ab4b12e208
Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus
2014-12-13 20:09:01 +09:00
7a433f6905
Bug 1084025, Part 3: Clean up some bits, r=keeler, r=emk
...
--HG--
extra : rebase_source : 7aa1de4e9c391bf3e3cd5df79c62fff4546a8c67
2014-12-12 16:42:41 -08:00
0cd5238974
Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler
...
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
2014-12-11 23:22:35 -08:00
c3ba2c1217
bug 1108408 - GeneralName types such as otherName where the value is a SEQUENCE should have the CONSTRUCTED bit set r=briansmith
2014-12-08 13:39:19 -08:00
63de38c180
Bug 1101969: Disable pinning on media.mozilla.com (r=keeler)
2014-12-12 09:10:57 -08:00
04d69a9f5b
Bug 1004781: Enable pinning for facebook in production mode (r=keeler)
2014-12-12 09:10:53 -08:00
7f05080219
Bug 940787: Stop requiring ALPN/NPN for False Start, r=keeler
...
--HG--
extra : rebase_source : f8946e1fc631f2458807a559104a1dca01f444ac
2014-12-10 10:50:48 -08:00
cc0b0eeed3
Bug 1109766: Require AES-GCM for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : 8370c628863e644131ed1fbe6b8e49b5dc1215dc
2014-12-10 10:19:00 -08:00
9c1c9d03e6
Bug 861310: Require TLS 1.2 for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : d4bb253a84270c84acdf7ed4f84bc0186231e521
2014-12-10 10:04:45 -08:00
9cae71d8a9
Bug 1109252 - Make remaining PSM test cert generation scripts print out cert information as necessary. r=keeler
2014-12-10 21:32:00 +01:00
344f6abf7b
Bug 1093334 - Delete unnecessary copies of Chromium headers in security/sandbox/linux. r=kang
2014-12-10 17:26:12 -08:00
c2384cf7c7
Bug 1093334 - Adjust includes of Linux sandboxing headers from Chromium. r=kang
...
Also re-sorts some of the includes into something closer to the style guide.
2014-12-10 17:26:12 -08:00
30e88baa98
Bug 1093334 - Import more headers from Chromium rev 9522fad406dd161400daa518075828e47bd47f60. r=kang
2014-12-10 17:26:12 -08:00
30ba635db0
Bug 1102209 - Remove use of CodeGen::JoinInstructions in the Linux sandboxing code. r=kang
...
This reorganizes SandboxAssembler to stack up the policy rules and
traverse them in reverse order to build the filter DAG from tail to head
(i.e., starting with "deny all" and prepending allow and return-errno
rules). Thus, this code will continue to work (perhaps with minor
changes, such as to the NodePtr typedef) with future versions of the
Chromium sandbox code that don't allow mutating the filter program with
the JoinInstructions method.
2014-12-10 17:26:12 -08:00
114cf4fb41
Bug 1108759 - Fix B2G no-optimization builds. r=glandium
2014-12-10 16:17:47 -08:00
7e1828ba3d
Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler
2014-12-09 12:07:00 -05:00
6df9a55b46
Bug 978426 - Re-enable test_sts_preloadlist_perwindowpb.js on B2G. r=dkeeler
2014-12-09 11:37:00 +01:00
346599ec9c
Bug 1107791 Remove support for unusual wildcard names in certificates, r=keeler
...
--HG--
extra : rebase_source : bd142d2e85059a0d0fd36325242553e94a7d4377
2014-12-04 17:12:09 -08:00
bd9d21676a
Bug 1107790: Remove support for absolute hostnames in presented DNS IDs and name constraints, r=keeler
...
--HG--
extra : rebase_source : cf402f902196e729026d713cd6d62f5c3b889a12
2014-12-08 16:42:54 -08:00
81f8d7a489
Bug 1107787: Disable TLS_DHE_DSS_WITH_AES_128_CBC_SHA, r=keeler
...
--HG--
extra : rebase_source : 063d859c69adc8deba9d1842f4bd42a9b862bbe5
2014-12-04 19:50:58 -08:00
5bd7eba3e4
Bug 1037098: Remove preferences for cipher suites disabled in bug 1036765, r=keeler
...
--HG--
extra : rebase_source : b033bea062c8cafecd93830fa54f4cf184fa28df
2014-12-04 19:47:17 -08:00
01259ceda5
Bug 1107946: Fixed unused variable warnings in pkixnames_tests.cpp, r=keeler
...
--HG--
extra : rebase_source : 23d20e91c8b408363acab7c6d4d67a86d2293dff
2014-12-05 12:14:49 -08:00
1bdab6fe7b
Backed out changesets fb903f13f215, 9c5c712698e4, and 36d257ead3da (bug 1092835) for causing test_csp_allow_https_schemes.html permafail on Android 2.3.
...
CLOSED TREE
2014-12-09 14:00:47 -05:00
487b1516b0
Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus
2014-12-10 00:54:06 +09:00
5167dadd93
Bug 1093724 - Add a range check to the TLS version prefs loading code. r=keeler
2014-12-09 21:48:29 +09:00
b95c85162f
Bug 1084025 - Add telemetry to measure failures due to not falling back. r=keeler
2014-12-09 07:19:05 +09:00
529edd40b5
Merge inbound to m-c. a=merge
2014-12-08 15:46:14 -05:00
56bf9455a1
Bug 1105452 - Need to use new Audio system APIs for audio offload playback. r=roc, r=jld, r=ggrisco
...
Resolve the build failure caused by API changes
There are some changes in Audio APIs in Android version
21. Modifying the code to use the new APIs.
Change-Id: I24fdeb20f8f957d05fb6c0c317de0a6f0769c347
Resolve seccomp violation caused by syscall 256
Modify the filter to allow syscall 256 (set_tid_address).
Change-Id: I49461770c4c5e70bf68462d34321381b0b7ead0a
2014-12-02 17:10:00 -05:00
cf57e57455
merge mozilla-inbound to mozilla-central a=merge
2014-12-08 12:48:58 +01:00
15713eb9bb
No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update
2014-12-06 03:20:43 -08:00
6e96f60fd3
No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update
2014-12-06 03:20:41 -08:00
83c04b6586
Bug 1085074 - Part 3 - Update inadequately sized Delegated Signer cert. r=briansmith
2014-12-07 20:42:00 +01:00
ee0a49c7ee
Bug 1085074 - Part 2 - Use explicit bit sizes for key size cert file names. r=briansmith
2014-12-07 20:41:00 +01:00
b42aa85de9
Bug 1085074 - Part 1 - Use adequate/OK and inadequate/notOK to refer to sizes for key size tests. r=briansmith
2014-12-07 20:23:00 +01:00
d9a62a4cc2
bug 1020237 - follow-up to fix build bustage r=bustage on a CLOSED TREE
2014-12-05 10:12:58 -08:00
d97c7ea664
bug 1020237 - prefer root certificates to non-root certificates in NSSCertDBTrustDomain::FindIssuer r=briansmith
2014-12-04 13:37:01 -08:00
fc17106cf0
Bug 970542, Part 9: Better document name constraints as reference IDs, r=keeler
...
--HG--
extra : rebase_source : 60413188771454081226d58d03156c15ce795ca7
2014-10-26 11:26:26 -07:00
65284e98f6
Bug 970542, Part 8: IPAddress name constraint tests, r=keeler
...
--HG--
extra : rebase_source : e8cc0158248d4621da19dfef56089957af417f73
2014-10-26 16:57:00 -07:00
5fac205908
Bug 970542, Part 7: More CN-ID name constraint tests, r=keeler
...
--HG--
extra : rebase_source : 7a3d1d31cdc08ea1b989428cfc85f60a00528c72
2014-12-03 21:35:29 -08:00
ac1c16b716
Bug 970542, Part 6: DNSName name constraint tests, r=keeler
...
--HG--
extra : rebase_source : ec31862fc25cfcba1454ae862a26e7a27513e9b6
2014-10-19 23:53:45 -07:00
7dd909b9e5
Bug 970542, Part 5: New name constraint implementation, r=keeler, r=mmc
...
--HG--
extra : rebase_source : 849161ac892b05e5ff2d5552c632fc647d309085
2014-10-18 15:38:42 -07:00
2e28de4900
Bug 970542, Part 4: DirectoryName name constraint matching, r=keeler
...
--HG--
extra : rebase_source : 01770088851823ae1005227dcd43d82d015f4b0e
2014-10-18 14:51:37 -07:00
39a86a3659
Bug 970542, Part 3: IPAddress name constraint matching, r=keeler
...
--HG--
extra : rebase_source : f47ef9ead3323704595b91873811d1ead2403839
2014-10-17 13:02:26 -07:00
8b38009a34
Bug 970542, Part 2: DNSName name constraint matching, r=keeler
...
--HG--
extra : rebase_source : 50b1a7d5d9da97cc64e09d5e6cdc41b8200c3551
2014-10-20 22:20:58 -07:00
8d8b1cf373
Bug 970542, Part 1: Refactor name matching within CN AVAs to reduce duplicate logic, r=keeler
...
--HG--
extra : rebase_source : f129b24c58377f34ac7d80ee7d5e8775635843ff
2014-10-16 16:44:27 -07:00
08c8931f01
Bug 1083284 - New sandbox rules for Adobe's code fragment. r=areinald
2014-12-08 12:10:14 -06:00
e4d5592832
Bug 1105729: Pre VS2010 SP1 define our own verion of _xgetbv. r=tabraldes
2014-11-28 18:58:33 +00:00
8f08848fe0
Bug 1009158 - Fix and re-enable PSM xpcshell tests that would previously time out on Android due to LD_LIBRARY_PATH issues. r=keeler
2014-12-03 09:15:00 +01:00
629560ff5f
Bug 1102632 - Stop triggering non-secure fallback for SSL_ERROR_UNSUPPORTED_VERSION. r=keeler
2014-12-02 20:33:24 +09:00
c82a68a468
Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.17.3, changing version numbers, only.
2014-12-01 14:34:08 +01:00
Masatoshi Kimura
Brian Smith
David Keeler
Monica Chew
Cykesiopka
Jed Davis
Ryan VanderMeulen
Jay Wang
Carsten "Tomcat" Book
ffxbld
Steven Michaud
Bob Owen
Kai Engert