Граф коммитов

10645 Коммитов

Автор SHA1 Сообщение Дата
Gian-Carlo Pascutto e2d263a0f4 Bug 1296309 - Remove unused syscalls from the seccomp whitelist. r=tedd
MozReview-Commit-ID: BUDRwsuAu0W

--HG--
extra : rebase_source : 9fa3cf044d67ed09e9a6a4cd8c5d5b0023d8077d
2016-08-18 16:56:12 +02:00
Dragana Damjanovic 4cf673afa8 Bug 1264578 - NSS support for http with TLS 1.3. r=keeler
--HG--
extra : rebase_source : ed323e68723ecbe2687dcc23acd279a64225c5ba
2016-08-17 13:57:00 -04:00
Wes Kocher 45575a7f86 Merge m-c to autoland, a=merge
a=release for the webidl hook for a comment-only change

--HG--
extra : amend_source : e590e515ab273d097f88b35be0e5c999502ebdf4
2016-08-16 22:07:30 -07:00
Wes Kocher 48b8d407c8 Merge inbound to central, a=merge
a=release to get around the webidl hook for a comment-only change

--HG--
extra : amend_source : f7e57101e1a25d3cf3536a256898ec2a21c54b38
2016-08-16 17:05:30 -07:00
Nicholas Nethercote ca40b738e4 Bug 1294620 - Use infallible XPIDL attribute getters more. r=erahm.
This makes a lot of code more compact, and also avoids some redundant nsresult
checks.

The patch also removes a handful of redundant checks on infallible setters.

--HG--
extra : rebase_source : f82426e7584d0d5cddf7c2524356f0f318fbea7d
2016-08-12 15:19:29 +10:00
Wes Kocher 2253eb9510 Merge m-c to inbound, a=merge 2016-08-15 14:53:49 -07:00
Wes Kocher d602abb016 Merge inbound to central, a=merge 2016-08-15 14:20:38 -07:00
Igor 175543fda8 Bug 1293384 - Part 2: Rename Snprintf.h header to Sprintf.h. r=froydnj 2016-08-14 23:43:21 -07:00
Igor a57972337d Bug 1293384 - Part 1: Rename snprintf_literal to SprintfLiteral. r=froydnj 2016-08-14 23:44:00 -07:00
Wes Kocher 4aec37ca6e Merge m-c to autoland, a=merge 2016-08-12 16:30:03 -07:00
Jed Davis 10843a73b7 Bug 1290896 - Allow readlink() in desktop Linux content processes. r=gps
Making readlink() always fail with EINVAL (the result of applying it
to a non-symlink) worked on B2G, but this is not the case on desktop.
(Note: originally the idea for the B2G file broker was that it would
ignore symlinks and map lstat to stat, so that behavior for readlink
would have been consistent, but as eventually implemented it does do
lstat as actual lstat.)

In particular, this seems to be causing something in the graphics
library stack to change what GL renderer it uses (?), and on some
systems the presence of the readlink->EINVAL rule causes it to load a
version of the llvmpipe software renderer with a crash bug, instead of
(we assume) some other driver that works.
2016-08-08 14:59:19 -07:00
Cykesiopka cb172720f2 Bug 623917 - Add basic client authentication tests. r=keeler
This patch adds tests for the core aspects of the client authentication code,
mainly to ensure the client auth process even works.

MozReview-Commit-ID: DzV4BuwlrDE

--HG--
extra : rebase_source : 43224d3159964f02b175e8c54491b2cabba2cb8a
2016-08-12 16:36:43 +08:00
Wes Kocher 88bc8189f9 Merge m-c to autoland, a=merge 2016-08-15 14:54:25 -07:00
Cykesiopka 9529f2321e Bug 1294011 - Obviate manual calls to SECITEM_FreeItem() in PSM. r=keeler
MozReview-Commit-ID: 7RNV0YNraBx

--HG--
extra : rebase_source : bd4c8981b52e3f5a504fc09958872415cf757eff
2016-08-13 21:45:00 +08:00
Haik Aftandilian f796c32cc7 Bug 1286480 - [10.12] Widevine CDM always crashes on Amazon since upgrade to macOS Sierra. r=gcp
Allow /System/Library/PrivateFrameworks/ to be read from the from the plugin sandbox.

--HG--
extra : rebase_source : 8b71b7daed4792d8ce67131819c90acb2f5891ea
2016-08-11 00:57:52 -07:00
Wes Kocher fa1a1180c4 Merge autoland to central, a=merge 2016-08-10 16:29:26 -07:00
Gian-Carlo Pascutto c53a105dc7 Bug 1288410 - Basic implementation of AddDir and recursive Lookup. r=tedd
MozReview-Commit-ID: 36jAPfm29LO

--HG--
extra : rebase_source : 5eb2a9b02ad3c40375b9a4d9b3f38d75932e29b1
2016-08-10 15:09:58 +02:00
Nicholas Nethercote e7f10a07fd Bug 1293603 (part 2) - Make Run() declarations consistent. r=erahm.
This patch makes most Run() declarations in subclasses of nsIRunnable have the
same form: |NS_IMETHOD Run() override|.

As a result of these changes, I had to add |override| to a couple of other
functions to satisfy clang's -Winconsistent-missing-override warning.

--HG--
extra : rebase_source : 815d0018b0b13329bb5698c410f500dddcc3ee12
2016-08-08 12:18:10 +10:00
Cykesiopka 2c9b1285df Bug 1289455 - Obviate manual CERT_DestroyCertificate() calls in PSM. r=dkeeler
MozReview-Commit-ID: Aoi1VWvkNjp

--HG--
extra : transplant_source : B%8F9%E7%E8%84%7D%D1%7B%5Due%ED%9A%E8%DE%05%5B%E2D
2016-08-05 23:57:44 +08:00
Nicholas Nethercote bb1d1454ea Bug 1275309 (part 4) - Inline nsSecretDecoderRing::{decode,encode}. r=cykesiopka.
--HG--
extra : rebase_source : 6328c6e0dd211e43b5d171df50c6079853e6b15a
2016-08-04 11:53:09 +10:00
Nicholas Nethercote afef61ac1b Bug 1275309 (part 3) - Use unsigned integers for lengths in nsSecretDecoderRing. r=cykesiopka.
This avoids the need for some range checks and some casts.

--HG--
extra : rebase_source : e4dc7647791236085fdf65beda82ce063042d182
2016-08-04 11:53:07 +10:00
Nicholas Nethercote f02b5adb6c Bug 1275309 (part 2) - Use Base64Decode() in nsSecretDecoderRing::decode(). r=cykesiopka.
This mirrors the changes made to encoding in bug 1273711.

--HG--
extra : rebase_source : 3976f9888f05a588549fd6c309fc451a020aa9e9
2016-08-04 11:53:06 +10:00
Sergei Chernov 21be681857 Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka
MozReview-Commit-ID: IgcnyBH4Up

--HG--
extra : transplant_source : %98%A3%5E%B4%DA%89qI1%01A%F8%FF%C7%1FS%D4%23v%B3
2016-07-05 08:35:06 +03:00
J.C. Jones afe8f0c2f8 Bug 1273475 - use release assertions for PSM->NSS shutdown. r=ttaubert
Update the prior patch to use MOZ_RELEASE_ASSERT so that we cleanly crash
if there's still an error somewhere in this logic, instead of deadlocking
on beta (but crashing on aurora).

MozReview-Commit-ID: InttEcC55Dn

--HG--
extra : rebase_source : c79726acbaf1eb8374500f43cd3c7d33362466ad
2016-08-05 14:47:23 -07:00
David Cook 7d4c71cc9c Bug 1115718 - Check for empty issuer name in mozilla::pkix; r=keeler
MozReview-Commit-ID: 6Ymgo7dQE7b

--HG--
extra : rebase_source : 54ee27fd46c2139125a40deabb11a6aca04c84bc
2016-07-28 20:36:18 -05:00
David Keeler d922ace809 Bug 1273475 - fix deadlock and potential crash when PSM shuts down NSS. r=ttaubert, r=jcj
This fixes two issues:
1. nsNSSShutDownList::evaporateAllNSSResources could deadlock by acquiring
sListLock and then the singleton's mNSSActivityStateLock in
nsNSSActivityState::restrictActivityToCurrentThread.

2. Calling UnloadLoadableRoots before
nsNSSShutDownList::evaporateAllNSSResources could result in removing modules
that were still in use, causing assertion failures and potential crashes.

MozReview-Commit-ID: 8ZgZTVw7sWh

--HG--
extra : rebase_source : 43452add4612b3d12c2b877c3a38169c9676f445
2016-08-02 12:16:37 -07:00
Kai Engert 1d17a259bc Bug 1291253, land NSS_3_26_RTM, r=franziskus 2016-08-05 18:16:01 +02:00
Carsten "Tomcat" Book 389a3e0817 merge mozilla-inbound to mozilla-central a=merge
--HG--
rename : mobile/android/base/java/org/mozilla/gecko/GeckoAppShell.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/GeckoLayerClient.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/GeckoLayerClient.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/LayerRenderer.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/LayerRenderer.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/PanningPerfAPI.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/PanningPerfAPI.java
2016-08-04 15:55:50 +02:00
David Keeler 67199d7bf6 bug 1289885 - Enable VeriSign Class 3 Public PCA - G4 for EV in PSM r=jcj
MozReview-Commit-ID: GDZnZcVCNl6

--HG--
extra : rebase_source : ffdfa0fac7d4114e1251d00ced4c6ca7aab1ec86
2016-07-27 14:06:09 -07:00
Alexandre Lissy 0af5b943b6 Bug 1284674 - Remove NUWA r=cyu
MozReview-Commit-ID: GyMRNzOBKw6

--HG--
extra : rebase_source : 293af1cd55f2035ce6a99f4ebf144059c32a2b8f
2016-08-02 14:54:00 +02:00
Tom Schuster 473d3dc22d Bug 1197324 - Fix new warnings. r=froydnj 2016-08-03 14:37:31 +02:00
Jed Davis 5fc855cf94 Bug 1290343 - Fix Linux GMP sandbox policy's geteuid rule for 32-bit. r=tedd 2016-08-01 13:10:00 +02:00
Jed Davis 6f2404e02a Bug 1290633 - Soft-fail unexpected open() in GMP processes to avoid recursive crash. r=gcp 2016-08-01 15:47:00 +02:00
Jed Davis 938691d027 Bug 1290618 - Allow PR_SET_PTRACER in Linux sandbox policies to avoid recursive crash. r=tedd 2016-08-01 15:44:00 +02:00
Carsten "Tomcat" Book bd81ddd0b0 merge mozilla-inbound to mozilla-central a=merge 2016-08-02 17:09:31 +02:00
David Keeler a033a593cb bug 1119778 - make "Forget About This Site" clear HSTS and HPKP info r=MattN,mgoodwin
MozReview-Commit-ID: IJVQBsryfHq

--HG--
extra : rebase_source : c8d3c431ee44112985d53907e3e3e83d80108805
2016-07-27 17:11:52 -07:00
Thomas Wisniewski 6a1fb99d2b Bug 709991 - Fire onerror instead of throwing on network errors for async XHRs. r=bz 2016-07-30 00:24:56 -04:00
Julian Seward a3b23bd33c Bug 1288726 - Seccomp sandbox doesn't play well with Valgrind. r=julian.r.hector. 2016-07-29 17:42:55 +02:00
Carsten "Tomcat" Book 8c47612fee merge mozilla-inbound to mozilla-central a=merge 2016-07-29 11:56:43 +02:00
Makoto Kato 2e27b62687 Bug 1288644 - Don't define RTLD_NOLOAD when __ANDROID_API__ >= 21. r=glandium
MozReview-Commit-ID: AUEQjIBk50H

--HG--
extra : rebase_source : 6ce4e2d3537951054432ce2a9689222a8923f69a
2016-07-22 16:40:21 +09:00
Haik Aftandilian 4350d1fefd Bug 1288774 - Remove the OSX rule added in bug 1190032 for nsPluginHost::GetPluginTempDir. r=jimm 2016-07-25 14:43:00 -04:00
Julian Hector 6c0d578d0e Bug 1287008 - Add sys_fadvise64_64 to seccomp whitelist. r=gcp 2016-07-27 15:45:02 +02:00
Carsten "Tomcat" Book 7293066753 merge mozilla-inbound to mozilla-central a=merge 2016-07-27 16:35:44 +02:00
Cykesiopka 13116b6d68 Bug 1289151 - Remove obsolete nsIWalletService related code. r=jcj
It appears the wallet code was not included during the initial 2007 import of
code from CVS to Mercurial, so anything referencing wallet has been dead code
ever since.

MozReview-Commit-ID: BRTd1M0DsT0

--HG--
extra : transplant_source : %BC%FC%05%AE%B5%8C%DC%21J%DC%B4%B17M%19%AA%F3%B9%05L
2016-07-27 01:53:20 +08:00
Cykesiopka 4a43c75897 Bug 1287290 - Use ScopedAutoSECItem in PSM more. r=dkeeler
ScopedAutoSECItem is useful for:
1. Removing manual memory management.
2. Getting rid of this pattern:
   > UniqueSECItem item(SECITEM_AllocItem(nullptr, nullptr, 0));
   While this pattern works, ScopedAutoSECItem is slightly superior in that it
   doesn't unnecessarily cause a SECItem to be allocated from the heap.

MozReview-Commit-ID: 8DPD9gtzeru

--HG--
extra : transplant_source : %10l%27C%12%3E%08%85q%06%1A%FC%FB%DE%F9%A3%99%0AN%A1
2016-07-25 15:06:34 +08:00
Wes Kocher cef61ca9ed Merge m-c to autoland, a=merge 2016-07-26 16:54:33 -07:00
Fabrice Desré c23a54d9ec Bug 1289381 - Don't fail to build sandboxing with --disable-crashreporter r=gcp 2016-07-26 04:35:43 -07:00
Carsten "Tomcat" Book 25aa8617fc Backed out changeset 1825b8fa636a (bug 1246540) for bustage
--HG--
extra : rebase_source : 45defacae713b2c2f75813fea6f2f289ebc481cd
2016-07-26 12:52:15 +02:00
Andi-Bogdan Postelnicu d19b17ffc3 Bug 1289366 - added return statement for CharToByte when assertion fails. r=keeler
MozReview-Commit-ID: LDAamOxHdli

--HG--
extra : rebase_source : 7a180b058c3d756074b4cb2f56356c41eaf9919d
2016-07-26 12:48:49 +03:00
Bob Owen 22830b7f8f Bug 1287984: Add rule to allow content process to duplicate handles to other non-broker processes. r=jimm
MozReview-Commit-ID: A79P9G9t7Ax

--HG--
extra : transplant_source : %C2%0A-%FB%7E%AF%99%95%C7%AF%A6%21%BC%18%D4a%9C%24z%8C
2016-07-20 14:41:18 +01:00
Julian Hector 3236586a67 Bug 1285769 - Add sys_get_mempolicy to seccomp whitelist. r=gcp 2016-07-25 19:37:58 +02:00
Julian Hector 1ab18ae903 Bug 1285770 - Add sys_fallocate to seccomp whitelist. r=gcp 2016-07-23 17:13:52 +02:00
Haik Aftandilian 8f7ffc84b7 Bug 1274540 - Record sandboxing status in crash reports; r=gcp
Adds content sandbox metadata to parent and child crash reports:
Includes the value of pref security.sandbox.content.level,
whether or not the system is capable of sandboxing, if the
sandbox was successfully turned on, and (on Linux systems)
the sandbox capabilities flags.

New crash report keys:
"ContentSandboxLevel" in parent and content
"ContentSandboxCapable" in parent
"ContentSandboxEnabled" in content
"ContentSandboxCapabilities" in content on Linux
2016-07-25 13:21:00 +02:00
Kate McKinley 01cbd73591 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-25 12:37:00 +02:00
Cykesiopka 8297eb8984 Bug 1281665 - Change nsIClientAuthDialogs.chooseCertificate() to use hostname instead of CN. r=keeler
chooseCertificate() currently uses a concatenation of the Common Name of the
server cert and the port of the server to allow the user to identify the server
requesting client authentication. Unfortunately, this approach is flawed, since
it doesn't take into account things like SAN entries, which might be very
different from the CN.

Using the hostname instead avoids this problem.

MozReview-Commit-ID: 6XjGCknWNi9

--HG--
extra : transplant_source : k%10N%7B%E8%A4%9B%C9%9A%23Q%D1%99%D2%A3%C0.%2B%7F%A5
2016-07-26 20:16:58 +08:00
Iris Hsiao caea40742f Backed out changeset 8dc198cd46ff (bug 1246540) for Mochitest failures 2016-07-27 13:14:07 +08:00
Kate McKinley c6650db185 Bug 1246540 HSTS Priming Proof of Concept
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-26 13:03:00 +08:00
Iris Hsiao a7c8429fc4 Backed out changeset d7e39be85498 (bug 1246540) for Mochitest failures 2016-07-27 11:15:52 +08:00
Franziskus Kiefer 249fa77287 Bug 1263793 - update SAN, r=mgoodwin,ulfr
MozReview-Commit-ID: HtMKl2gP1xi

--HG--
extra : rebase_source : 5173dda521679b2ce6c8caabb3b54cce4f658640
2016-07-25 09:44:19 +02:00
Carsten "Tomcat" Book 0a5622c093 Backed out changeset 640247e978ba (bug 1246540) for bustage 2016-07-24 15:59:31 +02:00
Kate McKinley 547500d5a7 Bug 1246540 - HSTS Priming Proof of Concept. r=honzab
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-22 18:35:00 +02:00
Wei-Cheng Pan fd87664d8e Bug 1264566 - Part 2: Refactor all usage of FileDescriptor. r=valentin
Callers should use a UniquePtr to hold the platform handle.

MozReview-Commit-ID: 6BWnyAf4b3a

--HG--
extra : transplant_source : %26%CA%0D%28%08%9BT%97Z%A1%3Dq%CD%21%A1_%EFE%83%0E
extra : histedit_source : 77f8ed3d0fdec6cce0c95469130ade0fb547bb91
2016-05-27 16:12:51 +08:00
David Keeler f3ec60ef5f backout changeset 1a1d7ef3cb0e (bug 1279479) for causing WebRTC compatibility issues
The WebRTC implementation inherits cipher suite preferences from PSM and then
enables a few mandatory ones and disables a number of undesirable ones. If PSM
makes a change to a cipher suite preference that isn't in WebRTC's whitelist or
blacklist, compatibility issues can arise. See bug 1288246 for an example.

--HG--
rename : security/manager/ssl/tests/unit/test_fallback_cipher.js => security/manager/ssl/tests/unit/test_weak_crypto.js
2016-07-22 10:31:34 -07:00
Carsten "Tomcat" Book 336105a0de merge mozilla-inbound to mozilla-central a=merge 2016-07-22 11:58:02 +02:00
Wes Kocher f11c79a662 Merge m-c to inbound, a=merge CLOSED TREE 2016-07-21 15:59:28 -07:00
Carsten "Tomcat" Book bc1b31b01b Merge mozilla-central to autoland 2016-07-21 16:27:58 +02:00
Gian-Carlo Pascutto 0b8cfd1d36 Bug 1284240 - Use boolean rather than flag for Sandboxing Telemetry. r=gfritzsche
MozReview-Commit-ID: EsXFAbEyxYs

--HG--
extra : rebase_source : 95bbfa30597490fb1b972056651b75f5a129daad
2016-07-21 09:39:09 +02:00
Franziskus Kiefer dd5231632f Bug 1263793 - Using content signature verifier for verifying remote newtab, r=keeler,mayhemer
MozReview-Commit-ID: ABXYYseKImq

--HG--
extra : rebase_source : 79614e5215e738dff9683ad447245bd830c887bf
2016-05-19 10:59:48 +02:00
Chris Peterson b175c9fdd5 Bug 1277106 - Part 2: Expand MOZ_UTF16() strings to u"" string literals. r=Waldo 2016-07-20 22:03:25 -07:00
Julian Hector ea69125244 Bug 1285768 - Let getppid() return 0 to simulate pid namespaces. r=gcp 2016-07-10 22:06:57 +02:00
Carsten "Tomcat" Book 021bec0a4e Merge mozilla-central to mozilla-inbound 2016-07-20 11:35:42 +02:00
Carsten "Tomcat" Book 8428cd56e3 merge mozilla-inbound to mozilla-central a=merge 2016-07-20 11:20:15 +02:00
Julian Hector f6b06d33a3 Bug 1286852 - Add sys_munlock to seccomp whitelist. r=gcp
MozReview-Commit-ID: AJEA73cJFo2
2016-07-15 17:57:28 +02:00
Franziskus Kiefer 212ec6e50e Bug 1283376 - Land NSS_3_26_RC0, r=ttaubert
--HG--
extra : rebase_source : 5bebe302e503bd0b3fe07c99932794859747839a
extra : amend_source : ef2f99cf7a40a87f577cbd1f6aac0ac872d4306d
2016-07-20 09:39:08 +02:00
Julian Hector 0caf755557 Bug 1285902 - Add sys_msgget to seccomp whitelist. r=gcp 2016-07-15 17:34:29 +02:00
David Keeler a77caa9d20 bug 1274677 - Enable Certplus and OpenTrust root certificates for EV in PSM r=Cykesiopka
MozReview-Commit-ID: 4rZ0NIEyKF6

--HG--
extra : rebase_source : 089184f70e3a6949da5211f464c51fb113db997a
2016-07-15 14:51:08 -07:00
Masatoshi Kimura c37817e366 Bug 1250582 - Remove SSL_FALLBACK_LIMIT_REACHED telemetry. r=keeler
Bug 1084025 added this telemetry to measure the impact of bumping the fallback limit.
But we already bumped the fallback limit to TLS 1.2 long before. We will not need this kind of telemetry until we bump the fallback limit to TLS 1.3 that will not happen in the near future. So let's just remove wasting resource for now.

MozReview-Commit-ID: 22o8FirlYql

--HG--
extra : rebase_source : c04b6a7aa7bf8970b22c24dcb1d8f0184330cb43
2016-07-16 14:16:06 +09:00
David Keeler 56d2f86c86 bug 1284946 - remove usages-related APIs from nsIX509Cert r=Cykesiopka,Felipe,jcj
nsIX509Cert provided the APIs getUsagesArray, requestUsagesArrayAsync, and
getUsagesString. These APIs were problematic in that the synchronous ones would
cause certificate verification to block the main thread and the asynchronous one
was needlessly indirect in its definition (it made use of two additional
special-case xpidl types) and needlessly complex in its implementation (it
required nsNSSComponent to manually manage a background thread without the aid
of recent improvements in that area (e.g. CryptoTask)). Furthermore, these APIs
would return string descriptions of the usages the certificate in question had
been verified for rather than using more concrete identifiers or values. This
paradigm is usable but imprecise. The new nsIX509CertDB API
asyncVerifyCertAtTime is much more expressive, enforces off-main-thread
computation, and makes use of CryptoTask for a simple implementation. Using this
API, previous uses of the old nsIX509Cert APIs can be replaced. As an additional
benefit, this removes a ton of obsolete C++ code.

MozReview-Commit-ID: KXVTcjAKehu

--HG--
extra : rebase_source : 50c51f73b2b61ed0ad4dc9702cc5df470ce998bc
2016-07-06 14:45:36 -07:00
David Keeler 16124386f7 bug 1284946 - fix dialog parameter passing in browser_certViewer.js r=Cykesiopka
The changes in bug 1217602 missed that browser_certViewer.js should have been
updated to use a nsIDialogParamBlock instead of a (mock) nsIPKIParamBlock.
"Luckily" the test harness completely ignored the errors resulting from this
oversight.

MozReview-Commit-ID: JlA62L5PPW8

--HG--
extra : rebase_source : ec06cd026f3aec8cc7a7c032cd1c9a9c5a8e9536
2016-07-07 11:14:17 -07:00
Wes Kocher e2d9911273 Backed out changeset 21d8bb5af7b4 (bug 1263793) for leaks in various jobs CLOSED TREE 2016-07-20 11:16:37 -07:00
Franziskus Kiefer 9b9c643025 Bug 1263793 - Using content signature verifier for verifying remote newtab, r=keeler,mayhemer
MozReview-Commit-ID: CHUPgBr8WaC

--HG--
extra : rebase_source : 969bd058a157c7307b7a4d3c2a4c5d62e82b7489
2016-05-19 10:59:48 +02:00
Thomas Zimmermann 4bee1b2945 Bug 1288077: Forward declare arrays by including 'nsTArrayForwardDeclare.h', r=froydnj
MozReview-Commit-ID: 4RBeHDyhQgr
2016-07-20 17:29:36 +02:00
Tom Tromey 5538d692d3 Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
This removes the unnecessary setting of c-basic-offset from all
python-mode files.

This was automatically generated using

    perl -pi -e 's/; *c-basic-offset: *[0-9]+//'

... on the affected files.

The bulk of these files are moz.build files but there a few others as
well.

MozReview-Commit-ID: 2pPf3DEiZqx

--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
2016-07-14 10:16:42 -06:00
Julian Hector b23e6a33e4 Bug 1286119 - Allow sys_mremap when jemalloc is disabled. r=gcp
MozReview-Commit-ID: FRVorDIIUVR
2016-07-12 18:24:54 +02:00
Julian Hector 6dbdc2284b Bug 1286185 - Add sys_fadvise64 to seccomp whitelist. r=gcp
MozReview-Commit-ID: CkX1txdLAMg
2016-07-20 06:36:00 +02:00
L. David Baron 3e30ec6687 Bug 1290761 - Allow running jprof with sandbox enabled. r=jhector
jprof is an in-tree profiling tool that runs on Linux.

This fixes the error:

Sandbox: seccomp sandbox violation: pid 29698, syscall 38, args 0 140731305513136 0 830 22509600 1.  Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: __GI_setitimer (/build/glibc-GKVZIf/glibc-2.23/time/../sysdeps/unix/syscall-template.S:84)
Sandbox: frame #02: startSignalCounter(unsigned long) (.../mozilla-central/mozilla/tools/jprof/stub/libmalloc.cpp:464)

which occurs during shutdown when running with jprof enabled via the
JPROF_FLAGS environment variable containing JP_DEFER without actually
sending the signal to start jprof.  It presumably occurs sooner if jprof
is actually used either via JP_START or by senging a SIGPROF/SIGALRM.

With the patch, these steps run to completion.

MozReview-Commit-ID: Fx4tzEyqIj2

--HG--
extra : transplant_source : %2AU%15F%8A%C5%E6%1D%03%20%1B%F6W%E9%EB%DA%8F%E7f%5D
2016-08-01 08:49:48 +01:00
Jed Davis 622813449c Bug 1286324 - Make fork() non-fatal in Linux content sandbox. r=jhector
fork() will now fail with EPERM instead of crashing; see code comment
and bug for more info.  Tested with GTK3 Oxygen theme and SCIM, which
both seem to work.  Also verified that GMP child processes still crash
on fork().

--HG--
extra : rebase_source : 267c4cb892b691502a9d7760bca4d23fee3fe449
2016-07-14 15:00:00 -04:00
Julian Hector 54f8b7b221 Bug 1286413 - Add CASES_FOR_fchown and use it. r=gcp
--HG--
extra : rebase_source : b16522c25182223094fe2ed9ae18d5894bf6f9f1
2016-07-13 01:18:02 +02:00
Carsten "Tomcat" Book cd4a2ce973 Backed out changeset 535e23baec4a (bug 1286119) for landing with wrong bugnumber
--HG--
extra : rebase_source : dede3bd9767b450934308a4c3de215a8837be93a
2016-07-14 13:51:16 +02:00
Julian Hector c58d37220b Bug 1286527 - Add sys_semop to seccomp whitelist. r=gcp 2016-07-13 15:03:30 +02:00
Julian Hector a6c28f48e6 Bug 1286119 - Add CASES_FOR_fchown and use it. r=gcp 2016-07-13 01:18:02 +02:00
Cykesiopka 97767e3585 Bug 1284438 - Enable more ESLint rules for PSM. r=mgoodwin
PSM JS code already pass these rules, so enabling these rules will just help
catch future bugs.

MozReview-Commit-ID: AXM2VoG8jBP

--HG--
extra : transplant_source : 4h%89%5BV7%C6%FB%B2%80%CE%B16%DC%22%BA%20%09%FB%92
2016-07-06 01:59:03 +08:00
Julian Hector 50053496e7 Bug 1286033 - Add sys_semctl to seccomp whitelist and fix sys_semget. r=gcp
--HG--
extra : rebase_source : 798fc3366d54abb256807952aa6e50438a8f8c7a
2016-07-12 04:42:00 +02:00
Tim Taubert 2c06cddb89 Bug 1283376 - Land NSS_3_26_BETA2 r=franziskus 2016-07-12 12:34:33 +02:00
Julian Hector 5c72f0a928 Bug 1285946 - Add sys_readv to seccomp whitelist. r=gcp 2016-07-11 18:51:33 +02:00
Julian Hector 620e4db84f Bug 1285827 - Add sys_link to seccomp whitelist. r=gcp 2016-07-11 19:38:53 +02:00
Julian Hector 3e3082511c Bug 1285816 - Add sys_accept4 to seccomp whitelist. r=gcp
MozReview-Commit-ID: 8NTeEtX9wMz
2016-07-11 00:12:49 +02:00
Julian Hector 085ce99e60 Bug 1285771 - Add sys_mlock to seccomp whitelist. r=gcp 2016-07-11 19:32:55 +02:00
Carsten "Tomcat" Book 8262976cf1 merge fx-team to mozilla-central a=merge 2016-07-12 10:57:34 +02:00
David Keeler 48c3eabeea bug 1286067 - add missing parameter for second test case added in bug 1284840 r=emk
MozReview-Commit-ID: 3aQBZeGLjxn

--HG--
extra : rebase_source : bff6a016e806aaec3b79e3aa2ff29fa33ba6663c
2016-07-11 14:35:55 -07:00
Gian-Carlo Pascutto bb409b10ab Bug 1285293 - Add fstatfs to seccomp-bpf whitelist. r=tedd
For some reason libfontconfig really Needs To Know.

MozReview-Commit-ID: KSET8D5h9xf

--HG--
extra : rebase_source : 10c5df6a4b8b85be120a9828686d0c63e3fff5d4
2016-07-11 10:54:48 +02:00
Gian-Carlo Pascutto c4c92abf28 Bug 1285525 - Add sys_semget to seccomp-bpf whitelist. r=tedd
MozReview-Commit-ID: 1yV0uqiMSru

--HG--
extra : rebase_source : cbc57f22fc4b5818b1ac9857446d2190eaa359c2
2016-07-11 10:15:31 +02:00
Julian Hector 2071bf3b6c Bug 1285287 - Use proper macros to whitelist getres*id. r=gcp 2016-07-08 17:59:41 +02:00
Gian-Carlo Pascutto b3b0630046 Bug 1285507 - Whitelist memfd_create (used for Sealed Files IPC). r=jhector
MozReview-Commit-ID: 7UE6hyDiC6H

--HG--
extra : rebase_source : ef1fcbf9e2aefbf2b215e18a459ce72d4e0abc5c
extra : histedit_source : 02ba293c9af543f850c6ddeb2ca214f7527e3923
2016-07-08 17:12:30 +02:00
Masatoshi Kimura 25ce2ba428 Bug 1284840 - Don't forget TLS intolerance when a DHE-based cipher is used. r=keeler
MozReview-Commit-ID: 70pa7lCLAxQ

--HG--
extra : rebase_source : f7ac3984139ebab86997041550e255c80a90fda2
2016-07-09 13:44:10 +09:00
Johann Hofmann 22b8fe594a Bug 1253771 - Add previous state info to mixed content callback. r=tanvi r=florian
MozReview-Commit-ID: 5msNz97psok

--HG--
extra : rebase_source : 640f86c3cc0b9b5a842a0c104cb269915b727b4b
extra : histedit_source : 6ca75dac152d5135089f9053eb91440058b124e4
2016-04-27 10:38:26 +02:00
Carsten "Tomcat" Book 838f21f656 merge mozilla-inbound to mozilla-central a=merge 2016-07-08 11:58:46 +02:00
Wes Kocher b5739bf710 Bug 1285052 - Followup to fix eslint a=me
--HG--
extra : rebase_source : 32803bdd9e5ec564709645d0e1cba1f0d781b7e5
2016-07-07 11:29:13 -07:00
Richard Barnes 8fc350a13d Bug 1285052 - Enforce a maximum max-age for HPKP r=keeler
MozReview-Commit-ID: 1LD02GkqzTe

--HG--
extra : rebase_source : 127c9dd479b6a48e72da378a4df357a1bba1e6f3
2016-07-06 19:16:29 -04:00
Cykesiopka 54a22335cb Bug 1281569 - Remove unnecessary step of converting nsIX509Certs to Raw DER just to create a CERTCertificate in nsNSSCertificateDB. r=keeler
There are a few places in nsNSSCertificateDB.cpp where the following is done:
1. GetRawDER() is called on a nsIX509Cert to obtain the DER representation of
   the cert.
2. The DER is used to construct a CERTCertificate for use with NSS functions.

This step of converting to the DER is unnecessary, since GetCert() will provide
an already constructed CERTCertificate.

MozReview-Commit-ID: 35KMYI7dCXc

--HG--
extra : transplant_source : %CA%ED%AC/%E3%29D%BB%8D%0F%A9Y%19%B2%E7a%1B%BE%ADv
2016-07-05 02:59:18 -07:00
Gregory Szorc f21ec324a6 Merge mozilla-central to mozilla-inbound 2016-07-06 18:30:58 -07:00
David Keeler 0b291c778a bug 1023621 - add asynchronous certificate verification API r=Cykesiopka
This API (nsIX509CertDB.asyncVerifyCertAtTime) will eventually replace
nsIX509Cert.getUsagesArray, nsIX509Cert.requestUsagesArrayAsync, and
nsIX509Cert.getUsagesString because those APIs are architecturally problematic
and don't give very precise information in any case.

MozReview-Commit-ID: OzQaBnDRIo

--HG--
extra : rebase_source : 270de8dfa5ed5221a1e012661161842c0afb3e70
2016-06-30 14:09:18 -07:00
Julian Hector aa5c174aa4 Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld
MozReview-Commit-ID: JQAQAbHUObN

--HG--
extra : rebase_source : 42a14a28503b685125f27faa40ae4efc920c5c5d
2016-06-16 12:39:07 +02:00
Julian Hector feca70c6cc Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp
MozReview-Commit-ID: HrBpcQ1BYFI

--HG--
extra : rebase_source : 0505ff9f9260627a0519e1f0ea536efd7af0210e
2016-07-05 03:07:00 +02:00
Julian Hector 3ab8691db7 Bug 1284452 - Add sys_getrandom to seccomp whitelist. r=gcp
MozReview-Commit-ID: 8CW916cJsUZ
2016-07-05 13:51:57 +02:00
Carsten "Tomcat" Book 30cb0bf87f Backed out changeset 3601419d2e4b (bug 742434) for test failures like /content-security-policy/media-src/media-src-7_3.html timeouts 2016-07-05 12:25:55 +02:00
Carsten "Tomcat" Book d90190d784 Backed out changeset 730fcdccb26e (bug 742434) 2016-07-05 12:25:41 +02:00
Julian Hector a4e6059aeb Bug 742434 - Part 2: Introduce pref to control content sandbox. r=jld
MozReview-Commit-ID: HyNozlK5SAE
2016-06-16 12:39:07 +02:00
Julian Hector 21e153fc19 Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp
MozReview-Commit-ID: HrBpcQ1BYFI
2016-07-05 03:07:00 +02:00
Cykesiopka 90d2c0d630 Bug 1281955 - Don't Adopt() NSS allocated strings in PSM to avoid using the wrong deallocator. r=dkeeler
There are a few places in PSM where the result of an NSS function returning
char* is adopted by e.g. an nsXPIDLCString, which will use the wrong deallocator
when the string eventually gets destroyed.

This is basically Bug 1281564, but the free() call is buried within the Mozilla
string code instead.

MozReview-Commit-ID: HVSMyRpLnjS

--HG--
extra : transplant_source : Msmc%DB%16%23%87%00%A1%05%ABB%0BD%97%3B%A1%E7x
2016-06-29 18:42:37 -07:00
Gian-Carlo Pascutto 0a5cac2ffc Backed out 2 changesets (bug 742434)
Backed out changeset 4e0e2373e234 (bug 742434)
Backed out changeset 66a937c6ca0e (bug 742434)

MozReview-Commit-ID: 8Chchv4HUL

--HG--
extra : rebase_source : 78f35317a643a48c3f45ec34d88fe321d71d04d1
2016-07-04 18:00:53 +02:00
Julian Hector c50fb0578f Bug 742434 - Part 1: Introduce pref to control content sandbox. r=jld
MozReview-Commit-ID: CuSCwcwRiND
2016-06-16 12:39:07 +02:00
Sergei Chernov edb1f658f6 Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler
MozReview-Commit-ID: HZwzSgxarTw

--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
2016-06-15 11:11:00 +03:00
Gian-Carlo Pascutto d56f275c43 Bug 1273852 - Update chromium's list of linux-x86-32 syscalls. r=jld
MozReview-Commit-ID: KpjitH5GQEq

--HG--
extra : rebase_source : d45c7d0c1bf13481fe30ec484a15a409771f04ff
2016-06-08 20:36:04 +02:00
Gian-Carlo Pascutto a7f65e7eac Bug 1273852 - Allow getsockopt in EvaluateSocketCall. r=jld
MozReview-Commit-ID: F9rVM0VKmUR

--HG--
extra : rebase_source : 86271db1e6c24a4ca98ccb0580cd608c2a4cc580
2016-06-08 19:05:08 +02:00
Gian-Carlo Pascutto d270c42cdd Bug 1273852 - Always add seccomp-bpf socketcall dispatcher. r=jld
For 32-bit Linux 4.3+, always add socketcall dispatcher even if relevant
syscalls are known, because both entry points will exist.

See Linux kernel commit:

commit 9dea5dc921b5f4045a18c63eb92e84dc274d17eb
Author: Andy Lutomirski <luto@kernel.org>
Date:   Tue Jul 14 15:24:24 2015 -0700

    x86/entry/syscalls: Wire up 32-bit direct socket calls


MozReview-Commit-ID: I3GEvolGfsR

--HG--
extra : rebase_source : c358a6d39d9bf5701150e58f1002f6c6dc91cd6f
2016-06-29 20:34:40 +02:00
Carsten "Tomcat" Book 6152d5afcc Merge mozilla-central to mozilla-inbound 2016-06-30 12:46:28 +02:00
Carsten "Tomcat" Book 3a42c363cc merge mozilla-inbound to mozilla-central a=merge 2016-06-30 12:33:41 +02:00
Tim Taubert 4b5f869ce3 Bug 1283376 - Land NSS_3_26_BETA1 r=franziskus 2016-06-30 08:42:30 +02:00
Cykesiopka d93f9d1b28 Bug 1282004 - Convert TestMD4 CPP unit test into a GTest. r=mgoodwin
Nothing in the file requires functionality provided by the CPP unit test harness,
so making the file a GTest makes it more accessible.

MozReview-Commit-ID: FaAtF0blCwV

--HG--
rename : security/manager/ssl/tests/compiled/TestMD4.cpp => security/manager/ssl/tests/gtest/MD4Test.cpp
extra : transplant_source : edV%1F%0B97%1B%25%FA%0ABH%14%F5%A2Ms/%7E
2016-06-27 09:06:51 -07:00
Cykesiopka 3f7ca34d26 Bug 1282004 - Make it easier to run all PSM GTests at once. r=mgoodwin
Currently, running all the PSM GTests involves providing a filter that catches
all the various tests. This is annoying and error prone.

The changes here make running all PSM GTests as easy as:
  mach gtest "psm*"

MozReview-Commit-ID: EqaysNvwJaQ

--HG--
extra : transplant_source : %0CCM%99%12%18%8D%B9%DD%84%0C%A06%0Ba%AD%A7%EB%B3%FB
2016-06-27 09:06:43 -07:00
David Keeler 3fed4e5ecc bug 1272858 - use a name-agnostic method to find the built-in root PKCS#11 slot r=Cykesiopka
Previously this implementation would use the expected names of the built-in
module and slot to get a handle on them. This doesn't work on distributions that
use other names. The new implementation searches through the slots from the
default module list for one where PK11_HasRootCerts returns true (which
indicates that NSS considers that slot to contain the default built-in root
list).

MozReview-Commit-ID: LmX27hQfFJU

--HG--
extra : rebase_source : 50383dcc77257fe08ce2c7d908e95cda7c4bbe9d
2016-06-23 15:43:47 -07:00
David Keeler fbd578cfcf bug 826783 - make certificate viewer more flexible about its minimum size r=mgoodwin
This makes the certificate viewer able to shrink itself down a bit on small
screen sizes. Without this patch, the "Close" button would be off the screen on
small resolutions like 1024x768. On larger screen sizes, this patch should have
no effect on the initial size of the certificate viewer window (although it now
can be made smaller manually).

MozReview-Commit-ID: IET9dxx23Xc

--HG--
extra : rebase_source : 487c88d626df7184502226b9ce02410adc504f12
2016-06-24 10:23:18 -07:00
Masatoshi Kimura 759c6d2a52 Bug 1279479 - Hide DHE cipher suites from the first handshake. r=keeler
MozReview-Commit-ID: BXZm6EMaLy2

--HG--
rename : security/manager/ssl/tests/unit/test_weak_crypto.js => security/manager/ssl/tests/unit/test_fallback_cipher.js
extra : rebase_source : 925361a6114fa5b09f74e2f61e504a1e3b938805
2016-06-23 03:48:02 +09:00
Cykesiopka 577a05865b Bug 307081 - Make nsIClientAuthDialogs::ChooseCertificate() pass an nsIArray of nsIX509Certs, not strings. r=kats,keeler
This provides implementations of ChooseCertificate() with more flexibility, and
allows callers of ChooseCertificate() to be less complex.

A portion of this work involves reimplementing
nsNSSCertificate::FormatUIStrings() in JS and improving UI strings for l10n.

MozReview-Commit-ID: CE7Uc2ntwmZ

--HG--
extra : transplant_source : R%A8eC%CEO2%DC%20%F7%B4V%F3g%E6h%EB%D5%8D3
2016-06-24 00:12:16 -07:00
Cykesiopka 313db6b516 Bug 307081 - Clean up nsIClientAuthDialogs.idl and implementations. r=kats,keeler
This fixes the following in the IDL:
1. Misleading or unclear parameter names in the IDL. |cn| in practice is the
   concatenation of the CN of the server cert and the port of the server, and
   |issuer| is the Organization of the issuer cert of the server cert.
2. Use of the |wstring| type. |AString| is generally preferred, and has the
   benefit of letting implementations skip null checks due to the use of
   references.
3. Using an explicit |canceled| outparam instead of just setting a return type.
   There is no need for the outparam if the return type can be used.
4. Using |long| (int32_t) for |selectedIndex|. |unsigned long| (uint32_t) is
   more logical, and paves the way for future changes.

This fixes the following in the Android implementation:
1. Lack of checks to ensure the QueryInterface() call succeeded. In practice,
   the call will always succeed, but it's good practice to check anyways.
2. Setting a variable to an nsIPrefService instance initially, then later
   setting it to a pref branch instance later on. This is confusing and
   unnecessary.

This fixes the following in the desktop implementation:
1. Lack of null pointer checking.
2. Trying to get a parent window ref off a context that doesn't actually support
   doing so.
3. Setting a variable to an nsIPrefService instance initially, then later
   setting it to a pref branch instance later on. This is confusing and
   unnecessary.
4. Abusal of the CAPS bundle.
5. Unnecessary variables.
6. Variables declared far away from where they are used.
7. Variable shadowing.
8. Style issues.
9. Lack of documentation.

This also fixes the following:
1. Lack of localisation notes.

MozReview-Commit-ID: FTc6XecJd6h

--HG--
extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.-
2016-06-24 00:12:11 -07:00
Cykesiopka 1bc7589c72 Bug 307081 - Expose nsNSSCertificate.cpp GetKeyUsagesString() as the keyUsages attribute on nsIX509Cert. r=keeler
This allows nsNSSCertificate::FormatUIStrings() to be reimplemented in JS, which
is a necessary step for making nsIClientAuthDialogs::ChooseCertificate() pass an
nsIArray of nsIX509Certs.

Also removes some deprecated and unused constants.

MozReview-Commit-ID: CJITKVlUEtP

--HG--
extra : transplant_source : %1C%09%B2%B5%F4%C4%28%1A%B2%E5%CFsu%8B%B6W%8El%9Cn
2016-06-24 00:12:06 -07:00
Cykesiopka 97ab4b046e Bug 1281564 - Fix misuses of free() as the deallocator in PSM. r=keeler
There are a few places in PSM where free() is used to free memory allocated by
NSS instead of PORT_Free() (or higher level deallocation functions that end up
calling PORT_Free()).

In practice, PORT_Free() is just a wrapper around PR_Free(), which is just a
wrapper around free() if we don't ask NSPR to use a zone allocator.
Gecko explicitly tells NSPR not to use a zone allocator, so the changes here are
mainly for making the code more obviously correct.

This patch also includes some misc cleanup.

MozReview-Commit-ID: 9Ccg5OwlhWR

--HG--
extra : rebase_source : 768979a4bedb1cbdab2398d2a416429d9a241dd6
2016-06-22 15:56:11 -07:00
Cykesiopka 26dc8be640 Bug 1280331 - Update HPKP preload script URL to deal with renaming of transport_security_state_static.certs. r=keeler
4361f2ad66
renamed transport_security_state_static.certs to
transport_security_state_static.pins, so the URL needs to be updated to avoid
a 404.

MozReview-Commit-ID: 1FmYdi0mMcI

--HG--
extra : rebase_source : 25ebf2290cab6ee12f98bc65972b696c45d506d0
2016-06-21 16:11:57 -07:00
Masatoshi Kimura bdcdded91f Bug 1281084 - Enable TLS 1.3 PSK-resumption for AES-256-GCM and ChaCha20/Poly1305. r=keeler 2016-06-22 21:55:13 +09:00
Mark Goodwin d3dde26071 Bug 1280224 - Initial values for the content signature root pref are ignored. r=keeler
MozReview-Commit-ID: 9y8wsVcz0hz
2016-06-21 15:24:52 +01:00
David Keeler 540b8f3d01 bug 1278041 - skip TLS Feature checks so HPKP can be set r=mgoodwin
This is safe because TLS Feature checks have already been done when connecting
to the site in the first place.

MozReview-Commit-ID: HfbcrAv4bCJ

--HG--
extra : rebase_source : d1f22c1a4e2c8535e10bd071c937a1aac7b8e2fd
2016-06-20 16:36:36 -07:00
Kai Engert c6ce2eb18b Bug 1277255, land NSS_3_25_RC1, r=me 2016-06-20 19:17:28 +02:00
Carsten "Tomcat" Book ecdef8e6f4 merge mozilla-inbound to mozilla-central a=merge 2016-06-17 00:32:10 +01:00
Thomas Zimmermann 97a43c0b93 Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.

MozReview-Commit-ID: oKwdjzDjij
2016-06-16 08:43:51 +01:00
Thomas Zimmermann 7d6335ca2d Bug 1276927: Fix B2G sandboxing code to build with Android NDK, r=fabrice
This patch fixes an incorrect C++ namespace of STL datastructures.

MozReview-Commit-ID: FYx38sTzF4I
2016-06-16 08:43:51 +01:00
Onno Ekker f1de083a08 Bug 1279953 - Ambiguous string usage for "not encrypted page". r=dolske
--HG--
extra : rebase_source : e6ea020d8b98e9bef2e895e5312edc47d839cc2c
2016-06-13 22:14:04 +02:00
Sebastian Hengst 809cc61389 Backed out changeset a4f95658a29b (bug 1276927) 2016-06-15 12:24:14 +02:00
Sebastian Hengst bb691db120 Backed out changeset b6c190b08824 (bug 1276927) 2016-06-15 12:23:52 +02:00
Thomas Zimmermann 565a7b74dc Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.

MozReview-Commit-ID: oKwdjzDjij
2016-06-15 10:59:49 +01:00
Thomas Zimmermann 652691d85a Bug 1276927: Fix B2G sandboxing code to build with Android NDK, r=fabrice
This patch fixes an incorrect C++ namespace of STL datastructures.

MozReview-Commit-ID: FYx38sTzF4I
2016-06-15 10:59:48 +01:00
Franziskus Kiefer a394235094 Bug 1277255, land NSS_3_25_RC0, r=kaie 2016-06-13 17:31:45 +02:00
Julian Hector 14d815c27e Bug 1275920 - Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld
--HG--
extra : rebase_source : 4808d641597e40e124be0bae1e10ad37570355c9
2016-05-27 19:29:21 +02:00
Gian-Carlo Pascutto d543e16807 Bug 1273859 - Add sys_pwrite64 to seccomp whitelist for content process. r=jld
MozReview-Commit-ID: FsJ8ER9B9EY

--HG--
extra : rebase_source : a76bb584e8804a3f73abf2c821fa2d9d25997a17
2016-05-18 14:39:20 +02:00
David Keeler febcbb464f bug 1278605 - ensure that nsICertOverrideService can be implemented in JS r=Cykesiopka
MozReview-Commit-ID: KSVeraWuRPZ

--HG--
extra : rebase_source : 15f7abb08b57c8525e44f39c5e10c9cc5299dc47
2016-06-07 11:27:33 -07:00
Masatoshi Kimura dfb8d11072 Bug 1268728 - Remove ability to enable RC4. r=keeler 2016-06-07 22:17:43 +09:00
Bob Owen 5714578c95 Bug 1278528: Don't try to initialize the sandbox TargetServices when we are not sandboxed. r=jimm
MozReview-Commit-ID: EpXy9LYXwQL
2016-06-07 14:03:51 +01:00
Julian Hector d5bb492be4 Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld 2016-05-26 16:20:44 +02:00
Julian Hector 1f2003d5b1 Bug 1274873 - Part 1: Change search order for free signal r=jld 2016-05-26 16:19:28 +02:00
Carsten "Tomcat" Book efa443d4d3 Backed out changeset ae5286493f15 (bug 1274873) for frequent timeouts in browser_ManifestObtainer_obtain.js
--HG--
extra : rebase_source : 5aa2340db1e93f26feb5c3173b8af4aacdb60b31
2016-06-07 12:07:16 +02:00
Carsten "Tomcat" Book 1d324ed30a Backed out changeset 62646bfa1f95 (bug 1274873)
--HG--
extra : rebase_source : 644a5678b4f8e32e9809583cf7eb88fb0a518f31
2016-06-07 12:06:51 +02:00
Julian Hector fd5c167bdc Bug 1276470 - Add sys_statfs to seccomp whitelist. r=jld 2016-05-28 20:33:49 +02:00
Julian Hector 1b857c2f98 Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld 2016-05-26 16:20:44 +02:00
Julian Hector 1c0ad8ce67 Bug 1274873 - Part 1: Change search order for free signal r=jld 2016-05-26 16:19:28 +02:00
Haik Aftandilian 99f34a0cfe Bug 1272764 - Remove OS X 10.6-10.8-Specific Sandboxing Code (fix indentation); r=bobowen 2016-06-06 13:15:00 +02:00
Haik Aftandilian ad91978a78 Bug 1272764 - Remove OS X 10.6-10.8-Specific Sandboxing Code; r=bobowen 2016-06-06 13:15:00 +02:00
David Keeler 5e35bedf79 bug 1266563 - regenerate CA telemetry hash table r=jcj
MozReview-Commit-ID: 1NXDU2ejfzl

--HG--
extra : rebase_source : 86abe8c3009542557da524f3697414b7cee9fcb3
2016-06-03 16:12:38 -07:00
Gabor Krizsanits 6c0e1dc69f Bug 1146873 - Handling sandbox policy setup failures. r=bobowen 2016-06-06 15:13:33 +02:00
Carsten "Tomcat" Book 4aea0165dc merge mozilla-inbound to mozilla-central a=merge 2016-06-06 11:55:56 +02:00
ffxbld 989a828304 No bug, Automated HPKP preload list update from host bld-linux64-spot-384 - a=hpkp-update 2016-06-04 05:09:33 -07:00
ffxbld 237f18948d No bug, Automated HSTS preload list update from host bld-linux64-spot-384 - a=hsts-update 2016-06-04 05:09:30 -07:00
Haik Aftandilian c0be03a3bd Bug 1272772 - Inline system.sb and remove unneeded rules (removes unneeded rules); r=gcp 2016-06-01 15:40:00 +02:00
Haik Aftandilian 5b9493970f Bug 1272772 - Inline system.sb and remove unneeded rules (removes unused macros); r=gcp 2016-06-01 15:40:00 +02:00
Haik Aftandilian 3cb7c0e726 Bug 1272772 - Inline system.sb and remove unneeded rules (inline system.sb rules); r=gcp 2016-06-01 15:40:00 +02:00
Masatoshi Kimura ee23c0a77c Bug 975832 - Enable AES-256 variants of the AES-128 GCM cipher suites we have already enabled. r=keeler 2016-06-04 08:19:29 +09:00
David Keeler baead5135e bug 1277240 - don't import trust anchors in SaveIntermediateCerts r=Cykesiopka
MozReview-Commit-ID: KHwA2LJSeUS

--HG--
extra : rebase_source : e1f7a469d2dc8608adf4b0172f99d9adb192bbb5
2016-06-02 13:17:14 -07:00
Julian Hector d0f949dad4 Bug 1275786 - Add sys_listen to seccomp whitelist. r=jld
--HG--
extra : rebase_source : 7028482ca148f63e53e1fe915d0be507b5116c84
2016-05-27 16:00:50 +02:00
Julian Hector cb6d29b0b7 Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld
--HG--
extra : rebase_source : 90d403a3b21547ff7f280b2bff7746f4b8e32fe3
2016-05-27 15:58:51 +02:00
Julian Hector 5eb8b17162 Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld
--HG--
extra : rebase_source : e4761ce8c466987f54ddd41603fa626923fe0865
2016-05-27 15:56:35 +02:00
Kai Engert c50d0b99ce Bug 1277255, land NSS_3_25_BETA1, r=franziskus 2016-06-02 22:33:04 +02:00
Cykesiopka 4e54963733 Bug 1275197 - Ensure nsNSSU2FToken.cpp GetSymKeyByNickname() does not cause leaks. r=keeler
Prior to these changes, GetSymKeyByNickname() could theoretically leak. This
should not happen in practice, so the changes here just ensure that the code
doesn't cause leaks.

MozReview-Commit-ID: LWtqLmsBPV2

--HG--
extra : transplant_source : rWE%CD%D8%A7%87%3C%95%03%B5%03E%3E%06E%C7O%0D%F6
2016-06-01 22:43:37 -07:00
Jonas Sicking c706b7f059 Bug 1275714 - Changes in preparation for FlyWeb landing. Add ability to pin using a cert fingerprint, in addition to using a cert. r=dkeeler
--HG--
extra : amend_source : 41336f6eeaf5e26b91e177dd60a91ad9ed3a064c
2016-06-01 17:02:34 -04:00
Haik Aftandilian 7c418a5f4a Bug 1276420 - Widevine plugin crashing on OS X due to -stdlib=libc++ and sandboxing interaction; r=gcp 2016-06-01 12:26:04 -07:00
J.C. Jones 8524776280 Bug 1275479 - Create nsIU2FToken base interface (Part 2). r=keeler
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.

MozReview-Commit-ID: GQuu6NolF4D

--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
2016-05-27 13:44:20 -07:00
Chris Peterson 6b776e8000 Bug 1277014 - Fix -Wstring-conversion warnings in security/manager/ssl/. r=keeler
security/manager/ssl/nsNSSComponent.cpp:1694:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [31]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1333:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1341:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1349:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1357:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
2016-05-31 21:51:50 -07:00
Carsten "Tomcat" Book 76fd727737 Merge mozilla-central to mozilla-inbound 2016-05-30 15:30:55 +02:00
Carsten "Tomcat" Book 463212f69f merge mozilla-inbound to mozilla-central a=merge 2016-05-30 15:29:19 +02:00
Julian Seward 8562142079 Bug 1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 SHA1_End. r=dkeeler.
--HG--
extra : rebase_source : d8e517c891212c0b7794e7db433f6ed626c4cac5
2016-05-30 15:25:52 +02:00
ffxbld dca36f5e32 No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update 2016-05-28 05:20:15 -07:00
ffxbld 3eac728432 No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update 2016-05-28 05:20:13 -07:00
Wes Kocher 9749648a79 Merge inbound to m-c a=merge 2016-05-27 14:14:36 -07:00
Ryan VanderMeulen 687dcb9a8f Backed out changesets d3bde9a513bb and 9fd1d6aeed21 (bug 1272764) for causing startup crashing on OSX 10.9. a=me 2016-05-27 14:50:50 -04:00
Chris Peterson 11ef78ae89 Bug 1275016 - Rename Endian.h to EndianUtils.h to avoid #include confusion with Android's endian.h stdlib header. r=froydnj
--HG--
rename : mfbt/Endian.h => mfbt/EndianUtils.h
2016-05-22 13:31:11 -07:00
David Keeler 8ba29d1473 bug 1265113 - implement platform support for enterprise roots r=Cykesiopka,mhowell,rbarnes
MozReview-Commit-ID: JKxwCjoH0Oa

--HG--
extra : rebase_source : 9eaf3f1c5371e7b4b4df304bc6ce132ade5775da
2016-04-13 15:36:22 -07:00
Haik Aftandilian 0c9bf9e670 Bug 1272764 - Indentation and whitespace cleanups. r=bobowen
--HG--
extra : rebase_source : d3ac9c55cbe4924702fad32dabbc97ac921cce07
2016-05-26 00:08:00 -04:00
Haik Aftandilian 4c4557e85c Bug 1272764 - Remove OS X 10.6-10.8-specific sandboxing code. r=bobowen
--HG--
extra : rebase_source : 94630f8208b4ee1e3664e61425c083a05157e64d
2016-05-26 00:07:00 -04:00
Alexandre Lissy c6be1d0d13 Bug 1274826 - Bypass building SandboxHooks on Gonk r=jld
MozReview-Commit-ID: 3TVdcY7aXvW

--HG--
extra : rebase_source : b734c54ad4e7b8fff384f399b84014410b4cf719
2016-05-26 01:02:25 +02:00
Carsten "Tomcat" Book b6b164ec6d Merge mozilla-central to mozilla-inbound 2016-05-25 15:20:00 +02:00
Carsten "Tomcat" Book c715836c7f merge mozilla-inbound to mozilla-central a=merge 2016-05-25 15:04:00 +02:00
Carsten "Tomcat" Book 3cab03a461 Merge mozilla-central to fx-team 2016-05-24 15:15:55 +02:00