beb64a1329
Bug 1353040 - Switch from sandbox_init to sandbox_init_with_parameters. r=haik
...
This API produces much more readable code (though slightly more verbose). While this is not a publicly documented API on macOS, it is used by both WebKit and Chrome.
MozReview-Commit-ID: LVxYT4wBLck
--HG--
extra : rebase_source : 9688981ea0bb4e71f084afc404af705fa68f84a3
2017-04-04 13:40:36 -04:00
58fc1b834e
Bug 1337791 - Part 1: JoinConnection() from psm. r=keeler
2017-04-03 17:23:09 -04:00
e1482d742a
No bug, Automated HPKP preload list update from host bld-linux64-spot-314 - a=hpkp-update
2017-04-04 07:51:21 -07:00
1d823b887b
No bug, Automated HSTS preload list update from host bld-linux64-spot-314 - a=hsts-update
2017-04-04 07:51:19 -07:00
381a7b8f8a
No bug, Automated HPKP preload list update from host bld-linux64-spot-382 - a=hpkp-update
2017-04-03 08:07:24 -07:00
89740567f2
No bug, Automated HSTS preload list update from host bld-linux64-spot-382 - a=hsts-update
2017-04-03 08:07:21 -07:00
d040cb9cea
Bug 1345368 - land NSS 1fb7e5f584de, r=me
...
--HG--
extra : rebase_source : 6ac73d3dc219a02194914ae4cfbe2027c258bbfe
2017-04-03 06:00:54 +02:00
de880295b7
No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update
2017-04-02 07:47:41 -07:00
c5fb8d9bde
No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update
2017-04-02 07:47:38 -07:00
fd99701caf
No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update
2017-04-01 08:01:15 -07:00
91174d78b7
No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update
2017-04-01 08:01:12 -07:00
23ba88918a
Merge m-c to autoland, a=merge
2017-03-31 17:52:17 -07:00
4e20a5b623
No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update
2017-03-31 08:52:14 -07:00
7df2a596c5
No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update
2017-03-31 08:52:11 -07:00
11c347b6b7
bug 1351604 - don't ship DER.jsm and X509.jsm until they're actually used in production r=Cykesiopka
...
MozReview-Commit-ID: 2DlMrB5TfKU
--HG--
extra : rebase_source : 9944352ccc66a5fdbd843bda8e4d2b26328d1bdd
2017-03-30 11:00:54 -07:00
c2c9435c51
Bug 1345368 - land NSS 215207b4864c, r=me
...
--HG--
extra : rebase_source : 727d919dd9bd85ee2a5b6dc3d71653d022d136ad
2017-03-31 06:01:05 +02:00
8aa12a88dc
No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update
2017-03-30 07:59:23 -07:00
27b59fd695
No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update
2017-03-30 07:59:20 -07:00
00b8400985
Bug 1351779 - Removed unused variable 'loopDetected' from PathBuildingStep::Check() r=keeler
2017-03-29 20:17:06 +02:00
cf8bee36b5
Merge m-c to inbound. a=merge
2017-03-29 09:44:13 -04:00
f4a0d77ffc
Merge inbound to m-c. a=merge
2017-03-29 09:41:54 -04:00
22ff7c4117
Bug 1337331 Part 7: Re-apply - Allow a special all paths rule in the Windows process sandbox when using semantics FILES_ALLOW_READONLY. r=jimm
...
This also changes the read only related status checks in filesystem_interception.cc to include STATUS_NETWORK_OPEN_RESTRICTION (0xC0000201), which gets returned in some cases and fails because we never ask the broker.
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/1755a454e2de
MozReview-Commit-ID: 4tfygPiKG9Z
2017-03-28 08:36:16 +01:00
6a5727b408
Bug 1337331 Part 6: Re-apply - Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm
...
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/0e6bf137521e
MozReview-Commit-ID: ExTtkUIPXH8
2017-03-29 14:23:17 +01:00
d6f74d9372
Bug 1345368 - land NSS 215207b4864c, r=me
...
--HG--
rename : security/nss/gtests/ssl_gtest/databuffer.h => security/nss/cpputil/databuffer.h
rename : security/nss/gtests/ssl_gtest/tls_parser.cc => security/nss/cpputil/tls_parser.cc
rename : security/nss/gtests/ssl_gtest/tls_parser.h => security/nss/cpputil/tls_parser.h
extra : rebase_source : 2242a1632ba3a96988a341d84b4abe78dbd4e0b2
2017-03-29 06:01:13 +02:00
2a12392590
Bug 1344453 Part 2: Add FILES_ALLOW_READONLY rule to all paths when Windows child process should have full read access. r=jimm
2017-03-28 08:36:16 +01:00
0ee38abf35
Bug 1344453 Part 1: Allow a special all paths rule in the Windows process sandbox when using semantics FILES_ALLOW_READONLY. r=jimm
...
This also changes the read only related status checks in filesystem_interception.cc to include STATUS_NETWORK_OPEN_RESTRICTION (0xC0000201), which gets returned in some cases and fails because we never ask the broker.
2017-03-28 08:36:16 +01:00
f48488db89
Backed out changeset e46f832ac262 (bug 1351604) for browser_all_files_referenced.js failures a=backout
...
--HG--
extra : rebase_source : a091c76e54559dafa6435c22962231249c9dbac1
2017-03-31 13:20:37 -07:00
093a9fef3a
bug 1351604 - don't ship DER.jsm and X509.jsm until they're actually used in production r=Cykesiopka
...
MozReview-Commit-ID: 2DlMrB5TfKU
--HG--
extra : rebase_source : eef6c21564d831feda43c85e14630b495b5b5761
2017-03-30 11:00:54 -07:00
cb2ce54903
bug 1347859 - prevent dialog overflow in certificate exception dialog by resizing to content r=Cykesiopka
...
MozReview-Commit-ID: HDjE9QldcxF
--HG--
extra : rebase_source : c0240e37ee10ece4e908b0f542627ab41457242a
2017-03-30 14:00:29 -07:00
f4a14ffb4c
Bug 1342737 - Avoid using nsCRT.h and nsCRTGlue.h in PSM. r=keeler
...
There are a few places where we can use the safer functionality provided by the
Mozilla string classes instead.
Also fixes Bug 1268657 (remove vestigial
TransportSecurityInfo::SetShortSecurityDescription declaration).
MozReview-Commit-ID: Cxv5B4bsDua
--HG--
extra : rebase_source : 074a154c9000807d6dd466f23e92289e0d4c76d8
2017-03-28 22:57:15 +08:00
593e14fdee
Bug 1350599 - Use guaranteed preloaded test domains instead of real domains in HSTS tests. r=keeler
...
Some of our tests currently assume that certain real domains are HSTS preloaded.
While most of the time these domains are in fact preloaded, this may change
during periods of maintenance or other events.
To avoid this, the changes here perform the following renames:
bugzilla.mozilla.org -> includesubdomains.preloaded.test
login.persona.org -> includesubdomains2.preloaded.test
www.torproject.org -> noincludesubdomains.preloaded.test
In addition, some tests that refer to mozilla.com (but don't depend on it being
preloaded) are made to refer to example.com instead to avoid referring to real
domains in tests.
MozReview-Commit-ID: 3987moJnKGk
--HG--
extra : rebase_source : 0ec49c9a410ba891f11668e7e11c48b7547e1825
2017-03-27 22:56:38 +08:00
0e63ffc494
Bug 1350868 - Semi-manually update nsSTSPreloadList.inc to include test domains. r=keeler
...
Periodic updates on m-c are currently broken due to Bug 1350619, so this change
inserts the test domains into the preload list semi-manually.
MozReview-Commit-ID: EBOiQcKDSHr
--HG--
extra : rebase_source : bc5880af95dc9934132d0e9251d9060ad9c6871a
2017-03-29 07:21:34 +08:00
bbd1adad48
Bug 1350868 - Make HSTS preload script preload test domains for use in tests. r=keeler
...
This lets us migrate off depending on real preloaded domains and onto
domains that are guaranteed to have the correct characteristics.
MozReview-Commit-ID: 4TyOfdIA9I7
--HG--
extra : rebase_source : f49109de9292dec31b72d87819dd52b5a6b659ed
2017-03-29 07:21:01 +08:00
927986bc20
Bug 1337331 Part 5: Re-apply - Add KEY_WOW64_64Key and KEY_WOW64_32KEY to the Chromium sandbox allowed registry read flags. r=aklotz
...
Carrying r=aklotz from previous changset:
https://hg.mozilla.org/mozilla-central/rev/d24db55deb85
2016-12-22 11:11:07 +00:00
dbb0d99a70
Bug 1319252 - Remove nsIX509Cert.getAllTokenNames(). r=keeler,mossop
...
nsIX509Cert.getAllTokenNames() is only used (improperly) to determine if a
certificate is a built-in. nsIX509Cert.isBuiltInRoot should be used instead.
MozReview-Commit-ID: LBwI8nTc05C
--HG--
extra : rebase_source : 9494cd1243395b0d293022e981f64be560a54dec
2017-03-19 16:02:26 +08:00
81c566a8a2
Merge autoland to m-c, a=merge
2017-03-25 18:38:42 -07:00
2e782ce511
Bug 1350599 - disable hsts tests which depend on bugzilla.mozilla.org always being in the preload list, a=bustage
...
--HG--
extra : source : 997b98cce1aebf76641e14c79ac250cdb147041c
2017-03-25 14:04:24 -07:00
5f408d092d
Merge mozilla-central to mozilla-inbound
2017-03-24 14:29:00 +01:00
0a1fc914ce
Backed out changeset d9872fdd25f8 (bug 1337331) for causing build problems for others + on request on bob
2017-03-24 11:24:13 +01:00
50ef4d1d1b
Backed out changeset 226c893c5d62 (bug 1337331)
2017-03-24 11:23:42 +01:00
3a931395eb
Backed out changeset 438b6307c802 (bug 1337331)
2017-03-24 11:23:40 +01:00
8dd606e5ce
Backed out changeset c4aa6b85411d (bug 1337331)
2017-03-24 11:23:37 +01:00
a69a0cc262
Backed out changeset 5cd2e692ee0c (bug 1337331)
2017-03-24 11:23:35 +01:00
ed6b3bc409
Backed out changeset 0dd9bae0b6b1 (bug 1337331)
2017-03-24 11:23:33 +01:00
2ea6238e55
Merge inbound to central, a=merge
...
MozReview-Commit-ID: 6od53T3ozcm
2017-03-23 16:15:37 -07:00
e21d1dde53
No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update
2017-03-23 07:49:00 -07:00
4458112d90
No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update
2017-03-23 07:48:58 -07:00
b99c6e7ae0
Bug 1337331 Part 6: Re-apply - Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm
...
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/0e6bf137521e
MozReview-Commit-ID: ExTtkUIPXH8
2017-03-23 10:29:05 +00:00
c055a4757e
Bug 1345368 - land NSS 06158d335df0, r=me
...
--HG--
extra : rebase_source : 75bb3b75d3bbbd4ba3a4e199fa0ad8c999ab38af
2017-03-24 08:38:05 +01:00
04968c7c99
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: DwtKxCKV42X
2017-03-24 17:20:07 -07:00
Alex Gaynor
Patrick McManus
ffxbld
Franziskus Kiefer
Wes Kocher
David Keeler
Tim Taubert
Ryan VanderMeulen
Bob Owen
Cykesiopka
Phil Ringnalda
Carsten "Tomcat" Book