Removes read access to /private/var and its subdirectories from
the content process under the level 3 Mac sandbox. Still permits
reading of file metadata within the majority of /private/var.
Adds tests to validate the level 3 Mac content sandbox prevents
reading from /private.
MozReview-Commit-ID: FO5dz0F7dl4
--HG--
extra : rebase_source : 226f8de6d4d88f188c272a3e119ed7b8bac292df
This allows patches to land that will change the hashtable enumeration
order, which in turn changes the ordering of the lines in
revocations.txt.
MozReview-Commit-ID: Fyuahnpky6g
--HG--
extra : rebase_source : 1e918481db566213205e330f33d6b00bdc3b4f11
This permission was needed for the memory bloat logging, which is used for
leaktest, including logging intentionally crashing processes. Now we restrict
ourselves to only allowing writes to the location needed for this logging,
rather than all of /private/var.
MozReview-Commit-ID: 5AbJEZlDHNV
--HG--
extra : rebase_source : 26936b8d8bca53f2c37a195b5e7c69c151ec18d2
MSVC 2017 headers aren't warning free at the -Wall level.
Since PSM enables -Wall in some moz.build files, this breaks
--enable-warnings-as-errors builds.
As a temporary measure, disable enough warnings to get working builds.
MozReview-Commit-ID: G0oUsAYYct2
--HG--
extra : rebase_source : dc37783c89e66a54510c9940f9eaa5a4340ef43e
Remove reading of "~/Library/Caches/TemporaryItems" from level 3 and update
sandboxing filesystem test to check ~/Library/Caches/TemporaryItems readability.
MozReview-Commit-ID: 6EMzH7brSnp
--HG--
extra : rebase_source : f97b5625da2abda73decc969fc581c2bf858183f
For signing, pykey.py delegates to 3rd party libraries. One of these libraries
expects hash algorithms to be specified in the form "SHA-256" whereas the other
expects "sha256". Consumers of pykey shouldn't need to be aware of this detail.
This patch introduces constants HASH_SHA1, HASH_SHA256, etc. and changes pykey
to determine which string literals to use itself.
MozReview-Commit-ID: 27laM2uXMwJ
--HG--
extra : rebase_source : 9b74f486f7535671fd26c59e3e9cc3b4459f15e0
MozReview-Commit-ID: 9Htv04PfRzb
This introduces pyct.py with the capability of generating Signed Certificate
Timestamps for our test certificates. Also introduces a simple testcase that
should validate correctly under current CT requirements as well as one that does
not validate due to an insufficient number of SCTs.
(Note that "validate" in this case does not refer to the overall TLS handshake
result, because CT is not currently required. It more or less refers to the
value of certificateTransparencyStatus of the SSLStatus of the connection's
securityInfo - see nsISSLStatus.idl.)
--HG--
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.key => security/manager/ssl/tests/unit/test_ct/default-ee.key
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec => security/manager/ssl/tests/unit/test_ct/default-ee.key.keyspec
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.pem => security/manager/ssl/tests/unit/test_ct/default-ee.pem
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec => security/manager/ssl/tests/unit/test_ct/default-ee.pem.certspec
rename : security/manager/ssl/tests/unit/bad_certs/test-ca.pem => security/manager/ssl/tests/unit/test_ct/test-ca.pem
rename : security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec => security/manager/ssl/tests/unit/test_ct/test-ca.pem.certspec
extra : rebase_source : 66c5a5e16eeb47c97972248d61a4f1cbadf59a49
MozReview-Commit-ID: Gay4bliuiDc
This modifies getCTKnownLogs.py to inject 3 debug-only Certificate Transparency
log keys and 2 organizations ("Mozilla Test Org 1" and "2") for use with
integration tests. Also updates CTKnownLogs.h as generated by the python script.
The debug logs use the "default", "secp256r1", and "alternate" keys that are
already present in our testing infrastructure (see pykey.py).
--HG--
extra : rebase_source : 3d4fc736f840cd080fab6b8c6c5b53cc9361abf2
Firefox essentially does not support running NSS in FIPS mode any longer. This
has always been the case on Android from what I can tell and it has been the
case on OS X since at least version 34 (see bug 1047584). It became the case on
Windows as of version 53 (see bug 1295937). Unfortunately, before this patch,
if a user attempted to run an affected version of Firefox using a profile
directory containing an NSS database collection that had FIPS enabled, NSS
initialization would fail and fall back to running in no DB mode, which had the
side-effect of making any saved passwords and certificates unavailable. This
patch attempts to detect and work around this failure mode by moving the
PKCS#11 module DB (which is where the FIPS bit is set) to a backup location and
basically running with a fresh, non-FIPS module DB. This allows Firefox to
initialize NSS with the preexisting key and certificate databases available.
MozReview-Commit-ID: 1E4u1ngZyRv
--HG--
rename : security/manager/ssl/tests/unit/test_sdr_preexisting.js => security/manager/ssl/tests/unit/test_broken_fips.js
rename : security/manager/ssl/tests/unit/test_sdr_preexisting/key3.db => security/manager/ssl/tests/unit/test_broken_fips/key3.db
extra : rebase_source : 887f457e998d6e57c6536573fbe3cb10547fe154
Wes Kocher
ffxbld
Paolo Amadini
Iris Hsiao
Haik Aftandilian
Franziskus Kiefer
Carsten "Tomcat" Book
L. David Baron
Alex Gaynor
Patrick McManus
Cykesiopka
Ting-Yu Lin
David Keeler
Jed Davis