5c64ad5e40
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-06-01 08:22:16 -07:00
9dbe8dec8a
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-06-01 08:22:13 -07:00
d27dc0ba0b
Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
...
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.
MozReview-Commit-ID: 9QNTCkdbTfm
--HG--
extra : rebase_source : cd5a853c46a5cd334504b339bef8df30a3cabe51
2017-05-12 17:04:42 -04:00
fd03aa5bc8
Backed out changeset 4e283b54baa6 (bug 1358223) for build bustage on Android at dom/ipc/ContentChild.cpp:21. r=backout
2017-05-31 21:34:13 +02:00
39f34ea898
Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
...
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.
MozReview-Commit-ID: 9QNTCkdbTfm
--HG--
extra : rebase_source : 1a26ffc5b9f80e6df4c37c23f506e907ba44053a
2017-05-12 17:04:42 -04:00
1532472698
Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 r=haik
...
r?haik
MozReview-Commit-ID: HPW4luz5n0M
--HG--
extra : rebase_source : c224b56de4b705758e2ab7820af02a4ef41d4040
2017-05-30 13:52:57 -04:00
af691573d4
Merge m-c to autoland. a=merge
2017-05-30 12:59:41 -04:00
7c3223ec90
No bug, Automated HPKP preload list update from host bld-linux64-spot-383 - a=hpkp-update
2017-05-30 08:16:50 -07:00
c522116a60
No bug, Automated HSTS preload list update from host bld-linux64-spot-383 - a=hsts-update
2017-05-30 08:16:47 -07:00
b318c7dca7
merge mozilla-inbound to mozilla-central + UPGRADE_NSS_RELEASE a=merge
...
--HG--
rename : toolkit/components/extensions/test/xpcshell/xpcshell.ini => toolkit/components/extensions/test/xpcshell/xpcshell-common.ini
extra : amend_source : 458fd54fe8070ca3034ac441267ff7025adb5251
2017-05-30 11:37:46 +02:00
544308c147
No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update
2017-05-29 08:18:00 -07:00
d3a21a063c
No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update
2017-05-29 08:17:57 -07:00
afc9fc15dc
Bug 1345368 - land NSS 29290a4a9bd0 UPGRADE_NSS_RELEASE, r=me
2017-05-29 09:27:40 +02:00
3724e0f28c
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2017-05-28 08:15:02 -07:00
c81b68804b
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2017-05-28 08:14:59 -07:00
596d188f6d
No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update
2017-05-27 08:17:01 -07:00
a7c347e651
No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update
2017-05-27 08:16:58 -07:00
5a51fa544c
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-05-26 08:16:49 -07:00
4fcea03f05
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-05-26 08:16:46 -07:00
02bee25903
Bug 1366584 - Add initial [must_use] properties to PSM IDL files. r=keeler
...
The [must_use] property on XPIDL methods and attributes is useful for making
sure errors are properly handled.
As a first step, this patch adds the property to PSM methods and attributes that
are already correctly checked everywhere.
MozReview-Commit-ID: KyGxwUK3x0X
--HG--
extra : rebase_source : 45bd3f8d305fe221cc1bba73a520f11829dc5a42
2017-05-25 21:56:04 +08:00
3e029fa5c8
bug 1359514 - remove EV treatment for "Swisscom Root EV CA 2" r=kmckinley
...
The "Swisscom Root EV CA 2" root is no longer in use and will be removed from
the built-in root CA list. However, we have to remove its EV treatment first.
MozReview-Commit-ID: 2TZRt5px7bl
--HG--
extra : rebase_source : 68902555ffe62a973cfaac3af531e96aa288a339
2017-05-25 13:55:15 -07:00
d3f265330e
Merge m-c to autoland. a=merge
2017-05-25 16:44:01 -04:00
b8ba243c22
Merge autoland to m-c. a=merge
2017-05-25 16:31:52 -04:00
3d5d49ce51
No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update
2017-05-25 08:19:09 -07:00
56535cde6c
No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update
2017-05-25 08:19:07 -07:00
98d942eac1
bug 1366100 - disable OCSP fetching for DV certificates in nightly r=jaws,jcj
...
After this change, the platform will only fetch OCSP responses for EV
certificates (in nightly).
MozReview-Commit-ID: 3d9kzCYmnsa
--HG--
extra : rebase_source : e0cbbf6615e1ba813461dd13350f40ae7e0fbc07
2017-05-23 17:07:51 -07:00
f6b03fa260
Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp
...
MozReview-Commit-ID: 2DeklSGsjUV
--HG--
extra : rebase_source : 8a202c23dc9a3ddede49b08ce1e0792dfb40bdbf
2017-04-11 20:55:34 -06:00
675bae8c8d
Bug 1364533 - Allow madvise huge page hints. r=gcp
...
MozReview-Commit-ID: 7sNWS2sFJCx
--HG--
extra : rebase_source : c1730d2ac5d352dcaec1889d4f20dd9bc0a838a8
2017-05-12 20:04:07 -06:00
af8ecb9a1e
No bug, Automated HPKP preload list update from host bld-linux64-spot-376 - a=hpkp-update
2017-05-24 08:09:01 -07:00
08e4cade1c
No bug, Automated HSTS preload list update from host bld-linux64-spot-376 - a=hsts-update
2017-05-24 08:08:58 -07:00
e096678430
Merge m-c to autoland. a=merge UPGRADE_NSS_RELEASE
...
--HG--
rename : dom/security/test/sri/iframe_style_crossdomain.html => dom/security/test/sri/iframe_style_crossdomain_legacy.html
rename : mobile/android/themes/core/content.css => mobile/android/themes/geckoview/content.css
rename : mobile/android/themes/core/images/accessiblecaret-normal-hdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-normal-hdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-normal-xhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-normal-xhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-normal-xxhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-normal-xxhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-left-hdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-left-hdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-left-xhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-left-xhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-left-xxhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-left-xxhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-right-hdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-right-hdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-right-xhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-right-xhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-right-xxhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-right-xxhdpi.png
rename : mobile/android/themes/core/images/dropmarker-right.svg => mobile/android/themes/geckoview/images/dropmarker-right.svg
rename : mobile/android/themes/core/images/dropmarker.svg => mobile/android/themes/geckoview/images/dropmarker.svg
rename : mobile/android/themes/core/images/cast-active.svg => mobile/android/themes/geckoview/images/videocontrols-cast-active.svg
rename : mobile/android/themes/core/images/cast-ready.svg => mobile/android/themes/geckoview/images/videocontrols-cast-ready.svg
rename : mobile/android/themes/core/images/exitfullscreen.svg => mobile/android/themes/geckoview/images/videocontrols-exitfullscreen.svg
rename : mobile/android/themes/core/images/fullscreen.svg => mobile/android/themes/geckoview/images/videocontrols-fullscreen.svg
rename : mobile/android/themes/core/images/mute.svg => mobile/android/themes/geckoview/images/videocontrols-mute.svg
rename : mobile/android/themes/core/images/pause.svg => mobile/android/themes/geckoview/images/videocontrols-pause.svg
rename : mobile/android/themes/core/images/play.svg => mobile/android/themes/geckoview/images/videocontrols-play.svg
rename : mobile/android/themes/core/images/scrubber.svg => mobile/android/themes/geckoview/images/videocontrols-scrubber.svg
rename : mobile/android/themes/core/images/unmute.svg => mobile/android/themes/geckoview/images/videocontrols-unmute.svg
rename : mobile/android/themes/core/scrollbar-apz.css => mobile/android/themes/geckoview/scrollbar-apz.css
rename : mobile/android/themes/core/touchcontrols.css => mobile/android/themes/geckoview/videocontrols.css
extra : rebase_source : a5b4c2c75991990af25c4686ff96c199834ff317
2017-05-23 13:41:47 -04:00
0fea6cd28c
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2017-05-23 08:08:00 -07:00
0704600a36
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2017-05-23 08:07:57 -07:00
073576f302
Backed out changeset bf6ee973f04e because of Android bustage UPGRADE_NSS_RELEASE
...
--HG--
extra : amend_source : 6502b79382c14536c060c03b428172cb6edc9d3f
2017-05-23 13:22:21 +02:00
66f094103a
Bug 1345368 - land NSS 0c3800b6eaba UPGRADE_NSS_RELEASE, r=me
2017-05-23 12:36:33 +02:00
3ddfb3c1ce
bug 1364159 - potentially avoid calling CERT_CreateSubjectCertList in NSSCertDBTrustDomain::FindIssuer r=Cykesiopka,jcj
...
CERT_CreateSubjectCertList is not an inexpensive function call, since it
enumerates the certificate database (i.e. reads from disk a lot). If we're
verifying for a TLS handshake, however, we should already have in memory a
certificate chain sent by the peer (there are some cases where we won't, such as
session resumption (see bug 731478)). If we can, we should use those
certificates before falling back to calling CERT_CreateSubjectCertList.
MozReview-Commit-ID: ASjVGsELb1O
--HG--
extra : rebase_source : 1efc635d4a98079c87f77ef3794e4b2f20eec59f
2017-05-11 16:41:12 -07:00
ea09f270ab
Bug 1368041 - Enable no-array-constructor across mozilla-central r=standard8
...
MozReview-Commit-ID: EXJNufdKKhJ
--HG--
extra : rebase_source : 66d17c7981c4b0987c482ce092b25990b42c07fb
2017-05-27 15:17:29 +01:00
73288e2bbf
Bug 1174555 - Improve state string parsing test coverage. r=keeler
...
MozReview-Commit-ID: Fv66f1gu4kT
--HG--
extra : rebase_source : f02a317fd958909d42bad9cd206f5a74f36d8689
2017-05-21 10:43:44 +08:00
114202795c
Bug 1174555 - Clean up some SiteSecurityService state file related tests. r=keeler
...
MozReview-Commit-ID: 6qXV04CUElu
--HG--
extra : rebase_source : ba47e0cfe9317703895df02277568e59cc56591c
2017-05-21 10:43:32 +08:00
c1efdc2244
Bug 1174555 - Stop using PR_sscanf() in nsSiteSecurityService.cpp. r=keeler
...
While the uses of PR_sscanf() in PSM are safe, the function in general is
vulnerable to format string attacks, and so should be avoided.
This change removes the only uses of the function in PSM and moves to the more
obviously safe mozilla::Tokenizer.
MozReview-Commit-ID: J4BP6JTE1zI
--HG--
extra : rebase_source : e77e8b1ba70bef6f0ff794b7d066bbbdebe8f58e
2017-05-21 10:43:18 +08:00
95d9608ba4
Bug 1367198 - Remove duplicate ESLint rule definitions from various .eslintrc.js files. r=standard8
...
MozReview-Commit-ID: AUz5l7XPfwY
--HG--
extra : rebase_source : 2cb4758cdf51765fc61fbc6795fcd7bc85ef67bf
2017-05-24 13:55:24 -03:00
e6bdfd5594
Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm
...
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
MozReview-Commit-ID: Jn6pCkLoGNM
--HG--
extra : source : 431267ab28deabef6ed7c791d8dff79e3fe590c1
2017-05-22 20:41:28 +01:00
035cf9bdc2
Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm
...
MozReview-Commit-ID: L8wcVhdLvFe
--HG--
extra : source : c3fb60fbc32660719c1b8b06dc785abd4559d6c0
2017-05-22 20:41:27 +01:00
848c9aa744
Backed out 3 changesets (bug 1339105) for plugin process leaks a=backout
...
Backed out changeset 431267ab28de (bug 1339105)
Backed out changeset 445875fbf13b (bug 1339105)
Backed out changeset c3fb60fbc326 (bug 1339105)
MozReview-Commit-ID: 4HYUQbHHnox
2017-05-22 15:14:23 -07:00
16a4871cdf
Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm
...
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
2017-05-22 20:41:28 +01:00
edf3a239b1
Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm
...
MozReview-Commit-ID: L8wcVhdLvFe
2017-05-22 20:41:27 +01:00
89e33081c6
Backed out changeset 50bf4c923818 (bug 1339105) for Windows bustage: calling protected constructor of class 'nsAString' at sandboxBroker.cpp(208,11). r=backout on a CLOSED TREE
2017-05-22 16:16:16 +02:00
2a69fd246c
Backed out changeset 367734cc9370 (bug 1339105)
2017-05-22 16:14:27 +02:00
62c455086d
Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm
...
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
2017-05-22 14:29:06 +01:00
f24abd4ac3
Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm
...
MozReview-Commit-ID: L8wcVhdLvFe
2017-05-22 14:29:06 +01:00
ffxbld
Alex Gaynor
Sebastian Hengst
Ryan VanderMeulen
Carsten "Tomcat" Book
Franziskus Kiefer
Cykesiopka
David Keeler
Jed Davis
Dan Banner
tiago
Bob Owen
Wes Kocher