68f5ce100a
Merge autoland to m-c, a=merge
...
MozReview-Commit-ID: Gr2qiJufRRz
2017-07-01 17:34:20 -07:00
a1aa8b434a
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-07-01 08:42:21 -07:00
688fcf9801
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-07-01 08:42:18 -07:00
3e439bb4f8
Bug 1376638 - Minimize uses of prmem.h. r=glandium.
...
It's silly to use prmem.h within Firefox code given that in our configuration
its functions are just wrappers for malloc() et al. (Indeed, in some places we
mix PR_Malloc() with free(), or malloc() with PR_Free().)
This patch removes all uses, except for the places where we need to use
PR_Free() to free something allocated by another NSPR function; in those cases
I've added a comment explaining which function did the allocation.
--HG--
extra : rebase_source : 0f781bca68b5bf3c4c191e09e277dfc8becffa09
2017-06-30 19:05:41 -07:00
2aefedb342
Merge mozilla-central to mozilla-inbound
2017-07-03 11:01:38 +02:00
2e41bcc0ca
Bug 1370890 - land NSS 825e5d444e99 UPGRADE_NSS_RELEASE, r=me
2017-07-03 10:18:45 +02:00
dde5c48035
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-06-30 08:49:21 -07:00
68f3156646
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-06-30 08:49:18 -07:00
17ebac6811
No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update
2017-06-29 08:52:25 -07:00
296804ce45
No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update
2017-06-29 08:52:22 -07:00
09971ac7d3
Bug 1376643 - Use 'override' and '= default' on applicable methods in security/sandbox/. r=gcp
2017-06-27 17:57:00 +02:00
df076300b1
Bug 1376643 - Use 'nullptr' where applicable in security/sandbox/. r=gcp
2017-06-27 17:56:00 +02:00
e43fbfafef
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-06-28 13:55:02 -07:00
d945533918
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-06-28 13:54:59 -07:00
7918eeee02
merge mozilla-inbound to mozilla-central a=merge
2017-06-28 13:23:29 +02:00
2edcd80e00
Merge m-c to autoland. a=merge
2017-06-27 20:07:08 -04:00
8e5d5bda0f
Bug 1362537 - Re-disallow accept4 in Linux content processes. r=gcp
...
MozReview-Commit-ID: Gml8lR1Heu1
--HG--
extra : rebase_source : 6b466f887bd1802277a506295a9c6cc575196385
2017-06-27 14:52:25 -07:00
fdb811340a
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-06-27 08:39:08 -07:00
8a2097b4fd
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-06-27 08:39:05 -07:00
b9099ac2ed
Merge m-c to m-i
...
MozReview-Commit-ID: JGHd8l9bexC
2017-06-26 20:35:27 -07:00
b425854d9b
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-06-26 08:40:01 -07:00
68b6a86704
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-06-26 08:39:58 -07:00
259377b6ab
merge mozilla-inbound to mozilla-central a=merge
2017-06-26 13:25:51 +02:00
1b7b1ec949
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-06-25 08:35:48 -07:00
cdd2e436c7
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-06-25 08:35:45 -07:00
0042b377da
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-06-24 08:41:00 -07:00
f30338674d
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-06-24 08:40:57 -07:00
77b256dc98
No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update
2017-06-23 08:34:57 -07:00
d9351ba8ef
No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update
2017-06-23 08:34:54 -07:00
f1364a75ea
Bug 1374580 (part 3) - Remove ns{,C}Substring typedefs. r=froydnj.
...
All the instances are converted as follows.
- nsSubstring --> nsAString
- nsCSubstring --> nsACString
--HG--
extra : rebase_source : cfd2238c52e3cb4d13e3bd5ddb80ba6584ab6d91
2017-06-20 19:19:52 +10:00
fe9268c4cd
Bug 1374580 (part 2) - Remove nsAFlat{,C}String typedefs. r=froydnj.
...
All the instances are converted as follows.
- nsAFlatString --> nsString
- nsAFlatCString --> nsCString
--HG--
extra : rebase_source : b37350642c58a85a08363df2e7c610873faa6e41
2017-06-20 19:19:05 +10:00
1572f96f5d
Bug 1374580 (part 1) - Remove nsASingleFragment{,C}String typedefs. r=froydnj.
...
All the instances are converted as follows.
- nsASingleFragmentString --> nsAString
- nsASingleFragmentCString --> nsACString
--HG--
extra : rebase_source : e6a1ddc8938fecd9a735b15e872c054edf4c7910
2017-06-20 19:18:17 +10:00
3291398f10
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-06-22 09:09:14 -07:00
f3958ec1f3
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-06-22 09:09:11 -07:00
66f6d259bc
Bug 1374282 - script generated patch to remove Task.jsm calls, r=Mossop.
2017-06-22 12:51:42 +02:00
23156fd9b3
Bug 1374920 - Change nsTokenEventRunnable::mType from |nsString| to |const char*|. r=dkeeler.
...
|const char*| is good enough for a field that can only take on the values
"smartcard-insert" or "smartcard-remove". And it avoids an
NS_ConvertUTF16toUTF8 conversion.
2017-06-22 15:39:15 +10:00
f76801e348
Bug 1379803 - on macOS, only allow the creation of regular files and directories in writable directories; r=haik
...
This specifically disallows the creation of ttys and symlinks. Writable
directories are needed for plugins, which lazily create the plugintmp directory.
If/when the plugin API surface is reduced we can restrict down to just regular
files.
MozReview-Commit-ID: Ec6qeaiHSsB
--HG--
extra : rebase_source : 252a3cbf7954b9c09092b896ef8af45310438a86
2017-07-11 09:51:04 -04:00
a8806a9105
Merge m-c to inbound. a=merge
2017-06-27 20:06:39 -04:00
ac0fd2038c
Merge inbound to m-c a=merge
...
MozReview-Commit-ID: 3LXFVwSoMvs
2017-06-21 17:58:17 -07:00
7f420b59d4
Merge autoland to central, a=merge
...
MozReview-Commit-ID: C4bl6Ufaiwv
2017-06-21 16:54:41 -07:00
27c58cf89f
Bug 1372670 - part 3 - add spinEventLoopUntil to nsIThreadManager; r=erahm,florian
2017-06-21 12:59:28 -04:00
ae94cfb36d
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-06-21 08:40:54 -07:00
00cfe814d5
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-06-21 08:40:51 -07:00
70710367aa
Bug 1374674 - Enable more ESLint rules across the tree to help developers where we're already passing them (no-class-assign, no-const-assign, no-dupe-class-members). r=mossop
...
MozReview-Commit-ID: 6jJPhH08Ae7
--HG--
extra : rebase_source : 64efb6660fdd1a0d4390e8f9e4842199249ca54f
2017-06-20 16:16:12 +01:00
c0e1236f1a
Merge autoland to m-c a=merge
...
MozReview-Commit-ID: LFtpTAueYrF
2017-06-20 18:24:29 -07:00
586bef635e
Merge inbound to central, a=merge
...
MozReview-Commit-ID: 1SvQU51m5qC
2017-06-20 17:58:46 -07:00
e1eeddde1e
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-06-20 08:47:01 -07:00
e22d02a6eb
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-06-20 08:46:58 -07:00
976d5437f9
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: 6A96Fe0GPjw
2017-06-19 17:37:53 -07:00
1e80580419
Merge autoland to central, a=merge
...
MozReview-Commit-ID: 4NzLU3zKJOz
2017-06-19 17:01:09 -07:00
2bcd258281
No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update
2017-06-19 08:39:22 -07:00
604ae6476d
No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update
2017-06-19 08:39:19 -07:00
1141573ee9
Bug 1374660 - Removed redundant declarations from macOS content sandbox policy; r=haik
...
MozReview-Commit-ID: Gw6AnH8r9sL
--HG--
extra : rebase_source : 62bb4dc335ab3f38a42543a488d07129a8d92a33
2017-06-20 10:27:18 -04:00
f115503a0b
Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
...
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-26 14:19:58 -07:00
033f83145c
Bug 1375387 - Reorder and section-ify GeckoProfiler.h. r=mstange.
...
This patch gives some structure and order to the profiler's API.
It also renames AutoProfilerRegister as AutoProfilerRegisterThread, to match
profiler_register_thread().
2017-06-22 14:28:47 +10:00
52cc80c4fe
Bug 1368652 - Use Mozilla string types to display OIDs in the certificate viewer. r=Cykesiopka
2017-06-01 12:26:41 -07:00
f2e7c8b77a
Bug 1374281. r=jld
...
MozReview-Commit-ID: Ko5m5i4Wkd6
--HG--
extra : rebase_source : 3076315ef3639a89f752addbb01d5d08a9c2db75
2017-06-19 20:07:38 +02:00
f514ff97b3
Bug 1379182 - Remove some unnecessary file-write permissions types from the content process on macOS; r=haik
...
On macOS, the file-write* permission type contains numerous sub-permissions (see
bug for full listing). Restrict the ones we allow to only the two we need:
file-write-create and file-write-data. This primarily reduces kernel attack
surface, I'm not aware of any bad things that could be done directly with the
removed permissions.
MozReview-Commit-ID: 3VvjFesy2qx
--HG--
extra : rebase_source : 934ec17c44c9ef3d7fab29919d66cf1a55d57697
2017-07-07 11:05:01 -04:00
5dd57ee395
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: IVwrN2VivZT
2017-07-07 17:30:32 -07:00
d40ad40466
Bug 1376976 - Restrict sysctl access in the content process to a whitelist of sysctl names. r=jld, r=haik
...
MozReview-Commit-ID: 14yoiP1gskM
2017-06-29 13:55:15 -07:00
651904c8a0
Merge mozilla-central to autoland
2017-07-04 11:12:45 +02:00
396962011a
Bug 1363546 - Store and report HSTS upgrade source r=francois,keeler,mayhemer p=francois
...
Add a field to the HSTS cache which indicates the source of the HSTS
entry if known, from the preload list, organically seen header, or HSTS
priming, or unknown otherwise. Also adds telemetry to collect the source
when upgrading in NS_ShouldSecureUpgrade.
MozReview-Commit-ID: 3IwyYe3Cn73
--HG--
extra : rebase_source : 9b8daac3aa02bd7a1b4285fb1e5731a817a76b7f
2017-05-23 15:31:37 -07:00
b636380391
Bug 1374557 - Part 1 - Add the ability to specify a list of paths to whitelist read access to in the macOS content sandbox; r=haik
...
MozReview-Commit-ID: HXBkyR7Tts2
--HG--
extra : rebase_source : 6daf50a4d7a4ff2ff85dfac43891149353e813aa
2017-06-21 10:19:28 -04:00
038afacb9f
Backed out changeset 2ae22a66e02d (bug 1366694) for memory leaks
2017-07-11 13:14:55 +02:00
05734fd002
Backed out changeset 88b71119fbf8 (bug 1366694)
2017-07-11 13:14:38 +02:00
7e0d52f50e
Merge mozilla-central to inbound
2017-07-11 13:00:28 +02:00
db58bdb9ca
Bug 1377555 Part 3: Don't use restricting SIDs when running from a network drive. r=jimm
2017-07-11 09:44:21 +01:00
bbf27f0cae
Bug 1377555 Part 2: Add option to Windows chromium sandbox policy to not use restricting SIDs. r=jimm
2017-07-11 09:44:20 +01:00
01f2685a30
Bug 1377555 Part 1: Back out changesets 04edb03fb817 and d17ac655cc51. r=jimm
...
This backouts the previous change to detect and change the sandbox policy
when running from a network drive.
2017-07-11 09:44:20 +01:00
25e5ff4cde
Bug 1366694 Part 2: Don't run sandbox file system test in DEBUG on Windows. r=jimm
...
This is because in DEBUG mode we currently give full access to TEMP dir
for logging purposes and the temporary profile is created in the TEMP dir.
2017-07-11 09:44:20 +01:00
ecbd6ca808
Bug 1366694 Part 1: Allow user handles in the content process job in DEBUG builds. r=jimm
2017-07-07 15:51:17 +01:00
a196a1c7c3
bug 1291886 - clarify/fix locking in nsNSSComponent r=Cykesiopka,jcj
...
Some of the locking in nsNSSComponent was inconsistent and/or just wrong. This
clarifies what is protected by the lock and makes sure it is consistently
acquired when those resources are accessed.
This should also address potential deadlocks when other code would attempt to
acquire nsNSSComponent resources during shutdown.
This patch also removes some items in nsNSSComponent that are no longer
relevant.
MozReview-Commit-ID: 9iA5lfAixpj
--HG--
extra : rebase_source : 1c05788efe5d6345256cca505b089198bd7e4a20
2017-06-08 14:49:13 -07:00
a809b5b8d6
Bug 1374453 - turn HSTS priming on in Beta r=ckerschb
...
MozReview-Commit-ID: JHc47g8cDmb
--HG--
extra : rebase_source : cb67f51ac7fef74f43cc05d02bac4ef13c3ded15
2017-06-19 14:46:48 -07:00
9108666ee6
Bug 1374443 - Decrease HSTS priming timeout to 2s r=ckerschb
...
MozReview-Commit-ID: 7brYAUXwHvE
--HG--
extra : rebase_source : 4ef6f27cc855b828ac742f2990dc12668bd910aa
2017-06-19 14:35:27 -07:00
10ee6a5c4e
Bug 1362970 - Part 2 - Script-generated patch to convert .then(null, ...) to .catch(...). r=florian
...
Changes to Promise tests designed to test .then(null) have been reverted, and the browser/extensions directory was excluded because the projects it contains have a separate process for accepting changes.
MozReview-Commit-ID: 1buqgX1EP4P
--HG--
extra : rebase_source : 3a9ea310d3e4a8642aabbc10636c04bfe2e77070
2017-06-19 11:32:37 +01:00
de892834ed
Merge mozilla-central to mozilla-inbound
2017-06-20 11:31:34 +02:00
bb1ea70f5f
Bug 1357758 - Replace the file-read blacklist in the macOS sandbox policy with a whitelist of the allowed paths; r=haik
...
This makes the policy easier to audit, harder to regress, and easier to further prune the content processes's permissions.
MozReview-Commit-ID: 6VqEoGsWSGH
--HG--
extra : rebase_source : 58a9d35dd6e58624779294b49df5cc7e34cb4320
2017-04-18 15:57:54 -04:00
bfc45b98b9
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: 9XdoB5MuVz6
2017-07-05 17:17:41 -07:00
1eb1c9091d
Bug 1378061: Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs. r=jimm
2017-07-05 21:00:55 +01:00
ea1b86680c
Backed out changeset 9846de3bd954 (bug 1372405)
...
--HG--
extra : rebase_source : 5d4a48e8ec394c329994689d938d2a6e9b2752b0
2017-06-20 08:27:02 +02:00
4592152411
Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
...
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-19 22:25:47 -07:00
d1637b9c5a
Bug 1372453 - Part 2: Name the caller of ProxyReleaseEvent. r=billm
...
MozReview-Commit-ID: LYhSWnZkq0i
2017-06-14 09:27:17 +08:00
7cc377ce3f
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-06-18 08:24:54 -07:00
a6c7ba400c
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-06-18 08:24:51 -07:00
b95a1a9583
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2017-06-17 08:38:30 -07:00
091d02c281
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2017-06-17 08:38:27 -07:00
b2d072aa58
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-06-16 08:37:44 -07:00
870c286510
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-06-16 08:37:41 -07:00
0b2a439e7e
bug 1373068 - fix the ctypes declaration of SSL_ClearSessionCache in head_psm.js r=Cykesiopka
...
SSL_ClearSessionCache is `void SSL_ClearSessionCache()`. In head_psm.js it was
being declared as `SECStatus SSL_ClearSessionCache()` and the "return value" was
being checked, which was incorrect. This apparently wasn't causing failures on
any of our test runs, but with tsan enabled the check would fail.
MozReview-Commit-ID: 6KosOVPu8K4
--HG--
extra : rebase_source : 73addb80a5ab5263a182207a0f4277daf8ae32a5
2017-06-14 15:10:28 -07:00
c9beaa56b4
Bug 1373294 - Fix E305 (two blank lines after method or class) in files enabled by flake8 linter, r=jmaher
...
This is needed before we can upgrade to flake8 3.3.0, as that version starts flagging these errors.
These files were modified by running:
autopep8 --select E305 --in-place -r <dir>
on the affected directories. I did it one dir at a time and verified the result after each.
MozReview-Commit-ID: FmlsfiKIbtr
--HG--
extra : rebase_source : 9df32258cadff5d27a0e72113c57f782756c0b18
2017-06-15 12:10:59 -04:00
c365df1999
No bug, Automated HPKP preload list update from host bld-linux64-spot-382 - a=hpkp-update
2017-06-15 08:38:35 -07:00
fc60e8619a
No bug, Automated HSTS preload list update from host bld-linux64-spot-382 - a=hsts-update
2017-06-15 08:38:32 -07:00
c49a70b53f
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-06-14 08:33:27 -07:00
b98ce20b57
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-06-14 08:33:24 -07:00
ebf35623cd
Merge mozilla-central to autoland a=merge
...
UPGRADE_NSS_RELEASE
2017-06-13 18:57:32 -07:00
1af6d5cf57
Merge inbound to central, a=merge
...
UPGRADE_NSS_RELEASE
MozReview-Commit-ID: CBIFPwA5aNp
--HG--
extra : amend_source : 035a5be59d0046a643d0f836a95195e8c4ade4a6
2017-06-13 18:27:10 -07:00
13bca384b3
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-06-13 08:37:54 -07:00
cdd7ceaa16
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-06-13 08:37:50 -07:00
687bfe6a46
No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update
2017-06-12 08:25:15 -07:00
1d51d00cbc
No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update
2017-06-12 08:25:12 -07:00
Phil Ringnalda
ffxbld
Nicholas Nethercote
Carsten "Tomcat" Book
Franziskus Kiefer
Jan Keromnes
Ryan VanderMeulen
Jed Davis
Florian Quèze
Alex Gaynor
Wes Kocher
Nathan Froyd
Mark Banner
Bill McCloskey
David Keeler
Gian-Carlo Pascutto
Kate McKinley
Bob Owen
Paolo Amadini
Bevis Tseng
Andrew Halberstadt