6c728ddf43
bug 1153212 - 2/2 Necko explicitly track origin vs routed host and give psm only origin r=dkeeler r=hurley IGNORE IDL
...
Allow necko to simultaneously track the dual concept of routed host
and origin (authenticated host). The origin is given to the socket
provider and the routed host is inserted at DNS lookup time as if it
were a SRV or CNAME.
--HG--
extra : rebase_source : f9cc87b92084025443bc0374b1dd994f01662ebb
2015-04-09 11:31:59 -04:00
6a940b1edd
bug 1153212 - 1/2 revert 90d6a38931fa to make room for better fix r=backout
...
--HG--
extra : rebase_source : a812bd796d4aa9df8e51c32a014663c025f3e0a6
2015-05-07 13:16:26 -04:00
c0e295b256
Bug 1144055, Upgrade Firefox to use NSS 3.19, landing NSS_3_19_RTM
2015-05-04 21:34:38 +02:00
f7b3a781d8
Bug 1153446 - Replace instances of double spacing with single spacing in nsserrors.properties. r=dkeeler
2015-05-01 02:40:00 +02:00
0dc457eba2
Merge m-i to m-c, a=merge
2015-05-02 10:02:17 -07:00
ba8964f0c6
No bug, Automated HPKP preload list update from host bld-linux64-spot-137 - a=hpkp-update
2015-05-02 03:30:49 -07:00
aaf9d7d061
No bug, Automated HSTS preload list update from host bld-linux64-spot-137 - a=hsts-update
2015-05-02 03:30:48 -07:00
924c9eb636
Bug 1134923 - Remove NS_Alloc/NS_Realloc/NS_Free. r=nfroyd
...
They are kept around for the sake of the standalone glue, which is used
for e.g. webapprt, which doesn't have direct access to jemalloc, and thus
still needs a wrapper to go through the xpcom function list and get to
jemalloc from there.
2015-05-01 09:40:30 +09:00
c8ff2d51c8
Bug 1159972 - Remove the fallible version of PL_DHashTableInit(). r=froydnj.
...
It's no longer needed now that entry storage isn't allocated there. (The other
possible causes of failures in that function are less interesting and simply
crashing is a reasonable thing to do for them.)
This also makes PL_DNewHashTable() infallible, so I removed some
now-unnecessary checks of its result.
--HG--
extra : rebase_source : 4c6ab0c449bc18e8bace8bf036b5bd78d3a2f1c4
2015-04-29 16:38:29 -07:00
2343aee19b
Bug 1150515: Set the subsystem to WINDOWS,5.02 for wow_helper so that it runs on WinXP 64-bit. r=glandium
2015-04-30 09:48:03 +01:00
8beb5af44d
Bug 1145844 - Update fallback whitelist. r=keeler
2015-04-29 13:48:53 +09:00
ca3e5326e2
Bug 734229 - Partially address by refusing to re-negotiate on NTLM. r=mayhemer, r=keeler
...
Now only one NTLM Negotiate packet will be sent per connection, rather
than again after a failed authentication. The problem situation is
triggered due to failed Negotiate authentication, and is probably more
complex.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
--HG--
extra : rebase_source : dc2bac8a3b7dab5e774dcfb9ce33b73c7233d686
2014-11-28 11:34:06 +13:00
ebde6b9f4f
Bug 1157835: Remove the MSVC_ENABLE_PGO flag from the build system. r=glandium
...
--HG--
extra : rebase_source : 0c47c99bb8b92f8361a51fd81b20a2cc8647a986
2015-04-27 19:59:27 -04:00
596e5f9960
merge fx-team to mozilla-central a=merge
2015-04-27 12:34:03 +02:00
107708af7c
merge mozilla-inbound to mozilla-central a=merge
2015-04-27 12:00:14 +02:00
2ecabecaa7
No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update
2015-04-25 03:32:33 -07:00
d0e7b73b16
No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update
2015-04-25 03:32:31 -07:00
89c80effa2
Bug 1154184 - Don't use Linux sandbox gtest dir if not building tests. r=gps
2015-04-24 17:36:08 -07:00
7b5d12ad46
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz
...
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
2015-03-31 11:32:40 -07:00
cdf101ec43
merge mozilla-inbound to mozilla-central a=merge
2015-04-24 14:37:13 +02:00
ee333796b2
Bug 1121982 - Update PSM to use NSS name constraints
2015-04-23 20:26:29 -04:00
471d07992f
Bug 1144600 - Don't crash when submitting <keygen> on b2g r=dkeeler
2015-04-23 13:35:49 -07:00
24f35dfe49
Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler
...
--HG--
extra : rebase_source : 11fb8b1c1a3044b82668136f4cfec4c758d9270c
2015-04-22 12:55:23 -07:00
acb448f5f9
Bug 1153809 - Loosen Mac content process sandbox rules for NVidia and Intel HD 3000 graphics hardware. r=areinald
2015-04-22 14:56:09 -05:00
a4f79b207d
bug 1157873 - remove certificates from CNNIC whitelist that aren't in the Pilot Certificate Transparency log r=rbarnes
...
Also remove certificates where notBefore is on or after 1 April 2015.
2015-04-21 16:07:33 -07:00
0343243a12
Bug 1124076 followup - fix the build when PR_LOGGING is not defined. r=mrbkap
2015-04-23 13:24:57 -07:00
6c532d910b
bug 1081128 - test_pinning.js takes ~300 seconds on b2g debug emulator - request a longer timeout for it r=Cykesiopka
...
--HG--
extra : amend_source : 9ba64939a0f277c9407f47731186cfea4da64774
2015-04-22 11:06:36 -07:00
9470ab9873
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, r=nss-confcall
2015-04-23 21:16:20 +02:00
17b87281f2
Bug 1147212 - Add support for goog-unwanted-shavar. r=gcp,r=matej,r=smaug
...
--HG--
rename : toolkit/components/url-classifier/tests/mochitest/evilWorker.js => toolkit/components/url-classifier/tests/mochitest/unwantedWorker.js
extra : rebase_source : efe09564160fb2fcb1adb5f6599183f053268c40
2015-04-22 21:01:37 +12:00
ed2915b75f
Backed out changeset 7f3cf84c11a9 (bug 1124076) for bustage on a CLOSED TREE
2015-04-22 13:44:23 +02:00
3a94be560c
Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler
...
--HG--
extra : rebase_source : 00240091ae66180390a76a9613a4215cf591401d
2015-04-21 14:56:00 +02:00
399276d5fc
Bug 1153348 - Add an analysis to prohibit operator bools which aren't marked as either explicit or MOZ_IMPLICIT; r=jrmuizel
...
This is the counterpart to the existing analysis to catch
constructors which aren't marked as either explicit or
MOZ_IMPLICIT.
2015-04-21 21:40:49 -04:00
ec1aede15a
Bug 1150765 - Add sandbox rules to allow hardware rendering of OpenGL on Mac. r=smichaud
...
--HG--
extra : rebase_source : 1fa38a01840f24b63f27254d434c9e0bc3382309
2015-04-21 11:17:16 +02:00
04795f03be
bug 1153212 - Alt-Svc Fixes r=dkeeler r=hurley
2015-04-13 17:11:59 -04:00
803079473a
Bug 1144055, Upgrade Firefox 39 to use NSS 3.19, NSS_3_19_BETA4 to pick up bug 1155279
2015-04-20 21:46:19 +02:00
7d4e804ec6
Merge m-i to m-c, a=merge
2015-04-18 16:36:32 -07:00
a178fd47b7
No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update
2015-04-18 03:29:47 -07:00
aa4085d52f
No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update
2015-04-18 03:29:45 -07:00
e69f0f4b4b
bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith
2015-04-08 16:17:39 -07:00
c2568b80a0
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA2, r=nss-confcall
2015-04-17 13:49:43 +02:00
af1ece91c4
Bug 1153248, re-enable a bunch of tests that now work with e10s, r=billm
2015-04-16 15:38:12 -04:00
5ff51a7744
bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes
2015-04-07 17:29:05 -07:00
d15620fcea
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA3, r=nss-confcall
2015-04-17 18:43:30 +02:00
81764496cd
bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past
2015-03-25 11:04:49 -07:00
95bd8011e6
Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler
...
--HG--
extra : rebase_source : caf903d29b0adc22fcc7e87e4fa0019cfa48007e
2015-04-14 05:33:03 -10:00
f124561818
Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler
...
We used to avoid using Nested and NestedOf because they were based on
bind and it was difficult to maintain our std::bind polyfill. Now that
we use lambdas, it is easy to use Nested and NestedOf, so we should do
so wherever it makes the code clearer.
--HG--
extra : rebase_source : 1157d16320b3b211e3ce612b75782e8bd9c55f30
2015-04-14 05:32:46 -10:00
d09798e9f5
Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler
...
Also fixes the wrong comment. The syntax for version in OCSP and X.509
certs is identical.
--HG--
extra : rebase_source : 744a2998ce8c55a61fbbc1966bc22e4903fa2484
2015-04-14 05:32:29 -10:00
0cac719ba9
Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler
...
--HG--
extra : rebase_source : 899eaed19b13edc9c257f0ab212d447bb54e607d
2015-04-14 05:06:41 -10:00
5389bbbf54
Bug 1137437 - move security/apps/ cert header generation to moz.build; r=mshal,keeler
...
Moving the cert header generation to GENERATED_FILES means that we can
delete all the manually-written out rules; we can also delete the
export:: rule because the build system automatically builds
GENERATED_FILES during the export phase. For ease of converion, we opt
to create an empty trusted-app-public.der cert for manifest-signing-root.inc;
partners are free to overwrite that cert with their own.
2015-02-27 12:50:49 -05:00
67e9dfaaf8
Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith
...
This avoids -Wunused-variable fatal warnings with GCC 5.0
2015-04-15 09:21:23 +09:00
c755113bc5
Bug 1153090 followup - consistently use sizeof(hash) r=dkeeler
2015-04-14 22:19:18 +02:00
88aa8d67cc
Bug 1153090 - Unaligned access in cert block list (r=keeler)
2015-04-14 21:19:52 +02:00
5ab8ccdeac
Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith
2015-04-14 14:30:09 +02:00
566d65be48
Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler
...
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.
--HG--
rename : security/pkix/include/pkix/ScopedPtr.h => security/pkix/lib/ScopedPtr.h
extra : rebase_source : 206bfb32aa5a04a4719f28b4aca59fe2f0abbec3
2015-04-13 00:28:11 -10:00
b1035c0992
Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler
...
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
2015-04-12 19:57:48 -10:00
ede9c4f220
merge mozilla-inbound to mozilla-central a=merge
2015-04-13 12:00:00 +02:00
bd0890186b
No bug, Automated HPKP preload list update from host bld-linux64-spot-009 - a=hpkp-update
2015-04-11 03:29:55 -07:00
83c81d6e76
No bug, Automated HSTS preload list update from host bld-linux64-spot-009 - a=hsts-update
2015-04-11 03:29:53 -07:00
ba1cc023b7
Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang
...
This needs more unit tests for the various pieces of what's going on
here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but
that's nontrivial due to needing a single-threaded process -- and
currently they can't be run on Mozilla's CI anyway due to needing user
namespaces, and local testing can just try using GMP and manually
inspecting the child process. So that will be a followup.
2015-04-10 18:05:19 -07:00
6bf3d102d8
Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang
...
Using the equivalent of release assertions in the patch after this one
is easier to justify if I can't come up with vaguely legitimate reasons
why they might fail; this detects the ones I thought of.
2015-04-10 18:05:19 -07:00
32cb9ee32d
Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent
...
This means that B2G plugin-container must (dynamically) link against
libmozsandbox in order to call into it before initializing Binder.
(Desktop Linux plugin-container already contains the sandbox code.)
2015-04-10 18:05:19 -07:00
cf24e12150
Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang
2015-04-10 18:05:19 -07:00
2c5369d16e
Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler
...
--HG--
extra : rebase_source : 43a28d1b97c569280979c8a2d95494e4d2f9a67c
extra : amend_source : 056721a65cc7d0738d9ab2a92071f8f7eaf48262
2015-03-30 08:57:00 +02:00
01409dbd35
bug 1147085 - remove nsINSSCertCache (replace it with nsIX509CertDB.getCerts()) r=Cykesiopka
2015-04-03 14:01:05 -07:00
bdc70031c6
Bug 1152895 - remove dead code in nsSSLIOLayerSetOptions r=dkeeler
2015-04-09 13:40:04 -04:00
3487ae0262
Bug 1147725 - Disable test_ocsp_fetch_method.js and test_ocsp_url.js on slow B2G Emulator debug builds. r=keeler
...
--HG--
extra : rebase_source : 87d4b8284b33498a50542d49b956db84cdae1b62
2015-04-06 14:05:00 +02:00
077c2e64f4
Bug 1149483: Change content sandbox level 1 to a working low integrity sandbox. r=tabraldes, r=billm
2015-04-05 14:01:38 +01:00
fa3a91e936
Merge m-i to m-c, a=merge
2015-04-04 09:59:17 -07:00
3a6df834e2
No bug, Automated HPKP preload list update from host bld-linux64-spot-220 - a=hpkp-update
2015-04-04 03:27:46 -07:00
81b8c93237
No bug, Automated HSTS preload list update from host bld-linux64-spot-220 - a=hsts-update
2015-04-04 03:27:44 -07:00
33228918ed
Bug 1110911 - Move Mac sandboxing code into plugin-container. r=cpearce,areinald,jld
2015-04-03 11:51:41 -05:00
c2f2ce39ec
Bug 1149805 - Switch head_psm.js to Assert.jsm methods and add expected result strings. r=keeler
2015-04-02 05:50:00 -04:00
6680672cfb
Bug 488480 - Correct documentation about the function hasMatchingOverride() in nsICertOverrideService.idl. Original patch by Johnathan Nightingale. r=keeler
...
IGNORE IDL
--HG--
extra : rebase_source : 3e2f7be6a165caf413726d13c9ccee26abbd2925
2015-04-02 05:45:00 -04:00
4c7234747e
Bug 1143651 - don't use CallQueryInterface when the compiler can do the cast for us; r=ehsan
2015-03-12 13:20:29 -04:00
7eb3221db7
Bug 1147726: Disable test_keysize_ev.js on slow B2G Emulator debug builds. r=dkeeler
2015-03-31 11:53:00 +02:00
a0437d5b8f
Bug 1146057: Remove support for GCC 4.6, r=keeler
...
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.
--HG--
extra : rebase_source : 0f104f16be9e7c1ff87bbdd0d4ba6700b1081fb8
2015-03-30 20:18:46 -10:00
e4f543bb58
Bug 1119878 Part 2: Change IPC code to hold ProcessID instead of ProcessHandle. r=billm, r=dvander, r=aklotz, r=cpearce
2015-04-01 09:40:35 +01:00
eef3ca5f6e
Bug 1119878 Part 1: Change SandboxTarget to hold sandbox target services to provide functions. r=aklotz, r=glandium, r=cpearce
2015-04-01 09:40:35 +01:00
b077d9624d
Bug 1134920 - Use moz_xmalloc/moz_xrealloc/free instead of nsMemory::Alloc/Realloc/Free. r=nfroyd
2015-04-01 13:51:45 +09:00
d7b3e00bed
Bug 1138848 - Tests for modified OneCRL (r=keeler, unfocused)
...
* * *
* * *
give blocklist debug info to NSPR_LOG
2015-03-31 15:10:19 -07:00
1b0d6fb879
Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused)
2015-03-31 15:10:09 -07:00
5a690c59fa
bug 844351 - remove nsISSLErrorListener r=cykesiopka
...
--HG--
extra : amend_source : e2adec756356509f0a4601bbeabf7ba7c8d15a8e
2015-03-24 16:00:10 -07:00
ee04a8b86a
Bug 1147247 - Use PRErrorCodeSuccess constant instead of literal 0 to represent success in PSM xpcshell tests. r=dkeeler
...
--HG--
extra : rebase_source : 75a144cbf0e166f92884275fb6c511c98d7e61bd
2015-03-27 23:16:00 +01:00
bb6cbdf02b
Bug 667471 - Pretty print names of ECDSA with SHA-2 algorithms in Certificate Viewer. r=dkeeler
...
--HG--
extra : rebase_source : eb961cbdf8fe1ccf74642d86c03ee6c41c30f2d4
2015-03-27 23:13:00 +01:00
c39e359c7d
Bug 1138293 - Use malloc/free/realloc/calloc instead of moz_malloc/moz_free/moz_realloc/moz_calloc. r=njn
...
The distinction between moz_malloc/moz_free and malloc/free is not
interesting. We are inconsistent in our use of one or the other, and
I wouldn't be surprised if we are mixing them anyways.
2015-03-31 12:32:49 +09:00
36b7acc82a
Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler
...
--HG--
extra : rebase_source : 7bb0327749fd013ba5de17483d21a9e9f21eb07a
extra : source : 9f3617a5b85a8a2ae9a82c0f0584b413a9b635b4
2015-02-26 13:10:13 -08:00
3ab08d7fdb
Bug 1136278, Part 1: Refactor algorithm identifiers in tests, r=keeler
...
This will make it easier to expand the tests to additional
signature algorithms and additional public key types.
--HG--
extra : rebase_source : 256923fff83d58732b6c995a4096b773fdbb28c1
2015-02-26 16:11:41 -08:00
2f48802ae0
Bug 1147572 - Remove implementation language field from DOM class info. r=jst
2015-03-30 10:45:39 -07:00
c6676519f2
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, florian, billm, jesup
2015-03-03 09:51:05 -05:00
46dfeaba0b
Bug 1148070 - Change nsIClassInfo::getHelperForLanguage() to getScriptableHelper(). r=bholley
2015-03-29 07:52:54 -07:00
2b3486247c
Backed out 6 changesets (bug 1046245) on a CLOSED TREE
2015-03-29 01:42:32 -04:00
cdd0b089a5
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
24b4f38005
Back out 6 changesets (bug 1046245) for thinking that MSVC would have anything to do with a __PRETTY_FUNCTION__
...
CLOSED TREE
Backed out changeset 9e3ecca831d8 (bug 1046245)
Backed out changeset 87dc145f4da8 (bug 1046245)
Backed out changeset 01606cf19a77 (bug 1046245)
Backed out changeset 2ed2b15fe940 (bug 1046245)
Backed out changeset 2b99b193828a (bug 1046245)
Backed out changeset d1ac67faccbb (bug 1046245)
2015-03-28 19:57:17 -07:00
222e93c87c
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
003e8f5278
Backed out 6 changesets (bug 1046245) for bustage on a CLOSED TREE.
...
Backed out changeset 222c2f9e3bc9 (bug 1046245)
Backed out changeset 4251eef464a2 (bug 1046245)
Backed out changeset 592f4cc23197 (bug 1046245)
Backed out changeset 5bfb9a1c0550 (bug 1046245)
Backed out changeset e966a5df87b6 (bug 1046245)
Backed out changeset 609f3ca64004 (bug 1046245)
2015-03-28 16:24:25 -04:00
59e13faed0
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
e44926f4c1
Merge m-i to m-c, a=merge
2015-03-28 11:44:16 -07:00
ad47b2b11c
No bug, Automated HPKP preload list update from host bld-linux64-spot-1005 - a=hpkp-update
2015-03-28 03:27:37 -07:00
7ffd3e55ce
No bug, Automated HSTS preload list update from host bld-linux64-spot-1005 - a=hsts-update
2015-03-28 03:27:36 -07:00
e6f385fb3d
Bug 1148527 - Indentation fix after bug 1145631, r=ehsan
2015-03-27 18:52:19 +00:00
e2f12bfec6
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.18.1, land NSS_3_18_1_BETA1, r=nss-confcall
2015-03-26 20:39:25 +01:00
0ca524deb8
Bug 947079 - Hack to prevent getting a mixed content icon on a fully secure page. r=keeler
2015-03-26 11:54:53 -07:00
e7768682a2
Bug 1147446: Chromium patch to fix memory leak in Windows sandbox sharedmem_ipc_server.cc. r=aklotz
2015-03-26 08:06:04 +00:00
b44239d022
Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler relanding on a CLOSED TREE
2015-03-25 17:29:05 -07:00
9b0a211a65
Backed out changeset 3a38c3d97f44 (bug 996872) on the theory that it somehow broke lots of tests, forcing a prolonged CLOSED TREE
2015-03-25 14:40:44 -07:00
958425a841
Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler
2015-03-25 11:40:46 -07:00
8794504c9f
Merge m-c to inbound a=merge CLOSED TREE
2015-03-23 16:51:22 -07:00
fb38caf19c
Bug 1146192 - Whitelist sched_yield syscall in GMP sandbox on Linux DONTBUILD CLOSED TREE - r=jld
2015-03-24 10:56:49 +13:00
75fa281404
Bug 1146192 - Backed out changeset d2918bcf0d90 for missing bug number - r=me
2015-03-24 10:53:10 +13:00
1d7005b2a5
Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang
...
--HG--
extra : histedit_source : b16050ba3308df92df608cc6fc09069d21df6deb
2015-03-19 11:57:00 -04:00
fc8b8ab2ac
Merge m-c to m-i
2015-03-21 12:50:09 -07:00
09f1e96e74
Merge m-i to m-c, a=merge
2015-03-21 12:31:07 -07:00
21922001d8
No bug, Automated HPKP preload list update from host bld-linux64-spot-1002 - a=hpkp-update
2015-03-21 03:30:42 -07:00
9d9da119ca
No bug, Automated HSTS preload list update from host bld-linux64-spot-1002 - a=hsts-update
2015-03-21 03:30:40 -07:00
883849ee32
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj
...
This patch was automatically generated using the following script:
function convert() {
echo "Converting $1 to $2..."
find . \
! -wholename "*/.git*" \
! -wholename "obj-ff-dbg*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.c" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_OVERRIDE override
convert MOZ_FINAL final
2015-03-21 12:28:04 -04:00
3b412c43dd
Bug 1XXXXXX - Whitelist sched_yield syscall in GMP sandbox on Linux - r=jld
2015-03-24 09:55:36 +13:00
2cf7194567
bug 1143085 - allow subject alternative name extensions to be empty for compatibility r=briansmith a=kwierso
...
--HG--
extra : amend_source : 89b8233b57049a3d2886aa08cd85c57e6faa693e
2015-03-16 14:00:33 -07:00
09d9f7bb4a
Bug 1144580 - Whitelist pselect6 in content seccomp-bpf policy. r=kang
2015-03-18 15:30:00 +01:00
3a321cb760
Bug 1133187 - Update fallback whitelist. r=keeler
2015-03-18 15:36:00 +01:00
f6d18ff6da
Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang
...
See bug, and comment at top of SandboxInfo.cpp, for rationale.
Bonus fix: reword comment about nested namespace limit; the exact limit
is 33 (not counting the root) but doesn't particularly matter.
2015-03-17 22:50:00 +01:00
ae28024d8c
Bug 1131227 - Make the about:certerror Unknown Issuer string mention missing intermediates and unimported roots. r=keeler
2015-03-17 14:33:00 +01:00
35c856f796
Bug 1143082 - Fix a message in the mixed content UI. r=dolske
2015-03-17 20:34:58 +09:00
d56d610ecf
Bug 1141885 - Make readlink() fail instead of allowing it, for B2G content processes. r=kang
...
--HG--
extra : rebase_source : c9ceababcd741979058361e96161d575a70bd39f
2015-03-13 13:47:56 -07:00
66ca086aa3
Bug 1083344 - Tighten rules for Mac OS content process sandbox on 10.9 and 10.10. r=smichaud
...
Allow read to whole filesystem until chrome:// and file:// URLs are brokered through another process.
Except $HOME/Library in which we allow only access to profile add-ons subdir.
Add level 2, which allows read only from $HOME and /tmp (while still restricting $HOME/Library.
Change default back to 1.
2015-03-12 17:42:50 +01:00
d9bfa275b9
No bug, Automated HPKP preload list update from host bld-linux64-spot-532 - a=hpkp-update
2015-03-14 03:26:00 -07:00
3d091a2a8c
No bug, Automated HSTS preload list update from host bld-linux64-spot-532 - a=hsts-update
2015-03-14 03:25:58 -07:00
b252a27930
Bug 1142503 - don't use QueryInterface when the compiler can do the cast for us; r=ehsan
...
Calling QueryInterface with a statically known IID should typically not
be necessary. In those cases where it's not, the compiler can do the
cast for us, though we have to supply the reference-counting that
QueryInterface would do.
In passing, several redundant null-checks for the result of |new T| have
been deleted.
2015-03-12 09:43:50 -04:00
99b4a73239
Bug 1142263 - Specify all syscall parameters when doing CLONE_NEWUSER detection; f=bwc r=kang
2015-03-13 13:01:28 +01:00
2d14f8d244
Bug 906996 - Remove unlink from B2G content process syscall whitelist. r=kang
2015-03-11 12:39:00 +01:00
12b79456cc
bug 1102443 - fix leak in key pinning logging by removing an unnecessary function call r=cykesiopka
...
Also took the opportunity to fix the logging message, since it didn't accurately
describe the information that was being printed.
--HG--
extra : amend_source : 40a0c2ba9c07757e5895a822ce3bb8b197674554
2015-03-12 14:31:26 -07:00
d1c61bc9b6
Bug 1116187 - Disable failing mochitest-chrome tests for B2G, r=gbrown
2015-02-06 16:30:37 -08:00
6978e35bf5
bug 1138332 - re-allow overrides for certificates signed by non-CA certificates r=mmc
...
--HG--
extra : amend_source : 92a2dcf71daa6b31be0dcae628a13b13b0fc443a
2015-03-11 11:11:22 -07:00
5814296e8c
Bug 1141815 - Remove nsIDOMCryptoDialogs interface and associated implementation; r=keeler
2015-03-12 10:24:05 +01:00
0bf38c806e
bug 1138716 - update PSM data structures that depend on root CA changes r=mmc
2015-03-23 10:36:55 -07:00
f7aa208f07
Bug 1137470, remove the documentation patch file, because it's no longer reverted locally, DONTBUILD
2015-03-20 13:38:13 +01:00
b58c1a369b
Bug 1137470, Upgrade Firefox 38 to use NSS 3.18, land NSS_3_18_RTM, r=nss-confcall
2015-03-20 13:32:58 +01:00
2aa9e4036e
Bug 1121117 - Add fuzz time to workaround non-monotonicity of Date(). r=keeler
...
--HG--
extra : rebase_source : 464d1e1bf8cb4624f4fda39d3ea6a55430073c6f
2015-03-19 19:57:00 +01:00
f2a63bbdff
Bug 1145432: Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz
2015-03-20 07:53:37 +00:00
0e3211475f
Bug 1140767 - Build more files in security/manager in unified mode; r=dkeeler
2015-03-10 22:52:22 -04:00
4fecdb4ceb
Bug 1141169: Add moz.build BUG_COMPONENT metadata for security/sandbox/ r=jld
2015-03-10 08:03:12 +00:00
b08af57c17
Bug 1137166: Change the Content moreStrict sandbox pref to an integer to indicate the level of sandboxing. r=tabraldes
2015-03-10 08:03:12 +00:00
364038011c
Bug 868814 - Fold mozalloc library into mozglue. r=njn
...
--HG--
rename : memory/mozalloc/moz.build => memory/mozalloc/staticruntime/moz.build
2015-03-10 10:01:52 +09:00
83b1b594b5
Bug 1106470 - Drop SSLv3 support entirely from PSM. r=keeler
2015-03-10 01:22:59 +09:00
19355a43d5
Bug 1137007 - Detect namespace and SECCOMP_FILTER_FLAG_TSYNC support in SandboxInfo. r=kang, r=Unfocused
...
Currently, only user namespace support is detected. This is targeted at
desktop, where (1) user namespace creation is effectively a prerequisite
for unsharing any other namespace, and (2) any kernel with user
namespace support almost certainly has all the others.
Bonus fix: remove extra copy of sandbox flag key names in about:support;
if JS property iteration order ever ceases to follow creation order, the
table rows could be permuted, but this doesn't really matter.
2015-03-06 13:59:00 -05:00
cc58dd5d1a
Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching. r=briansmith
2015-03-03 13:34:45 -08:00
8f5c1764fb
Merge m-c to m-i
2015-03-07 19:39:49 -08:00
ecf64b97b2
Merge m-i to m-c, a=merge
2015-03-07 19:11:54 -08:00
b74611a261
No bug, Automated HPKP preload list update from host bld-linux64-spot-157 - a=hpkp-update
2015-03-07 03:27:15 -08:00
1ec58518aa
No bug, Automated HSTS preload list update from host bld-linux64-spot-157 - a=hsts-update
2015-03-07 03:27:13 -08:00
44fb9d4eff
bug 1129771 - disable IPv6 in PSM xpcshell TLS connection tests due to failures on OS X 10.10 r=cykesiopka a=ryanvm on a CLOSED TREE
...
In the process of investigating the intermittent failures listed in
bug 1129771, I discovered that the code would frequently get stuck connecting
to [::1] (where no server was listening) and wouldn't fall back to trying
127.0.0.1 (where the test server was listening). This change prevents the code
attempting to connect to [::1]. There probably is an underlying bug here, but
it appears to be in OS X itself and I have neither the time nor expertise to
investigate further.
--HG--
extra : amend_source : 57b6a28858685d7ca3b6b0c7cbc7ed193280ca7c
2015-03-04 13:41:11 -08:00
171babfad4
Bug 1139177 - RSA public key size checking cleanups. r=keeler
2015-03-05 16:41:00 +01:00
01e2b0e158
Bug 1140111 - Whitelist readlinkat along with readlink. r=kang
2015-03-07 10:44:23 -05:00
fc884b360e
Bug 1137470, landing NSS_3_18_RC0 minus bug 1132496, r=nss-confcall
2015-03-07 14:49:00 +01:00
cdb738f18d
bug 1137538 - remove nsIIdentityInfo and nsNSSSocketInfo::GetPreviousCert r=mayhemer
2015-02-27 11:33:36 -08:00
3e7620bf97
Bug 1138882 - Add a pref to enable unrestricted RC4 fallback. r=keeler
2015-03-05 22:51:31 +09:00
fa79ef2aea
Bug 1121117 - Add some logging to test_ocsp_timeout.js to ease debugging. r=dkeeler
2015-03-03 14:25:00 +01:00
0de76a4c17
Merge b2g-inbound to m-c a=merge CLOSED TREE
2015-03-03 17:02:21 -08:00
6cb15b84a0
Bug 1012549 - 0004. Support read private key in keystore. r=dkeeler r=qdot
2015-02-28 21:54:24 +08:00
3b4360319c
bug 1085506 - gather telemetry for TLS handshake certificate verification errors r=rbarnes
2015-02-27 11:14:29 -08:00
f4a1822554
Bug 1130757 - tests for bug 1130757. r=dkeeler
...
--HG--
extra : rebase_source : 7b047f5bddf3544ca82d3b8875925acdbdb02ea5
2015-03-02 08:19:00 +01:00
3133a37202
Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler
...
--HG--
extra : rebase_source : ce8cff0735865c00f33102b82c31af35145bda2c
2015-02-26 04:38:00 +01:00
de906ce3ce
Bug 1130418 - Remove broken e-mail cert trust editing UI. r=emk
...
--HG--
extra : rebase_source : fb4c89e251e2ce3e4d9cf002a0cda4166a589a2c
2015-03-02 19:54:00 +01:00
4419d0186e
Bug 1130413 - Remove unused nsITokenPasswordDialogs::GetPassword() function. r=jjones
...
--HG--
extra : rebase_source : 85b9e442d6b5be401fdd389cc251add8a633bb23
2015-02-26 13:05:00 +01:00
b17feb3f40
Merge inbound to m-c a=merge
2015-03-02 12:12:47 -08:00
8084ed7b82
No bug, Automated HPKP preload list update from host bld-linux64-spot-044 - a=hpkp-update
2015-02-28 03:27:43 -08:00
94776e3384
No bug, Automated HSTS preload list update from host bld-linux64-spot-044 - a=hsts-update
2015-02-28 03:27:41 -08:00
8c48f9f304
Bug 1137470 - Upgrade Firefox to NSS 3.18, landing NSS_3_18_BETA7, r=nss-confcall
2015-02-26 23:29:08 +01:00
d01ea02613
bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith
2015-02-24 15:48:05 -08:00
a7d78c82c0
Bug 1136388. Change nsIDocumentLoaderFactory and nsIURIContentListener to take MIME types as an XPCOM string, not a char*. r=smaug
2015-02-25 10:26:51 -05:00
c5b6b444f2
Bug 1134942 - Whitelist fstatat and unlinkat for B2G content processes. r=gdestuynder
2015-02-20 12:16:00 +01:00
2672d3b5d3
Bug 1077864, Part 3: update nsserrors.properties so error message gets localized.
2015-02-23 16:04:23 -08:00
06b7804e70
Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
...
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
2015-02-14 16:59:02 -08:00
27cb600f2f
Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler
...
--HG--
extra : rebase_source : d0c599f7fc29b5fbcb7d8cd97980a3f39d39f515
2015-02-14 15:59:38 -08:00
bdb4294871
Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler
...
--HG--
extra : rebase_source : 9a2ca8cb370169f675557987a6b1cc0dedb24ff6
2015-02-22 16:59:03 -08:00
f2235a16db
Bug 1135407: Factor out duplicate logic in tests, r=keeler
...
--HG--
extra : rebase_source : d93eef89cb6596cf35e2ebef29030423cf027f0b
2015-02-21 14:12:38 -08:00
baf73d756f
Bug 1135745 - Disable the reserved-id-macro macro in security/pkix; r=briansmith
2015-02-23 13:40:09 -05:00
fd0387315e
Merge inbound to m-c. a=merge
2015-02-21 16:40:27 -05:00
c2dabe6507
No bug, Automated HPKP preload list update from host bld-linux64-spot-148 - a=hpkp-update
2015-02-21 03:32:26 -08:00
00bf62f9f5
No bug, Automated HSTS preload list update from host bld-linux64-spot-148 - a=hsts-update
2015-02-21 03:32:24 -08:00
256a142a70
Bug 1083344 - Tighten rules for Mac OS content process sandbox - "rules part". r=smichaud
...
--HG--
extra : histedit_source : f703a6a8abbf500cb882263426776fdb138b73a3
2015-02-21 13:06:34 +01:00
70a296a23b
Bug 1083344 - Tighten rules for Mac OS content process sandbox - "core part". r=smichaud
...
--HG--
extra : histedit_source : 3c904474c57dbf086365cc6b26a55c34b2b449ae
2015-02-18 14:10:27 +01:00
ffe59cf419
Bug 1133618 - Move test SHA1 function to pkixtestutil.cpp. r=mmc
...
--HG--
extra : histedit_source : ef579a4958356a12974b1f0f69ab2d6070ff8e65
2015-02-16 16:37:03 -08:00
bbf8006735
Bug 1130754 - Make PublicKeyAlgorithm an enum class. r=keeler
...
--HG--
extra : histedit_source : 14d321bc2cbdf749fd05994571ca439ee62ab973
2015-02-14 13:25:09 -08:00
2bdace7384
Bug 1127339 - Detect SSLv3-only server in PSM. r=keeler
2015-02-21 17:20:22 +09:00
31ea56f770
Bug 1097622 - Add test cases for certs that have notBefore times earlier than the UNIX epoch. r=dkeeler
2015-02-17 06:15:00 -05:00
47f24e15e4
Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler
2015-02-18 15:56:00 -05:00
37b3759ab9
Bug 1097622 - Rename (mE|e)rrorCodeExpired variables to (mE|e)rrorCodeTime. r=dkeeler
2015-02-17 06:12:00 -05:00
17cbaa2849
Bug 1133187 - Update fallback whitelist. r=keeler
2015-02-19 04:12:59 +09:00
0101cbcbce
Bug 1124039 - Allow RC4 only for whitelisted hosts. r=keeler
2015-02-19 04:12:58 +09:00
6b89f2db74
Bug 1137179 - Add wildcard support to the static fallback list. r=keeler
2015-02-28 08:53:44 +09:00
a64db6ab58
Bug 1136471 - Remove unused nsIIdentityInfo.getValidEVPolicyOid(). r=dkeeler
2015-02-26 13:05:00 -05:00
fc8fe2bd7c
Bug 1083344 - Add "allow" sandbox rules to fix mochitests on OSX 10.9 and 10.10. r=smichaud
2015-02-27 16:55:35 +01:00
5ef9f4d21f
Bug 1133283 - Remove nonstandard expression closures from security/manager/ssl/tests. r=keeler
2015-01-24 23:48:22 -08:00
372a8a591d
bug 1123671 - if a non-overridable error is encountered when processing an overridable certificate error, report the non-overridable error r=mmc r=jcj
...
Also, SEC_ERROR_UNTRUSTED_ISSUER and SEC_ERROR_UNTRUSTED_CERT are not actually overridable, so don't pretend they are.
2015-01-23 14:04:44 -08:00
ce50eac5c5
Bug 1012549 - 0001. Support import PKCS12 certificate. r=dkeeler r=vchang
2015-02-28 21:54:16 +08:00
b88b7049eb
Bug 1099296 - Attach LoadInfo to remaining callers of ioService and ProtocolHandlers - in security/ (r=keeler)
2015-02-17 10:09:40 -08:00
e2399947f4
Merge mozilla-central to mozilla-inbound
2015-02-16 16:14:51 +01:00
08fafcb3e2
merge mozilla-inbound to mozilla-central a=merge
2015-02-16 15:59:56 +01:00
99b5f33384
No bug, Automated HPKP preload list update from host bld-linux64-spot-1093 - a=hpkp-update
2015-02-14 03:21:57 -08:00
c9826729b7
No bug, Automated HSTS preload list update from host bld-linux64-spot-1093 - a=hsts-update
2015-02-14 03:21:55 -08:00
Patrick McManus
Kai Engert
Cykesiopka
Phil Ringnalda
ffxbld
Mike Hommey
Nicholas Nethercote
Bob Owen
Masatoshi Kimura
Andrew Bartlett
David Major
Carsten "Tomcat" Book
Jed Davis
Dave Townsend
Richard Barnes
Fabrice Desré
Blake Kaplan
Steven Michaud
David Keeler
Nathan Toone
Francois Marier
Ehsan Akhgari
André Reinald
Neil Deakin
Brian Smith
Nathan Froyd
Landry Breuil
Jan Beich
Mark Goodwin
David Cooper
Andrew McCreight
Jan-Ivar Bruaroey
Randell Jesup
Ryan VanderMeulen
Andrea Marchesini
Tanvi Vyas
Wes Kocher
Edwin Flores
Jonathan Griffin
Chuck Lee
Boris Zbarsky
Chris Peterson
Christoph Kerschbaumer