70551ded71
Bug 1258375, NSS_3_24_BETA6 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium
2016-04-12 14:40:44 +02:00
cb3b390405
Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed
...
MozReview-Commit-ID: C6bpItv1qpi
2016-04-12 16:12:21 +12:00
114ad957d2
Bug 1245789 - Load Widevine CDM with sandbox level USER_RESTRICTED instead of USER_LOCKDOWN. r=bobowen
...
Otherwise Widevine CDM won't load on Windows. Other GMPs are still loaded at USER_LOCKDOWN.
MozReview-Commit-ID: aCTG1tQuwt
2016-04-12 16:12:20 +12:00
b2887661d5
bug 1263221 - improve how PSM handles the visibility of __CERT_AddTempCertToPerm r=chmanchester,mgoodwin
...
MozReview-Commit-ID: GXiXANNa6Op
--HG--
extra : rebase_source : ffb96a89aabd933f200e39d528d6f5f41e035d7e
2016-04-08 10:30:32 -07:00
f8da0365fd
Backout revision 36f75c2863a1, bug 1258375
2016-04-11 17:00:39 +02:00
b471460db8
Bug 1258375, NSS_3_24_BETA5 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium
2016-04-11 16:40:36 +02:00
b883b2533f
Bug 1259909 - Obviate char PORT_Free() calls in PSM. r=keeler
...
Also converts the longer |UniquePtr<char, void(&)(void*)> foo(..., PORT_Free)|
to the shorter and equivalent |UniquePORTString foo(...)|.
MozReview-Commit-ID: LlrTNUYBP4V
--HG--
extra : transplant_source : afU%FB%0EC%3E%E0pm%A3-%0E%C8%83%CF%0A%B1%9E%ED
2016-04-09 01:03:59 -07:00
bb5308d31a
Merge m-c to inbound. a=merge
2016-04-09 10:08:57 -04:00
e7db699836
No bug, Automated HPKP preload list update from host bld-linux64-spot-428 - a=hpkp-update
2016-04-09 04:47:02 -07:00
eae40b0bb0
No bug, Automated HSTS preload list update from host bld-linux64-spot-428 - a=hsts-update
2016-04-09 04:47:00 -07:00
dfc7e5253f
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: 9YZdlIARozU
2016-04-08 16:47:03 -07:00
b6d0503738
Merge fx-team to central, a=merge
...
MozReview-Commit-ID: yuSA0kqs0F
2016-04-08 15:26:49 -07:00
bf59524a62
Bug 1257246: Update security/manager for eslint 2. r=cykesiopka
...
MozReview-Commit-ID: C04uJOhTbjw
--HG--
extra : rebase_source : 39fb9a3ce183b05e0b924563e055431828bab50d
extra : histedit_source : aacec3a02d251d0ec8e13e78900a6f53bc205ec3
2016-04-05 11:32:28 -07:00
7dd242bb39
bug 1261936 - stop using the subject common name in certificate verification error messages r=Cykesiopka
...
MozReview-Commit-ID: G08cV5GmNDh
--HG--
extra : rebase_source : c79b34d893e7acddc8ee02a6c354dcaa1de07d61
2016-04-04 16:25:24 -07:00
2d64db058c
Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld
2016-04-06 19:48:23 +00:00
63c7f51d31
Bug 842818 - Make Crypto::GetRandomValues() work off the main thread r=baku,keeler,mt
2015-09-22 10:50:36 +02:00
54da7e65e7
Bug 1252384 - Remove nsICertTree.isHostPortOverride(). r=dkeeler
...
It is unused since the changes in Bug 825583 landed.
MozReview-Commit-ID: 2u2eu0aDqeH
--HG--
extra : transplant_source : f%5Ev%00%B6%8B%3E%5E%26%C3%10%25%D9%16%C1%98yhf%D2
2016-04-06 07:02:17 -07:00
907939a278
Bug 1256992 Part 2: Move SandboxBroker Initialization earlier and add telemetry and extra null checks. r=aklotz
...
MozReview-Commit-ID: Fu05wLn27UG
2016-04-07 08:28:14 +01:00
06944947a0
Backed out changeset 069c82269f81 (bug 1258375) for Windows xperf failures
...
MozReview-Commit-ID: DwhDorbB2PO
2016-04-06 16:51:48 -07:00
02dd23b86a
Bug 1258375, NSS_3_24_BETA4 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium
2016-04-06 21:43:36 +02:00
efe5b47ede
Bug 1260644 - Use UniquePLArenaPool to manage PLArenaPools in PSM. r=keeler
...
MozReview-Commit-ID: HyLXbWoHMGz
--HG--
extra : rebase_source : 6164b7df51e11c4d3814a06bd41765d40be85a9d
2016-04-04 17:35:24 -07:00
313721942c
Bug 1261213 - Follow-up to make eslint happy r=bustage
2016-04-06 10:32:16 +02:00
96b0d713ad
Bug 1261213 - make test_sts_privatebrowsing_perwindowpb.html work under e10s r=keeler,mrbkap,felipe
2016-04-05 12:52:19 +02:00
1f493434a0
Bug 1127158 - Remove brittle debug only flag math in nsSecureBrowserUIImpl.cpp. r=dkeeler
...
MozReview-Commit-ID: 3d5mYDjzJwf
--HG--
extra : rebase_source : ce0b714b92d9deed79a8a9e24e0d8db4b9eef8c7
2016-04-01 06:16:58 -07:00
cbc8dc0b64
Bug 550185 - Ensure nsCertTree::GetCellText returns an initialized value. r=kaie
...
--HG--
extra : rebase_source : 4c4529a62c5acb7bba52e8cb94e69e795a85b7e1
2016-04-04 21:18:00 +02:00
9825c57bc3
bug 1239166 - platform work to support Microsoft Family Safety functionality r=froydnj,mgoodwin,mhowell,rbarnes,vladan
...
MozReview-Commit-ID: GhpJqJB97r9
--HG--
extra : rebase_source : e943c1e4d0f008ffd6b6bb4bb63e1daf27ae2c96
2016-01-12 15:39:43 -08:00
6e4140d766
bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin
...
MozReview-Commit-ID: 7xT6JGpOH1g
--HG--
extra : rebase_source : 0def29e8be898a2d975ee4390b3bc6a193766b1b
2016-02-09 10:14:27 -08:00
ed5502e22f
Bug 1252722 - Add additional tests. r=keeler
...
MozReview-Commit-ID: Ds5t8RSd1Mk
--HG--
extra : transplant_source : %92Nx%E8%7E%3A%E6%97w%8A%D0%102%7D%8D%93%A2%9D%A4%25
2016-03-31 17:33:06 -07:00
bc9cb4c633
Bug 1252722 - Improve handling of PK11_* function error codes. r=keeler
...
MozReview-Commit-ID: DWNNXq8ZJ47
--HG--
extra : transplant_source : N%10%80%B2%9C%DEwu%0B%BF%FB%3B%D4%06%D8W%2AyBh
2016-03-31 17:33:00 -07:00
531fe59f42
Bug 1252722 - Ensure arguments of all public methods are checked. r=keeler
...
MozReview-Commit-ID: 5UJup8k8iGe
--HG--
extra : transplant_source : %D0v%7B%F2%60%04%E3%11%15_%AC%A0%D0%CE%0D%3A0q%96%24
2016-03-31 17:32:53 -07:00
0ebbbafe4b
Bug 1252722 - Use smart pointers for NSS resources. r=keeler
...
MozReview-Commit-ID: Gg3DNjGiNIQ
--HG--
extra : transplant_source : _%AC%97%FA%DA%FF%FE%95%E5%D4%3C%BE%82%E4%24%D9F%ADB%89
2016-03-31 17:31:55 -07:00
db361c5c2d
Bug 1252722 - Fully implement nsNSSShutDownObject everywhere. r=keeler
...
MozReview-Commit-ID: 4OZ6tCdCGEP
--HG--
extra : transplant_source : U%27%E3%E2A%85%03%AC%FA%C9%9A%9Et%87%E9%F6s%FFy%AC
2016-03-31 17:31:50 -07:00
581a304acb
bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj
...
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.
MozReview-Commit-ID: 8GxtgdbaS3P
--HG--
extra : rebase_source : d1bed911f2d5d40229ea06556fee0848668e98b6
2016-03-28 12:52:40 -07:00
7167af4f5a
Bug 1251801 - Ensure arguments of all public methods are checked. r=keeler
...
MozReview-Commit-ID: 1UQ4thOmUGb
--HG--
extra : transplant_source : V%24o%40%403%BF%B4o%5E%F5%28%91%B8%8A%E2%E3%E9%8B%BF
2016-03-29 18:14:29 -07:00
703b7ef6b1
Bug 1251801 - Improve handling of PK11_* function error codes. r=keeler
...
MozReview-Commit-ID: 18acVVAuapm
--HG--
extra : transplant_source : %C3%FD%1D%BF/%E4%A5%BBl%DE%03%BC%0E%CA%04%D8%C6%0Fze
2016-03-29 18:14:29 -07:00
b2f33b0ba8
Bug 1251801 - Fully implement nsNSSShutDownObject and obviate manual NSS resource management. r=keeler
...
MozReview-Commit-ID: A7a9TVikRPh
--HG--
extra : transplant_source : v%CE%9Df%F6%0AaqJ%D5A%07%B0%2A.%E2%01c%C5%A5
2016-03-29 18:14:28 -07:00
caea64b900
Backed out changeset 3ff2b12ffedc (bug 1254667) for upsetting the test_ocsp_caching.js gods on android CLOSED TREE
...
MozReview-Commit-ID: JaJXHxKEAvu
2016-03-29 16:38:18 -07:00
4a9f753dd1
bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj
...
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.
MozReview-Commit-ID: 8GxtgdbaS3P
--HG--
extra : rebase_source : 7e81131a6c215bf7af514f150ebe2eb16a5c612a
2016-03-28 12:52:40 -07:00
83f1770c2c
Bug 1238001 - Allow TLS info to be updated on renegotiation, r=keeler
...
MozReview-Commit-ID: KJaPgEwTvhv
--HG--
extra : rebase_source : f7d0025eca46e191d23aee182c9ace58b7d59b8b
extra : amend_source : 7e98ef0aa34b0c2def205644e1ab9e576417930d
2016-02-23 08:00:00 -08:00
b83f7e6b04
No bug, Automated HPKP preload list update from host bld-linux64-spot-413 - a=hpkp-update
2016-03-28 14:10:40 -04:00
fbba08e207
No bug, Automated HSTS preload list update from host bld-linux64-spot-413 - a=hsts-update
2016-03-28 14:10:40 -04:00
d9265a3eaf
Bug 1259294: Part 2 - Use MOZ_ALWAYS_SUCCEEDS. r=froydnj
2016-03-28 10:28:15 -07:00
e05e655f1b
Bug 1258298 - Switch more Scoped.h templates in PSM to UniquePtr equivalents. r=keeler
...
MozReview-Commit-ID: 8VOhiuNOlBX
--HG--
extra : amend_source : 70d01c7a061c4b751d643d1277e3185ccf348e54
2016-03-24 18:30:37 -07:00
e031eef545
Bug 1259149 - Add additional tests for the nsIPK11* and nsIPKCS11* implementations. r=keeler
...
After these additions, the majority of the API surface should be covered.
MozReview-Commit-ID: CvpEX6Cm94d
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_list.js => security/manager/ssl/tests/unit/test_pkcs11_module.js
extra : transplant_source : %B3%E0%09%B9%E4b%D0A%F0%00r%08%1F%9Dm%E7%CC9%E3l
2016-03-24 18:29:39 -07:00
815dd278b6
bug 1259753 - fix some C++ unittests to use ScopedXPCOM to init XPCOM. r=ms2ger
...
MozReview-Commit-ID: B6xdlB9Di0y
--HG--
extra : rebase_source : 182d29d677c77ae6780260f5fc9b0792bdd98f84
extra : amend_source : 1e4fa2453d6773bd1e63f52b7aa3bf61e61600ff
2016-03-25 10:04:37 -04:00
8cd3125d35
Bug 1255438 - fix OS X warning bustage and reopen this CLOSED TREE; r=me
2016-03-25 10:09:01 -04:00
0e58a8d0a5
Bug 1255438 - create nsI{Mutable,}Array directly; r=keeler
2016-03-25 09:36:25 -04:00
e1d8b92ec6
Bug 1255425 - part 2 - pack kSTSPreloadList into a more efficient format; r=keeler
...
Entries in kSTSPreloadList currently look like:
class nsSTSPreload
{
public:
const char *mHost;
const bool mIncludeSubdomains;
};
This is inefficient for a couple of reasons:
* The structure has a bunch of wasted space: it takes 8 bytes on 32-bit
platforms and 16 bytes on 64-bit platforms, even though it only uses 5
and 9 bytes, respectively.
* The |const char*| requires additional space in the form of relocations
(at least on Linux/Android), which doubles the space cost of
individual entries. (The space cost of the relocations is mitigated
somewhat on Linux and Android because of elfhack, but there's still
extra cost in the on-disk format and during the load of libxul to
process those relocations.)
* The relocations the structure requires means that the data in it can't
be shared between processes, which is important for e10s with multiple
content processes.
We can make it more efficient by structuring it like so:
static const char kSTSPreloadHosts[] = {
// One giant character array containing the hosts, in order:
// "example.com\0example.org\0example.test\0..."
// Use an array rather than a literal string due to compiler limitations.
};
struct nsSTSPreload
{
// An index into kSTSPreloadHosts for the hostname.
uint32_t mHostIndex: 31;
// We use the same datatype for both members so that MSVC will pack
// the bitfields into a single uint32_t.
uint32_t mIncludeSubdomains: 1;
};
nsSTSPreload now has no wasted space and is significantly smaller,
especially on 64-bit platforms (saves ~29K on 32-bit platforms and ~85K
on 64-bit platforms). This organization does add a couple extra
operations to searching for preload list entries, depending on your
platform, but the space savings make it worth it.
2016-03-24 15:09:28 -04:00
b2490bf812
Bug 1255425 - part 1 - clearly delineate steps when outputting HSTS preload list; r=keeler
...
The main loop of |output| tweaks entries, filters out entries based on
some conditions, and writes out the actual entries we're going to use.
Let's separate those three steps so it's clearer what's happening where.
2016-03-11 15:35:47 -05:00
08f83f4f99
bug 1257969 - update test_pinning_dynamic.js test certificates to not use subject common name for name information r=jcj
...
MozReview-Commit-ID: 1NpjJO9r8ma
--HG--
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec
extra : rebase_source : 9fa95f73f616da87f19bf8c5f7749b02b52b9696
2016-03-18 14:14:00 -07:00
Kai Engert
Chris Pearce
David Keeler
Cykesiopka
Ryan VanderMeulen
ffxbld
Wes Kocher
Dave Townsend
Julian Hector
Tim Taubert
Bob Owen
timeless@mozdev.org
Martin Thomson
Kyle Huey
Ted Mielczarek
Nathan Froyd