No Bug, mozilla-beta repo-update HSTS HPKP blocklist. r=RyanVM, a=release
authorffxbld
Tue, 12 Jun 2018 17:35:55 -0400
changeset 471294 e5d9bf645ebf
parent 471293 5fafd6ba99e4
child 471295 e8e10ea43a8b
push id9357
push userryanvm@gmail.com
push date2018-06-12 21:37 +0000
treeherdermozilla-beta@e8e10ea43a8b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersRyanVM, release
milestone61.0
No Bug, mozilla-beta repo-update HSTS HPKP blocklist. r=RyanVM, a=release Differential Revision: https://phabricator.services.mozilla.com/D1634
browser/app/blocklist.xml
security/manager/ssl/StaticHPKPins.h
security/manager/ssl/nsSTSPreloadList.inc
--- a/browser/app/blocklist.xml
+++ b/browser/app/blocklist.xml
@@ -1,10 +1,10 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<blocklist lastupdate="1524147337556" xmlns="http://www.mozilla.org/2006/addons-blocklist">
+<blocklist lastupdate="1528408770328" xmlns="http://www.mozilla.org/2006/addons-blocklist">
   <emItems>
     <emItem blockID="i334" id="{0F827075-B026-42F3-885D-98981EE7B1AE}">
       <prefs/>
       <versionRange minVersion="0" maxVersion="*" severity="3"/>
     </emItem>
     <emItem blockID="i1211" id="flvto@hotger.com">
       <prefs/>
       <versionRange minVersion="0" maxVersion="*" severity="1"/>
@@ -2246,16 +2246,36 @@
     <emItem blockID="feb2d0d7-1b76-4dba-bf84-42873a92af5f" id="/^({6ecb9f49-90f0-43a1-8f8a-e809ea4f732b})|(@googledashboard)|(@smashdashboard)|(@smash_tv)|(@smash_mov)|(@smashmovs)|(@smashtvs)|(@FirefoxUpdate)|({92b9e511-ac81-4d47-9b8f-f92dc872447e})|({3c841114-da8c-44ea-8303-78264edfe60b})|({116a0754-20eb-4fe5-bd35-575867a0b89e})|({6e6ff0fd-4ae4-49ae-ac0c-e2527e12359b})|({f992ac88-79d3-4960-870e-92c342ed3491})|({6ecb9f49-90f0-43a1-8f8a-e809ea4f732b})|({a512297e-4d3a-468c-bd1a-f77bd093f925})|({08c28c16-9fb6-4b32-9868-db37c1668f94})|({b4ab1a1d-e137-4c59-94d5-4f509358a81d})|({feedf4f8-08c1-451f-a717-f08233a64ec9})$/">
       <prefs/>
       <versionRange minVersion="0" maxVersion="*" severity="3"/>
     </emItem>
     <emItem blockID="96b137e6-8cb5-44d6-9a34-4a4a76fb5e38" id="/^({b99ae7b1-aabb-4674-ba8f-14ed32d04e76})|({dfa77d38-f67b-4c41-80d5-96470d804d09})$/">
       <prefs/>
       <versionRange minVersion="0" maxVersion="*" severity="3"/>
     </emItem>
+    <emItem blockID="3ab9f100-e253-4080-b3e5-652f842ddb7a" id="/((@extcorp\.[a-z]+)|(@brcorporation\.com)|(@brmodcorp\.com)|(@teset\.com)|(@modext\.tech)|(@ext?mod\.net)|(@browcorporation\.org)|(@omegacorporation\.org)|(@browmodule\.com)|(@corpext\.net)|({6b50ddac-f5e0-4d9e-945b-e4165bfea5d6})|({fab6484f-b8a7-4ba9-a041-0f948518b80c})|({b797035a-7f29-4ff5-bd19-77f1b5e464b1})|({0f612416-5c5a-4ec8-b482-eb546af9cac4}))$/">
+      <prefs/>
+      <versionRange minVersion="0" maxVersion="*" severity="3"/>
+    </emItem>
+    <emItem blockID="3a123214-b4b6-410c-a061-bbaf0d168d31" id="/^(({41c14ab8-9958-44bf-b74e-af54c1f169a6})|({78054cb2-e3e8-4070-a8ad-3fd69c8e4707})|({0089b179-8f3d-44d9-bb18-582843b0757a})|({f44ddcb4-4cc0-4866-92fa-eefda60c6720})|({1893d673-7953-4870-8069-baac49ce3335})|({fb28cac0-c2aa-4e0c-a614-cf3641196237})|({d7dee150-da14-45ba-afca-02c7a79ad805})|(RandomNameTest@RandomNameTest\.com )|(corpsearchengine@mail\.ru)|(support@work\.org))$/">
+      <prefs/>
+      <versionRange minVersion="0" maxVersion="*" severity="3"/>
+    </emItem>
+    <emItem blockID="cbfa5303-c1bf-49c8-87d8-259738a20064" id="@vkmad">
+      <prefs/>
+      <versionRange minVersion="0" maxVersion="*" severity="3"/>
+    </emItem>
+    <emItem blockID="0f0764d5-a290-428b-a5b2-3767e1d72c71" id="{38363d75-6591-4e8b-bf01-0270623d1b6c}">
+      <prefs/>
+      <versionRange minVersion="0" maxVersion="*" severity="3"/>
+    </emItem>
+    <emItem blockID="5afea853-d029-43f3-a387-64ce9980742a" id="/^(contactus@unzipper.com|{72dcff4e-48ce-41d8-a807-823adadbe0c9}|{dc7d2ecc-9cc3-40d7-93ed-ef6f3219bd6f}|{994db3d3-ccfe-449a-81e4-f95e2da76843}|{25aef460-43d5-4bd0-aa3d-0a46a41400e6}|{178e750c-ae27-4868-a229-04951dac57f7})$/">
+      <prefs/>
+      <versionRange minVersion="0" maxVersion="*" severity="3"/>
+    </emItem>
   </emItems>
   <pluginItems>
     <pluginItem blockID="p332">
       <match exp="libflashplayer\.so" name="filename"/>
       <match exp="^Shockwave Flash 11.(0|1) r[0-9]{1,3}$" name="description"/>
       <infoURL>https://get.adobe.com/flashplayer/</infoURL>
       <versionRange severity="0" vulnerabilitystatus="1">
         <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}">
--- a/security/manager/ssl/StaticHPKPins.h
+++ b/security/manager/ssl/StaticHPKPins.h
@@ -714,16 +714,17 @@ static const TransportSecurityPreload kP
   { "chfr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "chit.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "chrome-devtools-frontend.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "chrome.com", true, false, false, -1, &kPinset_google_root_pems },
   { "chrome.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "chromiumbugs.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "chromiumcodereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "cl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "classroom.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "cloud.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "cn.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "co.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "code.facebook.com", true, false, false, -1, &kPinset_facebook },
   { "code.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "codereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "codereview.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
   { "contributor.google.com", true, false, false, -1, &kPinset_google_root_pems },
@@ -752,16 +753,17 @@ static const TransportSecurityPreload kP
   { "dropbox.com", true, false, false, -1, &kPinset_dropbox },
   { "dropboxstatic.com", false, true, false, -1, &kPinset_dropbox },
   { "dropboxusercontent.com", false, true, false, -1, &kPinset_dropbox },
   { "edit.yahoo.com", true, true, false, -1, &kPinset_yahoo },
   { "en-maktoob.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "encrypted.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "es.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "espanol.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "example.test", true, true, false, -1, &kPinset_test },
   { "exclude-subdomains.pinning.example.com", false, false, false, 0, &kPinset_mozilla_test },
   { "facebook.com", false, false, false, -1, &kPinset_facebook },
   { "fi.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "fi.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "firebaseio.com", true, false, false, -1, &kPinset_google_root_pems },
   { "fj.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "fr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "g.co", true, false, false, -1, &kPinset_google_root_pems },
@@ -1154,13 +1156,13 @@ static const TransportSecurityPreload kP
   { "youtu.be", true, false, false, -1, &kPinset_google_root_pems },
   { "youtube-nocookie.com", true, false, false, -1, &kPinset_google_root_pems },
   { "youtube.com", true, false, false, -1, &kPinset_google_root_pems },
   { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
   { "za.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
   { "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
 };
 
-// Pinning Preload List Length = 485;
+// Pinning Preload List Length = 487;
 
 static const int32_t kUnknownId = -1;
 
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1533809451638000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1537282078221000);
--- a/security/manager/ssl/nsSTSPreloadList.inc
+++ b/security/manager/ssl/nsSTSPreloadList.inc
@@ -3,17 +3,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*****************************************************************************/
 /* This is an automatically generated file. If you're not                    */
 /* nsSiteSecurityService.cpp, you shouldn't be #including it.                */
 /*****************************************************************************/
 
 #include <stdint.h>
-const PRTime gPreloadListExpirationTime = INT64_C(1536228415037000);
+const PRTime gPreloadListExpirationTime = INT64_C(1539701132155000);
 %%
 0-1.party, 1
 0.me.uk, 1
 0005pay.com, 1
 00100010.net, 1
 0010100.net, 1
 00120012.net, 1
 00130013.net, 1
@@ -2448,16 +2448,17 @@ andrewryno.com, 1
 andrewsun.com, 1
 andrewtchin.com, 1
 andrewtebert.com, 1
 andrewthelott.net, 1
 andrewx.net, 1
 andrezadnik.com, 1
 andro2id.com, 1
 andro4all.com, 1
+android, 1
 android.re, 1
 androide.com, 1
 androidhry.cz, 1
 androidkatalog.cz, 1
 androidnovinky.cz, 1
 androidtamer.com, 1
 androidtelefony.cz, 1
 androidzone.me, 1
@@ -4157,16 +4158,17 @@ beauty-italy.ru, 1
 beauty24.de, 1
 beautybear.dk, 1
 beautyconcept.co, 0
 beautyevent.fr, 1
 beautykat.ru, 1
 bebef.de, 1
 bebefofuxo.com.br, 1
 bebes.uno, 1
+bebest.gov, 1
 bebetrotteur.com, 1
 bebout.domains, 1
 beccajoshwedding.com, 1
 beckenhamcastles.co.uk, 1
 beckerantiques.com, 0
 becklove.cn, 1
 beckon.com, 1
 becoast.fr, 1
@@ -4352,16 +4354,17 @@ benshoof.org, 1
 bensinflatables.co.uk, 1
 bentertain.de, 1
 bentley.blog, 1
 bentley.link, 1
 bentrask.com, 1
 benzi.io, 1
 benzou-space.com, 1
 beoordelingen.be, 1
+bep.gov, 1
 bephoenix.org.uk, 1
 bequiia.com, 1
 beranovi.com, 1
 berasavocate.com, 1
 beraten-entwickeln-steuern.de, 1
 berdaguermontes.eu, 0
 berduri.com, 1
 bergenhave.nl, 1
@@ -4546,16 +4549,17 @@ beyondtrust.com, 1
 beyondweb.net, 1
 beyonic.com, 1
 beyours.be, 1
 bez-energie.de, 1
 bezemkast.nl, 1
 bezoomnyville.com, 1
 bezpecnostsiti.cf, 1
 bfam.tv, 1
+bfem.gov, 1
 bfgcdn.com, 1
 bfi.wien, 0
 bflix.tv, 1
 bforb.sk, 1
 bfrailwayclub.cf, 1
 bft-media.com, 1
 bftbradio.com, 1
 bfw-online.de, 1
@@ -6543,16 +6547,17 @@ cazes.info, 1
 cb-crochet.com, 1
 cbamo.org, 1
 cbbank.com, 1
 cbc-hire.co.uk, 1
 cbcf.info, 1
 cbd.supply, 1
 cbdev.de, 1
 cbecrft.net, 1
+cbi-epa.gov, 1
 cbintermountainrealty.com, 1
 cbmusa.com, 1
 cbr-xml-daily.ru, 1
 cbw.sh, 1
 cc-brantomois.fr, 1
 ccac.gov, 1
 ccayearbook.com, 1
 ccgn.co, 1
@@ -7313,16 +7318,17 @@ clarkwinkelmann.com, 1
 clase3.tk, 1
 clash.lol, 1
 clashersrepublic.com, 1
 class.com.au, 1
 classdojo.com, 1
 classicalpilates.ca, 1
 classics.io, 1
 classpoint.cz, 1
+classroom.google.com, 1
 classroomcountdown.co.nz, 1
 classteaching.com.au, 1
 claster.it, 1
 claudia-urio.com, 1
 claudio4.com, 1
 claus-bahr.de, 1
 clauseriksen.net, 1
 clawe.de, 1
@@ -10660,16 +10666,17 @@ dzomo.org, 1
 dzsibi.com, 1
 dzsula.hu, 1
 dzyabchenko.com, 1
 e-apack.com.br, 1
 e-baraxolka.ru, 1
 e-bikesdirect.co.uk, 1
 e-biografias.net, 1
 e-cottage.com.br, 1
+e-enterprise.gov, 1
 e-hon.link, 1
 e-id.ee, 1
 e-kontakti.fi, 1
 e-lambre.com, 1
 e-learningbs.com, 1
 e-lifetechnology.com, 1
 e-mak.eu, 1
 e-migration.ch, 1
@@ -11411,16 +11418,17 @@ energy-drink-magazin.de, 1
 energy-in-balance.eu, 1
 energy-infra.nl, 1
 energy.eu, 1
 energyatlas.com, 1
 energyaupair.se, 1
 energydrinkblog.de, 1
 energyelephant.com, 1
 energyled.com.br, 1
+energystar.gov, 1
 enersaveapp.org, 1
 enersec.co.uk, 1
 enet-navigator.de, 1
 enfantsdelarue.ch, 1
 enfield-kitchens.co.uk, 1
 enflow.nl, 1
 enfoqueseguro.com, 1
 enfu.se, 1
@@ -12270,16 +12278,17 @@ extreme.co.th, 1
 extrememanual.net, 1
 exvs.org, 1
 exyplis.com, 1
 eyasc.nl, 1
 eydesignguidelines.com, 1
 eyecandy.gr, 1
 eyeglasses.com, 0
 eyelashconcept.com, 1
+eyenote.gov, 1
 eyeonid.com, 1
 eyep.me, 1
 eyes-berg.ch, 1
 eyes-berg.com, 1
 eynio.com, 1
 eyona.com, 1
 eyps.net, 1
 eytosh.net, 1
@@ -12582,30 +12591,32 @@ fcitasc.com, 1
 fckd.net, 1
 fcprovadia.com, 1
 fcsic.gov, 1
 fdevs.ch, 1
 fdicig.gov, 1
 fdicoig.gov, 1
 fdlibre.eu, 1
 fdm.ro, 1
+fdms.gov, 1
 fdn.one, 1
 fdsys.gov, 0
 feac.us, 1
 feaden.me, 1
 fearghus.org, 1
 fearsomegaming.com, 1
 feastr-dev.de, 1
 feastr.de, 1
 feastr.io, 1
 featherweightlabs.com, 1
 feb.gov, 1
 fecik.sk, 1
 fed51.com, 1
 fedbizopps.gov, 1
+fedcenter.gov, 1
 federalinvestments.gov, 1
 federaljobs.gov, 1
 federalreserve.gov, 1
 federalreserveconsumerhelp.gov, 1
 federatedbank.com, 1
 federicomigliavacca.it, 1
 fedinvest.gov, 1
 fedjobs.gov, 1
@@ -14500,16 +14511,17 @@ glencarbide.com, 1
 glendarraghbouncycastles.co.uk, 1
 glenhuntlyapartments.com.au, 1
 glenshere.com, 1
 glicerina.online, 1
 glidingshop.cz, 1
 glidingshop.de, 1
 glidingshop.eu, 1
 glloq.org, 1
+glnpo.gov, 1
 glob-coin.com, 1
 global-adult-webcams.com, 1
 global-lights.ma, 1
 global-office.com, 1
 global-village.koeln, 1
 global.hr, 1
 globalcanineregistry.com, 1
 globalchokepoints.org, 1
@@ -14652,16 +14664,17 @@ goldfelt.com, 1
 goldmark.com.au, 1
 goldpreisfinder.at, 1
 goldsecurity.com, 1
 goldsky.com.au, 1
 goldstein.tel, 1
 goldwater.gov, 1
 goldwaterfoundation.gov, 1
 goldwaterscholarship.gov, 1
+golearn.gov, 1
 golf18network.com, 1
 golfburn.com, 1
 golfhausmallorca.com, 1
 golfscape.com, 1
 golik.net.pl, 0
 golser.info, 1
 gomasy.jp, 1
 gommista.roma.it, 1
@@ -14884,16 +14897,17 @@ green-light.gq, 1
 green-light.ml, 1
 greenaddress.it, 1
 greencircleplantnursery.com.au, 1
 greencircleplantnursery.net.au, 1
 greenenergysolution.uk, 1
 greener.pl, 1
 greenglam.biz, 1
 greengoblindev.com, 1
+greengov.gov, 1
 greenhats.de, 1
 greenitpark.net, 1
 greenliquidsystem.com, 1
 greenlungs.net, 1
 greenoutdoor.dk, 0
 greenpartyofnewmilford.org, 1
 greenpeace-magazin.de, 1
 greenpeace.berlin, 1
@@ -23299,16 +23313,17 @@ monalyse.com, 1
 monbudget.org, 1
 moncoach.ch, 1
 mondedesnovels.com, 1
 mondedie.fr, 1
 mondial-movers.nl, 1
 mondo-it.ch, 1
 moneychangersoftware.com, 1
 moneycredit.eu, 1
+moneyfactory.gov, 1
 moneygo.se, 1
 moneyhouse.de, 1
 moneypark.ch, 1
 moneytoday.se, 1
 mongla168.net, 1
 mongla88.net, 1
 mongolieenfrance.fr, 1
 monicabeckstrom.no, 1
@@ -24340,16 +24355,17 @@ nbask.com, 1
 nbasky.com, 1
 nbaspot.com, 1
 nbavc.com, 1
 nbavg.com, 1
 nbayouxi.com, 1
 nbgrooves.de, 1
 nbhorsetraining.com, 1
 nbib.gov, 1
+nbis.gov, 1
 nbl.org.tw, 1
 nbp.com.pk, 1
 nbrain.de, 1
 nbrii.com, 1
 nbriresearch.com, 1
 nbrown.us, 1
 nbtparse.org, 1
 nbur.co.uk, 1
@@ -24628,16 +24644,17 @@ neutralox.com, 0
 neuwal.com, 1
 nevadafiber.net, 1
 never.pet, 0
 nevermore.fi, 1
 neverwetturkey.com, 1
 nevntech.com, 1
 nevolution.me, 1
 nevoxo.com, 1
+new, 1
 new-black-order.com, 1
 new-ms.com, 1
 new-process.ch, 1
 new-process.com, 1
 new-process.de, 1
 new-process.eu, 1
 new.travel.pl, 1
 newaccess.ch, 1
@@ -27204,16 +27221,17 @@ plasticsurgeryservices.com, 1
 plastovelehatko.cz, 1
 platformadmin.com, 1
 platinumpeek.com, 1
 platomania.nl, 1
 platschi.net, 1
 platten-nach-mass.de, 1
 platterlauncher.com, 1
 plattner.club, 1
+play, 1
 play-charades.com, 1
 play.cash, 1
 play.google.com, 1
 playanka.com, 1
 playawaycastles.co.uk, 1
 playdaysparties.co.uk, 1
 playform.cloud, 1
 playhappywheelsunblocked.com, 1
@@ -28959,16 +28977,17 @@ relaxdom.net, 1
 relaxhavefun.com, 1
 relaxpointhyncice.cz, 1
 relaybox.io, 1
 release-monitoring.org, 1
 releasetimes.io, 1
 reliancebank.bank, 1
 reliant3sixty.com, 1
 religiousforums.com, 1
+relocatefeds.gov, 1
 relsak.cz, 1
 relvan.com, 1
 rem0te.net, 1
 remain.london, 1
 remambo.jp, 1
 remedi.tokyo, 1
 remedioparaherpes.com, 1
 remedios-caserospara.com, 1
@@ -35028,16 +35047,17 @@ towandalibrary.org, 1
 towaway.ru, 1
 townandcountryus.com, 1
 townhousedevelopments.com.au, 1
 townhouseregister.com.au, 1
 townofbridgewater.ca, 1
 towsonroofers.com, 1
 towywebdesigns.uk, 1
 tox.im, 1
+tox21.gov, 1
 toxicboot.com, 1
 toxicip.com, 1
 toymania.de, 1
 toyota-kinenkan.com, 1
 toysperiod.com, 1
 tp-iryuubun.com, 1
 tp-kabushiki.com, 1
 tp-kyouyufudousan.com, 1
@@ -35937,16 +35957,17 @@ urban.melbourne, 1
 urbanesecurity.com, 1
 urbanfi.sh, 1
 urbanguerillas.de, 1
 urbanietz-immobilien.de, 1
 urbanmelbourne.info, 1
 urbanmic.com, 1
 urbannewsservice.com, 1
 urbansparrow.in, 1
+urbanwaters.gov, 1
 urbanwildlifealliance.org, 0
 urbexdk.nl, 1
 urcentral.com, 1
 urcentral.net, 1
 urcentral.org, 1
 ureka.org, 1
 urgences-valais.ch, 1
 uripura.de, 1
@@ -38806,16 +38827,17 @@ yourticketbooking.com, 1
 youruseragent.info, 1
 yourznc.com, 1
 yousei.ne.jp, 1
 yousite.by, 1
 yout.com, 1
 youth.gov, 1
 youtous.me, 1
 youtsuu-raku.com, 1
+youtube, 1
 youtube.com, 1
 youtubedownloader.com, 1
 youwatchporn.com, 1
 yoxall.me.uk, 1
 yoyoost.duckdns.org, 1
 ypart.eu, 1
 ypcs.fi, 1
 ypid.de, 1