Julian Hector
2d64db058c
Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld
2016-04-06 19:48:23 +00:00
Cykesiopka
54da7e65e7
Bug 1252384 - Remove nsICertTree.isHostPortOverride(). r=dkeeler
...
It is unused since the changes in Bug 825583 landed.
MozReview-Commit-ID: 2u2eu0aDqeH
--HG--
extra : transplant_source : f%5Ev%00%B6%8B%3E%5E%26%C3%10%25%D9%16%C1%98yhf%D2
2016-04-06 07:02:17 -07:00
Bob Owen
907939a278
Bug 1256992 Part 2: Move SandboxBroker Initialization earlier and add telemetry and extra null checks. r=aklotz
...
MozReview-Commit-ID: Fu05wLn27UG
2016-04-07 08:28:14 +01:00
Wes Kocher
06944947a0
Backed out changeset 069c82269f81 (bug 1258375) for Windows xperf failures
...
MozReview-Commit-ID: DwhDorbB2PO
2016-04-06 16:51:48 -07:00
Kai Engert
02dd23b86a
Bug 1258375, NSS_3_24_BETA4 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium
2016-04-06 21:43:36 +02:00
Cykesiopka
efe5b47ede
Bug 1260644 - Use UniquePLArenaPool to manage PLArenaPools in PSM. r=keeler
...
MozReview-Commit-ID: HyLXbWoHMGz
--HG--
extra : rebase_source : 6164b7df51e11c4d3814a06bd41765d40be85a9d
2016-04-04 17:35:24 -07:00
Tim Taubert
313721942c
Bug 1261213 - Follow-up to make eslint happy r=bustage
2016-04-06 10:32:16 +02:00
Tim Taubert
96b0d713ad
Bug 1261213 - make test_sts_privatebrowsing_perwindowpb.html work under e10s r=keeler,mrbkap,felipe
2016-04-05 12:52:19 +02:00
Cykesiopka
1f493434a0
Bug 1127158 - Remove brittle debug only flag math in nsSecureBrowserUIImpl.cpp. r=dkeeler
...
MozReview-Commit-ID: 3d5mYDjzJwf
--HG--
extra : rebase_source : ce0b714b92d9deed79a8a9e24e0d8db4b9eef8c7
2016-04-01 06:16:58 -07:00
timeless@mozdev.org
cbc8dc0b64
Bug 550185 - Ensure nsCertTree::GetCellText returns an initialized value. r=kaie
...
--HG--
extra : rebase_source : 4c4529a62c5acb7bba52e8cb94e69e795a85b7e1
2016-04-04 21:18:00 +02:00
David Keeler
9825c57bc3
bug 1239166 - platform work to support Microsoft Family Safety functionality r=froydnj,mgoodwin,mhowell,rbarnes,vladan
...
MozReview-Commit-ID: GhpJqJB97r9
--HG--
extra : rebase_source : e943c1e4d0f008ffd6b6bb4bb63e1daf27ae2c96
2016-01-12 15:39:43 -08:00
David Keeler
6e4140d766
bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin
...
MozReview-Commit-ID: 7xT6JGpOH1g
--HG--
extra : rebase_source : 0def29e8be898a2d975ee4390b3bc6a193766b1b
2016-02-09 10:14:27 -08:00
Cykesiopka
ed5502e22f
Bug 1252722 - Add additional tests. r=keeler
...
MozReview-Commit-ID: Ds5t8RSd1Mk
--HG--
extra : transplant_source : %92Nx%E8%7E%3A%E6%97w%8A%D0%102%7D%8D%93%A2%9D%A4%25
2016-03-31 17:33:06 -07:00
Cykesiopka
bc9cb4c633
Bug 1252722 - Improve handling of PK11_* function error codes. r=keeler
...
MozReview-Commit-ID: DWNNXq8ZJ47
--HG--
extra : transplant_source : N%10%80%B2%9C%DEwu%0B%BF%FB%3B%D4%06%D8W%2AyBh
2016-03-31 17:33:00 -07:00
Cykesiopka
531fe59f42
Bug 1252722 - Ensure arguments of all public methods are checked. r=keeler
...
MozReview-Commit-ID: 5UJup8k8iGe
--HG--
extra : transplant_source : %D0v%7B%F2%60%04%E3%11%15_%AC%A0%D0%CE%0D%3A0q%96%24
2016-03-31 17:32:53 -07:00
Cykesiopka
0ebbbafe4b
Bug 1252722 - Use smart pointers for NSS resources. r=keeler
...
MozReview-Commit-ID: Gg3DNjGiNIQ
--HG--
extra : transplant_source : _%AC%97%FA%DA%FF%FE%95%E5%D4%3C%BE%82%E4%24%D9F%ADB%89
2016-03-31 17:31:55 -07:00
Cykesiopka
db361c5c2d
Bug 1252722 - Fully implement nsNSSShutDownObject everywhere. r=keeler
...
MozReview-Commit-ID: 4OZ6tCdCGEP
--HG--
extra : transplant_source : U%27%E3%E2A%85%03%AC%FA%C9%9A%9Et%87%E9%F6s%FFy%AC
2016-03-31 17:31:50 -07:00
David Keeler
581a304acb
bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj
...
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.
MozReview-Commit-ID: 8GxtgdbaS3P
--HG--
extra : rebase_source : d1bed911f2d5d40229ea06556fee0848668e98b6
2016-03-28 12:52:40 -07:00
Cykesiopka
7167af4f5a
Bug 1251801 - Ensure arguments of all public methods are checked. r=keeler
...
MozReview-Commit-ID: 1UQ4thOmUGb
--HG--
extra : transplant_source : V%24o%40%403%BF%B4o%5E%F5%28%91%B8%8A%E2%E3%E9%8B%BF
2016-03-29 18:14:29 -07:00
Cykesiopka
703b7ef6b1
Bug 1251801 - Improve handling of PK11_* function error codes. r=keeler
...
MozReview-Commit-ID: 18acVVAuapm
--HG--
extra : transplant_source : %C3%FD%1D%BF/%E4%A5%BBl%DE%03%BC%0E%CA%04%D8%C6%0Fze
2016-03-29 18:14:29 -07:00
Cykesiopka
b2f33b0ba8
Bug 1251801 - Fully implement nsNSSShutDownObject and obviate manual NSS resource management. r=keeler
...
MozReview-Commit-ID: A7a9TVikRPh
--HG--
extra : transplant_source : v%CE%9Df%F6%0AaqJ%D5A%07%B0%2A.%E2%01c%C5%A5
2016-03-29 18:14:28 -07:00
Wes Kocher
caea64b900
Backed out changeset 3ff2b12ffedc (bug 1254667) for upsetting the test_ocsp_caching.js gods on android CLOSED TREE
...
MozReview-Commit-ID: JaJXHxKEAvu
2016-03-29 16:38:18 -07:00
David Keeler
4a9f753dd1
bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj
...
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.
MozReview-Commit-ID: 8GxtgdbaS3P
--HG--
extra : rebase_source : 7e81131a6c215bf7af514f150ebe2eb16a5c612a
2016-03-28 12:52:40 -07:00
Martin Thomson
83f1770c2c
Bug 1238001 - Allow TLS info to be updated on renegotiation, r=keeler
...
MozReview-Commit-ID: KJaPgEwTvhv
--HG--
extra : rebase_source : f7d0025eca46e191d23aee182c9ace58b7d59b8b
extra : amend_source : 7e98ef0aa34b0c2def205644e1ab9e576417930d
2016-02-23 08:00:00 -08:00
ffxbld
b83f7e6b04
No bug, Automated HPKP preload list update from host bld-linux64-spot-413 - a=hpkp-update
2016-03-28 14:10:40 -04:00
ffxbld
fbba08e207
No bug, Automated HSTS preload list update from host bld-linux64-spot-413 - a=hsts-update
2016-03-28 14:10:40 -04:00
Kyle Huey
d9265a3eaf
Bug 1259294: Part 2 - Use MOZ_ALWAYS_SUCCEEDS. r=froydnj
2016-03-28 10:28:15 -07:00
Cykesiopka
e05e655f1b
Bug 1258298 - Switch more Scoped.h templates in PSM to UniquePtr equivalents. r=keeler
...
MozReview-Commit-ID: 8VOhiuNOlBX
--HG--
extra : amend_source : 70d01c7a061c4b751d643d1277e3185ccf348e54
2016-03-24 18:30:37 -07:00
Cykesiopka
e031eef545
Bug 1259149 - Add additional tests for the nsIPK11* and nsIPKCS11* implementations. r=keeler
...
After these additions, the majority of the API surface should be covered.
MozReview-Commit-ID: CvpEX6Cm94d
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_list.js => security/manager/ssl/tests/unit/test_pkcs11_module.js
extra : transplant_source : %B3%E0%09%B9%E4b%D0A%F0%00r%08%1F%9Dm%E7%CC9%E3l
2016-03-24 18:29:39 -07:00
Ted Mielczarek
815dd278b6
bug 1259753 - fix some C++ unittests to use ScopedXPCOM to init XPCOM. r=ms2ger
...
MozReview-Commit-ID: B6xdlB9Di0y
--HG--
extra : rebase_source : 182d29d677c77ae6780260f5fc9b0792bdd98f84
extra : amend_source : 1e4fa2453d6773bd1e63f52b7aa3bf61e61600ff
2016-03-25 10:04:37 -04:00
Nathan Froyd
8cd3125d35
Bug 1255438 - fix OS X warning bustage and reopen this CLOSED TREE; r=me
2016-03-25 10:09:01 -04:00
Nathan Froyd
0e58a8d0a5
Bug 1255438 - create nsI{Mutable,}Array directly; r=keeler
2016-03-25 09:36:25 -04:00
Nathan Froyd
e1d8b92ec6
Bug 1255425
- part 2 - pack kSTSPreloadList into a more efficient format; r=keeler
...
Entries in kSTSPreloadList currently look like:
class nsSTSPreload
{
public:
const char *mHost;
const bool mIncludeSubdomains;
};
This is inefficient for a couple of reasons:
* The structure has a bunch of wasted space: it takes 8 bytes on 32-bit
platforms and 16 bytes on 64-bit platforms, even though it only uses 5
and 9 bytes, respectively.
* The |const char*| requires additional space in the form of relocations
(at least on Linux/Android), which doubles the space cost of
individual entries. (The space cost of the relocations is mitigated
somewhat on Linux and Android because of elfhack, but there's still
extra cost in the on-disk format and during the load of libxul to
process those relocations.)
* The relocations the structure requires means that the data in it can't
be shared between processes, which is important for e10s with multiple
content processes.
We can make it more efficient by structuring it like so:
static const char kSTSPreloadHosts[] = {
// One giant character array containing the hosts, in order:
// "example.com\0example.org\0example.test\0..."
// Use an array rather than a literal string due to compiler limitations.
};
struct nsSTSPreload
{
// An index into kSTSPreloadHosts for the hostname.
uint32_t mHostIndex: 31;
// We use the same datatype for both members so that MSVC will pack
// the bitfields into a single uint32_t.
uint32_t mIncludeSubdomains: 1;
};
nsSTSPreload now has no wasted space and is significantly smaller,
especially on 64-bit platforms (saves ~29K on 32-bit platforms and ~85K
on 64-bit platforms). This organization does add a couple extra
operations to searching for preload list entries, depending on your
platform, but the space savings make it worth it.
2016-03-24 15:09:28 -04:00
Nathan Froyd
b2490bf812
Bug 1255425
- part 1 - clearly delineate steps when outputting HSTS preload list; r=keeler
...
The main loop of |output| tweaks entries, filters out entries based on
some conditions, and writes out the actual entries we're going to use.
Let's separate those three steps so it's clearer what's happening where.
2016-03-11 15:35:47 -05:00
David Keeler
08f83f4f99
bug 1257969 - update test_pinning_dynamic.js test certificates to not use subject common name for name information r=jcj
...
MozReview-Commit-ID: 1NpjJO9r8ma
--HG--
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec
extra : rebase_source : 9fa95f73f616da87f19bf8c5f7749b02b52b9696
2016-03-18 14:14:00 -07:00
Gregory Szorc
6a9168778b
Bug 1124033 - Disable C4311 and C4312 in directories exhibiting warnings; r=ehsan
...
There are a long tail of C4311 and C4312 warnings in VS2015. Rather than
wait until all of them are fixed to land VS2015, we're taking the easy
way out and disabling these warnings in every directory currently
exhibiting a warning. This is evil. But it is a lesser evil than
globally disabling C4311 and C4312. At least with this approach new
C4311 and C4312 warnings in directories that aren't suppressing them
shouldn't be introduced.
MozReview-Commit-ID: 2cwWrjMD6B9
--HG--
extra : rebase_source : 3e7b8ea042765fdf138f5ca93a0f9dab75a95fcd
2016-03-23 17:19:20 -07:00
David Keeler
eabc80d212
bug 1258579 - remove some unnecessary time-related globals from mozilla::pkix tests r=Cykesiopka
...
MozReview-Commit-ID: C0XPTdO4Ab7
--HG--
extra : rebase_source : cb97b17cc5f3bd2fe1fe2bd13cae5447e029c14d
2016-03-22 10:26:30 -07:00
Bob Owen
db4259c176
Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley
2016-03-23 08:10:43 +00:00
Cykesiopka
c343159d73
Bug 1253108 - Enable ESLint "strict" rule for PSM. r=keeler
...
MozReview-Commit-ID: 4wElZ8Guq9z
--HG--
extra : rebase_source : 60fb87c33d041994f35cbf9fd2fb3a55bd753bc6
2016-03-19 03:07:13 -07:00
Boris Zbarsky
bc347a401b
Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:35 -04:00
Boris Zbarsky
42b3bbe27a
Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Boris Zbarsky
54987c5cc1
Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Boris Zbarsky
efa07c06d1
Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Sebastian Hengst
0e9bf1445a
Backed out changeset 6e95ee3cd4c6 (bug 1257919)
2016-03-22 21:10:21 +01:00
Sebastian Hengst
e6e4d30446
Backed out changeset c4faeb0be959 (bug 1257919)
2016-03-22 21:10:12 +01:00
Sebastian Hengst
336c2cc4ae
Backed out changeset 08f1c7239cdf (bug 1257919)
2016-03-22 21:10:01 +01:00
Sebastian Hengst
8b2bf79a7a
Backed out changeset ff81c52375ba (bug 1257919)
2016-03-22 21:09:32 +01:00
Boris Zbarsky
8062407932
Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:35 -04:00
Boris Zbarsky
5df498fbd2
Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00
Boris Zbarsky
cc563df19f
Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey
2016-03-22 13:50:31 -04:00