c3edf3a511
Backed out changeset 8fd0df8e208c (bug 423758) for bustage
2014-12-22 09:05:34 +01:00
b47d94a0c8
Bug 968451 - Document the exported functions exposed from mozilla::pkix (pkix/pkix.h). r=keeler
2014-12-19 12:25:00 +01:00
d741102951
Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler
...
NTLMv2 is the default.
This adds a new preference:
network.ntlm.force-generic-ntlm-v1
This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.
To support this, we also:
- Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"
- Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"
- Remove LM code from internal NTLM handler
The LM response should essentially never be sent, the last practical
use case was CIFS connections to Windows 9X, I have never seen a web
server that could only do LM
It is removed before the NTLMv2 work is done so as to avoid having 3
possible states here (LM, NTLM, NTLMv2) to control via preferences.
Developed with Garming Sam <garming@catalyst.net.nz>
2014-12-18 17:25:00 +01:00
79b6885780
Merge m-c to m-i
...
--HG--
extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e
2014-12-20 12:19:27 -08:00
6d9b691066
No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update
2014-12-20 03:20:57 -08:00
02fdacaf29
No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update
2014-12-20 03:20:56 -08:00
301128304a
Bug 1103816 - Add support for gonk-L to android_stub.h, r=glandium
2014-12-16 21:35:09 -05:00
83b87ab7f1
Bug 1113313 - Rename these functions to better reflect what they do. r=billm
...
--HG--
extra : rebase_source : ae61b3dd6dd5ce50a131a640060d7be57e562e4d
2014-12-19 12:07:04 -05:00
932b9471a2
Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler
...
--HG--
extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea
2014-12-15 20:49:42 -08:00
510bbfd05d
Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler
...
--HG--
extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab
2014-12-04 20:55:15 -08:00
1543a46c03
Bug 1111399, Part 2: Implement RFC822 (email) name constraints, r=keeler
...
--HG--
extra : rebase_source : 5905e247eee4d3562d741e6e9656dc4c40d821e4
2014-12-20 08:15:35 -08:00
c61befa56f
Bug 1111399, Part 1: Preconditions for RFC822 name constraints, r=keeler
...
--HG--
extra : rebase_source : cd20b448a6c77ba27c86cb3d8e6c121f92a2ba93
2014-12-20 07:35:44 -08:00
e0efc82826
Bug 1111398: Rename ValidDNSIDMatchType to IDRole, r=keeler
...
--HG--
extra : rebase_source : a07e58b82a61db595711c0ab887bec70d4145888
2014-12-13 22:29:58 -08:00
beff7d1c02
Bug 1111397, Part 2: Remove test_bug484111.html, r=keeler
...
--HG--
extra : rebase_source : 56617ea82e9028295203173d1ea5e6ccfdbf9722
2014-12-14 21:51:26 -08:00
87719d0a59
Bug 1111397: Refactor error handling for name matching, r=keeler
...
--HG--
extra : rebase_source : 7b1061874d7b6e02a158085c3a6580a7fc718bbe
2014-12-13 17:05:46 -08:00
90f31ccf52
Merge inbound to m-c. a=merge
...
CLOSED TREE
2014-12-17 20:53:20 -05:00
123a9716ca
Bug 952863, Part 2: Remove dead code for non-ECDHE TLS False Start, r=keeler
...
--HG--
extra : rebase_source : 47ee95682f769b8e10aaf55b0f4fccfef1fcdea0
2014-12-10 10:13:18 -08:00
0c4895658a
Bug 1112608 - use GENERATED_INCLUDES in security/manager/{boot,pki}/src/; r=mshal
...
The sole use of Makefile.in in the security/manager/{boot,pki}/src/
directories is so we can add $(DIST)/public/nss to INCLUDES.
GENERATED_INCLUDES can be used to handle this case instead, at the cost
of hardcoding the path to $(DIST). This seems reasonable enough, since
a number of moz.build files already know about dist/ and its location
within the objdir.
2014-12-17 11:02:19 -05:00
b2ba6d9ceb
bug 1102277 - Update seccomp filter for newer bionic. r=jld
2014-11-21 01:07:15 +08:00
72643b84e6
Bug 1111392: Add tests for malformed name constraints where there are no names of the constrained type, r=keeler
...
--HG--
extra : rebase_source : 048619553c7725eee1cb73df64faae8c8890c995
2014-10-30 16:48:31 -07:00
9725dd6a70
Bug 952863, Part 1: Require ECDHE for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : d983e440de5be7c097a3e0f4afe0de805c540919
2014-12-12 11:39:01 -08:00
ab4b12e208
Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus
2014-12-13 20:09:01 +09:00
7a433f6905
Bug 1084025, Part 3: Clean up some bits, r=keeler, r=emk
...
--HG--
extra : rebase_source : 7aa1de4e9c391bf3e3cd5df79c62fff4546a8c67
2014-12-12 16:42:41 -08:00
0cd5238974
Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler
...
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
2014-12-11 23:22:35 -08:00
c3ba2c1217
bug 1108408 - GeneralName types such as otherName where the value is a SEQUENCE should have the CONSTRUCTED bit set r=briansmith
2014-12-08 13:39:19 -08:00
63de38c180
Bug 1101969: Disable pinning on media.mozilla.com (r=keeler)
2014-12-12 09:10:57 -08:00
04d69a9f5b
Bug 1004781: Enable pinning for facebook in production mode (r=keeler)
2014-12-12 09:10:53 -08:00
7f05080219
Bug 940787: Stop requiring ALPN/NPN for False Start, r=keeler
...
--HG--
extra : rebase_source : f8946e1fc631f2458807a559104a1dca01f444ac
2014-12-10 10:50:48 -08:00
cc0b0eeed3
Bug 1109766: Require AES-GCM for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : 8370c628863e644131ed1fbe6b8e49b5dc1215dc
2014-12-10 10:19:00 -08:00
9c1c9d03e6
Bug 861310: Require TLS 1.2 for TLS False Start, r=keeler
...
--HG--
extra : rebase_source : d4bb253a84270c84acdf7ed4f84bc0186231e521
2014-12-10 10:04:45 -08:00
9cae71d8a9
Bug 1109252 - Make remaining PSM test cert generation scripts print out cert information as necessary. r=keeler
2014-12-10 21:32:00 +01:00
344f6abf7b
Bug 1093334 - Delete unnecessary copies of Chromium headers in security/sandbox/linux. r=kang
2014-12-10 17:26:12 -08:00
c2384cf7c7
Bug 1093334 - Adjust includes of Linux sandboxing headers from Chromium. r=kang
...
Also re-sorts some of the includes into something closer to the style guide.
2014-12-10 17:26:12 -08:00
30e88baa98
Bug 1093334 - Import more headers from Chromium rev 9522fad406dd161400daa518075828e47bd47f60. r=kang
2014-12-10 17:26:12 -08:00
30ba635db0
Bug 1102209 - Remove use of CodeGen::JoinInstructions in the Linux sandboxing code. r=kang
...
This reorganizes SandboxAssembler to stack up the policy rules and
traverse them in reverse order to build the filter DAG from tail to head
(i.e., starting with "deny all" and prepending allow and return-errno
rules). Thus, this code will continue to work (perhaps with minor
changes, such as to the NodePtr typedef) with future versions of the
Chromium sandbox code that don't allow mutating the filter program with
the JoinInstructions method.
2014-12-10 17:26:12 -08:00
114cf4fb41
Bug 1108759 - Fix B2G no-optimization builds. r=glandium
2014-12-10 16:17:47 -08:00
7e1828ba3d
Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler
2014-12-09 12:07:00 -05:00
6df9a55b46
Bug 978426 - Re-enable test_sts_preloadlist_perwindowpb.js on B2G. r=dkeeler
2014-12-09 11:37:00 +01:00
346599ec9c
Bug 1107791 Remove support for unusual wildcard names in certificates, r=keeler
...
--HG--
extra : rebase_source : bd142d2e85059a0d0fd36325242553e94a7d4377
2014-12-04 17:12:09 -08:00
bd9d21676a
Bug 1107790: Remove support for absolute hostnames in presented DNS IDs and name constraints, r=keeler
...
--HG--
extra : rebase_source : cf402f902196e729026d713cd6d62f5c3b889a12
2014-12-08 16:42:54 -08:00
81f8d7a489
Bug 1107787: Disable TLS_DHE_DSS_WITH_AES_128_CBC_SHA, r=keeler
...
--HG--
extra : rebase_source : 063d859c69adc8deba9d1842f4bd42a9b862bbe5
2014-12-04 19:50:58 -08:00
5bd7eba3e4
Bug 1037098: Remove preferences for cipher suites disabled in bug 1036765, r=keeler
...
--HG--
extra : rebase_source : b033bea062c8cafecd93830fa54f4cf184fa28df
2014-12-04 19:47:17 -08:00
01259ceda5
Bug 1107946: Fixed unused variable warnings in pkixnames_tests.cpp, r=keeler
...
--HG--
extra : rebase_source : 23d20e91c8b408363acab7c6d4d67a86d2293dff
2014-12-05 12:14:49 -08:00
1bdab6fe7b
Backed out changesets fb903f13f215, 9c5c712698e4, and 36d257ead3da (bug 1092835) for causing test_csp_allow_https_schemes.html permafail on Android 2.3.
...
CLOSED TREE
2014-12-09 14:00:47 -05:00
487b1516b0
Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus
2014-12-10 00:54:06 +09:00
5167dadd93
Bug 1093724 - Add a range check to the TLS version prefs loading code. r=keeler
2014-12-09 21:48:29 +09:00
b95c85162f
Bug 1084025 - Add telemetry to measure failures due to not falling back. r=keeler
2014-12-09 07:19:05 +09:00
529edd40b5
Merge inbound to m-c. a=merge
2014-12-08 15:46:14 -05:00
56bf9455a1
Bug 1105452 - Need to use new Audio system APIs for audio offload playback. r=roc, r=jld, r=ggrisco
...
Resolve the build failure caused by API changes
There are some changes in Audio APIs in Android version
21. Modifying the code to use the new APIs.
Change-Id: I24fdeb20f8f957d05fb6c0c317de0a6f0769c347
Resolve seccomp violation caused by syscall 256
Modify the filter to allow syscall 256 (set_tid_address).
Change-Id: I49461770c4c5e70bf68462d34321381b0b7ead0a
2014-12-02 17:10:00 -05:00
cf57e57455
merge mozilla-inbound to mozilla-central a=merge
2014-12-08 12:48:58 +01:00
15713eb9bb
No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update
2014-12-06 03:20:43 -08:00
6e96f60fd3
No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update
2014-12-06 03:20:41 -08:00
83c04b6586
Bug 1085074 - Part 3 - Update inadequately sized Delegated Signer cert. r=briansmith
2014-12-07 20:42:00 +01:00
ee0a49c7ee
Bug 1085074 - Part 2 - Use explicit bit sizes for key size cert file names. r=briansmith
2014-12-07 20:41:00 +01:00
b42aa85de9
Bug 1085074 - Part 1 - Use adequate/OK and inadequate/notOK to refer to sizes for key size tests. r=briansmith
2014-12-07 20:23:00 +01:00
d9a62a4cc2
bug 1020237 - follow-up to fix build bustage r=bustage on a CLOSED TREE
2014-12-05 10:12:58 -08:00
d97c7ea664
bug 1020237 - prefer root certificates to non-root certificates in NSSCertDBTrustDomain::FindIssuer r=briansmith
2014-12-04 13:37:01 -08:00
fc17106cf0
Bug 970542, Part 9: Better document name constraints as reference IDs, r=keeler
...
--HG--
extra : rebase_source : 60413188771454081226d58d03156c15ce795ca7
2014-10-26 11:26:26 -07:00
65284e98f6
Bug 970542, Part 8: IPAddress name constraint tests, r=keeler
...
--HG--
extra : rebase_source : e8cc0158248d4621da19dfef56089957af417f73
2014-10-26 16:57:00 -07:00
5fac205908
Bug 970542, Part 7: More CN-ID name constraint tests, r=keeler
...
--HG--
extra : rebase_source : 7a3d1d31cdc08ea1b989428cfc85f60a00528c72
2014-12-03 21:35:29 -08:00
ac1c16b716
Bug 970542, Part 6: DNSName name constraint tests, r=keeler
...
--HG--
extra : rebase_source : ec31862fc25cfcba1454ae862a26e7a27513e9b6
2014-10-19 23:53:45 -07:00
7dd909b9e5
Bug 970542, Part 5: New name constraint implementation, r=keeler, r=mmc
...
--HG--
extra : rebase_source : 849161ac892b05e5ff2d5552c632fc647d309085
2014-10-18 15:38:42 -07:00
2e28de4900
Bug 970542, Part 4: DirectoryName name constraint matching, r=keeler
...
--HG--
extra : rebase_source : 01770088851823ae1005227dcd43d82d015f4b0e
2014-10-18 14:51:37 -07:00
39a86a3659
Bug 970542, Part 3: IPAddress name constraint matching, r=keeler
...
--HG--
extra : rebase_source : f47ef9ead3323704595b91873811d1ead2403839
2014-10-17 13:02:26 -07:00
8b38009a34
Bug 970542, Part 2: DNSName name constraint matching, r=keeler
...
--HG--
extra : rebase_source : 50b1a7d5d9da97cc64e09d5e6cdc41b8200c3551
2014-10-20 22:20:58 -07:00
8d8b1cf373
Bug 970542, Part 1: Refactor name matching within CN AVAs to reduce duplicate logic, r=keeler
...
--HG--
extra : rebase_source : f129b24c58377f34ac7d80ee7d5e8775635843ff
2014-10-16 16:44:27 -07:00
08c8931f01
Bug 1083284 - New sandbox rules for Adobe's code fragment. r=areinald
2014-12-08 12:10:14 -06:00
e4d5592832
Bug 1105729: Pre VS2010 SP1 define our own verion of _xgetbv. r=tabraldes
2014-11-28 18:58:33 +00:00
8f08848fe0
Bug 1009158 - Fix and re-enable PSM xpcshell tests that would previously time out on Android due to LD_LIBRARY_PATH issues. r=keeler
2014-12-03 09:15:00 +01:00
629560ff5f
Bug 1102632 - Stop triggering non-secure fallback for SSL_ERROR_UNSUPPORTED_VERSION. r=keeler
2014-12-02 20:33:24 +09:00
c82a68a468
Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.17.3, changing version numbers, only.
2014-12-01 14:34:08 +01:00
296c205c71
Bug 1105851 - Unbreak non-unified non-SPS build after 1054498. r=jcj
2014-11-30 21:27:45 +01:00
986cd576ef
Bug 1094667: Use the USER_NON_ADMIN access token by default for the Windows content sandbox. r=tabraldes
2014-11-29 17:12:18 +00:00
ba7a2fa911
Bug 928044 Part 3: Add logging changes back into the Chromium interception code. r=tabraldes
2014-11-29 17:12:18 +00:00
b539721eb8
Bug 928044 Part 2: Enable the content sandbox by default on Windows with an open policy. r=tabraldes,glandium,jimm
...
--HG--
rename : security/sandbox/win/src/warnonlysandbox/wosCallbacks.h => security/sandbox/win/src/logging/loggingCallbacks.h
rename : security/sandbox/win/src/warnonlysandbox/wosTypes.h => security/sandbox/win/src/logging/loggingTypes.h
rename : security/sandbox/win/src/warnonlysandbox/warnOnlySandbox.cpp => security/sandbox/win/src/logging/sandboxLogging.cpp
rename : security/sandbox/win/src/warnonlysandbox/warnOnlySandbox.h => security/sandbox/win/src/logging/sandboxLogging.h
2014-11-29 17:12:18 +00:00
888a5871f3
Bug 928044 Part 1: Remove Chromium interception logging changes. r=tabraldes
2014-11-29 17:12:17 +00:00
40b044ec36
No bug, Automated HPKP preload list update from host b-linux64-ix-0005 - a=hpkp-update
2014-11-29 03:19:59 -08:00
08ee5c96d7
No bug, Automated HSTS preload list update from host b-linux64-ix-0005 - a=hsts-update
2014-11-29 03:19:56 -08:00
ea326643ff
Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18, land beta 4 which backs out bug 1073330
2014-11-28 07:56:26 +01:00
4155be994b
Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage
2014-11-27 16:30:41 +01:00
ce5a887c60
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused
2014-11-27 04:12:00 +01:00
d7c9eae1c7
Bug 1092998 - Followup to address review comments. r=keeler
2014-11-27 21:39:33 +09:00
c0ebc7a31b
Bug 1027902: Use an intial integrity level of low for the GMP sandbox on Windows. r=tabraldes
2014-11-27 08:44:45 +00:00
e4c077f303
Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler
2014-11-26 14:28:28 -08:00
8277eea9e9
Bug 1092998 - Deal with "cipher mismatch intolerant" servers. r=keeler
2014-11-27 07:19:11 +09:00
8313a4cfa7
bug 1104109 - follow-up to fix new EV OID description strings (they need to match if the OIDs are the same) r=keeler
2014-11-26 11:28:17 -08:00
2a1adf9b3e
Bug 1041775 Part 3: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes
...
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389
2014-11-18 15:11:47 +00:00
44cdc5f024
Bug 1041775 Part 2: Re-apply warn only sandbox changes to Chromium code after merge. r=tabraldes
...
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
https://hg.mozilla.org/mozilla-central/rev/8d0aca89e1b2
2014-11-18 15:09:55 +00:00
ba0931eb1d
Bug 1041775 Part 1: Update Chromium sandbox code to commit 9522fad406dd161400daa518075828e47bd47f60. r=jld,aklotz,glandium
...
--HG--
rename : security/sandbox/chromium/sandbox/linux/sandbox_export.h => security/sandbox/chromium/sandbox/sandbox_export.h
2014-11-18 13:48:21 +00:00
d7fafcac42
Bug 1103336 - Fix and re-enable PSM xpcshell tests that don't use add_tls_server_setup() on Android. r=dkeeler
2014-11-22 00:08:00 +01:00
fa8441a0a9
Bug 1104109 - December 2014 batch of EV root CA Changes. r=keeler
2014-11-24 16:36:00 +01:00
3134cd4342
Bug 968817 - Only accept certs for server TLS which use EKU (and which assert the TLS Server Authentication EKU) r=keeler
2014-11-24 20:33:50 -05:00
1b16fc180f
Bug 1101170 - Move Linux sandbox code into plugin-container on desktop. r=kang r=glandium
...
Specifically:
* SandboxCrash() uses internal Gecko interfaces, so stays in libxul.
* SandboxInfo moves to libxul from libmozsandbox, which no longer exists.
* Where libxul calls Set*Sandbox(), it uses weak symbols.
* Everything remains as it was on mobile.
2014-11-24 15:22:13 -08:00
2fdd7150c1
Bug 1101170 - Move sandbox status info into a separate module. r=kang r=glandium
...
This changes the interface so that the code which determines the flags
can live in one place, but checking the flags doesn't need to call into
another library.
Also removes the no-op wrappers for Set*Sandbox when disabled at build
time; nothing used them, one of them was unusable due to having the wrong
type, and all they really accomplish is allowing sloppiness with ifdefs
(which could hide actual mistakes).
2014-11-24 15:22:13 -08:00
a5cf3d5e45
Bug 1088255 - Collect telemetry on CAs that appear in valid cert chains r=keeler
2014-11-07 16:26:46 -05:00
972242692b
merge mozilla-inbound to mozilla-central a=merge
2014-11-24 13:30:23 +01:00
5e4279519a
No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update
2014-11-22 03:19:44 -08:00
8733524dee
No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update
2014-11-22 03:19:41 -08:00
6aea7c3edf
Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18 - NSS_3_18_BETA3, r=wtc
2014-11-20 20:29:15 +01:00
9401e46090
Backed out changeset 1aebb84c8af1 (bug 1041775) for Windows 8 PGO Build Bustage on a CLOSED TREE
...
--HG--
rename : security/sandbox/chromium/sandbox/sandbox_export.h => security/sandbox/chromium/sandbox/linux/sandbox_export.h
2014-11-20 16:11:56 +01:00
345b36dfd5
Backed out changeset ec63befb3ad7 (bug 1041775)
2014-11-20 16:11:12 +01:00
0100273df4
Backed out changeset ebe866ff8a44 (bug 1041775)
2014-11-20 16:11:06 +01:00
3cd3e496aa
bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith
...
validThrough should now be the time through which, if passed in as the given
time to validate an OCSP response at, VerifyEncodedOCSPResponse will still
consider it trustworthy. After that time, it will be expired. This makes it
so the OCSP cache compares validity period responses consistently with
mozilla::pkix.
2014-11-21 10:43:43 -08:00
e5b2da099b
Bug 1041775 Part 3: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes
...
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389
2014-11-18 15:11:47 +00:00
9559e348ee
Bug 1041775 Part 2: Re-apply warn only sandbox changes to Chromium code after merge. r=tabraldes
...
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
https://hg.mozilla.org/mozilla-central/rev/8d0aca89e1b2
2014-11-18 15:09:55 +00:00
af79dfc438
Bug 1041775 Part 1: Update Chromium sandbox code to commit 9522fad406dd161400daa518075828e47bd47f60. r=jld,aklotz
...
--HG--
rename : security/sandbox/chromium/sandbox/linux/sandbox_export.h => security/sandbox/chromium/sandbox/sandbox_export.h
2014-11-18 13:48:21 +00:00
ab80d0c717
bug 1091232 - update PSM data structures that are affected by root CA changes r=mmc
2014-11-18 16:41:18 -08:00
7531911bed
Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler
2014-11-17 21:12:00 +01:00
419fa97eb6
Bug 1092606: Filter out duplicate pinsets as well as domains (r=keeler)
2014-11-17 12:54:42 -08:00
63ef926a61
Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18 - NSS_3_18_BETA2
2014-11-17 14:57:45 +01:00
ff26474af6
Bug 1084606 - Allow overrides for MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE. r=dkeeler
2014-11-11 00:59:00 +01:00
17920b30c8
Merge inbound to m-c; a=merge
...
--HG--
extra : amend_source : 2e89bf359e356566aee6b04bb864979539e1c90d
2014-11-15 13:57:08 -08:00
4bccbd33d3
No bug, Automated HPKP preload list update from host b-linux64-ix-0011 - a=hpkp-update
2014-11-15 03:21:19 -08:00
1ffd463d9d
No bug, Automated HSTS preload list update from host b-linux64-ix-0011 - a=hsts-update
2014-11-15 03:21:16 -08:00
ceaa910cc6
bug 940994 - follow-up to fix some issues that were missed in review r=mmc
2014-11-14 16:46:23 -08:00
f991b325aa
Bug 1098288: Enable pinning on spideroak (r=keeler)
2014-11-14 11:17:40 -08:00
6887042777
Bug 1094495 - Disable C4480 in security/pkix. r=keeler
2014-11-12 07:41:42 +09:00
36057e75f9
Bug 1057035 - Fix terminology used in the certificate exception dialog. r=keeler
2014-10-27 21:06:00 -04:00
6a185fd3d7
Bug 1093595 - Change strings to add a description about weak encryption. r=dolske
2014-11-11 07:29:44 +09:00
9a7fd683bc
Bug 1093595 - Treat SSL3 and RC4 as broken. r=keeler
2014-11-11 07:29:44 +09:00
2f5bf545b6
merge mozilla-inbound to mozilla-central a=merge
2014-11-10 14:24:51 +01:00
c53adb3b3f
No bug, Automated HPKP preload list update from host bld-linux64-spot-144 - a=hpkp-update
2014-11-08 03:20:20 -08:00
52c804c4de
No bug, Automated HSTS preload list update from host bld-linux64-spot-144 - a=hsts-update
2014-11-08 03:20:17 -08:00
a89f219bef
Bug 1030135: Promote pin for services.mozilla.com to production mode (r=keeler)
2014-11-07 12:00:50 -08:00
cfb6b6200c
Bug 940994 - Adding '.p7b' to 'known file types' list of 'Certificate Manager'. r=keeler
2014-10-07 14:30:00 +02:00
ba22404db5
Bug 1095926 - Fix -Wcomment warning in OCSP test and mark some OCSP tests as FAIL_ON_WARNINGS. r=briansmith
2014-10-11 20:13:45 -07:00
926bf1ca5d
Bug 1090913 - Make mochitests fail when it has 0 passes and 0 fails r=jmaher
2014-11-05 16:00:52 +00:00
59573e5f85
Bug 1077057 - Expose Linux sandboxing information to JS via nsSystemInfo. r=kang r=froydnj
...
This adds "hasSeccompBPF" for seccomp-bpf support; other "has" keys
will be added in the future (e.g., user namespaces).
This also adds "canSandboxContent" and "canSandboxMedia", which are
absent if the corresponding type of sandboxing isn't enabled at build
type (or is disabled with environment variables), and otherwise present
as a boolean indicating whether that type of sandboxing is supported.
Currently this is always the same as hasSeccompBPF, but that could change
in the future.
Some changes have been made to the "mozilla/Sandbox.h" interface to
support this; the idea is that the MOZ_DISABLE_*_SANDBOX environment
variables should be equivalent to disabling MOZ_*_SANDBOX at build time.
2014-11-06 13:11:00 +01:00
fc748d0372
bug 1039642 - follow-up to fix non-unified build bustage (missing include and namespace) r=bustage a=metered
2014-11-06 14:23:21 -08:00
1218b5626e
bug 1039642 - clean up the implementation of nsPkcs11 for style and safety r=jcj r=mmc a=metered
2014-11-05 14:05:46 -08:00
25ee944cea
bug 1039642 - test that smart card events are no longer emitted after removing a PKCS#11 module r=jcj r=mmc a=metered
...
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js => security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
2014-11-05 13:54:21 -08:00
2a4f463dac
bug 1039642 - stop PKCS#11 module threads before deleting them r=jcj r=mmc a=metered
2014-11-05 13:53:28 -08:00
e6ede214a5
Bug 1093893 - Fix B2G sandbox for ICS Bionic pthread_kill(). r=kang
2014-11-06 11:04:14 -08:00
312462d737
Bug 1092710 - Fix -Wunused-const-variable warning-as-error in non-unified security/certverifier. r=keeler
...
--HG--
extra : rebase_source : c13f7e565c8459263191f9bb16d4221b6f163443
2014-11-01 12:14:41 -07:00
78d081c21d
Bug 1087213 - Implenent bind function in nsNSSIOLayer. r=honza
2014-10-22 02:06:00 +02:00
d68cf9f6e1
Bug 1004781: Remove unnecessary cert for facebook (r=keeler)
2014-11-04 10:54:26 -08:00
eeb4a7f756
Bug 1092606: Don't import Chromium pinsets for domains that are already in our list (r=keeler,jcj)
2014-11-04 10:53:52 -08:00
98fef4165e
bug 1079658 - follow-up bustage fix (unnecessary multi-line C++-style comment) r=bustage on a CLOSED TREE
2014-11-03 13:48:48 -08:00
cd0d5fbdc0
bug 1079658 - check for the id-pkix-ocsp-nocheck extension when decoding certificates r=briansmith
2014-11-03 11:35:15 -08:00
5cc944a89b
Bug 1076903: Add a Chromium LICENSE file to security/sandbox/win/src. r=gerv
2014-11-03 15:34:26 +00:00
4a7b70b334
Bug 1092028 - Fix -Wunused-const-variable warning-as-error in security/pkix/test/gtest. r=bsmith
2014-10-30 23:17:27 -07:00
cd1c581c5d
No bug, Automated HPKP preload list update from host b-linux64-ix-0009 - a=hpkp-update
2014-11-01 03:19:47 -07:00
5c654c7c4c
No bug, Automated HSTS preload list update from host b-linux64-ix-0009 - a=hsts-update
2014-11-01 03:19:44 -07:00
6f9b6ed2cf
Bug 846489 - Part 1 - Expose error code on TransportSecurityInfo. r=keeler
2014-10-30 12:50:00 +01:00
b82ba6feba
Backed out changeset 5fb2f4662098 (bug 846498) for wrong bug number in commit message
2014-10-31 10:03:53 +01:00
bcda188339
Bug 1088915 - Stop offering RC4 in the first handshakes. r=keeler
2014-10-22 01:11:29 +09:00
2b45a125ae
Bug 947149 - Remove useless and even misleading word and dead code. r=keeler, dolske
2014-10-30 15:22:00 +01:00
d7c1f641cc
Bug 846498 - Expose error code on TransportSecurityInfo. r=keeler
2014-10-30 12:50:00 +01:00
2d31127cff
Reland Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : 3a5e3bc2e113035e9c88b571bac68f3dbe2c8f04
2014-10-28 15:28:38 -07:00
774861532b
Bug 1089104: Add support for TeletexString-encoded CN-IDs to CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : 320794deae857a574f509b7277ea64576abd37b3
2014-10-29 17:19:45 -07:00
228f03d6d1
Bug 1089393: Fix hex excape sequences ('\0x' -> '\x') in pkixnames_tests.cpp, r=mmc
...
--HG--
extra : rebase_source : a0136045ce9b957976f8eb2ef8ad6c9eae0a8ad7
2014-10-26 11:29:42 -07:00
3e0f2fd921
Bug 1004781: Actually remove the pinset (r=keeler)
2014-10-30 16:21:09 -07:00
1e19be7e65
Bug 1004781: Remove our pinset for facebook since it's in chromium now (r=keeler)
2014-10-30 16:14:19 -07:00
07d210cc76
bug 1085509 - follow-up to include forgotten Telemetry.h header (non-unified build bustage) r=bustage
2014-10-30 13:12:01 -07:00
2fa7ba1743
bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj
2014-10-29 16:25:16 -07:00
13b42021f6
bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc
2014-10-24 10:46:30 -07:00
436338cb49
Bug 1076385 - Sandbox the content process on Mac. r=smichaud
2014-10-30 13:33:17 -05:00
421fb1a714
Backed out changeset b4665be856d7 (bug 1089305) for frequent b2g/android xpcshell test failures
2014-10-30 15:26:02 +01:00
9c4c923488
Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler
2014-10-29 11:09:00 +01:00
2656d11288
Bug 1088950 - Adding some testing. r=dkeeler
2014-10-27 17:48:00 +01:00
2aa2c784b9
Bug 1088950 - Fix handling of inappropriate_fallback alert. r=keeler
2014-10-27 17:47:00 +01:00
47c853314f
Bug 1077148 part 4 - Add and use new moz.build templates for Gecko programs and libraries. r=gps
...
There are, sadly, many combinations of linkage in use throughout the tree.
The main differentiator, though, is between program/libraries related to
Gecko or not. Kind of. Some need mozglue, some don't. Some need dependent
linkage, some standalone.
Anyways, these new templates remove the need to manually define the
right dependencies against xpcomglue, nspr, mozalloc and mozglue
in most cases.
Places that build programs and were resetting MOZ_GLUE_PROGRAM_LDFLAGS
or that build libraries and were resetting MOZ_GLUE_LDFLAGS can now
just not use those Gecko-specific templates.
2014-10-30 13:06:12 +09:00
c7e81fdad6
Back out cset 9b72d139e817 (Bug 1063281, Part 9) due to compatibility regressions on a CLOSED TREE, a=ryanvm
...
--HG--
extra : rebase_source : cd9b43c3f66df3c5de337f2013fe61fae798b3ba
2014-10-28 12:30:53 -07:00
98dda84064
Backed out changeset 50650e0f0edf (bug 1085509) for causing perma failure in win7 xperf
2014-10-28 14:10:38 +01:00
b4bfea0bd6
Backed out changeset b591ad43d53e (bug 1085509)
2014-10-28 14:09:44 +01:00
90283cf32b
bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj
2014-10-27 09:32:33 -07:00
84883c42e4
bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc
2014-10-24 10:46:30 -07:00
97c5c90a44
Merge m-i to m-c, a=merge
2014-10-26 09:12:36 -07:00
a92f2bc083
No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update
2014-10-25 03:19:28 -07:00
3d5dc9dcf8
No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update
2014-10-25 03:19:26 -07:00
e8c341b1fd
Bug 1083539: Fix dropped return value check (r=keeler)
2014-10-23 17:07:45 -07:00
0130a12af3
Bug 886752 - Show TLS/SSL version in page info dialog. r=dao
2014-10-24 13:53:35 +02:00
cba793218d
Bug 886752 - Add TLS version to SSLStatus and additional cleanup. r=keeler
2014-10-24 13:53:34 +02:00
9c8e9bee73
Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18, landing beta 1, r=wtc
2014-10-25 00:34:34 +02:00
5ec3c350dd
Bug 1081242 - Make ASAN's error reporting work while sandboxed on Linux. r=kang
2014-10-21 11:18:00 +02:00
cfc481b264
Bug 1085497: Add Input::size_type, r=mmc
...
--HG--
extra : rebase_source : 098eae9234be99e683c0d44b35e1ec7058a086dd
2014-10-16 18:23:27 -07:00
e93675a04e
Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : 340eb682ba1f9dbd51652438433e7d0196494e1f
2014-09-21 17:43:29 -07:00
6926e8bc53
Bug 1063281, Part 8: Rewrite PresentedDNSIDMatchesReferenceDNSID, r=keeler
...
--HG--
extra : rebase_source : a74e8d89a3ddfe5f6af70f32d31f1dc06600d90a
2014-10-15 19:21:35 -07:00
d7d68e721d
Bug 1063281, Part 7: Implement IsValidPresentedDNSID, r=keeler
...
--HG--
extra : rebase_source : 32d85980d8d486bb806e169a8241256ad57fa9d1
2014-10-16 15:59:34 -07:00
8d32c13ab3
Bug 1083539: Factor out common SEQUENCE unwrapping logic into reusable functions, r=mmc
...
--HG--
extra : rebase_source : 93d669d3cbe178339fe59c1d9345c773b4e238d4
2014-10-14 02:07:08 -07:00
bda4ef165a
Bug 1063281, Part 6: Implement CheckCertHostname, r=keeler
...
--HG--
extra : rebase_source : c28fe67d319f64b2efa326fd8649ef529c487c05
2014-10-15 16:10:32 -07:00
72d294039c
Bug 1063281, Part 5: Implement DNS ID matching, r=keeler
...
--HG--
extra : rebase_source : 5221245ce8da065d64a7ff17bdfde0e617562447
2014-09-30 19:40:15 -07:00
149817ebfc
Bug 1063281, Part 4: Implement ParseIPv6Address, r=keeler
...
--HG--
extra : rebase_source : 9a75a81a840591aaf73acd5be4d7ca504b6432e5
2014-09-06 01:10:24 -07:00
0e87ec98c7
Bug 1063281, Part 3: Implement ParseIPv4Address, r=keeler
...
--HG--
extra : rebase_source : fbafcb7573be8fa83036a8fadbfa74938ab7a4a6
2014-09-05 23:20:18 -07:00
4a2c8b5274
Bug 1063281, Part 2: Implement IsValidDNSName, r=keeler
...
--HG--
extra : rebase_source : 202898df26c7321f543ab7aeb222cdc6db67fe0d
2014-09-30 14:41:39 -07:00
3b8c2fc2a8
Bug 1063281, Part 1: Expose moilla::pkix::BackCert::GetSubjectAltName, r=keeler
...
--HG--
extra : rebase_source : c89ae439a21f11fce66a785e8732ca8793d51936
2014-08-17 17:24:20 -07:00
c78d7b0266
backout f69fa3c13d1f (bug 1085509) for causing test_cert_overrides.js to fail
2014-10-23 11:50:17 -07:00
39a7d91875
bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj
2014-10-23 10:10:57 -07:00
918c518e8b
No bug, Automated HPKP preload list update from host bld-linux64-spot-1094 - a=hpkp-update
2014-10-22 14:02:48 -07:00
7c18fd1d5d
No bug, Automated HSTS preload list update from host bld-linux64-spot-1094 - a=hsts-update
2014-10-22 14:02:46 -07:00
46c48f2321
bug 1083085 - update where getHSTSPreloadList.js and genHPKPStaticPins.js think Chromium's lists are r=mmc DONTBUILD NPOTB
2014-10-21 15:20:02 -07:00
e4182ac689
Bug 1083058 - Adding pref to control TLS version fallback, r=keeler
...
From af667978f8915e6ebfaf02f8967b3d320d409a24 Mon Sep 17 00:00:00 2001
---
netwerk/base/public/security-prefs.js | 1 +
security/manager/ssl/src/nsNSSIOLayer.cpp | 21 +++++-
security/manager/ssl/src/nsNSSIOLayer.h | 2 +
.../manager/ssl/tests/gtest/TLSIntoleranceTest.cpp | 76 +++++++++++++++++++---
4 files changed, 90 insertions(+), 10 deletions(-)
2014-10-02 16:36:48 -07:00
82a97e04c9
Bug 1078838 - Restrict clone(2) flags for sandboxed content processes. r=kang
...
--HG--
extra : amend_source : f80a3a672f5496f76d8649f0c8ab905044ea81ac
2014-10-20 12:29:25 -07:00
db53227352
merge mozilla-inbound to mozilla-central a=merge
2014-10-20 14:34:56 +02:00
0c786b120d
No bug, Automated HPKP preload list update from host bld-linux64-spot-069 - a=hpkp-update
2014-10-18 03:18:53 -07:00
a20f696cba
No bug, Automated HSTS preload list update from host bld-linux64-spot-069 - a=hsts-update
2014-10-18 03:18:51 -07:00
5dcb538c28
Bug 1083325 - Gracefully deal with null ssl status when serializing/deserializing TransportSecurityInfo. r=dkeeler
2014-10-16 14:11:19 -05:00
1c4af4e6a1
Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith
2014-10-18 15:18:00 +02:00
c30bd575d3
Bug 622859 - Tests for bug 622859. r=briansmith,keeler
2014-10-16 05:22:00 +02:00
12cc245a41
Bug 418354 - update test for bug 455367. Insecure image loads should be considered mixed display content regardless of whether image data was actually returned. r=honzab
2014-10-18 13:21:23 -07:00
Carsten "Tomcat" Book
J.C. Jones
Andrew Bartlett
Phil Ringnalda
ffxbld
Michael Wu
Blake Kaplan
Brian Smith
Ryan VanderMeulen
Nathan Froyd
Kai-Zhen Li
Masatoshi Kimura
David Keeler
Monica Chew
Cykesiopka
Jed Davis
Jay Wang
Steven Michaud
Bob Owen
Kai Engert
Jan Beich
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
Rob Stradling
Richard Barnes
Gregory Szorc
Shashank Sabniveesu
Chris Peterson
Michael Ratcliffe
Dragana Damjanovic
Garrett Robinson
André Reinald
Martin Thomson
Mike Hommey
Tom Schuster
Jim Mathies
Tanvi Vyas