ccebfc1873
Merge mozilla-central to autoland r=merge
2018-01-11 00:03:38 +02:00
59fa32fd74
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2018-01-10 11:13:16 -08:00
69f2798cbe
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2018-01-10 11:13:12 -08:00
68c0e33233
Bug 1429133 - Some FontExplorer managed fonts are not rendered. r=Alex_Gaynor
...
MozReview-Commit-ID: L5x3GNb3HGU
--HG--
extra : rebase_source : fd123e19142e98f4712db19d240b5c636aeb3ecf
2018-01-10 11:33:47 -08:00
fb578c1b74
Merge mozilla-central to inbound. r=merge a=merge on a CLOSED TREE
2018-01-10 02:02:13 +02:00
3c8c1653f7
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2018-01-09 11:06:09 -08:00
782a0a23af
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2018-01-09 11:06:06 -08:00
a881c4a167
Bug 1403844 - Verify COSE signature on add-ons, r=keeler
...
Summary:
MozReview-Commit-ID: 6YorBs4mY8B
Check for COSE signatures in add-ons.
Reviewers: keeler
Bug #: 1403844
Differential Revision: https://phabricator.services.mozilla.com/D298
--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/cose_multiple_signed.zip => security/manager/ssl/tests/unit/test_signed_apps/cose_multiple_signed_with_pkcs7.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/cose_signed.zip => security/manager/ssl/tests/unit/test_signed_apps/cose_signed_with_pkcs7.zip
rename : third_party/rust/cose/src/cbor/mod.rs => third_party/rust/moz_cbor/src/lib.rs
extra : rebase_source : 0494590eb222e2c936e353e4dd6cf9fac8d822f3
2018-01-08 11:46:51 +01:00
3ba27ce458
Bug 1428918 - Enable Web Authentication in Nightly r=keeler,smaug
...
In advance of enabling Web Authentication in Firefox 60 [1], let's turn it on
for Nightly users.
[1] https://groups.google.com/forum/#!msg/mozilla.dev.platform/tsevyqfBHLE/lccldWNNBwAJ
MozReview-Commit-ID: ALyjBwojKtA
--HG--
extra : rebase_source : c51aef6bf12e1e26faa3d86269132eef7057c889
2018-01-08 18:37:35 -07:00
d07dee65a2
Backed out 6 changesets (bug 1386404) for failing /webdriver/test/ tests on Linux. r=backout on a CLOSED TREE
...
Backed out changeset be1441859e8b (bug 138640413864041386404138640413864041386404
2018-01-10 14:08:51 +02:00
bbfcdcd760
Merge mozilla-central to autoland. r=merge a=merge CLOSED TREE
...
--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/cose_multiple_signed.zip => security/manager/ssl/tests/unit/test_signed_apps/cose_multiple_signed_with_pkcs7.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/cose_signed.zip => security/manager/ssl/tests/unit/test_signed_apps/cose_signed_with_pkcs7.zip
rename : third_party/rust/cose/src/cbor/mod.rs => third_party/rust/moz_cbor/src/lib.rs
extra : rebase_source : 5f16e3d25e86d41e201b8c28ead361fd6ac25c42
2018-01-10 12:07:47 +02:00
0c092c0ffe
bug 1428498 - don't require importing the server certificate for overrides to succeed r=jcj
...
Previously, adding a permanent certificate error override would depend on
successfully importing the server's certificate into the user's certificate
database. Consequently, if the user's database were in read-only mode (or if the
database couldn't be created due to code page issues on Windows), this would
prevent adding new certificate error overrides. It turns out this isn't even
necessary, because the implementation relies on the stored hash of the
certificate rather than the certificate itself. The stored certificate is only
for display purposes (and there's a fallback if the certificate can't be
stored).
There are remaining issues with non-ASCII characters in 8.3 paths on Windows
when the code page isn't western, but this is a larger issue that must be
addressed in other layers (i.e. NSS/NSPR).
MozReview-Commit-ID: KEzjxtAoeb4
--HG--
rename : security/manager/ssl/tests/unit/test_cert_overrides.js => security/manager/ssl/tests/unit/test_cert_overrides_read_only.js
extra : rebase_source : b41e863d8c85d80335dd56c8f5765b19b1de4e0c
2018-01-04 11:31:22 -08:00
61cf15cc85
Bug 1297740. r=jld
2018-01-08 10:07:16 +01:00
4f97a97069
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2018-01-07 11:04:07 -08:00
80e05c0b9a
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2018-01-07 11:04:03 -08:00
9a6945c623
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2018-01-06 11:09:40 -08:00
892f4bd3a1
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2018-01-06 11:09:36 -08:00
0f63741b8e
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2018-01-05 12:22:25 -08:00
0046f0f438
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2018-01-05 12:22:21 -08:00
a2f5eacf1f
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2018-01-04 14:13:48 -08:00
df3bec329c
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2018-01-04 14:13:44 -08:00
ac67a1c73c
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2018-01-03 14:38:40 -08:00
f4ac363948
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2018-01-03 14:38:36 -08:00
f6cdb35b8f
Bug 1421262 - [Mac] Add access to hw.cachelinesize sysctl, /Library/GPUBundles to content sandbox rules. r=Alex_Gaynor
...
MozReview-Commit-ID: LBWA8XD64h
--HG--
extra : rebase_source : dac2ea615fdcbbd4d029bbbb28e3d935a4416deb
2017-12-21 14:15:29 -08:00
770685e15e
Bug 1425688 - Enable ESLint rule mozilla/use-services for security/. r=gcp,keeler
...
MozReview-Commit-ID: 4Kd9L8ExNGl
--HG--
extra : rebase_source : 02a5242629c7b597d7fd4e5e1373781fcbb82905
2017-12-16 13:10:40 -06:00
a825aadc8a
Bug 1425688 - Rework definitions of Cu/Cc/etc and inclusion of Services.jsm in pippki.js related files to reduce duplication. r=keeler
...
MozReview-Commit-ID: 1BN0Z5lOKYh
--HG--
extra : rebase_source : bc873871f02a2616aa5d54922e29b16750b3424e
2017-12-16 12:52:53 -06:00
d8534b8f72
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2018-01-01 12:43:20 -08:00
0a2ba4b6b2
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2018-01-01 12:43:16 -08:00
223ae3afdc
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-12-31 22:11:20 -08:00
9cb7fb2148
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-12-31 22:11:16 -08:00
dd07d453a1
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2017-12-30 13:43:47 -08:00
c510020205
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2017-12-30 13:43:44 -08:00
42fc6a7ffa
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-29 15:38:33 -08:00
8195cf9180
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-29 15:38:29 -08:00
65b3bb229e
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-28 11:09:38 -08:00
33bbc65536
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-28 11:09:34 -08:00
6c33dde6ca
Backed out 2 changesets (bug 1425688) on request from jorgk for breaking the Certificate Manager r=backout a=backout
...
Backed out changeset f73324a4d033 (bug 1425688)
Backed out changeset bd2bf7b7fead (bug 1425688)
2017-12-28 15:26:09 +02:00
257b1043cb
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-27 11:02:53 -08:00
3fb919b0ad
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-27 11:02:49 -08:00
0ab5eb206e
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-12-26 10:57:37 -08:00
f305f918c6
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-12-26 10:57:33 -08:00
2fd2c44b24
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-25 10:35:57 -08:00
245024e56a
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-25 10:35:54 -08:00
4194d5dc45
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-24 10:42:34 -08:00
a72af473e1
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-24 10:42:31 -08:00
b1c15473e8
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-23 10:38:20 -08:00
4f04e9c623
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-23 10:38:17 -08:00
56c9489582
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-22 10:35:04 -08:00
c8bb922a65
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-22 10:35:01 -08:00
610ad46e20
Merge Autoland to mozilla-central r=merge a=merge
2017-12-22 00:15:51 +02:00
60a54d3ea6
No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update
2017-12-21 10:34:39 -08:00
54e9b9f089
No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update
2017-12-21 10:34:36 -08:00
0f55cd45be
Bug 1421992 - script-generated patch to replace do_execute_soon, do_print and do_register_cleanup with executeSoon, info and registerCleanupFunction, rs=Gijs.
2017-12-21 11:10:23 +01:00
032c961e0a
Bug 1421992 - script-generated patch to replace do_check_* functions with their Assert.* equivalents, rs=Gijs.
2017-12-21 11:08:17 +01:00
eec54d4531
Bug 1393287 - Intercept sigaction() to fix signal masks for sandboxing. r=gcp
...
Also changes gSeccompTsyncBroadcastSignum to an atomic, in case these
wrappers race with starting the sandbox, and optimizes the wrappers
slightly by avoiding unnecessary copying of signal sets or sigactions.
Tested by manaully LD_PRELOADing libmozsandbox in the parent process,
because it already has a few signal handlers with block-by-default
masks.
MozReview-Commit-ID: CiHsA6rOCrQ
--HG--
extra : rebase_source : 176c156116a44fb8dff3a5f421499b7e61175047
2017-12-08 17:31:07 -07:00
4f260fc76e
Bug 1386404 - Whitelist the prefix used by the XPCOM leak logs. r=haik
...
MozReview-Commit-ID: HI68lvyJIPQ
--HG--
extra : rebase_source : 75da730d240881928a6db230a85031e24cef23e0
2017-11-03 13:18:56 +01:00
874a243297
Bug 1386404 - Only do the tmp remapping if needed. r=jld
...
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.
It's also a bit faster.
MozReview-Commit-ID: CWtngVNhA0t
--HG--
extra : rebase_source : ec91614556601e32f2604c3fb9f7d08156f834f3
2017-10-26 18:02:10 +02:00
9178b61a3d
Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld
...
MozReview-Commit-ID: 2h9hw6opYof
--HG--
extra : rebase_source : f331071eeba9fc0714a0df09ca102273b4ee7320
2017-10-26 17:50:49 +02:00
57d5d1c52a
Bug 1386404 - Enable access to the entire chrome dir from content. r=jld
...
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.
MozReview-Commit-ID: 8uJcWiC2rli
--HG--
extra : rebase_source : 3384cb599a6d7b1aeba64e552ec4778ddab03f39
2017-10-26 18:57:03 +02:00
1a580a77b4
Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik,jld
...
MozReview-Commit-ID: 6Hijq0to9MG
--HG--
extra : rebase_source : 7ff43ffe52f32ebbc7c866428e0d1d64dd05cbcb
2018-01-09 16:29:40 +01:00
bed9b1d6c8
Bug 1425688 - Enable ESLint rule mozilla/use-services for security/. r=gcp,keeler
...
MozReview-Commit-ID: 4Kd9L8ExNGl
--HG--
extra : rebase_source : d8383ef464e9f0d19c7642a07967f3e2fa56d0dc
2017-12-16 13:10:40 -06:00
b72f59ba4f
Bug 1425688 - Rework definitions of Cu/Cc/etc and inclusion of Services.jsm in pippki.js related files to reduce duplication. r=keeler
...
MozReview-Commit-ID: 1BN0Z5lOKYh
--HG--
extra : rebase_source : 9e70b14b5fcf65544bacdce5db53889c99ff313e
2017-12-16 12:52:53 -06:00
a19f5582cc
Merge mozilla-central to mozilla-inbound r=merge
2018-01-11 00:05:23 +02:00
dc98f8d1f2
bug 1417680 - explore the feasibility of making XPCOM responsible for shutting down NSS r=jcj r=franziskus r=erahm
...
Historically, PSM has handled tracking NSS resources, releasing them, and
shutting down NSS in a coordinated manner (i.e. preventing races,
use-after-frees, etc.). This approach has proved intractable. This patch
introduces a new approach: have XPCOM shut down NSS after all threads have been
joined and the component manager has been shut down (and so there shouldn't be
any XPCOM objects holding NSS resources).
Note that this patch only attempts to determine if this approach will work. If
it does, we will have to go through alter and remove the remnants of the old
approach (i.e. nsNSSShutDownPreventionLock and related machinery). This will be
done in bug 1421084.
MozReview-Commit-ID: LjgEl1UZqkC
--HG--
extra : rebase_source : 95050b060a93223c6f2fce90f44e563fa6ed4fa2
2017-11-10 15:03:23 -08:00
bf4a9b39b7
Merge autoland to mozilla-central r=merge a=merge
2017-12-20 23:40:31 +02:00
1c0199be67
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-20 10:37:32 -08:00
e95c193a16
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-20 10:37:28 -08:00
4e95d558ac
Bug 1404298 - Crashes with read-access content sandboxing triggered by mounted volumes. r=Alex_Gaynor
...
Allow read-metadata access to top-level directory entries.
MozReview-Commit-ID: 1Q7QXN2gX36
--HG--
extra : rebase_source : 86e3cc1906bb805e158c70c703ec204f11452199
2017-12-18 12:58:30 -08:00
32a0630b56
Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841.vr=honzab
...
Initialize in advance all security services whose initialization on background thread could cause a deadlock.
--HG--
extra : rebase_source : 399f9acf736f9a06665d45a71b354076c1b85fa6
2017-12-19 21:08:15 -05:00
9ac9aa3461
Merge mozilla-central to inbound. r=merge a=merge on a CLOSED TREE
2017-12-20 00:17:00 +02:00
f64b319956
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-19 10:36:42 -08:00
f3af52924b
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-19 10:36:38 -08:00
da627bdc03
Bug 1420060 - land NSS 04fc9a90997b UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: 5VMV4wtzMKA
--HG--
extra : rebase_source : 43ea63a50d243bcc46fbae3b65f5d117e8fba771
2017-12-19 15:26:12 +01:00
0393c9235f
Backed out changeset 8a71f6e05783 (bug 1393287) for Hazard Build Bustage. r=backout on a CLOSED TREE
2017-12-19 02:49:50 +02:00
b99c2f8096
Bug 1393287 - Intercept sigaction() to fix signal masks for sandboxing. r=gcp
...
Also changes gSeccompTsyncBroadcastSignum to an atomic, in case these
wrappers race with starting the sandbox, and optimizes the wrappers
slightly by avoiding unnecessary copying of signal sets or sigactions.
Tested by manaully LD_PRELOADing libmozsandbox in the parent process,
because it already has a few signal handlers with block-by-default
masks.
MozReview-Commit-ID: CiHsA6rOCrQ
--HG--
extra : rebase_source : 43c52a1169d6f510c3dc83143736b9be7ed7141d
2017-12-08 17:31:07 -07:00
7dcac56405
Bug 1422198 - Log about failure to send a sandbox broker reply. r=gcp
...
MozReview-Commit-ID: eDcoMHGFxo
--HG--
extra : rebase_source : 6033f39a290b7b3dcbcebfaa8712e838e63fc09e
2017-12-08 14:43:36 -07:00
869f194506
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-17 10:58:36 -08:00
c9d95edd9f
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-17 10:58:33 -08:00
0e3e215a27
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-16 10:39:43 -08:00
d762c29622
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-16 10:39:40 -08:00
27da53bcf6
bug 1425032 - use new "cancel all connections" notification for PKCS#11 logout r=mgoodwin
...
When the user performs a PKCS#11 logout, we need to cancel all in-progress
network connections. Before this patch, PSM would track all the sockets it
created to implement this feature. However, bug 1411316 added the ability to
cancel these connections by sending the notification
"net:cancel-all-connections". This patch removes the now-unnecessary tracking
machinery in favor of delegating this to necko.
MozReview-Commit-ID: 7IzC14bH2R4
--HG--
extra : rebase_source : 57ff2121a2395cb2b012785ec3a11f75d923e675
2017-12-13 17:41:02 -06:00
eea8fcf5e8
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-12-15 11:20:42 -08:00
cce9ab656b
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-12-15 11:20:38 -08:00
e5088d2dbb
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-15 11:02:59 -08:00
b18ce43492
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-15 11:02:55 -08:00
b73dac9611
Merge autoland to mozilla-central. r=merge a=merge on a CLOSED TREE
2017-12-15 03:43:08 +02:00
4c5305936a
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-12-14 11:19:41 -08:00
96bf1438a5
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-12-14 11:19:38 -08:00
7fccec6502
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-14 10:39:44 -08:00
5d995473be
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-14 10:39:40 -08:00
95159e1851
bug 1424392 - remove unnecessary nsINSSComponent usage in nsNSSCallbacks r=mgoodwin
...
PK11PasswordPromptRunnable::RunOnTargetThread instantiates nsINSSComponent and
calls GetPIPNSSBundleString/PIPBundleFormatStringFromName to get some localized
strings. Since that runs on the main thread, we can call the helpers in
nsNSSCertHelper instead.
MozReview-Commit-ID: GsHoGDKBKdB
--HG--
extra : rebase_source : 7c18498ad0d01ab01f6e7d8c3d2ccdb1d6e20734
2017-12-08 14:07:04 -08:00
1134c27c23
Merge mozilla-central to autoland. r=merge a=merge CLOSED TREE
2017-12-14 00:15:40 +02:00
c958fc3b7b
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-12-13 12:01:21 -08:00
1377bf03a3
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-12-13 12:01:17 -08:00
354a4163c6
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-13 11:24:25 -08:00
2db6eb28d0
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-13 11:24:21 -08:00
bf2d3984cb
Bug 1424942 - Remove fallback code for old macOS releases in the sandbox policy; r=haik
...
MozReview-Commit-ID: LCU4TWNMs8T
--HG--
extra : rebase_source : b01ba6c163da653717c9201cba70b89540676330
2017-12-12 14:58:46 -06:00
4551f2e31e
Merge inbound to mozilla-central r=merge a=merge
2017-12-12 23:58:36 +02:00
01c7631757
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-12-12 12:10:25 -08:00
561b61d3ff
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-12-12 12:10:21 -08:00
fc20a5a0ab
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-12 11:23:12 -08:00
4338c47957
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-12 11:23:09 -08:00
7a8fc93f68
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-12-11 12:07:39 -08:00
00d93b43c8
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-12-11 12:07:35 -08:00
cba1cda89a
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-11 11:37:07 -08:00
2077079b20
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-11 11:37:03 -08:00
b32bea6044
Bug 1424809 - Get rid of NS_NewPostDataStream, r=valentin
2017-12-12 06:01:17 -06:00
07e7f9f727
Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt
...
MozReview-Commit-ID: 6ED7EPZvOMR
--HG--
extra : rebase_source : d8ddd2bb3551cf25c0f18151c4340e1f48d659ca
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
2017-10-18 20:52:45 +08:00
7b5a586bff
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-12-10 12:02:11 -08:00
20053f4730
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-12-10 12:02:07 -08:00
4d1e04053a
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-10 11:22:34 -08:00
31d8adf7f1
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-10 11:22:30 -08:00
5ba2665757
Merge inbound to mozilla-central r=merge a=merge
2017-12-09 22:21:17 +02:00
317996d0b6
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-12-09 12:01:49 -08:00
0aba3da0bd
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-12-09 12:01:45 -08:00
b6ea2cfac7
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-12-09 11:07:05 -08:00
90b3db49cd
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-12-09 11:07:01 -08:00
096b0974bc
Merge autoland to mozilla-central r=merge a=merge
2017-12-08 23:56:46 +02:00
8f7724e963
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-12-08 12:00:55 -08:00
ab5cafe292
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-12-08 12:00:51 -08:00
4d2f167f48
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-12-08 11:11:49 -08:00
2582928f13
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-12-08 11:11:46 -08:00
6058ba50a3
Bug 1423798 - Remove headers included for backwards compat in nsString.h. r=njn on a CLOSED TREE
...
Remove the headers included for "backwards compatibility" and just include them
where required.
--HG--
extra : source : e2beba7e6875120ebbbcadf24bcbcb5b86411a94
extra : amend_source : 11f07a27431cd468511f0bd45afe36150c6e342c
2017-12-06 19:36:57 -08:00
f488657fbd
Backed out changeset e2beba7e6875 (bug 1423798) for failing Browser Chrome tests browser_temporary_permissions_expiry.js on Windows 7 debug. r=backout on a CLOSED TREE
2017-12-09 07:23:35 +02:00
0fcc1a37e6
Merge mozilla-central to mozilla-inbound. r=merge a=merge CLOSED TREE
2017-12-09 00:57:59 +02:00
74880b3483
Bug 1423798 - Remove headers included for backwards compat in nsString.h. r=njn
...
Remove the headers included for "backwards compatibility" and just include them
where required.
--HG--
extra : rebase_source : 03e703a81ed4b80f4f116ff36d8787464ce5acba
2017-12-06 19:36:57 -08:00
2f09c0a994
Merge mozilla-central to inbound. r=merge a=merge CLOSED TREE
2017-12-08 00:26:07 +02:00
0bed6b5d6d
Merge inbound to mozilla-central r=merge a=merge
2017-12-08 00:12:14 +02:00
8e05423bf3
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-12-07 12:05:58 -08:00
62f9cfe3ca
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-12-07 12:05:54 -08:00
10287820a9
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-07 11:18:38 -08:00
e88025e01c
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-07 11:18:34 -08:00
89531e8dc3
Backed out 9 changesets (bug 1412456) for crashing talos g2 and unexpected network connections in browser-chrome's browser_searchEngine_behaviors.js r=backout a=backout on a CLOSED TREE
...
Backed out changeset 0c01a98f4fd5 (bug 1412456)
Backed out changeset 27077db47231 (bug 1412456)
Backed out changeset f35ec2a884f8 (bug 1412456)
Backed out changeset 602b30ac3c69 (bug 1412456)
Backed out changeset b1ff1050c589 (bug 1412456)
Backed out changeset f100d953f9eb (bug 1412456)
Backed out changeset d85af60fe259 (bug 1412456)
Backed out changeset 736f38486832 (bug 1412456)
Backed out changeset 13a637602dc2 (bug 1412456)
2017-12-07 12:20:21 +02:00
8ba04e79f9
Bug 1422053: Create Windows sandbox sLaunchErrors hashtable on the main thread. r=aklotz
2017-12-07 09:07:43 +00:00
9f4d083047
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-07 12:55:24 -08:00
cd83addd77
Bug 1395187: Use STARTF_FORCEOFFFEEDBACK flag when starting Windows child processes to prevent app starting cursor. r=jimm
2017-12-07 10:24:38 +00:00
bef7c122df
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-06 21:17:05 -08:00
eb65c24c7b
Backed out 8 changesets (bug 1412456) for ESlint failure on browser_urlbarKeepStateAcrossTabSwitches.js:13:49 r=backout on a CLOSED TREE
...
Backed out changeset 0e88de036c55 (bug 1412456)
Backed out changeset 49b93f807db0 (bug 1412456)
Backed out changeset 039e980b7dc6 (bug 1412456)
Backed out changeset c7698410ddbd (bug 1412456)
Backed out changeset e56a1ba26b7c (bug 1412456)
Backed out changeset 0c4506e124ac (bug 1412456)
Backed out changeset a7aec2ce903b (bug 1412456)
Backed out changeset 3e9fb71f1e8e (bug 1412456)
2017-12-07 07:09:33 +02:00
e19c11cd2a
Bug 1423296: Don't use MITIGATION_IMAGE_LOAD_NO_LOW_LABEL when running from a network drive. r=jimm
2017-12-08 19:00:54 +00:00
be77cf4a01
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-06 20:46:58 -08:00
777fa218a9
Backed out changeset 4928928a5e46 (bug 1417680) for leaks detected by valgrind r=backout on a CLOSED TREE
...
--HG--
extra : amend_source : 48d7d6291b7f1e68cc554caa3374cda326d17681
2017-12-07 02:14:25 +02:00
094791c2d0
bug 1417680 - explore the feasibility of not shutting down NSS by no-op-ing the guts of the shutdown infrastructure r=jcj r=franziskus
...
Adapted from https://wiki.mozilla.org/SecurityEngineering/NSS_Startup_and_Shutdown_in_Gecko :
Properly implementing the coordinated shutdown of NSS has, to date, proved
intractable. For architectural reasons and due to the significant complexity
involved, the NSS resource tracking and shutdown infrastructure has been an
ongoing source of crashes and hangs in Firefox. To that end, we have been
exploring the possibility of not shutting down NSS at all. For this to work, we
have had to address a number of potential concerns.
Certificate and key database corruption: In theory, if Firefox were to exit
without coordinating with NSS, data stored in the certificate and key databases
(backed by BerkeleyDB) could be lost. To mitigate this, we have migrated to
using the sqlite-backed implementation. The databases are now journaled, and
short of a bug in sqlite, we do not anticipate data loss due to database
corruption.
PKCS#11 devices: In theory, if Firefox were to exit without coordinating with
NSS and thus any attached PKCS#11 devices, data could be lost on these devices.
However, it is our understanding that these devices must be robust against
unexpected physical removal. Uncoordinated shutdown should present no worse a
risk to user data.
FIPS 140-2 mode: While Mozilla does not ship a version of Firefox that supports
FIPS mode out of the box, Red Hat does. It is our understanding that clearing
key material is a requirement of FIPS and that not shutting down NSS may pose a
problem for this requirement. Red Hat's FIPS 140-2 Security Policy[0] specifies
that the application (i.e. Firefox) using the module (i.e. NSS) is responsible
for zeroization of key material. More specifically, it says "All plaintext
secret and private keys must be zeroized when the Module is shut down (with a
FC_Finalize call), reinitialized (with a FC_InitToken call), or when the session
is closed (with a FC_CloseSession or FC_CloseAllSessions call)." Thus, if
Firefox never shuts down NSS, this requirement is trivially met.
Leak detection: By not shutting down NSS, technically we leak some allocated
memory until shutdown. This could cause problems if our test infrastructure
detected and reported these leaks. However, it appears not to (which itself is
somewhat concerning). In any case, we will have to deal with this if and when we
can detect these leaks.
Given that these concerns all have at least a preliminary answer, we will move
forward with attempting to not shut down NSS in Firefox. This may expose
unexpected issues that may lead to a reassessment of the situation, so this will
be on a trial basis only in Nightly.
[0] https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3070.pdf
MozReview-Commit-ID: LjgEl1UZqkC
--HG--
extra : rebase_source : 99bf715f7f6566ec92ca763eefdbd8d2f69d2ba2
extra : amend_source : d4177cc87f54fccbd49312feef7e29b77bf01432
2017-11-10 15:03:23 -08:00
ada131e8c5
Merge autoland to mozilla-central r=merge a=merge
2017-12-06 23:57:33 +02:00
638c4fcef4
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-06 12:06:18 -08:00
d4149255ed
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-06 12:06:14 -08:00
283abf5e1b
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-12-06 11:12:09 -08:00
7711ad2f7d
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-12-06 11:12:06 -08:00
0b2047cb81
Bug 320231 - Update localization notes for length-limited PKCS#11 strings in pipnss.properties r=Pike
...
MozReview-Commit-ID: 11iUjRi8eUX
--HG--
extra : rebase_source : 029f6e8a06a0d2903297d1726352c584f69ce69d
2017-12-06 12:11:59 +01:00
1d42ce1f7b
Bug 1412646 - Initialize some uninitialized fields in security/manager/ r=keeler
...
MozReview-Commit-ID: HGj8xw5Uq6j
--HG--
extra : rebase_source : 8c9bd7b966bfdead6244c71642a843e8b9e507ff
2017-10-31 11:04:40 +01:00
1f7fdd5826
Merge mozilla-central to inbound. r=merge a=merge on a CLOSED TREE
2017-12-06 01:49:19 +02:00
Dorel Luca
ffxbld
Haik Aftandilian
Narcis Beleuzu
Franziskus Kiefer
J.C. Jones
Csoregi Natalia
David Keeler
Gian-Carlo Pascutto
Mark Banner
Cosmin Sabou
arthur.iakab
Florian Quèze
Jed Davis
Michal Novotny
Bogdan Tara
Alex Gaynor
Margareta Eliza Balazs
Andrea Marchesini
cku
Andreea Pavel
Gurzau Raul
Eric Rahm
shindli
Bob Owen
Bill McCloskey
Francesco Lodolo (:flod)
Tristan Bourvon