIOMethods(void) new_methods->transmitfile = my_methods->transmitfile; new_methods->getsockname = my_methods->getsockname; new_methods->getpeername = my_methods->getpeername; -/* new_methods->getsocketoption = my_methods->getsocketoption; */ -/* new_methods->setsocketoption = my_methods->setsocketoption; */ +/* new_methods->getsocketoption = my_methods->getsocketoption; */ +/* new_methods->setsocketoption = my_methods->setsocketoption; */ new_methods->sendfile = my_methods->sendfile; } static PRCallOnceType initIoLayerOnce; -static PRStatus +static PRStatus ssl_InitIOLayer(void) { ssl_layer_id = PR_GetUniqueIdentity("SSL"); @@ -2677,44 +2725,44 @@ ssl_InitIOLayer(void) static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id) { - PRFileDesc *layer = NULL; + PRFileDesc *layer = NULL; PRStatus status; if (!ssl_inited) { - status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer); - if (status != PR_SUCCESS) - goto loser; + status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer); + if (status != PR_SUCCESS) + goto loser; } if (ns == NULL) - goto loser; + goto loser; layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods); if (layer == NULL) - goto loser; + goto loser; layer->secret = (PRFilePrivate *)ns; /* Here, "stack" points to the PRFileDesc on the top of the stack. ** "layer" points to a new FD that is to be inserted into the stack. - ** If layer is being pushed onto the top of the stack, then + ** If layer is being pushed onto the top of the stack, then ** PR_PushIOLayer switches the contents of stack and layer, and then - ** puts stack on top of layer, so that after it is done, the top of - ** stack is the same "stack" as it was before, and layer is now the + ** puts stack on top of layer, so that after it is done, the top of + ** stack is the same "stack" as it was before, and layer is now the ** FD for the former top of stack. ** After this call, stack always points to the top PRFD on the stack. - ** If this function fails, the contents of stack and layer are as + ** If this function fails, the contents of stack and layer are as ** they were before the call. */ status = PR_PushIOLayer(stack, id, layer); if (status != PR_SUCCESS) - goto loser; + goto loser; ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer; return PR_SUCCESS; loser: if (layer) { - layer->dtor(layer); /* free layer */ + layer->dtor(layer); /* free layer */ } return PR_FAILURE; } @@ -2724,28 +2772,28 @@ static SECStatus ssl_MakeLocks(sslSocket *ss) { ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL); - if (!ss->firstHandshakeLock) - goto loser; + if (!ss->firstHandshakeLock) + goto loser; ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL); - if (!ss->ssl3HandshakeLock) - goto loser; + if (!ss->ssl3HandshakeLock) + goto loser; ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL); - if (!ss->specLock) - goto loser; + if (!ss->specLock) + goto loser; ss->recvBufLock = PZ_NewMonitor(nssILockSSL); - if (!ss->recvBufLock) - goto loser; + if (!ss->recvBufLock) + goto loser; ss->xmitBufLock = PZ_NewMonitor(nssILockSSL); - if (!ss->xmitBufLock) - goto loser; + if (!ss->xmitBufLock) + goto loser; ss->writerThread = NULL; if (ssl_lock_readers) { - ss->recvLock = PZ_NewLock(nssILockSSL); - if (!ss->recvLock) - goto loser; - ss->sendLock = PZ_NewLock(nssILockSSL); - if (!ss->sendLock) - goto loser; + ss->recvLock = PZ_NewLock(nssILockSSL); + if (!ss->recvLock) + goto loser; + ss->sendLock = PZ_NewLock(nssILockSSL); + if (!ss->sendLock) + goto loser; } return SECSuccess; loser: @@ -2766,81 +2814,81 @@ ssl_SetDefaultsFromEnvironment(void) static int firsttime = 1; if (firsttime) { - char * ev; - firsttime = 0; + char * ev; + firsttime = 0; #ifdef DEBUG - ev = getenv("SSLDEBUGFILE"); - if (ev && ev[0]) { - ssl_trace_iob = fopen(ev, "w"); - } - if (!ssl_trace_iob) { - ssl_trace_iob = stderr; - } + ev = getenv("SSLDEBUGFILE"); + if (ev && ev[0]) { + ssl_trace_iob = fopen(ev, "w"); + } + if (!ssl_trace_iob) { + ssl_trace_iob = stderr; + } #ifdef TRACE - ev = getenv("SSLTRACE"); - if (ev && ev[0]) { - ssl_trace = atoi(ev); - SSL_TRACE(("SSL: tracing set to %d", ssl_trace)); - } + ev = getenv("SSLTRACE"); + if (ev && ev[0]) { + ssl_trace = atoi(ev); + SSL_TRACE(("SSL: tracing set to %d", ssl_trace)); + } #endif /* TRACE */ - ev = getenv("SSLDEBUG"); - if (ev && ev[0]) { - ssl_debug = atoi(ev); - SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); - } + ev = getenv("SSLDEBUG"); + if (ev && ev[0]) { + ssl_debug = atoi(ev); + SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); + } #endif /* DEBUG */ - ev = getenv("SSLKEYLOGFILE"); - if (ev && ev[0]) { - ssl_keylog_iob = fopen(ev, "a"); - if (!ssl_keylog_iob) { - SSL_TRACE(("SSL: failed to open key log file")); - } else { - if (ftell(ssl_keylog_iob) == 0) { - fputs("# SSL/TLS secrets log file, generated by NSS\n", - ssl_keylog_iob); - } - SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev)); - } - } + ev = getenv("SSLKEYLOGFILE"); + if (ev && ev[0]) { + ssl_keylog_iob = fopen(ev, "a"); + if (!ssl_keylog_iob) { + SSL_TRACE(("SSL: failed to open key log file")); + } else { + if (ftell(ssl_keylog_iob) == 0) { + fputs("# SSL/TLS secrets log file, generated by NSS\n", + ssl_keylog_iob); + } + SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev)); + } + } #ifndef NO_PKCS11_BYPASS - ev = getenv("SSLBYPASS"); - if (ev && ev[0]) { - ssl_defaults.bypassPKCS11 = (ev[0] == '1'); - SSL_TRACE(("SSL: bypass default set to %d", \ - ssl_defaults.bypassPKCS11)); - } + ev = getenv("SSLBYPASS"); + if (ev && ev[0]) { + ssl_defaults.bypassPKCS11 = (ev[0] == '1'); + SSL_TRACE(("SSL: bypass default set to %d", \ + ssl_defaults.bypassPKCS11)); + } #endif /* NO_PKCS11_BYPASS */ - ev = getenv("SSLFORCELOCKS"); - if (ev && ev[0] == '1') { - ssl_force_locks = PR_TRUE; - ssl_defaults.noLocks = 0; - strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. "); - SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks)); - } - ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION"); - if (ev) { - if (ev[0] == '1' || LOWER(ev[0]) == 'u') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED; - else if (ev[0] == '0' || LOWER(ev[0]) == 'n') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER; - else if (ev[0] == '2' || LOWER(ev[0]) == 'r') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN; - else if (ev[0] == '3' || LOWER(ev[0]) == 't') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL; - SSL_TRACE(("SSL: enableRenegotiation set to %d", - ssl_defaults.enableRenegotiation)); - } - ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION"); - if (ev && ev[0] == '1') { - ssl_defaults.requireSafeNegotiation = PR_TRUE; - SSL_TRACE(("SSL: requireSafeNegotiation set to %d", - PR_TRUE)); - } - ev = getenv("NSS_SSL_CBC_RANDOM_IV"); - if (ev && ev[0] == '0') { - ssl_defaults.cbcRandomIV = PR_FALSE; - SSL_TRACE(("SSL: cbcRandomIV set to 0")); - } + ev = getenv("SSLFORCELOCKS"); + if (ev && ev[0] == '1') { + ssl_force_locks = PR_TRUE; + ssl_defaults.noLocks = 0; + strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. "); + SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks)); + } + ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION"); + if (ev) { + if (ev[0] == '1' || LOWER(ev[0]) == 'u') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED; + else if (ev[0] == '0' || LOWER(ev[0]) == 'n') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER; + else if (ev[0] == '2' || LOWER(ev[0]) == 'r') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN; + else if (ev[0] == '3' || LOWER(ev[0]) == 't') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL; + SSL_TRACE(("SSL: enableRenegotiation set to %d", + ssl_defaults.enableRenegotiation)); + } + ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION"); + if (ev && ev[0] == '1') { + ssl_defaults.requireSafeNegotiation = PR_TRUE; + SSL_TRACE(("SSL: requireSafeNegotiation set to %d", + PR_TRUE)); + } + ev = getenv("NSS_SSL_CBC_RANDOM_IV"); + if (ev && ev[0] == '0') { + ssl_defaults.cbcRandomIV = PR_FALSE; + SSL_TRACE(("SSL: cbcRandomIV set to 0")); + } } #endif /* NSS_HAVE_GETENV */ } @@ -2856,76 +2904,75 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant) ssl_SetDefaultsFromEnvironment(); if (ssl_force_locks) - makeLocks = PR_TRUE; + makeLocks = PR_TRUE; /* Make a new socket and get it ready */ ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket)); if (ss) { /* This should be of type SSLKEAType, but CC on IRIX - * complains during the for loop. - */ - int i; - SECStatus status; - - ss->opt = ssl_defaults; - ss->opt.useSocks = PR_FALSE; - ss->opt.noLocks = !makeLocks; - ss->vrange = *VERSIONS_DEFAULTS(protocolVariant); - ss->protocolVariant = protocolVariant; - - ss->peerID = NULL; - ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; - ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; - ss->cTimeout = PR_INTERVAL_NO_TIMEOUT; - ss->cipherSpecs = NULL; + * complains during the for loop. + */ + int i; + SECStatus status; + + ss->opt = ssl_defaults; + ss->opt.useSocks = PR_FALSE; + ss->opt.noLocks = !makeLocks; + ss->vrange = *VERSIONS_DEFAULTS(protocolVariant); + ss->protocolVariant = protocolVariant; + + ss->peerID = NULL; + ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->cTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->cipherSpecs = NULL; ss->sizeCipherSpecs = 0; /* produced lazily */ ss->preferredCipher = NULL; ss->url = NULL; - for (i=kt_null; i < kt_kea_size; i++) { - sslServerCerts * sc = ss->serverCerts + i; - sc->serverCert = NULL; - sc->serverCertChain = NULL; - sc->serverKeyPair = NULL; - sc->serverKeyBits = 0; - ss->certStatusArray[i] = NULL; - } - ss->stepDownKeyPair = NULL; - ss->dbHandle = CERT_GetDefaultCertDB(); - - /* Provide default implementation of hooks */ - ss->authCertificate = SSL_AuthCertificate; - ss->authCertificateArg = (void *)ss->dbHandle; + for (i=kt_null; i < kt_kea_size; i++) { + sslServerCerts * sc = ss->serverCerts + i; + sc->serverCert = NULL; + sc->serverCertChain = NULL; + sc->serverKeyPair = NULL; + sc->serverKeyBits = 0; + ss->certStatusArray[i] = NULL; + } + ss->stepDownKeyPair = NULL; + ss->dbHandle = CERT_GetDefaultCertDB(); + + /* Provide default implementation of hooks */ + ss->authCertificate = SSL_AuthCertificate; + ss->authCertificateArg = (void *)ss->dbHandle; ss->sniSocketConfig = NULL; ss->sniSocketConfigArg = NULL; - ss->getClientAuthData = NULL; - ss->handleBadCert = NULL; - ss->badCertArg = NULL; - ss->pkcs11PinArg = NULL; - ss->ephemeralECDHKeyPair = NULL; - - ssl_ChooseOps(ss); - ssl2_InitSocketPolicy(ss); - ssl3_InitSocketPolicy(ss); - PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); - - if (makeLocks) { - status = ssl_MakeLocks(ss); - if (status != SECSuccess) - goto loser; - } - status = ssl_CreateSecurityInfo(ss); - if (status != SECSuccess) - goto loser; - status = ssl_InitGather(&ss->gs); - if (status != SECSuccess) { + ss->getClientAuthData = NULL; + ss->handleBadCert = NULL; + ss->badCertArg = NULL; + ss->pkcs11PinArg = NULL; + ss->ephemeralECDHKeyPair = NULL; + + ssl_ChooseOps(ss); + ssl2_InitSocketPolicy(ss); + ssl3_InitSocketPolicy(ss); + PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); + + if (makeLocks) { + status = ssl_MakeLocks(ss); + if (status != SECSuccess) + goto loser; + } + status = ssl_CreateSecurityInfo(ss); + if (status != SECSuccess) + goto loser; + status = ssl_InitGather(&ss->gs); + if (status != SECSuccess) { loser: - ssl_DestroySocketContents(ss); - ssl_DestroyLocks(ss); - PORT_Free(ss); - ss = NULL; - } + ssl_DestroySocketContents(ss); + ssl_DestroyLocks(ss); + PORT_Free(ss); + ss = NULL; + } } return ss; } - diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index 6b93629..c22c820 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -181,17 +181,19 @@ typedef enum { typedef enum { ssl_server_name_xtn = 0, ssl_cert_status_xtn = 5, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ssl_elliptic_curves_xtn = 10, ssl_ec_point_formats_xtn = 11, #endif ssl_signature_algorithms_xtn = 13, ssl_use_srtp_xtn = 14, + ssl_app_layer_protocol_xtn = 16, + ssl_padding_xtn = 21, ssl_session_ticket_xtn = 35, ssl_next_proto_nego_xtn = 13172, ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ } SSLExtensionType; -#define SSL_MAX_EXTENSIONS 9 +#define SSL_MAX_EXTENSIONS 10 /* doesn't include ssl_padding_xtn. */ #endif /* __sslt_h_ */ diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 946daed..502b34e 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,10 +19,10 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]" */ -#define NSSUTIL_VERSION "3.15.4" +#define NSSUTIL_VERSION "3.16.2" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 15 -#define NSSUTIL_VPATCH 4 +#define NSSUTIL_VMINOR 16 +#define NSSUTIL_VPATCH 2 #define NSSUTIL_VBUILD 0 #define NSSUTIL_BETA PR_FALSE diff --git a/security/nss/lib/util/secdig.h b/security/nss/lib/util/secdig.h index 94ff39e..6f218ec 100644 --- a/security/nss/lib/util/secdig.h +++ b/security/nss/lib/util/secdig.h @@ -1,5 +1,5 @@ /* - * crypto.h - public data structures and prototypes for the crypto library + * secdig.h - public prototypes for digest-info functions * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/security/nss/lib/util/secdigt.h b/security/nss/lib/util/secdigt.h index 65ca22f..2414d79 100644 --- a/security/nss/lib/util/secdigt.h +++ b/security/nss/lib/util/secdigt.h @@ -1,5 +1,5 @@ /* - * secdigt.h - public data structures for digestinfos from the util lib. + * secdigt.h - public data structures for digest-info objects * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -23,6 +23,4 @@ struct SGNDigestInfoStr { }; typedef struct SGNDigestInfoStr SGNDigestInfo; - - #endif /* _SECDIGT_H_ */ diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h index 490daba..adca22a 100644 --- a/security/nss/lib/util/secerr.h +++ b/security/nss/lib/util/secerr.h @@ -7,211 +7,211 @@ #include "utilrename.h" -#define SEC_ERROR_BASE (-0x2000) -#define SEC_ERROR_LIMIT (SEC_ERROR_BASE + 1000) +#define SEC_ERROR_BASE (-0x2000) +#define SEC_ERROR_LIMIT (SEC_ERROR_BASE + 1000) #define IS_SEC_ERROR(code) \ (((code) >= SEC_ERROR_BASE) && ((code) < SEC_ERROR_LIMIT)) #ifndef NO_SECURITY_ERROR_ENUM typedef enum { -SEC_ERROR_IO = SEC_ERROR_BASE + 0, -SEC_ERROR_LIBRARY_FAILURE = SEC_ERROR_BASE + 1, -SEC_ERROR_BAD_DATA = SEC_ERROR_BASE + 2, -SEC_ERROR_OUTPUT_LEN = SEC_ERROR_BASE + 3, -SEC_ERROR_INPUT_LEN = SEC_ERROR_BASE + 4, -SEC_ERROR_INVALID_ARGS = SEC_ERROR_BASE + 5, -SEC_ERROR_INVALID_ALGORITHM = SEC_ERROR_BASE + 6, -SEC_ERROR_INVALID_AVA = SEC_ERROR_BASE + 7, -SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8, -SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9, -SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10, -SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11, -SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12, -SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13, -SEC_ERROR_BAD_KEY = SEC_ERROR_BASE + 14, -SEC_ERROR_BAD_PASSWORD = SEC_ERROR_BASE + 15, -SEC_ERROR_RETRY_PASSWORD = SEC_ERROR_BASE + 16, -SEC_ERROR_NO_NODELOCK = SEC_ERROR_BASE + 17, -SEC_ERROR_BAD_DATABASE = SEC_ERROR_BASE + 18, -SEC_ERROR_NO_MEMORY = SEC_ERROR_BASE + 19, -SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20, -SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21, -SEC_ERROR_DUPLICATE_CERT = (SEC_ERROR_BASE + 22), -SEC_ERROR_DUPLICATE_CERT_NAME = (SEC_ERROR_BASE + 23), -SEC_ERROR_ADDING_CERT = (SEC_ERROR_BASE + 24), -SEC_ERROR_FILING_KEY = (SEC_ERROR_BASE + 25), -SEC_ERROR_NO_KEY = (SEC_ERROR_BASE + 26), -SEC_ERROR_CERT_VALID = (SEC_ERROR_BASE + 27), -SEC_ERROR_CERT_NOT_VALID = (SEC_ERROR_BASE + 28), -SEC_ERROR_CERT_NO_RESPONSE = (SEC_ERROR_BASE + 29), -SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = (SEC_ERROR_BASE + 30), -SEC_ERROR_CRL_EXPIRED = (SEC_ERROR_BASE + 31), -SEC_ERROR_CRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 32), -SEC_ERROR_CRL_INVALID = (SEC_ERROR_BASE + 33), -SEC_ERROR_EXTENSION_VALUE_INVALID = (SEC_ERROR_BASE + 34), -SEC_ERROR_EXTENSION_NOT_FOUND = (SEC_ERROR_BASE + 35), -SEC_ERROR_CA_CERT_INVALID = (SEC_ERROR_BASE + 36), -SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID = (SEC_ERROR_BASE + 37), -SEC_ERROR_CERT_USAGES_INVALID = (SEC_ERROR_BASE + 38), -SEC_INTERNAL_ONLY = (SEC_ERROR_BASE + 39), -SEC_ERROR_INVALID_KEY = (SEC_ERROR_BASE + 40), -SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 41), -SEC_ERROR_OLD_CRL = (SEC_ERROR_BASE + 42), -SEC_ERROR_NO_EMAIL_CERT = (SEC_ERROR_BASE + 43), -SEC_ERROR_NO_RECIPIENT_CERTS_QUERY = (SEC_ERROR_BASE + 44), -SEC_ERROR_NOT_A_RECIPIENT = (SEC_ERROR_BASE + 45), -SEC_ERROR_PKCS7_KEYALG_MISMATCH = (SEC_ERROR_BASE + 46), -SEC_ERROR_PKCS7_BAD_SIGNATURE = (SEC_ERROR_BASE + 47), -SEC_ERROR_UNSUPPORTED_KEYALG = (SEC_ERROR_BASE + 48), -SEC_ERROR_DECRYPTION_DISALLOWED = (SEC_ERROR_BASE + 49), +SEC_ERROR_IO = SEC_ERROR_BASE + 0, +SEC_ERROR_LIBRARY_FAILURE = SEC_ERROR_BASE + 1, +SEC_ERROR_BAD_DATA = SEC_ERROR_BASE + 2, +SEC_ERROR_OUTPUT_LEN = SEC_ERROR_BASE + 3, +SEC_ERROR_INPUT_LEN = SEC_ERROR_BASE + 4, +SEC_ERROR_INVALID_ARGS = SEC_ERROR_BASE + 5, +SEC_ERROR_INVALID_ALGORITHM = SEC_ERROR_BASE + 6, +SEC_ERROR_INVALID_AVA = SEC_ERROR_BASE + 7, +SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8, +SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9, +SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10, +SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11, +SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12, +SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13, +SEC_ERROR_BAD_KEY = SEC_ERROR_BASE + 14, +SEC_ERROR_BAD_PASSWORD = SEC_ERROR_BASE + 15, +SEC_ERROR_RETRY_PASSWORD = SEC_ERROR_BASE + 16, +SEC_ERROR_NO_NODELOCK = SEC_ERROR_BASE + 17, +SEC_ERROR_BAD_DATABASE = SEC_ERROR_BASE + 18, +SEC_ERROR_NO_MEMORY = SEC_ERROR_BASE + 19, +SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20, +SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21, +SEC_ERROR_DUPLICATE_CERT = (SEC_ERROR_BASE + 22), +SEC_ERROR_DUPLICATE_CERT_NAME = (SEC_ERROR_BASE + 23), +SEC_ERROR_ADDING_CERT = (SEC_ERROR_BASE + 24), +SEC_ERROR_FILING_KEY = (SEC_ERROR_BASE + 25), +SEC_ERROR_NO_KEY = (SEC_ERROR_BASE + 26), +SEC_ERROR_CERT_VALID = (SEC_ERROR_BASE + 27), +SEC_ERROR_CERT_NOT_VALID = (SEC_ERROR_BASE + 28), +SEC_ERROR_CERT_NO_RESPONSE = (SEC_ERROR_BASE + 29), +SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = (SEC_ERROR_BASE + 30), +SEC_ERROR_CRL_EXPIRED = (SEC_ERROR_BASE + 31), +SEC_ERROR_CRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 32), +SEC_ERROR_CRL_INVALID = (SEC_ERROR_BASE + 33), +SEC_ERROR_EXTENSION_VALUE_INVALID = (SEC_ERROR_BASE + 34), +SEC_ERROR_EXTENSION_NOT_FOUND = (SEC_ERROR_BASE + 35), +SEC_ERROR_CA_CERT_INVALID = (SEC_ERROR_BASE + 36), +SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID = (SEC_ERROR_BASE + 37), +SEC_ERROR_CERT_USAGES_INVALID = (SEC_ERROR_BASE + 38), +SEC_INTERNAL_ONLY = (SEC_ERROR_BASE + 39), +SEC_ERROR_INVALID_KEY = (SEC_ERROR_BASE + 40), +SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 41), +SEC_ERROR_OLD_CRL = (SEC_ERROR_BASE + 42), +SEC_ERROR_NO_EMAIL_CERT = (SEC_ERROR_BASE + 43), +SEC_ERROR_NO_RECIPIENT_CERTS_QUERY = (SEC_ERROR_BASE + 44), +SEC_ERROR_NOT_A_RECIPIENT = (SEC_ERROR_BASE + 45), +SEC_ERROR_PKCS7_KEYALG_MISMATCH = (SEC_ERROR_BASE + 46), +SEC_ERROR_PKCS7_BAD_SIGNATURE = (SEC_ERROR_BASE + 47), +SEC_ERROR_UNSUPPORTED_KEYALG = (SEC_ERROR_BASE + 48), +SEC_ERROR_DECRYPTION_DISALLOWED = (SEC_ERROR_BASE + 49), /* Fortezza Alerts */ -XP_SEC_FORTEZZA_BAD_CARD = (SEC_ERROR_BASE + 50), -XP_SEC_FORTEZZA_NO_CARD = (SEC_ERROR_BASE + 51), -XP_SEC_FORTEZZA_NONE_SELECTED = (SEC_ERROR_BASE + 52), -XP_SEC_FORTEZZA_MORE_INFO = (SEC_ERROR_BASE + 53), -XP_SEC_FORTEZZA_PERSON_NOT_FOUND = (SEC_ERROR_BASE + 54), -XP_SEC_FORTEZZA_NO_MORE_INFO = (SEC_ERROR_BASE + 55), -XP_SEC_FORTEZZA_BAD_PIN = (SEC_ERROR_BASE + 56), -XP_SEC_FORTEZZA_PERSON_ERROR = (SEC_ERROR_BASE + 57), -SEC_ERROR_NO_KRL = (SEC_ERROR_BASE + 58), -SEC_ERROR_KRL_EXPIRED = (SEC_ERROR_BASE + 59), -SEC_ERROR_KRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 60), -SEC_ERROR_REVOKED_KEY = (SEC_ERROR_BASE + 61), -SEC_ERROR_KRL_INVALID = (SEC_ERROR_BASE + 62), -SEC_ERROR_NEED_RANDOM = (SEC_ERROR_BASE + 63), -SEC_ERROR_NO_MODULE = (SEC_ERROR_BASE + 64), -SEC_ERROR_NO_TOKEN = (SEC_ERROR_BASE + 65), -SEC_ERROR_READ_ONLY = (SEC_ERROR_BASE + 66), -SEC_ERROR_NO_SLOT_SELECTED = (SEC_ERROR_BASE + 67), -SEC_ERROR_CERT_NICKNAME_COLLISION = (SEC_ERROR_BASE + 68), -SEC_ERROR_KEY_NICKNAME_COLLISION = (SEC_ERROR_BASE + 69), -SEC_ERROR_SAFE_NOT_CREATED = (SEC_ERROR_BASE + 70), -SEC_ERROR_BAGGAGE_NOT_CREATED = (SEC_ERROR_BASE + 71), -XP_JAVA_REMOVE_PRINCIPAL_ERROR = (SEC_ERROR_BASE + 72), -XP_JAVA_DELETE_PRIVILEGE_ERROR = (SEC_ERROR_BASE + 73), -XP_JAVA_CERT_NOT_EXISTS_ERROR = (SEC_ERROR_BASE + 74), -SEC_ERROR_BAD_EXPORT_ALGORITHM = (SEC_ERROR_BASE + 75), -SEC_ERROR_EXPORTING_CERTIFICATES = (SEC_ERROR_BASE + 76), -SEC_ERROR_IMPORTING_CERTIFICATES = (SEC_ERROR_BASE + 77), -SEC_ERROR_PKCS12_DECODING_PFX = (SEC_ERROR_BASE + 78), -SEC_ERROR_PKCS12_INVALID_MAC = (SEC_ERROR_BASE + 79), -SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM = (SEC_ERROR_BASE + 80), -SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE = (SEC_ERROR_BASE + 81), -SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE = (SEC_ERROR_BASE + 82), -SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM = (SEC_ERROR_BASE + 83), -SEC_ERROR_PKCS12_UNSUPPORTED_VERSION = (SEC_ERROR_BASE + 84), -SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT = (SEC_ERROR_BASE + 85), -SEC_ERROR_PKCS12_CERT_COLLISION = (SEC_ERROR_BASE + 86), -SEC_ERROR_USER_CANCELLED = (SEC_ERROR_BASE + 87), -SEC_ERROR_PKCS12_DUPLICATE_DATA = (SEC_ERROR_BASE + 88), -SEC_ERROR_MESSAGE_SEND_ABORTED = (SEC_ERROR_BASE + 89), -SEC_ERROR_INADEQUATE_KEY_USAGE = (SEC_ERROR_BASE + 90), -SEC_ERROR_INADEQUATE_CERT_TYPE = (SEC_ERROR_BASE + 91), -SEC_ERROR_CERT_ADDR_MISMATCH = (SEC_ERROR_BASE + 92), -SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY = (SEC_ERROR_BASE + 93), -SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN = (SEC_ERROR_BASE + 94), +XP_SEC_FORTEZZA_BAD_CARD = (SEC_ERROR_BASE + 50), +XP_SEC_FORTEZZA_NO_CARD = (SEC_ERROR_BASE + 51), +XP_SEC_FORTEZZA_NONE_SELECTED = (SEC_ERROR_BASE + 52), +XP_SEC_FORTEZZA_MORE_INFO = (SEC_ERROR_BASE + 53), +XP_SEC_FORTEZZA_PERSON_NOT_FOUND = (SEC_ERROR_BASE + 54), +XP_SEC_FORTEZZA_NO_MORE_INFO = (SEC_ERROR_BASE + 55), +XP_SEC_FORTEZZA_BAD_PIN = (SEC_ERROR_BASE + 56), +XP_SEC_FORTEZZA_PERSON_ERROR = (SEC_ERROR_BASE + 57), +SEC_ERROR_NO_KRL = (SEC_ERROR_BASE + 58), +SEC_ERROR_KRL_EXPIRED = (SEC_ERROR_BASE + 59), +SEC_ERROR_KRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 60), +SEC_ERROR_REVOKED_KEY = (SEC_ERROR_BASE + 61), +SEC_ERROR_KRL_INVALID = (SEC_ERROR_BASE + 62), +SEC_ERROR_NEED_RANDOM = (SEC_ERROR_BASE + 63), +SEC_ERROR_NO_MODULE = (SEC_ERROR_BASE + 64), +SEC_ERROR_NO_TOKEN = (SEC_ERROR_BASE + 65), +SEC_ERROR_READ_ONLY = (SEC_ERROR_BASE + 66), +SEC_ERROR_NO_SLOT_SELECTED = (SEC_ERROR_BASE + 67), +SEC_ERROR_CERT_NICKNAME_COLLISION = (SEC_ERROR_BASE + 68), +SEC_ERROR_KEY_NICKNAME_COLLISION = (SEC_ERROR_BASE + 69), +SEC_ERROR_SAFE_NOT_CREATED = (SEC_ERROR_BASE + 70), +SEC_ERROR_BAGGAGE_NOT_CREATED = (SEC_ERROR_BASE + 71), +XP_JAVA_REMOVE_PRINCIPAL_ERROR = (SEC_ERROR_BASE + 72), +XP_JAVA_DELETE_PRIVILEGE_ERROR = (SEC_ERROR_BASE + 73), +XP_JAVA_CERT_NOT_EXISTS_ERROR = (SEC_ERROR_BASE + 74), +SEC_ERROR_BAD_EXPORT_ALGORITHM = (SEC_ERROR_BASE + 75), +SEC_ERROR_EXPORTING_CERTIFICATES = (SEC_ERROR_BASE + 76), +SEC_ERROR_IMPORTING_CERTIFICATES = (SEC_ERROR_BASE + 77), +SEC_ERROR_PKCS12_DECODING_PFX = (SEC_ERROR_BASE + 78), +SEC_ERROR_PKCS12_INVALID_MAC = (SEC_ERROR_BASE + 79), +SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM = (SEC_ERROR_BASE + 80), +SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE = (SEC_ERROR_BASE + 81), +SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE = (SEC_ERROR_BASE + 82), +SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM = (SEC_ERROR_BASE + 83), +SEC_ERROR_PKCS12_UNSUPPORTED_VERSION = (SEC_ERROR_BASE + 84), +SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT = (SEC_ERROR_BASE + 85), +SEC_ERROR_PKCS12_CERT_COLLISION = (SEC_ERROR_BASE + 86), +SEC_ERROR_USER_CANCELLED = (SEC_ERROR_BASE + 87), +SEC_ERROR_PKCS12_DUPLICATE_DATA = (SEC_ERROR_BASE + 88), +SEC_ERROR_MESSAGE_SEND_ABORTED = (SEC_ERROR_BASE + 89), +SEC_ERROR_INADEQUATE_KEY_USAGE = (SEC_ERROR_BASE + 90), +SEC_ERROR_INADEQUATE_CERT_TYPE = (SEC_ERROR_BASE + 91), +SEC_ERROR_CERT_ADDR_MISMATCH = (SEC_ERROR_BASE + 92), +SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY = (SEC_ERROR_BASE + 93), +SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN = (SEC_ERROR_BASE + 94), SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME = (SEC_ERROR_BASE + 95), -SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY = (SEC_ERROR_BASE + 96), -SEC_ERROR_PKCS12_UNABLE_TO_WRITE = (SEC_ERROR_BASE + 97), -SEC_ERROR_PKCS12_UNABLE_TO_READ = (SEC_ERROR_BASE + 98), -SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED = (SEC_ERROR_BASE + 99), -SEC_ERROR_KEYGEN_FAIL = (SEC_ERROR_BASE + 100), -SEC_ERROR_INVALID_PASSWORD = (SEC_ERROR_BASE + 101), -SEC_ERROR_RETRY_OLD_PASSWORD = (SEC_ERROR_BASE + 102), -SEC_ERROR_BAD_NICKNAME = (SEC_ERROR_BASE + 103), -SEC_ERROR_NOT_FORTEZZA_ISSUER = (SEC_ERROR_BASE + 104), +SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY = (SEC_ERROR_BASE + 96), +SEC_ERROR_PKCS12_UNABLE_TO_WRITE = (SEC_ERROR_BASE + 97), +SEC_ERROR_PKCS12_UNABLE_TO_READ = (SEC_ERROR_BASE + 98), +SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED = (SEC_ERROR_BASE + 99), +SEC_ERROR_KEYGEN_FAIL = (SEC_ERROR_BASE + 100), +SEC_ERROR_INVALID_PASSWORD = (SEC_ERROR_BASE + 101), +SEC_ERROR_RETRY_OLD_PASSWORD = (SEC_ERROR_BASE + 102), +SEC_ERROR_BAD_NICKNAME = (SEC_ERROR_BASE + 103), +SEC_ERROR_NOT_FORTEZZA_ISSUER = (SEC_ERROR_BASE + 104), SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY = (SEC_ERROR_BASE + 105), -SEC_ERROR_JS_INVALID_MODULE_NAME = (SEC_ERROR_BASE + 106), -SEC_ERROR_JS_INVALID_DLL = (SEC_ERROR_BASE + 107), -SEC_ERROR_JS_ADD_MOD_FAILURE = (SEC_ERROR_BASE + 108), -SEC_ERROR_JS_DEL_MOD_FAILURE = (SEC_ERROR_BASE + 109), -SEC_ERROR_OLD_KRL = (SEC_ERROR_BASE + 110), -SEC_ERROR_CKL_CONFLICT = (SEC_ERROR_BASE + 111), -SEC_ERROR_CERT_NOT_IN_NAME_SPACE = (SEC_ERROR_BASE + 112), -SEC_ERROR_KRL_NOT_YET_VALID = (SEC_ERROR_BASE + 113), -SEC_ERROR_CRL_NOT_YET_VALID = (SEC_ERROR_BASE + 114), -SEC_ERROR_UNKNOWN_CERT = (SEC_ERROR_BASE + 115), -SEC_ERROR_UNKNOWN_SIGNER = (SEC_ERROR_BASE + 116), -SEC_ERROR_CERT_BAD_ACCESS_LOCATION = (SEC_ERROR_BASE + 117), -SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE = (SEC_ERROR_BASE + 118), -SEC_ERROR_OCSP_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 119), -SEC_ERROR_OCSP_MALFORMED_REQUEST = (SEC_ERROR_BASE + 120), -SEC_ERROR_OCSP_SERVER_ERROR = (SEC_ERROR_BASE + 121), -SEC_ERROR_OCSP_TRY_SERVER_LATER = (SEC_ERROR_BASE + 122), -SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = (SEC_ERROR_BASE + 123), -SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = (SEC_ERROR_BASE + 124), -SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS = (SEC_ERROR_BASE + 125), -SEC_ERROR_OCSP_UNKNOWN_CERT = (SEC_ERROR_BASE + 126), -SEC_ERROR_OCSP_NOT_ENABLED = (SEC_ERROR_BASE + 127), -SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER = (SEC_ERROR_BASE + 128), -SEC_ERROR_OCSP_MALFORMED_RESPONSE = (SEC_ERROR_BASE + 129), -SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = (SEC_ERROR_BASE + 130), -SEC_ERROR_OCSP_FUTURE_RESPONSE = (SEC_ERROR_BASE + 131), -SEC_ERROR_OCSP_OLD_RESPONSE = (SEC_ERROR_BASE + 132), +SEC_ERROR_JS_INVALID_MODULE_NAME = (SEC_ERROR_BASE + 106), +SEC_ERROR_JS_INVALID_DLL = (SEC_ERROR_BASE + 107), +SEC_ERROR_JS_ADD_MOD_FAILURE = (SEC_ERROR_BASE + 108), +SEC_ERROR_JS_DEL_MOD_FAILURE = (SEC_ERROR_BASE + 109), +SEC_ERROR_OLD_KRL = (SEC_ERROR_BASE + 110), +SEC_ERROR_CKL_CONFLICT = (SEC_ERROR_BASE + 111), +SEC_ERROR_CERT_NOT_IN_NAME_SPACE = (SEC_ERROR_BASE + 112), +SEC_ERROR_KRL_NOT_YET_VALID = (SEC_ERROR_BASE + 113), +SEC_ERROR_CRL_NOT_YET_VALID = (SEC_ERROR_BASE + 114), +SEC_ERROR_UNKNOWN_CERT = (SEC_ERROR_BASE + 115), +SEC_ERROR_UNKNOWN_SIGNER = (SEC_ERROR_BASE + 116), +SEC_ERROR_CERT_BAD_ACCESS_LOCATION = (SEC_ERROR_BASE + 117), +SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE = (SEC_ERROR_BASE + 118), +SEC_ERROR_OCSP_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 119), +SEC_ERROR_OCSP_MALFORMED_REQUEST = (SEC_ERROR_BASE + 120), +SEC_ERROR_OCSP_SERVER_ERROR = (SEC_ERROR_BASE + 121), +SEC_ERROR_OCSP_TRY_SERVER_LATER = (SEC_ERROR_BASE + 122), +SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = (SEC_ERROR_BASE + 123), +SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = (SEC_ERROR_BASE + 124), +SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS = (SEC_ERROR_BASE + 125), +SEC_ERROR_OCSP_UNKNOWN_CERT = (SEC_ERROR_BASE + 126), +SEC_ERROR_OCSP_NOT_ENABLED = (SEC_ERROR_BASE + 127), +SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER = (SEC_ERROR_BASE + 128), +SEC_ERROR_OCSP_MALFORMED_RESPONSE = (SEC_ERROR_BASE + 129), +SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = (SEC_ERROR_BASE + 130), +SEC_ERROR_OCSP_FUTURE_RESPONSE = (SEC_ERROR_BASE + 131), +SEC_ERROR_OCSP_OLD_RESPONSE = (SEC_ERROR_BASE + 132), /* smime stuff */ -SEC_ERROR_DIGEST_NOT_FOUND = (SEC_ERROR_BASE + 133), -SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = (SEC_ERROR_BASE + 134), -SEC_ERROR_MODULE_STUCK = (SEC_ERROR_BASE + 135), -SEC_ERROR_BAD_TEMPLATE = (SEC_ERROR_BASE + 136), -SEC_ERROR_CRL_NOT_FOUND = (SEC_ERROR_BASE + 137), +SEC_ERROR_DIGEST_NOT_FOUND = (SEC_ERROR_BASE + 133), +SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = (SEC_ERROR_BASE + 134), +SEC_ERROR_MODULE_STUCK = (SEC_ERROR_BASE + 135), +SEC_ERROR_BAD_TEMPLATE = (SEC_ERROR_BASE + 136), +SEC_ERROR_CRL_NOT_FOUND = (SEC_ERROR_BASE + 137), SEC_ERROR_REUSED_ISSUER_AND_SERIAL = (SEC_ERROR_BASE + 138), SEC_ERROR_BUSY = (SEC_ERROR_BASE + 139), SEC_ERROR_EXTRA_INPUT = (SEC_ERROR_BASE + 140), /* error codes used by elliptic curve code */ -SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = (SEC_ERROR_BASE + 141), -SEC_ERROR_UNSUPPORTED_EC_POINT_FORM = (SEC_ERROR_BASE + 142), -SEC_ERROR_UNRECOGNIZED_OID = (SEC_ERROR_BASE + 143), -SEC_ERROR_OCSP_INVALID_SIGNING_CERT = (SEC_ERROR_BASE + 144), +SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = (SEC_ERROR_BASE + 141), +SEC_ERROR_UNSUPPORTED_EC_POINT_FORM = (SEC_ERROR_BASE + 142), +SEC_ERROR_UNRECOGNIZED_OID = (SEC_ERROR_BASE + 143), +SEC_ERROR_OCSP_INVALID_SIGNING_CERT = (SEC_ERROR_BASE + 144), /* new revocation errors */ -SEC_ERROR_REVOKED_CERTIFICATE_CRL = (SEC_ERROR_BASE + 145), -SEC_ERROR_REVOKED_CERTIFICATE_OCSP = (SEC_ERROR_BASE + 146), -SEC_ERROR_CRL_INVALID_VERSION = (SEC_ERROR_BASE + 147), -SEC_ERROR_CRL_V1_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 148), -SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 149), -SEC_ERROR_UNKNOWN_OBJECT_TYPE = (SEC_ERROR_BASE + 150), -SEC_ERROR_INCOMPATIBLE_PKCS11 = (SEC_ERROR_BASE + 151), -SEC_ERROR_NO_EVENT = (SEC_ERROR_BASE + 152), -SEC_ERROR_CRL_ALREADY_EXISTS = (SEC_ERROR_BASE + 153), -SEC_ERROR_NOT_INITIALIZED = (SEC_ERROR_BASE + 154), -SEC_ERROR_TOKEN_NOT_LOGGED_IN = (SEC_ERROR_BASE + 155), -SEC_ERROR_OCSP_RESPONDER_CERT_INVALID = (SEC_ERROR_BASE + 156), -SEC_ERROR_OCSP_BAD_SIGNATURE = (SEC_ERROR_BASE + 157), - -SEC_ERROR_OUT_OF_SEARCH_LIMITS = (SEC_ERROR_BASE + 158), -SEC_ERROR_INVALID_POLICY_MAPPING = (SEC_ERROR_BASE + 159), -SEC_ERROR_POLICY_VALIDATION_FAILED = (SEC_ERROR_BASE + 160), +SEC_ERROR_REVOKED_CERTIFICATE_CRL = (SEC_ERROR_BASE + 145), +SEC_ERROR_REVOKED_CERTIFICATE_OCSP = (SEC_ERROR_BASE + 146), +SEC_ERROR_CRL_INVALID_VERSION = (SEC_ERROR_BASE + 147), +SEC_ERROR_CRL_V1_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 148), +SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 149), +SEC_ERROR_UNKNOWN_OBJECT_TYPE = (SEC_ERROR_BASE + 150), +SEC_ERROR_INCOMPATIBLE_PKCS11 = (SEC_ERROR_BASE + 151), +SEC_ERROR_NO_EVENT = (SEC_ERROR_BASE + 152), +SEC_ERROR_CRL_ALREADY_EXISTS = (SEC_ERROR_BASE + 153), +SEC_ERROR_NOT_INITIALIZED = (SEC_ERROR_BASE + 154), +SEC_ERROR_TOKEN_NOT_LOGGED_IN = (SEC_ERROR_BASE + 155), +SEC_ERROR_OCSP_RESPONDER_CERT_INVALID = (SEC_ERROR_BASE + 156), +SEC_ERROR_OCSP_BAD_SIGNATURE = (SEC_ERROR_BASE + 157), + +SEC_ERROR_OUT_OF_SEARCH_LIMITS = (SEC_ERROR_BASE + 158), +SEC_ERROR_INVALID_POLICY_MAPPING = (SEC_ERROR_BASE + 159), +SEC_ERROR_POLICY_VALIDATION_FAILED = (SEC_ERROR_BASE + 160), /* No longer used. Unknown AIA location types are now silently ignored. */ -SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE = (SEC_ERROR_BASE + 161), -SEC_ERROR_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 162), -SEC_ERROR_BAD_LDAP_RESPONSE = (SEC_ERROR_BASE + 163), -SEC_ERROR_FAILED_TO_ENCODE_DATA = (SEC_ERROR_BASE + 164), -SEC_ERROR_BAD_INFO_ACCESS_LOCATION = (SEC_ERROR_BASE + 165), +SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE = (SEC_ERROR_BASE + 161), +SEC_ERROR_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 162), +SEC_ERROR_BAD_LDAP_RESPONSE = (SEC_ERROR_BASE + 163), +SEC_ERROR_FAILED_TO_ENCODE_DATA = (SEC_ERROR_BASE + 164), +SEC_ERROR_BAD_INFO_ACCESS_LOCATION = (SEC_ERROR_BASE + 165), -SEC_ERROR_LIBPKIX_INTERNAL = (SEC_ERROR_BASE + 166), +SEC_ERROR_LIBPKIX_INTERNAL = (SEC_ERROR_BASE + 166), -SEC_ERROR_PKCS11_GENERAL_ERROR = (SEC_ERROR_BASE + 167), -SEC_ERROR_PKCS11_FUNCTION_FAILED = (SEC_ERROR_BASE + 168), -SEC_ERROR_PKCS11_DEVICE_ERROR = (SEC_ERROR_BASE + 169), +SEC_ERROR_PKCS11_GENERAL_ERROR = (SEC_ERROR_BASE + 167), +SEC_ERROR_PKCS11_FUNCTION_FAILED = (SEC_ERROR_BASE + 168), +SEC_ERROR_PKCS11_DEVICE_ERROR = (SEC_ERROR_BASE + 169), -SEC_ERROR_BAD_INFO_ACCESS_METHOD = (SEC_ERROR_BASE + 170), -SEC_ERROR_CRL_IMPORT_FAILED = (SEC_ERROR_BASE + 171), +SEC_ERROR_BAD_INFO_ACCESS_METHOD = (SEC_ERROR_BASE + 170), +SEC_ERROR_CRL_IMPORT_FAILED = (SEC_ERROR_BASE + 171), -SEC_ERROR_EXPIRED_PASSWORD = (SEC_ERROR_BASE + 172), -SEC_ERROR_LOCKED_PASSWORD = (SEC_ERROR_BASE + 173), +SEC_ERROR_EXPIRED_PASSWORD = (SEC_ERROR_BASE + 172), +SEC_ERROR_LOCKED_PASSWORD = (SEC_ERROR_BASE + 173), -SEC_ERROR_UNKNOWN_PKCS11_ERROR = (SEC_ERROR_BASE + 174), +SEC_ERROR_UNKNOWN_PKCS11_ERROR = (SEC_ERROR_BASE + 174), -SEC_ERROR_BAD_CRL_DP_URL = (SEC_ERROR_BASE + 175), +SEC_ERROR_BAD_CRL_DP_URL = (SEC_ERROR_BASE + 175), -SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 176), +SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 176), -SEC_ERROR_LEGACY_DATABASE = (SEC_ERROR_BASE + 177), +SEC_ERROR_LEGACY_DATABASE = (SEC_ERROR_BASE + 177), -SEC_ERROR_APPLICATION_CALLBACK_ERROR = (SEC_ERROR_BASE + 178), +SEC_ERROR_APPLICATION_CALLBACK_ERROR = (SEC_ERROR_BASE + 178), /* Add new error codes above here. */ -SEC_ERROR_END_OF_LIST +SEC_ERROR_END_OF_LIST } SECErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/util/utilmod.c b/security/nss/lib/util/utilmod.c index e68d950..0f5970f 100644 --- a/security/nss/lib/util/utilmod.c +++ b/security/nss/lib/util/utilmod.c @@ -21,9 +21,37 @@ #include "secport.h" #include "utilpars.h" #include "secerr.h" + #if defined (_WIN32) #include <io.h> #endif +#ifdef XP_UNIX +#include <unistd.h> +#endif + +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +#if defined (_WIN32) +#define os_open _open +#define os_fdopen _fdopen +#define os_stat _stat +#define os_truncate_open_flags _O_CREAT|_O_RDWR|_O_TRUNC +#define os_append_open_flags _O_CREAT|_O_RDWR|_O_APPEND +#define os_open_permissions_type int +#define os_open_permissions_default _S_IREAD | _S_IWRITE +#define os_stat_type struct _stat +#else +#define os_open open +#define os_fdopen fdopen +#define os_stat stat +#define os_truncate_open_flags O_CREAT|O_RDWR|O_TRUNC +#define os_append_open_flags O_CREAT|O_RDWR|O_APPEND +#define os_open_permissions_type mode_t +#define os_open_permissions_default 0600 +#define os_stat_type struct stat +#endif /**************************************************************** * @@ -132,27 +160,26 @@ char *_NSSUTIL_GetOldSecmodName(const char *dbname,const char *filename) return file; } -static SECStatus nssutil_AddSecmodDB(const char *appName, - const char *filename, const char *dbname, - char *module, PRBool rw); +static SECStatus nssutil_AddSecmodDBEntry(const char *appName, + const char *filename, + const char *dbname, + char *module, PRBool rw); -#ifdef XP_UNIX -#include <unistd.h> -#endif -#include <fcntl.h> +enum lfopen_mode { lfopen_truncate, lfopen_append }; -/* same as fopen, except it doesn't use umask, but explicit */ FILE * -lfopen(const char *name, const char *mode, int flags) +lfopen(const char *name, enum lfopen_mode om, os_open_permissions_type open_perms) { int fd; FILE *file; - fd = open(name, flags, 0600); + fd = os_open(name, + (om == lfopen_truncate) ? os_truncate_open_flags : os_append_open_flags, + open_perms); if (fd < 0) { return NULL; } - file = fdopen(fd, mode); + file = os_fdopen(fd, (om == lfopen_truncate) ? "w+" : "a+"); if (!file) { close(fd); } @@ -416,7 +443,7 @@ loser: fclose(fd); } else if (!failed && rw) { /* update our internal module */ - nssutil_AddSecmodDB(appName,filename,dbname,moduleList[0],rw); + nssutil_AddSecmodDBEntry(appName, filename, dbname, moduleList[0], rw); } return moduleList; } @@ -437,11 +464,15 @@ nssutil_ReleaseSecmodDBData(const char *appName, * Delete a module from the Data Base */ static SECStatus -nssutil_DeleteSecmodDB(const char *appName, - const char *filename, const char *dbname, - char *args, PRBool rw) +nssutil_DeleteSecmodDBEntry(const char *appName, + const char *filename, + const char *dbname, + char *args, + PRBool rw) { /* SHDB_FIXME implement */ + os_stat_type stat_existing; + os_open_permissions_type file_mode; FILE *fd = NULL; FILE *fd2 = NULL; char line[MAX_LINE_LENGTH]; @@ -467,10 +498,19 @@ nssutil_DeleteSecmodDB(const char *appName, if (dbname2 == NULL) goto loser; dbname2[strlen(dbname)-1]++; + /* get the permissions of the existing file, or use the default */ + if (!os_stat(dbname, &stat_existing)) { + file_mode = stat_existing.st_mode; + } else { + file_mode = os_open_permissions_default; + } + /* do we really want to use streams here */ fd = fopen(dbname, "r"); if (fd == NULL) goto loser; - fd2 = lfopen(dbname2, "w+", O_CREAT|O_RDWR|O_TRUNC); + + fd2 = lfopen(dbname2, lfopen_truncate, file_mode); + if (fd2 == NULL) goto loser; name = NSSUTIL_ArgGetParamValue("name",args); @@ -566,10 +606,12 @@ loser: * Add a module to the Data base */ static SECStatus -nssutil_AddSecmodDB(const char *appName, - const char *filename, const char *dbname, - char *module, PRBool rw) +nssutil_AddSecmodDBEntry(const char *appName, + const char *filename, const char *dbname, + char *module, PRBool rw) { + os_stat_type stat_existing; + os_open_permissions_type file_mode; FILE *fd = NULL; char *block = NULL; PRBool libFound = PR_FALSE; @@ -586,10 +628,16 @@ nssutil_AddSecmodDB(const char *appName, } /* remove the previous version if it exists */ - (void) nssutil_DeleteSecmodDB(appName, filename, - dbname, module, rw); + (void) nssutil_DeleteSecmodDBEntry(appName, filename, dbname, module, rw); + + /* get the permissions of the existing file, or use the default */ + if (!os_stat(dbname, &stat_existing)) { + file_mode = stat_existing.st_mode; + } else { + file_mode = os_open_permissions_default; + } - fd = lfopen(dbname, "a+", O_CREAT|O_RDWR|O_APPEND); + fd = lfopen(dbname, lfopen_append, file_mode); if (fd == NULL) { return SECFailure; } @@ -665,16 +713,19 @@ NSSUTIL_DoModuleDBFunction(unsigned long function,char *parameters, void *args) secmod,(char *)parameters,rw); break; case SECMOD_MODULE_DB_FUNCTION_ADD: - rvstr = (nssutil_AddSecmodDB(appName,filename, - secmod,(char *)args,rw) == SECSuccess) ? &success: NULL; + rvstr = (nssutil_AddSecmodDBEntry(appName, filename, + secmod, (char *)args, rw) + == SECSuccess) ? &success: NULL; break; case SECMOD_MODULE_DB_FUNCTION_DEL: - rvstr = (nssutil_DeleteSecmodDB(appName,filename, - secmod,(char *)args,rw) == SECSuccess) ? &success: NULL; + rvstr = (nssutil_DeleteSecmodDBEntry(appName, filename, + secmod, (char *)args, rw) + == SECSuccess) ? &success: NULL; break; case SECMOD_MODULE_DB_FUNCTION_RELEASE: - rvstr = (nssutil_ReleaseSecmodDBData(appName,filename, - secmod, (char **)args,rw) == SECSuccess) ? &success: NULL; + rvstr = (nssutil_ReleaseSecmodDBData(appName, filename, + secmod, (char **)args, rw) + == SECSuccess) ? &success: NULL; break; } done: diff --git a/security/nss/lib/util/utilmodt.h b/security/nss/lib/util/utilmodt.h index 825e59f..6adc5fb 100644 --- a/security/nss/lib/util/utilmodt.h +++ b/security/nss/lib/util/utilmodt.h @@ -23,10 +23,11 @@ #define SECMOD_SSL_FLAG 0x00000800L #define SECMOD_TLS_FLAG 0x00001000L #define SECMOD_AES_FLAG 0x00002000L -#define SECMOD_SHA256_FLAG 0x00004000L +#define SECMOD_SHA256_FLAG 0x00004000L /* also for SHA224 */ #define SECMOD_SHA512_FLAG 0x00008000L /* also for SHA384 */ #define SECMOD_CAMELLIA_FLAG 0x00010000L /* = PUBLIC_MECH_CAMELLIA_FLAG */ #define SECMOD_SEED_FLAG 0x00020000L +#define SECMOD_ECC_FLAG 0x00040000L /* reserved bit for future, do not use */ #define SECMOD_RESERVED_FLAG 0X08000000L #define SECMOD_FRIENDLY_FLAG 0x10000000L diff --git a/security/nss/lib/zlib/config.mk b/security/nss/lib/zlib/config.mk index 0091d01..696be5d 100644 --- a/security/nss/lib/zlib/config.mk +++ b/security/nss/lib/zlib/config.mk @@ -14,3 +14,7 @@ IMPORT_LIBRARY = PROGRAM = EXTRA_LIBS = $(LIBRARY) + +ifeq ($(OS_TARGET),Linux) +DEFINES += -DHAVE_UNISTD_H +endif diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index ee10852..c0d2ba9 100755 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -59,7 +59,7 @@ # # Optional environment variables to enable specific NSS features: # --------------------------------------------------------------- -# NSS_ENABLE_ECC - enable ECC +# NSS_DISABLE_ECC - disable ECC # NSS_ECC_MORE_THAN_SUITE_B - enable extended ECC # # Optional environment variables to select which cycles/suites to test: @@ -299,9 +299,15 @@ fi # created, we check for modutil to know whether the build # is complete. If a new file is created after that, the # following test for modutil should check for that instead. +# Exception: when building softoken only, shlibsign is the +# last file created. +if [ ${NSS_BUILD_SOFTOKEN_ONLY} -eq "1" ]; then + LAST_FILE_BUILT=shlibsign +else + LAST_FILE_BUILT=modutil +fi -if [ ! -f ${DIST}/${OBJDIR}/bin/modutil -a \ - ! -f ${DIST}/${OBJDIR}/bin/modutil.exe ]; then +if [ ! -f ${DIST}/${OBJDIR}/bin/${LAST_FILE_BUILT}${PROG_SUFFIX} ]; then echo "Build Incomplete. Aborting test." >> ${LOGFILE} html_head "Testing Initialization" Exit "Checking for build" diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh index b710b68..1a23c19 100755 --- a/security/nss/tests/cert/cert.sh +++ b/security/nss/tests/cert/cert.sh @@ -46,7 +46,7 @@ cert_init() fi SCRIPTNAME="cert.sh" CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"` - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then html_head "Certutil and Crlutil Tests with ECC" else html_head "Certutil and Crlutil Tests" @@ -292,7 +292,7 @@ cert_create_cert() return $RET fi - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Import EC Root CA for $CERTNAME" certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \ -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1 @@ -340,7 +340,7 @@ cert_add_cert() # # Generate and add EC cert # - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CURVE="secp384r1" CU_ACTION="Generate EC Cert Request for $CERTNAME" CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec(a)bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" @@ -430,7 +430,7 @@ cert_all_CA() # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last # in the chain - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Create EC version of TestCA CA_CURVE="secp521r1" @@ -671,7 +671,7 @@ cert_smime_client() certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \ -i ${R_EVEDIR}/Eve.cert 2>&1 - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Importing EC Certificates ==============================" CU_ACTION="Import Bob's EC cert into Alice's db" certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \ @@ -742,7 +742,7 @@ cert_extended_ssl() certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \ -i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1 - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Repeat the above for EC certs # @@ -830,7 +830,7 @@ cert_extended_ssl() certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \ -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1 - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Repeat the above for EC certs # @@ -920,7 +920,7 @@ cert_ssl() cert_add_cert CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC" certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC" certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" fi @@ -940,8 +940,8 @@ cert_ssl() fi echo "$SCRIPTNAME: Creating database for OCSP stapling tests ===============" - echo "cp -rv ${SERVERDIR} ${STAPLINGDIR}" - cp -rv ${R_SERVERDIR} ${R_STAPLINGDIR} + echo "cp -r ${SERVERDIR} ${STAPLINGDIR}" + cp -r ${R_SERVERDIR} ${R_STAPLINGDIR} pk12u -o ${R_STAPLINGDIR}/ca.p12 -n TestCA -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_CADIR} pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR} } @@ -1028,7 +1028,7 @@ cert_eccurves() { ################# Creating Certs for EC curves test ######################## # - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Creating Server CA Issued Certificate for " echo " EC Curves Test Certificates ------------------------------------" @@ -1088,7 +1088,7 @@ cert_eccurves() fi done - fi # if NSS_ENABLE_ECC=1 + fi # $NSS_DISABLE_ECC } ########################### cert_extensions_test ############################# @@ -1176,6 +1176,201 @@ cert_extensions() done < ${QADIR}/cert/certext.txt } +cert_make_with_param() +{ + DIRPASS="$1" + CERTNAME="$2" + MAKE="$3" + SUBJ="$4" + EXTRA="$5" + EXPECT="$6" + TESTNAME="$7" + + echo certutil ${DIRPASS} -s "${SUBJ}" ${MAKE} ${CERTNAME} ${EXTRA} + ${BINDIR}/certutil ${DIRPASS} -s "${SUBJ}" ${MAKE} ${CERTNAME} ${EXTRA} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + # if we expected failure to create, then delete unexpected certificate + if [ "${EXPECT}" -ne 0 ]; then + ${BINDIR}/certutil ${DIRPASS} -D ${CERTNAME} + fi + + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - ${EXTRA}" + cert_log "ERROR: ${TESTNAME} - ${EXTRA} failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_list_and_count_dns() +{ + DIRPASS="$1" + CERTNAME="$2" + EXPECT="$3" + EXPECTCOUNT="$4" + TESTNAME="$5" + + echo certutil ${DIRPASS} -L ${CERTNAME} + ${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - list and count" + cert_log "ERROR: ${TESTNAME} - list and count failed" + return 1 + fi + + LISTCOUNT=`${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} | grep -wc DNS` + if [ "${LISTCOUNT}" -ne "${EXPECTCOUNT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - list and count" + cert_log "ERROR: ${TESTNAME} - list and count failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_dump_ext_to_file() +{ + DIRPASS="$1" + CERTNAME="$2" + OID="$3" + OUTFILE="$4" + EXPECT="$5" + TESTNAME="$6" + + echo certutil ${DIRPASS} -L ${CERTNAME} --dump-ext-val ${OID} + echo "writing output to ${OUTFILE}" + ${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} --dump-ext-val ${OID} > ${OUTFILE} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - dump to file" + cert_log "ERROR: ${TESTNAME} - dump to file failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_delete() +{ + DIRPASS="$1" + CERTNAME="$2" + EXPECT="$3" + TESTNAME="$4" + + echo certutil ${DIRPASS} -D ${CERTNAME} + ${BINDIR}/certutil ${DIRPASS} -D ${CERTNAME} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - delete cert" + cert_log "ERROR: ${TESTNAME} - delete cert failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_inc_count() +{ + COUNT=`expr ${COUNT} + 1` +} + +############################## cert_crl_ssl ############################ +# test adding subject-alt-name, dumping, and adding generic extension +######################################################################## +cert_san_and_generic_extensions() +{ + EXTDUMP=${CERT_EXTENSIONS_DIR}/sanext.der + + DIR="-d ${CERT_EXTENSIONS_DIR} -f ${R_PWFILE}" + CERTNAME="-n WithSAN" + MAKE="-S -t ,, -x -z ${R_NOISE_FILE}" + SUBJ="CN=example.com" + + TESTNAME="san-and-generic-extensions" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extSAN example.com" 255 \ + "create cert with invalid SAN parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extSAN example.com,dns:www.example.com" 255 \ + "create cert with invalid SAN parameter" + + TN="create cert with valid SAN parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extSAN dns:example.com,dns:www.example.com" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 0 2 \ + "${TN}" + + cert_inc_count + cert_dump_ext_to_file "${DIR}" "${CERTNAME}" "2.5.29.17" "${EXTDUMP}" 0 \ + "dump extension 2.5.29.17 to file ${EXTDUMP}" + + cert_inc_count + cert_delete "${DIR}" "${CERTNAME}" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 255 0 \ + "expect failure to list cert, because we deleted it" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric ${EXTDUMP}" 255 \ + "create cert with invalid generic ext parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric not-critical:${EXTDUMP}" 255 \ + "create cert with invalid generic ext parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric not-critical:${EXTDUMP},2.5.29.17:critical:${EXTDUMP}" 255 \ + "create cert with invalid generic ext parameter" + + TN="create cert with valid generic ext parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric 2.5.29.17:not-critical:${EXTDUMP}" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 0 2 \ + "${TN}" + + cert_inc_count + cert_delete "${DIR}" "${CERTNAME}" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 255 0 \ + "expect failure to list cert, because we deleted it" +} + ############################## cert_crl_ssl ############################ # local shell function to generate certs and crls for SSL tests ######################################################################## @@ -1227,7 +1422,7 @@ EOF_CRLINI CRL_GEN_RES=`expr $? + $CRL_GEN_RES` chmod 600 ${CRL_FILE_GRP_1}_or - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority" # Until Bug 292285 is resolved, do not encode x400 Addresses. After @@ -1260,7 +1455,7 @@ EOF_CRLINI CRL_GEN_RES=`expr $? + $CRL_GEN_RES` chmod 600 ${CRL_FILE_GRP_1}_or1 TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Modify CRL (ECC) by adding one more cert" crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \ -o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI @@ -1284,7 +1479,7 @@ rmcert ${UNREVOKED_CERT_GRP_1} EOF_CRLINI chmod 600 ${CRL_FILE_GRP_1} TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Modify CRL (ECC) by removing one cert" crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \ -i ${CRL_FILE_GRP_1}_or1-ec <<EOF_CRLINI @@ -1313,7 +1508,7 @@ rmcert ${UNREVOKED_CERT_GRP_2} EOF_CRLINI CRL_GEN_RES=`expr $? + $CRL_GEN_RES` chmod 600 ${CRL_FILE_GRP_2} - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Creating CRL (ECC) for groups 1 and 2" crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2}-ec \ -i ${CRL_FILE_GRP_1}-ec <<EOF_CRLINI @@ -1346,7 +1541,7 @@ addext crlNumber 0 2 EOF_CRLINI CRL_GEN_RES=`expr $? + $CRL_GEN_RES` chmod 600 ${CRL_FILE_GRP_3} - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Creating CRL (ECC) for groups 1, 2 and 3" crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3}-ec \ -i ${CRL_FILE_GRP_2}-ec <<EOF_CRLINI @@ -1366,7 +1561,7 @@ EOF_CRLINI crlu -D -n TestCA -f "${R_PWFILE}" -d "${R_SERVERDIR}" crlu -I -i ${CRL_FILE} -n "TestCA" -f "${R_PWFILE}" -d "${R_SERVERDIR}" CRL_GEN_RES=`expr $? + $CRL_GEN_RES` - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Importing CRL (ECC) for groups 1" crlu -D -n TestCA-ec -f "${R_PWFILE}" -d "${R_SERVERDIR}" crlu -I -i ${CRL_FILE}-ec -n "TestCA-ec" -f "${R_PWFILE}" \ @@ -1513,6 +1708,7 @@ if [ -z "$NSS_TEST_DISABLE_FIPS" ]; then fi cert_eccurves cert_extensions +cert_san_and_generic_extensions cert_test_password cert_test_distrust cert_test_ocspresp diff --git a/security/nss/tests/chains/scenarios/nameconstraints.cfg b/security/nss/tests/chains/scenarios/nameconstraints.cfg index 823e83d..d49e20e 100644 --- a/security/nss/tests/chains/scenarios/nameconstraints.cfg +++ b/security/nss/tests/chains/scenarios/nameconstraints.cfg @@ -7,16 +7,155 @@ scenario TrustAnchors db trustanchors import NameConstraints.ca:x:CT,C,C +import NameConstraints.ncca:x:CT,C,C +# Name Constrained CA: Name constrained to permited DNSName ".example" +import NameConstraints.dcisscopy:x:CT,C,C +# Intermediate 1: Name constrained to permited DNSName ".example" + +# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.invalid" +# altDNS: test.invalid +# Fail: CN not in name constraints, altDNS not in name constraints verify NameConstraints.server1:x cert NameConstraints.intermediate:x result fail +# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=another_test.invalid", no SAN +# Fail: CN not in name constraints verify NameConstraints.server2:x cert NameConstraints.intermediate:x result fail +# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.example" +# altDNS: test.example verify NameConstraints.server3:x cert NameConstraints.intermediate:x result pass +# Intermediate 2: No name constraints, signed by Intermediate 1 (inherits name constraints) + +# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.invalid" +# altDNS: test.invalid +# Fail: CN not in name constraints, altDNS not in name constraints +verify NameConstraints.server4:x + cert NameConstraints.intermediate2:x + cert NameConstraints.intermediate:x + result fail + +# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=another_test.invalid", no SAN +# Fail: CN not in name constraints +verify NameConstraints.server5:x + cert NameConstraints.intermediate2:x + cert NameConstraints.intermediate:x + result fail + +# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.example" +# altDNS: test.example +verify NameConstraints.server6:x + cert NameConstraints.intermediate2:x + cert NameConstraints.intermediate:x + result pass + +# Intermediate 3: Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=NSS Intermediate CA3" +# Name constrained to a permitted DirectoryName of "C=US, ST=CA, O=Foo" +# and a permitted DNSName of "foo.example" + +# Intermediate 4: Subject: "C=US, ST=CA, O=Foo, CN=NSS Intermediate CA 2" +# No name constraints present +# Signed by Intermediate 3 (inherits name constraints) + +# Subject: "C=US, ST=CA, O=Foo, OU=bar, CN=bat.foo.example", no SAN +verify NameConstraints.server7:x + cert NameConstraints.intermediate4:x + cert NameConstraints.intermediate3:x + result pass + +# Subject: "C=US, ST=CA, O=Foo, CN=bat.foo.example", no SAN +verify NameConstraints.server8:x + cert NameConstraints.intermediate4:x + cert NameConstraints.intermediate3:x + result pass + +# Subject: "C=US, O=Foo, CN=bat.foo.example", no SAN +# Fail: ST is missing in the DirectoryName, thus not matching name constraints +verify NameConstraints.server9:x + cert NameConstraints.intermediate4:x + cert NameConstraints.intermediate3:x + result fail + +# Subject: "C=US, ST=CA, O=Foo, CN=bar.example" +# Fail: CN not in name constraints +verify NameConstraints.server10:x + cert NameConstraints.intermediate4:x + cert NameConstraints.intermediate3:x + result fail + +# Subject: "C=US, ST=CA, O=Foo, CN=site.example" +# altDNS:foo.example +# Pass: Ignores CN constraint name violation because SAN is present +verify NameConstraints.server11:x + cert NameConstraints.intermediate4:x + cert NameConstraints.intermediate3:x + result pass + +# Subject: "C=US, ST=CA, O=Foo, CN=Honest Achmed" +# Fail: CN does not match DNS name constraints - even though is not 'DNS shaped' +verify NameConstraints.server12:x + cert NameConstraints.intermediate4:x + cert NameConstraints.intermediate3:x + result fail + +# Intermediate 5: Subject: "C=US, ST=CA, O=OtherOrg, CN=NSS Intermediate CA 2" +# No name constraints present +# Signed by Intermediate 3. +# Intermediate 5's subject is not in Intermediate 3's permitted +# names, so all certs issued by it are invalid. + +# Subject: "C=US, ST=CA, O=OtherOrg, CN=bat.foo.example" +# Fail: Org matches Intermediate 5's name constraints, but does not match +# Intermediate 3' name constraints +verify NameConstraints.server13:x + cert NameConstraints.intermediate5:x + cert NameConstraints.intermediate3:x + result fail + +# Subject: "C=US, ST=CA, O=Foo, CN=another.foo.example" +# Fail: Matches Intermediate 5's name constraints, but fails because +# Intermediate 5 does not match Intermediate 3's name constraints +verify NameConstraints.server14:x + cert NameConstraints.intermediate5:x + cert NameConstraints.intermediate3:x + result fail + +# Intermediate 6: Subject: "C=US, ST=CA, O=OtherOrg, CN=NSS Intermediate CA6" +# No name constraints present +# Signed by Named Constrained CA (inherits root name constraints) + +# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=testfoo.invalid" +# altDNS: testfoo.invalid +# Fail: CN not in name constraints, altDNS not in name constraints +verify NameConstraints.server15:x + cert NameConstraints.intermediate6:x + result fail + +# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=another_test3.invalid", no SAN +# Fail: CN not in name constraints +verify NameConstraints.server16:x + cert NameConstraints.intermediate6:x + result fail + +# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test4.example" +# altDNS: test4.example +verify NameConstraints.server17:x + cert NameConstraints.intermediate6:x + result pass + +# Subject: "C = US, ST=CA, O=Foo CN=foo.example.com" +verify NameConstraints.dcissblocked:x + result fail + +# Subject: "C = US, ST=CA, O=Foo CN=foo.example.fr" +verify NameConstraints.dcissallowed:x + result pass + + diff --git a/security/nss/tests/cipher/cipher.sh b/security/nss/tests/cipher/cipher.sh index a24af82..12e78e1 100755 --- a/security/nss/tests/cipher/cipher.sh +++ b/security/nss/tests/cipher/cipher.sh @@ -129,6 +129,12 @@ if [ ! -x ${DIST}/${OBJDIR}/bin/bltest${PROG_SUFFIX} ]; then return 0 fi cipher_init -cipher_main -cipher_gcm +# Skip cipher_main if this an NSS without softoken build. +if [ "${NSS_BUILD_WITHOUT_SOFTOKEN}" != "1" ]; then + cipher_main +fi +# Skip cipher_gcm if this is a softoken only build. +if [ "${NSS_BUILD_SOFTOKEN_ONLY}" != "1" ]; then + cipher_gcm +fi cipher_cleanup diff --git a/security/nss/tests/common/cleanup.sh b/security/nss/tests/common/cleanup.sh index 66f2c26..17a62bb 100755 --- a/security/nss/tests/common/cleanup.sh +++ b/security/nss/tests/common/cleanup.sh @@ -14,6 +14,9 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then echo "HOST=${HOST}" echo "DOMSUF=${DOMSUF}" echo "BUILD_OPT=${BUILD_OPT}" + if [ "${OS_ARCH}" = "Linux" ]; then + echo "USE_X32=${USE_X32}" + fi echo "USE_64=${USE_64}" echo "NSS_CYCLES=\"${NSS_CYCLES}\"" echo "NSS_TESTS=\"${NSS_TESTS}\"" diff --git a/security/nss/tests/libpkix/certs/NameConstraints.ca.cert b/security/nss/tests/libpkix/certs/NameConstraints.ca.cert index 9e859a0..6d2e846 100644 Binary files a/security/nss/tests/libpkix/certs/NameConstraints.ca.cert and b/security/nss/tests/libpkix/certs/NameConstraints.ca.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert b/security/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert new file mode 100644 index 0000000..539adcf Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert b/security/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert new file mode 100644 index 0000000..28f8491 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert b/security/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert new file mode 100644 index 0000000..a3fbd91 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate.cert index 6fe77d1..a310aa1 100644 Binary files a/security/nss/tests/libpkix/certs/NameConstraints.intermediate.cert and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert new file mode 100644 index 0000000..fc4b7c1 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert new file mode 100644 index 0000000..051e55e Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert new file mode 100644 index 0000000..6e7efd5 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert new file mode 100644 index 0000000..823eccc Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert new file mode 100644 index 0000000..a2f1705 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.ncca.cert b/security/nss/tests/libpkix/certs/NameConstraints.ncca.cert new file mode 100644 index 0000000..ecb24c7 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.ncca.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server1.cert b/security/nss/tests/libpkix/certs/NameConstraints.server1.cert index 23088d1..60e8a1c 100644 Binary files a/security/nss/tests/libpkix/certs/NameConstraints.server1.cert and b/security/nss/tests/libpkix/certs/NameConstraints.server1.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server10.cert b/security/nss/tests/libpkix/certs/NameConstraints.server10.cert new file mode 100644 index 0000000..21d9e87 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server10.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server11.cert b/security/nss/tests/libpkix/certs/NameConstraints.server11.cert new file mode 100644 index 0000000..c458c8c Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server11.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server12.cert b/security/nss/tests/libpkix/certs/NameConstraints.server12.cert new file mode 100644 index 0000000..1a4e6fe Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server12.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server13.cert b/security/nss/tests/libpkix/certs/NameConstraints.server13.cert new file mode 100644 index 0000000..8b7295f Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server13.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server14.cert b/security/nss/tests/libpkix/certs/NameConstraints.server14.cert new file mode 100644 index 0000000..8a989f9 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server14.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server15.cert b/security/nss/tests/libpkix/certs/NameConstraints.server15.cert new file mode 100644 index 0000000..69d057c Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server15.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server16.cert b/security/nss/tests/libpkix/certs/NameConstraints.server16.cert new file mode 100644 index 0000000..0b24d7a Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server16.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server17.cert b/security/nss/tests/libpkix/certs/NameConstraints.server17.cert new file mode 100644 index 0000000..2fc9437 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server17.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server2.cert b/security/nss/tests/libpkix/certs/NameConstraints.server2.cert index feac113..1c6e551 100644 Binary files a/security/nss/tests/libpkix/certs/NameConstraints.server2.cert and b/security/nss/tests/libpkix/certs/NameConstraints.server2.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server3.cert b/security/nss/tests/libpkix/certs/NameConstraints.server3.cert index 5e69183..bd93572 100644 Binary files a/security/nss/tests/libpkix/certs/NameConstraints.server3.cert and b/security/nss/tests/libpkix/certs/NameConstraints.server3.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server4.cert b/security/nss/tests/libpkix/certs/NameConstraints.server4.cert new file mode 100644 index 0000000..ca9d1b1 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server4.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server5.cert b/security/nss/tests/libpkix/certs/NameConstraints.server5.cert new file mode 100644 index 0000000..1798de7 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server5.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server6.cert b/security/nss/tests/libpkix/certs/NameConstraints.server6.cert new file mode 100644 index 0000000..5698f8e Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server6.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server7.cert b/security/nss/tests/libpkix/certs/NameConstraints.server7.cert new file mode 100644 index 0000000..3cf85d0 Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server7.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server8.cert b/security/nss/tests/libpkix/certs/NameConstraints.server8.cert new file mode 100644 index 0000000..f0694ed Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server8.cert differ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server9.cert b/security/nss/tests/libpkix/certs/NameConstraints.server9.cert new file mode 100644 index 0000000..517c0ae Binary files /dev/null and b/security/nss/tests/libpkix/certs/NameConstraints.server9.cert differ diff --git a/security/nss/tests/libpkix/certs/make-nc b/security/nss/tests/libpkix/certs/make-nc index 3f31272..b32dd65 100755 --- a/security/nss/tests/libpkix/certs/make-nc +++ b/security/nss/tests/libpkix/certs/make-nc @@ -94,10 +94,415 @@ y n CERTSCRIPT +certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT +5 +6 +9 +n +y + +n +5 +6 +7 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server4 -s "CN=test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 50 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server5 -s "CN=another_test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 51 -v 115 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + + +certutil -S -z noise -g 1024 -d . -n server6 -s "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 52 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n ica3 -s "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 21 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT +5 +6 +9 +n +y + +n +3 +foo.example +1 +y +5 +O=Foo,st=ca,c=us +1 +n +n +5 +6 +7 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n ica4 -s "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" -t ,, -c ica3 -m 61 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT +5 +6 +9 +n +y + +n +5 +6 +7 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server7 -s "CN=bat.foo.example,ou=bar,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server8 -s "CN=bat.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 42 -v 115 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server9 -s "CN=bat.foo.example,O=Foo,C=US" -t ,, -c ica4 -m 43 -v 115 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server10 -s "CN=bar.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 44 -v 115 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server11 -s "CN=site.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 45 -v 115 -1 -2 -5 -8 foo.example <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server12 -s "CN=Honest Achmed,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 46 -v 115 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n ica5 -s "CN=NSS Intermediate CA 2,O=OtherOrg,ST=CA,C=US" -t ,, -c ica3 -m 62 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT +5 +6 +9 +n +y + +n +5 +6 +7 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server13 -s "CN=bat.foo.example,O=OtherOrg,ST=CA,C=US" -t ,, -c ica5 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server14 -s "CN=another.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica5 -m 490 -v 115 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n ncca -s "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,ST=CA,C=US" -t C,C,C -x -m 2 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT +5 +6 +9 +n +y + +n +3 +.example +1 +n +n +5 +6 +7 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n ica6 -s "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" -t ,, -c ncca -m 63 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT +5 +6 +9 +n +y + +n +5 +6 +7 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server15 -s "CN=testfoo.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 64 -v 115 -1 -2 -5 -8 testfoo.invalid <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server16 -s "CN=another_test3.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 65 -v 115 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +certutil -S -z noise -g 1024 -d . -n server17 -s "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 66 -v 115 -1 -2 -5 -8 test4.example <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +#DCISS copy certs +certutil -S -z noise -g 2048 -d . -n dcisscopy -s "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR" -t C,C,C -x -m 998899 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT +5 +6 +9 +n +y + +n +5 +6 +7 +9 +n +CERTSCRIPT + +#the following cert MUST not pass +certutil -S -z noise -g 2048 -d . -n dcissblocked -s "CN=foo.example.com,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998900 -v 120 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + +#the following cert MUST not pass +certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 <<CERTSCRIPT +0 +2 +3 +4 +9 +n +n + +y +0 +1 +9 +n +CERTSCRIPT + + + certutil -d . -L -n ca -r > NameConstraints.ca.cert certutil -d . -L -n ica -r > NameConstraints.intermediate.cert certutil -d . -L -n server1 -r > NameConstraints.server1.cert certutil -d . -L -n server2 -r > NameConstraints.server2.cert certutil -d . -L -n server3 -r > NameConstraints.server3.cert +certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert +certutil -d . -L -n server4 -r > NameConstraints.server4.cert +certutil -d . -L -n server5 -r > NameConstraints.server5.cert +certutil -d . -L -n server6 -r > NameConstraints.server6.cert +certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert +certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert +certutil -d . -L -n server7 -r > NameConstraints.server7.cert +certutil -d . -L -n server8 -r > NameConstraints.server8.cert +certutil -d . -L -n server9 -r > NameConstraints.server9.cert +certutil -d . -L -n server10 -r > NameConstraints.server10.cert +certutil -d . -L -n server11 -r > NameConstraints.server11.cert +certutil -d . -L -n server11 -r > NameConstraints.server11.cert +certutil -d . -L -n server12 -r > NameConstraints.server12.cert +certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert +certutil -d . -L -n server13 -r > NameConstraints.server13.cert +certutil -d . -L -n server14 -r > NameConstraints.server14.cert +certutil -d . -L -n ncca -r > NameConstraints.ncca.cert +certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert +certutil -d . -L -n server15 -r > NameConstraints.server15.cert +certutil -d . -L -n server16 -r > NameConstraints.server16.cert +certutil -d . -L -n server17 -r > NameConstraints.server17.cert +certutil -d . -L -n dcisscopy -r > NameConstraints.dcisscopy.cert +certutil -d . -L -n dcissblocked -r > NameConstraints.dcissblocked.cert +certutil -d . -L -n dcissallowed -r > NameConstraints.dcissallowed.cert -echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert" +echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert" diff --git a/security/nss/tests/remote/Makefile b/security/nss/tests/remote/Makefile index 126bcf4..efbd24e 100644 --- a/security/nss/tests/remote/Makefile +++ b/security/nss/tests/remote/Makefile @@ -80,7 +80,7 @@ package_for_testing: echo 'export USE_64=$(USE_64)' >> $(RTSH) echo 'export BUILD_OPT=$(BUILD_OPT)' >> $(RTSH) echo 'export PKITS_DATA=$(PKITS_DATA)' >> $(RTSH) - echo 'export NSS_ENABLE_ECC=$(NSS_ENABLE_ECC)' >> $(RTSH) + echo 'export NSS_DISABLE_ECC=$(NSS_DISABLE_ECC)' >> $(RTSH) echo 'export NSS_ECC_MORE_THAN_SUITE_B=$(NSS_ECC_MORE_THAN_SUITE_B)' >> $(RTSH) echo 'export NSPR_LOG_MODULES=$(NSPR_LOG_MODULES)' >> $(RTSH) ifeq ($(OS_TARGET),Android) diff --git a/security/nss/tests/smime/smime.sh b/security/nss/tests/smime/smime.sh index cebbc68..2360100d 100755 --- a/security/nss/tests/smime/smime.sh +++ b/security/nss/tests/smime/smime.sh @@ -40,7 +40,7 @@ smime_init() fi SCRIPTNAME=smime.sh - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then html_head "S/MIME Tests with ECC" else html_head "S/MIME Tests" @@ -85,7 +85,7 @@ smime_sign() html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "." # Test ECDSA signing for all hash algorithms. - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------" echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}" ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG} diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index 9f6cbbc..a2bccdf 100755 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -82,7 +82,7 @@ ssl_init() USER_NICKNAME=TestUser NORM_EXT="" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then ECC_STRING=" - with ECC" else ECC_STRING="" @@ -202,7 +202,7 @@ start_selfserv() echo "$SCRIPTNAME: $testname ----" fi sparam=`echo $sparam | sed -e 's;_; ;g'` - if [ -n "$NSS_ENABLE_ECC" ] && \ + if [ -z "$NSS_DISABLE_ECC" ] && \ [ -z "$NO_ECC_CERTS" -o "$NO_ECC_CERTS" != "1" ] ; then ECC_OPTIONS="-e ${HOSTADDR}-ec" else @@ -258,7 +258,7 @@ ssl_cov() html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING" testname="" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then sparam="$CLONG" else sparam="$CSHORT" @@ -292,7 +292,7 @@ ssl_cov() if [ "$NORM_EXT" = "Extended Test" -a "${SSL2}" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] && [ "$SSL2" -eq 0 -o "$EXP" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" @@ -374,7 +374,7 @@ ssl_auth() echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "`echo $ectype | cut -b 1`" != "#" ]; then cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" ` @@ -557,7 +557,7 @@ ssl_stress() echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "${SERVER_MODE}" = "fips" -o "${CLIENT_MODE}" = "fips" ] && [ "${SSL2}" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" @@ -623,7 +623,7 @@ ssl_crl_ssl() while read ectype value sparam cparam testname do [ "$ectype" = "" ] && continue - if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "$ectype" = "SNI" ]; then continue @@ -816,7 +816,7 @@ ssl_crl_cache() while read ectype value sparam cparam testname do [ "$ectype" = "" ] && continue - if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "$ectype" = "SNI" ]; then continue diff --git a/security/nss/tests/tools/tools.sh b/security/nss/tests/tools/tools.sh index a834177..26abf3e 100644 --- a/security/nss/tests/tools/tools.sh +++ b/security/nss/tests/tools/tools.sh @@ -76,7 +76,7 @@ tools_init() fi SCRIPTNAME=tools.sh - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then html_head "Tools Tests with ECC" else html_head "Tools Tests" @@ -372,7 +372,7 @@ tools_p12_export_list_import_with_default_ciphers() export_list_import "DEFAULT" "DEFAULT" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------" echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\" echo " -w ${R_PWFILE}"

1 0

[tor-browser/esr24] No bug, Automated blocklist update from host bld-linux64-spot-344 - a=blocklist-update
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 07d317c8e5220905133776478c7231c834d9bb34 Author: ffxbld <none@none> Date: Sat Jul 12 03:11:42 2014 -0700 No bug, Automated blocklist update from host bld-linux64-spot-344 - a=blocklist-update --- browser/app/blocklist.xml | 874 +++++++++++++++++++++++++-------------------- 1 file changed, 483 insertions(+), 391 deletions(-) diff --git a/browser/app/blocklist.xml b/browser/app/blocklist.xml index 225701e..6deef11 100644 --- a/browser/app/blocklist.xml +++ b/browser/app/blocklist.xml @@ -1,154 +1,158 @@ <?xml version="1.0"?> -<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1403823002000"> +<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1405034316000"> <emItems> <emItem blockID="i454" id="sqlmoz(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i58" id="webmaster(a)buzzzzvideos.info"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> - <emItem blockID="i402" id="{99079a25-328f-4bd4-be04-00955acaa0a7}"> - <versionRange minVersion="0.1" maxVersion="4.3.1.00" severity="1"> + <emItem blockID="i652" id="garg_sms(a)yahoo.in"> + <versionRange minVersion="67.9" maxVersion="67.9" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="1"> - </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i71" id="youtube(a)2youtube.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i404" id="{a9bb9fa0-4122-4c75-bd9a-bc27db3f9155}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i8" id="{B13721C7-F507-4982-B2E5-502A71474FED}"> <versionRange minVersion=" " severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i107" os="WINNT" id="{ABDE892B-13A8-4d1b-88E6-365A6E755758}"> <versionRange minVersion="0" maxVersion="15.0.5" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i88" id="anttoolbar(a)ant.com"> <versionRange minVersion="2.4.6.4" maxVersion="2.4.6.4" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i484" id="plugin(a)getwebcake.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> - <emItem blockID="i433" id="{c95a4e8e-816d-4655-8c79-d736da1adb6d}"> - <versionRange minVersion="0" maxVersion="*" severity="1"> + <emItem blockID="i640" id="jid0-l9BxpNUhx1UUgRfKigWzSfrZqAc@jetpack"> + <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i65" id="activity(a)facebook.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i527" id="/^({bfec236d-e122-4102-864f-f5f19d897f5e}|{3f842035-47f4-4f10-846b-6199b07f09b8}|{92ed4bbd-83f2-4c70-bb4e-f8d3716143fe})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i535" id="/^ext(a)WebexpEnhancedV1alpha[0-9]+\.net$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i105" id="{95ff02bc-ffc6-45f0-a5c8-619b8226a9de}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i626" id="{20AD702C-661E-4534-8CE9-BA4EC9AD6ECC}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i20" id="{AB2CE124-6272-4b12-94A9-7303C7397BD1}"> <versionRange minVersion="0.1" maxVersion="5.2.0.7164" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i506" id="/^ext@bettersurfplus/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i400" id="{dd6b651f-dfb9-4142-b0bd-09912ad22674}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i488" id="jid1-4P0kohSJxU1qGg@jetpack"> <versionRange minVersion="1.2.50" maxVersion="1.2.50" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i578" id="jid1-XLjasWL55iEE1Q@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i660" id="youplayer(a)addons.mozilla.org"> + <versionRange minVersion="79.9.8" maxVersion="208.0.1" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i529" id="/^(torntv@torntv\.com|trtv3@trtv\.com|torntv2@torntv\.com|e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707\.com)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i486" id="xz123(a)ya456.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i392" id="{EEE6C361-6118-11DC-9C72-001320C79847}"> <versionRange minVersion="0" maxVersion="1.7.999" severity="1"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="1"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i406" id="{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i4" id="{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"> @@ -157,13 +161,13 @@ <versionRange minVersion="3.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i492" id="{af95cc15-3b9b-45ae-8d9b-98d08eda3111}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i24" id="{6E19037A-12E3-4295-8915-ED48BC341614}"> @@ -172,67 +176,67 @@ <versionRange minVersion="3.7a1pre" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i64" id="royal(a)facebook.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i72" os="WINNT" id="{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"> <versionRange minVersion="3.4.1" maxVersion="3.4.1.194" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i100" id="{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}"> <versionRange minVersion="2.5.0" maxVersion="2.5.0" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i77" id="{fa277cfc-1d75-4949-a1f9-4ac8e41b2dfd}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i40" id="{28387537-e3f9-4ed7-860c-11e69af4a8a0}"> <versionRange minVersion="0.1" maxVersion="4.3.1.00" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i491" id="{515b2424-5911-40bd-8a2c-bdb20286d8f5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i498" id="hoverst(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i127" id="plugin(a)youtubeplayer.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i430" id="1chtw(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i78" id="socialnetworktools(a)mozilla.doslash.org"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i238" id="/^pink@.*\.info$/"> @@ -241,19 +245,19 @@ <versionRange minVersion="18.0" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i516" id="/^({3f3cddf8-f74d-430c-bd19-d2c9147aed3d}|{515b2424-5911-40bd-8a2c-bdb20286d8f5}|{17464f93-137e-4646-a0c6-0dc13faf0113}|{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}|{aad50c91-b136-49d9-8b30-0e8d3ead63d0})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i630" id="webbooster(a)iminent.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> <pref>browser.startup.homepage</pref> <pref>browser.search.defaultenginename</pref> </prefs> @@ -261,105 +265,105 @@ <emItem blockID="i174" id="info(a)thebflix.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i478" id="{7e8a1050-cf67-4575-92df-dcc60e7d952d}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i582" id="discoverypro(a)discoverypro.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i172" id="info(a)bflix.info"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i93" id="{68b8676b-99a5-46d1-b390-22411d8bcd61}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i596" id="{b99c8534-7800-48fa-bd71-519a46cdc7e1}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i140" id="mozillahmpg(a)mozilla.org"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i500" id="{2aab351c-ad56-444c-b935-38bffe18ad26}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i494" id="/^({e9df9360-97f8-4690-afe6-996c80790da4}|{687578b9-7132-4a7a-80e4-30ee31099e03}|{46a3135d-3683-48cf-b94c-82655cbc0e8a}|{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}|{7473b6bd-4691-4744-a82b-7854eb3d70b6}|{96f454ea-9d38-474f-b504-56193e00c1a5})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i467" id="plugin(a)analytic-s.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i47" id="youtube(a)youtube2.com"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i360" id="ytd(a)mybrowserbar.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i5" id="support(a)daemon-tools.cc"> <versionRange minVersion=" " maxVersion="1.0.0.5"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i436" id="/(\{7aeae561-714b-45f6-ace3-4a8aed6e227b\})|(\{01e86e69-a2f8-48a0-b068-83869bdba3d0\})|(\{77f5fe49-12e3-4cf5-abb4-d993a0164d9e\})/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i97" id="support3_en(a)adobe122.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i342" id="lbmsrvfvxcblvpane(a)lpaezhjez.org"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i481" id="{B40794A0-7477-4335-95C5-8CB9BBC5C4A5}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i11" id="yslow(a)yahoo-inc.com"> @@ -368,221 +372,229 @@ <versionRange minVersion="3.5.7" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i62" id="jid0-EcdqvFOgWLKHNJPuqAnawlykCGZ@jetpack"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i624" id="/^({b95faac1-a3d7-4d69-8943-ddd5a487d966}|{ecce0073-a837-45a2-95b9-600420505f7e}|{2713b394-286f-4d7c-89ea-4174eeab9f5a}|{da7a20cf-bef4-4342-ad78-0240fdf87055})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i472" id="linksicle(a)linksicle.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i99" id="pfzPXmnzQRXX6(a)2iABkVe.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i66" id="youtubeer(a)youtuber.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i438" id="{02edb56b-9b33-435b-b7df-b2843273a694}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i450" id="{dff137ae-1ffd-11e3-8277-b8ac6f996f26}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i521" id="/^({66b103a7-d772-4fcd-ace4-16f79a9056e0}|{6926c7f7-6006-42d1-b046-eba1b3010315}|{72cabc40-64b2-46ed-8648-26d831761150}|{73ee2cf2-7b76-4c49-b659-c3d8cf30825d}|{ca6446a5-73d5-4c35-8aa1-c71dc1024a18}|{5373a31d-9410-45e2-b299-4f61428f0be4})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i499" id="{babb9931-ad56-444c-b935-38bffe18ad26}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i356" id="{341f4dac-1966-47ff-aacf-0ce175f1498a}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i101" id="{3a12052a-66ef-49db-8c39-e5b0bd5c83fa}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i111" os="WINNT" id="{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}"> <versionRange minVersion="0" maxVersion="15.0.5" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i136" id="Adobe(a)flash.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i543" id="{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i447" id="{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i519" id="703db0db-5fe9-44b6-9f53-c6a91a0ad5bd(a)7314bc82-969e-4d2a-921b-e5edd0b02cf1.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i537" id="rally_toolbar_ff(a)bulletmedia.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i526" id="/^({83a8ce1b-683c-4784-b86d-9eb601b59f38}|{ef1feedd-d8da-4930-96f1-0a1a598375c6}|{79ff1aae-701f-4ca5-aea3-74b3eac6f01b}|{8a184644-a171-4b05-bc9a-28d75ffc9505}|{bc09c55d-0375-4dcc-836e-0e3c8addfbda}|{cef81415-2059-4dd5-9829-1aef3cf27f4f})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i532" id="249911bc-d1bd-4d66-8c17-df533609e6d8(a)c76f3de9-939e-4922-b73c-5d7a3139375d.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i258" id="helperbar(a)helperbar.com"> <versionRange minVersion="0" maxVersion="1.0" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i98" id="youtubeeing(a)youtuberie.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i515" id="/^({bf9194c2-b86d-4ebc-9b53-1c08b6ff779e}|{61a83e16-7198-49c6-8874-3e4e8faeb4f3}|{f0af464e-5167-45cf-9cf0-66b396d1918c}|{5d9968c3-101c-4944-ba71-72d77393322d}|{01e86e69-a2f8-48a0-b068-83869bdba3d0})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i549" id="/^firefox@(albrechto|swiftbrowse|springsmart|storimbo|squirrelweb|betterbrowse|lizardlink|rolimno|browsebeyond|clingclang|weblayers|kasimos|higher-aurum|xaven|bomlabio)\.(com?|net|org|info|biz)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i168" id="flashX(a)adobe.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i39" id="{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"> <versionRange minVersion="0.1" maxVersion="4.3.1.00" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i42" id="{D19CA586-DD6C-4a0a-96F8-14644F340D60}"> <versionRange minVersion="0.1" maxVersion="14.4.0" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i449" id="gystqfr(a)ylgga.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i502" id="{df6bb2ec-333b-4267-8c4f-3f27dc8c6e07}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i142" id="{a3a5c777-f583-4fef-9380-ab4add1bc2a8}"> <versionRange minVersion="2.0.3" maxVersion="2.0.3"> </versionRange> - <versionRange minVersion="4.2" maxVersion="4.2" severity="3"> + <versionRange minVersion="4.2" maxVersion="4.2" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i306" id="{ADFA33FD-16F5-4355-8504-DF4D664CFE10}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i634" id="jid1-4vUehhSALFNqCw@jetpack"> + <versionRange minVersion="100.7" maxVersion="100.7" severity="3"> + </versionRange> + <versionRange minVersion="99.7" maxVersion="99.7" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i63" id="youtube(a)youtuber.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i398" id="{377e5d4d-77e5-476a-8716-7e70a9272da0}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i18" id="msntoolbar(a)msn.com"> <versionRange minVersion=" " maxVersion="6.*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i358" id="lfind(a)nijadsoft.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i628" id="ffxtlbr(a)iminent.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> <pref>browser.startup.homepage</pref> <pref>browser.search.defaultenginename</pref> </prefs> @@ -590,49 +602,49 @@ <emItem blockID="i228" id="crossriderapp5060(a)crossrider.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i465" id="trtv3(a)trtv.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i554" id="lightningnewtab(a)gmail.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i550" id="colmer(a)yopmail.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i618" id="toolbar(a)ask.com"> <versionRange minVersion="3.15.5" maxVersion="3.15.5.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.8" maxVersion="3.15.8.*" severity="1"> + <versionRange minVersion="3.15.8" maxVersion="3.15.8.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.10" maxVersion="3.15.11.*" severity="1"> + <versionRange minVersion="3.15.10" maxVersion="3.15.11.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.13" maxVersion="3.15.13.*" severity="1"> + <versionRange minVersion="3.15.13" maxVersion="3.15.13.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.18" maxVersion="3.15.20.*" severity="1"> + <versionRange minVersion="3.15.18" maxVersion="3.15.20.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.22" maxVersion="3.15.22.*" severity="1"> + <versionRange minVersion="3.15.22" maxVersion="3.15.22.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.24" maxVersion="3.15.24.*" severity="1"> + <versionRange minVersion="3.15.24" maxVersion="3.15.24.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.26" maxVersion="3.15.26.*" severity="1"> + <versionRange minVersion="3.15.26" maxVersion="3.15.26.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.28" maxVersion="3.15.28.*" severity="1"> + <versionRange minVersion="3.15.28" maxVersion="3.15.28.*" severity="1"> </versionRange> - <versionRange minVersion="3.15.31" maxVersion="3.15.31.*" severity="1"> + <versionRange minVersion="3.15.31" maxVersion="3.15.31.*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i75" os="Darwin,Linux" id="firebug(a)software.joehewitt.com"> @@ -641,255 +653,285 @@ <versionRange minVersion="9.0a1" maxVersion="9.*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i514" id="/^(67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9\.com|ffxtlbr@visualbee\.com|{7aeae561-714b-45f6-ace3-4a8aed6e227b}|{7093ee04-f2e4-4637-a667-0f730797b3a0}|{53c4024f-5a2e-4f2a-b33e-e8784d730938})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i348" id="{13c9f1f9-2322-4d5c-81df-6d4bf8476ba4}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i338" id="{1FD91A9C-410C-4090-BBCC-55D3450EF433}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i364" id="{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i59" id="ghostviewer(a)youtube2.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i222" id="dealcabby@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i51" id="admin(a)youtubeplayer.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i433" id="{c95a4e8e-816d-4655-8c79-d736da1adb6d}"> + <versionRange minVersion="0" maxVersion="*" severity="1"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i352" id="vpyekkifgv(a)vpyekkifgv.org"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i466" id="afext(a)anchorfree.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i650" id="jid1-qj0w91o64N7Eeg@jetpack"> + <versionRange minVersion="39.5.1" maxVersion="47.0.4" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i468" id="05dd836e-2cbd-4204-9ff3-2f8a8665967d(a)a8876730-fb0c-4057-a2fc-f9c09d438e81.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i522" id="/^({976cd962-e0ca-4337-aea7-d93fae63a79c}|{525ba996-1ce4-4677-91c5-9fc4ead2d245}|{91659dab-9117-42d1-a09f-13ec28037717}|{c1211069-1163-4ba8-b8b3-32fc724766be})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i642" id="{bee6eb20-01e0-ebd1-da83-080329fb9a3a}"> + <versionRange minVersion="40.10.1" maxVersion="44.10.1" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i479" id="mbrsepone(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> - <emItem blockID="i620" id="{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}"> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <emItem blockID="i666" id="wecarereminder@bryan"> + <versionRange minVersion="0" maxVersion="*" severity="1"> + </versionRange> + <prefs> + </prefs> + </emItem> + <emItem blockID="i646" id="{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}"> + <versionRange minVersion="178.7.0" maxVersion="178.7.0" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i552" id="jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i256" id="/^[0-9a-f]+(a)[0-9a-f]+\.info/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i584" id="{52b0f3db-f988-4788-b9dc-861d016f4487}"> <versionRange minVersion="0" maxVersion="0.1.9999999" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i370" id="happylyrics(a)hpyproductions.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i440" id="{2d069a16-fca1-4e81-81ea-5d5086dcbd0c}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i396" id="/@(ft|putlocker|clickmovie|m2k|sharerepo|smarter-?)downloader\.com$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i22" id="ShopperReports(a)ShopperReports.com"> <versionRange minVersion="3.1.22.0" maxVersion="3.1.22.0"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i376" id="{9e09ac65-43c0-4b9d-970f-11e2e9616c55}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i44" id="sigma(a)labs.mozilla"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i501" id="xivars(a)aol.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i482" id="brasilescapeeight(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i226" id="{462be121-2b54-4218-bf00-b9bf8135b23f}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i246" id="support(a)vide1flash2.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i48" id="admin(a)youtubespeedup.com"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i218" id="ffxtlbr(a)claro.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i10" id="{8CE11043-9A15-4207-A565-0C94C42D590D}"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i548" id="/^firefox@(jumpflip|webconnect|browsesmart|mybuzzsearch|outobox|greygray|lemurleap|divapton|secretsauce|batbrowse|whilokii|linkswift|qualitink|browsefox|kozaka|diamondata|glindorus|saltarsmart|bizzybolt|websparkle)\.(com?|net|org|info|biz)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i79" id="GifBlock(a)facebook.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i69" id="{977f3b97-5461-4346-92c8-a14c749b77c9}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i17" id="{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}"> <versionRange minVersion="2.2" maxVersion="2.2"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i115" id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i477" id="mbrnovone(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i13" id="{E8E88AB0-7182-11DF-904E-6045E0D72085}"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i446" id="{E90FA778-C2B7-41D0-9FA9-3FEC1CA54D66}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i562" id="iobitapps(a)mybrowserbar.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i507" id="4zffxtbr-bs(a)VideoDownloadConverter_4z.com"> <versionRange minVersion="0" maxVersion="5.75.3.25126" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i7" id="{2224e955-00e9-4613-a844-ce69fccaae91}"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i525" id="/^({65f9f6b7-2dae-46fc-bfaf-f88e4af1beca}|{9ed31f84-c8b3-4926-b950-dff74047ff79}|{0134af61-7a0c-4649-aeca-90d776060cb3}|{02edb56b-9b33-435b-b7df-b2843273a694}|{da51d4f6-3e7e-4ef8-b400-9198e0874606}|{b24577db-155e-4077-bb37-3fdd3c302bb5})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i485" id="/^brasilescape.*\(a)facebook\.com$//"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i52" id="ff-ext@youtube"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i644" id="youtubeunblocker(a)unblocker.yt"> + <versionRange minVersion="43.4.1" maxVersion="77.5.1" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i38" id="{B7082FAA-CB62-4872-9106-E42DD88EDE45}"> @@ -898,112 +940,124 @@ <versionRange minVersion="3.7a1" maxVersion="*" /> </targetApplication> </versionRange> - <versionRange minVersion="3.3.1" maxVersion="*"> + <versionRange minVersion="3.3.1" maxVersion="*"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="5.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i471" id="firefox(a)luckyleap.net"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i495" id="kallow(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i483" id="brasilescapefive(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i442" id="pennerdu(a)faceobooks.ws"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i43" id="supportaccessplugin(a)gmail.com"> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i588" id="quick_start(a)gmail.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i340" id="chiang(a)programmer.net"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i664" id="123456789(a)offeringmedia.com"> + <versionRange minVersion="0" maxVersion="*" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i54" id="applebeegifts(a)mozilla.doslash.org"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i16" id="{27182e60-b5f3-411c-b545-b44205977502}"> <versionRange minVersion="1.0" maxVersion="1.0"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i504" id="aytac(a)abc.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i92" id="play5(a)vide04flash.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i117" id="{ce7e73df-6a44-4028-8079-5927a588c948}"> <versionRange minVersion="0" maxVersion="1.0.8" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i474" id="{906000a4-88d9-4d52-b209-7a772970d91f}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i453" id="/^brasilescape.*\(a)facebook\.com$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i658" id="low_quality_flash(a)pie2k.com"> + <versionRange minVersion="46.2" maxVersion="47.1" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i109" id="{392e123b-b691-4a5e-b52f-c4c1027e749c}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i598" id="{29b136c9-938d-4d3d-8df8-d649d9b74d02}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i286" id="{58bd07eb-0ee0-4df0-8121-dc9b693373df}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i1" id="mozilla_cc(a)internetdownloadmanager.com"> @@ -1012,176 +1066,176 @@ <versionRange minVersion="3.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <versionRange minVersion=" " maxVersion="6.9.8"> + <versionRange minVersion=" " maxVersion="6.9.8"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="3.7a1pre" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i308" id="9518042e-7ad6-4dac-b377-056e28d00c8f(a)f1cc0a13-4df1-4d66-938f-088db8838882.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i560" id="adsremoval(a)adsremoval.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i461" id="{8E9E3331-D360-4f87-8803-52DE43566502}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i542" id="/^({bf67a47c-ea97-4caf-a5e3-feeba5331231}|{24a0cfe1-f479-4b19-b627-a96bf1ea3a56})$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i493" id="12x3q(a)3244516.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i344" id="lrcsTube(a)hansanddeta.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i536" id="{25D77636-38B1-1260-887C-2D4AFA92D6A4}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i426" id="addlyrics(a)addlyrics.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i448" id="{0134af61-7a0c-4649-aeca-90d776060cb3}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i83" id="flash(a)adobee.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i104" id="yasd(a)youasdr3.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i530" id="{739df940-c5ee-4bab-9d7e-270894ae687a}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i524" id="/^({4e988b08-8c51-45c1-8d74-73e0c8724579}|{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}|{aed63b38-7428-4003-a052-ca6834d8bad3}|{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i68" id="flashupdate(a)adobe.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i382" id="{6926c7f7-6006-42d1-b046-eba1b3010315}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i432" id="lugcla21(a)gmail.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i91" id="crossriderapp4926(a)crossrider.com"> <versionRange minVersion="0" maxVersion="0.81.43" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i480" id="pluggets(a)gmail.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <versionRange minVersion="0" maxVersion="*" severity="1"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i570" id="jid1-vW9nopuIAJiRHw@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i520" id="/^({7316e43a-3ebd-4bb4-95c1-9caf6756c97f}|{0cc09160-108c-4759-bab1-5c12c216e005}|{ef03e721-f564-4333-a331-d4062cee6f2b}|{465fcfbb-47a4-4866-a5d5-d12f9a77da00}|{7557724b-30a9-42a4-98eb-77fcb0fd1be3}|{b7c7d4b0-7a84-4b73-a7ef-48ef59a52c3b})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i460" id="{845cab51-d8d2-472f-8bd9-2b44642d97c2}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i547" id="{87934c42-161d-45bc-8cef-ef18abe2a30c}"> <versionRange minVersion="0" maxVersion="3.7.9999999999" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i6" id="{3f963a5b-e555-4543-90e2-c3908898db71}"> <versionRange minVersion=" " maxVersion="8.5"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i56" id="flash(a)adobe.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i538" id="{354dbb0a-71d5-4e9f-9c02-6c88b9d387ba}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i451" id="{e44a1809-4d10-4ab8-b343-3326b64c7cdd}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i540" id="/^(ffxtlbr@mixidj\.com|{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}|{67097627-fd8e-4f6b-af4b-ecb65e50112e}|{f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a}|{a3d0e35f-f1da-4ccb-ae77-e9d27777e68d}|{1122b43d-30ee-403f-9bfa-3cc99b0caddd})$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i216" id="fdm_ffext(a)freedownloadmanager.org"> @@ -1190,69 +1244,69 @@ <versionRange minVersion="3.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <versionRange minVersion="1.5.7.5" maxVersion="1.5.7.5" severity="1"> + <versionRange minVersion="1.5.7.5" maxVersion="1.5.7.5" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i566" id="{77BEC163-D389-42c1-91A4-C758846296A5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i533" id="extension(a)Fast_Free_Converter.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i362" id="addon(a)defaulttab.com"> <versionRange minVersion="0" maxVersion="1.4.4" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i12" id="masterfiler(a)gmail.com"> <versionRange severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i576" id="newmoz(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i444" id="fplayer(a)adobe.flash"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i334" id="{0F827075-B026-42F3-885D-98981EE7B1AE}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i622" id="/^({ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}|{46008e0d-47ac-4daa-a02a-5eb69044431a}|{213c8ed6-1d78-4d8f-8729-25006aa86a76}|{fa23121f-ee7c-4bd8-8c06-123d087282c5}|{19803860-b306-423c-bbb5-f60a7d82cde5})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i518" id="/^({d6e79525-4524-4707-9b97-1d70df8e7e59}|{ddb4644d-1a37-4e6d-8b6e-8e35e2a8ea6c}|{e55007f4-80c5-418e-ac33-10c4d60db01e}|{e77d8ca6-3a60-4ae9-8461-53b22fa3125b}|{e89a62b7-248e-492f-9715-43bf8c507a2f}|{5ce3e0cb-aa83-45cb-a7da-a2684f05b8f3})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i196" id="info(a)wxdownloadmanager.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i424" id="{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}"> @@ -1261,61 +1315,67 @@ <versionRange minVersion="23.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i336" id="CortonExt(a)ext.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i103" id="kdrgun(a)gmail.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i539" id="ScorpionSaver@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i3" id="langpack-vi-VN(a)firefox.mozilla.org"> <versionRange minVersion="2.0" maxVersion="2.0"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i326" id="/^((support2_en@adobe14\.com)|(XN4Xgjw7n4@yUWgc\.com)|(C7yFVpIP@WeolS3acxgS\.com)|(Kbeu4h0z@yNb7QAz7jrYKiiTQ3\.com)|(aWQzX@a6z4gWdPu8FF\.com)|(CBSoqAJLYpCbjTP90@JoV0VMywCjsm75Y0toAd\.com)|(zZ2jWZ1H22Jb5NdELHS@o0jQVWZkY1gx1\.com))$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i470" id="extension(a)FastFreeConverter.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i162" id="{EB7508CA-C7B2-46E0-8C04-3E94A035BD49}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i620" id="{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}"> + <versionRange minVersion="0" maxVersion="*" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i354" id="{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i106" os="WINNT" id="{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"> <versionRange minVersion="0" maxVersion="15.0.5" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i46" id="{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}"> @@ -1324,13 +1384,13 @@ <versionRange minVersion="9.0a1" maxVersion="9.0" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i505" id="extacylife(a)a.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i15" id="personas(a)christopher.beard"> @@ -1339,267 +1399,295 @@ <versionRange minVersion="3.6" maxVersion="3.6.*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i304" id="{f0e59437-6148-4a98-b0a6-60d557ef57f4}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i86" id="{45147e67-4020-47e2-8f7a-55464fb535aa}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i586" id="jid1-0xtMKhXFEs4jIg@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i318" id="ffxtlbr(a)incredibar.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i19" id="{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}"> <versionRange minVersion="1.1b1" maxVersion="1.1b1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i531" id="/^(4cb61367-efbf-4aa1-8e3a-7f776c9d5763@cdece6e9-b2ef-40a9-b178-291da9870c59\.com|0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a\.com|6be3335b-ef79-4b0b-a0ba-b87afbc6f4ad@6bbb4d2e-e33e-4fa5-9b37-934f4fb50182\.com)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i490" id="now.msn.com(a)services.mozilla.org"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i523" id="/^({7e8a1050-cf67-4575-92df-dcc60e7d952d}|{b3420a9c-a397-4409-b90d-bcf22da1a08a}|{eca6641f-2176-42ba-bdbe-f3e327f8e0af}|{707dca12-3f99-4d94-afea-06dcc0ae0108}|{aea20431-87fc-40be-bc5b-18066fe2819c}|{30ee6676-1ba6-455a-a7e8-298fa863a546})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i312" id="extension21804(a)extension21804.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i545" id="superlrcs(a)svenyor.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i324" id="/^((34qEOefiyYtRJT@IM5Munavn\.com)|(Mro5Fm1Qgrmq7B@ByrE69VQfZvZdeg\.com)|(KtoY3KGxrCe5ie@yITPUzbBtsHWeCdPmGe\.com)|(9NgIdLK5Dq4ZMwmRo6zk@FNt2GCCLGyUuOD\.com)|(NNux7bWWW@RBWyXdnl6VGls3WAwi\.com)|(E3wI2n@PEHTuuNVu\.com)|(2d3VuWrG6JHBXbQdbr@3BmSnQL\.com))$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i503" id="{9CE11043-9A15-4207-A565-0C94C42D590D}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i431" id="chinaescapeone(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i108" id="{28bfb930-7620-11e1-b0c4-0800200c9a66}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i656" id="hdv(a)vovcacik.addons.mozilla.org"> + <versionRange minVersion="102.0" maxVersion="102.0" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i262" id="{167d9323-f7cc-48f5-948a-6f012831a69f}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i320" id="torntv(a)torntv.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i528" id="008abed2-b43a-46c9-9a5b-a771c87b82da(a)1ad61d53-2bdc-4484-a26b-b888ecae1906.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i469" id="OKitSpace(a)OKitSpace.es"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i564" id="/^(firefox@vebergreat\.net|EFGLQA@78ETGYN-0W7FN789T87\.COM)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i167" id="{b64982b1-d112-42b5-b1e4-d3867c4533f8}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i84" id="pink(a)rosaplugin.info"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i654" id="{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}"> + <versionRange minVersion="27.8" maxVersion="27.9" severity="3"> + </versionRange> + <versionRange minVersion="27.8" maxVersion="27.9" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i568" os="Darwin" id="thunder(a)xunlei.com"> <versionRange minVersion="0" maxVersion="2.0.6" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i439" id="{d2cf9842-af95-48cd-b873-bfbb48cd7f5e}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i346" id="{a6e67e6f-8615-4fe0-a599-34a73fc3fba5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i220" id="pricepeep(a)getpricepeep.com"> <versionRange minVersion="0" maxVersion="2.1.0.19.99" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i590" id="{94cd2cc3-083f-49ba-a218-4cda4b4829fd}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i544" id="/^(93abedcf-8e3a-4d02-b761-d1441e437c09@243f129d-aee2-42c2-bcd1-48858e1c22fd\.com|9acfc440-ac2d-417a-a64c-f6f14653b712@09f9a966-9258-4b12-af32-da29bdcc28c5\.com|58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd\.com)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i224" id="{336D0C35-8A85-403a-B9D2-65C292C39087}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i61" id="youtube(a)youtube3.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <versionRange minVersion="0" maxVersion="*"> + <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i517" id="/^({16e193c8-1706-40bf-b6f3-91403a9a22be}|{284fed43-2e13-4afe-8aeb-50827d510e20}|{5e3cc5d8-ed11-4bed-bc47-35b4c4bc1033}|{7429e64a-1fd4-4112-a186-2b5630816b91}|{8c9980d7-0f09-4459-9197-99b3e559660c}|{8f1d9545-0bb9-4583-bb3c-5e1ac1e2920c})$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i509" id="contato(a)facefollow.net"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i372" id="5nc3QHFgcb(a)r06Ws9gvNNVRfH.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i496" id="{ACAA314B-EEBA-48e4-AD47-84E31C44796C}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i67" id="youtube2(a)youtube2.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i476" id="mbroctone(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i70" id="psid-vhvxQHMZBOzUZA@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i473" id="{81b13b5d-fba1-49fd-9a6b-189483ac548a}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i437" id="{4933189D-C7F7-4C6E-834B-A29F087BFD23}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i394" id="{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i402" id="{99079a25-328f-4bd4-be04-00955acaa0a7}"> + <versionRange minVersion="0.1" maxVersion="4.3.1.00" severity="1"> + </versionRange> + <versionRange minVersion="0" maxVersion="*" severity="1"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i165" id="{EEF73632-A085-4fd3-A778-ECD82C8CB297}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i60" id="youtb3(a)youtb3.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> + </prefs> + </emItem> + <emItem blockID="i662" id="imbaty(a)taringamp3.com"> + <versionRange minVersion="0" maxVersion="*" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i546" id="firefox(a)browsefox.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i510" id="{3c9a72a0-b849-40f3-8c84-219109c27554}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i23" id="firefox(a)bandoo.com"> @@ -1608,85 +1696,89 @@ <versionRange minVersion="3.7a1pre" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i55" id="youtube(a)youtube7.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i434" id="afurladvisor(a)anchorfree.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i90" id="videoplugin(a)player.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i489" id="astrovia(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i497" id="{872b5b88-9db5-4310-bdd0-ac189557e5f5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i580" id="{51c77233-c0ad-4220-8388-47c11c18b355}"> <versionRange minVersion="0" maxVersion="0.1.9999999" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i541" id="/^({988919ff-0cd8-4d0c-bc7e-60d55a49eb64}|{494b9726-9084-415c-a499-68c07e187244}|{55b95864-3251-45e9-bb30-1a82589aaff1}|{eef3855c-fc2d-41e6-8d91-d368f51b3055}|{90a1b331-c2b4-4933-9f63-ba7b84d60d58}|{d2cf9842-af95-48cd-b873-bfbb48cd7f5e})$/"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i76" id="crossriderapp3924(a)crossrider.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> - <emItem blockID="i445" id="firefoxaddon(a)youtubeenhancer.com"> + <emItem blockID="i648" id="firefoxaddon(a)youtubeenhancer.com"> <versionRange minVersion="208.7.0" maxVersion="208.7.0" severity="3"> </versionRange> - <prefs> + <versionRange minVersion="199.7.0" maxVersion="199.7.0" severity="3"> + </versionRange> + <versionRange minVersion="199.7.0" maxVersion="208.7.0" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i441" id="{49c53dce-afa0-49a1-a08b-2eb8e8444128}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i508" id="advance(a)windowsclient.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i282" id="{33e0daa6-3af3-d8b5-6752-10e949c61516}"> <versionRange minVersion="0" maxVersion="1.1.999" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i452" id="{77beece6-3997-403a-92fa-0055bfcf88e5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i45" id="{22119944-ED35-4ab1-910B-E619EA06A115}"> @@ -1695,71 +1787,71 @@ <versionRange minVersion="8.0a1" maxVersion="*" /> </targetApplication> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i82" id="{8f42fb8b-b6f6-45de-81c0-d6d39f54f971}"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i380" id="{cc8f597b-0765-404e-a575-82aefbd81daf}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i322" id="jid0-Y6TVIzs0r7r4xkOogmJPNAGFGBw@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i378" id="{a7aae4f0-bc2e-a0dd-fb8d-68ce32c9261f}"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i73" id="a1g0a9g219d(a)a1.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i96" id="youtubeee(a)youtuber3.com"> <versionRange minVersion="0" maxVersion="*"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i163" id="info(a)allpremiumplay.info"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i455" id="7d51fb17-b199-4d8f-894e-decaff4fc36a(a)a298838b-7f50-4c7c-9277-df6abbd42a0c.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i374" id="update(a)firefox.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i314" id="crossriderapp8812(a)crossrider.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> - <prefs> + <prefs> </prefs> </emItem> <emItem blockID="i21" id="support(a)update-firefox.com"> - <prefs> + <prefs> </prefs> </emItem> </emItems> @@ -1771,446 +1863,446 @@ <versionRange minVersion="3.0a1" maxVersion="3.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p27"> <match name="name" exp="QuickTime Plug-in 7[.]1[.]" /> <match name="filename" exp="npqtplugin.?[.]dll" /> <versionRange > <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="3.0a1" maxVersion="3.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p28"> - <match name="filename" exp="NPFFAddOn.dll" /> </pluginItem> + <match name="filename" exp="NPFFAddOn.dll" /> </pluginItem> <pluginItem blockID="p31"> - <match name="filename" exp="NPMySrch.dll" /> </pluginItem> + <match name="filename" exp="NPMySrch.dll" /> </pluginItem> <pluginItem blockID="p32"> <match name="filename" exp="npViewpoint.dll" /> <versionRange > <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="3.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p33"> <match name="name" exp="[0-6]\.0\.[01]\d{2}\.\d+" /> <match name="filename" exp="npdeploytk.dll" /> <versionRange severity="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p34"> <match name="filename" exp="[Nn][Pp][Jj][Pp][Ii]1[56]0_[0-9]+\.[Dd][Ll][Ll]" /> <versionRange > <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="3.6a1pre" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p80"> <match name="name" exp="$TM$" /> <match name="description" exp="[^\d\._]((0(\.\d+(\.\d+([_\.]\d+)?)?)?)|(1\.(([0-5](\.\d+([_\.]\d+)?)?)|(6(\.0([_\.](0?\d|1\d|2\d|30))?)?)|(7(\.0([_\.][0-2])?)?))))([^\d\._]|$)" /> <match name="filename" exp="(npjp2\.dll)|(libnpjp2\.so)" /> <versionRange severity="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p85"> <match name="filename" exp="JavaPlugin2_NPAPI\.plugin" /> <versionRange minVersion="0" maxVersion="13.6.0" severity="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem os="Darwin" blockID="p89"> <match name="filename" exp="AdobePDFViewerNPAPI\.plugin" /> <versionRange minVersion="0" maxVersion="10.1.3" severity="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p94"> <match name="filename" exp="Flash\ Player\.plugin" /> <versionRange minVersion="0" maxVersion="10.2.159.1" severity="0"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0.1" maxVersion="17.0.1" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p102"> <match name="filename" exp="npmozax\.dll" /> <versionRange minVersion="0" maxVersion="*"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p113"> <match name="filename" exp="npuplaypc\.dll" /> <versionRange minVersion="0" maxVersion="1.0.0.0" severity="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p119"> <match name="name" exp="Java$TM$ Plug-in 1\.(6\.0_(\d|[0-2]\d?|3[0-2])|7\.0(_0?([1-4]))?)([^\d\._]|$)" /> <match name="filename" exp="libnpjp2\.so" /> <versionRange severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0.1" maxVersion="17.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p123"> <match name="filename" exp="JavaPlugin2_NPAPI\.plugin" /> <versionRange minVersion="0" maxVersion="14.2.0" severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0.1" maxVersion="17.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p125"> <match name="name" exp="Java$TM$ Platform SE ((6( U(\d|([0-2]\d)|3[0-2]))?)|(7(\sU[0-4])?))(\s[^\d\._U]|$)" /> <match name="filename" exp="npjp2\.dll" /> <versionRange severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0.1" maxVersion="17.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p129"> <match name="filename" exp="Silverlight\.plugin" /> <versionRange minVersion="0" maxVersion="5.0.99999" severity="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p132"> <match name="name" exp="Java$TM$ Plug-in 1\.7\.0(_0?([5-6]))?([^\d\._]|$)" /> <match name="filename" exp="libnpjp2\.so" /> <versionRange severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0.1" maxVersion="17.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p134"> <match name="name" exp="Java$TM$ Platform SE 7 U[5-6](\s[^\d\._U]|$)" /> <match name="filename" exp="npjp2\.dll" /> <versionRange severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0.1" maxVersion="17.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p138"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 7 Update 01" maxVersion="Java 7 Update 06" severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0.1" maxVersion="17.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p152"> <match name="filename" exp="npctrl\.dll" /> <versionRange minVersion="0" maxVersion="4.1.10328.0" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p154"> <match name="filename" exp="npctrl\.dll" /> <versionRange minVersion="5.0" maxVersion="5.1.20124.9999" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p156"> <match name="filename" exp="nppdf32\.dll" /> <versionRange minVersion="0" maxVersion="9.5.1" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p158"> <match name="filename" exp="nppdf32\.dll" /> <versionRange minVersion="10.0" maxVersion="10.1.5.9999" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p160"> <match name="filename" exp="NPSWF32\.dll" /> <versionRange minVersion="0" maxVersion="10.2.9999" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="4.0" maxVersion="16.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p176"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="10.3" maxVersion="10.3.183.18.999" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p176"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="10.3" maxVersion="10.3.183.18.999" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p178"> <match name="filename" exp="(NPSWF[0-9_]*\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="11.0" maxVersion="11.7.700.169" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p178"> <match name="filename" exp="(NPSWF[0-9_]*\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="11.0" maxVersion="11.7.700.169" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p180"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 7 Update 0" maxVersion="Java 7 Update 11" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p182"> <match name="name" exp="Java$TM$ Platform SE 7 U([0-9]|(1[0-1]))(\s[^\d\._U]|$)" /> <match name="filename" exp="npjp2\.dll" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p184"> <match name="name" exp="Java$TM$ Plug-in 1\.7\.0(_0?([0-9]|(1[0-1]))?)?([^\d\._]|$)" /> <match name="filename" exp="libnpjp2\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p186"> <match name="name" exp="Java$TM$ Platform SE 6 U3[1-8](\s[^\d\._U]|$)" /> <match name="filename" exp="npjp2\.dll" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p188"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 6 Update 0" maxVersion="Java 6 Update 38" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p190"> <match name="name" exp="Java$TM$ Plug-in 1\.6\.0_3[1-8]([^\d\._]|$)" /> <match name="filename" exp="libnpjp2\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p210"> <match name="name" exp="Java$TM$ Plug-in 1\.7\.0(_0?7)?([^\d\._]|$)" /> <match name="filename" exp="libnpjp2\.so" /> <versionRange severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0.1" maxVersion="17.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p212"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 7 Update 07" maxVersion="Java 7 Update 07" severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0.1" maxVersion="17.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p214"> <match name="name" exp="Java$TM$ Platform SE 7 U7(\s[^\d\._U]|$)" /> <match name="filename" exp="npjp2\.dll" /> <versionRange severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="0.1" maxVersion="17.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p240"> <match name="filename" exp="DivXBrowserPlugin\.plugin" /> <versionRange minVersion="0" maxVersion="1.4" severity="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem os="Darwin" blockID="p242"> <match name="description" exp="Flip4Mac" /> <versionRange minVersion="0" maxVersion="2.4.3.999" severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="18.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p248"> <match name="filename" exp="Scorch\.plugin" /> <versionRange minVersion="0" maxVersion="6.2.0b88" severity="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p250"> <match name="filename" exp="npFoxitReaderPlugin\.dll" /> <versionRange minVersion="0" maxVersion="2.2.1.530" severity="0" vulnerabilitystatus="2"></versionRange> - </pluginItem> + </pluginItem> <pluginItem os="Darwin" blockID="p252"> <match name="filename" exp="AdobePDFViewerNPAPI\.plugin" /> <versionRange minVersion="11.0.0" maxVersion="11.0.01" severity="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p254"> <match name="filename" exp="PDF Browser Plugin\.plugin" /> <versionRange minVersion="0" maxVersion="2.4.2" severity="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="18.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p260"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="0" maxVersion="10.2.9999" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="18.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p260"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="0" maxVersion="10.2.9999" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p290"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="10.3.183.19" maxVersion="10.3.183.66" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p290"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="10.3.183.19" maxVersion="10.3.183.66" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p292"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 7 Update 12" maxVersion="Java 7 Update 15" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p294"> <match name="name" exp="Java$TM$ Platform SE 7 U1[2-5](\s[^\d\._U]|$)" /> <match name="filename" exp="npjp2\.dll" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p296"> <match name="name" exp="Java$TM$ Plug-in 1\.7\.0_1[2-5]([^\d\._]|$)" /> <match name="filename" exp="libnpjp2\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p298"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 6 Update 39" maxVersion="Java 6 Update 41" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p300"> <match name="name" exp="Java$TM$ Platform SE 6 U(39|40|41)(\s[^\d\._U]|$)" /> <match name="filename" exp="npjp2\.dll" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p302"> <match name="name" exp="Java$TM$ Plug-in 1\.6\.0_(39|40|41)([^\d\._]|$)" /> <match name="filename" exp="libnpjp2\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p328"> <match name="filename" exp="Silverlight\.plugin" /> <versionRange minVersion="5.1" maxVersion="5.1.20124.9999" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p328"> <match name="filename" exp="Silverlight\.plugin" /> <versionRange minVersion="5.1" maxVersion="5.1.20124.9999" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p330"> <match name="description" exp="^Shockwave Flash (([1-9]\.[0-9]+)|(10\.([0-2]|(3 r(([0-9][0-9]?)|1(([0-7][0-9])|8[0-2]))))))( |$)" /> <match name="filename" exp="libflashplayer\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p330"> <match name="description" exp="^Shockwave Flash (([1-9]\.[0-9]+)|(10\.([0-2]|(3 r(([0-9][0-9]?)|1(([0-7][0-9])|8[0-2]))))))( |$)" /> <match name="filename" exp="libflashplayer\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p332"> <match name="description" exp="^Shockwave Flash 11.(0|1) r[0-9]{1,3}$" /> <match name="filename" exp="libflashplayer\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p332"> <match name="description" exp="^Shockwave Flash 11.(0|1) r[0-9]{1,3}$" /> <match name="filename" exp="libflashplayer\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p366"> <match name="filename" exp="Scorch\.plugin" /> <versionRange minVersion="6.2.0" maxVersion="6.2.0" severity="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p408"> <match name="filename" exp="QuickTime Plugin\.plugin" /> <versionRange minVersion="0" maxVersion="7.6.5" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p410"> <match name="filename" exp="npqtplugin\.dll" /> <versionRange minVersion="0" maxVersion="7.7.3" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p412"> <match name="name" exp="Java$TM$ Plug-in 1\.6\.0_4[2-5]([^\d\._]|$)" /> <match name="filename" exp="libnpjp2\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p414"> <match name="name" exp="Java$TM$ Platform SE 6 U4[2-5](\s[^\d\._U]|$)" /> <match name="filename" exp="npjp2\.dll" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p416"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 6 Update 42" maxVersion="Java 6 Update 45" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p418"> <match name="name" exp="Java$TM$ Plug-in 1\.7\.0_(1[6-9]|2[0-4])([^\d\._]|$)" /> <match name="filename" exp="libnpjp2\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p420"> <match name="name" exp="Java$TM$ Platform SE 7 U(1[6-9]|2[0-4])(\s[^\d\._U]|$)" /> <match name="filename" exp="npjp2\.dll" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p422"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 7 Update 16" maxVersion="Java 7 Update 24" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p428"> <match name="filename" exp="np[dD]eployJava1\.dll" /> <versionRange severity="0" vulnerabilitystatus="2"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p456"> <match name="filename" exp="npvlc\.dll" /> <versionRange minVersion="0" maxVersion="2.0.5" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p457"> <match name="name" exp="Java($TM$)? Plug-in ((1\.7\.0_(2[5-9]|3\d|4[0-4]))|(10\.4[0-4](\.[0-9]+)?))([^\d\._]|$)" /> <match name="filename" exp="libnpjp2\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p458"> <match name="name" exp="Java$TM$ Platform SE 7 U(2[5-9]|3\d|4[0-4])(\s[^\d\._U]|$)" /> <match name="filename" exp="npjp2\.dll" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p459"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 7 Update 25" maxVersion="Java 7 Update 44" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p556"> <match name="filename" exp="npUnity3D32\.dll" /> <versionRange minVersion="0" maxVersion="4.3.4.99999999" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p558"> <match name="description" exp="^($|Unity Web Player version ([0-3]|(4\.([0-2]|3(\.[0-4])?[^0-9.]))))" /> <match name="filename" exp="Unity Web Player\.plugin" /> <versionRange severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p572"> <match name="filename" exp="npdjvu\.dll" /> <versionRange minVersion="0" maxVersion="6.1.4.27993" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p574"> <match name="filename" exp="NPDjVu\.plugin" /> <versionRange minVersion="0" maxVersion="6.1.1" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p592"> <match name="filename" exp="CiscoWebCommunicator\.plugin" /> <versionRange minVersion="0" maxVersion="3.0.5.99999999999999" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> <pluginItem blockID="p594"> <match name="filename" exp="npCiscoWebCommunicator\.dll" /> <versionRange minVersion="0" maxVersion="3.0.5.99999999999999" severity="0" vulnerabilitystatus="1"></versionRange> - </pluginItem> + </pluginItem> </pluginItems> <gfxItems>

1 0

[tor-browser/esr24] Bug 1033340 - uplift PSL changes to ESR 24, r=gerv, a=lsblakk
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 55559aca8b98a3a4bf49705f3eeba3630f970f71 Author: Gijs Kruitbosch <gijskruitbosch(a)gmail.com> Date: Tue Jul 8 15:02:49 2014 +0100 Bug 1033340 - uplift PSL changes to ESR 24, r=gerv, a=lsblakk --- netwerk/dns/effective_tld_names.dat | 2435 ++++++++++++++++++++++++++++------- netwerk/test/unit/data/test_psl.txt | 32 +- netwerk/test/unit/test_psl.js | 11 +- 3 files changed, 2008 insertions(+), 470 deletions(-) diff --git a/netwerk/dns/effective_tld_names.dat b/netwerk/dns/effective_tld_names.dat index ed1123b..c83fe0b 100644 --- a/netwerk/dns/effective_tld_names.dat +++ b/netwerk/dns/effective_tld_names.dat @@ -175,20 +175,21 @@ it.ao // aq : http://en.wikipedia.org/wiki/.aq aq -// ar : http://en.wikipedia.org/wiki/.ar -*.ar -!congresodelalengua3.ar -!educ.ar -!gobiernoelectronico.ar -!mecon.ar -!nacion.ar -!nic.ar -!promocion.ar -!retina.ar -!uba.ar +// ar : https://nic.ar/normativa-vigente.xhtml +ar +com.ar +edu.ar +gob.ar +gov.ar +int.ar +mil.ar +net.ar +org.ar +tur.ar // arpa : http://en.wikipedia.org/wiki/.arpa // Confirmed by registry <iana-questions(a)icann.org> 2008-06-18 +arpa e164.arpa in-addr.arpa ip6.arpa @@ -213,6 +214,7 @@ or.at // au : http://en.wikipedia.org/wiki/.au // http://www.auda.org.au/ +au // 2LDs com.au net.au @@ -243,10 +245,9 @@ sa.edu.au tas.edu.au vic.edu.au wa.edu.au -act.gov.au -// Removed at request of Shae.Donelan(a)services.nsw.gov.au, 2010-03-04 -// nsw.gov.au -nt.gov.au +// act.gov.au Bug 984824 - Removed at request of Greg Tankard +// nsw.gov.au Bug 547985 - Removed at request of <Shae.Donelan(a)services.nsw.gov.au> +// nt.gov.au Bug 940478 - Removed at request of Greg Connors <Greg.Connors(a)nt.gov.au> qld.gov.au sa.gov.au tas.gov.au @@ -291,6 +292,7 @@ rs.ba // bb : http://en.wikipedia.org/wiki/.bb bb biz.bb +co.bb com.bb edu.bb gov.bb @@ -298,6 +300,7 @@ info.bb net.bb org.bb store.bb +tv.bb // bd : http://en.wikipedia.org/wiki/.bd *.bd @@ -349,7 +352,7 @@ z.bg 6.bg 7.bg 8.bg -9.bg +9.bg // bh : http://en.wikipedia.org/wiki/.bh bh @@ -400,8 +403,8 @@ net.bo mil.bo tv.bo -// br : http://registro.br/dominio/dpn.html -// Updated by registry <fneves(a)registro.br> 2011-03-01 +// br : http://registro.br/dominio/categoria.html +// Submitted by registry <fneves(a)registro.br> 2014-03-04 br adm.br adv.br @@ -446,6 +449,7 @@ lel.br mat.br med.br mil.br +mp.br mus.br net.br nom.br @@ -491,6 +495,7 @@ org.bt // bv : No registrations at this time. // Submitted by registry <jarle(a)uninett.no> 2006-06-16 +bv // bw : http://en.wikipedia.org/wiki/.bw // http://www.gobin.info/domainname/bw.doc @@ -593,9 +598,12 @@ gob.cl co.cl mil.cl -// cm : http://en.wikipedia.org/wiki/.cm +// cm : http://en.wikipedia.org/wiki/.cm plus bug 981927 cm +co.cm +com.cm gov.cm +net.cm // cn : http://en.wikipedia.org/wiki/.cn // Submitted by registry <tanyaling(a)cnnic.cn> 2008-06-11 @@ -787,7 +795,7 @@ org.ee fie.ee // eg : http://en.wikipedia.org/wiki/.eg -eg +eg com.eg edu.eg eun.eg @@ -810,7 +818,14 @@ gob.es edu.es // et : http://en.wikipedia.org/wiki/.et -*.et +et +com.et +gov.et +org.et +edu.et +biz.et +name.et +info.et // eu : http://en.wikipedia.org/wiki/.eu eu @@ -869,6 +884,7 @@ ga // gb : This registry is effectively dormant // Submitted by registry <Damien.Shaw(a)ja.net> 2008-06-12 +gb // gd : http://en.wikipedia.org/wiki/.gd gd @@ -886,13 +902,12 @@ pvt.ge // gf : http://en.wikipedia.org/wiki/.gf gf -// gg : http://www.channelisles.net/applic/avextn.shtml +// gg : http://www.channelisles.net/register-domains/ +// Confirmed by registry <nigel(a)channelisles.net> 2013-11-28 gg co.gg -org.gg net.gg -sch.gg -gov.gg +org.gg // gh : http://en.wikipedia.org/wiki/.gh // see also: http://www.nic.gh/reg_now.php @@ -923,6 +938,7 @@ gm // gn : http://psg.com/dns/gn/gn.txt // Submitted by registry <randy(a)psg.com> 2008-06-17 +gn ac.gn com.gn edu.gn @@ -1003,7 +1019,7 @@ org.hk 网絡.hk 组织.hk 組織.hk -組织.hk +組织.hk // hm : http://en.wikipedia.org/wiki/.hm hm @@ -1084,6 +1100,7 @@ id ac.id biz.id co.id +desa.id go.id mil.id my.id @@ -1099,16 +1116,18 @@ gov.ie // il : http://en.wikipedia.org/wiki/.il *.il -// im : https://www.nic.im/pdfs/imfaqs.pdf +// im : https://www.nic.im/ +// Submitted by registry <info(a)nic.im> 2013-11-15 im +ac.im co.im +com.im ltd.co.im -plc.co.im net.im -gov.im org.im -nic.im -ac.im +plc.co.im +tt.im +tv.im // in : http://en.wikipedia.org/wiki/.in // see also: http://www.inregistry.in/policies/ @@ -1180,294 +1199,385 @@ int.is it gov.it edu.it -// list of reserved geo-names : +// Reserved geo-names: // http://www.nic.it/documenti/regolamenti-e-linee-guida/regolamento-assegnazi… -// (There is also a list of reserved geo-names corresponding to Italian -// municipalities : http://www.nic.it/documenti/appendice-c.pdf , but it is -// not included here.) -agrigento.it +// There is also a list of reserved geo-names corresponding to Italian municipalities +// http://www.nic.it/documenti/appendice-c.pdf, but it is not included here. +// Regions +abr.it +abruzzo.it +aosta-valley.it +aostavalley.it +bas.it +basilicata.it +cal.it +calabria.it +cam.it +campania.it +emilia-romagna.it +emiliaromagna.it +emr.it +friuli-v-giulia.it +friuli-ve-giulia.it +friuli-vegiulia.it +friuli-venezia-giulia.it +friuli-veneziagiulia.it +friuli-vgiulia.it +friuliv-giulia.it +friulive-giulia.it +friulivegiulia.it +friulivenezia-giulia.it +friuliveneziagiulia.it +friulivgiulia.it +fvg.it +laz.it +lazio.it +lig.it +liguria.it +lom.it +lombardia.it +lombardy.it +lucania.it +mar.it +marche.it +mol.it +molise.it +piedmont.it +piemonte.it +pmn.it +pug.it +puglia.it +sar.it +sardegna.it +sardinia.it +sic.it +sicilia.it +sicily.it +taa.it +tos.it +toscana.it +trentino-a-adige.it +trentino-aadige.it +trentino-alto-adige.it +trentino-altoadige.it +trentino-s-tirol.it +trentino-stirol.it +trentino-sud-tirol.it +trentino-sudtirol.it +trentino-sued-tirol.it +trentino-suedtirol.it +trentinoa-adige.it +trentinoaadige.it +trentinoalto-adige.it +trentinoaltoadige.it +trentinos-tirol.it +trentinostirol.it +trentinosud-tirol.it +trentinosudtirol.it +trentinosued-tirol.it +trentinosuedtirol.it +tuscany.it +umb.it +umbria.it +val-d-aosta.it +val-daosta.it +vald-aosta.it +valdaosta.it +valle-aosta.it +valle-d-aosta.it +valle-daosta.it +valleaosta.it +valled-aosta.it +valledaosta.it +vallee-aoste.it +valleeaoste.it +vao.it +vda.it +ven.it +veneto.it +// Provinces ag.it -alessandria.it +agrigento.it al.it -ancona.it +alessandria.it +alto-adige.it +altoadige.it an.it +ancona.it +andria-barletta-trani.it +andria-trani-barletta.it +andriabarlettatrani.it +andriatranibarletta.it +ao.it aosta.it aoste.it -ao.it -arezzo.it +ap.it +aq.it +aquila.it ar.it +arezzo.it ascoli-piceno.it ascolipiceno.it -ap.it asti.it at.it -avellino.it av.it -bari.it +avellino.it ba.it -andria-barletta-trani.it -andriabarlettatrani.it -trani-barletta-andria.it -tranibarlettaandria.it +balsan.it +bari.it barletta-trani-andria.it barlettatraniandria.it -andria-trani-barletta.it -andriatranibarletta.it -trani-andria-barletta.it -traniandriabarletta.it -bt.it belluno.it -bl.it benevento.it -bn.it bergamo.it bg.it -biella.it bi.it -bologna.it +biella.it +bl.it +bn.it bo.it +bologna.it bolzano.it bozen.it -balsan.it -alto-adige.it -altoadige.it -suedtirol.it -bz.it +br.it brescia.it -bs.it brindisi.it -br.it -cagliari.it +bs.it +bt.it +bz.it ca.it +cagliari.it caltanissetta.it -cl.it +campidano-medio.it +campidanomedio.it campobasso.it -cb.it -carboniaiglesias.it carbonia-iglesias.it -iglesias-carbonia.it -iglesiascarbonia.it -ci.it +carboniaiglesias.it +carrara-massa.it +carraramassa.it caserta.it -ce.it catania.it -ct.it catanzaro.it -cz.it -chieti.it +cb.it +ce.it +cesena-forli.it +cesenaforli.it ch.it -como.it +chieti.it +ci.it +cl.it +cn.it co.it +como.it cosenza.it -cs.it -cremona.it cr.it +cremona.it crotone.it -kr.it +cs.it +ct.it cuneo.it -cn.it +cz.it dell-ogliastra.it dellogliastra.it -ogliastra.it -og.it -enna.it en.it -ferrara.it +enna.it +fc.it fe.it fermo.it -fm.it +ferrara.it +fg.it +fi.it firenze.it florence.it -fi.it +fm.it foggia.it -fg.it forli-cesena.it forlicesena.it -cesena-forli.it -cesenaforli.it -fc.it -frosinone.it fr.it -genova.it -genoa.it +frosinone.it ge.it -gorizia.it +genoa.it +genova.it go.it -grosseto.it +gorizia.it gr.it -imperia.it +grosseto.it +iglesias-carbonia.it +iglesiascarbonia.it im.it -isernia.it +imperia.it is.it -laquila.it -aquila.it -aq.it +isernia.it +kr.it la-spezia.it +laquila.it laspezia.it -sp.it latina.it -lt.it -lecce.it +lc.it le.it +lecce.it lecco.it -lc.it -livorno.it li.it -lodi.it +livorno.it lo.it -lucca.it +lodi.it +lt.it lu.it +lucca.it macerata.it -mc.it mantova.it -mn.it massa-carrara.it massacarrara.it -carrara-massa.it -carraramassa.it -ms.it matera.it -mt.it +mb.it +mc.it +me.it medio-campidano.it mediocampidano.it -campidano-medio.it -campidanomedio.it -vs.it messina.it -me.it -milano.it -milan.it mi.it -modena.it +milan.it +milano.it +mn.it mo.it -monza.it +modena.it monza-brianza.it +monza-e-della-brianza.it +monza.it monzabrianza.it monzaebrianza.it monzaedellabrianza.it -monza-e-della-brianza.it -mb.it -napoli.it -naples.it +ms.it +mt.it na.it -novara.it +naples.it +napoli.it no.it -nuoro.it +novara.it nu.it -oristano.it +nuoro.it +og.it +ogliastra.it +olbia-tempio.it +olbiatempio.it or.it +oristano.it +ot.it +pa.it padova.it padua.it -pd.it palermo.it -pa.it parma.it -pr.it pavia.it -pv.it -perugia.it -pg.it -pescara.it +pc.it +pd.it pe.it +perugia.it pesaro-urbino.it pesarourbino.it -urbino-pesaro.it -urbinopesaro.it -pu.it +pescara.it +pg.it +pi.it piacenza.it -pc.it pisa.it -pi.it pistoia.it -pt.it -pordenone.it pn.it +po.it +pordenone.it potenza.it -pz.it +pr.it prato.it -po.it +pt.it +pu.it +pv.it +pz.it +ra.it ragusa.it -rg.it ravenna.it -ra.it -reggio-calabria.it -reggiocalabria.it rc.it +re.it +reggio-calabria.it reggio-emilia.it +reggiocalabria.it reggioemilia.it -re.it -rieti.it +rg.it ri.it +rieti.it rimini.it +rm.it rn.it +ro.it roma.it rome.it -rm.it rovigo.it -ro.it -salerno.it sa.it +salerno.it sassari.it -ss.it savona.it -sv.it -siena.it si.it +siena.it siracusa.it -sr.it -sondrio.it so.it -taranto.it +sondrio.it +sp.it +sr.it +ss.it +suedtirol.it +sv.it ta.it +taranto.it +te.it tempio-olbia.it tempioolbia.it -olbia-tempio.it -olbiatempio.it -ot.it teramo.it -te.it terni.it -tr.it +tn.it +to.it torino.it -turin.it -to.it -trapani.it tp.it -trento.it +tr.it +trani-andria-barletta.it +trani-barletta-andria.it +traniandriabarletta.it +tranibarlettaandria.it +trapani.it trentino.it -tn.it +trento.it treviso.it -tv.it trieste.it ts.it -udine.it +turin.it +tv.it ud.it -varese.it +udine.it +urbino-pesaro.it +urbinopesaro.it va.it +varese.it +vb.it +vc.it +ve.it venezia.it venice.it -ve.it verbania.it -vb.it vercelli.it -vc.it verona.it -vr.it +vi.it vibo-valentia.it vibovalentia.it -vv.it vicenza.it -vi.it viterbo.it +vr.it +vs.it vt.it +vv.it -// je : http://www.channelisles.net/applic/avextn.shtml +// je : http://www.channelisles.net/register-domains/ +// Confirmed by registry <nigel(a)channelisles.net> 2013-11-28 je co.je -org.je net.je -sch.je -gov.je +org.je // jm : http://www.com.jm/register.html *.jm @@ -1488,7 +1598,7 @@ jobs // jp : http://en.wikipedia.org/wiki/.jp // http://jprs.co.jp/en/jpdomain.html -// Updated by registry <info(a)jprs.jp> 2012-05-28 +// Submitted by registry <info(a)jprs.jp> 2014-02-28 jp // jp organizational type names ac.jp @@ -1592,7 +1702,6 @@ konan.aichi.jp kota.aichi.jp mihama.aichi.jp miyoshi.aichi.jp -nagakute.aichi.jp nishio.aichi.jp nisshin.aichi.jp obu.aichi.jp @@ -2264,7 +2373,6 @@ rikuzentakata.iwate.jp shiwa.iwate.jp shizukuishi.iwate.jp sumita.iwate.jp -takizawa.iwate.jp tanohata.iwate.jp tono.iwate.jp yahaba.iwate.jp @@ -3302,6 +3410,7 @@ edu.kn gov.kn // kp : http://www.kcce.kp/en_index.php +kp com.kp edu.kp gov.kp @@ -3379,6 +3488,7 @@ org.la // lb : http://en.wikipedia.org/wiki/.lb // Submitted by registry <randy(a)psg.com> 2008-06-17 +lb com.lb edu.lb gov.lb @@ -3417,6 +3527,7 @@ hotel.lk // lr : http://psg.com/dns/lr/lr.txt // Submitted by registry <randy(a)psg.com> 2008-06-17 +lr com.lr edu.lr gov.lr @@ -3559,11 +3670,21 @@ mq mr gov.mr -// ms : http://en.wikipedia.org/wiki/.ms +// ms : http://www.nic.ms/pdf/MS_Domain_Name_Rules.pdf ms - -// mt : https://www.nic.org.mt/dotmt/ -*.mt +com.ms +edu.ms +gov.ms +net.ms +org.ms + +// mt : https://www.nic.org.mt/go/policy +// Submitted by registry <help(a)nic.org.mt> 2013-11-19 +mt +com.mt +edu.mt +net.mt +org.mt // mu : http://en.wikipedia.org/wiki/.mu mu @@ -4230,13 +4351,16 @@ other.nf store.nf // ng : http://psg.com/dns/ng/ -// Submitted by registry <randy(a)psg.com> 2008-06-17 -ac.ng +ng com.ng edu.ng -gov.ng +name.ng net.ng org.ng +sch.ng +gov.ng +mil.ng +mobi.ng // ni : http://www.nic.ni/dominios.htm *.ni @@ -4252,7 +4376,7 @@ bv.nl // no : http://www.norid.no/regelverk/index.en.html // The Norwegian registry has declined to notify us of updates. The web pages // referenced below are the official source of the data. There is also an -// announce mailing list: +// announce mailing list: // https://postlister.uninett.no/sympa/info/norid-diskusjon no // Norid generic domains : http://www.norid.no/regelverk/vedlegg-c.en.html @@ -5034,20 +5158,36 @@ com.nr nu // nz : http://en.wikipedia.org/wiki/.nz -*.nz +// Confirmed by registry <jay(a)nzrs.net.nz> 2014-05-19 +nz +ac.nz +co.nz +cri.nz +geek.nz +gen.nz +govt.nz +health.nz +iwi.nz +kiwi.nz +maori.nz +mil.nz +māori.nz +net.nz +org.nz +parliament.nz +school.nz // om : http://en.wikipedia.org/wiki/.om -*.om -!mediaphone.om -!nawrastelecom.om -!nawras.om -!omanmobile.om -!omanpost.om -!omantel.om -!rakpetroleum.om -!siemens.om -!songfest.om -!statecouncil.om +om +co.om +com.om +edu.om +gov.om +med.om +museum.om +net.om +org.om +pro.om // org : http://en.wikipedia.org/wiki/.org org @@ -5502,7 +5642,6 @@ oryol.ru palana.ru penza.ru perm.ru -pskov.ru ptz.ru rnd.ru ryazan.ru @@ -5622,7 +5761,7 @@ gov.sd info.sd // se : http://en.wikipedia.org/wiki/.se -// Submitted by registry <Patrik.Wallstrom(a)iis.se> 2008-06-24 +// Submitted by registry <patrik.wallstrom(a)iis.se> 2014-03-18 se a.se ac.se @@ -5656,7 +5795,6 @@ pp.se press.se r.se s.se -sshn.se t.se tm.se u.se @@ -5687,6 +5825,7 @@ si // sj : No registrations at this time. // Submitted by registry <jarle(a)uninett.no> 2008-06-16 +sj // sk : http://en.wikipedia.org/wiki/.sk // list of 2nd level domains ? @@ -5741,8 +5880,13 @@ store.st // su : http://en.wikipedia.org/wiki/.su su -// sv : http://www.svnet.org.sv/svpolicy.html -*.sv +// sv : http://www.svnet.org.sv/niveldos.pdf +sv +com.sv +edu.sv +gob.sv +org.sv +red.sv // sx : http://en.wikipedia.org/wiki/.sx // Confirmed by registry <jcvignes(a)openregistry.com> 2012-05-31 @@ -5864,6 +6008,10 @@ org.to edu.to mil.to +// tp : No registrations at this time. +// Submitted by Ryan Sleevi <ryan.sleevi(a)gmail.com> 2014-01-03 +tp + // tr : http://en.wikipedia.org/wiki/.tr *.tr !nic.tr @@ -5917,6 +6065,7 @@ club.tw // tz : http://www.tznic.or.tz/index.php/domains // Confirmed by registry <manager(a)tznic.or.tz> 2013-01-22 +tz ac.tz co.tz go.tz @@ -6029,19 +6178,19 @@ com.ug org.ug // uk : http://en.wikipedia.org/wiki/.uk -// Submitted by registry <noc(a)nominet.org.uk> 2012-10-02 -// and tweaked by us pending further consultation. -*.uk +// Submitted by registry <Michael.Daly(a)nominet.org.uk> +uk +ac.uk +co.uk +gov.uk +ltd.uk +me.uk +net.uk +nhs.uk +org.uk +plc.uk +police.uk *.sch.uk -!bl.uk -!british-library.uk -!jet.uk -!mod.uk -!national-library-scotland.uk -!nel.uk -!nic.uk -!nls.uk -!parliament.uk // us : http://en.wikipedia.org/wiki/.us us @@ -6125,7 +6274,7 @@ k12.de.us k12.fl.us k12.ga.us k12.gu.us -// k12.hi.us Hawaii has a state-wide DOE login: bug 614565 +// k12.hi.us Bug 614565 - Hawaii has a state-wide DOE login k12.ia.us k12.id.us k12.il.us @@ -6156,7 +6305,7 @@ k12.pa.us k12.pr.us k12.ri.us k12.sc.us -k12.sd.us +// k12.sd.us Bug 934131 - Removed at request of James Booze <James.Booze(a)k12.sd.us> k12.tn.us k12.tx.us k12.ut.us @@ -6165,7 +6314,7 @@ k12.vt.us k12.va.us k12.wa.us k12.wi.us -k12.wv.us +// k12.wv.us Bug 947705 - Removed at request of Verne Britton <verne(a)wvnet.edu> k12.wy.us cc.ak.us @@ -6277,316 +6426,1610 @@ lib.vt.us lib.va.us lib.wa.us lib.wi.us -lib.wv.us +// lib.wv.us Bug 941670 - Removed at request of Larry W Arnold <arnold(a)wvlc.lib.wv.us> lib.wy.us -// k12.ma.us contains school districts in Massachusetts. The 4LDs are -// managed indepedently except for private (PVT), charter (CHTR) and -// parochial (PAROCH) schools. Those are delegated dorectly to the -// 5LD operators. <k12-ma-hostmaster _ at _ rsuc.gweep.net> -pvt.k12.ma.us -chtr.k12.ma.us -paroch.k12.ma.us +// k12.ma.us contains school districts in Massachusetts. The 4LDs are +// managed indepedently except for private (PVT), charter (CHTR) and +// parochial (PAROCH) schools. Those are delegated dorectly to the +// 5LD operators. <k12-ma-hostmaster _ at _ rsuc.gweep.net> +pvt.k12.ma.us +chtr.k12.ma.us +paroch.k12.ma.us + +// uy : http://www.nic.org.uy/ +uy +com.uy +edu.uy +gub.uy +mil.uy +net.uy +org.uy + +// uz : http://www.reg.uz/ +uz +co.uz +com.uz +net.uz +org.uz + +// va : http://en.wikipedia.org/wiki/.va +va + +// vc : http://en.wikipedia.org/wiki/.vc +// Submitted by registry <kshah(a)ca.afilias.info> 2008-06-13 +vc +com.vc +net.vc +org.vc +gov.vc +mil.vc +edu.vc + +// ve : https://registro.nic.ve/ +// Confirmed by registry 2012-10-04 +// Updated 2014-05-20 - Bug 940478 +ve +arts.ve +co.ve +com.ve +e12.ve +edu.ve +firm.ve +gob.ve +gov.ve +info.ve +int.ve +mil.ve +net.ve +org.ve +rec.ve +store.ve +tec.ve +web.ve + +// vg : http://en.wikipedia.org/wiki/.vg +vg + +// vi : http://www.nic.vi/newdomainform.htm +// http://www.nic.vi/Domain_Rules/body_domain_rules.html indicates some other +// TLDs are "reserved", such as edu.vi and gov.vi, but doesn't actually say they +// are available for registration (which they do not seem to be). +vi +co.vi +com.vi +k12.vi +net.vi +org.vi + +// vn : https://www.dot.vn/vnnic/vnnic/domainregistration.jsp +vn +com.vn +net.vn +org.vn +edu.vn +gov.vn +int.vn +ac.vn +biz.vn +info.vn +name.vn +pro.vn +health.vn + +// vu : http://en.wikipedia.org/wiki/.vu +// http://www.vunic.vu/ +vu +com.vu +edu.vu +net.vu +org.vu + +// wf : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf +wf + +// ws : http://en.wikipedia.org/wiki/.ws +// http://samoanic.ws/index.dhtml +ws +com.ws +net.ws +org.ws +gov.ws +edu.ws + +// yt : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf +yt + +// IDN ccTLDs +// Please sort by ISO 3166 ccTLD, then punicode string +// when submitting patches and follow this format: +// <Punicode> ("<english word>" <language>) : <ISO 3166 ccTLD> +// [optional sponsoring org] +// <URL> + +// xn--mgbaam7a8h ("Emerat" Arabic) : AE +// http://nic.ae/english/arabicdomain/rules.jsp +امارات + +// xn--54b7fta0cc ("Bangla" Bangla) : BD +বাংলা + +// xn--fiqs8s ("China" Chinese-Han-Simplified <.Zhongguo>) : CN +// CNNIC +// http://cnnic.cn/html/Dir/2005/10/11/3218.htm +中国 + +// xn--fiqz9s ("China" Chinese-Han-Traditional <.Zhongguo>) : CN +// CNNIC +// http://cnnic.cn/html/Dir/2005/10/11/3218.htm +中國 + +// xn--lgbbat1ad8j ("Algeria / Al Jazair" Arabic) : DZ +الجزائر + +// xn--wgbh1c ("Egypt" Arabic .masr) : EG +// http://www.dotmasr.eg/ +مصر + +// xn--node ("ge" Georgian (Mkhedruli)) : GE +გე + +// xn--j6w193g ("Hong Kong" Chinese-Han) : HK +// https://www2.hkirc.hk/register/rules.jsp +香港 + +// xn--h2brj9c ("Bharat" Devanagari) : IN +// India +भारत + +// xn--mgbbh1a71e ("Bharat" Arabic) : IN +// India +بھارت + +// xn--fpcrj9c3d ("Bharat" Telugu) : IN +// India +భారత్ + +// xn--gecrj9c ("Bharat" Gujarati) : IN +// India +ભારત + +// xn--s9brj9c ("Bharat" Gurmukhi) : IN +// India +ਭਾਰਤ + +// xn--45brj9c ("Bharat" Bengali) : IN +// India +ভারত + +// xn--xkc2dl3a5ee0h ("India" Tamil) : IN +// India +இந்தியா + +// xn--mgba3a4f16a ("Iran" Persian) : IR +ایران + +// xn--mgba3a4fra ("Iran" Arabic) : IR +ايران + +// xn--mgbayh7gpa ("al-Ordon" Arabic) : JO +// National Information Technology Center (NITC) +// Royal Scientific Society, Al-Jubeiha +الاردن + +// xn--3e0b707e ("Republic of Korea" Hangul) : KR +한국 + +// xn--80ao21a ("Kaz" Kazakh) : KZ +қаз + +// xn--fzc2c9e2c ("Lanka" Sinhalese-Sinhala) : LK +// http://nic.lk +ලංකා + +// xn--xkc2al3hye2a ("Ilangai" Tamil) : LK +// http://nic.lk +இலங்கை + +// xn--mgbc0a9azcg ("Morocco / al-Maghrib" Arabic) : MA +المغرب + +// xn--l1acc ("mon" Mongolian) : MN +мон + +// xn--mgbx4cd0ab ("Malaysia" Malay) : MY +مليسيا + +// xn--mgb9awbf ("Oman" Arabic) : OM +عمان + +// xn--ygbi2ammx ("Falasteen" Arabic) : PS +// The Palestinian National Internet Naming Authority (PNINA) +// http://www.pnina.ps +فلسطين + +// xn--90a3ac ("srb" Cyrillic) : RS +// http://www.rnids.rs/en/the-.срб-domain +срб +пр.срб +орг.срб +обр.срб +од.срб +упр.срб +ак.срб + +// xn--p1ai ("rf" Russian-Cyrillic) : RU +// http://www.cctld.ru/en/docs/rulesrf.php +рф + +// xn--wgbl6a ("Qatar" Arabic) : QA +// http://www.ict.gov.qa/ +قطر + +// xn--mgberp4a5d4ar ("AlSaudiah" Arabic) : SA +// http://www.nic.net.sa/ +السعودية + +// xn--mgberp4a5d4a87g ("AlSaudiah" Arabic) variant : SA +السعودیة + +// xn--mgbqly7c0a67fbc ("AlSaudiah" Arabic) variant : SA +السعودیۃ + +// xn--mgbqly7cvafr ("AlSaudiah" Arabic) variant : SA +السعوديه + +// xn--ogbpf8fl ("Syria" Arabic) : SY +سورية + +// xn--mgbtf8fl ("Syria" Arabic) variant : SY +سوريا + +// xn--yfro4i67o Singapore ("Singapore" Chinese-Han) : SG +新加坡 + +// xn--clchc0ea0b2g2a9gcd ("Singapore" Tamil) : SG +சிங்கப்பூர் + +// xn--o3cw4h ("Thai" Thai) : TH +// http://www.thnic.co.th +ไทย + +// xn--pgbs0dh ("Tunis") : TN +// http://nic.tn +تونس + +// xn--kpry57d ("Taiwan" Chinese-Han-Traditional) : TW +// http://www.twnic.net/english/dn/dn_07a.htm +台灣 + +// xn--kprw13d ("Taiwan" Chinese-Han-Simplified) : TW +// http://www.twnic.net/english/dn/dn_07a.htm +台湾 + +// xn--nnx388a ("Taiwan") variant : TW +臺灣 + +// xn--j1amh ("ukr" Cyrillic) : UA +укр + +// xn--mgb2ddes ("AlYemen" Arabic) : YE +اليمن + +// xxx : http://icmregistry.com +xxx + +// ye : http://www.y.net.ye/services/domain_name.htm +*.ye + +// za : http://www.zadna.org.za/slds.html +*.za + +// zm : http://en.wikipedia.org/wiki/.zm +*.zm + +// zw : http://en.wikipedia.org/wiki/.zw +*.zw + + +// xn--80asehdb : 2013-07-14 CORE Association +онлайн + +// xn--80aswg : 2013-07-14 CORE Association +сайт + +// xn--ngbc5azd : 2013-07-14 International Domain Registry Pty. Ltd. +شبكة + +// xn--unup4y : 2013-07-14 Spring Fields, LLC +游戏 + +// xn--vhquv : 2013-08-28 Dash McCook, LLC +企业 + +// camera : 2013-08-28 Atomic Maple, LLC +camera + +// clothing : 2013-08-28 Steel Lake, LLC +clothing + +// lighting : 2013-08-28 John McCook, LLC +lighting + +// singles : 2013-08-28 Fern Madison, LLC +singles + +// ventures : 2013-08-28 Binky Lake, LLC +ventures + +// voyage : 2013-08-28 Ruby House, LLC +voyage + +// guru : 2013-08-28 Pioneer Cypress, LLC +guru + +// holdings : 2013-08-28 John Madison, LLC +holdings + +// equipment : 2013-08-28 Corn Station, LLC +equipment + +// bike : 2013-08-28 Grand Hollow, LLC +bike + +// estate : 2013-08-28 Trixy Park, LLC +estate + +// tattoo : 2013-08-30 Uniregistry,Corp. +tattoo + +// xn--3ds443g : 2013-09-09 TLD Registry Limited +在线 + +// xn--fiq228c5hs : 2013-09-09 TLD Registry Limited +中文网 + +// land : 2013-09-10 Pine Moon, LLC +land + +// plumbing : 2013-09-10 Spring Tigers, LLC +plumbing + +// contractors : 2013-09-10 Magic Woods, LLC +contractors + +// sexy : 2013-09-11 Uniregistry,Corp. +sexy + +// menu : 2013-09-11 Wedding TLD2, LLC +menu + +// xn--rhqv96g : 2013-09-11 Stable Tone Limited +世界 + +// uno : 2013-09-11 Dot Latin, LLC +uno + +// gallery : 2013-09-13 Sugar House, LLC +gallery + +// technology : 2013-09-13 Auburn Falls +technology + +// xn--3bst00m : 2013-09-13 Eagle Horizon Limited +集团 + +// reviews : 2013-09-13 Extra Cover, LLC +reviews + +// guide : 2013-09-13 Snow Moon, LLC +guide + +// xn--6qq986b3x1 : 2013-09-13 Tycoon Treasure Limited +我爱你 + +// graphics : 2013-09-13 Over Madison, LLC +graphics + +// construction : 2013-09-13 Fox Dynamite, LLC +construction + +// onl : 2013-09-16 I-Registry Ltd. +onl + +// xn--q9jyb4c : 2013-09-17 Charleston Road Registry +みんな + +// diamonds : 2013-09-23 John Edge, LLC +diamonds + +// kiwi : 2013-09-23 Dot Kiwi Limited +kiwi + +// enterprises : 2013-09-23 Snow Oaks LLC +enterprises + +// today : 2013-09-23 Pearl Woods, LLC +today + +// futbol : 2013-09-23 Atomic Falls, LLC +futbol + +// photography : 2013-09-23 Sugar Glen, LLC +photography + +// tips : 2013-09-23 Corn Willow, LLC +tips + +// directory : 2013-09-23 Extra Madison, LLC +directory + +// kitchen : 2013-09-23 Just Goodbye, LLC +kitchen + +// xn--6frz82g : 2013-09-24 Afilias Limited +移动 + +// kim : 2013-09-24 Afilias Limited +kim + +// xn--cg4bki : 2013-09-27 Samsung SDS Co., LTD +삼성 + +// monash : 2013-10-01 Monash University +monash + +// wed : 2013-10-02 Atgron, Inc. +wed + +// pink : 2013-10-02 Afilias Limited +pink + +// ruhr : 2013-10-02 regiodot GmbH & Co. KG +ruhr + +// buzz : 2013-10-03 DOTSTRATEGY CO. +buzz + +// careers : 2013-10-03 Wild Corner, LLC +careers + +// shoes : 2013-10-03 Binky Galley, LLC +shoes + +// xn--4gbrim : 2013-10-07 Suhub Electronic Establishment +موقع + +// career : 2013-10-09 dotCareer, LLC +career + +// otsuka : 2013-10-11 Otsuka Holdings Co. Ltd. +otsuka + +// xn--fiQ64b : 2013-10-14 CITIC Group Corporation +中信 + +// gift : 2013-10-18 Uniregistry Corp. +gift + +// recipes : 2013-10-18 Grand Island, LLC +recipes + +// coffee : 2013-10-18 Trixy Cover, LLC +coffee + +// luxury : 2013-10-18 Luxury Partners, LLC +luxury + +// domains : 2013-10-18 Sugar Cross, LLC +domains + +// photos : 2013-10-18 Sea Corner, LLC +photos + +// limo : 2013-10-18 Hidden Frostbite, LLC +limo + +// viajes : 2013-10-18 Black Madison, LLC +viajes + +// wang : 2013-10-24 Zodiac Leo Limited +wang + +// democrat : 2013-10-24 United TLD Holdco Ltd. +democrat + +// mango : 2013-10-25 PUNTO FA S.L. +mango + +// cab : 2013-10-25 Half Sunset, LLC +cab + +// support : 2013-10-25 Grand Orchard, LLC +support + +// dance : 2013-10-25 United TLD Holdco Ltd. +dance + +// nagoya : 2013-10-25 GMO Registry, Inc. +nagoya + +// computer : 2013-10-25 Pine Mill, LLC +computer + +// wien : 2013-10-28 punkt.wien GmbH +wien + +// berlin : 2013-10-31 dotBERLIN GmbH & Co. KG +berlin + +// codes : 2013-10-31 Puff Willow, LLC +codes + +// email : 2013-10-31 Spring Madison, LLC +email + +// xn--mgbab2bd : 2013-10-31 CORE Association +بازار + +// repair : 2013-11-07 Lone Sunset, LLC +repair + +// holiday : 2013-11-07 Goose Woods, LLC +holiday + +// center : 2013-11-07 Tin Mill, LLC +center + +// systems : 2013-11-07 Dash Cypress, LLC +systems + +// wiki : 2013-11-07 Top Level Design, LLC +wiki + +// ceo : 2013-11-07 CEOTLD Pty Ltd +ceo + +// international : 2013-11-07 Wild Way, LLC +international + +// solar : 2013-11-07 Ruby Town, LLC +solar + +// company : 2013-11-07 Silver Avenue, LLC +company + +// education : 2013-11-07 Brice Way, LLC +education + +// training : 2013-11-07 Wild Willow, LLC +training + +// academy : 2013-11-07 Half Oaks, LLC +academy + +// marketing : 2013-11-07 Fern Pass, LLC +marketing + +// florist : 2013-11-08 Half Cypress, LLC +florist + +// solutions : 2013-11-07 Silver Cover, LLC +solutions + +// build : 2013-11-07 Plan Bee LLC +build + +// institute : 2013-11-07 Outer Maple, LLC +institute + +// builders : 2013-11-07 Atomic Madison, LLC +builders + +// red : 2013-11-07 Afilias Limited +red + +// blue : 2013-11-07 Afilias Limited +blue + +// ninja : 2013-11-07 United TLD Holdco Ltd. +ninja + +// business : 2013-11-07 Spring Cross, LLC +business + +// gal : 2013-11-07 Asociación puntoGAL +gal + +// social : 2013-11-07 United TLD Holdco Ltd. +social + +// house : 2013-11-07 Sugar Park, LLC +house + +// camp : 2013-11-07 Delta Dynamite, LLC +camp + +// immobilien : 2013-11-07 United TLD Holdco Ltd. +immobilien + +// moda : 2013-11-07 United TLD Holdco Ltd. +moda + +// glass : 2013-11-07 Black Cover, LLC +glass + +// management : 2013-11-07 John Goodbye, LLC +management + +// kaufen : 2013-11-07 United TLD Holdco Ltd. +kaufen + +// farm : 2013-11-07 Just Maple, LLC +farm + +// xn--55qw42g : 2013-11-08 China Organizational Name Administration Center +公益 + +// xn--zfr164b : 2013-11-08 China Organizational Name Administration Center +政务 + +// club : 2013-11-08 .CLUB DOMAINS, LLC +club + +// voting : 2013-11-13 Valuetainment Corp. +voting + +// TOKYO : 2013-11-13 GMO Registry, Inc. +tokyo + +// moe : 2013-11-13 Interlink Co., Ltd. +moe + +// guitars : 2013-11-14 Uniregistry, Corp. +guitars + +// bargains : 2013-11-14 Half Hallow, LLC +bargains + +// xn--nqv7fs00ema : 2013-11-14 Public Interest Registry +组织机构 + +// desi : 2013-11-14 Desi Networks LLC +desi + +// cool : 2013-11-14 Koko Lake, LLC +cool + +// boutique : 2013-11-14 Over Galley, LLC +boutique + +// pics : 2013-11-14 Uniregistry, Corp. +pics + +// xn--c1avg : 2013-11-14 Public Interest Registry +орг + +// xn--55qx5d : 2013-11-14 Computer Network Information Center of Chinese Academy of Sciences （China Internet Network Information Center） +公司 + +// xn--io0a7i : 2013-11-14 Computer Network Information Center of Chinese Academy of Sciences （China Internet Network Information Center） +网络 + +// cheap : 2013-11-14 Sand Cover, LLC +cheap + +// xn--xhq521b : 2013-11-14 Guangzhou YU Wei Information Technology Co., Ltd. +广东 + +// photo : 2013-11-14 Uniregistry, Corp. +photo + +// network : 2013-11-14 Trixy Manor, LLC +network + +// zone : 2013-11-14 Outer Falls, LLC +zone + +// xn--nqv7f : 2013-11-14 Public Interest Registry +机构 + +// link : 2013-11-14 Uniregistry, Corp. +link + +// QPON : 2013-11-14 dotCOOL, Inc. +qpon + +// xn--i1b6b1a6a2e : 2013-11-14 Public Interest Registry +संगठन + +// agency : 2013-11-14 Steel Falls, LLC +agency + +// tienda : 2013-11-14 Victor Manor, LLC +tienda + +// works : 2013-11-14 Little Dynamite, LLC +works + +// london : 2013-11-14 Dot London Domains Limited +london + +// watch : 2013-11-14 Sand Shadow, LLC +watch + +// rocks : 2013-11-14 Ruby Moon, LLC +rocks + +// SHIKSHA : 2013-11-14 Afilias Limited +shiksha + +// xn--d1acj3b : 2013-11-21 The Foundation for Network Initiatives “The Smart Internet” +дети + +// budapest : 2013-11-21 Top Level Domain Holdings Limited +budapest + +// nrw : 2013-11-21 Minds + Machines GmbH +nrw + +// VOTE : 2013-11-21 Monolith Registry LLC +vote + +// fishing : 2013-11-21 Top Level Domain Holdings Limited +fishing + +// expert : 2013-11-21 Magic Pass, LLC +expert + +// horse : 2013-11-21 Top Level Domain Holdings Limited +horse + +// christmas : 2013-11-21 Uniregistry, Corp. +christmas + +// cooking : 2013-11-21 Top Level Domain Holdings Limited +cooking + +// xn--czru2d : 2013-11-21 Zodiac Capricorn Limited +商城 + +// casa : 2013-11-21 Top Level Domain Holdings Limited +casa + +// rich : 2013-11-21 I-REGISTRY Ltd., Niederlassung Deutschland +rich + +// VOTO : 2013-11-21 Monolith Registry LLC +voto + +// tools : 2013-11-21 Pioneer North, LLC +tools + +// xn--45q11c : 2013-11-21 Zodiac Scorpio Limited +八卦 + +// praxi : 2013-12-05 Praxi S.p.A. +praxi + +// events : 2013-12-05 Pioneer Maple, LLC +events + +// flights : 2013-12-05 Fox Station, LLC +flights + +// report : 2013-12-05 Binky Glen, LLC +report + +// partners : 2013-12-05 Magic Glen, LLC +partners + +// neustar : 2013-12-05 NeuStar, Inc. +neustar + +// rentals : 2013-12-05 Big Hollow,LLC +rentals + +// catering : 2013-12-05 New Falls. LLC +catering + +// community : 2013-12-05 Fox Orchard, LLC +community + +// maison : 2013-12-05 Victor Frostbite, LLC +maison + +// parts : 2013-12-05 Sea Goodbye, LLC +parts + +// cleaning : 2013-12-05 Fox Shadow, LLC +cleaning + +// okinawa : 2013-12-05 BusinessRalliart inc. +okinawa + +// foundation : 2013-12-05 John Dale, LLC +foundation + +// properties : 2013-12-05 Big Pass, LLC +properties + +// vacations : 2013-12-05 Atomic Tigers, LLC +vacations + +// productions : 2013-12-05 Magic Birch, LLC +productions + +// industries : 2013-12-05 Outer House, LLC +industries + +// haus : 2013-12-05 Pixie Edge, LLC +haus + +// vision : 2013-12-05 Koko Station, LLC +vision + +// mormon : 2013-12-05 IRI Domain Management, LLC (""Applicant"") +mormon + +// cards : 2013-12-05 Foggy Hollow, LLC +cards + +// ink : 2013-12-05 Top Level Design, LLC +ink + +// villas : 2013-12-05 New Sky, LLC +villas + +// consulting : 2013-12-05 Pixie Station, LLC +consulting + +// cruises : 2013-12-05 Spring Way, LLC +cruises + +// krd : 2013-12-05 KRG Department of Information Technology +krd + +// xyz : 2013-12-05 XYZ.COM LLC +xyz + +// dating : 2013-12-05 Pine Fest, LLC +dating + +// exposed : 2013-12-05 Victor Beach, LLC +exposed + +// condos : 2013-12-05 Pine House, LLC +condos + +// eus : 2013-12-12 Puntueus Fundazioa +eus + +// Caravan : 2013-12-12 Caravan International, Inc. +caravan + +// actor : 2013-12-12 United TLD Holdco Ltd. +actor + +// saarland : 2013-12-12 dotSaarland GmbH +saarland + +// yokohama : 2013-12-12 GMO Registry, Inc. +yokohama + +// pub : 2013-12-12 United TLD Holdco Ltd. +pub + +// xn--p1acf : 2013-12-12 Rusnames Limited +рус + +// ren : 2013-12-12 Beijing Qianxiang Wangjing Technology Development Co., Ltd. +ren + +// fish : 2013-12-12 Fox Woods, LLC +fish + +// BAR : 2013-12-12 Punto 2012 Sociedad Anonima Promotora de Inversion de Capital Variable +bar + +// DNP : 2013-12-13 Dai Nippon Printing Co., Ltd. +dnp + +// bid : 2013-12-19 dot Bid Limited +bid + +// supply : 2013-12-19 Half Falls, LLC +supply + +// Miami : 2013-12-19 Top Level Domain Holdings Limited +miami + +// supplies : 2013-12-19 Atomic Fields, LLC +supplies + +// quebec : 2013-12-19 PointQuébec Inc +quebec + +// MOSCOW : 2013-12-19 Foundation for Assistance for Internet Technologies and Infrastructure Development (FAITID) +moscow + +// globo : 2013-12-19 Globo Comunicação e Participações S.A +globo + +// AXA : 2013-12-19 AXA SA +axa + +// xn--80adxhks : 2013-12-19 Foundation for Assistance for Internet Technologies and Infrastructure Development (FAITID) +москва + +// xn--czrs0t : 2013-12-19 Wild Island, LLC +商店 + +// vodka : 2013-12-19 Top Level Domain Holdings Limited +vodka + +// REST : 2013-12-19 Punto 2012 Sociedad Anonima Promotora de Inversion de Capital Variable +rest + +// frogans : 2013-12-19 OP3FT +frogans + +// WTC : 2013-12-19 World Trade Centers Association, Inc. +wtc + +// rodeo : 2013-12-19 Top Level Domain Holdings Limited +rodeo + +// sohu : 2013-12-19 Sohu.com Limited +sohu + +// BEST : 2013-12-19 BestTLD Pty Ltd +best + +// country : 2013-12-19 Top Level Domain Holdings Limited +country + +// KRED : 2013-12-19 KredTLD Pty Ltd +kred + +// feedback : 2013-12-19 Top Level Spectrum, Inc. +feedback + +// work : 2013-12-19 Top Level Domain Holdings Limited +work + +// luxe : 2014-01-09 Top Level Domain Holdings Limited +luxe + +// ryukyu : 2014-01-09 BusinessRalliart inc. +ryukyu + +// autos : 2014-01-09 DERAutos, LLC +autos + +// homes : 2014-01-09 DERHomes, LLC +homes + +// jetzt : 2014-01-09 New TLD Company AB +jetzt + +// yachts : 2014-01-09 DERYachts, LLC +yachts + +// motorcycles : 2014-01-09 DERMotorcycles, LLC +motorcycles + +// mini : 2014-01-09 Bayerische Motoren Werke Aktiengesellschaft +mini + +// ggee : 2014-01-09 GMO Internet, Inc. +ggee + +// beer : 2014-01-09 Top Level Domain Holdings Limited +beer + +// xn--1qqw23a : 2014-01-13 Guangzhou YU Wei Information Technology Co., Ltd. +佛山 + +// college : 2014-01-16 XYZ.COM LLC +college + +// ovh : 2014-01-16 OVH SAS +ovh + +// meet : 2014-01-16 Afilias Limited +meet + +// xn--ses554g : 2014-01-16 HU YI GLOBAL INFORMATION RESOURCES (HOLDING) COMPANY. HONGKONG LIMITED +网址 + +// gop : 2014-01-16 Republican State Leadership Committee, Inc. +gop + +// blackfriday : 2014-01-16 Uniregistry, Corp. +blackfriday + +// lacaixa : 2014-01-16 CAIXA D'ESTALVIS I PENSIONS DE BARCELONA +lacaixa + +// xn--czr694b : 2014-01-16 HU YI GLOBAL INFORMATION RESOURCES(HOLDING) COMPANY.HONGKONG LIMITED +商标 + +// vegas : 2014-01-16 Dot Vegas, Inc. +vegas + +// black : 2014-01-16 Afilias Limited +black + +// soy : 2014-01-23 Charleston Road Registry Inc. +soy + +// trade : 2014-01-23 Elite Registry Limited +trade + +// gent : 2014-01-23 COMBELL GROUP NV/SA +gent + +// ing : 2014-01-23 Charleston Road Registry Inc. +ing + +// dad : 2014-01-23 Charleston Road Registry Inc. +dad + +// shriram : 2014-01-23 Shriram Capital Ltd. +shriram + +// bayern : 2014-01-23 Bayern Connect GmbH +bayern + +// scot : 2014-01-23 Dot Scot Registry Limited +scot + +// webcam : 2014-01-23 dot Webcam Limited +webcam + +// foo : 2014-01-23 Charleston Road Registry Inc. +foo + +// eat : 2014-01-23 Charleston Road Registry Inc. +eat + +// nyc : 2014-01-23 The City of New York +nyc + +// prod : 2014-01-23 Charleston Road Registry Inc. +prod + +// how : 2014-01-23 Charleston Road Registry Inc. +how + +// day : 2014-01-30 Charleston Road Registry Inc. +day + +// meme : 2014-01-30 Charleston Road Registry Inc. +meme + +// mov : 2014-01-30 Charleston Road Registry Inc. +mov + +// paris : 2014-01-30 City of Paris +paris + +// boo : 2014-01-30 Charleston Road Registry Inc. +boo + +// new : 2014-01-30 Charleston Road Registry Inc. +new + +// ifm : 2014-01-30 ifm electronic gmbh +ifm + +// life : 2014-02-06 Trixy Oaks, LLC +life + +// archi : 2014-02-06 STARTING DOT LIMITED +archi + +// spiegel : 2014-02-06 SPIEGEL-Verlag Rudolf Augstein GmbH & Co. KG +spiegel + +// brussels : 2014-02-06 DNS.be vzw +brussels + +// church : 2014-02-06 Holly Fileds, LLC +church + +// here : 2014-02-06 Charleston Road Registry Inc. +here + +// dabur : 2014-02-06 Dabur India Limited +dabur + +// vlaanderen : 2014-02-06 DNS.be vzw +vlaanderen + +// cologne : 2014-02-06 NetCologne Gesellschaft für Telekommunikation mbH +cologne + +// xn--kput3i : 2014-02-13 Beijing RITT-Net Technology Development Co., Ltd +手机 + +// wme : 2014-02-13 William Morris Endeavor Entertainment, LLC +wme + +// nhk : 2014-02-13 Japan Broadcasting Corporation (NHK) +nhk + +// suzuki : 2014-02-20 SUZUKI MOTOR CORPORATION +suzuki + +// whoswho : 2014-02-20 Who's Who Registry +whoswho + +// scb : 2014-02-20 The Siam Commercial Bank Public Company Limited ("SCB""\) +scb + +// hamburg : 2014-02-20 Hamburg Top-Level-Domain GmbH +hamburg + +// services : 2014-02-27 Fox Castle, LLC +services + +// bzh : 2014-02-27 Association www.bzh +bzh + +// rio : 2014-02-27 Empresa Municipal de Informática SA - IPLANRIO +rio + +// cash : 2014-03-07 Delta Lake, LLC +cash + +// gives : 2014-03-07 United TLD Holdco Ltd. +gives + +// hiphop : 2014-03-07 Uniregistry, Corp. +hiphop + +// degree : 2014-03-07 Puff House, LLC +degree + +// digital : 2014-03-07 Dash Park, LLC +digital + +// rehab : 2014-03-07 United TLD Holdco Ltd. +rehab + +// wtf : 2014-03-07 Hidden Way, LLC +wtf + +// financial : 2014-03-07 Just Cover, LLC +financial + +// limited : 2014-03-07 Big Fest, LLC +limited + +// discount : 2014-03-07 Holly Hill, LLC +discount + +// fail : 2014-03-07 Atomic Pipe, LLC +fail + +// vet : 2014-03-07 Wild Dale, LLC +vet + +// ngo : 2014-03-07 Public Interest Registry +ngo + +// fitness : 2014-03-07 Brice Orchard, LLC +fitness + +// schule : 2014-03-07 Outer Moon, LLC +schule + +// navy : 2014-03-07 United TLD Holdco Ltd. +navy + +// bio : 2014-03-07 STARTING DOT LIMITED +bio + +// ong : 2014-03-07 Public Interest Registry +ong + +// town : 2014-03-07 Koko Moon, LLC +town + +// toys : 2014-03-07 Pioneer Orchard, LLC +toys + +// army : 2014-03-07 United TLD Holdco Ltd. +army + +// engineering : 2014-03-07 Romeo Canyon +engineering + +// capital : 2014-03-07 Delta Mill, LLC +capital + +// exchange : 2014-03-07 Spring Falls, LLC +exchange + +// fan : 2014-03-07 Goose Glen, LLC +fan + +// market : 2014-03-07 Victor Way, LLC +market + +// media : 2014-03-07 Grand Glen, LLC +media + +// lease : 2014-03-07 Victor Trail, LLC +lease + +// university : 2014-03-07 Little Station, LLC +university + +// reisen : 2014-03-07 New Cypress, LLC +reisen + +// airforce : 2014-03-07 United TLD Holdco Ltd. +airforce + +// pictures : 2014-03-07 Foggy Sky, LLC +pictures + +// gripe : 2014-03-07 Corn Sunset, LLC +gripe -// uy : http://www.nic.org.uy/ -uy -com.uy -edu.uy -gub.uy -mil.uy -net.uy -org.uy +// engineering : 2014-03-07 United TLD Holdco Ltd. +engineering -// uz : http://www.reg.uz/ -uz -co.uz -com.uz -net.uz -org.uz +// associates : 2014-03-07 Baxter Hill, LLC +associates -// va : http://en.wikipedia.org/wiki/.va -va +// xn--mxtq1m : 2014-03-07 Net-Chinese Co., Ltd. +政府 -// vc : http://en.wikipedia.org/wiki/.vc -// Submitted by registry <kshah(a)ca.afilias.info> 2008-06-13 -vc -com.vc -net.vc -org.vc -gov.vc -mil.vc -edu.vc +// williamhill : 2014-03-13 William Hill Organization Limited +williamhill -// ve : https://registro.nic.ve/ -// Confirmed by registry 2012-10-04 -ve -co.ve -com.ve -e12.ve -edu.ve -gov.ve -info.ve -mil.ve -net.ve -org.ve -web.ve +// hiv : 2014-03-13 dotHIV gemeinnuetziger e.V. +hiv -// vg : http://en.wikipedia.org/wiki/.vg -vg +// sca : 2014-03-13 SVENSKA CELLULOSA AKTIEBOLAGET SCA (publ) +sca -// vi : http://www.nic.vi/newdomainform.htm -// http://www.nic.vi/Domain_Rules/body_domain_rules.html indicates some other -// TLDs are "reserved", such as edu.vi and gov.vi, but doesn't actually say they -// are available for registration (which they do not seem to be). -vi -co.vi -com.vi -k12.vi -net.vi -org.vi +// reise : 2014-03-13 dotreise GmbH +reise -// vn : https://www.dot.vn/vnnic/vnnic/domainregistration.jsp -vn -com.vn -net.vn -org.vn -edu.vn -gov.vn -int.vn -ac.vn -biz.vn -info.vn -name.vn -pro.vn -health.vn +// accountants : 2014-03-20 Knob Town, LLC +accountants -// vu : http://en.wikipedia.org/wiki/.vu -// list of 2nd level tlds ? -vu +// clinic : 2014-03-20 Goose Park, LLC +clinic -// wf : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf -wf +// versicherung : 2014-03-20 dotversicherung-registry GmbH +versicherung -// ws : http://en.wikipedia.org/wiki/.ws -// http://samoanic.ws/index.dhtml -ws -com.ws -net.ws -org.ws -gov.ws -edu.ws +// top : 2014-03-20 Jiangsu Bangning Science & Technology Co.,Ltd. +top -// yt : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf -yt +// furniture : 2014-03-20 Lone Fields, LLC +furniture -// IDN ccTLDs -// Please sort by ISO 3166 ccTLD, then punicode string -// when submitting patches and follow this format: -// <Punicode> ("<english word>" <language>) : <ISO 3166 ccTLD> -// [optional sponsoring org] -// <URL> +// dental : 2014-03-20 Tin Birch, LLC +dental -// xn--mgbaam7a8h ("Emerat" Arabic) : AE -// http://nic.ae/english/arabicdomain/rules.jsp -امارات +// fund : 2014-03-20 John Castle, LLC +fund -// xn--54b7fta0cc ("Bangla" Bangla) : BD -বাংলা +// creditcard : 2014-03-20 Binky Frostbite, LLC +creditcard -// xn--fiqs8s ("China" Chinese-Han-Simplified <.Zhonggou>) : CN -// CNNIC -// http://cnnic.cn/html/Dir/2005/10/11/3218.htm -中国 +// insure : 2014-03-20 Pioneer Willow, LLC +insure -// xn--fiqz9s ("China" Chinese-Han-Traditional <.Zhonggou>) : CN -// CNNIC -// http://cnnic.cn/html/Dir/2005/10/11/3218.htm -中國 +// audio : 2014-03-20 Uniregistry, Corp. +audio -// xn--lgbbat1ad8j ("Algeria / Al Jazair" Arabic) : DZ -الجزائر +// claims : 2014-03-20 Black Corner, LLC +claims -// xn--wgbh1c ("Egypt" Arabic .masr) : EG -// http://www.dotmasr.eg/ -مصر +// loans : 2014-03-20 June Woods, LLC +loans -// xn--node ("ge" Georgian (Mkhedruli)) : GE -გე +// auction : 2014-03-20 Sand Galley, LLC +auction -// xn--j6w193g ("Hong Kong" Chinese-Han) : HK -// https://www2.hkirc.hk/register/rules.jsp -香港 +// attorney : 2014-03-20 Victor North, LLC +attorney -// xn--h2brj9c ("Bharat" Devanagari) : IN -// India -भारत +// finance : 2014-03-20 Cotton Cypress, LLC +finance -// xn--mgbbh1a71e ("Bharat" Arabic) : IN -// India -بھارت +// investments : 2014-03-20 Holly Glen, LLC +investments -// xn--fpcrj9c3d ("Bharat" Telugu) : IN -// India -భారత్ +// juegos : 2014-03-20 Uniregistry, Corp. +juegos -// xn--gecrj9c ("Bharat" Gujarati) : IN -// India -ભારત +// dentist : 2014-03-20 Outer Lake, LLC +dentist -// xn--s9brj9c ("Bharat" Gurmukhi) : IN -// India -ਭਾਰਤ +// lds : 2014-03-20 IRI Domain Management, LLC +lds -// xn--45brj9c ("Bharat" Bengali) : IN -// India -ভারত +// lawyer : 2014-03-20 Atomic Station, LLC +lawyer -// xn--xkc2dl3a5ee0h ("India" Tamil) : IN -// India -இந்தியா +// surgery : 2014-03-20 Tin Avenue, LLC +surgery -// xn--mgba3a4f16a ("Iran" Persian) : IR -ایران +// gratis : 2014-03-20 Pioneer Tigers, LLC +gratis -// xn--mgba3a4fra ("Iran" Arabic) : IR -ايران +// software : 2014-03-20 Over Birch, LLC +software -// xn--mgbayh7gpa ("al-Ordon" Arabic) : JO -// National Information Technology Center (NITC) -// Royal Scientific Society, Al-Jubeiha -الاردن +// mortgage : 2014-03-20 Outer Gardens, LLC +mortgage -// xn--3e0b707e ("Republic of Korea" Hangul) : KR -한국 +// republican : 2014-03-20 United TLD Holdco Ltd. +republican -// xn--fzc2c9e2c ("Lanka" Sinhalese-Sinhala) : LK -// http://nic.lk -ලංකා +// credit : 2014-03-20 Snow Shadow, LLC +credit -// xn--xkc2al3hye2a ("Ilangai" Tamil) : LK -// http://nic.lk -இலங்கை +// tax : 2014-03-20 Storm Orchard, LLC +tax -// xn--mgbc0a9azcg ("Morocco / al-Maghrib" Arabic) : MA -المغرب +// africa : 2014-03-24 ZA Central Registry NPC trading as Registry.Africa +africa -// xn--mgb9awbf ("Oman" Arabic) : OM -عمان +// joburg : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry +joburg -// xn--ygbi2ammx ("Falasteen" Arabic) : PS -// The Palestinian National Internet Naming Authority (PNINA) -// http://www.pnina.ps -فلسطين +// durban : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry +durban -// xn--90a3ac ("srb" Cyrillic) : RS -срб +// capetown : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry +capetown -// xn--p1ai ("rf" Russian-Cyrillic) : RU -// http://www.cctld.ru/en/docs/rulesrf.php -рф +// sap : 2014-03-27 SAP AG +sap -// xn--wgbl6a ("Qatar" Arabic) : QA -// http://www.ict.gov.qa/ -قطر +// datsun : 2014-03-27 NISSAN MOTOR CO., LTD. +datsun -// xn--mgberp4a5d4ar ("AlSaudiah" Arabic) : SA -// http://www.nic.net.sa/ -السعودية +// infiniti : 2014-03-27 NISSAN MOTOR CO., LTD. +infiniti -// xn--mgberp4a5d4a87g ("AlSaudiah" Arabic) variant : SA -السعودیة +// firmdale : 2014-03-27 Firmdale Holdings Limited +firmdale -// xn--mgbqly7c0a67fbc ("AlSaudiah" Arabic) variant : SA -السعودیۃ +// organic : 2014-03-27 Afilias Limited +organic -// xn--mgbqly7cvafr ("AlSaudiah" Arabic) variant : SA -السعوديه +// nissan : 2014-03-27 NISSAN MOTOR CO., LTD. +nissan -// xn--ogbpf8fl ("Syria" Arabic) : SY -سورية +// website : 2014-04-03 DotWebsite Inc. +website -// xn--mgbtf8fl ("Syria" Arabic) variant : SY -سوريا +// space : 2014-04-03 DotSpace Inc. +space -// xn--yfro4i67o Singapore ("Singapore" Chinese-Han) : SG -新加坡 +// schmidt : 2014-04-03 SALM S.A.S. +schmidt -// xn--clchc0ea0b2g2a9gcd ("Singapore" Tamil) : SG -சிங்கப்பூர் +// cuisinella : 2014-04-03 SALM S.A.S. +cuisinella -// xn--o3cw4h ("Thai" Thai) : TH -// http://www.thnic.co.th -ไทย +// samsung : 2014-04-03 SAMSUNG SDS CO., LTD +samsung -// xn--pgbs0dh ("Tunis") : TN -// http://nic.tn -تونس +// crs : 2014-04-03 Federated Co operatives Limited +crs -// xn--kpry57d ("Taiwan" Chinese-Han-Traditional) : TW -// http://www.twnic.net/english/dn/dn_07a.htm -台灣 +// doosan : 2014-04-03 Doosan Corporation +doosan -// xn--kprw13d ("Taiwan" Chinese-Han-Simplified) : TW -// http://www.twnic.net/english/dn/dn_07a.htm -台湾 +// press : 2014-04-03 DotPress Inc. +press -// xn--nnx388a ("Taiwan") variant : TW -臺灣 +// emerck : 2014-04-03 Merck KGaA +emerck -// xn--j1amh ("ukr" Cyrillic) : UA -укр +// erni : 2014-04-03 ERNI Group Holding AG +erni -// xn--mgb2ddes ("AlYemen" Arabic) : YE -اليمن +// direct : 2014-04-10 Half Trail, LLC +direct -// xxx : http://icmregistry.com -xxx +// yandex : 2014-04-10 YANDEX, LLC +yandex -// ye : http://www.y.net.ye/services/domain_name.htm -*.ye +// lotto : 2014-04-10 Afilias Limited +lotto -// za : http://www.zadna.org.za/slds.html -*.za +// toshiba : 2014-04-10 TOSHIBA Corporation +toshiba -// zm : http://en.wikipedia.org/wiki/.zm -*.zm +// bauhaus : 2014-04-17 Werkhaus GmbH +bauhaus -// zw : http://en.wikipedia.org/wiki/.zw -*.zw +// host : 2014-04-17 DotHost Inc. +host + +// ltda : 2014-04-17 DOMAIN ROBOT SERVICOS DE HOSPEDAGEM NA INTERNET LTDA +ltda + +// global : 2014-04-17 Dot GLOBAL AS +global + +// abogado : 2014-04-24 Top Level Domain Holdings Limited +abogado + +// place : 2014-04-24 Snow Galley, LLC +place + +// tirol : 2014-04-24 punkt Tirol GmbH +tirol + +// gmx : 2014-04-24 1&1 Mail & Media GmbH +gmx + +// tatar : 2014-04-24 Limited Liability Company "Coordination Center of Regional Domain of Tatarstan Republic" +tatar + +// scholarships : 2014-04-24 Scholarships.com, LLC +scholarships + +// eurovision : 2014-04-24 European Broadcasting Union (EBU) +eurovision + +// wedding : 2014-04-24 Top Level Domain Holdings Limited +wedding + +// active : 2014-05-01 The Active Network, Inc +active + +// madrid : 2014-05-01 Comunidad de Madrid +madrid + +// youtube : 2014-05-01 Charleston Road Registry Inc. +youtube + +// sharp : 2014-05-01 Sharp Corporation +sharp + +// uol : 2014-05-01 UBN INTERNET LTDA. +uol + +// physio : 2014-05-01 PhysBiz Pty Ltd +physio + +// gmail : 2014-05-01 Charleston Road Registry Inc. +gmail + +// channel : 2014-05-08 Charleston Road Registry Inc. +channel + +// fly : 2014-05-08 Charleston Road Registry Inc. +fly + +// zip : 2014-05-08 Charleston Road Registry Inc. +zip + +// esq : 2014-05-08 Charleston Road Registry Inc. +esq + +// rsvp : 2014-05-08 Charleston Road Registry Inc. +rsvp + +// wales : 2014-05-08 Nominet UK +wales + +// cymru : 2014-05-08 Nominet UK +cymru + +// green : 2014-05-08 Afilias Limited +green + +// lgbt : 2014-05-08 Afilias Limited +lgbt + +// xn--hxt814e : 2014-05-15 Zodiac Libra Limited +网店 + +// cancerresearch : 2014-05-15 Australian Cancer Research Foundation +cancerresearch + +// everbank : 2014-05-15 EverBank +everbank + +// frl : 2014-05-15 FRLregistry B.V. +frl + +// property : 2014-05-22 Uniregistry, Corp. +property + +// forsale : 2014-05-22 Sea Oaks, LLC +forsale + +// seat : 2014-05-22 SEAT, S.A. (Sociedad Unipersonal) +seat + +// deals : 2014-05-22 Sand Sunset, LLC +deals + +// nra : 2014-05-22 NRA Holdings Company, INC. +nra + +// xn--fjq720a : 2014-05-22 Will Bloom, LLC +娱乐 + +// realtor : 2014-05-29 Real Estate Domains LLC +realtor + +// bnpparibas : 2014-05-29 BNP Paribas +bnpparibas + +// melbourne : 2014-05-29 The Crown in right of the State of Victoria, represented by its Department of State Development, Business and Innovation +melbourne + +// hosting : 2014-05-29 Uniregistry, Corp. +hosting + +// yoga : 2014-05-29 Top Level Domain Holdings Limited +yoga + +// city : 2014-05-29 Snow Sky, LLC +city + +// bond : 2014-06-05 Bond University Limited +bond + +// click : 2014-06-05 Uniregistry, Corp. +click + +// cern : 2014-06-05 European Organization for Nuclear Research ("CERN") +cern // ===END ICANN DOMAINS=== // ===BEGIN PRIVATE DOMAINS=== // Amazon CloudFront : https://aws.amazon.com/cloudfront/ -// Requested by Donavan Miller <donavanm(a)amazon.com> 2013-03-22 +// Submitted by Donavan Miller <donavanm(a)amazon.com> 2013-03-22 cloudfront.net // Amazon Elastic Compute Cloud: https://aws.amazon.com/ec2/ -// Requested by Osman Surkatty <osmans(a)amazon.com> 2013-04-02 -compute.amazonaws.com -us-east-1.amazonaws.com -compute-1.amazonaws.com -z-1.compute-1.amazonaws.com -z-2.compute-1.amazonaws.com +// Submitted by Osman Surkatty <osmans(a)amazon.com> 2014-05-20 ap-northeast-1.compute.amazonaws.com ap-southeast-1.compute.amazonaws.com ap-southeast-2.compute.amazonaws.com +cn-north-1.compute.amazonaws.cn +compute.amazonaws.cn +compute.amazonaws.com +compute-1.amazonaws.com eu-west-1.compute.amazonaws.com sa-east-1.compute.amazonaws.com +us-east-1.amazonaws.com us-gov-west-1.compute.amazonaws.com us-west-1.compute.amazonaws.com us-west-2.compute.amazonaws.com +z-1.compute-1.amazonaws.com +z-2.compute-1.amazonaws.com -// Amazon Elastic Beanstalk : https://aws.amazon.com/elasticbeanstalk/ -// Requested by Adam Stein <astein(a)amazon.com> 2013-04-02 +// Amazon Elastic Beanstalk : https://aws.amazon.com/elasticbeanstalk/ +// Submitted by Adam Stein <astein(a)amazon.com> 2013-04-02 elasticbeanstalk.com // Amazon Elastic Load Balancing : https://aws.amazon.com/elasticloadbalancing/ -// Requested by Scott Vidmar <svidmar(a)amazon.com> 2013-03-27 +// Submitted by Scott Vidmar <svidmar(a)amazon.com> 2013-03-27 elb.amazonaws.com // Amazon S3 : https://aws.amazon.com/s3/ -// Requested by Courtney Eckhardt <coec(a)amazon.com> 2013-03-22 +// Submitted by Courtney Eckhardt <coec(a)amazon.com> 2013-03-22 s3.amazonaws.com s3-us-west-2.amazonaws.com s3-us-west-1.amazonaws.com @@ -6608,26 +8051,27 @@ s3-website-sa-east-1.amazonaws.com s3-website-us-gov-west-1.amazonaws.com // BetaInABox -// Requested by adrian(a)betainabox.com 2012-09-13 +// Submitted by adrian(a)betainabox.com 2012-09-13 betainabox.com // CentralNic : http://www.centralnic.com/names/domains -// Requested by registry <gavin.brown(a)centralnic.com> 2012-09-27 +// Submitted by registry <gavin.brown(a)centralnic.com> 2012-09-27 ae.org ar.com br.com cn.com com.de +com.se de.com eu.com gb.com gb.net -gr.com hu.com hu.net jp.net jpn.com kr.com +mex.com no.com qc.com ru.com @@ -6637,13 +8081,38 @@ se.net uk.com uk.net us.com -us.org uy.com +za.bz za.com +// Africa.com Web Solutions Ltd : https://registry.africa.com +// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 +africa.com + +// iDOT Services Limited : http://www.domain.gr.com +// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 +gr.com + +// Radix FZC : http://domains.in.net +// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 +in.net + +// US REGISTRY LLC : http://us.org +// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 +us.org + +// co.com Registry, LLC : https://registry.co.com +// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 +co.com + // c.la : http://www.c.la/ c.la +// cloudControl : https://www.cloudcontrol.com/ +// Submitted by Tobias Wilken <tw(a)cloudcontrol.com> 2013-07-23 +cloudcontrolled.com +cloudcontrolapp.com + // co.ca : http://registry.co.ca/ co.ca @@ -6651,8 +8120,12 @@ co.ca co.nl co.no +// Cupcake : https://cupcake.io/ +// Submitted by Jonathan Rudenberg <jonathan(a)cupcake.io> 2013-10-08 +cupcake.is + // DreamHost : http://www.dreamhost.com/ -// Requested by Andrew Farmer <andrew.farmer(a)dreamhost.com> 2012-10-02 +// Submitted by Andrew Farmer <andrew.farmer(a)dreamhost.com> 2012-10-02 dreamhosters.com // DynDNS.com : http://www.dyndns.com/services/dns/dyndns/ @@ -6936,12 +8409,29 @@ webhop.org worse-than.tv writesthisblog.com +// Fastly Inc. http://www.fastly.com/ +// Submitted by Vladimir Vuksan <vladimir(a)fastly.com> 2013-05-31 +a.ssl.fastly.net +b.ssl.fastly.net +global.ssl.fastly.net +a.prod.fastly.net +global.prod.fastly.net + +// Firebase, Inc. +// Submitted by Chris Raynor <chris(a)firebase.com> 2014-01-21 +firebaseapp.com + // GitHub, Inc. -// Requested by Ben Toews <btoews(a)github.com> 2013-04-18 +// Submitted by Ben Toews <btoews(a)github.com> 2014-02-06 github.io +githubusercontent.com + +// GlobeHosting, Inc. +// Submitted by Zoltan Egresi <egresi(a)globehosting.com> 2013-07-12 +ro.com // Google, Inc. -// Requested by Eduardo Vela <evn(a)google.com> 2012-10-24 +// Submitted by Eduardo Vela <evn(a)google.com> 2012-10-24 appspot.com blogspot.be blogspot.bj @@ -6986,14 +8476,15 @@ blogspot.tw codespot.com googleapis.com googlecode.com +withgoogle.com // Heroku : https://www.heroku.com/ -// Requested by Tom Maher <tmaher(a)heroku.com> 2013-05-02 +// Submitted by Tom Maher <tmaher(a)heroku.com> 2013-05-02 herokuapp.com herokussl.com // iki.fi -// Requested by Hannu Aronsson <haa(a)iki.fi> 2009-11-05 +// Submitted by Hannu Aronsson <haa(a)iki.fi> 2009-11-05 iki.fi // info.at : http://www.info.at/ @@ -7003,24 +8494,42 @@ info.at // Michau Enterprises Limited : http://www.co.pl/ co.pl +// Microsoft : http://microsoft.com +// Submitted by Barry Dorrans <bdorrans(a)microsoft.com> 2014-01-24 +azurewebsites.net +azure-mobile.net +cloudapp.net + +// NFSN, Inc. : https://www.NearlyFreeSpeech.NET/ +// Submitted by Jeff Wheelhouse <support(a)nearlyfreespeech.net> 2014-02-02 +nfshost.com + // NYC.mn : http://www.information.nyc.mn -// Requested by Matthew Brown <mattbrown(a)nyc.mn> 2013-03-11 +// Submitted by Matthew Brown <mattbrown(a)nyc.mn> 2013-03-11 nyc.mn +// One Fold Media : http://www.onefoldmedia.com/ +// Submitted by Eddie Jones <eddie(a)onefoldmedia.com> 2014-06-10 +nid.io + // Opera Software, A.S.A. -// Requested by Yngve Pettersen <yngve(a)opera.com> 2009-11-26 +// Submitted by Yngve Pettersen <yngve(a)opera.com> 2009-11-26 operaunite.com +// OutSystems +// Submitted by Duarte Santos <domain-admin(a)outsystemscloud.com> 2014-03-11 +outsystemscloud.com + // Red Hat, Inc. OpenShift : https://openshift.redhat.com/ -// Requested by Tim Kramer <tkramer(a)rhcloud.com> 2012-10-24 +// Submitted by Tim Kramer <tkramer(a)rhcloud.com> 2012-10-24 rhcloud.com // priv.at : http://www.nic.priv.at/ -// Requested by registry <lendl(a)nic.at> 2008-06-09 +// Submitted by registry <lendl(a)nic.at> 2008-06-09 priv.at // ZaNiC : http://www.za.net/ -// Requested by registry <hostmaster(a)nic.za.net> 2009-10-03 +// Submitted by registry <hostmaster(a)nic.za.net> 2009-10-03 za.net za.org diff --git a/netwerk/test/unit/data/test_psl.txt b/netwerk/test/unit/data/test_psl.txt index 5a75831..35c8ccf 100644 --- a/netwerk/test/unit/data/test_psl.txt +++ b/netwerk/test/unit/data/test_psl.txt @@ -60,12 +60,12 @@ checkPublicSuffix('a.b.c.kobe.jp', 'b.c.kobe.jp'); checkPublicSuffix('city.kobe.jp', 'city.kobe.jp'); checkPublicSuffix('www.city.kobe.jp', 'city.kobe.jp'); // TLD with a wildcard rule and exceptions. -checkPublicSuffix('om', null); -checkPublicSuffix('test.om', null); -checkPublicSuffix('b.test.om', 'b.test.om'); -checkPublicSuffix('a.b.test.om', 'b.test.om'); -checkPublicSuffix('songfest.om', 'songfest.om'); -checkPublicSuffix('www.songfest.om', 'songfest.om'); +checkPublicSuffix('ck', null); +checkPublicSuffix('test.ck', null); +checkPublicSuffix('b.test.ck', 'b.test.ck'); +checkPublicSuffix('a.b.test.ck', 'b.test.ck'); +checkPublicSuffix('www.ck', 'www.ck'); +checkPublicSuffix('www.www.ck', 'www.ck'); // US K12. checkPublicSuffix('us', null); checkPublicSuffix('test.us', 'test.us'); @@ -76,3 +76,23 @@ checkPublicSuffix('www.test.ak.us', 'test.ak.us'); checkPublicSuffix('k12.ak.us', null); checkPublicSuffix('test.k12.ak.us', 'test.k12.ak.us'); checkPublicSuffix('www.test.k12.ak.us', 'test.k12.ak.us'); +// IDN labels. +checkPublicSuffix('食狮.com.cn', '食狮.com.cn'); +checkPublicSuffix('食狮.公司.cn', '食狮.公司.cn'); +checkPublicSuffix('www.食狮.公司.cn', '食狮.公司.cn'); +checkPublicSuffix('shishi.公司.cn', 'shishi.公司.cn'); +checkPublicSuffix('公司.cn', null); +checkPublicSuffix('食狮.中国', '食狮.中国'); +checkPublicSuffix('www.食狮.中国', '食狮.中国'); +checkPublicSuffix('shishi.中国', 'shishi.中国'); +checkPublicSuffix('中国', null); +// Same as above, but punycoded. +checkPublicSuffix('xn--85x722f.com.cn', 'xn--85x722f.com.cn'); +checkPublicSuffix('xn--85x722f.xn--55qx5d.cn', 'xn--85x722f.xn--55qx5d.cn'); +checkPublicSuffix('www.xn--85x722f.xn--55qx5d.cn', 'xn--85x722f.xn--55qx5d.cn'); +checkPublicSuffix('shishi.xn--55qx5d.cn', 'shishi.xn--55qx5d.cn'); +checkPublicSuffix('xn--55qx5d.cn', null); +checkPublicSuffix('xn--85x722f.xn--fiqs8s', 'xn--85x722f.xn--fiqs8s'); +checkPublicSuffix('www.xn--85x722f.xn--fiqs8s', 'xn--85x722f.xn--fiqs8s'); +checkPublicSuffix('shishi.xn--fiqs8s', 'shishi.xn--fiqs8s'); +checkPublicSuffix('xn--fiqs8s', null); diff --git a/netwerk/test/unit/test_psl.js b/netwerk/test/unit/test_psl.js index 446fe4c..ff4a5e7 100644 --- a/netwerk/test/unit/test_psl.js +++ b/netwerk/test/unit/test_psl.js @@ -4,6 +4,9 @@ const Ci = Components.interfaces; var etld = Cc["@mozilla.org/network/effective-tld-service;1"] .getService(Ci.nsIEffectiveTLDService); +var idna = Cc["@mozilla.org/network/idn-service;1"] + .getService(Ci.nsIIDNService); + function run_test() { var file = do_get_file("data/test_psl.txt"); @@ -13,7 +16,7 @@ function run_test() var scriptLoader = Cc["@mozilla.org/moz/jssubscript-loader;1"] .getService(Ci.mozIJSSubScriptLoader); var srvScope = {}; - scriptLoader.loadSubScript(uri.spec, srvScope); + scriptLoader.loadSubScript(uri.spec, srvScope, "utf-8"); } function checkPublicSuffix(host, expectedSuffix) @@ -24,5 +27,11 @@ function checkPublicSuffix(host, expectedSuffix) } catch (e if e.name == "NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS" || e.name == "NS_ERROR_ILLEGAL_VALUE") { } + // The EffectiveTLDService always gives back punycoded labels. + // The test suite wants to get back what it put in. + if (actualSuffix !== null && expectedSuffix !== null && + /(^|\.)xn--/.test(actualSuffix) && !/(^|\.)xn--/.test(expectedSuffix)) { + actualSuffix = idna.convertACEtoUTF8(actualSuffix); + } do_check_eq(actualSuffix, expectedSuffix); }

1 0

[tor-browser/esr24] Backed out 3 changesets (bug 1033340) for xpcshell failures.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 613b3c28ec08cc67965695a6cad0b24f12b0ecf5 Author: Ryan VanderMeulen <ryanvm(a)gmail.com> Date: Thu Jul 3 14:03:52 2014 -0400 Backed out 3 changesets (bug 1033340) for xpcshell failures. Backed out changeset cad29a5b752d (bug 1033340) Backed out changeset 284590145d2d (bug 1033340) Backed out changeset 34182c54281a (bug 1033340) --- netwerk/dns/effective_tld_names.dat | 2525 +++++++---------------------------- netwerk/test/unit/data/test_psl.txt | 32 +- netwerk/test/unit/test_psl.js | 14 +- 3 files changed, 518 insertions(+), 2053 deletions(-) diff --git a/netwerk/dns/effective_tld_names.dat b/netwerk/dns/effective_tld_names.dat index c83fe0b..ed1123b 100644 --- a/netwerk/dns/effective_tld_names.dat +++ b/netwerk/dns/effective_tld_names.dat @@ -175,21 +175,20 @@ it.ao // aq : http://en.wikipedia.org/wiki/.aq aq -// ar : https://nic.ar/normativa-vigente.xhtml -ar -com.ar -edu.ar -gob.ar -gov.ar -int.ar -mil.ar -net.ar -org.ar -tur.ar +// ar : http://en.wikipedia.org/wiki/.ar +*.ar +!congresodelalengua3.ar +!educ.ar +!gobiernoelectronico.ar +!mecon.ar +!nacion.ar +!nic.ar +!promocion.ar +!retina.ar +!uba.ar // arpa : http://en.wikipedia.org/wiki/.arpa // Confirmed by registry <iana-questions(a)icann.org> 2008-06-18 -arpa e164.arpa in-addr.arpa ip6.arpa @@ -214,7 +213,6 @@ or.at // au : http://en.wikipedia.org/wiki/.au // http://www.auda.org.au/ -au // 2LDs com.au net.au @@ -245,9 +243,10 @@ sa.edu.au tas.edu.au vic.edu.au wa.edu.au -// act.gov.au Bug 984824 - Removed at request of Greg Tankard -// nsw.gov.au Bug 547985 - Removed at request of <Shae.Donelan(a)services.nsw.gov.au> -// nt.gov.au Bug 940478 - Removed at request of Greg Connors <Greg.Connors(a)nt.gov.au> +act.gov.au +// Removed at request of Shae.Donelan(a)services.nsw.gov.au, 2010-03-04 +// nsw.gov.au +nt.gov.au qld.gov.au sa.gov.au tas.gov.au @@ -292,7 +291,6 @@ rs.ba // bb : http://en.wikipedia.org/wiki/.bb bb biz.bb -co.bb com.bb edu.bb gov.bb @@ -300,7 +298,6 @@ info.bb net.bb org.bb store.bb -tv.bb // bd : http://en.wikipedia.org/wiki/.bd *.bd @@ -352,7 +349,7 @@ z.bg 6.bg 7.bg 8.bg -9.bg +9.bg // bh : http://en.wikipedia.org/wiki/.bh bh @@ -403,8 +400,8 @@ net.bo mil.bo tv.bo -// br : http://registro.br/dominio/categoria.html -// Submitted by registry <fneves(a)registro.br> 2014-03-04 +// br : http://registro.br/dominio/dpn.html +// Updated by registry <fneves(a)registro.br> 2011-03-01 br adm.br adv.br @@ -449,7 +446,6 @@ lel.br mat.br med.br mil.br -mp.br mus.br net.br nom.br @@ -495,7 +491,6 @@ org.bt // bv : No registrations at this time. // Submitted by registry <jarle(a)uninett.no> 2006-06-16 -bv // bw : http://en.wikipedia.org/wiki/.bw // http://www.gobin.info/domainname/bw.doc @@ -598,12 +593,9 @@ gob.cl co.cl mil.cl -// cm : http://en.wikipedia.org/wiki/.cm plus bug 981927 +// cm : http://en.wikipedia.org/wiki/.cm cm -co.cm -com.cm gov.cm -net.cm // cn : http://en.wikipedia.org/wiki/.cn // Submitted by registry <tanyaling(a)cnnic.cn> 2008-06-11 @@ -795,7 +787,7 @@ org.ee fie.ee // eg : http://en.wikipedia.org/wiki/.eg -eg +eg com.eg edu.eg eun.eg @@ -818,14 +810,7 @@ gob.es edu.es // et : http://en.wikipedia.org/wiki/.et -et -com.et -gov.et -org.et -edu.et -biz.et -name.et -info.et +*.et // eu : http://en.wikipedia.org/wiki/.eu eu @@ -884,7 +869,6 @@ ga // gb : This registry is effectively dormant // Submitted by registry <Damien.Shaw(a)ja.net> 2008-06-12 -gb // gd : http://en.wikipedia.org/wiki/.gd gd @@ -902,12 +886,13 @@ pvt.ge // gf : http://en.wikipedia.org/wiki/.gf gf -// gg : http://www.channelisles.net/register-domains/ -// Confirmed by registry <nigel(a)channelisles.net> 2013-11-28 +// gg : http://www.channelisles.net/applic/avextn.shtml gg co.gg -net.gg org.gg +net.gg +sch.gg +gov.gg // gh : http://en.wikipedia.org/wiki/.gh // see also: http://www.nic.gh/reg_now.php @@ -938,7 +923,6 @@ gm // gn : http://psg.com/dns/gn/gn.txt // Submitted by registry <randy(a)psg.com> 2008-06-17 -gn ac.gn com.gn edu.gn @@ -1019,7 +1003,7 @@ org.hk 网絡.hk 组织.hk 組織.hk -組织.hk +組织.hk // hm : http://en.wikipedia.org/wiki/.hm hm @@ -1100,7 +1084,6 @@ id ac.id biz.id co.id -desa.id go.id mil.id my.id @@ -1116,18 +1099,16 @@ gov.ie // il : http://en.wikipedia.org/wiki/.il *.il -// im : https://www.nic.im/ -// Submitted by registry <info(a)nic.im> 2013-11-15 +// im : https://www.nic.im/pdfs/imfaqs.pdf im -ac.im co.im -com.im ltd.co.im +plc.co.im net.im +gov.im org.im -plc.co.im -tt.im -tv.im +nic.im +ac.im // in : http://en.wikipedia.org/wiki/.in // see also: http://www.inregistry.in/policies/ @@ -1199,385 +1180,294 @@ int.is it gov.it edu.it -// Reserved geo-names: +// list of reserved geo-names : // http://www.nic.it/documenti/regolamenti-e-linee-guida/regolamento-assegnazi… -// There is also a list of reserved geo-names corresponding to Italian municipalities -// http://www.nic.it/documenti/appendice-c.pdf, but it is not included here. -// Regions -abr.it -abruzzo.it -aosta-valley.it -aostavalley.it -bas.it -basilicata.it -cal.it -calabria.it -cam.it -campania.it -emilia-romagna.it -emiliaromagna.it -emr.it -friuli-v-giulia.it -friuli-ve-giulia.it -friuli-vegiulia.it -friuli-venezia-giulia.it -friuli-veneziagiulia.it -friuli-vgiulia.it -friuliv-giulia.it -friulive-giulia.it -friulivegiulia.it -friulivenezia-giulia.it -friuliveneziagiulia.it -friulivgiulia.it -fvg.it -laz.it -lazio.it -lig.it -liguria.it -lom.it -lombardia.it -lombardy.it -lucania.it -mar.it -marche.it -mol.it -molise.it -piedmont.it -piemonte.it -pmn.it -pug.it -puglia.it -sar.it -sardegna.it -sardinia.it -sic.it -sicilia.it -sicily.it -taa.it -tos.it -toscana.it -trentino-a-adige.it -trentino-aadige.it -trentino-alto-adige.it -trentino-altoadige.it -trentino-s-tirol.it -trentino-stirol.it -trentino-sud-tirol.it -trentino-sudtirol.it -trentino-sued-tirol.it -trentino-suedtirol.it -trentinoa-adige.it -trentinoaadige.it -trentinoalto-adige.it -trentinoaltoadige.it -trentinos-tirol.it -trentinostirol.it -trentinosud-tirol.it -trentinosudtirol.it -trentinosued-tirol.it -trentinosuedtirol.it -tuscany.it -umb.it -umbria.it -val-d-aosta.it -val-daosta.it -vald-aosta.it -valdaosta.it -valle-aosta.it -valle-d-aosta.it -valle-daosta.it -valleaosta.it -valled-aosta.it -valledaosta.it -vallee-aoste.it -valleeaoste.it -vao.it -vda.it -ven.it -veneto.it -// Provinces -ag.it +// (There is also a list of reserved geo-names corresponding to Italian +// municipalities : http://www.nic.it/documenti/appendice-c.pdf , but it is +// not included here.) agrigento.it -al.it +ag.it alessandria.it -alto-adige.it -altoadige.it -an.it +al.it ancona.it -andria-barletta-trani.it -andria-trani-barletta.it -andriabarlettatrani.it -andriatranibarletta.it -ao.it +an.it aosta.it aoste.it -ap.it -aq.it -aquila.it -ar.it +ao.it arezzo.it +ar.it ascoli-piceno.it ascolipiceno.it +ap.it asti.it at.it -av.it avellino.it -ba.it -balsan.it +av.it bari.it +ba.it +andria-barletta-trani.it +andriabarlettatrani.it +trani-barletta-andria.it +tranibarlettaandria.it barletta-trani-andria.it barlettatraniandria.it +andria-trani-barletta.it +andriatranibarletta.it +trani-andria-barletta.it +traniandriabarletta.it +bt.it belluno.it +bl.it benevento.it +bn.it bergamo.it bg.it -bi.it biella.it -bl.it -bn.it -bo.it +bi.it bologna.it +bo.it bolzano.it bozen.it -br.it +balsan.it +alto-adige.it +altoadige.it +suedtirol.it +bz.it brescia.it -brindisi.it bs.it -bt.it -bz.it -ca.it +brindisi.it +br.it cagliari.it +ca.it caltanissetta.it -campidano-medio.it -campidanomedio.it +cl.it campobasso.it -carbonia-iglesias.it +cb.it carboniaiglesias.it -carrara-massa.it -carraramassa.it +carbonia-iglesias.it +iglesias-carbonia.it +iglesiascarbonia.it +ci.it caserta.it +ce.it catania.it +ct.it catanzaro.it -cb.it -ce.it -cesena-forli.it -cesenaforli.it -ch.it +cz.it chieti.it -ci.it -cl.it -cn.it -co.it +ch.it como.it +co.it cosenza.it -cr.it +cs.it cremona.it +cr.it crotone.it -cs.it -ct.it +kr.it cuneo.it -cz.it +cn.it dell-ogliastra.it dellogliastra.it -en.it +ogliastra.it +og.it enna.it -fc.it +en.it +ferrara.it fe.it fermo.it -ferrara.it -fg.it -fi.it +fm.it firenze.it florence.it -fm.it +fi.it foggia.it +fg.it forli-cesena.it forlicesena.it -fr.it +cesena-forli.it +cesenaforli.it +fc.it frosinone.it -ge.it -genoa.it +fr.it genova.it -go.it +genoa.it +ge.it gorizia.it -gr.it +go.it grosseto.it -iglesias-carbonia.it -iglesiascarbonia.it -im.it +gr.it imperia.it -is.it +im.it isernia.it -kr.it -la-spezia.it +is.it laquila.it +aquila.it +aq.it +la-spezia.it laspezia.it +sp.it latina.it -lc.it -le.it +lt.it lecce.it +le.it lecco.it -li.it +lc.it livorno.it -lo.it +li.it lodi.it -lt.it -lu.it +lo.it lucca.it +lu.it macerata.it +mc.it mantova.it +mn.it massa-carrara.it massacarrara.it +carrara-massa.it +carraramassa.it +ms.it matera.it -mb.it -mc.it -me.it +mt.it medio-campidano.it mediocampidano.it +campidano-medio.it +campidanomedio.it +vs.it messina.it -mi.it -milan.it +me.it milano.it -mn.it -mo.it +milan.it +mi.it modena.it -monza-brianza.it -monza-e-della-brianza.it +mo.it monza.it +monza-brianza.it monzabrianza.it monzaebrianza.it monzaedellabrianza.it -ms.it -mt.it -na.it -naples.it +monza-e-della-brianza.it +mb.it napoli.it -no.it +naples.it +na.it novara.it -nu.it +no.it nuoro.it -og.it -ogliastra.it -olbia-tempio.it -olbiatempio.it -or.it +nu.it oristano.it -ot.it -pa.it +or.it padova.it padua.it +pd.it palermo.it +pa.it parma.it +pr.it pavia.it -pc.it -pd.it -pe.it +pv.it perugia.it +pg.it +pescara.it +pe.it pesaro-urbino.it pesarourbino.it -pescara.it -pg.it -pi.it +urbino-pesaro.it +urbinopesaro.it +pu.it piacenza.it +pc.it pisa.it +pi.it pistoia.it -pn.it -po.it +pt.it pordenone.it +pn.it potenza.it -pr.it -prato.it -pt.it -pu.it -pv.it pz.it -ra.it +prato.it +po.it ragusa.it +rg.it ravenna.it -rc.it -re.it +ra.it reggio-calabria.it -reggio-emilia.it reggiocalabria.it +rc.it +reggio-emilia.it reggioemilia.it -rg.it -ri.it +re.it rieti.it +ri.it rimini.it -rm.it rn.it -ro.it roma.it rome.it +rm.it rovigo.it -sa.it +ro.it salerno.it +sa.it sassari.it +ss.it savona.it -si.it +sv.it siena.it +si.it siracusa.it -so.it -sondrio.it -sp.it sr.it -ss.it -suedtirol.it -sv.it -ta.it +sondrio.it +so.it taranto.it -te.it +ta.it tempio-olbia.it tempioolbia.it +olbia-tempio.it +olbiatempio.it +ot.it teramo.it +te.it terni.it -tn.it -to.it +tr.it torino.it -tp.it -tr.it -trani-andria-barletta.it -trani-barletta-andria.it -traniandriabarletta.it -tranibarlettaandria.it +turin.it +to.it trapani.it -trentino.it +tp.it trento.it +trentino.it +tn.it treviso.it +tv.it trieste.it ts.it -turin.it -tv.it -ud.it udine.it -urbino-pesaro.it -urbinopesaro.it -va.it +ud.it varese.it -vb.it -vc.it -ve.it +va.it venezia.it venice.it +ve.it verbania.it +vb.it vercelli.it +vc.it verona.it -vi.it +vr.it vibo-valentia.it vibovalentia.it +vv.it vicenza.it +vi.it viterbo.it -vr.it -vs.it vt.it -vv.it -// je : http://www.channelisles.net/register-domains/ -// Confirmed by registry <nigel(a)channelisles.net> 2013-11-28 +// je : http://www.channelisles.net/applic/avextn.shtml je co.je -net.je org.je +net.je +sch.je +gov.je // jm : http://www.com.jm/register.html *.jm @@ -1598,7 +1488,7 @@ jobs // jp : http://en.wikipedia.org/wiki/.jp // http://jprs.co.jp/en/jpdomain.html -// Submitted by registry <info(a)jprs.jp> 2014-02-28 +// Updated by registry <info(a)jprs.jp> 2012-05-28 jp // jp organizational type names ac.jp @@ -1702,6 +1592,7 @@ konan.aichi.jp kota.aichi.jp mihama.aichi.jp miyoshi.aichi.jp +nagakute.aichi.jp nishio.aichi.jp nisshin.aichi.jp obu.aichi.jp @@ -2373,6 +2264,7 @@ rikuzentakata.iwate.jp shiwa.iwate.jp shizukuishi.iwate.jp sumita.iwate.jp +takizawa.iwate.jp tanohata.iwate.jp tono.iwate.jp yahaba.iwate.jp @@ -3410,7 +3302,6 @@ edu.kn gov.kn // kp : http://www.kcce.kp/en_index.php -kp com.kp edu.kp gov.kp @@ -3488,7 +3379,6 @@ org.la // lb : http://en.wikipedia.org/wiki/.lb // Submitted by registry <randy(a)psg.com> 2008-06-17 -lb com.lb edu.lb gov.lb @@ -3527,7 +3417,6 @@ hotel.lk // lr : http://psg.com/dns/lr/lr.txt // Submitted by registry <randy(a)psg.com> 2008-06-17 -lr com.lr edu.lr gov.lr @@ -3670,21 +3559,11 @@ mq mr gov.mr -// ms : http://www.nic.ms/pdf/MS_Domain_Name_Rules.pdf +// ms : http://en.wikipedia.org/wiki/.ms ms -com.ms -edu.ms -gov.ms -net.ms -org.ms - -// mt : https://www.nic.org.mt/go/policy -// Submitted by registry <help(a)nic.org.mt> 2013-11-19 -mt -com.mt -edu.mt -net.mt -org.mt + +// mt : https://www.nic.org.mt/dotmt/ +*.mt // mu : http://en.wikipedia.org/wiki/.mu mu @@ -4351,16 +4230,13 @@ other.nf store.nf // ng : http://psg.com/dns/ng/ -ng +// Submitted by registry <randy(a)psg.com> 2008-06-17 +ac.ng com.ng edu.ng -name.ng +gov.ng net.ng org.ng -sch.ng -gov.ng -mil.ng -mobi.ng // ni : http://www.nic.ni/dominios.htm *.ni @@ -4376,7 +4252,7 @@ bv.nl // no : http://www.norid.no/regelverk/index.en.html // The Norwegian registry has declined to notify us of updates. The web pages // referenced below are the official source of the data. There is also an -// announce mailing list: +// announce mailing list: // https://postlister.uninett.no/sympa/info/norid-diskusjon no // Norid generic domains : http://www.norid.no/regelverk/vedlegg-c.en.html @@ -5158,36 +5034,20 @@ com.nr nu // nz : http://en.wikipedia.org/wiki/.nz -// Confirmed by registry <jay(a)nzrs.net.nz> 2014-05-19 -nz -ac.nz -co.nz -cri.nz -geek.nz -gen.nz -govt.nz -health.nz -iwi.nz -kiwi.nz -maori.nz -mil.nz -māori.nz -net.nz -org.nz -parliament.nz -school.nz +*.nz // om : http://en.wikipedia.org/wiki/.om -om -co.om -com.om -edu.om -gov.om -med.om -museum.om -net.om -org.om -pro.om +*.om +!mediaphone.om +!nawrastelecom.om +!nawras.om +!omanmobile.om +!omanpost.om +!omantel.om +!rakpetroleum.om +!siemens.om +!songfest.om +!statecouncil.om // org : http://en.wikipedia.org/wiki/.org org @@ -5642,6 +5502,7 @@ oryol.ru palana.ru penza.ru perm.ru +pskov.ru ptz.ru rnd.ru ryazan.ru @@ -5761,7 +5622,7 @@ gov.sd info.sd // se : http://en.wikipedia.org/wiki/.se -// Submitted by registry <patrik.wallstrom(a)iis.se> 2014-03-18 +// Submitted by registry <Patrik.Wallstrom(a)iis.se> 2008-06-24 se a.se ac.se @@ -5795,6 +5656,7 @@ pp.se press.se r.se s.se +sshn.se t.se tm.se u.se @@ -5825,7 +5687,6 @@ si // sj : No registrations at this time. // Submitted by registry <jarle(a)uninett.no> 2008-06-16 -sj // sk : http://en.wikipedia.org/wiki/.sk // list of 2nd level domains ? @@ -5880,13 +5741,8 @@ store.st // su : http://en.wikipedia.org/wiki/.su su -// sv : http://www.svnet.org.sv/niveldos.pdf -sv -com.sv -edu.sv -gob.sv -org.sv -red.sv +// sv : http://www.svnet.org.sv/svpolicy.html +*.sv // sx : http://en.wikipedia.org/wiki/.sx // Confirmed by registry <jcvignes(a)openregistry.com> 2012-05-31 @@ -6008,10 +5864,6 @@ org.to edu.to mil.to -// tp : No registrations at this time. -// Submitted by Ryan Sleevi <ryan.sleevi(a)gmail.com> 2014-01-03 -tp - // tr : http://en.wikipedia.org/wiki/.tr *.tr !nic.tr @@ -6065,7 +5917,6 @@ club.tw // tz : http://www.tznic.or.tz/index.php/domains // Confirmed by registry <manager(a)tznic.or.tz> 2013-01-22 -tz ac.tz co.tz go.tz @@ -6178,19 +6029,19 @@ com.ug org.ug // uk : http://en.wikipedia.org/wiki/.uk -// Submitted by registry <Michael.Daly(a)nominet.org.uk> -uk -ac.uk -co.uk -gov.uk -ltd.uk -me.uk -net.uk -nhs.uk -org.uk -plc.uk -police.uk +// Submitted by registry <noc(a)nominet.org.uk> 2012-10-02 +// and tweaked by us pending further consultation. +*.uk *.sch.uk +!bl.uk +!british-library.uk +!jet.uk +!mod.uk +!national-library-scotland.uk +!nel.uk +!nic.uk +!nls.uk +!parliament.uk // us : http://en.wikipedia.org/wiki/.us us @@ -6274,7 +6125,7 @@ k12.de.us k12.fl.us k12.ga.us k12.gu.us -// k12.hi.us Bug 614565 - Hawaii has a state-wide DOE login +// k12.hi.us Hawaii has a state-wide DOE login: bug 614565 k12.ia.us k12.id.us k12.il.us @@ -6305,7 +6156,7 @@ k12.pa.us k12.pr.us k12.ri.us k12.sc.us -// k12.sd.us Bug 934131 - Removed at request of James Booze <James.Booze(a)k12.sd.us> +k12.sd.us k12.tn.us k12.tx.us k12.ut.us @@ -6314,7 +6165,7 @@ k12.vt.us k12.va.us k12.wa.us k12.wi.us -// k12.wv.us Bug 947705 - Removed at request of Verne Britton <verne(a)wvnet.edu> +k12.wv.us k12.wy.us cc.ak.us @@ -6382,1654 +6233,360 @@ lib.ca.us lib.co.us lib.ct.us lib.dc.us -lib.de.us -lib.fl.us -lib.ga.us -lib.gu.us -lib.hi.us -lib.ia.us -lib.id.us -lib.il.us -lib.in.us -lib.ks.us -lib.ky.us -lib.la.us -lib.ma.us -lib.md.us -lib.me.us -lib.mi.us -lib.mn.us -lib.mo.us -lib.ms.us -lib.mt.us -lib.nc.us -lib.nd.us -lib.ne.us -lib.nh.us -lib.nj.us -lib.nm.us -lib.nv.us -lib.ny.us -lib.oh.us -lib.ok.us -lib.or.us -lib.pa.us -lib.pr.us -lib.ri.us -lib.sc.us -lib.sd.us -lib.tn.us -lib.tx.us -lib.ut.us -lib.vi.us -lib.vt.us -lib.va.us -lib.wa.us -lib.wi.us -// lib.wv.us Bug 941670 - Removed at request of Larry W Arnold <arnold(a)wvlc.lib.wv.us> -lib.wy.us - -// k12.ma.us contains school districts in Massachusetts. The 4LDs are -// managed indepedently except for private (PVT), charter (CHTR) and -// parochial (PAROCH) schools. Those are delegated dorectly to the -// 5LD operators. <k12-ma-hostmaster _ at _ rsuc.gweep.net> -pvt.k12.ma.us -chtr.k12.ma.us -paroch.k12.ma.us - -// uy : http://www.nic.org.uy/ -uy -com.uy -edu.uy -gub.uy -mil.uy -net.uy -org.uy - -// uz : http://www.reg.uz/ -uz -co.uz -com.uz -net.uz -org.uz - -// va : http://en.wikipedia.org/wiki/.va -va - -// vc : http://en.wikipedia.org/wiki/.vc -// Submitted by registry <kshah(a)ca.afilias.info> 2008-06-13 -vc -com.vc -net.vc -org.vc -gov.vc -mil.vc -edu.vc - -// ve : https://registro.nic.ve/ -// Confirmed by registry 2012-10-04 -// Updated 2014-05-20 - Bug 940478 -ve -arts.ve -co.ve -com.ve -e12.ve -edu.ve -firm.ve -gob.ve -gov.ve -info.ve -int.ve -mil.ve -net.ve -org.ve -rec.ve -store.ve -tec.ve -web.ve - -// vg : http://en.wikipedia.org/wiki/.vg -vg - -// vi : http://www.nic.vi/newdomainform.htm -// http://www.nic.vi/Domain_Rules/body_domain_rules.html indicates some other -// TLDs are "reserved", such as edu.vi and gov.vi, but doesn't actually say they -// are available for registration (which they do not seem to be). -vi -co.vi -com.vi -k12.vi -net.vi -org.vi - -// vn : https://www.dot.vn/vnnic/vnnic/domainregistration.jsp -vn -com.vn -net.vn -org.vn -edu.vn -gov.vn -int.vn -ac.vn -biz.vn -info.vn -name.vn -pro.vn -health.vn - -// vu : http://en.wikipedia.org/wiki/.vu -// http://www.vunic.vu/ -vu -com.vu -edu.vu -net.vu -org.vu - -// wf : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf -wf - -// ws : http://en.wikipedia.org/wiki/.ws -// http://samoanic.ws/index.dhtml -ws -com.ws -net.ws -org.ws -gov.ws -edu.ws - -// yt : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf -yt - -// IDN ccTLDs -// Please sort by ISO 3166 ccTLD, then punicode string -// when submitting patches and follow this format: -// <Punicode> ("<english word>" <language>) : <ISO 3166 ccTLD> -// [optional sponsoring org] -// <URL> - -// xn--mgbaam7a8h ("Emerat" Arabic) : AE -// http://nic.ae/english/arabicdomain/rules.jsp -امارات - -// xn--54b7fta0cc ("Bangla" Bangla) : BD -বাংলা - -// xn--fiqs8s ("China" Chinese-Han-Simplified <.Zhongguo>) : CN -// CNNIC -// http://cnnic.cn/html/Dir/2005/10/11/3218.htm -中国 - -// xn--fiqz9s ("China" Chinese-Han-Traditional <.Zhongguo>) : CN -// CNNIC -// http://cnnic.cn/html/Dir/2005/10/11/3218.htm -中國 - -// xn--lgbbat1ad8j ("Algeria / Al Jazair" Arabic) : DZ -الجزائر - -// xn--wgbh1c ("Egypt" Arabic .masr) : EG -// http://www.dotmasr.eg/ -مصر - -// xn--node ("ge" Georgian (Mkhedruli)) : GE -გე - -// xn--j6w193g ("Hong Kong" Chinese-Han) : HK -// https://www2.hkirc.hk/register/rules.jsp -香港 - -// xn--h2brj9c ("Bharat" Devanagari) : IN -// India -भारत - -// xn--mgbbh1a71e ("Bharat" Arabic) : IN -// India -بھارت - -// xn--fpcrj9c3d ("Bharat" Telugu) : IN -// India -భారత్ - -// xn--gecrj9c ("Bharat" Gujarati) : IN -// India -ભારત - -// xn--s9brj9c ("Bharat" Gurmukhi) : IN -// India -ਭਾਰਤ - -// xn--45brj9c ("Bharat" Bengali) : IN -// India -ভারত - -// xn--xkc2dl3a5ee0h ("India" Tamil) : IN -// India -இந்தியா - -// xn--mgba3a4f16a ("Iran" Persian) : IR -ایران - -// xn--mgba3a4fra ("Iran" Arabic) : IR -ايران - -// xn--mgbayh7gpa ("al-Ordon" Arabic) : JO -// National Information Technology Center (NITC) -// Royal Scientific Society, Al-Jubeiha -الاردن - -// xn--3e0b707e ("Republic of Korea" Hangul) : KR -한국 - -// xn--80ao21a ("Kaz" Kazakh) : KZ -қаз - -// xn--fzc2c9e2c ("Lanka" Sinhalese-Sinhala) : LK -// http://nic.lk -ලංකා - -// xn--xkc2al3hye2a ("Ilangai" Tamil) : LK -// http://nic.lk -இலங்கை - -// xn--mgbc0a9azcg ("Morocco / al-Maghrib" Arabic) : MA -المغرب - -// xn--l1acc ("mon" Mongolian) : MN -мон - -// xn--mgbx4cd0ab ("Malaysia" Malay) : MY -مليسيا - -// xn--mgb9awbf ("Oman" Arabic) : OM -عمان - -// xn--ygbi2ammx ("Falasteen" Arabic) : PS -// The Palestinian National Internet Naming Authority (PNINA) -// http://www.pnina.ps -فلسطين - -// xn--90a3ac ("srb" Cyrillic) : RS -// http://www.rnids.rs/en/the-.срб-domain -срб -пр.срб -орг.срб -обр.срб -од.срб -упр.срб -ак.срб - -// xn--p1ai ("rf" Russian-Cyrillic) : RU -// http://www.cctld.ru/en/docs/rulesrf.php -рф - -// xn--wgbl6a ("Qatar" Arabic) : QA -// http://www.ict.gov.qa/ -قطر - -// xn--mgberp4a5d4ar ("AlSaudiah" Arabic) : SA -// http://www.nic.net.sa/ -السعودية - -// xn--mgberp4a5d4a87g ("AlSaudiah" Arabic) variant : SA -السعودیة - -// xn--mgbqly7c0a67fbc ("AlSaudiah" Arabic) variant : SA -السعودیۃ - -// xn--mgbqly7cvafr ("AlSaudiah" Arabic) variant : SA -السعوديه - -// xn--ogbpf8fl ("Syria" Arabic) : SY -سورية - -// xn--mgbtf8fl ("Syria" Arabic) variant : SY -سوريا - -// xn--yfro4i67o Singapore ("Singapore" Chinese-Han) : SG -新加坡 - -// xn--clchc0ea0b2g2a9gcd ("Singapore" Tamil) : SG -சிங்கப்பூர் - -// xn--o3cw4h ("Thai" Thai) : TH -// http://www.thnic.co.th -ไทย - -// xn--pgbs0dh ("Tunis") : TN -// http://nic.tn -تونس - -// xn--kpry57d ("Taiwan" Chinese-Han-Traditional) : TW -// http://www.twnic.net/english/dn/dn_07a.htm -台灣 - -// xn--kprw13d ("Taiwan" Chinese-Han-Simplified) : TW -// http://www.twnic.net/english/dn/dn_07a.htm -台湾 - -// xn--nnx388a ("Taiwan") variant : TW -臺灣 - -// xn--j1amh ("ukr" Cyrillic) : UA -укр - -// xn--mgb2ddes ("AlYemen" Arabic) : YE -اليمن - -// xxx : http://icmregistry.com -xxx - -// ye : http://www.y.net.ye/services/domain_name.htm -*.ye - -// za : http://www.zadna.org.za/slds.html -*.za - -// zm : http://en.wikipedia.org/wiki/.zm -*.zm - -// zw : http://en.wikipedia.org/wiki/.zw -*.zw - - -// xn--80asehdb : 2013-07-14 CORE Association -онлайн - -// xn--80aswg : 2013-07-14 CORE Association -сайт - -// xn--ngbc5azd : 2013-07-14 International Domain Registry Pty. Ltd. -شبكة - -// xn--unup4y : 2013-07-14 Spring Fields, LLC -游戏 - -// xn--vhquv : 2013-08-28 Dash McCook, LLC -企业 - -// camera : 2013-08-28 Atomic Maple, LLC -camera - -// clothing : 2013-08-28 Steel Lake, LLC -clothing - -// lighting : 2013-08-28 John McCook, LLC -lighting - -// singles : 2013-08-28 Fern Madison, LLC -singles - -// ventures : 2013-08-28 Binky Lake, LLC -ventures - -// voyage : 2013-08-28 Ruby House, LLC -voyage - -// guru : 2013-08-28 Pioneer Cypress, LLC -guru - -// holdings : 2013-08-28 John Madison, LLC -holdings - -// equipment : 2013-08-28 Corn Station, LLC -equipment - -// bike : 2013-08-28 Grand Hollow, LLC -bike - -// estate : 2013-08-28 Trixy Park, LLC -estate - -// tattoo : 2013-08-30 Uniregistry,Corp. -tattoo - -// xn--3ds443g : 2013-09-09 TLD Registry Limited -在线 - -// xn--fiq228c5hs : 2013-09-09 TLD Registry Limited -中文网 - -// land : 2013-09-10 Pine Moon, LLC -land - -// plumbing : 2013-09-10 Spring Tigers, LLC -plumbing - -// contractors : 2013-09-10 Magic Woods, LLC -contractors - -// sexy : 2013-09-11 Uniregistry,Corp. -sexy - -// menu : 2013-09-11 Wedding TLD2, LLC -menu - -// xn--rhqv96g : 2013-09-11 Stable Tone Limited -世界 - -// uno : 2013-09-11 Dot Latin, LLC -uno - -// gallery : 2013-09-13 Sugar House, LLC -gallery - -// technology : 2013-09-13 Auburn Falls -technology - -// xn--3bst00m : 2013-09-13 Eagle Horizon Limited -集团 - -// reviews : 2013-09-13 Extra Cover, LLC -reviews - -// guide : 2013-09-13 Snow Moon, LLC -guide - -// xn--6qq986b3x1 : 2013-09-13 Tycoon Treasure Limited -我爱你 - -// graphics : 2013-09-13 Over Madison, LLC -graphics - -// construction : 2013-09-13 Fox Dynamite, LLC -construction - -// onl : 2013-09-16 I-Registry Ltd. -onl - -// xn--q9jyb4c : 2013-09-17 Charleston Road Registry -みんな - -// diamonds : 2013-09-23 John Edge, LLC -diamonds - -// kiwi : 2013-09-23 Dot Kiwi Limited -kiwi - -// enterprises : 2013-09-23 Snow Oaks LLC -enterprises - -// today : 2013-09-23 Pearl Woods, LLC -today - -// futbol : 2013-09-23 Atomic Falls, LLC -futbol - -// photography : 2013-09-23 Sugar Glen, LLC -photography - -// tips : 2013-09-23 Corn Willow, LLC -tips - -// directory : 2013-09-23 Extra Madison, LLC -directory - -// kitchen : 2013-09-23 Just Goodbye, LLC -kitchen - -// xn--6frz82g : 2013-09-24 Afilias Limited -移动 - -// kim : 2013-09-24 Afilias Limited -kim - -// xn--cg4bki : 2013-09-27 Samsung SDS Co., LTD -삼성 - -// monash : 2013-10-01 Monash University -monash - -// wed : 2013-10-02 Atgron, Inc. -wed - -// pink : 2013-10-02 Afilias Limited -pink - -// ruhr : 2013-10-02 regiodot GmbH & Co. KG -ruhr - -// buzz : 2013-10-03 DOTSTRATEGY CO. -buzz - -// careers : 2013-10-03 Wild Corner, LLC -careers - -// shoes : 2013-10-03 Binky Galley, LLC -shoes - -// xn--4gbrim : 2013-10-07 Suhub Electronic Establishment -موقع - -// career : 2013-10-09 dotCareer, LLC -career - -// otsuka : 2013-10-11 Otsuka Holdings Co. Ltd. -otsuka - -// xn--fiQ64b : 2013-10-14 CITIC Group Corporation -中信 - -// gift : 2013-10-18 Uniregistry Corp. -gift - -// recipes : 2013-10-18 Grand Island, LLC -recipes - -// coffee : 2013-10-18 Trixy Cover, LLC -coffee - -// luxury : 2013-10-18 Luxury Partners, LLC -luxury - -// domains : 2013-10-18 Sugar Cross, LLC -domains - -// photos : 2013-10-18 Sea Corner, LLC -photos - -// limo : 2013-10-18 Hidden Frostbite, LLC -limo - -// viajes : 2013-10-18 Black Madison, LLC -viajes - -// wang : 2013-10-24 Zodiac Leo Limited -wang - -// democrat : 2013-10-24 United TLD Holdco Ltd. -democrat - -// mango : 2013-10-25 PUNTO FA S.L. -mango - -// cab : 2013-10-25 Half Sunset, LLC -cab - -// support : 2013-10-25 Grand Orchard, LLC -support - -// dance : 2013-10-25 United TLD Holdco Ltd. -dance - -// nagoya : 2013-10-25 GMO Registry, Inc. -nagoya - -// computer : 2013-10-25 Pine Mill, LLC -computer - -// wien : 2013-10-28 punkt.wien GmbH -wien - -// berlin : 2013-10-31 dotBERLIN GmbH & Co. KG -berlin - -// codes : 2013-10-31 Puff Willow, LLC -codes - -// email : 2013-10-31 Spring Madison, LLC -email - -// xn--mgbab2bd : 2013-10-31 CORE Association -بازار - -// repair : 2013-11-07 Lone Sunset, LLC -repair - -// holiday : 2013-11-07 Goose Woods, LLC -holiday - -// center : 2013-11-07 Tin Mill, LLC -center - -// systems : 2013-11-07 Dash Cypress, LLC -systems - -// wiki : 2013-11-07 Top Level Design, LLC -wiki - -// ceo : 2013-11-07 CEOTLD Pty Ltd -ceo - -// international : 2013-11-07 Wild Way, LLC -international - -// solar : 2013-11-07 Ruby Town, LLC -solar - -// company : 2013-11-07 Silver Avenue, LLC -company - -// education : 2013-11-07 Brice Way, LLC -education - -// training : 2013-11-07 Wild Willow, LLC -training - -// academy : 2013-11-07 Half Oaks, LLC -academy - -// marketing : 2013-11-07 Fern Pass, LLC -marketing - -// florist : 2013-11-08 Half Cypress, LLC -florist - -// solutions : 2013-11-07 Silver Cover, LLC -solutions - -// build : 2013-11-07 Plan Bee LLC -build - -// institute : 2013-11-07 Outer Maple, LLC -institute - -// builders : 2013-11-07 Atomic Madison, LLC -builders - -// red : 2013-11-07 Afilias Limited -red - -// blue : 2013-11-07 Afilias Limited -blue - -// ninja : 2013-11-07 United TLD Holdco Ltd. -ninja - -// business : 2013-11-07 Spring Cross, LLC -business - -// gal : 2013-11-07 Asociación puntoGAL -gal - -// social : 2013-11-07 United TLD Holdco Ltd. -social - -// house : 2013-11-07 Sugar Park, LLC -house - -// camp : 2013-11-07 Delta Dynamite, LLC -camp - -// immobilien : 2013-11-07 United TLD Holdco Ltd. -immobilien - -// moda : 2013-11-07 United TLD Holdco Ltd. -moda - -// glass : 2013-11-07 Black Cover, LLC -glass - -// management : 2013-11-07 John Goodbye, LLC -management - -// kaufen : 2013-11-07 United TLD Holdco Ltd. -kaufen - -// farm : 2013-11-07 Just Maple, LLC -farm - -// xn--55qw42g : 2013-11-08 China Organizational Name Administration Center -公益 - -// xn--zfr164b : 2013-11-08 China Organizational Name Administration Center -政务 - -// club : 2013-11-08 .CLUB DOMAINS, LLC -club - -// voting : 2013-11-13 Valuetainment Corp. -voting - -// TOKYO : 2013-11-13 GMO Registry, Inc. -tokyo - -// moe : 2013-11-13 Interlink Co., Ltd. -moe - -// guitars : 2013-11-14 Uniregistry, Corp. -guitars - -// bargains : 2013-11-14 Half Hallow, LLC -bargains - -// xn--nqv7fs00ema : 2013-11-14 Public Interest Registry -组织机构 - -// desi : 2013-11-14 Desi Networks LLC -desi - -// cool : 2013-11-14 Koko Lake, LLC -cool - -// boutique : 2013-11-14 Over Galley, LLC -boutique - -// pics : 2013-11-14 Uniregistry, Corp. -pics - -// xn--c1avg : 2013-11-14 Public Interest Registry -орг - -// xn--55qx5d : 2013-11-14 Computer Network Information Center of Chinese Academy of Sciences （China Internet Network Information Center） -公司 - -// xn--io0a7i : 2013-11-14 Computer Network Information Center of Chinese Academy of Sciences （China Internet Network Information Center） -网络 - -// cheap : 2013-11-14 Sand Cover, LLC -cheap - -// xn--xhq521b : 2013-11-14 Guangzhou YU Wei Information Technology Co., Ltd. -广东 - -// photo : 2013-11-14 Uniregistry, Corp. -photo - -// network : 2013-11-14 Trixy Manor, LLC -network - -// zone : 2013-11-14 Outer Falls, LLC -zone - -// xn--nqv7f : 2013-11-14 Public Interest Registry -机构 - -// link : 2013-11-14 Uniregistry, Corp. -link - -// QPON : 2013-11-14 dotCOOL, Inc. -qpon - -// xn--i1b6b1a6a2e : 2013-11-14 Public Interest Registry -संगठन - -// agency : 2013-11-14 Steel Falls, LLC -agency - -// tienda : 2013-11-14 Victor Manor, LLC -tienda - -// works : 2013-11-14 Little Dynamite, LLC -works - -// london : 2013-11-14 Dot London Domains Limited -london - -// watch : 2013-11-14 Sand Shadow, LLC -watch - -// rocks : 2013-11-14 Ruby Moon, LLC -rocks - -// SHIKSHA : 2013-11-14 Afilias Limited -shiksha - -// xn--d1acj3b : 2013-11-21 The Foundation for Network Initiatives “The Smart Internet” -дети - -// budapest : 2013-11-21 Top Level Domain Holdings Limited -budapest - -// nrw : 2013-11-21 Minds + Machines GmbH -nrw - -// VOTE : 2013-11-21 Monolith Registry LLC -vote - -// fishing : 2013-11-21 Top Level Domain Holdings Limited -fishing - -// expert : 2013-11-21 Magic Pass, LLC -expert - -// horse : 2013-11-21 Top Level Domain Holdings Limited -horse - -// christmas : 2013-11-21 Uniregistry, Corp. -christmas - -// cooking : 2013-11-21 Top Level Domain Holdings Limited -cooking - -// xn--czru2d : 2013-11-21 Zodiac Capricorn Limited -商城 - -// casa : 2013-11-21 Top Level Domain Holdings Limited -casa - -// rich : 2013-11-21 I-REGISTRY Ltd., Niederlassung Deutschland -rich - -// VOTO : 2013-11-21 Monolith Registry LLC -voto - -// tools : 2013-11-21 Pioneer North, LLC -tools - -// xn--45q11c : 2013-11-21 Zodiac Scorpio Limited -八卦 - -// praxi : 2013-12-05 Praxi S.p.A. -praxi - -// events : 2013-12-05 Pioneer Maple, LLC -events - -// flights : 2013-12-05 Fox Station, LLC -flights - -// report : 2013-12-05 Binky Glen, LLC -report - -// partners : 2013-12-05 Magic Glen, LLC -partners - -// neustar : 2013-12-05 NeuStar, Inc. -neustar - -// rentals : 2013-12-05 Big Hollow,LLC -rentals - -// catering : 2013-12-05 New Falls. LLC -catering - -// community : 2013-12-05 Fox Orchard, LLC -community - -// maison : 2013-12-05 Victor Frostbite, LLC -maison - -// parts : 2013-12-05 Sea Goodbye, LLC -parts - -// cleaning : 2013-12-05 Fox Shadow, LLC -cleaning - -// okinawa : 2013-12-05 BusinessRalliart inc. -okinawa - -// foundation : 2013-12-05 John Dale, LLC -foundation - -// properties : 2013-12-05 Big Pass, LLC -properties - -// vacations : 2013-12-05 Atomic Tigers, LLC -vacations - -// productions : 2013-12-05 Magic Birch, LLC -productions - -// industries : 2013-12-05 Outer House, LLC -industries - -// haus : 2013-12-05 Pixie Edge, LLC -haus - -// vision : 2013-12-05 Koko Station, LLC -vision - -// mormon : 2013-12-05 IRI Domain Management, LLC (""Applicant"") -mormon - -// cards : 2013-12-05 Foggy Hollow, LLC -cards - -// ink : 2013-12-05 Top Level Design, LLC -ink - -// villas : 2013-12-05 New Sky, LLC -villas - -// consulting : 2013-12-05 Pixie Station, LLC -consulting - -// cruises : 2013-12-05 Spring Way, LLC -cruises - -// krd : 2013-12-05 KRG Department of Information Technology -krd - -// xyz : 2013-12-05 XYZ.COM LLC -xyz - -// dating : 2013-12-05 Pine Fest, LLC -dating - -// exposed : 2013-12-05 Victor Beach, LLC -exposed - -// condos : 2013-12-05 Pine House, LLC -condos - -// eus : 2013-12-12 Puntueus Fundazioa -eus - -// Caravan : 2013-12-12 Caravan International, Inc. -caravan - -// actor : 2013-12-12 United TLD Holdco Ltd. -actor - -// saarland : 2013-12-12 dotSaarland GmbH -saarland - -// yokohama : 2013-12-12 GMO Registry, Inc. -yokohama - -// pub : 2013-12-12 United TLD Holdco Ltd. -pub - -// xn--p1acf : 2013-12-12 Rusnames Limited -рус - -// ren : 2013-12-12 Beijing Qianxiang Wangjing Technology Development Co., Ltd. -ren - -// fish : 2013-12-12 Fox Woods, LLC -fish - -// BAR : 2013-12-12 Punto 2012 Sociedad Anonima Promotora de Inversion de Capital Variable -bar - -// DNP : 2013-12-13 Dai Nippon Printing Co., Ltd. -dnp - -// bid : 2013-12-19 dot Bid Limited -bid - -// supply : 2013-12-19 Half Falls, LLC -supply - -// Miami : 2013-12-19 Top Level Domain Holdings Limited -miami - -// supplies : 2013-12-19 Atomic Fields, LLC -supplies - -// quebec : 2013-12-19 PointQuébec Inc -quebec - -// MOSCOW : 2013-12-19 Foundation for Assistance for Internet Technologies and Infrastructure Development (FAITID) -moscow - -// globo : 2013-12-19 Globo Comunicação e Participações S.A -globo - -// AXA : 2013-12-19 AXA SA -axa - -// xn--80adxhks : 2013-12-19 Foundation for Assistance for Internet Technologies and Infrastructure Development (FAITID) -москва - -// xn--czrs0t : 2013-12-19 Wild Island, LLC -商店 - -// vodka : 2013-12-19 Top Level Domain Holdings Limited -vodka - -// REST : 2013-12-19 Punto 2012 Sociedad Anonima Promotora de Inversion de Capital Variable -rest - -// frogans : 2013-12-19 OP3FT -frogans - -// WTC : 2013-12-19 World Trade Centers Association, Inc. -wtc - -// rodeo : 2013-12-19 Top Level Domain Holdings Limited -rodeo - -// sohu : 2013-12-19 Sohu.com Limited -sohu - -// BEST : 2013-12-19 BestTLD Pty Ltd -best - -// country : 2013-12-19 Top Level Domain Holdings Limited -country - -// KRED : 2013-12-19 KredTLD Pty Ltd -kred - -// feedback : 2013-12-19 Top Level Spectrum, Inc. -feedback - -// work : 2013-12-19 Top Level Domain Holdings Limited -work - -// luxe : 2014-01-09 Top Level Domain Holdings Limited -luxe - -// ryukyu : 2014-01-09 BusinessRalliart inc. -ryukyu - -// autos : 2014-01-09 DERAutos, LLC -autos - -// homes : 2014-01-09 DERHomes, LLC -homes - -// jetzt : 2014-01-09 New TLD Company AB -jetzt - -// yachts : 2014-01-09 DERYachts, LLC -yachts - -// motorcycles : 2014-01-09 DERMotorcycles, LLC -motorcycles - -// mini : 2014-01-09 Bayerische Motoren Werke Aktiengesellschaft -mini - -// ggee : 2014-01-09 GMO Internet, Inc. -ggee - -// beer : 2014-01-09 Top Level Domain Holdings Limited -beer - -// xn--1qqw23a : 2014-01-13 Guangzhou YU Wei Information Technology Co., Ltd. -佛山 - -// college : 2014-01-16 XYZ.COM LLC -college - -// ovh : 2014-01-16 OVH SAS -ovh - -// meet : 2014-01-16 Afilias Limited -meet - -// xn--ses554g : 2014-01-16 HU YI GLOBAL INFORMATION RESOURCES (HOLDING) COMPANY. HONGKONG LIMITED -网址 - -// gop : 2014-01-16 Republican State Leadership Committee, Inc. -gop - -// blackfriday : 2014-01-16 Uniregistry, Corp. -blackfriday - -// lacaixa : 2014-01-16 CAIXA D'ESTALVIS I PENSIONS DE BARCELONA -lacaixa - -// xn--czr694b : 2014-01-16 HU YI GLOBAL INFORMATION RESOURCES(HOLDING) COMPANY.HONGKONG LIMITED -商标 - -// vegas : 2014-01-16 Dot Vegas, Inc. -vegas - -// black : 2014-01-16 Afilias Limited -black - -// soy : 2014-01-23 Charleston Road Registry Inc. -soy - -// trade : 2014-01-23 Elite Registry Limited -trade - -// gent : 2014-01-23 COMBELL GROUP NV/SA -gent - -// ing : 2014-01-23 Charleston Road Registry Inc. -ing - -// dad : 2014-01-23 Charleston Road Registry Inc. -dad - -// shriram : 2014-01-23 Shriram Capital Ltd. -shriram - -// bayern : 2014-01-23 Bayern Connect GmbH -bayern - -// scot : 2014-01-23 Dot Scot Registry Limited -scot - -// webcam : 2014-01-23 dot Webcam Limited -webcam - -// foo : 2014-01-23 Charleston Road Registry Inc. -foo - -// eat : 2014-01-23 Charleston Road Registry Inc. -eat - -// nyc : 2014-01-23 The City of New York -nyc - -// prod : 2014-01-23 Charleston Road Registry Inc. -prod - -// how : 2014-01-23 Charleston Road Registry Inc. -how - -// day : 2014-01-30 Charleston Road Registry Inc. -day - -// meme : 2014-01-30 Charleston Road Registry Inc. -meme - -// mov : 2014-01-30 Charleston Road Registry Inc. -mov - -// paris : 2014-01-30 City of Paris -paris - -// boo : 2014-01-30 Charleston Road Registry Inc. -boo - -// new : 2014-01-30 Charleston Road Registry Inc. -new - -// ifm : 2014-01-30 ifm electronic gmbh -ifm - -// life : 2014-02-06 Trixy Oaks, LLC -life - -// archi : 2014-02-06 STARTING DOT LIMITED -archi - -// spiegel : 2014-02-06 SPIEGEL-Verlag Rudolf Augstein GmbH & Co. KG -spiegel - -// brussels : 2014-02-06 DNS.be vzw -brussels - -// church : 2014-02-06 Holly Fileds, LLC -church - -// here : 2014-02-06 Charleston Road Registry Inc. -here - -// dabur : 2014-02-06 Dabur India Limited -dabur - -// vlaanderen : 2014-02-06 DNS.be vzw -vlaanderen - -// cologne : 2014-02-06 NetCologne Gesellschaft für Telekommunikation mbH -cologne - -// xn--kput3i : 2014-02-13 Beijing RITT-Net Technology Development Co., Ltd -手机 - -// wme : 2014-02-13 William Morris Endeavor Entertainment, LLC -wme - -// nhk : 2014-02-13 Japan Broadcasting Corporation (NHK) -nhk - -// suzuki : 2014-02-20 SUZUKI MOTOR CORPORATION -suzuki - -// whoswho : 2014-02-20 Who's Who Registry -whoswho - -// scb : 2014-02-20 The Siam Commercial Bank Public Company Limited ("SCB""\) -scb - -// hamburg : 2014-02-20 Hamburg Top-Level-Domain GmbH -hamburg - -// services : 2014-02-27 Fox Castle, LLC -services - -// bzh : 2014-02-27 Association www.bzh -bzh - -// rio : 2014-02-27 Empresa Municipal de Informática SA - IPLANRIO -rio - -// cash : 2014-03-07 Delta Lake, LLC -cash - -// gives : 2014-03-07 United TLD Holdco Ltd. -gives - -// hiphop : 2014-03-07 Uniregistry, Corp. -hiphop - -// degree : 2014-03-07 Puff House, LLC -degree - -// digital : 2014-03-07 Dash Park, LLC -digital - -// rehab : 2014-03-07 United TLD Holdco Ltd. -rehab - -// wtf : 2014-03-07 Hidden Way, LLC -wtf - -// financial : 2014-03-07 Just Cover, LLC -financial - -// limited : 2014-03-07 Big Fest, LLC -limited - -// discount : 2014-03-07 Holly Hill, LLC -discount - -// fail : 2014-03-07 Atomic Pipe, LLC -fail - -// vet : 2014-03-07 Wild Dale, LLC -vet - -// ngo : 2014-03-07 Public Interest Registry -ngo - -// fitness : 2014-03-07 Brice Orchard, LLC -fitness - -// schule : 2014-03-07 Outer Moon, LLC -schule - -// navy : 2014-03-07 United TLD Holdco Ltd. -navy - -// bio : 2014-03-07 STARTING DOT LIMITED -bio - -// ong : 2014-03-07 Public Interest Registry -ong - -// town : 2014-03-07 Koko Moon, LLC -town - -// toys : 2014-03-07 Pioneer Orchard, LLC -toys - -// army : 2014-03-07 United TLD Holdco Ltd. -army - -// engineering : 2014-03-07 Romeo Canyon -engineering - -// capital : 2014-03-07 Delta Mill, LLC -capital - -// exchange : 2014-03-07 Spring Falls, LLC -exchange - -// fan : 2014-03-07 Goose Glen, LLC -fan - -// market : 2014-03-07 Victor Way, LLC -market - -// media : 2014-03-07 Grand Glen, LLC -media - -// lease : 2014-03-07 Victor Trail, LLC -lease - -// university : 2014-03-07 Little Station, LLC -university - -// reisen : 2014-03-07 New Cypress, LLC -reisen - -// airforce : 2014-03-07 United TLD Holdco Ltd. -airforce - -// pictures : 2014-03-07 Foggy Sky, LLC -pictures - -// gripe : 2014-03-07 Corn Sunset, LLC -gripe - -// engineering : 2014-03-07 United TLD Holdco Ltd. -engineering - -// associates : 2014-03-07 Baxter Hill, LLC -associates - -// xn--mxtq1m : 2014-03-07 Net-Chinese Co., Ltd. -政府 - -// williamhill : 2014-03-13 William Hill Organization Limited -williamhill - -// hiv : 2014-03-13 dotHIV gemeinnuetziger e.V. -hiv - -// sca : 2014-03-13 SVENSKA CELLULOSA AKTIEBOLAGET SCA (publ) -sca - -// reise : 2014-03-13 dotreise GmbH -reise - -// accountants : 2014-03-20 Knob Town, LLC -accountants - -// clinic : 2014-03-20 Goose Park, LLC -clinic - -// versicherung : 2014-03-20 dotversicherung-registry GmbH -versicherung - -// top : 2014-03-20 Jiangsu Bangning Science & Technology Co.,Ltd. -top - -// furniture : 2014-03-20 Lone Fields, LLC -furniture - -// dental : 2014-03-20 Tin Birch, LLC -dental - -// fund : 2014-03-20 John Castle, LLC -fund - -// creditcard : 2014-03-20 Binky Frostbite, LLC -creditcard - -// insure : 2014-03-20 Pioneer Willow, LLC -insure - -// audio : 2014-03-20 Uniregistry, Corp. -audio - -// claims : 2014-03-20 Black Corner, LLC -claims - -// loans : 2014-03-20 June Woods, LLC -loans - -// auction : 2014-03-20 Sand Galley, LLC -auction - -// attorney : 2014-03-20 Victor North, LLC -attorney - -// finance : 2014-03-20 Cotton Cypress, LLC -finance - -// investments : 2014-03-20 Holly Glen, LLC -investments - -// juegos : 2014-03-20 Uniregistry, Corp. -juegos - -// dentist : 2014-03-20 Outer Lake, LLC -dentist - -// lds : 2014-03-20 IRI Domain Management, LLC -lds - -// lawyer : 2014-03-20 Atomic Station, LLC -lawyer - -// surgery : 2014-03-20 Tin Avenue, LLC -surgery - -// gratis : 2014-03-20 Pioneer Tigers, LLC -gratis - -// software : 2014-03-20 Over Birch, LLC -software - -// mortgage : 2014-03-20 Outer Gardens, LLC -mortgage - -// republican : 2014-03-20 United TLD Holdco Ltd. -republican - -// credit : 2014-03-20 Snow Shadow, LLC -credit - -// tax : 2014-03-20 Storm Orchard, LLC -tax - -// africa : 2014-03-24 ZA Central Registry NPC trading as Registry.Africa -africa - -// joburg : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry -joburg - -// durban : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry -durban - -// capetown : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry -capetown - -// sap : 2014-03-27 SAP AG -sap - -// datsun : 2014-03-27 NISSAN MOTOR CO., LTD. -datsun - -// infiniti : 2014-03-27 NISSAN MOTOR CO., LTD. -infiniti - -// firmdale : 2014-03-27 Firmdale Holdings Limited -firmdale - -// organic : 2014-03-27 Afilias Limited -organic - -// nissan : 2014-03-27 NISSAN MOTOR CO., LTD. -nissan +lib.de.us +lib.fl.us +lib.ga.us +lib.gu.us +lib.hi.us +lib.ia.us +lib.id.us +lib.il.us +lib.in.us +lib.ks.us +lib.ky.us +lib.la.us +lib.ma.us +lib.md.us +lib.me.us +lib.mi.us +lib.mn.us +lib.mo.us +lib.ms.us +lib.mt.us +lib.nc.us +lib.nd.us +lib.ne.us +lib.nh.us +lib.nj.us +lib.nm.us +lib.nv.us +lib.ny.us +lib.oh.us +lib.ok.us +lib.or.us +lib.pa.us +lib.pr.us +lib.ri.us +lib.sc.us +lib.sd.us +lib.tn.us +lib.tx.us +lib.ut.us +lib.vi.us +lib.vt.us +lib.va.us +lib.wa.us +lib.wi.us +lib.wv.us +lib.wy.us -// website : 2014-04-03 DotWebsite Inc. -website +// k12.ma.us contains school districts in Massachusetts. The 4LDs are +// managed indepedently except for private (PVT), charter (CHTR) and +// parochial (PAROCH) schools. Those are delegated dorectly to the +// 5LD operators. <k12-ma-hostmaster _ at _ rsuc.gweep.net> +pvt.k12.ma.us +chtr.k12.ma.us +paroch.k12.ma.us -// space : 2014-04-03 DotSpace Inc. -space +// uy : http://www.nic.org.uy/ +uy +com.uy +edu.uy +gub.uy +mil.uy +net.uy +org.uy -// schmidt : 2014-04-03 SALM S.A.S. -schmidt +// uz : http://www.reg.uz/ +uz +co.uz +com.uz +net.uz +org.uz -// cuisinella : 2014-04-03 SALM S.A.S. -cuisinella +// va : http://en.wikipedia.org/wiki/.va +va -// samsung : 2014-04-03 SAMSUNG SDS CO., LTD -samsung +// vc : http://en.wikipedia.org/wiki/.vc +// Submitted by registry <kshah(a)ca.afilias.info> 2008-06-13 +vc +com.vc +net.vc +org.vc +gov.vc +mil.vc +edu.vc -// crs : 2014-04-03 Federated Co operatives Limited -crs +// ve : https://registro.nic.ve/ +// Confirmed by registry 2012-10-04 +ve +co.ve +com.ve +e12.ve +edu.ve +gov.ve +info.ve +mil.ve +net.ve +org.ve +web.ve -// doosan : 2014-04-03 Doosan Corporation -doosan +// vg : http://en.wikipedia.org/wiki/.vg +vg -// press : 2014-04-03 DotPress Inc. -press +// vi : http://www.nic.vi/newdomainform.htm +// http://www.nic.vi/Domain_Rules/body_domain_rules.html indicates some other +// TLDs are "reserved", such as edu.vi and gov.vi, but doesn't actually say they +// are available for registration (which they do not seem to be). +vi +co.vi +com.vi +k12.vi +net.vi +org.vi -// emerck : 2014-04-03 Merck KGaA -emerck +// vn : https://www.dot.vn/vnnic/vnnic/domainregistration.jsp +vn +com.vn +net.vn +org.vn +edu.vn +gov.vn +int.vn +ac.vn +biz.vn +info.vn +name.vn +pro.vn +health.vn -// erni : 2014-04-03 ERNI Group Holding AG -erni +// vu : http://en.wikipedia.org/wiki/.vu +// list of 2nd level tlds ? +vu -// direct : 2014-04-10 Half Trail, LLC -direct +// wf : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf +wf -// yandex : 2014-04-10 YANDEX, LLC -yandex +// ws : http://en.wikipedia.org/wiki/.ws +// http://samoanic.ws/index.dhtml +ws +com.ws +net.ws +org.ws +gov.ws +edu.ws -// lotto : 2014-04-10 Afilias Limited -lotto +// yt : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf +yt -// toshiba : 2014-04-10 TOSHIBA Corporation -toshiba +// IDN ccTLDs +// Please sort by ISO 3166 ccTLD, then punicode string +// when submitting patches and follow this format: +// <Punicode> ("<english word>" <language>) : <ISO 3166 ccTLD> +// [optional sponsoring org] +// <URL> -// bauhaus : 2014-04-17 Werkhaus GmbH -bauhaus +// xn--mgbaam7a8h ("Emerat" Arabic) : AE +// http://nic.ae/english/arabicdomain/rules.jsp +امارات -// host : 2014-04-17 DotHost Inc. -host +// xn--54b7fta0cc ("Bangla" Bangla) : BD +বাংলা -// ltda : 2014-04-17 DOMAIN ROBOT SERVICOS DE HOSPEDAGEM NA INTERNET LTDA -ltda +// xn--fiqs8s ("China" Chinese-Han-Simplified <.Zhonggou>) : CN +// CNNIC +// http://cnnic.cn/html/Dir/2005/10/11/3218.htm +中国 -// global : 2014-04-17 Dot GLOBAL AS -global +// xn--fiqz9s ("China" Chinese-Han-Traditional <.Zhonggou>) : CN +// CNNIC +// http://cnnic.cn/html/Dir/2005/10/11/3218.htm +中國 -// abogado : 2014-04-24 Top Level Domain Holdings Limited -abogado +// xn--lgbbat1ad8j ("Algeria / Al Jazair" Arabic) : DZ +الجزائر -// place : 2014-04-24 Snow Galley, LLC -place +// xn--wgbh1c ("Egypt" Arabic .masr) : EG +// http://www.dotmasr.eg/ +مصر -// tirol : 2014-04-24 punkt Tirol GmbH -tirol +// xn--node ("ge" Georgian (Mkhedruli)) : GE +გე -// gmx : 2014-04-24 1&1 Mail & Media GmbH -gmx +// xn--j6w193g ("Hong Kong" Chinese-Han) : HK +// https://www2.hkirc.hk/register/rules.jsp +香港 -// tatar : 2014-04-24 Limited Liability Company "Coordination Center of Regional Domain of Tatarstan Republic" -tatar +// xn--h2brj9c ("Bharat" Devanagari) : IN +// India +भारत -// scholarships : 2014-04-24 Scholarships.com, LLC -scholarships +// xn--mgbbh1a71e ("Bharat" Arabic) : IN +// India +بھارت -// eurovision : 2014-04-24 European Broadcasting Union (EBU) -eurovision +// xn--fpcrj9c3d ("Bharat" Telugu) : IN +// India +భారత్ -// wedding : 2014-04-24 Top Level Domain Holdings Limited -wedding +// xn--gecrj9c ("Bharat" Gujarati) : IN +// India +ભારત -// active : 2014-05-01 The Active Network, Inc -active +// xn--s9brj9c ("Bharat" Gurmukhi) : IN +// India +ਭਾਰਤ -// madrid : 2014-05-01 Comunidad de Madrid -madrid +// xn--45brj9c ("Bharat" Bengali) : IN +// India +ভারত -// youtube : 2014-05-01 Charleston Road Registry Inc. -youtube +// xn--xkc2dl3a5ee0h ("India" Tamil) : IN +// India +இந்தியா -// sharp : 2014-05-01 Sharp Corporation -sharp +// xn--mgba3a4f16a ("Iran" Persian) : IR +ایران -// uol : 2014-05-01 UBN INTERNET LTDA. -uol +// xn--mgba3a4fra ("Iran" Arabic) : IR +ايران -// physio : 2014-05-01 PhysBiz Pty Ltd -physio +// xn--mgbayh7gpa ("al-Ordon" Arabic) : JO +// National Information Technology Center (NITC) +// Royal Scientific Society, Al-Jubeiha +الاردن -// gmail : 2014-05-01 Charleston Road Registry Inc. -gmail +// xn--3e0b707e ("Republic of Korea" Hangul) : KR +한국 -// channel : 2014-05-08 Charleston Road Registry Inc. -channel +// xn--fzc2c9e2c ("Lanka" Sinhalese-Sinhala) : LK +// http://nic.lk +ලංකා -// fly : 2014-05-08 Charleston Road Registry Inc. -fly +// xn--xkc2al3hye2a ("Ilangai" Tamil) : LK +// http://nic.lk +இலங்கை -// zip : 2014-05-08 Charleston Road Registry Inc. -zip +// xn--mgbc0a9azcg ("Morocco / al-Maghrib" Arabic) : MA +المغرب -// esq : 2014-05-08 Charleston Road Registry Inc. -esq +// xn--mgb9awbf ("Oman" Arabic) : OM +عمان -// rsvp : 2014-05-08 Charleston Road Registry Inc. -rsvp +// xn--ygbi2ammx ("Falasteen" Arabic) : PS +// The Palestinian National Internet Naming Authority (PNINA) +// http://www.pnina.ps +فلسطين -// wales : 2014-05-08 Nominet UK -wales +// xn--90a3ac ("srb" Cyrillic) : RS +срб -// cymru : 2014-05-08 Nominet UK -cymru +// xn--p1ai ("rf" Russian-Cyrillic) : RU +// http://www.cctld.ru/en/docs/rulesrf.php +рф -// green : 2014-05-08 Afilias Limited -green +// xn--wgbl6a ("Qatar" Arabic) : QA +// http://www.ict.gov.qa/ +قطر -// lgbt : 2014-05-08 Afilias Limited -lgbt +// xn--mgberp4a5d4ar ("AlSaudiah" Arabic) : SA +// http://www.nic.net.sa/ +السعودية -// xn--hxt814e : 2014-05-15 Zodiac Libra Limited -网店 +// xn--mgberp4a5d4a87g ("AlSaudiah" Arabic) variant : SA +السعودیة -// cancerresearch : 2014-05-15 Australian Cancer Research Foundation -cancerresearch +// xn--mgbqly7c0a67fbc ("AlSaudiah" Arabic) variant : SA +السعودیۃ -// everbank : 2014-05-15 EverBank -everbank +// xn--mgbqly7cvafr ("AlSaudiah" Arabic) variant : SA +السعوديه -// frl : 2014-05-15 FRLregistry B.V. -frl +// xn--ogbpf8fl ("Syria" Arabic) : SY +سورية -// property : 2014-05-22 Uniregistry, Corp. -property +// xn--mgbtf8fl ("Syria" Arabic) variant : SY +سوريا -// forsale : 2014-05-22 Sea Oaks, LLC -forsale +// xn--yfro4i67o Singapore ("Singapore" Chinese-Han) : SG +新加坡 -// seat : 2014-05-22 SEAT, S.A. (Sociedad Unipersonal) -seat +// xn--clchc0ea0b2g2a9gcd ("Singapore" Tamil) : SG +சிங்கப்பூர் -// deals : 2014-05-22 Sand Sunset, LLC -deals +// xn--o3cw4h ("Thai" Thai) : TH +// http://www.thnic.co.th +ไทย -// nra : 2014-05-22 NRA Holdings Company, INC. -nra +// xn--pgbs0dh ("Tunis") : TN +// http://nic.tn +تونس -// xn--fjq720a : 2014-05-22 Will Bloom, LLC -娱乐 +// xn--kpry57d ("Taiwan" Chinese-Han-Traditional) : TW +// http://www.twnic.net/english/dn/dn_07a.htm +台灣 -// realtor : 2014-05-29 Real Estate Domains LLC -realtor +// xn--kprw13d ("Taiwan" Chinese-Han-Simplified) : TW +// http://www.twnic.net/english/dn/dn_07a.htm +台湾 -// bnpparibas : 2014-05-29 BNP Paribas -bnpparibas +// xn--nnx388a ("Taiwan") variant : TW +臺灣 -// melbourne : 2014-05-29 The Crown in right of the State of Victoria, represented by its Department of State Development, Business and Innovation -melbourne +// xn--j1amh ("ukr" Cyrillic) : UA +укр -// hosting : 2014-05-29 Uniregistry, Corp. -hosting +// xn--mgb2ddes ("AlYemen" Arabic) : YE +اليمن -// yoga : 2014-05-29 Top Level Domain Holdings Limited -yoga +// xxx : http://icmregistry.com +xxx -// city : 2014-05-29 Snow Sky, LLC -city +// ye : http://www.y.net.ye/services/domain_name.htm +*.ye -// bond : 2014-06-05 Bond University Limited -bond +// za : http://www.zadna.org.za/slds.html +*.za -// click : 2014-06-05 Uniregistry, Corp. -click +// zm : http://en.wikipedia.org/wiki/.zm +*.zm -// cern : 2014-06-05 European Organization for Nuclear Research ("CERN") -cern +// zw : http://en.wikipedia.org/wiki/.zw +*.zw // ===END ICANN DOMAINS=== // ===BEGIN PRIVATE DOMAINS=== // Amazon CloudFront : https://aws.amazon.com/cloudfront/ -// Submitted by Donavan Miller <donavanm(a)amazon.com> 2013-03-22 +// Requested by Donavan Miller <donavanm(a)amazon.com> 2013-03-22 cloudfront.net // Amazon Elastic Compute Cloud: https://aws.amazon.com/ec2/ -// Submitted by Osman Surkatty <osmans(a)amazon.com> 2014-05-20 +// Requested by Osman Surkatty <osmans(a)amazon.com> 2013-04-02 +compute.amazonaws.com +us-east-1.amazonaws.com +compute-1.amazonaws.com +z-1.compute-1.amazonaws.com +z-2.compute-1.amazonaws.com ap-northeast-1.compute.amazonaws.com ap-southeast-1.compute.amazonaws.com ap-southeast-2.compute.amazonaws.com -cn-north-1.compute.amazonaws.cn -compute.amazonaws.cn -compute.amazonaws.com -compute-1.amazonaws.com eu-west-1.compute.amazonaws.com sa-east-1.compute.amazonaws.com -us-east-1.amazonaws.com us-gov-west-1.compute.amazonaws.com us-west-1.compute.amazonaws.com us-west-2.compute.amazonaws.com -z-1.compute-1.amazonaws.com -z-2.compute-1.amazonaws.com -// Amazon Elastic Beanstalk : https://aws.amazon.com/elasticbeanstalk/ -// Submitted by Adam Stein <astein(a)amazon.com> 2013-04-02 +// Amazon Elastic Beanstalk : https://aws.amazon.com/elasticbeanstalk/ +// Requested by Adam Stein <astein(a)amazon.com> 2013-04-02 elasticbeanstalk.com // Amazon Elastic Load Balancing : https://aws.amazon.com/elasticloadbalancing/ -// Submitted by Scott Vidmar <svidmar(a)amazon.com> 2013-03-27 +// Requested by Scott Vidmar <svidmar(a)amazon.com> 2013-03-27 elb.amazonaws.com // Amazon S3 : https://aws.amazon.com/s3/ -// Submitted by Courtney Eckhardt <coec(a)amazon.com> 2013-03-22 +// Requested by Courtney Eckhardt <coec(a)amazon.com> 2013-03-22 s3.amazonaws.com s3-us-west-2.amazonaws.com s3-us-west-1.amazonaws.com @@ -8051,27 +6608,26 @@ s3-website-sa-east-1.amazonaws.com s3-website-us-gov-west-1.amazonaws.com // BetaInABox -// Submitted by adrian(a)betainabox.com 2012-09-13 +// Requested by adrian(a)betainabox.com 2012-09-13 betainabox.com // CentralNic : http://www.centralnic.com/names/domains -// Submitted by registry <gavin.brown(a)centralnic.com> 2012-09-27 +// Requested by registry <gavin.brown(a)centralnic.com> 2012-09-27 ae.org ar.com br.com cn.com com.de -com.se de.com eu.com gb.com gb.net +gr.com hu.com hu.net jp.net jpn.com kr.com -mex.com no.com qc.com ru.com @@ -8081,38 +6637,13 @@ se.net uk.com uk.net us.com +us.org uy.com -za.bz za.com -// Africa.com Web Solutions Ltd : https://registry.africa.com -// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 -africa.com - -// iDOT Services Limited : http://www.domain.gr.com -// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 -gr.com - -// Radix FZC : http://domains.in.net -// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 -in.net - -// US REGISTRY LLC : http://us.org -// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 -us.org - -// co.com Registry, LLC : https://registry.co.com -// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 -co.com - // c.la : http://www.c.la/ c.la -// cloudControl : https://www.cloudcontrol.com/ -// Submitted by Tobias Wilken <tw(a)cloudcontrol.com> 2013-07-23 -cloudcontrolled.com -cloudcontrolapp.com - // co.ca : http://registry.co.ca/ co.ca @@ -8120,12 +6651,8 @@ co.ca co.nl co.no -// Cupcake : https://cupcake.io/ -// Submitted by Jonathan Rudenberg <jonathan(a)cupcake.io> 2013-10-08 -cupcake.is - // DreamHost : http://www.dreamhost.com/ -// Submitted by Andrew Farmer <andrew.farmer(a)dreamhost.com> 2012-10-02 +// Requested by Andrew Farmer <andrew.farmer(a)dreamhost.com> 2012-10-02 dreamhosters.com // DynDNS.com : http://www.dyndns.com/services/dns/dyndns/ @@ -8409,29 +6936,12 @@ webhop.org worse-than.tv writesthisblog.com -// Fastly Inc. http://www.fastly.com/ -// Submitted by Vladimir Vuksan <vladimir(a)fastly.com> 2013-05-31 -a.ssl.fastly.net -b.ssl.fastly.net -global.ssl.fastly.net -a.prod.fastly.net -global.prod.fastly.net - -// Firebase, Inc. -// Submitted by Chris Raynor <chris(a)firebase.com> 2014-01-21 -firebaseapp.com - // GitHub, Inc. -// Submitted by Ben Toews <btoews(a)github.com> 2014-02-06 +// Requested by Ben Toews <btoews(a)github.com> 2013-04-18 github.io -githubusercontent.com - -// GlobeHosting, Inc. -// Submitted by Zoltan Egresi <egresi(a)globehosting.com> 2013-07-12 -ro.com // Google, Inc. -// Submitted by Eduardo Vela <evn(a)google.com> 2012-10-24 +// Requested by Eduardo Vela <evn(a)google.com> 2012-10-24 appspot.com blogspot.be blogspot.bj @@ -8476,15 +6986,14 @@ blogspot.tw codespot.com googleapis.com googlecode.com -withgoogle.com // Heroku : https://www.heroku.com/ -// Submitted by Tom Maher <tmaher(a)heroku.com> 2013-05-02 +// Requested by Tom Maher <tmaher(a)heroku.com> 2013-05-02 herokuapp.com herokussl.com // iki.fi -// Submitted by Hannu Aronsson <haa(a)iki.fi> 2009-11-05 +// Requested by Hannu Aronsson <haa(a)iki.fi> 2009-11-05 iki.fi // info.at : http://www.info.at/ @@ -8494,42 +7003,24 @@ info.at // Michau Enterprises Limited : http://www.co.pl/ co.pl -// Microsoft : http://microsoft.com -// Submitted by Barry Dorrans <bdorrans(a)microsoft.com> 2014-01-24 -azurewebsites.net -azure-mobile.net -cloudapp.net - -// NFSN, Inc. : https://www.NearlyFreeSpeech.NET/ -// Submitted by Jeff Wheelhouse <support(a)nearlyfreespeech.net> 2014-02-02 -nfshost.com - // NYC.mn : http://www.information.nyc.mn -// Submitted by Matthew Brown <mattbrown(a)nyc.mn> 2013-03-11 +// Requested by Matthew Brown <mattbrown(a)nyc.mn> 2013-03-11 nyc.mn -// One Fold Media : http://www.onefoldmedia.com/ -// Submitted by Eddie Jones <eddie(a)onefoldmedia.com> 2014-06-10 -nid.io - // Opera Software, A.S.A. -// Submitted by Yngve Pettersen <yngve(a)opera.com> 2009-11-26 +// Requested by Yngve Pettersen <yngve(a)opera.com> 2009-11-26 operaunite.com -// OutSystems -// Submitted by Duarte Santos <domain-admin(a)outsystemscloud.com> 2014-03-11 -outsystemscloud.com - // Red Hat, Inc. OpenShift : https://openshift.redhat.com/ -// Submitted by Tim Kramer <tkramer(a)rhcloud.com> 2012-10-24 +// Requested by Tim Kramer <tkramer(a)rhcloud.com> 2012-10-24 rhcloud.com // priv.at : http://www.nic.priv.at/ -// Submitted by registry <lendl(a)nic.at> 2008-06-09 +// Requested by registry <lendl(a)nic.at> 2008-06-09 priv.at // ZaNiC : http://www.za.net/ -// Submitted by registry <hostmaster(a)nic.za.net> 2009-10-03 +// Requested by registry <hostmaster(a)nic.za.net> 2009-10-03 za.net za.org diff --git a/netwerk/test/unit/data/test_psl.txt b/netwerk/test/unit/data/test_psl.txt index 35c8ccf..5a75831 100644 --- a/netwerk/test/unit/data/test_psl.txt +++ b/netwerk/test/unit/data/test_psl.txt @@ -60,12 +60,12 @@ checkPublicSuffix('a.b.c.kobe.jp', 'b.c.kobe.jp'); checkPublicSuffix('city.kobe.jp', 'city.kobe.jp'); checkPublicSuffix('www.city.kobe.jp', 'city.kobe.jp'); // TLD with a wildcard rule and exceptions. -checkPublicSuffix('ck', null); -checkPublicSuffix('test.ck', null); -checkPublicSuffix('b.test.ck', 'b.test.ck'); -checkPublicSuffix('a.b.test.ck', 'b.test.ck'); -checkPublicSuffix('www.ck', 'www.ck'); -checkPublicSuffix('www.www.ck', 'www.ck'); +checkPublicSuffix('om', null); +checkPublicSuffix('test.om', null); +checkPublicSuffix('b.test.om', 'b.test.om'); +checkPublicSuffix('a.b.test.om', 'b.test.om'); +checkPublicSuffix('songfest.om', 'songfest.om'); +checkPublicSuffix('www.songfest.om', 'songfest.om'); // US K12. checkPublicSuffix('us', null); checkPublicSuffix('test.us', 'test.us'); @@ -76,23 +76,3 @@ checkPublicSuffix('www.test.ak.us', 'test.ak.us'); checkPublicSuffix('k12.ak.us', null); checkPublicSuffix('test.k12.ak.us', 'test.k12.ak.us'); checkPublicSuffix('www.test.k12.ak.us', 'test.k12.ak.us'); -// IDN labels. -checkPublicSuffix('食狮.com.cn', '食狮.com.cn'); -checkPublicSuffix('食狮.公司.cn', '食狮.公司.cn'); -checkPublicSuffix('www.食狮.公司.cn', '食狮.公司.cn'); -checkPublicSuffix('shishi.公司.cn', 'shishi.公司.cn'); -checkPublicSuffix('公司.cn', null); -checkPublicSuffix('食狮.中国', '食狮.中国'); -checkPublicSuffix('www.食狮.中国', '食狮.中国'); -checkPublicSuffix('shishi.中国', 'shishi.中国'); -checkPublicSuffix('中国', null); -// Same as above, but punycoded. -checkPublicSuffix('xn--85x722f.com.cn', 'xn--85x722f.com.cn'); -checkPublicSuffix('xn--85x722f.xn--55qx5d.cn', 'xn--85x722f.xn--55qx5d.cn'); -checkPublicSuffix('www.xn--85x722f.xn--55qx5d.cn', 'xn--85x722f.xn--55qx5d.cn'); -checkPublicSuffix('shishi.xn--55qx5d.cn', 'shishi.xn--55qx5d.cn'); -checkPublicSuffix('xn--55qx5d.cn', null); -checkPublicSuffix('xn--85x722f.xn--fiqs8s', 'xn--85x722f.xn--fiqs8s'); -checkPublicSuffix('www.xn--85x722f.xn--fiqs8s', 'xn--85x722f.xn--fiqs8s'); -checkPublicSuffix('shishi.xn--fiqs8s', 'shishi.xn--fiqs8s'); -checkPublicSuffix('xn--fiqs8s', null); diff --git a/netwerk/test/unit/test_psl.js b/netwerk/test/unit/test_psl.js index 91124ea..446fe4c 100644 --- a/netwerk/test/unit/test_psl.js +++ b/netwerk/test/unit/test_psl.js @@ -1,9 +1,9 @@ +const Cc = Components.classes; +const Ci = Components.interfaces; + var etld = Cc["@mozilla.org/network/effective-tld-service;1"] .getService(Ci.nsIEffectiveTLDService); -var idna = Cc["@mozilla.org/network/idn-service;1"] - .getService(Ci.nsIIDNService); - function run_test() { var file = do_get_file("data/test_psl.txt"); @@ -13,7 +13,7 @@ function run_test() var scriptLoader = Cc["@mozilla.org/moz/jssubscript-loader;1"] .getService(Ci.mozIJSSubScriptLoader); var srvScope = {}; - scriptLoader.loadSubScript(uri.spec, srvScope, "utf-8"); + scriptLoader.loadSubScript(uri.spec, srvScope); } function checkPublicSuffix(host, expectedSuffix) @@ -24,11 +24,5 @@ function checkPublicSuffix(host, expectedSuffix) } catch (e if e.name == "NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS" || e.name == "NS_ERROR_ILLEGAL_VALUE") { } - // The EffectiveTLDService always gives back punycoded labels. - // The test suite wants to get back what it put in. - if (actualSuffix !== null && expectedSuffix !== null && - /(^|\.)xn--/.test(actualSuffix) && !/(^|\.)xn--/.test(expectedSuffix)) { - actualSuffix = idna.convertACEtoUTF8(actualSuffix); - } do_check_eq(actualSuffix, expectedSuffix); }

1 0

[tor-browser/esr24] Bug 1033340 - Uplift recent PSL changes to Firefox 24. a=lsblakk.
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit b739985826f841f66243cb51d2e1d04d958e3de7 Author: Gervase Markham <gerv(a)gerv.net> Date: Thu Jul 3 09:51:36 2014 +0100 Bug 1033340 - Uplift recent PSL changes to Firefox 24. a=lsblakk. --- netwerk/dns/effective_tld_names.dat | 2435 ++++++++++++++++++++++++++++------- 1 file changed, 1972 insertions(+), 463 deletions(-) diff --git a/netwerk/dns/effective_tld_names.dat b/netwerk/dns/effective_tld_names.dat index ed1123b..c83fe0b 100644 --- a/netwerk/dns/effective_tld_names.dat +++ b/netwerk/dns/effective_tld_names.dat @@ -175,20 +175,21 @@ it.ao // aq : http://en.wikipedia.org/wiki/.aq aq -// ar : http://en.wikipedia.org/wiki/.ar -*.ar -!congresodelalengua3.ar -!educ.ar -!gobiernoelectronico.ar -!mecon.ar -!nacion.ar -!nic.ar -!promocion.ar -!retina.ar -!uba.ar +// ar : https://nic.ar/normativa-vigente.xhtml +ar +com.ar +edu.ar +gob.ar +gov.ar +int.ar +mil.ar +net.ar +org.ar +tur.ar // arpa : http://en.wikipedia.org/wiki/.arpa // Confirmed by registry <iana-questions(a)icann.org> 2008-06-18 +arpa e164.arpa in-addr.arpa ip6.arpa @@ -213,6 +214,7 @@ or.at // au : http://en.wikipedia.org/wiki/.au // http://www.auda.org.au/ +au // 2LDs com.au net.au @@ -243,10 +245,9 @@ sa.edu.au tas.edu.au vic.edu.au wa.edu.au -act.gov.au -// Removed at request of Shae.Donelan(a)services.nsw.gov.au, 2010-03-04 -// nsw.gov.au -nt.gov.au +// act.gov.au Bug 984824 - Removed at request of Greg Tankard +// nsw.gov.au Bug 547985 - Removed at request of <Shae.Donelan(a)services.nsw.gov.au> +// nt.gov.au Bug 940478 - Removed at request of Greg Connors <Greg.Connors(a)nt.gov.au> qld.gov.au sa.gov.au tas.gov.au @@ -291,6 +292,7 @@ rs.ba // bb : http://en.wikipedia.org/wiki/.bb bb biz.bb +co.bb com.bb edu.bb gov.bb @@ -298,6 +300,7 @@ info.bb net.bb org.bb store.bb +tv.bb // bd : http://en.wikipedia.org/wiki/.bd *.bd @@ -349,7 +352,7 @@ z.bg 6.bg 7.bg 8.bg -9.bg +9.bg // bh : http://en.wikipedia.org/wiki/.bh bh @@ -400,8 +403,8 @@ net.bo mil.bo tv.bo -// br : http://registro.br/dominio/dpn.html -// Updated by registry <fneves(a)registro.br> 2011-03-01 +// br : http://registro.br/dominio/categoria.html +// Submitted by registry <fneves(a)registro.br> 2014-03-04 br adm.br adv.br @@ -446,6 +449,7 @@ lel.br mat.br med.br mil.br +mp.br mus.br net.br nom.br @@ -491,6 +495,7 @@ org.bt // bv : No registrations at this time. // Submitted by registry <jarle(a)uninett.no> 2006-06-16 +bv // bw : http://en.wikipedia.org/wiki/.bw // http://www.gobin.info/domainname/bw.doc @@ -593,9 +598,12 @@ gob.cl co.cl mil.cl -// cm : http://en.wikipedia.org/wiki/.cm +// cm : http://en.wikipedia.org/wiki/.cm plus bug 981927 cm +co.cm +com.cm gov.cm +net.cm // cn : http://en.wikipedia.org/wiki/.cn // Submitted by registry <tanyaling(a)cnnic.cn> 2008-06-11 @@ -787,7 +795,7 @@ org.ee fie.ee // eg : http://en.wikipedia.org/wiki/.eg -eg +eg com.eg edu.eg eun.eg @@ -810,7 +818,14 @@ gob.es edu.es // et : http://en.wikipedia.org/wiki/.et -*.et +et +com.et +gov.et +org.et +edu.et +biz.et +name.et +info.et // eu : http://en.wikipedia.org/wiki/.eu eu @@ -869,6 +884,7 @@ ga // gb : This registry is effectively dormant // Submitted by registry <Damien.Shaw(a)ja.net> 2008-06-12 +gb // gd : http://en.wikipedia.org/wiki/.gd gd @@ -886,13 +902,12 @@ pvt.ge // gf : http://en.wikipedia.org/wiki/.gf gf -// gg : http://www.channelisles.net/applic/avextn.shtml +// gg : http://www.channelisles.net/register-domains/ +// Confirmed by registry <nigel(a)channelisles.net> 2013-11-28 gg co.gg -org.gg net.gg -sch.gg -gov.gg +org.gg // gh : http://en.wikipedia.org/wiki/.gh // see also: http://www.nic.gh/reg_now.php @@ -923,6 +938,7 @@ gm // gn : http://psg.com/dns/gn/gn.txt // Submitted by registry <randy(a)psg.com> 2008-06-17 +gn ac.gn com.gn edu.gn @@ -1003,7 +1019,7 @@ org.hk 网絡.hk 组织.hk 組織.hk -組织.hk +組织.hk // hm : http://en.wikipedia.org/wiki/.hm hm @@ -1084,6 +1100,7 @@ id ac.id biz.id co.id +desa.id go.id mil.id my.id @@ -1099,16 +1116,18 @@ gov.ie // il : http://en.wikipedia.org/wiki/.il *.il -// im : https://www.nic.im/pdfs/imfaqs.pdf +// im : https://www.nic.im/ +// Submitted by registry <info(a)nic.im> 2013-11-15 im +ac.im co.im +com.im ltd.co.im -plc.co.im net.im -gov.im org.im -nic.im -ac.im +plc.co.im +tt.im +tv.im // in : http://en.wikipedia.org/wiki/.in // see also: http://www.inregistry.in/policies/ @@ -1180,294 +1199,385 @@ int.is it gov.it edu.it -// list of reserved geo-names : +// Reserved geo-names: // http://www.nic.it/documenti/regolamenti-e-linee-guida/regolamento-assegnazi… -// (There is also a list of reserved geo-names corresponding to Italian -// municipalities : http://www.nic.it/documenti/appendice-c.pdf , but it is -// not included here.) -agrigento.it +// There is also a list of reserved geo-names corresponding to Italian municipalities +// http://www.nic.it/documenti/appendice-c.pdf, but it is not included here. +// Regions +abr.it +abruzzo.it +aosta-valley.it +aostavalley.it +bas.it +basilicata.it +cal.it +calabria.it +cam.it +campania.it +emilia-romagna.it +emiliaromagna.it +emr.it +friuli-v-giulia.it +friuli-ve-giulia.it +friuli-vegiulia.it +friuli-venezia-giulia.it +friuli-veneziagiulia.it +friuli-vgiulia.it +friuliv-giulia.it +friulive-giulia.it +friulivegiulia.it +friulivenezia-giulia.it +friuliveneziagiulia.it +friulivgiulia.it +fvg.it +laz.it +lazio.it +lig.it +liguria.it +lom.it +lombardia.it +lombardy.it +lucania.it +mar.it +marche.it +mol.it +molise.it +piedmont.it +piemonte.it +pmn.it +pug.it +puglia.it +sar.it +sardegna.it +sardinia.it +sic.it +sicilia.it +sicily.it +taa.it +tos.it +toscana.it +trentino-a-adige.it +trentino-aadige.it +trentino-alto-adige.it +trentino-altoadige.it +trentino-s-tirol.it +trentino-stirol.it +trentino-sud-tirol.it +trentino-sudtirol.it +trentino-sued-tirol.it +trentino-suedtirol.it +trentinoa-adige.it +trentinoaadige.it +trentinoalto-adige.it +trentinoaltoadige.it +trentinos-tirol.it +trentinostirol.it +trentinosud-tirol.it +trentinosudtirol.it +trentinosued-tirol.it +trentinosuedtirol.it +tuscany.it +umb.it +umbria.it +val-d-aosta.it +val-daosta.it +vald-aosta.it +valdaosta.it +valle-aosta.it +valle-d-aosta.it +valle-daosta.it +valleaosta.it +valled-aosta.it +valledaosta.it +vallee-aoste.it +valleeaoste.it +vao.it +vda.it +ven.it +veneto.it +// Provinces ag.it -alessandria.it +agrigento.it al.it -ancona.it +alessandria.it +alto-adige.it +altoadige.it an.it +ancona.it +andria-barletta-trani.it +andria-trani-barletta.it +andriabarlettatrani.it +andriatranibarletta.it +ao.it aosta.it aoste.it -ao.it -arezzo.it +ap.it +aq.it +aquila.it ar.it +arezzo.it ascoli-piceno.it ascolipiceno.it -ap.it asti.it at.it -avellino.it av.it -bari.it +avellino.it ba.it -andria-barletta-trani.it -andriabarlettatrani.it -trani-barletta-andria.it -tranibarlettaandria.it +balsan.it +bari.it barletta-trani-andria.it barlettatraniandria.it -andria-trani-barletta.it -andriatranibarletta.it -trani-andria-barletta.it -traniandriabarletta.it -bt.it belluno.it -bl.it benevento.it -bn.it bergamo.it bg.it -biella.it bi.it -bologna.it +biella.it +bl.it +bn.it bo.it +bologna.it bolzano.it bozen.it -balsan.it -alto-adige.it -altoadige.it -suedtirol.it -bz.it +br.it brescia.it -bs.it brindisi.it -br.it -cagliari.it +bs.it +bt.it +bz.it ca.it +cagliari.it caltanissetta.it -cl.it +campidano-medio.it +campidanomedio.it campobasso.it -cb.it -carboniaiglesias.it carbonia-iglesias.it -iglesias-carbonia.it -iglesiascarbonia.it -ci.it +carboniaiglesias.it +carrara-massa.it +carraramassa.it caserta.it -ce.it catania.it -ct.it catanzaro.it -cz.it -chieti.it +cb.it +ce.it +cesena-forli.it +cesenaforli.it ch.it -como.it +chieti.it +ci.it +cl.it +cn.it co.it +como.it cosenza.it -cs.it -cremona.it cr.it +cremona.it crotone.it -kr.it +cs.it +ct.it cuneo.it -cn.it +cz.it dell-ogliastra.it dellogliastra.it -ogliastra.it -og.it -enna.it en.it -ferrara.it +enna.it +fc.it fe.it fermo.it -fm.it +ferrara.it +fg.it +fi.it firenze.it florence.it -fi.it +fm.it foggia.it -fg.it forli-cesena.it forlicesena.it -cesena-forli.it -cesenaforli.it -fc.it -frosinone.it fr.it -genova.it -genoa.it +frosinone.it ge.it -gorizia.it +genoa.it +genova.it go.it -grosseto.it +gorizia.it gr.it -imperia.it +grosseto.it +iglesias-carbonia.it +iglesiascarbonia.it im.it -isernia.it +imperia.it is.it -laquila.it -aquila.it -aq.it +isernia.it +kr.it la-spezia.it +laquila.it laspezia.it -sp.it latina.it -lt.it -lecce.it +lc.it le.it +lecce.it lecco.it -lc.it -livorno.it li.it -lodi.it +livorno.it lo.it -lucca.it +lodi.it +lt.it lu.it +lucca.it macerata.it -mc.it mantova.it -mn.it massa-carrara.it massacarrara.it -carrara-massa.it -carraramassa.it -ms.it matera.it -mt.it +mb.it +mc.it +me.it medio-campidano.it mediocampidano.it -campidano-medio.it -campidanomedio.it -vs.it messina.it -me.it -milano.it -milan.it mi.it -modena.it +milan.it +milano.it +mn.it mo.it -monza.it +modena.it monza-brianza.it +monza-e-della-brianza.it +monza.it monzabrianza.it monzaebrianza.it monzaedellabrianza.it -monza-e-della-brianza.it -mb.it -napoli.it -naples.it +ms.it +mt.it na.it -novara.it +naples.it +napoli.it no.it -nuoro.it +novara.it nu.it -oristano.it +nuoro.it +og.it +ogliastra.it +olbia-tempio.it +olbiatempio.it or.it +oristano.it +ot.it +pa.it padova.it padua.it -pd.it palermo.it -pa.it parma.it -pr.it pavia.it -pv.it -perugia.it -pg.it -pescara.it +pc.it +pd.it pe.it +perugia.it pesaro-urbino.it pesarourbino.it -urbino-pesaro.it -urbinopesaro.it -pu.it +pescara.it +pg.it +pi.it piacenza.it -pc.it pisa.it -pi.it pistoia.it -pt.it -pordenone.it pn.it +po.it +pordenone.it potenza.it -pz.it +pr.it prato.it -po.it +pt.it +pu.it +pv.it +pz.it +ra.it ragusa.it -rg.it ravenna.it -ra.it -reggio-calabria.it -reggiocalabria.it rc.it +re.it +reggio-calabria.it reggio-emilia.it +reggiocalabria.it reggioemilia.it -re.it -rieti.it +rg.it ri.it +rieti.it rimini.it +rm.it rn.it +ro.it roma.it rome.it -rm.it rovigo.it -ro.it -salerno.it sa.it +salerno.it sassari.it -ss.it savona.it -sv.it -siena.it si.it +siena.it siracusa.it -sr.it -sondrio.it so.it -taranto.it +sondrio.it +sp.it +sr.it +ss.it +suedtirol.it +sv.it ta.it +taranto.it +te.it tempio-olbia.it tempioolbia.it -olbia-tempio.it -olbiatempio.it -ot.it teramo.it -te.it terni.it -tr.it +tn.it +to.it torino.it -turin.it -to.it -trapani.it tp.it -trento.it +tr.it +trani-andria-barletta.it +trani-barletta-andria.it +traniandriabarletta.it +tranibarlettaandria.it +trapani.it trentino.it -tn.it +trento.it treviso.it -tv.it trieste.it ts.it -udine.it +turin.it +tv.it ud.it -varese.it +udine.it +urbino-pesaro.it +urbinopesaro.it va.it +varese.it +vb.it +vc.it +ve.it venezia.it venice.it -ve.it verbania.it -vb.it vercelli.it -vc.it verona.it -vr.it +vi.it vibo-valentia.it vibovalentia.it -vv.it vicenza.it -vi.it viterbo.it +vr.it +vs.it vt.it +vv.it -// je : http://www.channelisles.net/applic/avextn.shtml +// je : http://www.channelisles.net/register-domains/ +// Confirmed by registry <nigel(a)channelisles.net> 2013-11-28 je co.je -org.je net.je -sch.je -gov.je +org.je // jm : http://www.com.jm/register.html *.jm @@ -1488,7 +1598,7 @@ jobs // jp : http://en.wikipedia.org/wiki/.jp // http://jprs.co.jp/en/jpdomain.html -// Updated by registry <info(a)jprs.jp> 2012-05-28 +// Submitted by registry <info(a)jprs.jp> 2014-02-28 jp // jp organizational type names ac.jp @@ -1592,7 +1702,6 @@ konan.aichi.jp kota.aichi.jp mihama.aichi.jp miyoshi.aichi.jp -nagakute.aichi.jp nishio.aichi.jp nisshin.aichi.jp obu.aichi.jp @@ -2264,7 +2373,6 @@ rikuzentakata.iwate.jp shiwa.iwate.jp shizukuishi.iwate.jp sumita.iwate.jp -takizawa.iwate.jp tanohata.iwate.jp tono.iwate.jp yahaba.iwate.jp @@ -3302,6 +3410,7 @@ edu.kn gov.kn // kp : http://www.kcce.kp/en_index.php +kp com.kp edu.kp gov.kp @@ -3379,6 +3488,7 @@ org.la // lb : http://en.wikipedia.org/wiki/.lb // Submitted by registry <randy(a)psg.com> 2008-06-17 +lb com.lb edu.lb gov.lb @@ -3417,6 +3527,7 @@ hotel.lk // lr : http://psg.com/dns/lr/lr.txt // Submitted by registry <randy(a)psg.com> 2008-06-17 +lr com.lr edu.lr gov.lr @@ -3559,11 +3670,21 @@ mq mr gov.mr -// ms : http://en.wikipedia.org/wiki/.ms +// ms : http://www.nic.ms/pdf/MS_Domain_Name_Rules.pdf ms - -// mt : https://www.nic.org.mt/dotmt/ -*.mt +com.ms +edu.ms +gov.ms +net.ms +org.ms + +// mt : https://www.nic.org.mt/go/policy +// Submitted by registry <help(a)nic.org.mt> 2013-11-19 +mt +com.mt +edu.mt +net.mt +org.mt // mu : http://en.wikipedia.org/wiki/.mu mu @@ -4230,13 +4351,16 @@ other.nf store.nf // ng : http://psg.com/dns/ng/ -// Submitted by registry <randy(a)psg.com> 2008-06-17 -ac.ng +ng com.ng edu.ng -gov.ng +name.ng net.ng org.ng +sch.ng +gov.ng +mil.ng +mobi.ng // ni : http://www.nic.ni/dominios.htm *.ni @@ -4252,7 +4376,7 @@ bv.nl // no : http://www.norid.no/regelverk/index.en.html // The Norwegian registry has declined to notify us of updates. The web pages // referenced below are the official source of the data. There is also an -// announce mailing list: +// announce mailing list: // https://postlister.uninett.no/sympa/info/norid-diskusjon no // Norid generic domains : http://www.norid.no/regelverk/vedlegg-c.en.html @@ -5034,20 +5158,36 @@ com.nr nu // nz : http://en.wikipedia.org/wiki/.nz -*.nz +// Confirmed by registry <jay(a)nzrs.net.nz> 2014-05-19 +nz +ac.nz +co.nz +cri.nz +geek.nz +gen.nz +govt.nz +health.nz +iwi.nz +kiwi.nz +maori.nz +mil.nz +māori.nz +net.nz +org.nz +parliament.nz +school.nz // om : http://en.wikipedia.org/wiki/.om -*.om -!mediaphone.om -!nawrastelecom.om -!nawras.om -!omanmobile.om -!omanpost.om -!omantel.om -!rakpetroleum.om -!siemens.om -!songfest.om -!statecouncil.om +om +co.om +com.om +edu.om +gov.om +med.om +museum.om +net.om +org.om +pro.om // org : http://en.wikipedia.org/wiki/.org org @@ -5502,7 +5642,6 @@ oryol.ru palana.ru penza.ru perm.ru -pskov.ru ptz.ru rnd.ru ryazan.ru @@ -5622,7 +5761,7 @@ gov.sd info.sd // se : http://en.wikipedia.org/wiki/.se -// Submitted by registry <Patrik.Wallstrom(a)iis.se> 2008-06-24 +// Submitted by registry <patrik.wallstrom(a)iis.se> 2014-03-18 se a.se ac.se @@ -5656,7 +5795,6 @@ pp.se press.se r.se s.se -sshn.se t.se tm.se u.se @@ -5687,6 +5825,7 @@ si // sj : No registrations at this time. // Submitted by registry <jarle(a)uninett.no> 2008-06-16 +sj // sk : http://en.wikipedia.org/wiki/.sk // list of 2nd level domains ? @@ -5741,8 +5880,13 @@ store.st // su : http://en.wikipedia.org/wiki/.su su -// sv : http://www.svnet.org.sv/svpolicy.html -*.sv +// sv : http://www.svnet.org.sv/niveldos.pdf +sv +com.sv +edu.sv +gob.sv +org.sv +red.sv // sx : http://en.wikipedia.org/wiki/.sx // Confirmed by registry <jcvignes(a)openregistry.com> 2012-05-31 @@ -5864,6 +6008,10 @@ org.to edu.to mil.to +// tp : No registrations at this time. +// Submitted by Ryan Sleevi <ryan.sleevi(a)gmail.com> 2014-01-03 +tp + // tr : http://en.wikipedia.org/wiki/.tr *.tr !nic.tr @@ -5917,6 +6065,7 @@ club.tw // tz : http://www.tznic.or.tz/index.php/domains // Confirmed by registry <manager(a)tznic.or.tz> 2013-01-22 +tz ac.tz co.tz go.tz @@ -6029,19 +6178,19 @@ com.ug org.ug // uk : http://en.wikipedia.org/wiki/.uk -// Submitted by registry <noc(a)nominet.org.uk> 2012-10-02 -// and tweaked by us pending further consultation. -*.uk +// Submitted by registry <Michael.Daly(a)nominet.org.uk> +uk +ac.uk +co.uk +gov.uk +ltd.uk +me.uk +net.uk +nhs.uk +org.uk +plc.uk +police.uk *.sch.uk -!bl.uk -!british-library.uk -!jet.uk -!mod.uk -!national-library-scotland.uk -!nel.uk -!nic.uk -!nls.uk -!parliament.uk // us : http://en.wikipedia.org/wiki/.us us @@ -6125,7 +6274,7 @@ k12.de.us k12.fl.us k12.ga.us k12.gu.us -// k12.hi.us Hawaii has a state-wide DOE login: bug 614565 +// k12.hi.us Bug 614565 - Hawaii has a state-wide DOE login k12.ia.us k12.id.us k12.il.us @@ -6156,7 +6305,7 @@ k12.pa.us k12.pr.us k12.ri.us k12.sc.us -k12.sd.us +// k12.sd.us Bug 934131 - Removed at request of James Booze <James.Booze(a)k12.sd.us> k12.tn.us k12.tx.us k12.ut.us @@ -6165,7 +6314,7 @@ k12.vt.us k12.va.us k12.wa.us k12.wi.us -k12.wv.us +// k12.wv.us Bug 947705 - Removed at request of Verne Britton <verne(a)wvnet.edu> k12.wy.us cc.ak.us @@ -6277,316 +6426,1610 @@ lib.vt.us lib.va.us lib.wa.us lib.wi.us -lib.wv.us +// lib.wv.us Bug 941670 - Removed at request of Larry W Arnold <arnold(a)wvlc.lib.wv.us> lib.wy.us -// k12.ma.us contains school districts in Massachusetts. The 4LDs are -// managed indepedently except for private (PVT), charter (CHTR) and -// parochial (PAROCH) schools. Those are delegated dorectly to the -// 5LD operators. <k12-ma-hostmaster _ at _ rsuc.gweep.net> -pvt.k12.ma.us -chtr.k12.ma.us -paroch.k12.ma.us +// k12.ma.us contains school districts in Massachusetts. The 4LDs are +// managed indepedently except for private (PVT), charter (CHTR) and +// parochial (PAROCH) schools. Those are delegated dorectly to the +// 5LD operators. <k12-ma-hostmaster _ at _ rsuc.gweep.net> +pvt.k12.ma.us +chtr.k12.ma.us +paroch.k12.ma.us + +// uy : http://www.nic.org.uy/ +uy +com.uy +edu.uy +gub.uy +mil.uy +net.uy +org.uy + +// uz : http://www.reg.uz/ +uz +co.uz +com.uz +net.uz +org.uz + +// va : http://en.wikipedia.org/wiki/.va +va + +// vc : http://en.wikipedia.org/wiki/.vc +// Submitted by registry <kshah(a)ca.afilias.info> 2008-06-13 +vc +com.vc +net.vc +org.vc +gov.vc +mil.vc +edu.vc + +// ve : https://registro.nic.ve/ +// Confirmed by registry 2012-10-04 +// Updated 2014-05-20 - Bug 940478 +ve +arts.ve +co.ve +com.ve +e12.ve +edu.ve +firm.ve +gob.ve +gov.ve +info.ve +int.ve +mil.ve +net.ve +org.ve +rec.ve +store.ve +tec.ve +web.ve + +// vg : http://en.wikipedia.org/wiki/.vg +vg + +// vi : http://www.nic.vi/newdomainform.htm +// http://www.nic.vi/Domain_Rules/body_domain_rules.html indicates some other +// TLDs are "reserved", such as edu.vi and gov.vi, but doesn't actually say they +// are available for registration (which they do not seem to be). +vi +co.vi +com.vi +k12.vi +net.vi +org.vi + +// vn : https://www.dot.vn/vnnic/vnnic/domainregistration.jsp +vn +com.vn +net.vn +org.vn +edu.vn +gov.vn +int.vn +ac.vn +biz.vn +info.vn +name.vn +pro.vn +health.vn + +// vu : http://en.wikipedia.org/wiki/.vu +// http://www.vunic.vu/ +vu +com.vu +edu.vu +net.vu +org.vu + +// wf : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf +wf + +// ws : http://en.wikipedia.org/wiki/.ws +// http://samoanic.ws/index.dhtml +ws +com.ws +net.ws +org.ws +gov.ws +edu.ws + +// yt : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf +yt + +// IDN ccTLDs +// Please sort by ISO 3166 ccTLD, then punicode string +// when submitting patches and follow this format: +// <Punicode> ("<english word>" <language>) : <ISO 3166 ccTLD> +// [optional sponsoring org] +// <URL> + +// xn--mgbaam7a8h ("Emerat" Arabic) : AE +// http://nic.ae/english/arabicdomain/rules.jsp +امارات + +// xn--54b7fta0cc ("Bangla" Bangla) : BD +বাংলা + +// xn--fiqs8s ("China" Chinese-Han-Simplified <.Zhongguo>) : CN +// CNNIC +// http://cnnic.cn/html/Dir/2005/10/11/3218.htm +中国 + +// xn--fiqz9s ("China" Chinese-Han-Traditional <.Zhongguo>) : CN +// CNNIC +// http://cnnic.cn/html/Dir/2005/10/11/3218.htm +中國 + +// xn--lgbbat1ad8j ("Algeria / Al Jazair" Arabic) : DZ +الجزائر + +// xn--wgbh1c ("Egypt" Arabic .masr) : EG +// http://www.dotmasr.eg/ +مصر + +// xn--node ("ge" Georgian (Mkhedruli)) : GE +გე + +// xn--j6w193g ("Hong Kong" Chinese-Han) : HK +// https://www2.hkirc.hk/register/rules.jsp +香港 + +// xn--h2brj9c ("Bharat" Devanagari) : IN +// India +भारत + +// xn--mgbbh1a71e ("Bharat" Arabic) : IN +// India +بھارت + +// xn--fpcrj9c3d ("Bharat" Telugu) : IN +// India +భారత్ + +// xn--gecrj9c ("Bharat" Gujarati) : IN +// India +ભારત + +// xn--s9brj9c ("Bharat" Gurmukhi) : IN +// India +ਭਾਰਤ + +// xn--45brj9c ("Bharat" Bengali) : IN +// India +ভারত + +// xn--xkc2dl3a5ee0h ("India" Tamil) : IN +// India +இந்தியா + +// xn--mgba3a4f16a ("Iran" Persian) : IR +ایران + +// xn--mgba3a4fra ("Iran" Arabic) : IR +ايران + +// xn--mgbayh7gpa ("al-Ordon" Arabic) : JO +// National Information Technology Center (NITC) +// Royal Scientific Society, Al-Jubeiha +الاردن + +// xn--3e0b707e ("Republic of Korea" Hangul) : KR +한국 + +// xn--80ao21a ("Kaz" Kazakh) : KZ +қаз + +// xn--fzc2c9e2c ("Lanka" Sinhalese-Sinhala) : LK +// http://nic.lk +ලංකා + +// xn--xkc2al3hye2a ("Ilangai" Tamil) : LK +// http://nic.lk +இலங்கை + +// xn--mgbc0a9azcg ("Morocco / al-Maghrib" Arabic) : MA +المغرب + +// xn--l1acc ("mon" Mongolian) : MN +мон + +// xn--mgbx4cd0ab ("Malaysia" Malay) : MY +مليسيا + +// xn--mgb9awbf ("Oman" Arabic) : OM +عمان + +// xn--ygbi2ammx ("Falasteen" Arabic) : PS +// The Palestinian National Internet Naming Authority (PNINA) +// http://www.pnina.ps +فلسطين + +// xn--90a3ac ("srb" Cyrillic) : RS +// http://www.rnids.rs/en/the-.срб-domain +срб +пр.срб +орг.срб +обр.срб +од.срб +упр.срб +ак.срб + +// xn--p1ai ("rf" Russian-Cyrillic) : RU +// http://www.cctld.ru/en/docs/rulesrf.php +рф + +// xn--wgbl6a ("Qatar" Arabic) : QA +// http://www.ict.gov.qa/ +قطر + +// xn--mgberp4a5d4ar ("AlSaudiah" Arabic) : SA +// http://www.nic.net.sa/ +السعودية + +// xn--mgberp4a5d4a87g ("AlSaudiah" Arabic) variant : SA +السعودیة + +// xn--mgbqly7c0a67fbc ("AlSaudiah" Arabic) variant : SA +السعودیۃ + +// xn--mgbqly7cvafr ("AlSaudiah" Arabic) variant : SA +السعوديه + +// xn--ogbpf8fl ("Syria" Arabic) : SY +سورية + +// xn--mgbtf8fl ("Syria" Arabic) variant : SY +سوريا + +// xn--yfro4i67o Singapore ("Singapore" Chinese-Han) : SG +新加坡 + +// xn--clchc0ea0b2g2a9gcd ("Singapore" Tamil) : SG +சிங்கப்பூர் + +// xn--o3cw4h ("Thai" Thai) : TH +// http://www.thnic.co.th +ไทย + +// xn--pgbs0dh ("Tunis") : TN +// http://nic.tn +تونس + +// xn--kpry57d ("Taiwan" Chinese-Han-Traditional) : TW +// http://www.twnic.net/english/dn/dn_07a.htm +台灣 + +// xn--kprw13d ("Taiwan" Chinese-Han-Simplified) : TW +// http://www.twnic.net/english/dn/dn_07a.htm +台湾 + +// xn--nnx388a ("Taiwan") variant : TW +臺灣 + +// xn--j1amh ("ukr" Cyrillic) : UA +укр + +// xn--mgb2ddes ("AlYemen" Arabic) : YE +اليمن + +// xxx : http://icmregistry.com +xxx + +// ye : http://www.y.net.ye/services/domain_name.htm +*.ye + +// za : http://www.zadna.org.za/slds.html +*.za + +// zm : http://en.wikipedia.org/wiki/.zm +*.zm + +// zw : http://en.wikipedia.org/wiki/.zw +*.zw + + +// xn--80asehdb : 2013-07-14 CORE Association +онлайн + +// xn--80aswg : 2013-07-14 CORE Association +сайт + +// xn--ngbc5azd : 2013-07-14 International Domain Registry Pty. Ltd. +شبكة + +// xn--unup4y : 2013-07-14 Spring Fields, LLC +游戏 + +// xn--vhquv : 2013-08-28 Dash McCook, LLC +企业 + +// camera : 2013-08-28 Atomic Maple, LLC +camera + +// clothing : 2013-08-28 Steel Lake, LLC +clothing + +// lighting : 2013-08-28 John McCook, LLC +lighting + +// singles : 2013-08-28 Fern Madison, LLC +singles + +// ventures : 2013-08-28 Binky Lake, LLC +ventures + +// voyage : 2013-08-28 Ruby House, LLC +voyage + +// guru : 2013-08-28 Pioneer Cypress, LLC +guru + +// holdings : 2013-08-28 John Madison, LLC +holdings + +// equipment : 2013-08-28 Corn Station, LLC +equipment + +// bike : 2013-08-28 Grand Hollow, LLC +bike + +// estate : 2013-08-28 Trixy Park, LLC +estate + +// tattoo : 2013-08-30 Uniregistry,Corp. +tattoo + +// xn--3ds443g : 2013-09-09 TLD Registry Limited +在线 + +// xn--fiq228c5hs : 2013-09-09 TLD Registry Limited +中文网 + +// land : 2013-09-10 Pine Moon, LLC +land + +// plumbing : 2013-09-10 Spring Tigers, LLC +plumbing + +// contractors : 2013-09-10 Magic Woods, LLC +contractors + +// sexy : 2013-09-11 Uniregistry,Corp. +sexy + +// menu : 2013-09-11 Wedding TLD2, LLC +menu + +// xn--rhqv96g : 2013-09-11 Stable Tone Limited +世界 + +// uno : 2013-09-11 Dot Latin, LLC +uno + +// gallery : 2013-09-13 Sugar House, LLC +gallery + +// technology : 2013-09-13 Auburn Falls +technology + +// xn--3bst00m : 2013-09-13 Eagle Horizon Limited +集团 + +// reviews : 2013-09-13 Extra Cover, LLC +reviews + +// guide : 2013-09-13 Snow Moon, LLC +guide + +// xn--6qq986b3x1 : 2013-09-13 Tycoon Treasure Limited +我爱你 + +// graphics : 2013-09-13 Over Madison, LLC +graphics + +// construction : 2013-09-13 Fox Dynamite, LLC +construction + +// onl : 2013-09-16 I-Registry Ltd. +onl + +// xn--q9jyb4c : 2013-09-17 Charleston Road Registry +みんな + +// diamonds : 2013-09-23 John Edge, LLC +diamonds + +// kiwi : 2013-09-23 Dot Kiwi Limited +kiwi + +// enterprises : 2013-09-23 Snow Oaks LLC +enterprises + +// today : 2013-09-23 Pearl Woods, LLC +today + +// futbol : 2013-09-23 Atomic Falls, LLC +futbol + +// photography : 2013-09-23 Sugar Glen, LLC +photography + +// tips : 2013-09-23 Corn Willow, LLC +tips + +// directory : 2013-09-23 Extra Madison, LLC +directory + +// kitchen : 2013-09-23 Just Goodbye, LLC +kitchen + +// xn--6frz82g : 2013-09-24 Afilias Limited +移动 + +// kim : 2013-09-24 Afilias Limited +kim + +// xn--cg4bki : 2013-09-27 Samsung SDS Co., LTD +삼성 + +// monash : 2013-10-01 Monash University +monash + +// wed : 2013-10-02 Atgron, Inc. +wed + +// pink : 2013-10-02 Afilias Limited +pink + +// ruhr : 2013-10-02 regiodot GmbH & Co. KG +ruhr + +// buzz : 2013-10-03 DOTSTRATEGY CO. +buzz + +// careers : 2013-10-03 Wild Corner, LLC +careers + +// shoes : 2013-10-03 Binky Galley, LLC +shoes + +// xn--4gbrim : 2013-10-07 Suhub Electronic Establishment +موقع + +// career : 2013-10-09 dotCareer, LLC +career + +// otsuka : 2013-10-11 Otsuka Holdings Co. Ltd. +otsuka + +// xn--fiQ64b : 2013-10-14 CITIC Group Corporation +中信 + +// gift : 2013-10-18 Uniregistry Corp. +gift + +// recipes : 2013-10-18 Grand Island, LLC +recipes + +// coffee : 2013-10-18 Trixy Cover, LLC +coffee + +// luxury : 2013-10-18 Luxury Partners, LLC +luxury + +// domains : 2013-10-18 Sugar Cross, LLC +domains + +// photos : 2013-10-18 Sea Corner, LLC +photos + +// limo : 2013-10-18 Hidden Frostbite, LLC +limo + +// viajes : 2013-10-18 Black Madison, LLC +viajes + +// wang : 2013-10-24 Zodiac Leo Limited +wang + +// democrat : 2013-10-24 United TLD Holdco Ltd. +democrat + +// mango : 2013-10-25 PUNTO FA S.L. +mango + +// cab : 2013-10-25 Half Sunset, LLC +cab + +// support : 2013-10-25 Grand Orchard, LLC +support + +// dance : 2013-10-25 United TLD Holdco Ltd. +dance + +// nagoya : 2013-10-25 GMO Registry, Inc. +nagoya + +// computer : 2013-10-25 Pine Mill, LLC +computer + +// wien : 2013-10-28 punkt.wien GmbH +wien + +// berlin : 2013-10-31 dotBERLIN GmbH & Co. KG +berlin + +// codes : 2013-10-31 Puff Willow, LLC +codes + +// email : 2013-10-31 Spring Madison, LLC +email + +// xn--mgbab2bd : 2013-10-31 CORE Association +بازار + +// repair : 2013-11-07 Lone Sunset, LLC +repair + +// holiday : 2013-11-07 Goose Woods, LLC +holiday + +// center : 2013-11-07 Tin Mill, LLC +center + +// systems : 2013-11-07 Dash Cypress, LLC +systems + +// wiki : 2013-11-07 Top Level Design, LLC +wiki + +// ceo : 2013-11-07 CEOTLD Pty Ltd +ceo + +// international : 2013-11-07 Wild Way, LLC +international + +// solar : 2013-11-07 Ruby Town, LLC +solar + +// company : 2013-11-07 Silver Avenue, LLC +company + +// education : 2013-11-07 Brice Way, LLC +education + +// training : 2013-11-07 Wild Willow, LLC +training + +// academy : 2013-11-07 Half Oaks, LLC +academy + +// marketing : 2013-11-07 Fern Pass, LLC +marketing + +// florist : 2013-11-08 Half Cypress, LLC +florist + +// solutions : 2013-11-07 Silver Cover, LLC +solutions + +// build : 2013-11-07 Plan Bee LLC +build + +// institute : 2013-11-07 Outer Maple, LLC +institute + +// builders : 2013-11-07 Atomic Madison, LLC +builders + +// red : 2013-11-07 Afilias Limited +red + +// blue : 2013-11-07 Afilias Limited +blue + +// ninja : 2013-11-07 United TLD Holdco Ltd. +ninja + +// business : 2013-11-07 Spring Cross, LLC +business + +// gal : 2013-11-07 Asociación puntoGAL +gal + +// social : 2013-11-07 United TLD Holdco Ltd. +social + +// house : 2013-11-07 Sugar Park, LLC +house + +// camp : 2013-11-07 Delta Dynamite, LLC +camp + +// immobilien : 2013-11-07 United TLD Holdco Ltd. +immobilien + +// moda : 2013-11-07 United TLD Holdco Ltd. +moda + +// glass : 2013-11-07 Black Cover, LLC +glass + +// management : 2013-11-07 John Goodbye, LLC +management + +// kaufen : 2013-11-07 United TLD Holdco Ltd. +kaufen + +// farm : 2013-11-07 Just Maple, LLC +farm + +// xn--55qw42g : 2013-11-08 China Organizational Name Administration Center +公益 + +// xn--zfr164b : 2013-11-08 China Organizational Name Administration Center +政务 + +// club : 2013-11-08 .CLUB DOMAINS, LLC +club + +// voting : 2013-11-13 Valuetainment Corp. +voting + +// TOKYO : 2013-11-13 GMO Registry, Inc. +tokyo + +// moe : 2013-11-13 Interlink Co., Ltd. +moe + +// guitars : 2013-11-14 Uniregistry, Corp. +guitars + +// bargains : 2013-11-14 Half Hallow, LLC +bargains + +// xn--nqv7fs00ema : 2013-11-14 Public Interest Registry +组织机构 + +// desi : 2013-11-14 Desi Networks LLC +desi + +// cool : 2013-11-14 Koko Lake, LLC +cool + +// boutique : 2013-11-14 Over Galley, LLC +boutique + +// pics : 2013-11-14 Uniregistry, Corp. +pics + +// xn--c1avg : 2013-11-14 Public Interest Registry +орг + +// xn--55qx5d : 2013-11-14 Computer Network Information Center of Chinese Academy of Sciences （China Internet Network Information Center） +公司 + +// xn--io0a7i : 2013-11-14 Computer Network Information Center of Chinese Academy of Sciences （China Internet Network Information Center） +网络 + +// cheap : 2013-11-14 Sand Cover, LLC +cheap + +// xn--xhq521b : 2013-11-14 Guangzhou YU Wei Information Technology Co., Ltd. +广东 + +// photo : 2013-11-14 Uniregistry, Corp. +photo + +// network : 2013-11-14 Trixy Manor, LLC +network + +// zone : 2013-11-14 Outer Falls, LLC +zone + +// xn--nqv7f : 2013-11-14 Public Interest Registry +机构 + +// link : 2013-11-14 Uniregistry, Corp. +link + +// QPON : 2013-11-14 dotCOOL, Inc. +qpon + +// xn--i1b6b1a6a2e : 2013-11-14 Public Interest Registry +संगठन + +// agency : 2013-11-14 Steel Falls, LLC +agency + +// tienda : 2013-11-14 Victor Manor, LLC +tienda + +// works : 2013-11-14 Little Dynamite, LLC +works + +// london : 2013-11-14 Dot London Domains Limited +london + +// watch : 2013-11-14 Sand Shadow, LLC +watch + +// rocks : 2013-11-14 Ruby Moon, LLC +rocks + +// SHIKSHA : 2013-11-14 Afilias Limited +shiksha + +// xn--d1acj3b : 2013-11-21 The Foundation for Network Initiatives “The Smart Internet” +дети + +// budapest : 2013-11-21 Top Level Domain Holdings Limited +budapest + +// nrw : 2013-11-21 Minds + Machines GmbH +nrw + +// VOTE : 2013-11-21 Monolith Registry LLC +vote + +// fishing : 2013-11-21 Top Level Domain Holdings Limited +fishing + +// expert : 2013-11-21 Magic Pass, LLC +expert + +// horse : 2013-11-21 Top Level Domain Holdings Limited +horse + +// christmas : 2013-11-21 Uniregistry, Corp. +christmas + +// cooking : 2013-11-21 Top Level Domain Holdings Limited +cooking + +// xn--czru2d : 2013-11-21 Zodiac Capricorn Limited +商城 + +// casa : 2013-11-21 Top Level Domain Holdings Limited +casa + +// rich : 2013-11-21 I-REGISTRY Ltd., Niederlassung Deutschland +rich + +// VOTO : 2013-11-21 Monolith Registry LLC +voto + +// tools : 2013-11-21 Pioneer North, LLC +tools + +// xn--45q11c : 2013-11-21 Zodiac Scorpio Limited +八卦 + +// praxi : 2013-12-05 Praxi S.p.A. +praxi + +// events : 2013-12-05 Pioneer Maple, LLC +events + +// flights : 2013-12-05 Fox Station, LLC +flights + +// report : 2013-12-05 Binky Glen, LLC +report + +// partners : 2013-12-05 Magic Glen, LLC +partners + +// neustar : 2013-12-05 NeuStar, Inc. +neustar + +// rentals : 2013-12-05 Big Hollow,LLC +rentals + +// catering : 2013-12-05 New Falls. LLC +catering + +// community : 2013-12-05 Fox Orchard, LLC +community + +// maison : 2013-12-05 Victor Frostbite, LLC +maison + +// parts : 2013-12-05 Sea Goodbye, LLC +parts + +// cleaning : 2013-12-05 Fox Shadow, LLC +cleaning + +// okinawa : 2013-12-05 BusinessRalliart inc. +okinawa + +// foundation : 2013-12-05 John Dale, LLC +foundation + +// properties : 2013-12-05 Big Pass, LLC +properties + +// vacations : 2013-12-05 Atomic Tigers, LLC +vacations + +// productions : 2013-12-05 Magic Birch, LLC +productions + +// industries : 2013-12-05 Outer House, LLC +industries + +// haus : 2013-12-05 Pixie Edge, LLC +haus + +// vision : 2013-12-05 Koko Station, LLC +vision + +// mormon : 2013-12-05 IRI Domain Management, LLC (""Applicant"") +mormon + +// cards : 2013-12-05 Foggy Hollow, LLC +cards + +// ink : 2013-12-05 Top Level Design, LLC +ink + +// villas : 2013-12-05 New Sky, LLC +villas + +// consulting : 2013-12-05 Pixie Station, LLC +consulting + +// cruises : 2013-12-05 Spring Way, LLC +cruises + +// krd : 2013-12-05 KRG Department of Information Technology +krd + +// xyz : 2013-12-05 XYZ.COM LLC +xyz + +// dating : 2013-12-05 Pine Fest, LLC +dating + +// exposed : 2013-12-05 Victor Beach, LLC +exposed + +// condos : 2013-12-05 Pine House, LLC +condos + +// eus : 2013-12-12 Puntueus Fundazioa +eus + +// Caravan : 2013-12-12 Caravan International, Inc. +caravan + +// actor : 2013-12-12 United TLD Holdco Ltd. +actor + +// saarland : 2013-12-12 dotSaarland GmbH +saarland + +// yokohama : 2013-12-12 GMO Registry, Inc. +yokohama + +// pub : 2013-12-12 United TLD Holdco Ltd. +pub + +// xn--p1acf : 2013-12-12 Rusnames Limited +рус + +// ren : 2013-12-12 Beijing Qianxiang Wangjing Technology Development Co., Ltd. +ren + +// fish : 2013-12-12 Fox Woods, LLC +fish + +// BAR : 2013-12-12 Punto 2012 Sociedad Anonima Promotora de Inversion de Capital Variable +bar + +// DNP : 2013-12-13 Dai Nippon Printing Co., Ltd. +dnp + +// bid : 2013-12-19 dot Bid Limited +bid + +// supply : 2013-12-19 Half Falls, LLC +supply + +// Miami : 2013-12-19 Top Level Domain Holdings Limited +miami + +// supplies : 2013-12-19 Atomic Fields, LLC +supplies + +// quebec : 2013-12-19 PointQuébec Inc +quebec + +// MOSCOW : 2013-12-19 Foundation for Assistance for Internet Technologies and Infrastructure Development (FAITID) +moscow + +// globo : 2013-12-19 Globo Comunicação e Participações S.A +globo + +// AXA : 2013-12-19 AXA SA +axa + +// xn--80adxhks : 2013-12-19 Foundation for Assistance for Internet Technologies and Infrastructure Development (FAITID) +москва + +// xn--czrs0t : 2013-12-19 Wild Island, LLC +商店 + +// vodka : 2013-12-19 Top Level Domain Holdings Limited +vodka + +// REST : 2013-12-19 Punto 2012 Sociedad Anonima Promotora de Inversion de Capital Variable +rest + +// frogans : 2013-12-19 OP3FT +frogans + +// WTC : 2013-12-19 World Trade Centers Association, Inc. +wtc + +// rodeo : 2013-12-19 Top Level Domain Holdings Limited +rodeo + +// sohu : 2013-12-19 Sohu.com Limited +sohu + +// BEST : 2013-12-19 BestTLD Pty Ltd +best + +// country : 2013-12-19 Top Level Domain Holdings Limited +country + +// KRED : 2013-12-19 KredTLD Pty Ltd +kred + +// feedback : 2013-12-19 Top Level Spectrum, Inc. +feedback + +// work : 2013-12-19 Top Level Domain Holdings Limited +work + +// luxe : 2014-01-09 Top Level Domain Holdings Limited +luxe + +// ryukyu : 2014-01-09 BusinessRalliart inc. +ryukyu + +// autos : 2014-01-09 DERAutos, LLC +autos + +// homes : 2014-01-09 DERHomes, LLC +homes + +// jetzt : 2014-01-09 New TLD Company AB +jetzt + +// yachts : 2014-01-09 DERYachts, LLC +yachts + +// motorcycles : 2014-01-09 DERMotorcycles, LLC +motorcycles + +// mini : 2014-01-09 Bayerische Motoren Werke Aktiengesellschaft +mini + +// ggee : 2014-01-09 GMO Internet, Inc. +ggee + +// beer : 2014-01-09 Top Level Domain Holdings Limited +beer + +// xn--1qqw23a : 2014-01-13 Guangzhou YU Wei Information Technology Co., Ltd. +佛山 + +// college : 2014-01-16 XYZ.COM LLC +college + +// ovh : 2014-01-16 OVH SAS +ovh + +// meet : 2014-01-16 Afilias Limited +meet + +// xn--ses554g : 2014-01-16 HU YI GLOBAL INFORMATION RESOURCES (HOLDING) COMPANY. HONGKONG LIMITED +网址 + +// gop : 2014-01-16 Republican State Leadership Committee, Inc. +gop + +// blackfriday : 2014-01-16 Uniregistry, Corp. +blackfriday + +// lacaixa : 2014-01-16 CAIXA D'ESTALVIS I PENSIONS DE BARCELONA +lacaixa + +// xn--czr694b : 2014-01-16 HU YI GLOBAL INFORMATION RESOURCES(HOLDING) COMPANY.HONGKONG LIMITED +商标 + +// vegas : 2014-01-16 Dot Vegas, Inc. +vegas + +// black : 2014-01-16 Afilias Limited +black + +// soy : 2014-01-23 Charleston Road Registry Inc. +soy + +// trade : 2014-01-23 Elite Registry Limited +trade + +// gent : 2014-01-23 COMBELL GROUP NV/SA +gent + +// ing : 2014-01-23 Charleston Road Registry Inc. +ing + +// dad : 2014-01-23 Charleston Road Registry Inc. +dad + +// shriram : 2014-01-23 Shriram Capital Ltd. +shriram + +// bayern : 2014-01-23 Bayern Connect GmbH +bayern + +// scot : 2014-01-23 Dot Scot Registry Limited +scot + +// webcam : 2014-01-23 dot Webcam Limited +webcam + +// foo : 2014-01-23 Charleston Road Registry Inc. +foo + +// eat : 2014-01-23 Charleston Road Registry Inc. +eat + +// nyc : 2014-01-23 The City of New York +nyc + +// prod : 2014-01-23 Charleston Road Registry Inc. +prod + +// how : 2014-01-23 Charleston Road Registry Inc. +how + +// day : 2014-01-30 Charleston Road Registry Inc. +day + +// meme : 2014-01-30 Charleston Road Registry Inc. +meme + +// mov : 2014-01-30 Charleston Road Registry Inc. +mov + +// paris : 2014-01-30 City of Paris +paris + +// boo : 2014-01-30 Charleston Road Registry Inc. +boo + +// new : 2014-01-30 Charleston Road Registry Inc. +new + +// ifm : 2014-01-30 ifm electronic gmbh +ifm + +// life : 2014-02-06 Trixy Oaks, LLC +life + +// archi : 2014-02-06 STARTING DOT LIMITED +archi + +// spiegel : 2014-02-06 SPIEGEL-Verlag Rudolf Augstein GmbH & Co. KG +spiegel + +// brussels : 2014-02-06 DNS.be vzw +brussels + +// church : 2014-02-06 Holly Fileds, LLC +church + +// here : 2014-02-06 Charleston Road Registry Inc. +here + +// dabur : 2014-02-06 Dabur India Limited +dabur + +// vlaanderen : 2014-02-06 DNS.be vzw +vlaanderen + +// cologne : 2014-02-06 NetCologne Gesellschaft für Telekommunikation mbH +cologne + +// xn--kput3i : 2014-02-13 Beijing RITT-Net Technology Development Co., Ltd +手机 + +// wme : 2014-02-13 William Morris Endeavor Entertainment, LLC +wme + +// nhk : 2014-02-13 Japan Broadcasting Corporation (NHK) +nhk + +// suzuki : 2014-02-20 SUZUKI MOTOR CORPORATION +suzuki + +// whoswho : 2014-02-20 Who's Who Registry +whoswho + +// scb : 2014-02-20 The Siam Commercial Bank Public Company Limited ("SCB""\) +scb + +// hamburg : 2014-02-20 Hamburg Top-Level-Domain GmbH +hamburg + +// services : 2014-02-27 Fox Castle, LLC +services + +// bzh : 2014-02-27 Association www.bzh +bzh + +// rio : 2014-02-27 Empresa Municipal de Informática SA - IPLANRIO +rio + +// cash : 2014-03-07 Delta Lake, LLC +cash + +// gives : 2014-03-07 United TLD Holdco Ltd. +gives + +// hiphop : 2014-03-07 Uniregistry, Corp. +hiphop + +// degree : 2014-03-07 Puff House, LLC +degree + +// digital : 2014-03-07 Dash Park, LLC +digital + +// rehab : 2014-03-07 United TLD Holdco Ltd. +rehab + +// wtf : 2014-03-07 Hidden Way, LLC +wtf + +// financial : 2014-03-07 Just Cover, LLC +financial + +// limited : 2014-03-07 Big Fest, LLC +limited + +// discount : 2014-03-07 Holly Hill, LLC +discount + +// fail : 2014-03-07 Atomic Pipe, LLC +fail + +// vet : 2014-03-07 Wild Dale, LLC +vet + +// ngo : 2014-03-07 Public Interest Registry +ngo + +// fitness : 2014-03-07 Brice Orchard, LLC +fitness + +// schule : 2014-03-07 Outer Moon, LLC +schule + +// navy : 2014-03-07 United TLD Holdco Ltd. +navy + +// bio : 2014-03-07 STARTING DOT LIMITED +bio + +// ong : 2014-03-07 Public Interest Registry +ong + +// town : 2014-03-07 Koko Moon, LLC +town + +// toys : 2014-03-07 Pioneer Orchard, LLC +toys + +// army : 2014-03-07 United TLD Holdco Ltd. +army + +// engineering : 2014-03-07 Romeo Canyon +engineering + +// capital : 2014-03-07 Delta Mill, LLC +capital + +// exchange : 2014-03-07 Spring Falls, LLC +exchange + +// fan : 2014-03-07 Goose Glen, LLC +fan + +// market : 2014-03-07 Victor Way, LLC +market + +// media : 2014-03-07 Grand Glen, LLC +media + +// lease : 2014-03-07 Victor Trail, LLC +lease + +// university : 2014-03-07 Little Station, LLC +university + +// reisen : 2014-03-07 New Cypress, LLC +reisen + +// airforce : 2014-03-07 United TLD Holdco Ltd. +airforce + +// pictures : 2014-03-07 Foggy Sky, LLC +pictures + +// gripe : 2014-03-07 Corn Sunset, LLC +gripe -// uy : http://www.nic.org.uy/ -uy -com.uy -edu.uy -gub.uy -mil.uy -net.uy -org.uy +// engineering : 2014-03-07 United TLD Holdco Ltd. +engineering -// uz : http://www.reg.uz/ -uz -co.uz -com.uz -net.uz -org.uz +// associates : 2014-03-07 Baxter Hill, LLC +associates -// va : http://en.wikipedia.org/wiki/.va -va +// xn--mxtq1m : 2014-03-07 Net-Chinese Co., Ltd. +政府 -// vc : http://en.wikipedia.org/wiki/.vc -// Submitted by registry <kshah(a)ca.afilias.info> 2008-06-13 -vc -com.vc -net.vc -org.vc -gov.vc -mil.vc -edu.vc +// williamhill : 2014-03-13 William Hill Organization Limited +williamhill -// ve : https://registro.nic.ve/ -// Confirmed by registry 2012-10-04 -ve -co.ve -com.ve -e12.ve -edu.ve -gov.ve -info.ve -mil.ve -net.ve -org.ve -web.ve +// hiv : 2014-03-13 dotHIV gemeinnuetziger e.V. +hiv -// vg : http://en.wikipedia.org/wiki/.vg -vg +// sca : 2014-03-13 SVENSKA CELLULOSA AKTIEBOLAGET SCA (publ) +sca -// vi : http://www.nic.vi/newdomainform.htm -// http://www.nic.vi/Domain_Rules/body_domain_rules.html indicates some other -// TLDs are "reserved", such as edu.vi and gov.vi, but doesn't actually say they -// are available for registration (which they do not seem to be). -vi -co.vi -com.vi -k12.vi -net.vi -org.vi +// reise : 2014-03-13 dotreise GmbH +reise -// vn : https://www.dot.vn/vnnic/vnnic/domainregistration.jsp -vn -com.vn -net.vn -org.vn -edu.vn -gov.vn -int.vn -ac.vn -biz.vn -info.vn -name.vn -pro.vn -health.vn +// accountants : 2014-03-20 Knob Town, LLC +accountants -// vu : http://en.wikipedia.org/wiki/.vu -// list of 2nd level tlds ? -vu +// clinic : 2014-03-20 Goose Park, LLC +clinic -// wf : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf -wf +// versicherung : 2014-03-20 dotversicherung-registry GmbH +versicherung -// ws : http://en.wikipedia.org/wiki/.ws -// http://samoanic.ws/index.dhtml -ws -com.ws -net.ws -org.ws -gov.ws -edu.ws +// top : 2014-03-20 Jiangsu Bangning Science & Technology Co.,Ltd. +top -// yt : http://www.afnic.fr/medias/documents/AFNIC-naming-policy2012.pdf -yt +// furniture : 2014-03-20 Lone Fields, LLC +furniture -// IDN ccTLDs -// Please sort by ISO 3166 ccTLD, then punicode string -// when submitting patches and follow this format: -// <Punicode> ("<english word>" <language>) : <ISO 3166 ccTLD> -// [optional sponsoring org] -// <URL> +// dental : 2014-03-20 Tin Birch, LLC +dental -// xn--mgbaam7a8h ("Emerat" Arabic) : AE -// http://nic.ae/english/arabicdomain/rules.jsp -امارات +// fund : 2014-03-20 John Castle, LLC +fund -// xn--54b7fta0cc ("Bangla" Bangla) : BD -বাংলা +// creditcard : 2014-03-20 Binky Frostbite, LLC +creditcard -// xn--fiqs8s ("China" Chinese-Han-Simplified <.Zhonggou>) : CN -// CNNIC -// http://cnnic.cn/html/Dir/2005/10/11/3218.htm -中国 +// insure : 2014-03-20 Pioneer Willow, LLC +insure -// xn--fiqz9s ("China" Chinese-Han-Traditional <.Zhonggou>) : CN -// CNNIC -// http://cnnic.cn/html/Dir/2005/10/11/3218.htm -中國 +// audio : 2014-03-20 Uniregistry, Corp. +audio -// xn--lgbbat1ad8j ("Algeria / Al Jazair" Arabic) : DZ -الجزائر +// claims : 2014-03-20 Black Corner, LLC +claims -// xn--wgbh1c ("Egypt" Arabic .masr) : EG -// http://www.dotmasr.eg/ -مصر +// loans : 2014-03-20 June Woods, LLC +loans -// xn--node ("ge" Georgian (Mkhedruli)) : GE -გე +// auction : 2014-03-20 Sand Galley, LLC +auction -// xn--j6w193g ("Hong Kong" Chinese-Han) : HK -// https://www2.hkirc.hk/register/rules.jsp -香港 +// attorney : 2014-03-20 Victor North, LLC +attorney -// xn--h2brj9c ("Bharat" Devanagari) : IN -// India -भारत +// finance : 2014-03-20 Cotton Cypress, LLC +finance -// xn--mgbbh1a71e ("Bharat" Arabic) : IN -// India -بھارت +// investments : 2014-03-20 Holly Glen, LLC +investments -// xn--fpcrj9c3d ("Bharat" Telugu) : IN -// India -భారత్ +// juegos : 2014-03-20 Uniregistry, Corp. +juegos -// xn--gecrj9c ("Bharat" Gujarati) : IN -// India -ભારત +// dentist : 2014-03-20 Outer Lake, LLC +dentist -// xn--s9brj9c ("Bharat" Gurmukhi) : IN -// India -ਭਾਰਤ +// lds : 2014-03-20 IRI Domain Management, LLC +lds -// xn--45brj9c ("Bharat" Bengali) : IN -// India -ভারত +// lawyer : 2014-03-20 Atomic Station, LLC +lawyer -// xn--xkc2dl3a5ee0h ("India" Tamil) : IN -// India -இந்தியா +// surgery : 2014-03-20 Tin Avenue, LLC +surgery -// xn--mgba3a4f16a ("Iran" Persian) : IR -ایران +// gratis : 2014-03-20 Pioneer Tigers, LLC +gratis -// xn--mgba3a4fra ("Iran" Arabic) : IR -ايران +// software : 2014-03-20 Over Birch, LLC +software -// xn--mgbayh7gpa ("al-Ordon" Arabic) : JO -// National Information Technology Center (NITC) -// Royal Scientific Society, Al-Jubeiha -الاردن +// mortgage : 2014-03-20 Outer Gardens, LLC +mortgage -// xn--3e0b707e ("Republic of Korea" Hangul) : KR -한국 +// republican : 2014-03-20 United TLD Holdco Ltd. +republican -// xn--fzc2c9e2c ("Lanka" Sinhalese-Sinhala) : LK -// http://nic.lk -ලංකා +// credit : 2014-03-20 Snow Shadow, LLC +credit -// xn--xkc2al3hye2a ("Ilangai" Tamil) : LK -// http://nic.lk -இலங்கை +// tax : 2014-03-20 Storm Orchard, LLC +tax -// xn--mgbc0a9azcg ("Morocco / al-Maghrib" Arabic) : MA -المغرب +// africa : 2014-03-24 ZA Central Registry NPC trading as Registry.Africa +africa -// xn--mgb9awbf ("Oman" Arabic) : OM -عمان +// joburg : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry +joburg -// xn--ygbi2ammx ("Falasteen" Arabic) : PS -// The Palestinian National Internet Naming Authority (PNINA) -// http://www.pnina.ps -فلسطين +// durban : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry +durban -// xn--90a3ac ("srb" Cyrillic) : RS -срб +// capetown : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry +capetown -// xn--p1ai ("rf" Russian-Cyrillic) : RU -// http://www.cctld.ru/en/docs/rulesrf.php -рф +// sap : 2014-03-27 SAP AG +sap -// xn--wgbl6a ("Qatar" Arabic) : QA -// http://www.ict.gov.qa/ -قطر +// datsun : 2014-03-27 NISSAN MOTOR CO., LTD. +datsun -// xn--mgberp4a5d4ar ("AlSaudiah" Arabic) : SA -// http://www.nic.net.sa/ -السعودية +// infiniti : 2014-03-27 NISSAN MOTOR CO., LTD. +infiniti -// xn--mgberp4a5d4a87g ("AlSaudiah" Arabic) variant : SA -السعودیة +// firmdale : 2014-03-27 Firmdale Holdings Limited +firmdale -// xn--mgbqly7c0a67fbc ("AlSaudiah" Arabic) variant : SA -السعودیۃ +// organic : 2014-03-27 Afilias Limited +organic -// xn--mgbqly7cvafr ("AlSaudiah" Arabic) variant : SA -السعوديه +// nissan : 2014-03-27 NISSAN MOTOR CO., LTD. +nissan -// xn--ogbpf8fl ("Syria" Arabic) : SY -سورية +// website : 2014-04-03 DotWebsite Inc. +website -// xn--mgbtf8fl ("Syria" Arabic) variant : SY -سوريا +// space : 2014-04-03 DotSpace Inc. +space -// xn--yfro4i67o Singapore ("Singapore" Chinese-Han) : SG -新加坡 +// schmidt : 2014-04-03 SALM S.A.S. +schmidt -// xn--clchc0ea0b2g2a9gcd ("Singapore" Tamil) : SG -சிங்கப்பூர் +// cuisinella : 2014-04-03 SALM S.A.S. +cuisinella -// xn--o3cw4h ("Thai" Thai) : TH -// http://www.thnic.co.th -ไทย +// samsung : 2014-04-03 SAMSUNG SDS CO., LTD +samsung -// xn--pgbs0dh ("Tunis") : TN -// http://nic.tn -تونس +// crs : 2014-04-03 Federated Co operatives Limited +crs -// xn--kpry57d ("Taiwan" Chinese-Han-Traditional) : TW -// http://www.twnic.net/english/dn/dn_07a.htm -台灣 +// doosan : 2014-04-03 Doosan Corporation +doosan -// xn--kprw13d ("Taiwan" Chinese-Han-Simplified) : TW -// http://www.twnic.net/english/dn/dn_07a.htm -台湾 +// press : 2014-04-03 DotPress Inc. +press -// xn--nnx388a ("Taiwan") variant : TW -臺灣 +// emerck : 2014-04-03 Merck KGaA +emerck -// xn--j1amh ("ukr" Cyrillic) : UA -укр +// erni : 2014-04-03 ERNI Group Holding AG +erni -// xn--mgb2ddes ("AlYemen" Arabic) : YE -اليمن +// direct : 2014-04-10 Half Trail, LLC +direct -// xxx : http://icmregistry.com -xxx +// yandex : 2014-04-10 YANDEX, LLC +yandex -// ye : http://www.y.net.ye/services/domain_name.htm -*.ye +// lotto : 2014-04-10 Afilias Limited +lotto -// za : http://www.zadna.org.za/slds.html -*.za +// toshiba : 2014-04-10 TOSHIBA Corporation +toshiba -// zm : http://en.wikipedia.org/wiki/.zm -*.zm +// bauhaus : 2014-04-17 Werkhaus GmbH +bauhaus -// zw : http://en.wikipedia.org/wiki/.zw -*.zw +// host : 2014-04-17 DotHost Inc. +host + +// ltda : 2014-04-17 DOMAIN ROBOT SERVICOS DE HOSPEDAGEM NA INTERNET LTDA +ltda + +// global : 2014-04-17 Dot GLOBAL AS +global + +// abogado : 2014-04-24 Top Level Domain Holdings Limited +abogado + +// place : 2014-04-24 Snow Galley, LLC +place + +// tirol : 2014-04-24 punkt Tirol GmbH +tirol + +// gmx : 2014-04-24 1&1 Mail & Media GmbH +gmx + +// tatar : 2014-04-24 Limited Liability Company "Coordination Center of Regional Domain of Tatarstan Republic" +tatar + +// scholarships : 2014-04-24 Scholarships.com, LLC +scholarships + +// eurovision : 2014-04-24 European Broadcasting Union (EBU) +eurovision + +// wedding : 2014-04-24 Top Level Domain Holdings Limited +wedding + +// active : 2014-05-01 The Active Network, Inc +active + +// madrid : 2014-05-01 Comunidad de Madrid +madrid + +// youtube : 2014-05-01 Charleston Road Registry Inc. +youtube + +// sharp : 2014-05-01 Sharp Corporation +sharp + +// uol : 2014-05-01 UBN INTERNET LTDA. +uol + +// physio : 2014-05-01 PhysBiz Pty Ltd +physio + +// gmail : 2014-05-01 Charleston Road Registry Inc. +gmail + +// channel : 2014-05-08 Charleston Road Registry Inc. +channel + +// fly : 2014-05-08 Charleston Road Registry Inc. +fly + +// zip : 2014-05-08 Charleston Road Registry Inc. +zip + +// esq : 2014-05-08 Charleston Road Registry Inc. +esq + +// rsvp : 2014-05-08 Charleston Road Registry Inc. +rsvp + +// wales : 2014-05-08 Nominet UK +wales + +// cymru : 2014-05-08 Nominet UK +cymru + +// green : 2014-05-08 Afilias Limited +green + +// lgbt : 2014-05-08 Afilias Limited +lgbt + +// xn--hxt814e : 2014-05-15 Zodiac Libra Limited +网店 + +// cancerresearch : 2014-05-15 Australian Cancer Research Foundation +cancerresearch + +// everbank : 2014-05-15 EverBank +everbank + +// frl : 2014-05-15 FRLregistry B.V. +frl + +// property : 2014-05-22 Uniregistry, Corp. +property + +// forsale : 2014-05-22 Sea Oaks, LLC +forsale + +// seat : 2014-05-22 SEAT, S.A. (Sociedad Unipersonal) +seat + +// deals : 2014-05-22 Sand Sunset, LLC +deals + +// nra : 2014-05-22 NRA Holdings Company, INC. +nra + +// xn--fjq720a : 2014-05-22 Will Bloom, LLC +娱乐 + +// realtor : 2014-05-29 Real Estate Domains LLC +realtor + +// bnpparibas : 2014-05-29 BNP Paribas +bnpparibas + +// melbourne : 2014-05-29 The Crown in right of the State of Victoria, represented by its Department of State Development, Business and Innovation +melbourne + +// hosting : 2014-05-29 Uniregistry, Corp. +hosting + +// yoga : 2014-05-29 Top Level Domain Holdings Limited +yoga + +// city : 2014-05-29 Snow Sky, LLC +city + +// bond : 2014-06-05 Bond University Limited +bond + +// click : 2014-06-05 Uniregistry, Corp. +click + +// cern : 2014-06-05 European Organization for Nuclear Research ("CERN") +cern // ===END ICANN DOMAINS=== // ===BEGIN PRIVATE DOMAINS=== // Amazon CloudFront : https://aws.amazon.com/cloudfront/ -// Requested by Donavan Miller <donavanm(a)amazon.com> 2013-03-22 +// Submitted by Donavan Miller <donavanm(a)amazon.com> 2013-03-22 cloudfront.net // Amazon Elastic Compute Cloud: https://aws.amazon.com/ec2/ -// Requested by Osman Surkatty <osmans(a)amazon.com> 2013-04-02 -compute.amazonaws.com -us-east-1.amazonaws.com -compute-1.amazonaws.com -z-1.compute-1.amazonaws.com -z-2.compute-1.amazonaws.com +// Submitted by Osman Surkatty <osmans(a)amazon.com> 2014-05-20 ap-northeast-1.compute.amazonaws.com ap-southeast-1.compute.amazonaws.com ap-southeast-2.compute.amazonaws.com +cn-north-1.compute.amazonaws.cn +compute.amazonaws.cn +compute.amazonaws.com +compute-1.amazonaws.com eu-west-1.compute.amazonaws.com sa-east-1.compute.amazonaws.com +us-east-1.amazonaws.com us-gov-west-1.compute.amazonaws.com us-west-1.compute.amazonaws.com us-west-2.compute.amazonaws.com +z-1.compute-1.amazonaws.com +z-2.compute-1.amazonaws.com -// Amazon Elastic Beanstalk : https://aws.amazon.com/elasticbeanstalk/ -// Requested by Adam Stein <astein(a)amazon.com> 2013-04-02 +// Amazon Elastic Beanstalk : https://aws.amazon.com/elasticbeanstalk/ +// Submitted by Adam Stein <astein(a)amazon.com> 2013-04-02 elasticbeanstalk.com // Amazon Elastic Load Balancing : https://aws.amazon.com/elasticloadbalancing/ -// Requested by Scott Vidmar <svidmar(a)amazon.com> 2013-03-27 +// Submitted by Scott Vidmar <svidmar(a)amazon.com> 2013-03-27 elb.amazonaws.com // Amazon S3 : https://aws.amazon.com/s3/ -// Requested by Courtney Eckhardt <coec(a)amazon.com> 2013-03-22 +// Submitted by Courtney Eckhardt <coec(a)amazon.com> 2013-03-22 s3.amazonaws.com s3-us-west-2.amazonaws.com s3-us-west-1.amazonaws.com @@ -6608,26 +8051,27 @@ s3-website-sa-east-1.amazonaws.com s3-website-us-gov-west-1.amazonaws.com // BetaInABox -// Requested by adrian(a)betainabox.com 2012-09-13 +// Submitted by adrian(a)betainabox.com 2012-09-13 betainabox.com // CentralNic : http://www.centralnic.com/names/domains -// Requested by registry <gavin.brown(a)centralnic.com> 2012-09-27 +// Submitted by registry <gavin.brown(a)centralnic.com> 2012-09-27 ae.org ar.com br.com cn.com com.de +com.se de.com eu.com gb.com gb.net -gr.com hu.com hu.net jp.net jpn.com kr.com +mex.com no.com qc.com ru.com @@ -6637,13 +8081,38 @@ se.net uk.com uk.net us.com -us.org uy.com +za.bz za.com +// Africa.com Web Solutions Ltd : https://registry.africa.com +// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 +africa.com + +// iDOT Services Limited : http://www.domain.gr.com +// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 +gr.com + +// Radix FZC : http://domains.in.net +// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 +in.net + +// US REGISTRY LLC : http://us.org +// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 +us.org + +// co.com Registry, LLC : https://registry.co.com +// Submitted by Gavin Brown <gavin.brown(a)centralnic.com> 2014-02-04 +co.com + // c.la : http://www.c.la/ c.la +// cloudControl : https://www.cloudcontrol.com/ +// Submitted by Tobias Wilken <tw(a)cloudcontrol.com> 2013-07-23 +cloudcontrolled.com +cloudcontrolapp.com + // co.ca : http://registry.co.ca/ co.ca @@ -6651,8 +8120,12 @@ co.ca co.nl co.no +// Cupcake : https://cupcake.io/ +// Submitted by Jonathan Rudenberg <jonathan(a)cupcake.io> 2013-10-08 +cupcake.is + // DreamHost : http://www.dreamhost.com/ -// Requested by Andrew Farmer <andrew.farmer(a)dreamhost.com> 2012-10-02 +// Submitted by Andrew Farmer <andrew.farmer(a)dreamhost.com> 2012-10-02 dreamhosters.com // DynDNS.com : http://www.dyndns.com/services/dns/dyndns/ @@ -6936,12 +8409,29 @@ webhop.org worse-than.tv writesthisblog.com +// Fastly Inc. http://www.fastly.com/ +// Submitted by Vladimir Vuksan <vladimir(a)fastly.com> 2013-05-31 +a.ssl.fastly.net +b.ssl.fastly.net +global.ssl.fastly.net +a.prod.fastly.net +global.prod.fastly.net + +// Firebase, Inc. +// Submitted by Chris Raynor <chris(a)firebase.com> 2014-01-21 +firebaseapp.com + // GitHub, Inc. -// Requested by Ben Toews <btoews(a)github.com> 2013-04-18 +// Submitted by Ben Toews <btoews(a)github.com> 2014-02-06 github.io +githubusercontent.com + +// GlobeHosting, Inc. +// Submitted by Zoltan Egresi <egresi(a)globehosting.com> 2013-07-12 +ro.com // Google, Inc. -// Requested by Eduardo Vela <evn(a)google.com> 2012-10-24 +// Submitted by Eduardo Vela <evn(a)google.com> 2012-10-24 appspot.com blogspot.be blogspot.bj @@ -6986,14 +8476,15 @@ blogspot.tw codespot.com googleapis.com googlecode.com +withgoogle.com // Heroku : https://www.heroku.com/ -// Requested by Tom Maher <tmaher(a)heroku.com> 2013-05-02 +// Submitted by Tom Maher <tmaher(a)heroku.com> 2013-05-02 herokuapp.com herokussl.com // iki.fi -// Requested by Hannu Aronsson <haa(a)iki.fi> 2009-11-05 +// Submitted by Hannu Aronsson <haa(a)iki.fi> 2009-11-05 iki.fi // info.at : http://www.info.at/ @@ -7003,24 +8494,42 @@ info.at // Michau Enterprises Limited : http://www.co.pl/ co.pl +// Microsoft : http://microsoft.com +// Submitted by Barry Dorrans <bdorrans(a)microsoft.com> 2014-01-24 +azurewebsites.net +azure-mobile.net +cloudapp.net + +// NFSN, Inc. : https://www.NearlyFreeSpeech.NET/ +// Submitted by Jeff Wheelhouse <support(a)nearlyfreespeech.net> 2014-02-02 +nfshost.com + // NYC.mn : http://www.information.nyc.mn -// Requested by Matthew Brown <mattbrown(a)nyc.mn> 2013-03-11 +// Submitted by Matthew Brown <mattbrown(a)nyc.mn> 2013-03-11 nyc.mn +// One Fold Media : http://www.onefoldmedia.com/ +// Submitted by Eddie Jones <eddie(a)onefoldmedia.com> 2014-06-10 +nid.io + // Opera Software, A.S.A. -// Requested by Yngve Pettersen <yngve(a)opera.com> 2009-11-26 +// Submitted by Yngve Pettersen <yngve(a)opera.com> 2009-11-26 operaunite.com +// OutSystems +// Submitted by Duarte Santos <domain-admin(a)outsystemscloud.com> 2014-03-11 +outsystemscloud.com + // Red Hat, Inc. OpenShift : https://openshift.redhat.com/ -// Requested by Tim Kramer <tkramer(a)rhcloud.com> 2012-10-24 +// Submitted by Tim Kramer <tkramer(a)rhcloud.com> 2012-10-24 rhcloud.com // priv.at : http://www.nic.priv.at/ -// Requested by registry <lendl(a)nic.at> 2008-06-09 +// Submitted by registry <lendl(a)nic.at> 2008-06-09 priv.at // ZaNiC : http://www.za.net/ -// Requested by registry <hostmaster(a)nic.za.net> 2009-10-03 +// Submitted by registry <hostmaster(a)nic.za.net> 2009-10-03 za.net za.org

1 0

[tor-browser/esr24] Bug 999651, bug 995679, bug 1009952, bug 1011007, bug 991981. r=sfink, r=shu, r=jandem, r=jdm, r=luke, r=bbouvier, r=nmatsakis, r=bz, r=ehsan, r=jgilbert, r=smaug, r=sicking, r=terrence, r=bholley, r=bent, r=efaust, r=jorendorff, a=lmandel
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 9aeffb05a552f1beb1ff37adc88df0640ffa8ca3 Author: Jeff Walden <jwalden(a)mit.edu> Date: Mon Jun 2 11:25:43 2014 -0700 Bug 999651, bug 995679, bug 1009952, bug 1011007, bug 991981. r=sfink, r=shu, r=jandem, r=jdm, r=luke, r=bbouvier, r=nmatsakis, r=bz, r=ehsan, r=jgilbert, r=smaug, r=sicking, r=terrence, r=bholley, r=bent, r=efaust, r=jorendorff, a=lmandel --HG-- extra : rebase_source : 2487b6e09f4caf827c3ba5e0283e3d30c74e5d42 --- CLOBBER | 2 +- content/base/src/WebSocket.cpp | 10 +- content/base/src/nsDOMDataChannel.cpp | 10 +- content/base/src/nsDOMParser.cpp | 2 + content/base/src/nsXMLHttpRequest.cpp | 11 +- content/canvas/src/CanvasRenderingContext2D.cpp | 14 +- content/canvas/src/CanvasRenderingContext2D.h | 3 +- content/canvas/src/WebGLContext.h | 15 ++ content/canvas/src/WebGLContextGL.cpp | 43 ++++- content/html/content/public/HTMLAudioElement.h | 1 + content/media/webaudio/AnalyserNode.cpp | 6 + content/media/webaudio/AudioContext.cpp | 17 +- content/media/webaudio/AudioParam.h | 1 + content/media/webaudio/BiquadFilterNode.cpp | 4 + content/media/webaudio/WaveShaperNode.cpp | 2 + dom/bindings/TypedArray.h | 88 +++++++---- dom/encoding/TextDecoder.h | 1 + dom/workers/TextDecoder.h | 1 + js/src/builtin/TestingFunctions.cpp | 50 ++++++ js/src/jit/IonBuilder.cpp | 92 +---------- js/src/jit/MIR.h | 10 +- js/src/js.msg | 4 +- js/src/jsfriendapi.h | 111 +++++++++++++ js/src/jstypedarray.cpp | 190 +++++++++++++++++------ js/src/jstypedarray.h | 16 +- js/src/jstypedarrayinlines.h | 8 + netwerk/base/src/ArrayBufferInputStream.cpp | 11 ++ xpcom/io/nsBinaryStream.cpp | 56 +++++-- 28 files changed, 561 insertions(+), 218 deletions(-) diff --git a/CLOBBER b/CLOBBER index 469d72c..550e8c1 100644 --- a/CLOBBER +++ b/CLOBBER @@ -18,4 +18,4 @@ # Modifying this file will now automatically clobber the buildbot machines \o/ # -Bug 902908 renamed js/src/ion to js/src/jit and required a clobber \ No newline at end of file +Bug 999651 et al. require a clobber for some unknown reason diff --git a/content/base/src/WebSocket.cpp b/content/base/src/WebSocket.cpp index aba7007..2953aa3 100644 --- a/content/base/src/WebSocket.cpp +++ b/content/base/src/WebSocket.cpp @@ -1221,7 +1221,10 @@ WebSocket::Send(ArrayBuffer& aData, { NS_ABORT_IF_FALSE(NS_IsMainThread(), "Not running on main thread"); - MOZ_ASSERT(sizeof(*aData.Data()) == 1); + aData.ComputeLengthAndData(); + + static_assert(sizeof(*aData.Data()) == 1, "byte-sized data required"); + uint32_t len = aData.Length(); char* data = reinterpret_cast<char*>(aData.Data()); @@ -1235,7 +1238,10 @@ WebSocket::Send(ArrayBufferView& aData, { NS_ABORT_IF_FALSE(NS_IsMainThread(), "Not running on main thread"); - MOZ_ASSERT(sizeof(*aData.Data()) == 1); + aData.ComputeLengthAndData(); + + static_assert(sizeof(*aData.Data()) == 1, "byte-sized data required"); + uint32_t len = aData.Length(); char* data = reinterpret_cast<char*>(aData.Data()); diff --git a/content/base/src/nsDOMDataChannel.cpp b/content/base/src/nsDOMDataChannel.cpp index 3e038de..a7f4d93 100644 --- a/content/base/src/nsDOMDataChannel.cpp +++ b/content/base/src/nsDOMDataChannel.cpp @@ -292,7 +292,10 @@ nsDOMDataChannel::Send(ArrayBuffer& aData, ErrorResult& aRv) { NS_ABORT_IF_FALSE(NS_IsMainThread(), "Not running on main thread"); - MOZ_ASSERT(sizeof(*aData.Data()) == 1); + aData.ComputeLengthAndData(); + + static_assert(sizeof(*aData.Data()) == 1, "byte-sized data required"); + uint32_t len = aData.Length(); char* data = reinterpret_cast<char*>(aData.Data()); @@ -305,7 +308,10 @@ nsDOMDataChannel::Send(ArrayBufferView& aData, ErrorResult& aRv) { NS_ABORT_IF_FALSE(NS_IsMainThread(), "Not running on main thread"); - MOZ_ASSERT(sizeof(*aData.Data()) == 1); + aData.ComputeLengthAndData(); + + static_assert(sizeof(*aData.Data()) == 1, "byte-sized data required"); + uint32_t len = aData.Length(); char* data = reinterpret_cast<char*>(aData.Data()); diff --git a/content/base/src/nsDOMParser.cpp b/content/base/src/nsDOMParser.cpp index 0ab06d9..c6bc60d 100644 --- a/content/base/src/nsDOMParser.cpp +++ b/content/base/src/nsDOMParser.cpp @@ -137,6 +137,8 @@ already_AddRefed<nsIDocument> nsDOMParser::ParseFromBuffer(const Uint8Array& aBuf, uint32_t aBufLen, SupportedType aType, ErrorResult& rv) { + aBuf.ComputeLengthAndData(); + if (aBufLen > aBuf.Length()) { rv.Throw(NS_ERROR_XPC_NOT_ENOUGH_ELEMENTS_IN_ARRAY); return nullptr; diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp index 22fe0c8..418edae 100644 --- a/content/base/src/nsXMLHttpRequest.cpp +++ b/content/base/src/nsXMLHttpRequest.cpp @@ -2440,6 +2440,7 @@ GetRequestBody(nsIVariant* aBody, nsIInputStream** aResult, uint64_t* aContentLe JS::Rooted<JSObject*> obj(cx, JSVAL_TO_OBJECT(realVal)); if (JS_IsArrayBufferObject(obj)) { ArrayBuffer buf(obj); + buf.ComputeLengthAndData(); return GetRequestBody(buf.Data(), buf.Length(), aResult, aContentLength, aContentType, aCharset); } @@ -2483,14 +2484,16 @@ nsXMLHttpRequest::GetRequestBody(nsIVariant* aVariant, switch (body.GetType()) { case nsXMLHttpRequest::RequestBody::ArrayBuffer: { - return ::GetRequestBody(value.mArrayBuffer->Data(), - value.mArrayBuffer->Length(), aResult, + const ArrayBuffer* buffer = value.mArrayBuffer; + buffer->ComputeLengthAndData(); + return ::GetRequestBody(buffer->Data(), buffer->Length(), aResult, aContentLength, aContentType, aCharset); } case nsXMLHttpRequest::RequestBody::ArrayBufferView: { - return ::GetRequestBody(value.mArrayBufferView->Data(), - value.mArrayBufferView->Length(), aResult, + const ArrayBufferView* view = value.mArrayBufferView; + view->ComputeLengthAndData(); + return ::GetRequestBody(view->Data(), view->Length(), aResult, aContentLength, aContentType, aCharset); } case nsXMLHttpRequest::RequestBody::Blob: diff --git a/content/canvas/src/CanvasRenderingContext2D.cpp b/content/canvas/src/CanvasRenderingContext2D.cpp index 8c67a87..ea685f1 100644 --- a/content/canvas/src/CanvasRenderingContext2D.cpp +++ b/content/canvas/src/CanvasRenderingContext2D.cpp @@ -3559,7 +3559,7 @@ CanvasRenderingContext2D::PutImageData(ImageData& imageData, double dx, error = PutImageData_explicit(JS_DoubleToInt32(dx), JS_DoubleToInt32(dy), imageData.Width(), imageData.Height(), - arr.Data(), arr.Length(), false, 0, 0, 0, 0); + &arr, false, 0, 0, 0, 0); } void @@ -3573,7 +3573,7 @@ CanvasRenderingContext2D::PutImageData(ImageData& imageData, double dx, error = PutImageData_explicit(JS_DoubleToInt32(dx), JS_DoubleToInt32(dy), imageData.Width(), imageData.Height(), - arr.Data(), arr.Length(), true, + &arr, true, JS_DoubleToInt32(dirtyX), JS_DoubleToInt32(dirtyY), JS_DoubleToInt32(dirtyWidth), @@ -3585,7 +3585,7 @@ CanvasRenderingContext2D::PutImageData(ImageData& imageData, double dx, nsresult CanvasRenderingContext2D::PutImageData_explicit(int32_t x, int32_t y, uint32_t w, uint32_t h, - unsigned char *aData, uint32_t aDataLen, + dom::Uint8ClampedArray* aArray, bool hasDirtyRect, int32_t dirtyX, int32_t dirtyY, int32_t dirtyWidth, int32_t dirtyHeight) { @@ -3638,8 +3638,12 @@ CanvasRenderingContext2D::PutImageData_explicit(int32_t x, int32_t y, uint32_t w return NS_OK; } + aArray->ComputeLengthAndData(); + + uint32_t dataLen = aArray->Length(); + uint32_t len = w * h * 4; - if (aDataLen != len) { + if (dataLen != len) { return NS_ERROR_DOM_SYNTAX_ERR; } @@ -3650,7 +3654,7 @@ CanvasRenderingContext2D::PutImageData_explicit(int32_t x, int32_t y, uint32_t w return NS_ERROR_FAILURE; } - uint8_t *src = aData; + uint8_t *src = aArray->Data(); uint8_t *dst = imgsurf->Data(); for (uint32_t j = 0; j < h; j++) { diff --git a/content/canvas/src/CanvasRenderingContext2D.h b/content/canvas/src/CanvasRenderingContext2D.h index d0f8fa0..0aff60d 100644 --- a/content/canvas/src/CanvasRenderingContext2D.h +++ b/content/canvas/src/CanvasRenderingContext2D.h @@ -21,6 +21,7 @@ #include "mozilla/dom/CanvasGradient.h" #include "mozilla/dom/CanvasRenderingContext2DBinding.h" #include "mozilla/dom/CanvasPattern.h" +#include "mozilla/dom/TypedArray.h" #include "mozilla/gfx/Rect.h" class nsXULElement; @@ -443,7 +444,7 @@ protected: JSObject** aRetval); nsresult PutImageData_explicit(int32_t x, int32_t y, uint32_t w, uint32_t h, - unsigned char *aData, uint32_t aDataLen, + dom::Uint8ClampedArray* aArray, bool hasDirtyRect, int32_t dirtyX, int32_t dirtyY, int32_t dirtyWidth, int32_t dirtyHeight); diff --git a/content/canvas/src/WebGLContext.h b/content/canvas/src/WebGLContext.h index e8e55db..db0c20a 100644 --- a/content/canvas/src/WebGLContext.h +++ b/content/canvas/src/WebGLContext.h @@ -585,6 +585,7 @@ public: WebGLfloat z, WebGLfloat w); void Uniform1iv(WebGLUniformLocation* location, dom::Int32Array& arr) { + arr.ComputeLengthAndData(); Uniform1iv_base(location, arr.Length(), arr.Data()); } void Uniform1iv(WebGLUniformLocation* location, @@ -595,6 +596,7 @@ public: const WebGLint* data); void Uniform2iv(WebGLUniformLocation* location, dom::Int32Array& arr) { + arr.ComputeLengthAndData(); Uniform2iv_base(location, arr.Length(), arr.Data()); } void Uniform2iv(WebGLUniformLocation* location, @@ -605,6 +607,7 @@ public: const WebGLint* data); void Uniform3iv(WebGLUniformLocation* location, dom::Int32Array& arr) { + arr.ComputeLengthAndData(); Uniform3iv_base(location, arr.Length(), arr.Data()); } void Uniform3iv(WebGLUniformLocation* location, @@ -615,6 +618,7 @@ public: const WebGLint* data); void Uniform4iv(WebGLUniformLocation* location, dom::Int32Array& arr) { + arr.ComputeLengthAndData(); Uniform4iv_base(location, arr.Length(), arr.Data()); } void Uniform4iv(WebGLUniformLocation* location, @@ -625,6 +629,7 @@ public: const WebGLint* data); void Uniform1fv(WebGLUniformLocation* location, dom::Float32Array& arr) { + arr.ComputeLengthAndData(); Uniform1fv_base(location, arr.Length(), arr.Data()); } void Uniform1fv(WebGLUniformLocation* location, @@ -635,6 +640,7 @@ public: const WebGLfloat* data); void Uniform2fv(WebGLUniformLocation* location, dom::Float32Array& arr) { + arr.ComputeLengthAndData(); Uniform2fv_base(location, arr.Length(), arr.Data()); } void Uniform2fv(WebGLUniformLocation* location, @@ -645,6 +651,7 @@ public: const WebGLfloat* data); void Uniform3fv(WebGLUniformLocation* location, dom::Float32Array& arr) { + arr.ComputeLengthAndData(); Uniform3fv_base(location, arr.Length(), arr.Data()); } void Uniform3fv(WebGLUniformLocation* location, @@ -655,6 +662,7 @@ public: const WebGLfloat* data); void Uniform4fv(WebGLUniformLocation* location, dom::Float32Array& arr) { + arr.ComputeLengthAndData(); Uniform4fv_base(location, arr.Length(), arr.Data()); } void Uniform4fv(WebGLUniformLocation* location, @@ -667,6 +675,7 @@ public: void UniformMatrix2fv(WebGLUniformLocation* location, WebGLboolean transpose, dom::Float32Array &value) { + value.ComputeLengthAndData(); UniformMatrix2fv_base(location, transpose, value.Length(), value.Data()); } void UniformMatrix2fv(WebGLUniformLocation* location, @@ -682,6 +691,7 @@ public: void UniformMatrix3fv(WebGLUniformLocation* location, WebGLboolean transpose, dom::Float32Array &value) { + value.ComputeLengthAndData(); UniformMatrix3fv_base(location, transpose, value.Length(), value.Data()); } void UniformMatrix3fv(WebGLUniformLocation* location, @@ -697,6 +707,7 @@ public: void UniformMatrix4fv(WebGLUniformLocation* location, WebGLboolean transpose, dom::Float32Array &value) { + value.ComputeLengthAndData(); UniformMatrix4fv_base(location, transpose, value.Length(), value.Data()); } void UniformMatrix4fv(WebGLUniformLocation* location, @@ -731,6 +742,7 @@ public: WebGLfloat x2, WebGLfloat x3); void VertexAttrib1fv(WebGLuint idx, dom::Float32Array &arr) { + arr.ComputeLengthAndData(); VertexAttrib1fv_base(idx, arr.Length(), arr.Data()); } void VertexAttrib1fv(WebGLuint idx, const dom::Sequence<WebGLfloat>& arr) { @@ -740,6 +752,7 @@ public: const WebGLfloat* ptr); void VertexAttrib2fv(WebGLuint idx, dom::Float32Array &arr) { + arr.ComputeLengthAndData(); VertexAttrib2fv_base(idx, arr.Length(), arr.Data()); } void VertexAttrib2fv(WebGLuint idx, const dom::Sequence<WebGLfloat>& arr) { @@ -749,6 +762,7 @@ public: const WebGLfloat* ptr); void VertexAttrib3fv(WebGLuint idx, dom::Float32Array &arr) { + arr.ComputeLengthAndData(); VertexAttrib3fv_base(idx, arr.Length(), arr.Data()); } void VertexAttrib3fv(WebGLuint idx, const dom::Sequence<WebGLfloat>& arr) { @@ -758,6 +772,7 @@ public: const WebGLfloat* ptr); void VertexAttrib4fv(WebGLuint idx, dom::Float32Array &arr) { + arr.ComputeLengthAndData(); VertexAttrib4fv_base(idx, arr.Length(), arr.Data()); } void VertexAttrib4fv(WebGLuint idx, const dom::Sequence<WebGLfloat>& arr) { diff --git a/content/canvas/src/WebGLContextGL.cpp b/content/canvas/src/WebGLContextGL.cpp index 6b4c77b..c1f943f 100644 --- a/content/canvas/src/WebGLContextGL.cpp +++ b/content/canvas/src/WebGLContextGL.cpp @@ -431,6 +431,8 @@ WebGLContext::BufferData(WebGLenum target, ArrayBuffer *data, WebGLenum usage) MakeContextCurrent(); InvalidateCachedMinInUseAttribArrayLength(); + data->ComputeLengthAndData(); + GLenum error = CheckedBufferData(target, data->Length(), data->Data(), usage); if (error) { @@ -469,6 +471,8 @@ WebGLContext::BufferData(WebGLenum target, ArrayBufferView& data, WebGLenum usag InvalidateCachedMinInUseAttribArrayLength(); MakeContextCurrent(); + data.ComputeLengthAndData(); + GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage); if (error) { GenerateWarning("bufferData generated error %s", ErrorName(error)); @@ -509,6 +513,8 @@ WebGLContext::BufferSubData(GLenum target, WebGLsizeiptr byteOffset, if (!boundBuffer) return ErrorInvalidOperation("bufferData: no buffer bound!"); + data->ComputeLengthAndData(); + CheckedUint32 checked_neededByteLength = CheckedUint32(byteOffset) + data->Length(); if (!checked_neededByteLength.isValid()) return ErrorInvalidValue("bufferSubData: integer overflow computing the needed byte length"); @@ -547,6 +553,8 @@ WebGLContext::BufferSubData(WebGLenum target, WebGLsizeiptr byteOffset, if (!boundBuffer) return ErrorInvalidOperation("bufferSubData: no buffer bound!"); + data.ComputeLengthAndData(); + CheckedUint32 checked_neededByteLength = CheckedUint32(byteOffset) + data.Length(); if (!checked_neededByteLength.isValid()) return ErrorInvalidValue("bufferSubData: integer overflow computing the needed byte length"); @@ -3382,7 +3390,11 @@ WebGLContext::ReadPixels(WebGLint x, WebGLint y, WebGLsizei width, if (!checked_neededByteLength.isValid()) return ErrorInvalidOperation("readPixels: integer overflow computing the needed buffer size"); - uint32_t dataByteLen = JS_GetTypedArrayByteLength(pixels->Obj()); + // Compute length and data. Don't reenter after this point, lest the + // precomputed go out of sync with the instant length/data. + pixels->ComputeLengthAndData(); + + uint32_t dataByteLen = pixels->Length(); if (checked_neededByteLength.value() > dataByteLen) return ErrorInvalidOperation("readPixels: buffer too small"); @@ -4584,6 +4596,8 @@ WebGLContext::CompressedTexImage2D(WebGLenum target, WebGLint level, WebGLenum i return; } + view.ComputeLengthAndData(); + uint32_t byteLength = view.Length(); if (!ValidateCompressedTextureSize(target, level, internalformat, width, height, byteLength, "compressedTexImage2D")) { return; @@ -4633,6 +4647,8 @@ WebGLContext::CompressedTexSubImage2D(WebGLenum target, WebGLint level, WebGLint return; } + view.ComputeLengthAndData(); + uint32_t byteLength = view.Length(); if (!ValidateCompressedTextureSize(target, level, format, width, height, byteLength, "compressedTexSubImage2D")) { return; @@ -5135,10 +5151,23 @@ WebGLContext::TexImage2D(WebGLenum target, WebGLint level, if (!IsContextStable()) return; + void* data; + uint32_t length; + int jsArrayType; + if (!pixels) { + data = nullptr; + length = 0; + jsArrayType = -1; + } else { + pixels->ComputeLengthAndData(); + + data = pixels->Data(); + length = pixels->Length(); + jsArrayType = int(JS_GetArrayBufferViewType(pixels->Obj())); + } + return TexImage2D_base(target, level, internalformat, width, height, 0, border, format, type, - pixels ? pixels->Data() : 0, - pixels ? pixels->Length() : 0, - pixels ? (int)JS_GetArrayBufferViewType(pixels->Obj()) : -1, + data, length, jsArrayType, WebGLTexelConversions::Auto, false); } @@ -5156,6 +5185,8 @@ WebGLContext::TexImage2D(WebGLenum target, WebGLint level, } Uint8ClampedArray arr(pixels->GetDataObject()); + arr.ComputeLengthAndData(); + return TexImage2D_base(target, level, internalformat, pixels->Width(), pixels->Height(), 4*pixels->Width(), 0, format, type, arr.Data(), arr.Length(), -1, @@ -5289,6 +5320,8 @@ WebGLContext::TexSubImage2D(WebGLenum target, WebGLint level, if (!pixels) return ErrorInvalidValue("texSubImage2D: pixels must not be null!"); + pixels->ComputeLengthAndData(); + return TexSubImage2D_base(target, level, xoffset, yoffset, width, height, 0, format, type, pixels->Data(), pixels->Length(), @@ -5309,6 +5342,8 @@ WebGLContext::TexSubImage2D(WebGLenum target, WebGLint level, return ErrorInvalidValue("texSubImage2D: pixels must not be null!"); Uint8ClampedArray arr(pixels->GetDataObject()); + arr.ComputeLengthAndData(); + return TexSubImage2D_base(target, level, xoffset, yoffset, pixels->Width(), pixels->Height(), 4*pixels->Width(), format, type, diff --git a/content/html/content/public/HTMLAudioElement.h b/content/html/content/public/HTMLAudioElement.h index 49fcd23..3c19e84 100644 --- a/content/html/content/public/HTMLAudioElement.h +++ b/content/html/content/public/HTMLAudioElement.h @@ -63,6 +63,7 @@ public: uint32_t MozWriteAudio(const Float32Array& aData, ErrorResult& aRv) { + aData.ComputeLengthAndData(); return MozWriteAudio(aData.Data(), aData.Length(), aRv); } uint32_t MozWriteAudio(const Sequence<float>& aData, ErrorResult& aRv) diff --git a/content/media/webaudio/AnalyserNode.cpp b/content/media/webaudio/AnalyserNode.cpp index d5fbe9c..613852d 100644 --- a/content/media/webaudio/AnalyserNode.cpp +++ b/content/media/webaudio/AnalyserNode.cpp @@ -150,6 +150,8 @@ AnalyserNode::GetFloatFrequencyData(Float32Array& aArray) return; } + aArray.ComputeLengthAndData(); + float* buffer = aArray.Data(); uint32_t length = std::min(aArray.Length(), mOutputBuffer.Length()); @@ -168,6 +170,8 @@ AnalyserNode::GetByteFrequencyData(Uint8Array& aArray) const double rangeScaleFactor = 1.0 / (mMaxDecibels - mMinDecibels); + aArray.ComputeLengthAndData(); + unsigned char* buffer = aArray.Data(); uint32_t length = std::min(aArray.Length(), mOutputBuffer.Length()); @@ -183,6 +187,8 @@ AnalyserNode::GetByteFrequencyData(Uint8Array& aArray) void AnalyserNode::GetByteTimeDomainData(Uint8Array& aArray) { + aArray.ComputeLengthAndData(); + unsigned char* buffer = aArray.Data(); uint32_t length = std::min(aArray.Length(), mBuffer.Length()); diff --git a/content/media/webaudio/AudioContext.cpp b/content/media/webaudio/AudioContext.cpp index 1bf78ef..3ef2ff4 100644 --- a/content/media/webaudio/AudioContext.cpp +++ b/content/media/webaudio/AudioContext.cpp @@ -169,18 +169,20 @@ AudioContext::CreateBuffer(JSContext* aJSContext, ArrayBuffer& aBuffer, return nullptr; } + aBuffer.ComputeLengthAndData(); + + uint32_t len = aBuffer.Length(); + uint8_t* data = aBuffer.Data(); + // Sniff the content of the media. // Failed type sniffing will be handled by SyncDecodeMedia. nsAutoCString contentType; - NS_SniffContent(NS_DATA_SNIFFER_CATEGORY, nullptr, - aBuffer.Data(), aBuffer.Length(), - contentType); + NS_SniffContent(NS_DATA_SNIFFER_CATEGORY, nullptr, data, len, contentType); nsRefPtr<WebAudioDecodeJob> job = new WebAudioDecodeJob(contentType, this, aBuffer); - if (mDecoder.SyncDecodeMedia(contentType.get(), - aBuffer.Data(), aBuffer.Length(), *job) && + if (mDecoder.SyncDecodeMedia(contentType.get(), data, len, *job) && job->mOutput) { nsRefPtr<AudioBuffer> buffer = job->mOutput.forget(); if (aMixToMono) { @@ -342,6 +344,9 @@ AudioContext::CreatePeriodicWave(const Float32Array& aRealData, const Float32Array& aImagData, ErrorResult& aRv) { + aRealData.ComputeLengthAndData(); + aImagData.ComputeLengthAndData(); + if (aRealData.Length() != aImagData.Length() || aRealData.Length() == 0 || aRealData.Length() > 4096) { @@ -369,6 +374,8 @@ AudioContext::DecodeAudioData(const ArrayBuffer& aBuffer, DecodeSuccessCallback& aSuccessCallback, const Optional<OwningNonNull<DecodeErrorCallback> >& aFailureCallback) { + aBuffer.ComputeLengthAndData(); + // Sniff the content of the media. // Failed type sniffing will be handled by AsyncDecodeMedia. nsAutoCString contentType; diff --git a/content/media/webaudio/AudioParam.h b/content/media/webaudio/AudioParam.h index e735b59..e6d95b0 100644 --- a/content/media/webaudio/AudioParam.h +++ b/content/media/webaudio/AudioParam.h @@ -57,6 +57,7 @@ public: aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); return; } + aValues.ComputeLengthAndData(); AudioParamTimeline::SetValueCurveAtTime(aValues.Data(), aValues.Length(), aStartTime, aDuration, aRv); mCallback(mNode); diff --git a/content/media/webaudio/BiquadFilterNode.cpp b/content/media/webaudio/BiquadFilterNode.cpp index fe45106..fa4f1d1 100644 --- a/content/media/webaudio/BiquadFilterNode.cpp +++ b/content/media/webaudio/BiquadFilterNode.cpp @@ -247,6 +247,10 @@ BiquadFilterNode::GetFrequencyResponse(const Float32Array& aFrequencyHz, Float32Array& aMagResponse, Float32Array& aPhaseResponse) { + aFrequencyHz.ComputeLengthAndData(); + aMagResponse.ComputeLengthAndData(); + aPhaseResponse.ComputeLengthAndData(); + uint32_t length = std::min(std::min(aFrequencyHz.Length(), aMagResponse.Length()), aPhaseResponse.Length()); if (!length) { diff --git a/content/media/webaudio/WaveShaperNode.cpp b/content/media/webaudio/WaveShaperNode.cpp index 22df163..fa39637 100644 --- a/content/media/webaudio/WaveShaperNode.cpp +++ b/content/media/webaudio/WaveShaperNode.cpp @@ -125,6 +125,8 @@ WaveShaperNode::SetCurve(const Float32Array* aCurve) if (aCurve) { mCurve = aCurve->Obj(); + aCurve->ComputeLengthAndData(); + curve.SetLength(aCurve->Length()); PodCopy(curve.Elements(), aCurve->Data(), aCurve->Length()); } else { diff --git a/dom/bindings/TypedArray.h b/dom/bindings/TypedArray.h index 6531f2f..c7c2bbd 100644 --- a/dom/bindings/TypedArray.h +++ b/dom/bindings/TypedArray.h @@ -20,30 +20,43 @@ namespace dom { * or array buffer object. */ template<typename T, - JSObject* UnboxArray(JSObject*, uint32_t*, T**)> + JSObject* UnwrapArray(JSObject*), + void GetLengthAndData(JSObject*, uint32_t*, T**)> struct TypedArray_base { TypedArray_base(JSObject* obj) + : mObj(obj), + mData(NULL), + mLength(0), + mComputed(false) { - mObj = UnboxArray(obj, &mLength, &mData); + MOZ_ASSERT(obj != NULL); } private: - T* mData; - uint32_t mLength; JSObject* mObj; + mutable T* mData; + mutable uint32_t mLength; + mutable bool mComputed; public: + inline bool Init(JSObject* obj) + { + MOZ_ASSERT(!inited()); + DoInit(obj); + return inited(); + } + inline bool inited() const { return !!mObj; } inline T *Data() const { - MOZ_ASSERT(inited()); + MOZ_ASSERT(mComputed); return mData; } inline uint32_t Length() const { - MOZ_ASSERT(inited()); + MOZ_ASSERT(mComputed); return mLength; } @@ -51,16 +64,31 @@ public: MOZ_ASSERT(inited()); return mObj; } + + inline void ComputeLengthAndData() const + { + MOZ_ASSERT(inited()); + MOZ_ASSERT(!mComputed); + GetLengthAndData(mObj, &mLength, &mData); + mComputed = true; + } + +protected: + inline void DoInit(JSObject* obj) + { + mObj = UnwrapArray(obj); + } }; template<typename T, + JSObject* UnwrapArray(JSObject*), T* GetData(JSObject*), - JSObject* UnboxArray(JSObject*, uint32_t*, T**), + void GetLengthAndData(JSObject*, uint32_t*, T**), JSObject* CreateNew(JSContext*, uint32_t)> -struct TypedArray : public TypedArray_base<T,UnboxArray> { +struct TypedArray : public TypedArray_base<T, UnwrapArray, GetLengthAndData> { TypedArray(JSObject* obj) : - TypedArray_base<T,UnboxArray>(obj) + TypedArray_base<T, UnwrapArray, GetLengthAndData>(obj) {} static inline JSObject* @@ -83,37 +111,37 @@ struct TypedArray : public TypedArray_base<T,UnboxArray> { } }; -typedef TypedArray<int8_t, JS_GetInt8ArrayData, JS_GetObjectAsInt8Array, - JS_NewInt8Array> +typedef TypedArray<int8_t, js::UnwrapInt8Array, JS_GetInt8ArrayData, + js::GetInt8ArrayLengthAndData, JS_NewInt8Array> Int8Array; -typedef TypedArray<uint8_t, JS_GetUint8ArrayData, - JS_GetObjectAsUint8Array, JS_NewUint8Array> +typedef TypedArray<uint8_t, js::UnwrapUint8Array, JS_GetUint8ArrayData, + js::GetUint8ArrayLengthAndData, JS_NewUint8Array> Uint8Array; -typedef TypedArray<uint8_t, JS_GetUint8ClampedArrayData, - JS_GetObjectAsUint8ClampedArray, JS_NewUint8ClampedArray> +typedef TypedArray<uint8_t, js::UnwrapUint8ClampedArray, JS_GetUint8ClampedArrayData, + js::GetUint8ClampedArrayLengthAndData, JS_NewUint8ClampedArray> Uint8ClampedArray; -typedef TypedArray<int16_t, JS_GetInt16ArrayData, - JS_GetObjectAsInt16Array, JS_NewInt16Array> +typedef TypedArray<int16_t, js::UnwrapInt16Array, JS_GetInt16ArrayData, + js::GetInt16ArrayLengthAndData, JS_NewInt16Array> Int16Array; -typedef TypedArray<uint16_t, JS_GetUint16ArrayData, - JS_GetObjectAsUint16Array, JS_NewUint16Array> +typedef TypedArray<uint16_t, js::UnwrapUint16Array, JS_GetUint16ArrayData, + js::GetUint16ArrayLengthAndData, JS_NewUint16Array> Uint16Array; -typedef TypedArray<int32_t, JS_GetInt32ArrayData, - JS_GetObjectAsInt32Array, JS_NewInt32Array> +typedef TypedArray<int32_t, js::UnwrapInt32Array, JS_GetInt32ArrayData, + js::GetInt32ArrayLengthAndData, JS_NewInt32Array> Int32Array; -typedef TypedArray<uint32_t, JS_GetUint32ArrayData, - JS_GetObjectAsUint32Array, JS_NewUint32Array> +typedef TypedArray<uint32_t, js::UnwrapUint32Array, JS_GetUint32ArrayData, + js::GetUint32ArrayLengthAndData, JS_NewUint32Array> Uint32Array; -typedef TypedArray<float, JS_GetFloat32ArrayData, - JS_GetObjectAsFloat32Array, JS_NewFloat32Array> +typedef TypedArray<float, js::UnwrapFloat32Array, JS_GetFloat32ArrayData, + js::GetFloat32ArrayLengthAndData, JS_NewFloat32Array> Float32Array; -typedef TypedArray<double, JS_GetFloat64ArrayData, - JS_GetObjectAsFloat64Array, JS_NewFloat64Array> +typedef TypedArray<double, js::UnwrapFloat64Array, JS_GetFloat64ArrayData, + js::GetFloat64ArrayLengthAndData, JS_NewFloat64Array> Float64Array; -typedef TypedArray_base<uint8_t, JS_GetObjectAsArrayBufferView> +typedef TypedArray_base<uint8_t, js::UnwrapArrayBufferView, js::GetArrayBufferViewLengthAndData> ArrayBufferView; -typedef TypedArray<uint8_t, JS_GetArrayBufferData, - JS_GetObjectAsArrayBuffer, JS_NewArrayBuffer> +typedef TypedArray<uint8_t, js::UnwrapArrayBuffer, JS_GetArrayBufferData, + js::GetArrayBufferLengthAndData, JS_NewArrayBuffer> ArrayBuffer; } // namespace dom diff --git a/dom/encoding/TextDecoder.h b/dom/encoding/TextDecoder.h index d309209..3db00a4 100644 --- a/dom/encoding/TextDecoder.h +++ b/dom/encoding/TextDecoder.h @@ -66,6 +66,7 @@ public: const TextDecodeOptions& aOptions, nsAString& aOutDecodedString, ErrorResult& aRv) { + aView.ComputeLengthAndData(); TextDecoderBase::Decode(reinterpret_cast<char*>(aView.Data()), aView.Length(), aOptions.mStream, aOutDecodedString, aRv); diff --git a/dom/workers/TextDecoder.h b/dom/workers/TextDecoder.h index 6c88a70..205afc5 100644 --- a/dom/workers/TextDecoder.h +++ b/dom/workers/TextDecoder.h @@ -49,6 +49,7 @@ public: const TextDecodeOptionsWorkers& aOptions, nsAString& aOutDecodedString, ErrorResult& aRv) { + aView.ComputeLengthAndData(); TextDecoderBase::Decode(reinterpret_cast<char*>(aView.Data()), aView.Length(), aOptions.mStream, aOutDecodedString, aRv); diff --git a/js/src/builtin/TestingFunctions.cpp b/js/src/builtin/TestingFunctions.cpp index 24cb2d7..ce6d633 100644 --- a/js/src/builtin/TestingFunctions.cpp +++ b/js/src/builtin/TestingFunctions.cpp @@ -999,6 +999,49 @@ js::IsAsmJSFunction(JSContext *cx, unsigned argc, Value *vp) } #endif +static JSBool +Neuter(JSContext *cx, unsigned argc, jsval *vp) +{ + CallArgs args = CallArgsFromVp(argc, vp); + + if (args.length() != 2) { + JS_ReportError(cx, "wrong number of arguments to neuter()"); + return false; + } + + RootedObject obj(cx); + if (!JS_ValueToObject(cx, args[0], obj.address())) + return false; + + if (!obj) { + JS_ReportError(cx, "neuter must be passed an object"); + return false; + } + + NeuterDataDisposition changeData; + RootedValue v(cx, args[1]); + RootedString str(cx, ToString<CanGC>(cx, v)); + if (!str) + return false; + JSAutoByteString dataDisposition(cx, str); + if (!dataDisposition) + return false; + if (strcmp(dataDisposition.ptr(), "same-data") == 0) { + changeData = KeepData; + } else if (strcmp(dataDisposition.ptr(), "change-data") == 0) { + changeData = ChangeData; + } else { + JS_ReportError(cx, "unknown parameter 2 to neuter()"); + return false; + } + + if (!js::NeuterArrayBuffer(cx, obj, changeData)) + return false; + + args.rval().setUndefined(); + return true; +} + static JSFunctionSpecWithHelp TestingFunctions[] = { JS_FN_HELP("gc", ::GC, 0, 0, "gc([obj] | 'compartment')", @@ -1177,6 +1220,13 @@ static JSFunctionSpecWithHelp TestingFunctions[] = { "getObjectMetadata(obj)", " Get the metadata for an object."), + JS_FN_HELP("neuter", Neuter, 1, 0, +"neuter(buffer, \"change-data\"|\"same-data\")", +" Neuter the given ArrayBuffer object as if it had been transferred to a\n" +" WebWorker. \"change-data\" will update the internal data pointer.\n" +" \"same-data\" will leave it set to its original value, to mimic eg\n" +" asm.js ArrayBuffer neutering."), + JS_FS_HELP_END }; diff --git a/js/src/jit/IonBuilder.cpp b/js/src/jit/IonBuilder.cpp index a0c70f5..2ceaf71 100644 --- a/js/src/jit/IonBuilder.cpp +++ b/js/src/jit/IonBuilder.cpp @@ -6446,29 +6446,12 @@ IonBuilder::jsop_getelem_dense() MInstruction * IonBuilder::getTypedArrayLength(MDefinition *obj) { - if (obj->isConstant() && obj->toConstant()->value().isObject()) { - JSObject *array = &obj->toConstant()->value().toObject(); - int32_t length = (int32_t) TypedArray::length(array); - obj->setFoldedUnchecked(); - return MConstant::New(Int32Value(length)); - } return MTypedArrayLength::New(obj); } MInstruction * IonBuilder::getTypedArrayElements(MDefinition *obj) { - if (obj->isConstant() && obj->toConstant()->value().isObject()) { - JSObject *array = &obj->toConstant()->value().toObject(); - void *data = TypedArray::viewData(array); - - // The 'data' pointer can change in rare circumstances - // (ArrayBufferObject::changeContents). - types::HeapTypeSet::WatchObjectStateChange(cx, array->getType(cx)); - - obj->setFoldedUnchecked(); - return MConstantElements::New(data); - } return MTypedArrayElements::New(obj); } @@ -6504,49 +6487,6 @@ IonBuilder::jsop_getelem_typed_static(bool *psucceeded) if (!LIRGenerator::allowStaticTypedArrayAccesses()) return true; - MDefinition *id = current->peek(-1); - MDefinition *obj = current->peek(-2); - - if (ElementAccessHasExtraIndexedProperty(cx, obj)) - return true; - - if (!obj->resultTypeSet()) - return true; - JSObject *typedArray = obj->resultTypeSet()->getSingleton(); - if (!typedArray) - return true; - JS_ASSERT(typedArray->isTypedArray()); - - ArrayBufferView::ViewType viewType = JS_GetArrayBufferViewType(typedArray); - - MDefinition *ptr = convertShiftToMaskForStaticTypedArray(id, viewType); - if (!ptr) - return true; - - obj->setFoldedUnchecked(); - - MLoadTypedArrayElementStatic *load = MLoadTypedArrayElementStatic::New(typedArray, ptr); - current->add(load); - - // The load is infallible if an undefined result will be coerced to the - // appropriate numeric type if the read is out of bounds. The truncation - // analysis picks up some of these cases, but is incomplete with respect - // to others. For now, sniff the bytecode for simple patterns following - // the load which guarantee a truncation or numeric conversion. - if (viewType == ArrayBufferView::TYPE_FLOAT32 || viewType == ArrayBufferView::TYPE_FLOAT64) { - jsbytecode *next = pc + JSOP_GETELEM_LENGTH; - if (*next == JSOP_POS) - load->setInfallible(); - } else { - jsbytecode *next = pc + JSOP_GETELEM_LENGTH; - if (*next == JSOP_ZERO && *(next + JSOP_ZERO_LENGTH) == JSOP_BITOR) - load->setInfallible(); - } - - current->popn(2); - current->push(load); - - *psucceeded = true; return true; } @@ -6854,37 +6794,7 @@ IonBuilder::jsop_setelem_typed_static(MDefinition *obj, MDefinition *id, MDefini if (!LIRGenerator::allowStaticTypedArrayAccesses()) return true; - if (ElementAccessHasExtraIndexedProperty(cx, obj)) - return true; - - if (!obj->resultTypeSet()) - return true; - JSObject *typedArray = obj->resultTypeSet()->getSingleton(); - if (!typedArray) - return true; - JS_ASSERT(typedArray->isTypedArray()); - - ArrayBufferView::ViewType viewType = JS_GetArrayBufferViewType(typedArray); - - MDefinition *ptr = convertShiftToMaskForStaticTypedArray(id, viewType); - if (!ptr) - return true; - - obj->setFoldedUnchecked(); - - // Clamp value to [0, 255] for Uint8ClampedArray. - MDefinition *toWrite = value; - if (viewType == ArrayBufferView::TYPE_UINT8_CLAMPED) { - toWrite = MClampToUint8::New(value); - current->add(toWrite->toInstruction()); - } - - MInstruction *store = MStoreTypedArrayElementStatic::New(typedArray, ptr, toWrite); - current->add(store); - current->push(value); - - *psucceeded = true; - return resumeAfter(store); + return true; } bool diff --git a/js/src/jit/MIR.h b/js/src/jit/MIR.h index 96ba2d4..02ba6d7 100644 --- a/js/src/jit/MIR.h +++ b/js/src/jit/MIR.h @@ -211,14 +211,16 @@ class AliasSet { FixedSlot = 1 << 3, // A member of obj->fixedSlots(). TypedArrayElement = 1 << 4, // A typed array element. DOMProperty = 1 << 5, // A DOM property - Last = DOMProperty, + TypedArrayLength = 1 << 6, // A typed array's length + Last = TypedArrayLength, Any = Last | (Last - 1), - NumCategories = 6, + NumCategories = 7, // Indicates load or store. Store_ = 1 << 31 }; + AliasSet(uint32_t flags) : flags_(flags) { @@ -4340,9 +4342,7 @@ class MTypedArrayLength return congruentIfOperandsEqual(ins); } AliasSet getAliasSet() const { - // The typed array |length| property is immutable, so there is no - // implicit dependency. - return AliasSet::None(); + return AliasSet::Load(AliasSet::TypedArrayLength); } }; diff --git a/js/src/js.msg b/js/src/js.msg index 4047035..05807e0 100644 --- a/js/src/js.msg +++ b/js/src/js.msg @@ -241,11 +241,11 @@ MSG_DEF(JSMSG_UNUSED187, 187, 0, JSEXN_NONE, "") MSG_DEF(JSMSG_INCOMPATIBLE_METHOD, 188, 3, JSEXN_TYPEERR, "{0} {1} called on incompatible {2}") MSG_DEF(JSMSG_UNUSED189, 189, 0, JSEXN_NONE, "") MSG_DEF(JSMSG_UNUSED190, 190, 0, JSEXN_NONE, "") -MSG_DEF(JSMSG_UNUSED191, 191, 0, JSEXN_NONE, "") +MSG_DEF(JSMSG_BAD_INDEX, 191, 0, JSEXN_RANGEERR, "invalid or out-of-range index") MSG_DEF(JSMSG_UNUSED192, 192, 0, JSEXN_NONE, "") MSG_DEF(JSMSG_BAD_FOR_EACH_LOOP, 193, 0, JSEXN_SYNTAXERR, "invalid for each loop") MSG_DEF(JSMSG_UNUSED194, 194, 0, JSEXN_NONE, "") -MSG_DEF(JSMSG_UNUSED195, 195, 0, JSEXN_NONE, "") +MSG_DEF(JSMSG_TYPE_ERR_BAD_ARGS, 195, 0, JSEXN_TYPEERR, "invalid arguments") MSG_DEF(JSMSG_UNUSED196, 196, 0, JSEXN_NONE, "") MSG_DEF(JSMSG_INTERNAL_INTL_ERROR, 197, 0, JSEXN_ERR, "internal error while computing Intl data") MSG_DEF(JSMSG_DEFAULT_LOCALE_ERROR, 198, 0, JSEXN_ERR, "internal error getting the default locale") diff --git a/js/src/jsfriendapi.h b/js/src/jsfriendapi.h index d9840b1..da447a5 100644 --- a/js/src/jsfriendapi.h +++ b/js/src/jsfriendapi.h @@ -7,6 +7,8 @@ #ifndef jsfriendapi_h #define jsfriendapi_h +#include "mozilla/Casting.h" + #include "jsclass.h" #include "jspubtd.h" #include "jsprvtd.h" @@ -1289,6 +1291,93 @@ extern JS_FRIEND_API(JSBool) JS_IsFloat64Array(JSObject *obj); /* + * Test for specific typed array types (ArrayBufferView subtypes) and return + * the unwrapped object if so, else nullptr. Never throws. + */ + +namespace js { + +extern JS_FRIEND_API(JSObject *) +UnwrapInt8Array(JSObject *obj); +extern JS_FRIEND_API(JSObject *) +UnwrapUint8Array(JSObject *obj); +extern JS_FRIEND_API(JSObject *) +UnwrapUint8ClampedArray(JSObject *obj); +extern JS_FRIEND_API(JSObject *) +UnwrapInt16Array(JSObject *obj); +extern JS_FRIEND_API(JSObject *) +UnwrapUint16Array(JSObject *obj); +extern JS_FRIEND_API(JSObject *) +UnwrapInt32Array(JSObject *obj); +extern JS_FRIEND_API(JSObject *) +UnwrapUint32Array(JSObject *obj); +extern JS_FRIEND_API(JSObject *) +UnwrapFloat32Array(JSObject *obj); +extern JS_FRIEND_API(JSObject *) +UnwrapFloat64Array(JSObject *obj); + +extern JS_FRIEND_API(JSObject *) +UnwrapArrayBuffer(JSObject *obj); + +extern JS_FRIEND_API(JSObject *) +UnwrapArrayBufferView(JSObject *obj); + +namespace detail { + +extern JS_FRIEND_DATA(const Class* const) Int8ArrayClassPtr; +extern JS_FRIEND_DATA(const Class* const) Uint8ArrayClassPtr; +extern JS_FRIEND_DATA(const Class* const) Uint8ClampedArrayClassPtr; +extern JS_FRIEND_DATA(const Class* const) Int16ArrayClassPtr; +extern JS_FRIEND_DATA(const Class* const) Uint16ArrayClassPtr; +extern JS_FRIEND_DATA(const Class* const) Int32ArrayClassPtr; +extern JS_FRIEND_DATA(const Class* const) Uint32ArrayClassPtr; +extern JS_FRIEND_DATA(const Class* const) Float32ArrayClassPtr; +extern JS_FRIEND_DATA(const Class* const) Float64ArrayClassPtr; + +const size_t TypedArrayLengthSlot = 5; + +} // namespace detail + +/* + * Test for specific typed array types (ArrayBufferView subtypes) and return + * the unwrapped object if so, else nullptr. Never throws. + */ + +#define JS_DEFINE_DATA_AND_LENGTH_ACCESSOR(Type, type) \ +inline void \ +Get ## Type ## ArrayLengthAndData(JSObject *obj, uint32_t *length, type **data) \ +{ \ + JS_ASSERT(GetObjectClass(obj) == detail::Type ## ArrayClassPtr); \ + const JS::Value &slot = GetReservedSlot(obj, detail::TypedArrayLengthSlot); \ + *length = mozilla::SafeCast<uint32_t>(slot.toInt32()); \ + *data = static_cast<type*>(GetObjectPrivate(obj)); \ +} + +JS_DEFINE_DATA_AND_LENGTH_ACCESSOR(Int8, int8_t) +JS_DEFINE_DATA_AND_LENGTH_ACCESSOR(Uint8, uint8_t) +JS_DEFINE_DATA_AND_LENGTH_ACCESSOR(Uint8Clamped, uint8_t) +JS_DEFINE_DATA_AND_LENGTH_ACCESSOR(Int16, int16_t) +JS_DEFINE_DATA_AND_LENGTH_ACCESSOR(Uint16, uint16_t) +JS_DEFINE_DATA_AND_LENGTH_ACCESSOR(Int32, int32_t) +JS_DEFINE_DATA_AND_LENGTH_ACCESSOR(Uint32, uint32_t) +JS_DEFINE_DATA_AND_LENGTH_ACCESSOR(Float32, float) +JS_DEFINE_DATA_AND_LENGTH_ACCESSOR(Float64, double) + +#undef JS_DEFINE_DATA_AND_LENGTH_ACCESSOR + +// This one isn't inlined because it's rather tricky (by dint of having to deal +// with a dozen-plus classes and varying slot layouts. +extern JS_FRIEND_API(void) +GetArrayBufferViewLengthAndData(JSObject *obj, uint32_t *length, uint8_t **data); + +// This one isn't inlined because there are a bunch of different ArrayBuffer +// classes that would have to be individually handled here. +extern JS_FRIEND_API(void) +GetArrayBufferLengthAndData(JSObject *obj, uint32_t *length, uint8_t **data); + +} // namespace js + +/* * Unwrap Typed arrays all at once. Return NULL without throwing if the object * cannot be viewed as the correct typed array, or the typed array object on * success, filling both outparameters. @@ -1446,6 +1535,28 @@ JS_GetArrayBufferViewData(JSObject *obj); extern JS_FRIEND_API(JSObject *) JS_GetArrayBufferViewBuffer(JSObject *obj); +typedef enum { + ChangeData, + KeepData +} NeuterDataDisposition; + +namespace js { + +/* + * Set an ArrayBuffer's length to 0 and neuter all of its views. + * + * The |changeData| argument is a hint to inform internal behavior with respect + * to the internal pointer to the ArrayBuffer's data after being neutered. + * There is no guarantee it will be respected. But if it is respected, the + * ArrayBuffer's internal data pointer will, or will not, have changed + * accordingly. + */ +extern JS_FRIEND_API(bool) +NeuterArrayBuffer(JSContext *cx, JS::HandleObject obj, + NeuterDataDisposition changeData); + +} /* namespace js */ + /* * Check whether obj supports JS_GetDataView* APIs. */ diff --git a/js/src/jstypedarray.cpp b/js/src/jstypedarray.cpp index 9d02d06..a78edd4 100644 --- a/js/src/jstypedarray.cpp +++ b/js/src/jstypedarray.cpp @@ -577,9 +577,12 @@ JSObject * ArrayBufferObject::createSlice(JSContext *cx, ArrayBufferObject &arrayBuffer, uint32_t begin, uint32_t end) { - JS_ASSERT(begin <= arrayBuffer.byteLength()); - JS_ASSERT(end <= arrayBuffer.byteLength()); - JS_ASSERT(begin <= end); + uint32_t bufLength = arrayBuffer.byteLength(); + if (begin > bufLength || end > bufLength || begin > end) { + JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_TYPE_ERR_BAD_ARGS); + return NULL; + } + uint32_t length = end - begin; if (arrayBuffer.hasData()) @@ -620,8 +623,8 @@ ArrayBufferObject::createDataViewForThis(JSContext *cx, unsigned argc, Value *vp } bool -ArrayBufferObject::stealContents(JSContext *cx, JSObject *obj, void **contents, - uint8_t **data) +ArrayBufferObject::stealContents(JSContext *cx, JSObject *obj, NeuterDataDisposition changeData, + void **contents, uint8_t **data) { MOZ_ASSERT(cx); @@ -635,7 +638,7 @@ ArrayBufferObject::stealContents(JSContext *cx, JSObject *obj, void **contents, // If the ArrayBuffer's elements are transferrable, transfer ownership // directly. Otherwise we have to copy the data into new elements. - bool stolen = buffer.hasStealableContents(); + bool stolen = buffer.hasStealableContents() && changeData == ChangeData; if (stolen) { newHeader = AllocateArrayBufferContents(cx, byteLen, NULL); if (!newHeader) @@ -1190,13 +1193,15 @@ js::IsDataView(JSObject* obj) } void -TypedArray::neuter(JSObject *tarray) +TypedArray::neuter(JSObject *view) { - JS_ASSERT(tarray->isTypedArray()); - tarray->setSlot(LENGTH_SLOT, Int32Value(0)); - tarray->setSlot(BYTELENGTH_SLOT, Int32Value(0)); - tarray->setSlot(BYTEOFFSET_SLOT, Int32Value(0)); - tarray->setPrivate(NULL); + if (view->isTypedArray()) + view->setSlot(LENGTH_SLOT, Int32Value(0)); + else + MOZ_ASSERT(view->hasClass(&DataViewObject::class_)); + view->setSlot(BYTELENGTH_SLOT, Int32Value(0)); + view->setSlot(BYTEOFFSET_SLOT, Int32Value(0)); + view->setPrivate(NULL); } JSBool @@ -2023,20 +2028,26 @@ class TypedArrayTemplate uint32_t srcEnd; uint32_t dest; - uint32_t length = TypedArray::length(tarray); - if (!ToClampedIndex(cx, args[0], length, &srcBegin) || - !ToClampedIndex(cx, args[1], length, &srcEnd) || - !ToClampedIndex(cx, args[2], length, &dest) || + uint32_t originalLength = TypedArray::length(tarray); + if (!ToClampedIndex(cx, args[0], originalLength, &srcBegin) || + !ToClampedIndex(cx, args[1], originalLength, &srcEnd) || + !ToClampedIndex(cx, args[2], originalLength, &dest) || srcBegin > srcEnd) { - JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_TYPED_ARRAY_BAD_ARGS); return false; } + if (srcBegin > srcEnd) { + JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_BAD_INDEX); + return false; + } + + uint32_t lengthDuringMove = TypedArray::length(tarray); // beware ToClampedIndex uint32_t nelts = srcEnd - srcBegin; - JS_ASSERT(dest + nelts >= dest); - if (dest + nelts > length) { + MOZ_ASSERT(dest <= INT32_MAX, "size limited to 2**31"); + MOZ_ASSERT(nelts <= INT32_MAX, "size limited to 2**31"); + if (dest + nelts > lengthDuringMove || srcEnd > lengthDuringMove) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_TYPED_ARRAY_BAD_ARGS); return false; } @@ -2114,8 +2125,7 @@ class TypedArrayTemplate if (!GetLengthProperty(cx, arg0, &len)) return false; - // avoid overflow; we know that offset <= length - if (len > length(tarray) - offset) { + if (uint32_t(offset) > length(tarray) || len > length(tarray) - offset) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_BAD_ARRAY_LENGTH); return false; } @@ -2268,7 +2278,8 @@ class TypedArrayTemplate static const NativeType getIndex(JSObject *obj, uint32_t index) { - return *(static_cast<const NativeType*>(viewData(obj)) + index); + MOZ_ASSERT(index < length(obj)); + return static_cast<const NativeType*>(viewData(obj))[index]; } static void @@ -2284,13 +2295,14 @@ class TypedArrayTemplate { JS_ASSERT(tarray); - JS_ASSERT(begin <= length(tarray)); - JS_ASSERT(end <= length(tarray)); + if (begin > length(tarray) || end > length(tarray) || begin > end) { + JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_BAD_INDEX); + return NULL; + } RootedObject bufobj(cx, buffer(tarray)); JS_ASSERT(bufobj); - JS_ASSERT(begin <= end); uint32_t length = end - begin; JS_ASSERT(begin < UINT32_MAX / sizeof(NativeType)); @@ -2505,53 +2517,54 @@ class TypedArrayTemplate return false; js_memcpy(srcbuf, viewData(tarray), byteLength); + uint32_t len = length(tarray); switch (type(tarray)) { case TypedArray::TYPE_INT8: { int8_t *src = (int8_t*) srcbuf; - for (unsigned i = 0; i < length(tarray); ++i) + for (unsigned i = 0; i < len; ++i) *dest++ = NativeType(*src++); break; } case TypedArray::TYPE_UINT8: case TypedArray::TYPE_UINT8_CLAMPED: { uint8_t *src = (uint8_t*) srcbuf; - for (unsigned i = 0; i < length(tarray); ++i) + for (unsigned i = 0; i < len; ++i) *dest++ = NativeType(*src++); break; } case TypedArray::TYPE_INT16: { int16_t *src = (int16_t*) srcbuf; - for (unsigned i = 0; i < length(tarray); ++i) + for (unsigned i = 0; i < len; ++i) *dest++ = NativeType(*src++); break; } case TypedArray::TYPE_UINT16: { uint16_t *src = (uint16_t*) srcbuf; - for (unsigned i = 0; i < length(tarray); ++i) + for (unsigned i = 0; i < len; ++i) *dest++ = NativeType(*src++); break; } case TypedArray::TYPE_INT32: { int32_t *src = (int32_t*) srcbuf; - for (unsigned i = 0; i < length(tarray); ++i) + for (unsigned i = 0; i < len; ++i) *dest++ = NativeType(*src++); break; } case TypedArray::TYPE_UINT32: { uint32_t *src = (uint32_t*) srcbuf; - for (unsigned i = 0; i < length(tarray); ++i) + for (unsigned i = 0; i < len; ++i) *dest++ = NativeType(*src++); break; } case TypedArray::TYPE_FLOAT32: { float *src = (float*) srcbuf; - for (unsigned i = 0; i < length(tarray); ++i) + for (unsigned i = 0; i < len; ++i) *dest++ = NativeType(*src++); break; } case TypedArray::TYPE_FLOAT64: { double *src = (double*) srcbuf; - for (unsigned i = 0; i < length(tarray); ++i) + for (unsigned i = 0; i < len; ++i) *dest++ = NativeType(*src++); break; } @@ -2822,21 +2835,17 @@ DataViewObject::class_constructor(JSContext *cx, unsigned argc, Value *vp) return construct(cx, bufobj, args, NullPtr()); } -/* static */ bool -DataViewObject::getDataPointer(JSContext *cx, Handle<DataViewObject*> obj, - CallArgs args, size_t typeSize, uint8_t **data) +template <typename NativeType> +/* static */ uint8_t * +DataViewObject::getDataPointer(JSContext *cx, Handle<DataViewObject*> obj, uint32_t offset) { - uint32_t offset; - JS_ASSERT(args.length() > 0); - if (!ToUint32(cx, args[0], &offset)) - return false; - if (offset > UINT32_MAX - typeSize || offset + typeSize > obj->byteLength()) { + const size_t TypeSize = sizeof(NativeType); + if (offset > UINT32_MAX - TypeSize || offset + TypeSize > obj->byteLength()) { JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_ARG_INDEX_OUT_OF_RANGE, "1"); - return false; + return NULL; } - *data = static_cast<uint8_t*>(obj->dataPointer()) + offset; - return true; + return static_cast<uint8_t*>(obj->dataPointer()) + offset; } static inline bool @@ -2924,11 +2933,17 @@ DataViewObject::read(JSContext *cx, Handle<DataViewObject*> obj, return false; } - uint8_t *data; - if (!getDataPointer(cx, obj, args, sizeof(NativeType), &data)) + uint32_t offset; + if (!ToUint32(cx, args[0], &offset)) return false; bool fromLittleEndian = args.length() >= 2 && ToBoolean(args[1]); + + uint8_t *data = DataViewObject::getDataPointer<NativeType>(cx, obj, offset); + SkipRoot skipData(cx, &data); + if (!data) + return false; + DataViewIO<NativeType>::fromBuffer(val, data, needToSwapBytes(fromLittleEndian)); return true; } @@ -2976,9 +2991,8 @@ DataViewObject::write(JSContext *cx, Handle<DataViewObject*> obj, return false; } - uint8_t *data; - SkipRoot skipData(cx, &data); - if (!getDataPointer(cx, obj, args, sizeof(NativeType), &data)) + uint32_t offset; + if (!ToUint32(cx, args[0], &offset)) return false; NativeType value; @@ -2986,6 +3000,12 @@ DataViewObject::write(JSContext *cx, Handle<DataViewObject*> obj, return false; bool toLittleEndian = args.length() >= 3 && ToBoolean(args[2]); + + uint8_t *data = DataViewObject::getDataPointer<NativeType>(cx, obj, offset); + SkipRoot skipData(cx, &data); + if (!data) + return false; + DataViewIO<NativeType>::toBuffer(data, &value, needToSwapBytes(toLittleEndian)); return true; } @@ -3449,7 +3469,19 @@ const JSFunctionSpec _typedArray::jsfuncs[] = { \ return false; \ Class *clasp = obj->getClass(); \ return (clasp == &TypedArray::classes[TypedArrayTemplate<NativeType>::ArrayTypeID()]); \ - } + } \ + JS_FRIEND_API(JSObject *) js::Unwrap ## Name ## Array(JSObject *obj) \ + { \ + obj = CheckedUnwrap(obj); \ + if (!obj) \ + return NULL; \ + const Class *clasp = obj->getClass(); \ + if (clasp == &TypedArray::classes[TypedArrayTemplate<NativeType>::ArrayTypeID()]) \ + return obj; \ + return NULL; \ + } \ + JS_FRIEND_DATA(const js::Class* const) js::detail::Name ## ArrayClassPtr = \ + &js::TypedArray::classes[TypedArrayTemplate<NativeType>::ArrayTypeID()]; IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Int8, int8_t) IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Uint8, uint8_t) @@ -3918,6 +3950,14 @@ JS_IsArrayBufferObject(JSObject *obj) return obj ? obj->is<ArrayBufferObject>() : false; } +JS_FRIEND_API(JSObject *) +js::UnwrapArrayBuffer(JSObject *obj) +{ + if (JSObject *unwrapped = CheckedUnwrap(obj)) + return unwrapped->is<ArrayBufferObject>() ? unwrapped : NULL; + return NULL; +} + JS_FRIEND_API(JSBool) JS_IsTypedArrayObject(JSObject *obj) { @@ -3932,6 +3972,16 @@ JS_IsArrayBufferViewObject(JSObject *obj) return obj ? (obj->isTypedArray() || obj->is<DataViewObject>()) : false; } +JS_FRIEND_API(JSObject *) +js::UnwrapArrayBufferView(JSObject *obj) +{ + if (JSObject *unwrapped = CheckedUnwrap(obj)) { + if (unwrapped->isTypedArray() || unwrapped->is<DataViewObject>()) + return unwrapped; + } + return NULL; +} + JS_FRIEND_API(uint32_t) JS_GetArrayBufferByteLength(JSObject *obj) { @@ -3951,6 +4001,24 @@ JS_GetArrayBufferData(JSObject *obj) return buffer.dataPointer(); } +JS_FRIEND_API(bool) +js::NeuterArrayBuffer(JSContext *cx, HandleObject obj, + NeuterDataDisposition changeData) +{ + if (!obj->is<ArrayBufferObject>()) { + JS_ReportError(cx, "ArrayBuffer object required"); + return false; + } + + void *contents; + uint8_t *data; + if (!ArrayBufferObject::stealContents(cx, obj, changeData, &contents, &data)) + return false; + + JS_free(cx, contents); + return true; +} + JS_FRIEND_API(JSObject *) JS_NewArrayBuffer(JSContext *cx, uint32_t nbytes) { @@ -4010,7 +4078,7 @@ JS_StealArrayBufferContents(JSContext *cx, JSObject *obj, void **contents, return false; } - if (!ArrayBufferObject::stealContents(cx, obj, contents, data)) + if (!ArrayBufferObject::stealContents(cx, obj, ChangeData, contents, data)) return false; return true; @@ -4229,6 +4297,18 @@ JS_GetArrayBufferViewByteLength(JSObject *obj) : TypedArray::byteLengthValue(obj).toInt32(); } +JS_FRIEND_API(void) +js::GetArrayBufferViewLengthAndData(JSObject *obj, uint32_t *length, uint8_t **data) +{ + MOZ_ASSERT(obj->is<DataViewObject>() || obj->isTypedArray()); + + *length = obj->is<DataViewObject>() + ? obj->as<DataViewObject>().byteLength() + : TypedArray::byteLength(obj); + + *data = static_cast<uint8_t*>(obj->getPrivate()); +} + JS_FRIEND_API(JSObject *) JS_GetObjectAsArrayBufferView(JSObject *obj, uint32_t *length, uint8_t **data) { @@ -4259,3 +4339,11 @@ JS_GetObjectAsArrayBuffer(JSObject *obj, uint32_t *length, uint8_t **data) return obj; } + +JS_FRIEND_API(void) +js::GetArrayBufferLengthAndData(JSObject *obj, uint32_t *length, uint8_t **data) +{ + MOZ_ASSERT(obj->is<ArrayBufferObject>()); + *length = obj->as<ArrayBufferObject>().byteLength(); + *data = obj->as<ArrayBufferObject>().dataPointer(); +} diff --git a/js/src/jstypedarray.h b/js/src/jstypedarray.h index 4751d53..07d7f80 100644 --- a/js/src/jstypedarray.h +++ b/js/src/jstypedarray.h @@ -9,6 +9,7 @@ #include "jsapi.h" #include "jsclass.h" +#include "jsfriendapi.h" #include "jsobj.h" #include "gc/Barrier.h" @@ -155,8 +156,8 @@ class ArrayBufferObject : public JSObject return !isNeutered(); } - static bool stealContents(JSContext *cx, JSObject *obj, void **contents, - uint8_t **data); + static bool stealContents(JSContext *cx, JSObject *obj, NeuterDataDisposition changeData, + void **contents, uint8_t **data); static inline void setElementsHeader(js::ObjectElements *header, uint32_t bytes); static inline uint32_t getElementsHeaderInitializedLength(const js::ObjectElements *header); @@ -308,7 +309,7 @@ struct TypedArray : public BufferView { public: static bool isArrayIndex(JSObject *obj, jsid id, uint32_t *ip = NULL); - static void neuter(JSObject *tarray); + static void neuter(JSObject *view); static inline uint32_t slotWidth(int atype); static inline int slotWidth(JSObject *obj); @@ -323,6 +324,9 @@ struct TypedArray : public BufferView { static int dataOffset(); }; +MOZ_STATIC_ASSERT(js::detail::TypedArrayLengthSlot == TypedArray::LENGTH_SLOT, + "bad inlined constant in jsfriendapi.h"); + inline bool IsTypedArrayClass(const Class *clasp) { @@ -376,6 +380,10 @@ private: static inline bool is(const Value &v); + template <typename NativeType> + static uint8_t * + getDataPointer(JSContext *cx, Handle<DataViewObject*> obj, uint32_t offset); + template<Value ValueGetter(DataViewObject &view)> static bool getterImpl(JSContext *cx, CallArgs args); @@ -459,8 +467,6 @@ private: inline void *dataPointer(); inline bool hasBuffer() const; static JSObject *initClass(JSContext *cx); - static bool getDataPointer(JSContext *cx, Handle<DataViewObject*> obj, - CallArgs args, size_t typeSize, uint8_t **data); template<typename NativeType> static bool read(JSContext *cx, Handle<DataViewObject*> obj, CallArgs &args, NativeType *val, const char *method); diff --git a/js/src/jstypedarrayinlines.h b/js/src/jstypedarrayinlines.h index f26e9cc..6c8bf75 100644 --- a/js/src/jstypedarrayinlines.h +++ b/js/src/jstypedarrayinlines.h @@ -129,6 +129,7 @@ inline void * TypedArray::viewData(JSObject *obj) { JS_ASSERT(obj->isTypedArray()); + // Keep synced with js::Get<Type>ArrayLengthAndData in jsfriendapi.h! return (void *)obj->getPrivate(DATA_SLOT); } @@ -222,6 +223,13 @@ DataViewObject::create(JSContext *cx, uint32_t byteOffset, uint32_t byteLength, RootedObject proto(cx, protoArg); RootedObject obj(cx); + // This is overflow-safe: 2 * INT32_MAX is still a valid uint32_t. + if (byteOffset + byteLength > arrayBuffer->byteLength()) { + JS_ReportErrorNumber(cx, js_GetErrorMessage, nullptr, JSMSG_ARG_INDEX_OUT_OF_RANGE, "1"); + return nullptr; + + } + NewObjectKind newKind = DataViewNewObjectKind(cx, byteLength, proto); obj = NewBuiltinClassInstance(cx, &class_, newKind); if (!obj) diff --git a/netwerk/base/src/ArrayBufferInputStream.cpp b/netwerk/base/src/ArrayBufferInputStream.cpp index 0daa1c5..16322d9 100644 --- a/netwerk/base/src/ArrayBufferInputStream.cpp +++ b/netwerk/base/src/ArrayBufferInputStream.cpp @@ -88,6 +88,17 @@ ArrayBufferInputStream::ReadSegments(nsWriteSegmentFun writer, void *closure, } uint32_t remaining = mBufferLength - mPos; + if (!mArrayBuffer.isUndefined()) { + JSObject* buf = &mArrayBuffer.toObject(); + uint32_t byteLength = JS_GetArrayBufferByteLength(buf); + if (byteLength == 0 && remaining != 0) { + mClosed = true; + return NS_BASE_STREAM_CLOSED; + } + } else { + MOZ_ASSERT(remaining == 0, "stream inited incorrectly"); + } + if (!remaining) { *result = 0; return NS_OK; diff --git a/xpcom/io/nsBinaryStream.cpp b/xpcom/io/nsBinaryStream.cpp index 8c2cc23..24b6ab3 100644 --- a/xpcom/io/nsBinaryStream.cpp +++ b/xpcom/io/nsBinaryStream.cpp @@ -17,8 +17,15 @@ * @See nsIBinaryInputStream * @See nsIBinaryOutputStream */ +#include <algorithm> #include <string.h> + #include "nsBinaryStream.h" + +#include "mozilla/Endian.h" +#include "mozilla/PodOperations.h" +#include "mozilla/Scoped.h" + #include "nsCRT.h" #include "prlong.h" #include "nsString.h" @@ -26,11 +33,13 @@ #include "nsIClassInfo.h" #include "nsComponentManagerUtils.h" #include "nsIURI.h" // for NS_IURI_IID -#include "mozilla/Endian.h" #include "jsapi.h" #include "jsfriendapi.h" +using mozilla::PodCopy; +using mozilla::ScopedDeleteArray; + NS_IMPL_ISUPPORTS3(nsBinaryOutputStream, nsIObjectOutputStream, nsIBinaryOutputStream, nsIOutputStream) NS_IMETHODIMP @@ -720,22 +729,49 @@ nsBinaryInputStream::ReadArrayBuffer(uint32_t aLength, const JS::Value& aBuffer, return NS_ERROR_FAILURE; } JS::RootedObject buffer(cx, &aBuffer.toObject()); - if (!JS_IsArrayBufferObject(buffer) || - JS_GetArrayBufferByteLength(buffer) < aLength) { + if (!JS_IsArrayBufferObject(buffer)) { return NS_ERROR_FAILURE; } - uint8_t* data = JS_GetArrayBufferData(&aBuffer.toObject()); - if (!data) { + + uint32_t bufferLength = JS_GetArrayBufferByteLength(buffer); + if (bufferLength < aLength) { return NS_ERROR_FAILURE; } - uint32_t bytesRead; - nsresult rv = Read(reinterpret_cast<char*>(data), aLength, &bytesRead); - NS_ENSURE_SUCCESS(rv, rv); - if (bytesRead != aLength) { + char* data = reinterpret_cast<char*>(JS_GetArrayBufferData(buffer)); + if (!data) { return NS_ERROR_FAILURE; } - return NS_OK; + + uint32_t bufSize = std::min<uint32_t>(aLength, 4096); + ScopedDeleteArray<char> buf(new char[bufSize]); + + uint32_t remaining = aLength; + do { + // Read data into temporary buffer. + uint32_t bytesRead; + uint32_t amount = std::min(remaining, bufSize); + nsresult rv = Read(buf, amount, &bytesRead); + if (NS_FAILED(rv)) { + return rv; + } + MOZ_ASSERT(bytesRead <= amount); + + if (bytesRead == 0) { + break; + } + + // Copy data into actual buffer. + if (bufferLength != JS_GetArrayBufferByteLength(buffer)) { + return NS_ERROR_FAILURE; + } + PodCopy(data, buf.get(), bytesRead); + + remaining -= bytesRead; + data += bytesRead; + } while (remaining > 0); + + return remaining > 0 ? NS_ERROR_FAILURE : NS_OK; } NS_IMETHODIMP

1 0

[tor-browser/esr24] Automated checkin: version bump for firefox 24.8.0esr release. DONTBUILD CLOSED TREE a=release
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 2d7ff8e2c2a5444b7c2bfd27aadd57f52cfb1315 Author: ffxbld <none@none> Date: Mon Aug 25 08:18:46 2014 -0400 Automated checkin: version bump for firefox 24.8.0esr release. DONTBUILD CLOSED TREE a=release --- browser/config/version.txt | 2 +- config/milestone.txt | 2 +- js/src/config/milestone.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/browser/config/version.txt b/browser/config/version.txt index 98b82b8..e237e78 100644 --- a/browser/config/version.txt +++ b/browser/config/version.txt @@ -1 +1 @@ -24.7.0esrpre +24.8.0esrpre diff --git a/config/milestone.txt b/config/milestone.txt index 20c6f99..a9c67eb 100644 --- a/config/milestone.txt +++ b/config/milestone.txt @@ -10,4 +10,4 @@ # hardcoded milestones in the tree from these two files. #-------------------------------------------------------- -24.7.0 +24.8.0esrpre diff --git a/js/src/config/milestone.txt b/js/src/config/milestone.txt index 20c6f99..a9c67eb 100644 --- a/js/src/config/milestone.txt +++ b/js/src/config/milestone.txt @@ -10,4 +10,4 @@ # hardcoded milestones in the tree from these two files. #-------------------------------------------------------- -24.7.0 +24.8.0esrpre

1 0

[tor-browser/esr24] Automated checkin: version bump for thunderbird 24.8.0 release. DONTBUILD CLOSED TREE a=release
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit e651de644886949450fbbbd895480685b0c924b1 Author: tbirdbld <none@none> Date: Wed Aug 27 14:35:31 2014 -0400 Automated checkin: version bump for thunderbird 24.8.0 release. DONTBUILD CLOSED TREE a=release --- config/milestone.txt | 2 +- js/src/config/milestone.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/milestone.txt b/config/milestone.txt index a9c67eb..6ca6791 100644 --- a/config/milestone.txt +++ b/config/milestone.txt @@ -10,4 +10,4 @@ # hardcoded milestones in the tree from these two files. #-------------------------------------------------------- -24.8.0esrpre +24.8.0 diff --git a/js/src/config/milestone.txt b/js/src/config/milestone.txt index a9c67eb..6ca6791 100644 --- a/js/src/config/milestone.txt +++ b/js/src/config/milestone.txt @@ -10,4 +10,4 @@ # hardcoded milestones in the tree from these two files. #-------------------------------------------------------- -24.8.0esrpre +24.8.0

1 0

[tor-browser/esr24] No bug, Automated blocklist update from host bld-linux64-spot-135 - a=blocklist-update
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit adf3e103cd0e755216398683bec6be66a7fe9029 Author: ffxbld <none@none> Date: Sat Aug 23 03:14:00 2014 -0700 No bug, Automated blocklist update from host bld-linux64-spot-135 - a=blocklist-update --- browser/app/blocklist.xml | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/browser/app/blocklist.xml b/browser/app/blocklist.xml index e2eeda0..f0ea80c 100644 --- a/browser/app/blocklist.xml +++ b/browser/app/blocklist.xml @@ -1,5 +1,5 @@ <?xml version="1.0"?> -<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1407886026000"> +<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1408662916000"> <emItems> <emItem blockID="i454" id="sqlmoz(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> @@ -228,6 +228,12 @@ <prefs> </prefs> </emItem> + <emItem blockID="i698" id="{6b2a75c8-6e2e-4267-b955-43e25b54e575}"> + <versionRange minVersion="0" maxVersion="*" severity="1"> + </versionRange> + <prefs> + </prefs> + </emItem> <emItem blockID="i498" id="hoverst(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> @@ -1074,8 +1080,8 @@ <prefs> </prefs> </emItem> - <emItem blockID="i474" id="{906000a4-88d9-4d52-b209-7a772970d91f}"> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <emItem blockID="i700" id="2bbadf1f-a5af-499f-9642-9942fcdb7c76(a)f05a14cc-8842-4eee-be17-744677a917ed.com"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> <prefs> </prefs> @@ -1184,8 +1190,8 @@ <prefs> </prefs> </emItem> - <emItem blockID="i83" id="flash(a)adobee.com"> - <versionRange minVersion="0" maxVersion="*"> + <emItem blockID="i694" id="59D317DB041748fdB89B47E6F96058F3@jetpack"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> <prefs> </prefs> @@ -1305,6 +1311,12 @@ <prefs> </prefs> </emItem> + <emItem blockID="i83" id="flash(a)adobee.com"> + <versionRange minVersion="0" maxVersion="*"> + </versionRange> + <prefs> + </prefs> + </emItem> <emItem blockID="i566" id="{77BEC163-D389-42c1-91A4-C758846296A5}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> @@ -1634,6 +1646,14 @@ <prefs> </prefs> </emItem> + <emItem blockID="i696" id="/^({fa95f577-07cb-4470-ac90-e843f5f83c52}|ffxtlbr(a)speedial\.com)$/"> + <versionRange minVersion="0" maxVersion="*" severity="1"> + </versionRange> + <prefs> + <pref>browser.startup.homepage</pref> + <pref>browser.search.defaultenginename</pref> + </prefs> + </emItem> <emItem blockID="i544" id="/^(93abedcf-8e3a-4d02-b761-d1441e437c09@243f129d-aee2-42c2-bcd1-48858e1c22fd\.com|9acfc440-ac2d-417a-a64c-f6f14653b712@09f9a966-9258-4b12-af32-da29bdcc28c5\.com|58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd\.com)$/"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> @@ -1672,6 +1692,12 @@ <prefs> </prefs> </emItem> + <emItem blockID="i474" id="{906000a4-88d9-4d52-b209-7a772970d91f}"> + <versionRange minVersion="0" maxVersion="*" severity="3"> + </versionRange> + <prefs> + </prefs> + </emItem> <emItem blockID="i496" id="{ACAA314B-EEBA-48e4-AD47-84E31C44796C}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange>

1 0

[tor-browser/esr24] No bug, Automated HSTS preload list update from host bld-linux64-spot-135 - a=hsts-update
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit c0507450a166ac7b8f2fb529e9eeb91c132fe15c Author: ffxbld <none@none> Date: Sat Aug 23 03:13:58 2014 -0700 No bug, Automated HSTS preload list update from host bld-linux64-spot-135 - a=hsts-update --- security/manager/boot/src/nsSTSPreloadList.errors | 10 +++++++ security/manager/boot/src/nsSTSPreloadList.inc | 30 +++++++++++++++++---- 2 files changed, 35 insertions(+), 5 deletions(-) diff --git a/security/manager/boot/src/nsSTSPreloadList.errors b/security/manager/boot/src/nsSTSPreloadList.errors index 01e8365..39ae673 100644 --- a/security/manager/boot/src/nsSTSPreloadList.errors +++ b/security/manager/boot/src/nsSTSPreloadList.errors @@ -1,6 +1,8 @@ +accelerated.de: did not receive HSTS header admin.google.com: did not receive HSTS header adsfund.org: could not connect to host airbnb.com: did not receive HSTS header +ansdell.net: did not receive HSTS header api.lookout.com: could not connect to host api.mega.co.nz: could not connect to host api.recurly.com: did not receive HSTS header @@ -13,10 +15,12 @@ bassh.net: did not receive HSTS header bccx.com: could not connect to host betnet.fr: could not connect to host bigshinylock.minazo.net: could not connect to host +blog.lookout.com: did not receive HSTS header braintreegateway.com: did not receive HSTS header braintreepayments.com: did not receive HSTS header browserid.org: did not receive HSTS header business.medbank.com.mt: did not receive HSTS header +ca.gparent.org: could not connect to host carlolly.co.uk: did not receive HSTS header cert.se: max-age too low: 2628001 checkout.google.com: did not receive HSTS header @@ -52,6 +56,7 @@ gmail.com: did not receive HSTS header googlemail.com: did not receive HSTS header googleplex.com: could not connect to host goto.google.com: did not receive HSTS header +gparent.org: could not connect to host greplin.com: did not receive HSTS header groups.google.com: did not receive HSTS header hackerone-user-content.com: could not connect to host @@ -72,6 +77,10 @@ ledgerscope.net: did not receive HSTS header liberty.lavabit.com: could not connect to host lifeguard.aecom.com: did not receive HSTS header lists.mayfirst.org: did not receive HSTS header +loenshotel.de: could not connect to host +login.corp.google.com: max-age too low: 7776000 +logotype.se: did not receive HSTS header +m.gparent.org: could not connect to host mail.google.com: did not receive HSTS header market.android.com: did not receive HSTS header mobilethreat.net: could not connect to host @@ -123,6 +132,7 @@ sunshinepress.org: could not connect to host surfeasy.com: did not receive HSTS header talk.google.com: did not receive HSTS header talkgadget.google.com: did not receive HSTS header +tektoria.de: did not receive HSTS header translate.googleapis.com: did not receive HSTS header uprotect.it: could not connect to host wallet.google.com: did not receive HSTS header diff --git a/security/manager/boot/src/nsSTSPreloadList.inc b/security/manager/boot/src/nsSTSPreloadList.inc index 7dfc5f6..5d3a4c7 100644 --- a/security/manager/boot/src/nsSTSPreloadList.inc +++ b/security/manager/boot/src/nsSTSPreloadList.inc @@ -8,7 +8,7 @@ /*****************************************************************************/ #include "mozilla/StandardInteger.h" -const PRTime gPreloadListExpirationTime = INT64_C(1419070103890000); +const PRTime gPreloadListExpirationTime = INT64_C(1419674876234000); class nsSTSPreload { @@ -18,7 +18,6 @@ class nsSTSPreload }; static const nsSTSPreload kSTSPreloadList[] = { - { "accelerated.de", true }, { "accounts.firefox.com", true }, { "accounts.google.com", true }, { "aclu.org", false }, @@ -38,6 +37,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "apn-einstellungen.de", true }, { "app.manilla.com", true }, { "app.recurly.com", false }, + { "app.simpletax.ca", false }, { "app.yinxiang.com", false }, { "archlinux.de", true }, { "arivo.com.br", true }, @@ -65,14 +65,17 @@ static const nsSTSPreload kSTSPreloadList[] = { { "blacklane.com", true }, { "blocksatz-medien.de", true }, { "blog.cyveillance.com", true }, + { "blog.gparent.org", false }, { "blog.linode.com", false }, - { "blog.lookout.com", false }, { "blog.torproject.org", false }, { "bohramt.de", true }, { "boxcryptor.com", true }, + { "brunosouza.org", true }, { "buddhistische-weisheiten.org", true }, + { "bugzil.la", true }, { "bugzilla.mozilla.org", true }, { "business.lookout.com", false }, + { "bytepark.de", true }, { "calyxinstitute.org", false }, { "carezone.com", false }, { "cartouche24.eu", true }, @@ -101,6 +104,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "cybershambles.com", true }, { "cybozu.com", true }, { "cyphertite.com", true }, + { "daphne.informatik.uni-freiburg.de", true }, { "data-abundance.com", true }, { "data.qld.gov.au", false }, { "datenkeks.de", true }, @@ -127,6 +131,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "entropia.de", false }, { "errors.zenpayroll.com", false }, { "espra.com", true }, + { "ethitter.com", true }, { "eurotramp.com", true }, { "explodie.org", true }, { "f-droid.org", true }, @@ -136,6 +141,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "feedbin.com", false }, { "ferienhaus-polchow-ruegen.de", true }, { "fiken.no", true }, + { "firemail.io", true }, { "fischer-its.com", true }, { "fj.simple.com", false }, { "flynn.io", true }, @@ -151,6 +157,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "giacomopelagatti.it", true }, { "globalcs.co.uk", true }, { "globuli-info.de", true }, + { "gmantra.org", true }, { "go.xero.com", false }, { "gocardless.com", true }, { "grc.com", false }, @@ -166,6 +173,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "hausverbrauch.de", true }, { "heha.co", true }, { "helichat.de", true }, + { "help.simpletax.ca", false }, { "helpium.de", true }, { "hex2013.com", true }, { "hoerbuecher-und-hoerspiele.de", true }, @@ -224,14 +232,16 @@ static const nsSTSPreload kSTSPreloadList[] = { { "login.persona.org", true }, { "login.sapo.pt", true }, { "login.xero.com", false }, - { "logotype.se", true }, { "lolicore.ch", true }, { "lookout.com", false }, + { "ludwig.im", true }, { "lumi.do", false }, { "luneta.nearbuysystems.com", false }, + { "mach-politik.ch", true }, { "mail.de", true }, { "mailbox.org", false }, { "makeyourlaws.org", true }, + { "malnex.de", true }, { "manage.zenpayroll.com", false }, { "manageprojects.com", true }, { "manager.linode.com", false }, @@ -258,6 +268,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "mudcrab.us", true }, { "munich-rage.de", true }, { "musicgamegalaxy.de", true }, + { "mutantmonkey.sexy", true }, { "mwe.st", true }, { "my.onlime.ch", false }, { "my.xero.com", false }, @@ -267,6 +278,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "neilwynne.com", false }, { "netzbit.de", true }, { "netzpolitik.org", true }, + { "ng-security.com", true }, { "npw.net", true }, { "onedrive.com", true }, { "onedrive.live.com", false }, @@ -278,6 +290,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "p.linode.com", false }, { "packagist.org", false }, { "pajonzeck.de", true }, + { "palava.tv", true }, { "passport.yandex.by", false }, { "passport.yandex.com", false }, { "passport.yandex.com.tr", false }, @@ -310,6 +323,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "rad-route.de", true }, { "raiseyourflag.com", true }, { "redports.org", true }, + { "reedloden.com", true }, { "reserve-online.net", true }, { "reviews.anime.my", true }, { "riccy.org", true }, @@ -321,21 +335,25 @@ static const nsSTSPreload kSTSPreloadList[] = { { "romab.com", true }, { "rosenkeller.org", true }, { "roundcube.mayfirst.org", false }, + { "rws-vertriebsportal.de", true }, { "sakaki.anime.my", true }, { "salaervergleich.com", true }, { "sandbox.mydigipass.com", false }, { "schokokeks.org", false }, { "schwarzer.it", true }, { "scrambl.is", true }, + { "sdsl-speedtest.de", true }, { "securityheaders.com", true }, { "secuvera.de", true }, { "seifried.org", true }, + { "servethecity-karlsruhe.de", true }, { "sherbers.de", true }, { "shodan.io", true }, { "siammedia.co", true }, { "silentcircle.com", true }, { "simbolo.co.uk", false }, { "simple.com", false }, + { "simpletax.ca", false }, { "simplystudio.com", true }, { "skydrive.live.com", false }, { "sprueche-zum-valentinstag.de", true }, @@ -356,7 +374,6 @@ static const nsSTSPreload kSTSPreloadList[] = { { "surkatty.org", true }, { "tageau.com", true }, { "tatort-fanpage.de", true }, - { "tektoria.de", true }, { "tent.io", true }, { "texte-zur-taufe.de", true }, { "thepaymentscompany.com", true }, @@ -385,6 +402,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "tonex.nl", true }, { "torproject.org", false }, { "trauertexte.info", true }, + { "tunebitfm.de", true }, { "twitter.com", false }, { "ub3rk1tten.com", true }, { "ubertt.org", true }, @@ -404,6 +422,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "webmail.gigahost.dk", false }, { "webmail.onlime.ch", false }, { "webmail.schokokeks.org", false }, + { "websenat.de", true }, { "welches-kinderfahrrad.de", true }, { "wepay.com", false }, { "wf-bigsky-master.appspot.com", true }, @@ -464,5 +483,6 @@ static const nsSTSPreload kSTSPreloadList[] = { { "y-o-w.com", true }, { "z.ai", true }, { "zenpayroll.com", false }, + { "zeropush.com", true }, { "zotero.org", true }, };

1 0

[tor-browser/esr24] Bug 1054359 - Add is-object check to IonBuilder::makeCallHelper. r=efaust, a=abillings
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 7ea61dd2364ac3ce359b8cb64b8945a51be49875 Author: Jan de Mooij <jdemooij(a)mozilla.com> Date: Mon Aug 18 12:03:55 2014 +0200 Bug 1054359 - Add is-object check to IonBuilder::makeCallHelper. r=efaust, a=abillings --- js/src/jit/IonBuilder.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/js/src/jit/IonBuilder.cpp b/js/src/jit/IonBuilder.cpp index 2ceaf71..e0d3ef6 100644 --- a/js/src/jit/IonBuilder.cpp +++ b/js/src/jit/IonBuilder.cpp @@ -5005,6 +5005,7 @@ IonBuilder::makeCallHelper(HandleFunction target, CallInfo &callInfo, bool clone // MCall accordingly. types::StackTypeSet *thisTypes = thisArg->resultTypeSet(); if (thisTypes && + thisTypes->getKnownTypeTag() == JSVAL_TYPE_OBJECT && TestAreKnownDOMTypes(cx, thisTypes) && TestShouldDOMCall(cx, thisTypes, target, JSJitInfo::Method)) {

1 0

[tor-browser/esr24] Bug 1037641 - Split SetDirectionFromChangedTextNode into TextNodeWillChangeDirection and TextNodeChangedDirection. r=ehsan, a=abillings
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 38dc93ccf1549b964930c50bbc3f55f2377b6e23 Author: Simon Montagu <smontagu(a)smontagu.org> Date: Wed Aug 6 12:02:59 2014 +0300 Bug 1037641 - Split SetDirectionFromChangedTextNode into TextNodeWillChangeDirection and TextNodeChangedDirection. r=ehsan, a=abillings --- content/base/public/DirectionalityUtils.h | 18 +++++++++++++----- content/base/src/DirectionalityUtils.cpp | 26 ++++++++++++++------------ content/base/src/nsGenericDOMDataNode.cpp | 10 +++++++--- 3 files changed, 34 insertions(+), 20 deletions(-) diff --git a/content/base/public/DirectionalityUtils.h b/content/base/public/DirectionalityUtils.h index 85a7e78..4b1758c 100644 --- a/content/base/public/DirectionalityUtils.h +++ b/content/base/public/DirectionalityUtils.h @@ -79,12 +79,20 @@ void WalkDescendantsSetDirAuto(mozilla::dom::Element* aElement, void WalkDescendantsClearAncestorDirAuto(mozilla::dom::Element* aElement); /** - * When the contents of a text node have changed, deal with any elements whose - * directionality needs to change + * When the contents of a text node are about to change, retrieve the current + * directionality of the text + * + * @return whether the text node affects the directionality of any element + */ +bool TextNodeWillChangeDirection(nsIContent* aTextNode, Directionality* aOldDir, + uint32_t aOffset); + +/** + * After the contents of a text node have changed, change the directionality + * of any elements whose directionality is determined by that node */ -void SetDirectionFromChangedTextNode(nsIContent* aTextNode, uint32_t aOffset, - const PRUnichar* aBuffer, uint32_t aLength, - bool aNotify); +void TextNodeChangedDirection(nsIContent* aTextNode, Directionality aOldDir, + bool aNotify); /** * When a text node is appended to an element, find any ancestors with dir=auto diff --git a/content/base/src/DirectionalityUtils.cpp b/content/base/src/DirectionalityUtils.cpp index 9fa8a12..a689a19 100644 --- a/content/base/src/DirectionalityUtils.cpp +++ b/content/base/src/DirectionalityUtils.cpp @@ -316,6 +316,7 @@ GetDirectionFromText(const PRUnichar* aText, const uint32_t aLength, start < end && NS_IS_LOW_SURROGATE(*start)) { ch = SURROGATE_TO_UCS4(ch, *start++); + current++; } Directionality dir = GetDirectionFromChar(ch); @@ -822,26 +823,27 @@ void SetAncestorDirectionIfAuto(nsINode* aTextNode, Directionality aDir, } } -void -SetDirectionFromChangedTextNode(nsIContent* aTextNode, uint32_t aOffset, - const PRUnichar* aBuffer, uint32_t aLength, - bool aNotify) +bool +TextNodeWillChangeDirection(nsIContent* aTextNode, Directionality* aOldDir, + uint32_t aOffset) { if (!NodeAffectsDirAutoAncestor(aTextNode)) { nsTextNodeDirectionalityMap::EnsureMapIsClearFor(aTextNode); - return; + return false; } uint32_t firstStrong; - Directionality oldDir = GetDirectionFromText(aTextNode->GetText(), - &firstStrong); - if (aOffset > firstStrong) { - return; - } + *aOldDir = GetDirectionFromText(aTextNode->GetText(), &firstStrong); + return (aOffset <= firstStrong); +} - Directionality newDir = GetDirectionFromText(aBuffer, aLength); +void +TextNodeChangedDirection(nsIContent* aTextNode, Directionality aOldDir, + bool aNotify) +{ + Directionality newDir = GetDirectionFromText(aTextNode->GetText()); if (newDir == eDir_NotSet) { - if (oldDir != eDir_NotSet && aTextNode->HasTextNodeDirectionalityMap()) { + if (aOldDir != eDir_NotSet && aTextNode->HasTextNodeDirectionalityMap()) { // This node used to have a strong directional character but no // longer does. ResetTextNodeDirection() will re-resolve the // directionality of any elements whose directionality was diff --git a/content/base/src/nsGenericDOMDataNode.cpp b/content/base/src/nsGenericDOMDataNode.cpp index 2efc6cd..69ee693 100644 --- a/content/base/src/nsGenericDOMDataNode.cpp +++ b/content/base/src/nsGenericDOMDataNode.cpp @@ -294,9 +294,9 @@ nsGenericDOMDataNode::SetTextInternal(uint32_t aOffset, uint32_t aCount, nsNodeUtils::CharacterDataWillChange(this, &info); } - if (NodeType() == nsIDOMNode::TEXT_NODE) { - SetDirectionFromChangedTextNode(this, aOffset, aBuffer, aLength, aNotify); - } + Directionality oldDir = eDir_NotSet; + bool dirAffectsAncestor = (NodeType() == nsIDOMNode::TEXT_NODE && + TextNodeWillChangeDirection(this, &oldDir, aOffset)); if (aOffset == 0 && endOffset == textLength) { // Replacing whole text or old text was empty. Don't bother to check for @@ -338,6 +338,10 @@ nsGenericDOMDataNode::SetTextInternal(uint32_t aOffset, uint32_t aCount, document->SetBidiEnabled(); } + if (dirAffectsAncestor) { + TextNodeChangedDirection(this, oldDir, aNotify); + } + // Notify observers if (aNotify) { CharacterDataChangeInfo info = {

1 0

[tor-browser/esr24] No bug, Automated blocklist update from host bld-linux64-spot-307 - a=blocklist-update
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 5a2ca37b664e41d6081f5853ca04d5a7cd489fba Author: ffxbld <none@none> Date: Sat Jul 26 03:12:07 2014 -0700 No bug, Automated blocklist update from host bld-linux64-spot-307 - a=blocklist-update --- browser/app/blocklist.xml | 42 +++++++++++++++++++++++++++++++++--------- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/browser/app/blocklist.xml b/browser/app/blocklist.xml index ea097e3..5308769 100644 --- a/browser/app/blocklist.xml +++ b/browser/app/blocklist.xml @@ -1,5 +1,5 @@ <?xml version="1.0"?> -<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1405723700000"> +<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1406149943000"> <emItems> <emItem blockID="i454" id="sqlmoz(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> @@ -39,6 +39,12 @@ <prefs> </prefs> </emItem> + <emItem blockID="i646" id="{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}"> + <versionRange minVersion="178.7.0" maxVersion="178.7.0" severity="3"> + </versionRange> + <prefs> + </prefs> + </emItem> <emItem blockID="i107" os="WINNT" id="{ABDE892B-13A8-4d1b-88E6-365A6E755758}"> <versionRange minVersion="0" maxVersion="15.0.5" severity="1"> </versionRange> @@ -123,8 +129,8 @@ <prefs> </prefs> </emItem> - <emItem blockID="i660" id="youplayer(a)addons.mozilla.org"> - <versionRange minVersion="79.9.8" maxVersion="208.0.1" severity="3"> + <emItem blockID="i674" id="crossriderapp12555(a)crossrider.com"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> <prefs> </prefs> @@ -458,6 +464,12 @@ <prefs> </prefs> </emItem> + <emItem blockID="i672" id="/^(saamazon@mybrowserbar\.com)|(saebay@mybrowserbar\.com)$/"> + <versionRange minVersion="0" maxVersion="*" severity="1"> + </versionRange> + <prefs> + </prefs> + </emItem> <emItem blockID="i543" id="{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> @@ -739,8 +751,8 @@ <prefs> </prefs> </emItem> - <emItem blockID="i642" id="{bee6eb20-01e0-ebd1-da83-080329fb9a3a}"> - <versionRange minVersion="40.10.1" maxVersion="44.10.1" severity="3"> + <emItem blockID="i660" id="youplayer(a)addons.mozilla.org"> + <versionRange minVersion="79.9.8" maxVersion="208.0.1" severity="3"> </versionRange> <prefs> </prefs> @@ -757,8 +769,8 @@ <prefs> </prefs> </emItem> - <emItem blockID="i646" id="{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}"> - <versionRange minVersion="178.7.0" maxVersion="178.7.0" severity="3"> + <emItem blockID="i678" id="{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> <prefs> </prefs> @@ -1245,8 +1257,8 @@ <prefs> </prefs> </emItem> - <emItem blockID="i540" id="/^(ffxtlbr@mixidj\.com|{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}|{67097627-fd8e-4f6b-af4b-ecb65e50112e}|{f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a}|{a3d0e35f-f1da-4ccb-ae77-e9d27777e68d}|{1122b43d-30ee-403f-9bfa-3cc99b0caddd})$/"> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <emItem blockID="i676" id="SpecialSavings(a)SpecialSavings.com"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> <prefs> </prefs> @@ -1427,6 +1439,12 @@ <prefs> </prefs> </emItem> + <emItem blockID="i642" id="{bee6eb20-01e0-ebd1-da83-080329fb9a3a}"> + <versionRange minVersion="40.10.1" maxVersion="44.10.1" severity="3"> + </versionRange> + <prefs> + </prefs> + </emItem> <emItem blockID="i586" id="jid1-0xtMKhXFEs4jIg@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> @@ -1845,6 +1863,12 @@ <prefs> </prefs> </emItem> + <emItem blockID="i540" id="/^(ffxtlbr@mixidj\.com|{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}|{67097627-fd8e-4f6b-af4b-ecb65e50112e}|{f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a}|{a3d0e35f-f1da-4ccb-ae77-e9d27777e68d}|{1122b43d-30ee-403f-9bfa-3cc99b0caddd})$/"> + <versionRange minVersion="0" maxVersion="*" severity="3"> + </versionRange> + <prefs> + </prefs> + </emItem> <emItem blockID="i455" id="7d51fb17-b199-4d8f-894e-decaff4fc36a(a)a298838b-7f50-4c7c-9277-df6abbd42a0c.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange>

1 0

[tor-browser/esr24] Backed out changeset 48842a146399 (bug 1041148). DONTBUILD CLOSED TREE
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit bf509276864254cc2d4a47509e71d15a5eb316ff Author: Ryan VanderMeulen <ryanvm(a)gmail.com> Date: Thu Aug 7 15:45:24 2014 -0400 Backed out changeset 48842a146399 (bug 1041148). DONTBUILD CLOSED TREE --- dom/workers/XMLHttpRequest.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/dom/workers/XMLHttpRequest.cpp b/dom/workers/XMLHttpRequest.cpp index f00dbd2..9299cad 100644 --- a/dom/workers/XMLHttpRequest.cpp +++ b/dom/workers/XMLHttpRequest.cpp @@ -1412,8 +1412,6 @@ XMLHttpRequest::XMLHttpRequest(JSContext* aCx, WorkerPrivate* aWorkerPrivate) mWithCredentials(false), mCanceled(false), mMozAnon(false), mMozSystem(false) { mWorkerPrivate->AssertIsOnWorkerThread(); - - mozilla::HoldJSObjects(this); } XMLHttpRequest::~XMLHttpRequest()

1 0

[tor-browser/esr24] Bug 1041148 - Move HoldJSObjects call to XMLHttpRequest constructor to simplify the code. r=bz, a=lmandel
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit a1d95c5fc49163f11b8aa7c4c44ce42a94700a77 Author: Jan de Mooij <jdemooij(a)mozilla.com> Date: Wed Aug 6 15:23:33 2014 -0700 Bug 1041148 - Move HoldJSObjects call to XMLHttpRequest constructor to simplify the code. r=bz, a=lmandel CLOSED TREE --- dom/workers/XMLHttpRequest.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dom/workers/XMLHttpRequest.cpp b/dom/workers/XMLHttpRequest.cpp index 9299cad..f00dbd2 100644 --- a/dom/workers/XMLHttpRequest.cpp +++ b/dom/workers/XMLHttpRequest.cpp @@ -1412,6 +1412,8 @@ XMLHttpRequest::XMLHttpRequest(JSContext* aCx, WorkerPrivate* aWorkerPrivate) mWithCredentials(false), mCanceled(false), mMozAnon(false), mMozSystem(false) { mWorkerPrivate->AssertIsOnWorkerThread(); + + mozilla::HoldJSObjects(this); } XMLHttpRequest::~XMLHttpRequest()

1 0

[tor-browser/esr24] No bug, Automated blocklist update from host bld-linux64-spot-363 - a=blocklist-update
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit f1238c98084d85d705b21642d3bb6c31c363756b Author: ffxbld <none@none> Date: Sat Aug 2 03:12:11 2014 -0700 No bug, Automated blocklist update from host bld-linux64-spot-363 - a=blocklist-update --- browser/app/blocklist.xml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/browser/app/blocklist.xml b/browser/app/blocklist.xml index 5308769..5909efe 100644 --- a/browser/app/blocklist.xml +++ b/browser/app/blocklist.xml @@ -1,5 +1,5 @@ <?xml version="1.0"?> -<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1406149943000"> +<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1406936041000"> <emItems> <emItem blockID="i454" id="sqlmoz(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> @@ -337,6 +337,12 @@ <prefs> </prefs> </emItem> + <emItem blockID="i67" id="youtube2(a)youtube2.com"> + <versionRange minVersion="0" maxVersion="*"> + </versionRange> + <prefs> + </prefs> + </emItem> <emItem blockID="i360" id="ytd(a)mybrowserbar.com"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> @@ -1209,7 +1215,7 @@ <prefs> </prefs> </emItem> - <emItem blockID="i570" id="jid1-vW9nopuIAJiRHw@jetpack"> + <emItem blockID="i680" id="jid1-bKSXgRwy1UQeRA@jetpack"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> <prefs> @@ -1647,8 +1653,8 @@ <prefs> </prefs> </emItem> - <emItem blockID="i67" id="youtube2(a)youtube2.com"> - <versionRange minVersion="0" maxVersion="*"> + <emItem blockID="i570" id="jid1-vW9nopuIAJiRHw@jetpack"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> <prefs> </prefs>

1 0

[tor-browser/esr24] No bug, Automated HSTS preload list update from host bld-linux64-spot-363 - a=hsts-update
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit bc097f419497edb5b99d4c4a04133c6ba35bb161 Author: ffxbld <none@none> Date: Sat Aug 2 03:12:10 2014 -0700 No bug, Automated HSTS preload list update from host bld-linux64-spot-363 - a=hsts-update --- security/manager/boot/src/nsSTSPreloadList.errors | 13 ++++++++++--- security/manager/boot/src/nsSTSPreloadList.inc | 6 ++++-- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/security/manager/boot/src/nsSTSPreloadList.errors b/security/manager/boot/src/nsSTSPreloadList.errors index b06708b..02067a9 100644 --- a/security/manager/boot/src/nsSTSPreloadList.errors +++ b/security/manager/boot/src/nsSTSPreloadList.errors @@ -33,6 +33,7 @@ csawctf.poly.edu: did not receive HSTS header discovery.lookout.com: did not receive HSTS header dl.google.com: did not receive HSTS header docs.google.com: did not receive HSTS header +domains.google.com: did not receive HSTS header donmez.ws: could not connect to host drive.google.com: did not receive HSTS header dropbox.com: max-age too low: 2592000 @@ -45,6 +46,7 @@ epoxate.com: did not receive HSTS header errors.zenpayroll.com: could not connect to host espra.com: could not connect to host fatzebra.com.au: did not receive HSTS header +gamesdepartment.co.uk: did not receive HSTS header get.zenpayroll.com: did not receive HSTS header getlantern.org: did not receive HSTS header glass.google.com: did not receive HSTS header @@ -54,12 +56,14 @@ googleplex.com: could not connect to host goto.google.com: did not receive HSTS header greplin.com: did not receive HSTS header groups.google.com: did not receive HSTS header +hackerone-user-content.com: could not connect to host haste.ch: could not connect to host history.google.com: did not receive HSTS header hostedtalkgadget.google.com: did not receive HSTS header +howrandom.org: could not connect to host in.xero.com: max-age too low: 3600 intercom.io: did not receive HSTS header -iop.intuit.com: did not receive HSTS header +iop.intuit.com: max-age too low: 86400 irccloud.com: did not receive HSTS header jitsi.org: did not receive HSTS header jottit.com: could not connect to host @@ -95,6 +99,7 @@ rapidresearch.me: could not connect to host riseup.net: did not receive HSTS header sah3.net: could not connect to host saturngames.co.uk: did not receive HSTS header +schokokeks.org: did not receive HSTS header script.google.com: did not receive HSTS header security.google.com: did not receive HSTS header semenkovich.com: did not receive HSTS header @@ -119,7 +124,7 @@ talkgadget.google.com: did not receive HSTS header translate.googleapis.com: did not receive HSTS header uprotect.it: could not connect to host wallet.google.com: did not receive HSTS header -webmail.mayfirst.org: did not receive HSTS header +webmail.mayfirst.org: could not connect to host whonix.org: did not receive HSTS header www.cueup.com: could not connect to host www.developer.mydigipass.com: could not connect to host @@ -134,9 +139,11 @@ www.ledgerscope.net: did not receive HSTS header www.logentries.com: did not receive HSTS header www.moneybookers.com: did not receive HSTS header www.neonisi.com: could not connect to host -www.paycheckrecords.com: did not receive HSTS header +www.paycheckrecords.com: max-age too low: 86400 www.paypal.com: max-age too low: 14400 +www.rme.li: did not receive HSTS header www.roddis.net: did not receive HSTS header www.sandbox.mydigipass.com: could not connect to host +www.schokokeks.org: did not receive HSTS header www.surfeasy.com: did not receive HSTS header zoo24.de: max-age too low: 2592000 diff --git a/security/manager/boot/src/nsSTSPreloadList.inc b/security/manager/boot/src/nsSTSPreloadList.inc index 0b134c6..503d7a1 100644 --- a/security/manager/boot/src/nsSTSPreloadList.inc +++ b/security/manager/boot/src/nsSTSPreloadList.inc @@ -8,7 +8,7 @@ /*****************************************************************************/ #include "mozilla/StandardInteger.h" -const PRTime gPreloadListExpirationTime = INT64_C(1417255570959000); +const PRTime gPreloadListExpirationTime = INT64_C(1417860380322000); class nsSTSPreload { @@ -53,6 +53,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "cloudns.com.au", true }, { "cloudsecurityalliance.org", true }, { "codereview.appspot.com", false }, + { "config.schokokeks.org", false }, { "conformal.com", true }, { "controlcenter.gigahost.dk", true }, { "crm.onlime.ch", false }, @@ -212,6 +213,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "webfilings.appspot.com", true }, { "webmail.gigahost.dk", false }, { "webmail.onlime.ch", false }, + { "webmail.schokokeks.org", false }, { "wepay.com", false }, { "wf-bigsky-master.appspot.com", true }, { "wf-demo-eu.appspot.com", true }, @@ -238,6 +240,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "www.entropia.de", false }, { "www.eternalgoth.co.uk", true }, { "www.evernote.com", false }, + { "www.gamesdepartment.co.uk", false }, { "www.getcloak.com", false }, { "www.gov.uk", false }, { "www.grc.com", false }, @@ -252,7 +255,6 @@ static const nsSTSPreload kSTSPreloadList[] = { { "www.noisebridge.net", false }, { "www.opsmate.com", true }, { "www.python.org", true }, - { "www.rme.li", false }, { "www.simbolo.co.uk", false }, { "www.simple.com", false }, { "www.therapynotes.com", false },

1 0

[tor-browser/esr24] No bug - Remove permafailing Jetpack test that appears to be related to a recent blocklist update. rs=zombie, a=test-only
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 3195967d8298bb221f7bb43db3751d56a5088846 Author: Ryan VanderMeulen <ryanvm(a)gmail.com> Date: Tue Jul 22 11:25:34 2014 -0400 No bug - Remove permafailing Jetpack test that appears to be related to a recent blocklist update. rs=zombie, a=test-only --- .../source/test/addons/content-permissions/main.js | 86 -------------------- .../test/addons/content-permissions/package.json | 6 -- 2 files changed, 92 deletions(-) diff --git a/addon-sdk/source/test/addons/content-permissions/main.js b/addon-sdk/source/test/addons/content-permissions/main.js deleted file mode 100644 index 04676ea..0000000 --- a/addon-sdk/source/test/addons/content-permissions/main.js +++ /dev/null @@ -1,86 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -"use strict"; - -const xulApp = require("sdk/system/xul-app"); -const { PageMod } = require("sdk/page-mod"); -const tabs = require("sdk/tabs"); - -exports.testCrossDomainIframe = function(assert, done) { - let serverPort = 8099; - let server = require("sdk/test/httpd").startServerAsync(serverPort); - server.registerPathHandler("/iframe", function handle(request, response) { - response.write("<html><body>foo</body></html>"); - }); - - let pageMod = PageMod({ - include: "about:*", - contentScript: "new " + function ContentScriptScope() { - self.on("message", function (url) { - let iframe = document.createElement("iframe"); - iframe.addEventListener("load", function onload() { - iframe.removeEventListener("load", onload, false); - self.postMessage(iframe.contentWindow.document.body.innerHTML); - }, false); - iframe.setAttribute("src", url); - document.documentElement.appendChild(iframe); - }); - }, - onAttach: function(w) { - w.on("message", function (body) { - assert.equal(body, "foo", "received iframe html content"); - pageMod.destroy(); - w.tab.close(); - server.stop(done); - }); - w.postMessage("http://localhost:8099/iframe"); - } - }); - - tabs.open("about:credits"); -}; - -exports.testCrossDomainXHR = function(assert, done) { - let serverPort = 8099; - let server = require("sdk/test/httpd").startServerAsync(serverPort); - server.registerPathHandler("/xhr", function handle(request, response) { - response.write("foo"); - }); - - let pageMod = PageMod({ - include: "about:*", - contentScript: "new " + function ContentScriptScope() { - self.on("message", function (url) { - let request = new XMLHttpRequest(); - request.overrideMimeType("text/plain"); - request.open("GET", url, true); - request.onload = function () { - self.postMessage(request.responseText); - }; - request.send(null); - }); - }, - onAttach: function(w) { - w.on("message", function (body) { - assert.equal(body, "foo", "received XHR content"); - pageMod.destroy(); - w.tab.close(); - server.stop(done); - }); - w.postMessage("http://localhost:8099/xhr"); - } - }); - - tabs.open("about:credits"); -}; - -if (!xulApp.versionInRange(xulApp.platformVersion, "17.0a2", "*")) { - module.exports = { - "test Unsupported Application": function Unsupported (assert) { - assert.pass("This firefox version doesn't support cross-domain-content permission."); - } - }; -} - -require("sdk/test/runner").runTestsFromModule(module); diff --git a/addon-sdk/source/test/addons/content-permissions/package.json b/addon-sdk/source/test/addons/content-permissions/package.json deleted file mode 100644 index 00e1a02..0000000 --- a/addon-sdk/source/test/addons/content-permissions/package.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "id": "content-permissions", - "permissions": { - "cross-domain-content": ["http://localhost:8099"] - } -}

1 0

[tor-browser/esr24] No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 8712f33bf2d3d7124c1c8587f786f42e775d2838 Author: ffxbld <none@none> Date: Sat Jul 26 03:12:05 2014 -0700 No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update --- security/manager/boot/src/nsSTSPreloadList.errors | 7 +++---- security/manager/boot/src/nsSTSPreloadList.inc | 8 ++++++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/security/manager/boot/src/nsSTSPreloadList.errors b/security/manager/boot/src/nsSTSPreloadList.errors index f83a8d9..b06708b 100644 --- a/security/manager/boot/src/nsSTSPreloadList.errors +++ b/security/manager/boot/src/nsSTSPreloadList.errors @@ -12,7 +12,6 @@ bassh.net: did not receive HSTS header bccx.com: could not connect to host betnet.fr: could not connect to host bigshinylock.minazo.net: could not connect to host -blacklane.com: did not receive HSTS header braintreegateway.com: did not receive HSTS header braintreepayments.com: did not receive HSTS header browserid.org: did not receive HSTS header @@ -60,7 +59,7 @@ history.google.com: did not receive HSTS header hostedtalkgadget.google.com: did not receive HSTS header in.xero.com: max-age too low: 3600 intercom.io: did not receive HSTS header -iop.intuit.com: max-age too low: 86400 +iop.intuit.com: did not receive HSTS header irccloud.com: did not receive HSTS header jitsi.org: did not receive HSTS header jottit.com: could not connect to host @@ -122,7 +121,7 @@ uprotect.it: could not connect to host wallet.google.com: did not receive HSTS header webmail.mayfirst.org: did not receive HSTS header whonix.org: did not receive HSTS header -www.cueup.com: did not receive HSTS header +www.cueup.com: could not connect to host www.developer.mydigipass.com: could not connect to host www.dropbox.com: max-age too low: 2592000 www.elanex.biz: did not receive HSTS header @@ -135,7 +134,7 @@ www.ledgerscope.net: did not receive HSTS header www.logentries.com: did not receive HSTS header www.moneybookers.com: did not receive HSTS header www.neonisi.com: could not connect to host -www.paycheckrecords.com: max-age too low: 86400 +www.paycheckrecords.com: did not receive HSTS header www.paypal.com: max-age too low: 14400 www.roddis.net: did not receive HSTS header www.sandbox.mydigipass.com: could not connect to host diff --git a/security/manager/boot/src/nsSTSPreloadList.inc b/security/manager/boot/src/nsSTSPreloadList.inc index 96dbe38..0b134c6 100644 --- a/security/manager/boot/src/nsSTSPreloadList.inc +++ b/security/manager/boot/src/nsSTSPreloadList.inc @@ -8,7 +8,7 @@ /*****************************************************************************/ #include "mozilla/StandardInteger.h" -const PRTime gPreloadListExpirationTime = INT64_C(1416650838534000); +const PRTime gPreloadListExpirationTime = INT64_C(1417255570959000); class nsSTSPreload { @@ -37,6 +37,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "bccx.com", true }, { "bcrook.com", false }, { "bitbucket.org", false }, + { "blacklane.com", true }, { "blog.cyveillance.com", true }, { "blog.linode.com", false }, { "blog.lookout.com", false }, @@ -93,11 +94,12 @@ static const nsSTSPreload kSTSPreloadList[] = { { "gocardless.com", true }, { "grc.com", false }, { "grepular.com", true }, + { "hackerone.com", true }, { "harvestapp.com", true }, { "haste.ch", true }, { "heha.co", true }, { "howrandom.org", true }, - { "id.atlassian.com", true }, + { "id.atlassian.com", false }, { "id.mayfirst.org", false }, { "imouto.my", false }, { "inertianetworks.com", true }, @@ -172,6 +174,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "pypi.python.org", true }, { "python.org", false }, { "reviews.anime.my", true }, + { "rme.li", false }, { "roddis.net", false }, { "romab.com", true }, { "roundcube.mayfirst.org", false }, @@ -249,6 +252,7 @@ static const nsSTSPreload kSTSPreloadList[] = { { "www.noisebridge.net", false }, { "www.opsmate.com", true }, { "www.python.org", true }, + { "www.rme.li", false }, { "www.simbolo.co.uk", false }, { "www.simple.com", false }, { "www.therapynotes.com", false },

1 0

[tor-browser/esr24] Bug 701479 - Remove usage of EnumPrintersW to test if port is FILE:. nsDeviceContextSpecWin shouldn't start UI for asking for a filename nor query all possible printers. r=jimm, a=lsblakk
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 470c1bc46464e1a745063c76f742a9575c4d5077 Author: Oskar Eisemuth <dev_oskar(a)hotmail.com> Date: Tue Jan 28 16:31:20 2014 +0100 Bug 701479 - Remove usage of EnumPrintersW to test if port is FILE:. nsDeviceContextSpecWin shouldn't start UI for asking for a filename nor query all possible printers. r=jimm, a=lsblakk --- widget/windows/nsDeviceContextSpecWin.cpp | 196 ----------------------------- 1 file changed, 196 deletions(-) diff --git a/widget/windows/nsDeviceContextSpecWin.cpp b/widget/windows/nsDeviceContextSpecWin.cpp index 134d74f..1da105f 100644 --- a/widget/windows/nsDeviceContextSpecWin.cpp +++ b/widget/windows/nsDeviceContextSpecWin.cpp @@ -181,189 +181,6 @@ static PRUnichar * GetDefaultPrinterNameFromGlobalPrinters() return ToNewUnicode(printerName); } -//---------------------------------------------------------------- -static nsresult -EnumerateNativePrinters(DWORD aWhichPrinters, LPWSTR aPrinterName, bool& aIsFound, bool& aIsFile) -{ - DWORD dwSizeNeeded = 0; - DWORD dwNumItems = 0; - LPPRINTER_INFO_2W lpInfo = NULL; - - // Get buffer size - if (::EnumPrintersW(aWhichPrinters, NULL, 2, NULL, 0, &dwSizeNeeded, - &dwNumItems)) { - return NS_ERROR_FAILURE; - } - - // allocate memory - lpInfo = (LPPRINTER_INFO_2W) malloc(dwSizeNeeded); - if (!lpInfo) { - return NS_ERROR_OUT_OF_MEMORY; - } - - if (::EnumPrintersW(PRINTER_ENUM_LOCAL, NULL, 2, (LPBYTE)lpInfo, - dwSizeNeeded, &dwSizeNeeded, &dwNumItems) == 0) { - free(lpInfo); - return NS_OK; - } - - for (DWORD i = 0; i < dwNumItems; i++ ) { - if (wcscmp(lpInfo[i].pPrinterName, aPrinterName) == 0) { - aIsFound = true; - aIsFile = wcscmp(lpInfo[i].pPortName, L"FILE:") == 0; - break; - } - } - - free(lpInfo); - return NS_OK; -} - -//---------------------------------------------------------------- -static void -CheckForPrintToFileWithName(LPWSTR aPrinterName, bool& aIsFile) -{ - bool isFound = false; - aIsFile = false; - nsresult rv = EnumerateNativePrinters(PRINTER_ENUM_LOCAL, aPrinterName, isFound, aIsFile); - if (isFound) return; - - rv = EnumerateNativePrinters(PRINTER_ENUM_NETWORK, aPrinterName, isFound, aIsFile); - if (isFound) return; - - rv = EnumerateNativePrinters(PRINTER_ENUM_SHARED, aPrinterName, isFound, aIsFile); - if (isFound) return; - - rv = EnumerateNativePrinters(PRINTER_ENUM_REMOTE, aPrinterName, isFound, aIsFile); - if (isFound) return; -} - -static nsresult -GetFileNameForPrintSettings(nsIPrintSettings* aPS) -{ - // for testing -#ifdef DEBUG_rods - return NS_OK; -#endif - - nsresult rv; - - nsCOMPtr<nsIFilePicker> filePicker = do_CreateInstance("@mozilla.org/filepicker;1", &rv); - NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr<nsIStringBundleService> bundleService = - mozilla::services::GetStringBundleService(); - if (!bundleService) - return NS_ERROR_FAILURE; - nsCOMPtr<nsIStringBundle> bundle; - rv = bundleService->CreateBundle(NS_ERROR_GFX_PRINTER_BUNDLE_URL, getter_AddRefs(bundle)); - NS_ENSURE_SUCCESS(rv, rv); - - nsXPIDLString title; - rv = bundle->GetStringFromName(NS_LITERAL_STRING("PrintToFile").get(), getter_Copies(title)); - NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr<nsIWindowWatcher> wwatch = - (do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv)); - NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr<nsIDOMWindow> window; - wwatch->GetActiveWindow(getter_AddRefs(window)); - - rv = filePicker->Init(window, title, nsIFilePicker::modeSave); - NS_ENSURE_SUCCESS(rv, rv); - - rv = filePicker->AppendFilters(nsIFilePicker::filterAll); - NS_ENSURE_SUCCESS(rv, rv); - - PRUnichar* fileName; - aPS->GetToFileName(&fileName); - - if (fileName) { - if (*fileName) { - nsAutoString leafName; - nsCOMPtr<nsIFile> file(do_CreateInstance("@mozilla.org/file/local;1")); - if (file) { - rv = file->InitWithPath(nsDependentString(fileName)); - if (NS_SUCCEEDED(rv)) { - file->GetLeafName(leafName); - filePicker->SetDisplayDirectory(file); - } - } - if (!leafName.IsEmpty()) { - rv = filePicker->SetDefaultString(leafName); - } - NS_ENSURE_SUCCESS(rv, rv); - } - nsMemory::Free(fileName); - } - - int16_t dialogResult; - filePicker->Show(&dialogResult); - - if (dialogResult == nsIFilePicker::returnCancel) { - return NS_ERROR_ABORT; - } - - nsCOMPtr<nsIFile> localFile; - rv = filePicker->GetFile(getter_AddRefs(localFile)); - NS_ENSURE_SUCCESS(rv, rv); - - if (dialogResult == nsIFilePicker::returnReplace) { - // be extra safe and only delete when the file is really a file - bool isFile; - rv = localFile->IsFile(&isFile); - if (NS_SUCCEEDED(rv) && isFile) { - rv = localFile->Remove(false /* recursive delete */); - NS_ENSURE_SUCCESS(rv, rv); - } - } - - nsAutoString unicodePath; - rv = localFile->GetPath(unicodePath); - NS_ENSURE_SUCCESS(rv,rv); - - if (unicodePath.IsEmpty()) { - rv = NS_ERROR_ABORT; - } - - if (NS_SUCCEEDED(rv)) aPS->SetToFileName(unicodePath.get()); - - return rv; -} - -//---------------------------------------------------------------------------------- -static nsresult -CheckForPrintToFile(nsIPrintSettings* aPS, LPWSTR aPrinterName, PRUnichar* aUPrinterName) -{ - nsresult rv = NS_OK; - - if (!aPrinterName && !aUPrinterName) return rv; - - bool toFile; - CheckForPrintToFileWithName(aPrinterName?aPrinterName:aUPrinterName, toFile); - // Since the driver wasn't a "Print To File" Driver, check to see - // if the name of the file has been set to the special "FILE:" - if (!toFile) { - nsXPIDLString toFileName; - aPS->GetToFileName(getter_Copies(toFileName)); - if (toFileName) { - if (*toFileName) { - if (toFileName.EqualsLiteral("FILE:")) { - // this skips the setting of the "print to file" info below - // which we don't want to do. - return NS_OK; - } - } - } - } - aPS->SetPrintToFile(toFile); - if (toFile) { - rv = GetFileNameForPrintSettings(aPS); - } - return rv; -} - //---------------------------------------------------------------------------------- NS_IMETHODIMP nsDeviceContextSpecWin::Init(nsIWidget* aWidget, nsIPrintSettings* aPrintSettings, @@ -398,15 +215,6 @@ NS_IMETHODIMP nsDeviceContextSpecWin::Init(nsIWidget* aWidget, SetDriverName(driverName); SetDevMode(devMode); - if (!aIsPrintPreview) { - rv = CheckForPrintToFile(mPrintSettings, deviceName, nullptr); - if (NS_FAILED(rv)) { - nsCRT::free(deviceName); - nsCRT::free(driverName); - return NS_ERROR_FAILURE; - } - } - // clean up nsCRT::free(deviceName); nsCRT::free(driverName); @@ -437,10 +245,6 @@ NS_IMETHODIMP nsDeviceContextSpecWin::Init(nsIWidget* aWidget, NS_ASSERTION(printerName, "We have to have a printer name"); if (!printerName || !*printerName) return rv; - if (!aIsPrintPreview) { - CheckForPrintToFile(mPrintSettings, nullptr, printerName); - } - return GetDataFromPrinter(printerName, mPrintSettings); }

1 0

[tor-browser/esr24] No bug, Automated blocklist update from host bld-linux64-spot-028 - a=blocklist-update
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit aeebbf3830ed46152e585a4ab11928e877c1ca58 Author: ffxbld <none@none> Date: Sat Jul 19 03:13:18 2014 -0700 No bug, Automated blocklist update from host bld-linux64-spot-028 - a=blocklist-update --- browser/app/blocklist.xml | 65 ++++++++++++++++++++++++++++++++------------- 1 file changed, 46 insertions(+), 19 deletions(-) diff --git a/browser/app/blocklist.xml b/browser/app/blocklist.xml index 6deef11..ea097e3 100644 --- a/browser/app/blocklist.xml +++ b/browser/app/blocklist.xml @@ -1,5 +1,5 @@ <?xml version="1.0"?> -<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1405034316000"> +<blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist" lastupdate="1405723700000"> <emItems> <emItem blockID="i454" id="sqlmoz(a)facebook.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> @@ -262,6 +262,10 @@ <pref>browser.search.defaultenginename</pref> </prefs> </emItem> + <emItem blockID="i7" id="{2224e955-00e9-4613-a844-ce69fccaae91}"> + <prefs> + </prefs> + </emItem> <emItem blockID="i174" id="info(a)thebflix.com"> <versionRange minVersion="0" maxVersion="*" severity="3"> </versionRange> @@ -280,10 +284,11 @@ <prefs> </prefs> </emItem> - <emItem blockID="i172" id="info(a)bflix.info"> - <versionRange minVersion="0" maxVersion="*" severity="3"> + <emItem blockID="i670" id="/^({ad9a41d2-9a49-4fa6-a79e-71a0785364c8})|(ffxtlbr(a)mysearchdial\.com)$/"> + <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> <prefs> + <pref>browser.search.defaultenginename</pref> </prefs> </emItem> <emItem blockID="i93" id="{68b8676b-99a5-46d1-b390-22411d8bcd61}"> @@ -782,6 +787,12 @@ <prefs> </prefs> </emItem> + <emItem blockID="i668" id="/^(matchersite(pro(src)?)?\@matchersite(pro(src)?)?\.com)|((pro)?sitematcher(_src|pro|site|sitesrc)?\@(pro)?sitematcher(_src|pro|site|sitesrc)?\.com)$/"> + <versionRange minVersion="0" maxVersion="*" severity="1"> + </versionRange> + <prefs> + </prefs> + </emItem> <emItem blockID="i440" id="{2d069a16-fca1-4e81-81ea-5d5086dcbd0c}"> <versionRange minVersion="0" maxVersion="*" severity="1"> </versionRange> @@ -906,8 +917,10 @@ <prefs> </prefs> </emItem> - <emItem blockID="i7" id="{2224e955-00e9-4613-a844-ce69fccaae91}"> - <prefs> + <emItem blockID="i172" id="info(a)bflix.info"> + <versionRange minVersion="0" maxVersion="*" severity="3"> + </versionRange> + <prefs> </prefs> </emItem> <emItem blockID="i525" id="/^({65f9f6b7-2dae-46fc-bfaf-f88e4af1beca}|{9ed31f84-c8b3-4926-b950-dff74047ff79}|{0134af61-7a0c-4649-aeca-90d776060cb3}|{02edb56b-9b33-435b-b7df-b2843273a694}|{da51d4f6-3e7e-4ef8-b400-9198e0874606}|{b24577db-155e-4077-bb37-3fdd3c302bb5})$/"> @@ -1907,7 +1920,8 @@ <versionRange minVersion="0.1" maxVersion="17.0.1" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p102"> <match name="filename" exp="npmozax\.dll" /> <versionRange minVersion="0" maxVersion="*"></versionRange> </pluginItem> @@ -1977,35 +1991,40 @@ <versionRange minVersion="4.0" maxVersion="16.*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p176"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="10.3" maxVersion="10.3.183.18.999" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p176"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="10.3" maxVersion="10.3.183.18.999" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p178"> <match name="filename" exp="(NPSWF[0-9_]*\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="11.0" maxVersion="11.7.700.169" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p178"> <match name="filename" exp="(NPSWF[0-9_]*\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="11.0" maxVersion="11.7.700.169" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p180"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 7 Update 0" maxVersion="Java 7 Update 11" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> @@ -2101,28 +2120,32 @@ <versionRange minVersion="18.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p260"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="0" maxVersion="10.2.9999" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p290"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="10.3.183.19" maxVersion="10.3.183.66" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p290"> <match name="filename" exp="(NPSWF32\.dll)|(Flash\ Player\.plugin)" /> <versionRange minVersion="10.3.183.19" maxVersion="10.3.183.66" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p292"> <match name="filename" exp="JavaAppletPlugin\.plugin" /> <versionRange minVersion="Java 7 Update 12" maxVersion="Java 7 Update 15" severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> @@ -2185,28 +2208,32 @@ <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p330"> <match name="description" exp="^Shockwave Flash (([1-9]\.[0-9]+)|(10\.([0-2]|(3 r(([0-9][0-9]?)|1(([0-7][0-9])|8[0-2]))))))( |$)" /> <match name="filename" exp="libflashplayer\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p332"> <match name="description" exp="^Shockwave Flash 11.(0|1) r[0-9]{1,3}$" /> <match name="filename" exp="libflashplayer\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="19.0a1" maxVersion="*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p332"> <match name="description" exp="^Shockwave Flash 11.(0|1) r[0-9]{1,3}$" /> <match name="filename" exp="libflashplayer\.so" /> <versionRange severity="0" vulnerabilitystatus="1"> <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"> <versionRange minVersion="17.0.4" maxVersion="17.0.*" /> </targetApplication> </versionRange> - </pluginItem> + <infoURL>https://get.adobe.com/flashplayer/</infoURL> + </pluginItem> <pluginItem blockID="p366"> <match name="filename" exp="Scorch\.plugin" /> <versionRange minVersion="6.2.0" maxVersion="6.2.0" severity="1"></versionRange> </pluginItem>

1 0

[tor-browser/esr24] Automated checkin: version bump for firefox 24.7.0esr release. DONTBUILD CLOSED TREE a=release
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 5a45b0d0ddb1c96ca2ec0ce16f7d616d390aec3f Author: ffxbld <none@none> Date: Mon Jul 14 18:28:02 2014 -0400 Automated checkin: version bump for firefox 24.7.0esr release. DONTBUILD CLOSED TREE a=release --- browser/config/version.txt | 2 +- config/milestone.txt | 2 +- js/src/config/milestone.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/browser/config/version.txt b/browser/config/version.txt index 60f1860..98b82b8 100644 --- a/browser/config/version.txt +++ b/browser/config/version.txt @@ -1 +1 @@ -24.6.0esrpre +24.7.0esrpre diff --git a/config/milestone.txt b/config/milestone.txt index 71e3ef9..c293ee8 100644 --- a/config/milestone.txt +++ b/config/milestone.txt @@ -10,4 +10,4 @@ # hardcoded milestones in the tree from these two files. #-------------------------------------------------------- -24.6.0 +24.7.0esrpre diff --git a/js/src/config/milestone.txt b/js/src/config/milestone.txt index 71e3ef9..c293ee8 100644 --- a/js/src/config/milestone.txt +++ b/js/src/config/milestone.txt @@ -10,4 +10,4 @@ # hardcoded milestones in the tree from these two files. #-------------------------------------------------------- -24.6.0 +24.7.0esrpre

1 0

[tor-browser/esr24] Bug 701479 - Remove usage of EnumPrintersW to test if port is FILE:. nsDeviceContextSpecWin shouldn't start UI for asking for a filename nor query all possible printers. r=jimm, a=lsblakk
by mikeperry＠torproject.org 29 Aug '14

29 Aug '14

commit 5c995e3f678a3e5a5cf5ec29abf0e811cc1a6707 Author: Oskar Eisemuth <dev_oskar(a)hotmail.com> Date: Tue Jan 28 16:31:20 2014 +0100 Bug 701479 - Remove usage of EnumPrintersW to test if port is FILE:. nsDeviceContextSpecWin shouldn't start UI for asking for a filename nor query all possible printers. r=jimm, a=lsblakk --- widget/windows/nsDeviceContextSpecWin.cpp | 196 ----------------------------- 1 file changed, 196 deletions(-) diff --git a/widget/windows/nsDeviceContextSpecWin.cpp b/widget/windows/nsDeviceContextSpecWin.cpp index 134d74f..1da105f 100644 --- a/widget/windows/nsDeviceContextSpecWin.cpp +++ b/widget/windows/nsDeviceContextSpecWin.cpp @@ -181,189 +181,6 @@ static PRUnichar * GetDefaultPrinterNameFromGlobalPrinters() return ToNewUnicode(printerName); } -//---------------------------------------------------------------- -static nsresult -EnumerateNativePrinters(DWORD aWhichPrinters, LPWSTR aPrinterName, bool& aIsFound, bool& aIsFile) -{ - DWORD dwSizeNeeded = 0; - DWORD dwNumItems = 0; - LPPRINTER_INFO_2W lpInfo = NULL; - - // Get buffer size - if (::EnumPrintersW(aWhichPrinters, NULL, 2, NULL, 0, &dwSizeNeeded, - &dwNumItems)) { - return NS_ERROR_FAILURE; - } - - // allocate memory - lpInfo = (LPPRINTER_INFO_2W) malloc(dwSizeNeeded); - if (!lpInfo) { - return NS_ERROR_OUT_OF_MEMORY; - } - - if (::EnumPrintersW(PRINTER_ENUM_LOCAL, NULL, 2, (LPBYTE)lpInfo, - dwSizeNeeded, &dwSizeNeeded, &dwNumItems) == 0) { - free(lpInfo); - return NS_OK; - } - - for (DWORD i = 0; i < dwNumItems; i++ ) { - if (wcscmp(lpInfo[i].pPrinterName, aPrinterName) == 0) { - aIsFound = true; - aIsFile = wcscmp(lpInfo[i].pPortName, L"FILE:") == 0; - break; - } - } - - free(lpInfo); - return NS_OK; -} - -//---------------------------------------------------------------- -static void -CheckForPrintToFileWithName(LPWSTR aPrinterName, bool& aIsFile) -{ - bool isFound = false; - aIsFile = false; - nsresult rv = EnumerateNativePrinters(PRINTER_ENUM_LOCAL, aPrinterName, isFound, aIsFile); - if (isFound) return; - - rv = EnumerateNativePrinters(PRINTER_ENUM_NETWORK, aPrinterName, isFound, aIsFile); - if (isFound) return; - - rv = EnumerateNativePrinters(PRINTER_ENUM_SHARED, aPrinterName, isFound, aIsFile); - if (isFound) return; - - rv = EnumerateNativePrinters(PRINTER_ENUM_REMOTE, aPrinterName, isFound, aIsFile); - if (isFound) return; -} - -static nsresult -GetFileNameForPrintSettings(nsIPrintSettings* aPS) -{ - // for testing -#ifdef DEBUG_rods - return NS_OK; -#endif - - nsresult rv; - - nsCOMPtr<nsIFilePicker> filePicker = do_CreateInstance("@mozilla.org/filepicker;1", &rv); - NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr<nsIStringBundleService> bundleService = - mozilla::services::GetStringBundleService(); - if (!bundleService) - return NS_ERROR_FAILURE; - nsCOMPtr<nsIStringBundle> bundle; - rv = bundleService->CreateBundle(NS_ERROR_GFX_PRINTER_BUNDLE_URL, getter_AddRefs(bundle)); - NS_ENSURE_SUCCESS(rv, rv); - - nsXPIDLString title; - rv = bundle->GetStringFromName(NS_LITERAL_STRING("PrintToFile").get(), getter_Copies(title)); - NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr<nsIWindowWatcher> wwatch = - (do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv)); - NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr<nsIDOMWindow> window; - wwatch->GetActiveWindow(getter_AddRefs(window)); - - rv = filePicker->Init(window, title, nsIFilePicker::modeSave); - NS_ENSURE_SUCCESS(rv, rv); - - rv = filePicker->AppendFilters(nsIFilePicker::filterAll); - NS_ENSURE_SUCCESS(rv, rv); - - PRUnichar* fileName; - aPS->GetToFileName(&fileName); - - if (fileName) { - if (*fileName) { - nsAutoString leafName; - nsCOMPtr<nsIFile> file(do_CreateInstance("@mozilla.org/file/local;1")); - if (file) { - rv = file->InitWithPath(nsDependentString(fileName)); - if (NS_SUCCEEDED(rv)) { - file->GetLeafName(leafName); - filePicker->SetDisplayDirectory(file); - } - } - if (!leafName.IsEmpty()) { - rv = filePicker->SetDefaultString(leafName); - } - NS_ENSURE_SUCCESS(rv, rv); - } - nsMemory::Free(fileName); - } - - int16_t dialogResult; - filePicker->Show(&dialogResult); - - if (dialogResult == nsIFilePicker::returnCancel) { - return NS_ERROR_ABORT; - } - - nsCOMPtr<nsIFile> localFile; - rv = filePicker->GetFile(getter_AddRefs(localFile)); - NS_ENSURE_SUCCESS(rv, rv); - - if (dialogResult == nsIFilePicker::returnReplace) { - // be extra safe and only delete when the file is really a file - bool isFile; - rv = localFile->IsFile(&isFile); - if (NS_SUCCEEDED(rv) && isFile) { - rv = localFile->Remove(false /* recursive delete */); - NS_ENSURE_SUCCESS(rv, rv); - } - } - - nsAutoString unicodePath; - rv = localFile->GetPath(unicodePath); - NS_ENSURE_SUCCESS(rv,rv); - - if (unicodePath.IsEmpty()) { - rv = NS_ERROR_ABORT; - } - - if (NS_SUCCEEDED(rv)) aPS->SetToFileName(unicodePath.get()); - - return rv; -} - -//---------------------------------------------------------------------------------- -static nsresult -CheckForPrintToFile(nsIPrintSettings* aPS, LPWSTR aPrinterName, PRUnichar* aUPrinterName) -{ - nsresult rv = NS_OK; - - if (!aPrinterName && !aUPrinterName) return rv; - - bool toFile; - CheckForPrintToFileWithName(aPrinterName?aPrinterName:aUPrinterName, toFile); - // Since the driver wasn't a "Print To File" Driver, check to see - // if the name of the file has been set to the special "FILE:" - if (!toFile) { - nsXPIDLString toFileName; - aPS->GetToFileName(getter_Copies(toFileName)); - if (toFileName) { - if (*toFileName) { - if (toFileName.EqualsLiteral("FILE:")) { - // this skips the setting of the "print to file" info below - // which we don't want to do. - return NS_OK; - } - } - } - } - aPS->SetPrintToFile(toFile); - if (toFile) { - rv = GetFileNameForPrintSettings(aPS); - } - return rv; -} - //---------------------------------------------------------------------------------- NS_IMETHODIMP nsDeviceContextSpecWin::Init(nsIWidget* aWidget, nsIPrintSettings* aPrintSettings, @@ -398,15 +215,6 @@ NS_IMETHODIMP nsDeviceContextSpecWin::Init(nsIWidget* aWidget, SetDriverName(driverName); SetDevMode(devMode); - if (!aIsPrintPreview) { - rv = CheckForPrintToFile(mPrintSettings, deviceName, nullptr); - if (NS_FAILED(rv)) { - nsCRT::free(deviceName); - nsCRT::free(driverName); - return NS_ERROR_FAILURE; - } - } - // clean up nsCRT::free(deviceName); nsCRT::free(driverName); @@ -437,10 +245,6 @@ NS_IMETHODIMP nsDeviceContextSpecWin::Init(nsIWidget* aWidget, NS_ASSERTION(printerName, "We have to have a printer name"); if (!printerName || !*printerName) return rv; - if (!aIsPrintPreview) { - CheckForPrintToFile(mPrintSettings, nullptr, printerName); - } - return GetDataFromPrinter(printerName, mPrintSettings); }

1 0