fd3700d56b
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-03 11:03:49 -08:00
c321b37eee
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-03 11:03:45 -08:00
477ac066b5
Bug 1422156 - Update tlsFlags to change 0x40 to be compat mode rather than 7e02 handshake. r=keeler
...
Reviewers: keeler
Reviewed By: keeler
Subscribers: mcmanus
Bug #: 1422156
Differential Revision: https://phabricator.services.mozilla.com/D306
2017-12-02 17:18:33 -08:00
8752d4637d
Bug 1198481 - Fixed typo 'id_pk_serverAuth' to 'id_kp_serverAuth'. r=keeler
2017-12-02 18:03:18 +05:30
e6fe3285be
bug 1421816 - (2/2) add option to sign_app.py to include COSE signatures r=franziskus
...
MozReview-Commit-ID: H7ZLCsH9HrJ
--HG--
extra : rebase_source : 143ac8bdac4cf000809ada4560382bb9ed582b55
extra : histedit_source : fbb72d143a54fa1cd79af560d515068dcc4610ab
2017-11-29 13:37:42 -08:00
1aeab12df2
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-12-02 11:45:05 -08:00
932f702aac
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-12-02 11:45:01 -08:00
8466d82737
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-02 11:01:49 -08:00
2955ac7f1c
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-02 11:01:45 -08:00
36f5d05cd8
bug 1397837 - remove vestigial references to "code signing" from PSM r=Cykesiopka,snorp
...
As of bug 1257362, the platform does not verify code signing certificates in
general, so anything involving the code signing trust of certificates can go.
MozReview-Commit-ID: 9g9kM62xfYZ
--HG--
extra : rebase_source : 5bec64e5f451c8433aff0de82a91f7bd54c24608
2017-12-01 16:16:20 -08:00
a92c339a33
bug 1424085 - add owning handles so cert references don't leak in IsCertificateDistrustImminent r=jcj
...
nsIX509Cert::GetCert() returns a CERTCertificate whose reference count has
already been increased. Before this patch, when IsCertificateDistrustImminent
called CertDNIsInList(rootCert->GetCert(), RootSymantecDNs) and
CertDNIsInList(aCert->GetCert(), RootAppleAndGoogleDNs), the reference count on
those certificates would never get a corresponding decrement, so we would keep
those certificates alive until shut down. A reasonable and consistent solution
is to introduce a UniqueCERTCertificate handle in each case to own the
reference.
The status of this fix can be verified by setting MOZ_LOG="pipnss:4", running
Firefox, connecting to any host, and then shutting down. If an NSS resource
reference has been leaked, "[Main Thread]: E/pipnss NSS SHUTDOWN FAILURE" will
be in the console output. Otherwise,
"[Main Thread]: D/pipnss NSS shutdown =====>> OK <<=====" will be in the console
output.
This patch also removes nsIX509CertList::DeleteCert because it would also leak a
reference. Luckily, nothing was using it.
This patch also clarifies the implementation of nsIX509CertList::AddCert by
making the ownership transfers explicit.
MozReview-Commit-ID: 2qHo3DmhTPz
--HG--
extra : rebase_source : 42cd42d082431b4637733d8f94fcd560bdea8a44
2017-12-07 15:08:43 -08:00
7e9b75f531
Bug 1409895 - Deny getcwd in the Linux content process sandbox. r=gcp
...
getcwd won't do anything useful once we start chroot()ing to remove
filesystem access; with this patch it will at least fail the same way
regardless of whether user namespaces are available or if other factors
prevent complete FS isolation.
Bonus fix: improve the comments for this group of syscalls.
MozReview-Commit-ID: KueZzly2mlO
--HG--
extra : rebase_source : a6b5dbebbc4d2477909d46085499f2648091b94c
2017-11-20 10:47:54 -07:00
a9961096c0
Bug 1394734 - Simplify various corner cases r=glandium
...
MozReview-Commit-ID: 4s4JdXZPvmv
--HG--
extra : rebase_source : c8f663c99442d41db5f81ac5fe1aa1f47fd5ed82
2017-12-07 22:10:19 +01:00
4591d82b23
Bug 1394734 - Replace CONFIG['CLANG*'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: HbF5oT5HW6f
--HG--
extra : rebase_source : eca479b6ae4bff7f600d1cdb39e11ac2057e4e79
2017-12-07 22:09:38 +01:00
5de63ef061
Bug 1394734 - Replace CONFIG['MSVC'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: 5orfnoude7h
--HG--
extra : rebase_source : 1ed9a6b56e1d27221a07624767a7fb0e6147117f
2017-12-08 13:46:13 +01:00
9bfe27d903
Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: 7duJk2gSd4m
--HG--
extra : rebase_source : 7312fe276e561e8c034a5f6749774ae812727f9c
2017-12-07 22:09:15 +01:00
79d933ec34
Backed out 22 changesets (bug 1399787) for shutdown leaks on windows 7 debug tc-M without e10s r=backout on a CLOSED TREE
...
Backed out changeset 463d676df5da (bug 1399787)
Backed out changeset fc9776a2605d (bug 1399787)
Backed out changeset 2e91a90dfbc3 (bug 1399787)
Backed out changeset e82ab72f71ee (bug 1399787)
Backed out changeset d7fef200e8b9 (bug 1399787)
Backed out changeset a7d70f7f3335 (bug 1399787)
Backed out changeset 2800f9d20d96 (bug 1399787)
Backed out changeset 9dfa404abf9d (bug 1399787)
Backed out changeset 09b3c172a01e (bug 1399787)
Backed out changeset f9fd3e750636 (bug 1399787)
Backed out changeset 01284c55bf8a (bug 1399787)
Backed out changeset c2ab1b454283 (bug 1399787)
Backed out changeset e7bfa51404c5 (bug 1399787)
Backed out changeset 3fd2a734f887 (bug 1399787)
Backed out changeset ef21f295db3f (bug 1399787)
Backed out changeset c186893ce0fc (bug 1399787)
Backed out changeset 323da3bddaaa (bug 1399787)
Backed out changeset 3b89f189edff (bug 1399787)
Backed out changeset a47bd86c35ee (bug 1399787)
Backed out changeset 558526301a4c (bug 1399787)
Backed out changeset baa99fb50ba9 (bug 1399787)
Backed out changeset 6d82ed0ba805 (bug 1399787)
2017-12-08 13:09:56 +02:00
5b9ee89503
Merge mozilla-central to autoland a=merge r=merge on a CLOSED TREE
2017-12-08 12:06:24 +02:00
d70af3d034
Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt
...
MozReview-Commit-ID: 6ED7EPZvOMR
--HG--
extra : rebase_source : 60e6d103573436d923f8b2b00c70cb2a4a7986df
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
2017-10-18 20:52:45 +08:00
5bedf1df18
Merge autoland to mozilla-central r=merge a=merge
2017-11-30 23:51:58 +02:00
6eac8dccfc
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-11-30 11:03:17 -08:00
39509ef8f2
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-11-30 11:03:13 -08:00
9175066393
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-11-30 10:49:34 -08:00
83f995c0a0
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-11-30 10:49:30 -08:00
8b1f82ef39
No bug, Automated HPKP preload list update from host bld-linux64-spot-320 - a=hpkp-update
2017-11-29 11:07:42 -08:00
d471604f22
No bug, Automated HSTS preload list update from host bld-linux64-spot-320 - a=hsts-update
2017-11-29 11:07:38 -08:00
2b8c0a2be5
No bug, Automated HPKP preload list update from host bld-linux64-spot-341 - a=hpkp-update
2017-11-29 10:13:03 -08:00
73f3ea227b
No bug, Automated HSTS preload list update from host bld-linux64-spot-341 - a=hsts-update
2017-11-29 10:12:59 -08:00
b3d418aa6c
Merge autoland to mozilla-central r=merge a=merge
2017-11-29 12:09:11 +02:00
f54d52a50d
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-28 11:45:43 -08:00
61c54f501b
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-28 11:45:40 -08:00
d7a19d2216
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-28 10:46:06 -08:00
812cb244f0
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-28 10:46:03 -08:00
13b5a0e017
bug 1421413 - add a preference to control which add-on signature algorithms are valid r=jcj
...
MozReview-Commit-ID: EwkpY9ADAtw
--HG--
extra : rebase_source : 7fce75b0ff7b42057840df0450d97ce840a69c89
2017-11-28 14:24:11 -08:00
52d69a63ca
Bug 1421372 - simplify the macOS content sandbox rules by splitting the file process rules out; r=haik
...
MozReview-Commit-ID: GJukCOAyE10
--HG--
extra : rebase_source : 7bfdd02482d45e72a785ec2abe2260577238406d
2017-11-28 14:06:06 -05:00
a04e49663b
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-27 11:34:28 -08:00
f5bdc50a83
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-27 11:34:24 -08:00
5fd51d8f5b
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-27 11:04:50 -08:00
6c2b138c87
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-27 11:04:46 -08:00
899f55bc70
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-26 11:29:24 -08:00
b7e36e0dad
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-26 11:29:20 -08:00
a1b8503be3
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-26 10:57:54 -08:00
ad8f2d950c
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-26 10:57:51 -08:00
fde154d757
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-25 11:31:33 -08:00
b75d3913b0
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-25 11:31:30 -08:00
24ce5b57e7
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-25 10:49:45 -08:00
80fa133054
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-25 10:49:41 -08:00
327405164b
Merge inbound to mozilla-central r=merge a=merge
2017-11-25 00:04:02 +02:00
b8d5e9b625
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-24 11:37:55 -08:00
1f4c6721e4
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-24 11:37:51 -08:00
75089cd8b7
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-24 11:00:34 -08:00
a29abc7f7d
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-24 11:00:30 -08:00
5083a36782
Bug 1420060 - FIPS can no longer be toggled in Firefox with the builtin NSS, r=ttaubert
...
MozReview-Commit-ID: 5lgEBiFozSG
Differential Revision: https://phabricator.services.mozilla.com/D282
--HG--
extra : rebase_source : 795b81b79f5c407cbfed3c0607c479d9880f0deb
2017-11-24 09:01:49 +01:00
34900c8a57
Bug 1420060 - land NSS ceb8b9290b35 UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: KprUV50uNDs
--HG--
extra : rebase_source : d67b83423351ac6581889cc95ec979a6f12adc07
2017-11-24 09:00:26 +01:00
21905d169e
Merge mozilla-central to mozilla-inbound. r=merge a=merge CLOSED TREE
2017-11-24 00:38:13 +02:00
da0a72a9d7
Merge inbound to mozilla-central r=merge a=merge
2017-11-24 00:28:29 +02:00
7ede3e4787
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-23 11:37:49 -08:00
eb15ed90ea
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-23 11:37:46 -08:00
4018e652ff
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-23 10:42:06 -08:00
ce8ed40893
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-23 10:42:02 -08:00
a5d613086a
Merge mozilla-inbound to mozilla-central r=merge a=merge
2017-11-23 11:42:46 +02:00
7b10164f9f
Bug 1403840 - add cose rust lib with a test, r=keeler,ttaubert
...
Summary:
This adds the COSE rust library from https://github.com/franziskuskiefer/cose-rust with its C API from https://github.com/franziskuskiefer/cose-c-api to gecko with a basic test.
The COSE library will be used for verifying add-on signatures in future.
Reviewers: keeler, ttaubert
Reviewed By: keeler
Bug #: 1403840
Differential Revision: https://phabricator.services.mozilla.com/D232
--HG--
extra : rebase_source : 433ca6894d88ccda333bfac53507eba4e84924fb
2017-11-22 16:37:15 +01:00
a0b20fcb81
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-22 23:42:02 +02:00
82254ca1cf
Merge inbound to mozilla-central r=merge a=merge
2017-11-22 23:29:44 +02:00
ad970571e9
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-22 11:38:06 -08:00
013da9f3f3
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-22 11:38:02 -08:00
2795ad9547
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-11-22 10:46:15 -08:00
36b4732f5f
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-11-22 10:46:12 -08:00
96f9c8ac5c
Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841 . r=ttaubert
...
EnsureNSSInitializedChromeOrContent() sends sync event to main thread from non-main thread even if it's already initialized. This can make fix at https://searchfox.org/mozilla-central/rev/919dce54f43356c22d6ff6b81c07ef412b1bf933/netwerk/protocol/http/nsHttpHandler.cpp#2105 inefficient and can lead to a deadlock.
--HG--
extra : rebase_source : 18333d17e1d959accd667c8ce25a20ea51c15266
2017-11-22 12:46:08 -05:00
80fbb39861
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
...
MozReview-Commit-ID: CfPBvffjEhq
--HG--
extra : rebase_source : 51c522746b48f0819b926607ceebf7d070df4ffd
2017-10-10 15:25:39 +02:00
5fbf717e5b
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-21 11:48:53 -08:00
d05982f0f1
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-21 11:48:49 -08:00
511b2cf5e6
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-21 11:14:55 -08:00
cf7bf94e79
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-21 11:14:52 -08:00
cde731d2d0
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-20 11:37:26 -08:00
d7e570ab96
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-20 11:37:22 -08:00
21d7bcc344
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-20 10:57:37 -08:00
2fb6a219c1
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-20 10:57:34 -08:00
b3f0c3ded3
Merge mozilla-central to autoland. r=merge a=merge on a CLOSED TREE
2017-11-20 00:17:43 +02:00
c21102410d
No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update
2017-11-19 11:40:51 -08:00
502a538775
No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update
2017-11-19 11:40:47 -08:00
3fc5579f87
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-11-19 10:55:01 -08:00
6b1e59b641
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-11-19 10:54:58 -08:00
79f64eb568
Merge inbound to mozilla-central r=merge a=merge
2017-11-18 22:48:47 +02:00
22b9cb8f84
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-11-18 11:41:00 -08:00
2d07f0f683
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-11-18 11:40:56 -08:00
973e21879e
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-18 11:05:10 -08:00
aa9e3a35ac
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-18 11:05:07 -08:00
b0ee34bea3
Bug 1416466 - Wait for the next event tick before resolving Promise for onload event in tests in security/manager/ssl/tests/mochitest/browser/. r=mossop
2017-11-18 22:57:18 +09:00
34be833347
Bug 1416016 - Add ../config to the sandbox whitelist for older Mesa. r=jld
...
MozReview-Commit-ID: KahivmVJR1l
--HG--
extra : rebase_source : 7d77f0ee77813a1214cfa5bc618b57c3208443c3
2017-11-17 15:23:28 +01:00
c979b7a21f
Bug 1416808 - Add "$XDG_DATA_(HOME|DIRS)"/fonts to the sandbox whitelist. r=jld
...
MozReview-Commit-ID: DwwltKQg8x4
--HG--
extra : rebase_source : e92b60e320bb26e66bfb38039f141ec83a34fff7
2017-11-17 15:45:11 +01:00
696ac83de9
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-18 02:55:06 +02:00
1d5be20b0d
Merge autoland to mozilla-central r=merge a=merge
2017-11-18 00:00:22 +02:00
4f3980082f
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-17 11:41:51 -08:00
794ea08b42
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-17 11:41:47 -08:00
4da78d1a66
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-17 11:02:48 -08:00
8591b856f3
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-17 11:02:45 -08:00
5a64c2aeb7
Bug 1417959: Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm
2017-11-16 18:10:00 +00:00
cdac966d1b
bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
...
MozReview-Commit-ID: 2qoJz5gDPyY
--HG--
extra : rebase_source : 89ccda87138ac02004d290f621e9d53dcddc08ff
2017-11-15 15:24:58 -08:00
68dd6026ab
bug 1418135 - asynchronously determine the chain to display in the details pane of the certificate viewer r=mgoodwin
...
The current certificate viewer uses "getChain" to determine what chain to show
in the details pane. This is problematic for a number of reasons including a)
it's synchronous (and potentially slow) and b) getChain may return something
almost entirely quite unlike any actual trusted path (see bug 1004580 comment
0).
This won't fix the whole problem (whatever's opening the certificate viewer
should really be passing in the chain itself), but that's hard, so this would at
least change the determination to be asynchronous and at least won't result in
something completely bogus.
MozReview-Commit-ID: J9uqRgxL52j
--HG--
extra : rebase_source : 0cb0a02564f7d962a57af90a9d1177ff41f064fe
2017-11-16 15:48:47 -08:00
cdb95907ba
Merge mozilla-central to autoland r=merge a=merge on a CLOSED TREE
2017-11-16 00:41:40 +02:00
d0a4ab96a0
Merge inbound to mozilla-central r=merge a=merge
2017-11-16 00:24:15 +02:00
6c10f7d914
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-15 11:31:52 -08:00
393e147523
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-15 11:31:48 -08:00
dd02544d02
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-15 10:54:33 -08:00
bab5f228d3
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-15 10:54:29 -08:00
304ec4c15e
Bug 1417420 - Add the path used by FontAgent to the sandbox rules on macOS. r=haik
2017-11-15 17:59:44 +00:00
ab21773795
bug 1417277 - remove support for MOZPSM_NSSDBDIR_OVERRIDE r=jcj
...
MOZPSM_NSSDBDIR_OVERRIDE was added in bug 462919 for integration with xulrunner
applications. Upcoming changes we're aiming to make with how PSM handles NSS and
the certificate/key databases (e.g. making the sqlite-backed implementation
mandatory) mean we have to take this feature into account. xulrunner isn't
supported any longer. Searching the web for "MOZPSM_NSSDBDIR_OVERRIDE" yields
two kinds of results: mozilla-central source code and a man page for nss-gui,
which it seems is the only project that ever made use of
MOZPSM_NSSDBDIR_OVERRIDE (and hasn't been updated since 2013, from what I can
tell). I think it's fair to conclude that this isn't a widely-used (let alone
known) feature. To make development easier, we should remove it.
MozReview-Commit-ID: 56vcTYSzDPq
--HG--
extra : rebase_source : 683a65bcd79182c04524562bc26ed5925f5d902b
2017-11-14 16:38:34 -08:00
7af6788dd0
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-11-14 11:51:23 -08:00
1d90c326d7
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-11-14 11:51:19 -08:00
e943551045
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-14 10:58:36 -08:00
cc72aaf33e
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-14 10:58:32 -08:00
ba94a5128c
Bug 1371293 - Fix instances of missing 'use strict;' in html files as found after ESLint 4 upgrade. r=mossop
...
MozReview-Commit-ID: 2q3nqLaXA3E
--HG--
extra : rebase_source : 971ee6ae4dd565ead6f4aa16e06638445ecc5da0
2017-10-31 16:40:37 +00:00
3039b5c625
Backed out 1 changesets (bug 1417677) for failing security/manager/ssl/tests/unit/test_broken_fips.js r=backout on a CLOSED TREE
...
Backed out changeset 614a09e35ff0 (bug 1417677)
2017-11-17 12:49:16 +02:00
fdbe147ffb
Merge mozilla-central to autoland. r=merge a=merge CLOSED TREE
2017-11-17 12:09:31 +02:00
82c2e0ec18
bug 1413336 - (7/7) regenerate all the certificates! r=Cykesiopka
...
Also regenerate the test_signed_app.js testcases.
MozReview-Commit-ID: 483uNQT0wuG
--HG--
extra : rebase_source : 4dfddf89d151dceb970a1a9139a5c90e6b578f8c
2017-11-08 12:57:03 -08:00
cfc4721f33
bug 1413336 - (6/7) replace setComponentByName with direct property setters r=Cykesiopka
...
MozReview-Commit-ID: EIIzP04YHo9
--HG--
extra : rebase_source : bf04301265175f59a3db429667322caffeeeb767
2017-11-14 13:35:10 -08:00
d64022f084
bug 1413336 - (5/7) ensure text files generated by pycert et. al. have trailing newlines r=Cykesiopka
...
MozReview-Commit-ID: KduWJRzTxBp
--HG--
extra : rebase_source : 74c5baf9747a85d71bc93d7459a8b519b40f6dd4
2017-10-25 16:59:18 -07:00
d6bd3927e3
bug 1413336 - (4/7) make certificate serial number generation not depend on pyasn1 object string representation r=Cykesiopka
...
MozReview-Commit-ID: 69GjudEKwQM
--HG--
extra : rebase_source : 707413a77478e17a398fbb3c75eb27b64486b313
2017-11-08 14:12:03 -08:00
4a5bf460ad
bug 1413336 - (3/7) fix pycert.py and pykey.py with respect to pyasn1/pyasn1-modules updates r=Cykesiopka
...
MozReview-Commit-ID: CsxOF7LdEHB
--HG--
extra : rebase_source : 09b901b640779a9fe33de9d8c160b6918e6f12f7
2017-11-08 13:23:17 -08:00
dcb596244e
bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
...
MozReview-Commit-ID: 2qoJz5gDPyY
--HG--
extra : rebase_source : c84d7975fa30c753af7481d04e2db8c19daff180
2017-11-15 15:24:58 -08:00
2d6eb184f1
bug 1368868 - give up on ocsp stapling strictness because we can't have nice things r=jcj
...
MozReview-Commit-ID: nbX0c251oC
--HG--
extra : rebase_source : 2adda43c5ea137c17474e4b9303107f4ba3815ff
2017-11-08 15:50:26 -08:00
d49916e353
bug 1415991 - remove support for signed unpacked addons r=jcj,rhelmer
...
Unfortunately we have a number of add-on installation tests that rely on
unpacked addons verifying as signed. The test infrastructure achieves this by
monkey-patching nsIX509CertDB.verifySignedDirectoryAsync to always succeed.
These tests are, in general, not actually testing the successful verification of
signed unpacked add-ons but rather other aspects of add-on installation,
updating, etc.. Some of these tests are certainly no longer relevant now that
legacy add-ons aren't supported, but we don't have the time to go through all of
them at the moment (this blocks updating add-on signature verification to use
COSE signatures, which we need to ship in 59 or we're probably not shipping at
all).
MozReview-Commit-ID: 3TVPK703mUy
--HG--
extra : rebase_source : 5bf0b72a4d7c8ade702334345fdc3bf6a8761b15
2017-11-09 11:19:23 -08:00
e520b4f458
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-14 00:59:27 +02:00
6f5e1e666f
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2017-11-13 11:38:59 -08:00
4d11774312
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2017-11-13 11:38:56 -08:00
96d2701aef
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-13 10:56:59 -08:00
02130351db
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-13 10:56:56 -08:00
8802fbf292
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-11-12 11:35:21 -08:00
014fe21cbb
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-11-12 11:35:17 -08:00
54eff2095e
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-12 11:06:31 -08:00
f5ee17bd6f
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-12 11:06:28 -08:00
14b2379843
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-11 11:46:19 -08:00
844ee0c1d3
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-11 11:46:15 -08:00
a99e2a57b4
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-11 11:07:18 -08:00
0411746801
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-11 11:07:14 -08:00
873f611a48
Bug 1401786 - Move the Linux sandboxing parts of GeckoChildProcessHost into security/sandbox. r=gcp
...
MozReview-Commit-ID: JknJhF5umZc
--HG--
extra : rebase_source : 2fa246e9a8b350becc21ed5bfd69820d3a321064
2017-10-06 17:15:46 -06:00
af821e1fe3
Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
...
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.
MozReview-Commit-ID: 4CsOf89vlRB
--HG--
extra : rebase_source : b9130f522e860e6a582933799a9bac07b771139b
2017-06-01 10:38:22 -04:00
b16410f51c
Merge inbound to m-c. a=merge
2017-11-10 16:13:15 -05:00
018987af9e
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-10 11:40:26 -08:00
fef8559955
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-10 11:40:22 -08:00
5f8a70cc67
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-10 11:07:01 -08:00
dc41b393b4
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-10 11:06:58 -08:00
7e070192d7
Merge inbound to mozilla-central r=merge a=merge
2017-11-10 11:55:43 +02:00
ed9d8c71ea
merge mozilla-central to autoland. r=merge a=merge on a CLOSED TREE
2017-11-10 02:46:00 +02:00
80565ab2ca
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-09 12:27:53 -08:00
5e3d80e936
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-09 12:27:50 -08:00
b730c6b38d
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-09 11:48:10 -08:00
7e80b102d5
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-09 11:48:06 -08:00
96773b2710
merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE
2017-11-10 02:47:06 +02:00
e1c8aba28f
Merge mozilla-central to mozilla-inbound r=merge a=merge on a CLOSED TREE
2017-11-09 22:17:00 +02:00
0c8c69a89a
bug 1235287 - set a longer ocsp request timeout in test_ocsp_stapling_expired.js to avoid intermittent failures on android r=jcj
...
MozReview-Commit-ID: 3CJqnQ4EGXn
--HG--
extra : rebase_source : 3bdeac9d603d2f7d723e82fcfc75971ff9c44df0
2017-11-09 09:40:28 -08:00
bcce449ae5
Bug 1408186 - Remove nsIDOMHTMLSelectElement and nsIDOMHTMLOptionsCollection; r=bz
...
MozReview-Commit-ID: Gh3JwLUtmz9
--HG--
extra : rebase_source : 6cdee487246406cafe0e5a9afe4a44f62d131c8b
2017-10-12 16:32:25 -07:00
a353221537
merge mozilla-inbound to mozilla-central. r=merge a=merge
2017-11-09 00:00:16 +02:00
f9ad119371
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-08 11:49:18 -08:00
d3a0bf4332
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-08 11:49:15 -08:00
5a7c2c5964
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-08 10:47:08 -08:00
ac31e8cfe6
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-08 10:47:05 -08:00
218e1676cb
Merge inbound to mozilla-central r=merge a=merge
2017-11-08 12:51:09 +02:00
cd430d0c58
Bug 1415250 Part 1: Block prntm64.dll and guard32.dll in sandboxed child processes. r=jimm
2017-11-08 08:06:14 +00:00
327d4f6ae1
Bug 1401594 - land NSS NSS_3_34_BETA3 UPGRADE_NSS_RELEASE CLOSED TREE, r=me
...
MozReview-Commit-ID: HCa9qQq2zPP
2017-11-08 15:26:20 +01:00
714a126090
Bug 1401594 - land NSS NSS_3_34_BETA2 UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: IZcYFTH0x9o
--HG--
extra : rebase_source : 224952488b3e4beef03d707aa43c17a095df02f9
2017-11-08 11:44:14 +01:00
0c57f53d9c
Merge autoland to mozilla-central r=merge a=merge
2017-11-07 23:55:23 +02:00
c9735e7bb6
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-07 11:43:05 -08:00
d45b8e51c2
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-07 11:43:01 -08:00
d5e7732988
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-07 10:43:47 -08:00
5a48a94698
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-07 10:43:43 -08:00
195dbda63e
Bug 1414735 - Upgrade Firefox to NSS 3.35, r=franziskus UPGRADE_NSS_RELEASE
...
MozReview-Commit-ID: 6hDnHCWVeWz
--HG--
extra : rebase_source : 4bf98010c7afefe9bc0f2da240bb676bd82496b6
2017-11-07 12:24:58 +11:00
a2f1dcd1e0
Merge m-c to autoland. a=merge
2017-11-06 14:51:08 -05:00
fe19e42a3c
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-06 11:36:57 -08:00
5ec06cbae9
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-06 11:36:53 -08:00
883506c13d
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-06 11:03:31 -08:00
af031d585f
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-06 11:03:27 -08:00
38bf4c4f20
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-05 11:26:07 -08:00
f03e7e263d
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-05 11:26:03 -08:00
9b91644ce1
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-05 10:47:13 -08:00
0e84a5f304
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-05 10:47:09 -08:00
a9ac7e1e95
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-04 11:27:47 -07:00
0c16c4d46a
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-04 11:27:43 -07:00
3af6639030
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 6lOkhi71eQ3
2017-11-04 10:53:33 +01:00
066b6713fd
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-03 11:33:33 -07:00
422df817cd
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-03 11:33:29 -07:00
68106833b3
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: xcHQOq7Rbv
2017-11-02 22:59:04 +01:00
8da0763166
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 60XtziNG2CK
2017-11-02 22:57:14 +01:00
299b665375
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2017-11-02 11:32:01 -07:00
06f236c2b4
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2017-11-02 11:31:57 -07:00
1db8f13af3
Bug 1401594 - land NSS NSS_3_34_BETA1 UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: 8ckNdJ29KWZ
--HG--
extra : rebase_source : 9766af247842aabce5e46c4a8d1d03c3f70d21f7
2017-11-01 15:38:36 +01:00
bc2d08ffc7
Bug 1414198 - Include <functional> in nsNSSCertificate.h r=keeler
...
We've a report of a compilation error on a different system because
std::function was undefined.
MozReview-Commit-ID: 2MboMUdLzHj
--HG--
extra : rebase_source : be6d73506402a1838b96ce55e69b44dcb00949f1
2017-11-03 17:11:04 -07:00
6922b82c52
bug 1357815 - 4/4: go a bit overboard on testcases for SHA-256 support in add-on signatures r=jcj
...
MozReview-Commit-ID: K4WYTYPXpi1
--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha1_and_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1-256.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha1_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha256_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_manifest.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-256.zip
extra : rebase_source : f56c5c9309590bd37d933e8e8fbff8535296b874
2017-10-27 11:20:33 -07:00
0b91cda795
Bug 1413312 - Fix media plugin sandbox policy for sched_get_priority_{min,max}. r=gcp
...
MozReview-Commit-ID: Bz4EWU13HAJ
--HG--
extra : rebase_source : 848880e083827a6f40e6ba289a5357ff6b4fa5f6
2017-10-31 18:12:43 -06:00
de1cbf125f
Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp
...
MozReview-Commit-ID: DY0qdGYGNdL
--HG--
extra : rebase_source : 02448ea28e8c1ea0d25776455d9ebb30d829b482
2017-10-30 19:45:39 -06:00
a2451f13e5
Bug 1412480 - Statically check for overly large syscall arguments. r=gcp
...
See the previous patch for an explanation of the mistake that this is
meant to catch.
Note that, even for arguments that really are 64-bit on 32-bit platforms
(typically off_t), it's generally not safe to pass them directly to
syscall(): some architectures, like ARM, use ABIs that require such
arguments to be passed in aligned register pairs, and they'll be aligned
differently for syscall() vs. the actual system call due to the leading
system call number argument. The syscall(2) man page discusses this
and documents that such arguments should be split into high/low halves,
passed separately, and manually padded.
Therefore, this patch rejects any argument types larger than a word.
MozReview-Commit-ID: FVhpri4zcWk
--HG--
extra : rebase_source : 0329fe68be2a4e16fb71736627f0190e005c9972
2017-10-27 19:51:26 -06:00
6d4b2907e1
Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp
...
The values in arch_seccomp_data::args are uint64_t even on 32-bit
platforms, and syscall takes varargs, so the arguments need to be
explicitly cast to the word size in order to be passed correctly.
MozReview-Commit-ID: 5ldv6WbL2Z3
--HG--
extra : rebase_source : c6ef37d8b367ad6025e510e58e6ab4d2f96cfc9e
2017-10-27 20:51:25 -06:00
6034b39937
bug 1357815 - 3/4: support SHA256 in PKCS#7 signatures on add-ons r=dveditz,jcj
...
As a result of this patch, the hash algorithm used in add-on signature
verification will come from the PKCS#7 signature. If SHA-256 is present, it will
be used. SHA-1 is used as a fallback. Otherwise, the signature is invalid.
This means that, for example, if the PKCS#7 signature only has SHA-1 but there
are SHA-256 hashes in the signature file and/or manifest file, only the SHA-1
hashes in the signature file and manifest file will be used, if they are present
(and verification will fail if they are not present). Similarly, if the PKCS#7
signature has SHA-256, there must be SHA-256 hashes in the signature file and
manifest file (even if SHA-1 is also present in the PKCS#7 signature).
MozReview-Commit-ID: K3OQEpIrnUW
--HG--
extra : rebase_source : 704a2a18e166bfaf3e3d944d13918054bd012000
2017-10-24 15:27:53 -07:00
7617737c9f
bug 1357815 - 2/4: refactor away unnecessary parts of certificate verification in add-on signature verification r=jcj
...
MozReview-Commit-ID: 4JKWIZ0wnuO
--HG--
extra : rebase_source : 7f032046b3a81c2b3f2135451af07a1e38e94664
2017-10-24 13:32:02 -07:00
543678ab80
bug 1357815 - 1/4: move VerifyCMSDetachedSignatureIncludingCertificate to where it's used r=jcj
...
MozReview-Commit-ID: JsBPGhDxQoS
--HG--
extra : rebase_source : 88a1c0b73762f28c53ffd645f2eba260743a4062
2017-10-24 13:18:14 -07:00
f44bfd0fc0
Merge m-c to autoland. a=merge
2017-11-01 21:55:56 -04:00
269dcb47f7
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-11-01 18:38:41 -07:00
249a4851fb
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-11-01 18:38:37 -07:00
f2bc4e722f
No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update
2017-10-31 12:14:57 -07:00
f4901979dd
No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update
2017-10-31 12:14:53 -07:00
f04a229953
Bug 1412994 - Ensure SegmentCertificateChain returns results in PSM order r=keeler
...
SegmentCertificateChain, when provided a cert chain from nsISSLStatus, delivers
the EE as the Root, the Root as the EE, and the intermediates in reverse order.
Basically, now that Bug 1406856 landed, it's clear this was backward in its
thinking, so reverse it for the common case.
MozReview-Commit-ID: Ahtv9U9A9oS
--HG--
extra : rebase_source : 75c8688c5041652fd966babe91cb8c6287e19ad0
2017-10-30 16:49:41 -07:00
6979ea37b4
merge mozilla-central to autoland. r=merge a=merge
2017-10-30 23:58:16 +01:00
f07fc93141
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 4PW6ESqLL73
2017-10-30 23:52:23 +01:00
da6d577b00
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-10-30 11:46:17 -07:00
0eee83e64e
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-10-30 11:46:14 -07:00
e67fce9b1f
Bug 1412827: Add Symantec DLLs ffm64 and ffm to the sandboxed child blocklist. r=jimm
...
This patch also adds k7pswsen.dll unconditionally as it is still appearing
in many crash reports despite the block working in a test VM.
2017-10-30 16:28:26 +00:00
6557099666
Bug 1411115 - Allow F_SETLK fcntl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: ARc7EpfN73o
--HG--
extra : rebase_source : 21c35a65a7c45387e2bd7fd7aba5f82ecf7c9ab3
2017-10-27 18:05:53 -06:00
ee247f0d5f
Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp
...
MozReview-Commit-ID: 4Q0XMWcxaAc
--HG--
extra : rebase_source : e6065c91ddb271b71b5577ca0d6c39349565724c
2017-10-27 19:32:37 -06:00
27d4543313
Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: 3svUgLLTZKL
--HG--
extra : rebase_source : 2f51310f19cff45313cafd2bdcc60f2999b729b3
2017-10-25 12:43:13 -06:00
d67d120cc4
Backed out 4 changesets (bug 1386404) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE
...
Backed out changeset 36556e1a5ac7 (bug 1386404138640413864041386404
2017-10-30 19:10:01 +01:00
3d94d8e8e1
Bug 1386404 - Only do the tmp remapping if needed. r=jld
...
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.
It's also a bit faster.
MozReview-Commit-ID: CWtngVNhA0t
--HG--
extra : rebase_source : 304481a18c371c3253448971f48064bcbd681a81
2017-10-26 18:02:10 +02:00
577b3a7731
Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld
...
MozReview-Commit-ID: 2h9hw6opYof
--HG--
extra : rebase_source : f3121d7afff22e3f72c66e3a5553e731a83a2e1c
2017-10-26 17:50:49 +02:00
6a66615d8d
Bug 1386404 - Enable access to the entire chrome dir from content. r=jld
...
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.
MozReview-Commit-ID: 8uJcWiC2rli
--HG--
extra : rebase_source : 3542ea305aabaca0500d66f8e86f5c12170d793e
2017-10-26 18:57:03 +02:00
802f1b9395
Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik
...
MozReview-Commit-ID: 6Hijq0to9MG
--HG--
extra : rebase_source : c7a3559e4cbdfd1885d13a489c4eeb311ca973fa
2017-10-12 11:18:25 +02:00
0ab6bdd2fa
Bug 1413937 - add sha384 and sha512 to pycert and pykey, r=keeler
...
MozReview-Commit-ID: ArjNHLC1MFC
Differential Revision: https://phabricator.services.mozilla.com/D185
--HG--
extra : rebase_source : 781abe2faa33aa4f55902db1b191159f9c88254d
2017-11-09 16:55:12 +01:00
794abc6fba
merge mozilla-central to autoland. r=merge a=merge
2017-10-29 23:01:08 +01:00
8af3c26b61
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-10-29 11:34:19 -07:00
c61725847a
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-10-29 11:34:15 -07:00
d6f574cf1b
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: DMG276CdAzv
2017-10-28 23:57:08 +02:00
8d7205d5c7
No bug, Automated HPKP preload list update from host bld-linux64-spot-023 - a=hpkp-update
2017-10-28 11:38:28 -07:00
b03d306da6
No bug, Automated HSTS preload list update from host bld-linux64-spot-023 - a=hsts-update
2017-10-28 11:38:24 -07:00
e009038b12
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-10-28 11:23:31 -07:00
261757d83a
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-10-28 11:23:28 -07:00
2f6f3e1167
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: JSVOeP0nq5J
2017-10-27 23:28:23 +02:00
a5b2d14190
No bug, Automated HPKP preload list update from host bld-linux64-spot-022 - a=hpkp-update
2017-10-27 11:38:58 -07:00
28eb630b74
No bug, Automated HSTS preload list update from host bld-linux64-spot-022 - a=hsts-update
2017-10-27 11:38:54 -07:00
21363323fd
Backed out 2 changesets (bug 1409900) for failing browser chrome on Linux opt at browser/base/content/test/general/browser_bug590206.js r=backout a=backout.
...
Backed out changeset 83296a355dd4 (bug 1409900)
Backed out changeset 072007f83431 (bug 1409900)
2017-10-27 16:15:47 +03:00
5c15da1f08
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
--HG--
rename : testing/talos/tests/__init__.py => testing/talos/talos/unittests/__init__.py
rename : testing/talos/tests/browser_output.ts.txt => testing/talos/talos/unittests/browser_output.ts.txt
rename : testing/talos/tests/browser_output.tsvg.txt => testing/talos/talos/unittests/browser_output.tsvg.txt
rename : testing/talos/tests/profile.tgz => testing/talos/talos/unittests/profile.tgz
rename : testing/talos/tests/ps-Acj.out => testing/talos/talos/unittests/ps-Acj.out
rename : testing/talos/tests/test_talosconfig_browser_config.json => testing/talos/talos/unittests/test_talosconfig_browser_config.json
rename : testing/talos/tests/test_talosconfig_test_config.json => testing/talos/talos/unittests/test_talosconfig_test_config.json
rename : testing/talos/tests/xrestop_output.txt => testing/talos/talos/unittests/xrestop_output.txt
2017-10-27 12:45:34 +03:00
d4d890633b
Bug 1411683 - Add foreach and segment utility methods to nsNSSCertList r=keeler
...
This adds two methods to nsNSSCertList: ForEachCertificateInChain, and
SegmentCertificateChain. The ForEach method calls a supplied function for each
certificate in the chain, one by one.
That method is then used by the Segment method, which (assuming the chain is
ordered) splits it into Root, End Entity, and everything in-between as a list of
Intermediates.
This patch does _not_ try to add these methods to the IDL, as it's not
straightforward to me on how to handle the nsCOMPtr or std::function arguments.
These methods will be first used by Bug 1409259.
(Update to fix gtest bustage on Linux)
MozReview-Commit-ID: 8qjwF3juLTr
--HG--
extra : rebase_source : 3dee871a4622b8ad84cca247dc9a9f3ceb3b4bd9
2017-10-25 13:37:50 -05:00
eac42bd3b1
Bug 1411683 - Add "requirements.txt" for pycert.py r=keeler
...
There are specific versions needed for security/manager/ssl/tests/unit/pycert.py,
so let's give PIP some installation help:
0.1.7 for pyasn1 and 0.0.5 for pyasn1_modules
(recent versions break pycert/pykey/pycms)
MozReview-Commit-ID: Fk98UPd8bJo
--HG--
extra : rebase_source : 79436d4e99cda1dca438015835fdfa83a78c4dc7
2017-10-25 16:03:58 -05:00
032fc16f72
Bug 1406856 - Re-plumb nsISSLStatus.idl to carry with it the whole nsIX509CertList r=jcj,keeler
...
MozReview-Commit-ID: 2YDmCzqdm26
--HG--
extra : rebase_source : 5b1f345698948b193addfa9326b5a29f9572a411
2017-10-26 17:52:11 +01:00
e434e03817
Backed out changeset 51eaba841505 (bug 1406856) for failing eslint at security/manager/ssl/tests/unit/head_psm.js:732:53 | Multiple spaces found before '='. r=backout
...
--HG--
extra : amend_source : 46ecb5c0f3f8c682aa0eaf27e14527b516710903
2017-10-28 12:49:09 +02:00
63bf63249d
Bug 1406856 - Re-plumb nsISSLStatus.idl to carry with it the whole nsIX509CertList r=keeler
...
MozReview-Commit-ID: 2YDmCzqdm26
--HG--
extra : rebase_source : 7de06b44adbcfc3891555b4176663d20d4f96a1a
2017-10-26 17:52:11 +01:00
76b1bdf7de
Bug 1408497 - Disallow inotify in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: nKyIvMNQAt
--HG--
extra : rebase_source : 5347e8da745d6f4a0cd4e81e76fe6b94d94eac30
2017-10-25 13:35:47 -06:00
5f10d1f416
Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp
...
MozReview-Commit-ID: 4Q0XMWcxaAc
--HG--
extra : rebase_source : 6bd36df3155fc5cdda67720e313028a68e2f0901
2017-10-25 13:08:26 -06:00
fce1017953
Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: 3svUgLLTZKL
--HG--
extra : rebase_source : 54623b48c65a1319905cab5aa520928681ec0023
2017-10-25 12:43:13 -06:00
160e1dcfe0
Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp
...
MozReview-Commit-ID: JX81xpNBMIm
--HG--
extra : rebase_source : c7334f3e0b61b4fb4e0305cc6fc5d3173d08c032
2017-10-25 16:38:20 -06:00
b8aa6b6de9
Bug 1410241 - Don't call destructors on objects we use in the SIGSYS handler. r=gcp
...
MozReview-Commit-ID: LAgORUSvDh9
--HG--
extra : rebase_source : b39836ebb7405202c60b075b30b48966ac644e71
2017-10-25 17:58:22 -06:00
aa4363afaa
Bug 1410280 - Re-allow PR_GET_NAME for sandboxed content processes. r=gcp
...
This prctl is used by PulseAudio; once bug 1394163 is resolved, allowing
it can be made conditional on the media.cubeb.sandbox pref.
MozReview-Commit-ID: 6jAM65V32vK
--HG--
extra : rebase_source : abb039aff7cefc0aa3b95f4574fdf1e3fb0d93a6
2017-10-25 11:04:34 -06:00
d10e26c913
merge mozilla-central to mozilla-inbound. r=merge a=merge
2017-10-27 00:00:25 +02:00
7c460507ae
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-10-26 11:33:02 -07:00
13bc938b90
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-10-26 11:32:58 -07:00
a173b09db6
Backed out changeset ccc0e72f2152 (bug 1403260) for hanging Mac browser-chrome in printing tests
...
MozReview-Commit-ID: IZNT5Jh8nzB
2017-10-25 23:00:17 -07:00
362316451f
Bug 1403260 - [Mac] Remove access to print server from content process sandbox r=mconley
...
MozReview-Commit-ID: Ia21je8TTIg
--HG--
extra : rebase_source : 656e9e3ac8d1fb741d46881458bb0b7fb402d688
2017-10-22 23:02:58 -07:00
23c958dc39
Backed out 2 changesets (bug 1411683) for build bustage in security/manager/ssl/tests/gtest/CertListTest.cpp. r=backout on a CLOSED TREE
...
Backed out changeset 9d579c7e46b9 (bug 1411683)
Backed out changeset 21a17ab8b0fc (bug 1411683)
2017-10-27 23:53:55 +02:00
841ee307e6
merge mozilla-central to autoland. r=merge a=merge
2017-10-27 23:32:15 +02:00
de44bcbd15
Bug 1411683 - Add foreach and segment utility methods to nsNSSCertList r=keeler
...
This adds two methods to nsNSSCertList: ForEachCertificateInChain, and
SegmentCertificateChain. The ForEach method calls a supplied function for each
certificate in the chain, one by one.
That method is then used by the Segment method, which (assuming the chain is
ordered) splits it into Root, End Entity, and everything in-between as a list of
Intermediates.
This patch does _not_ try to add these methods to the IDL, as it's not
straightforward to me on how to handle the nsCOMPtr or std::function arguments.
These methods will be first used by Bug 1409259.
MozReview-Commit-ID: 8qjwF3juLTr
--HG--
extra : rebase_source : 39e2e8530ac23c6b96eb73f406bca32a59bcccf5
2017-10-25 13:37:50 -05:00
6594c2801b
Bug 1411683 - Add "requirements.txt" for pycert.py r=keeler
...
There are specific versions needed for security/manager/ssl/tests/unit/pycert.py,
so let's give PIP some installation help:
0.1.7 for pyasn1 and 0.0.5 for pyasn1_modules
(recent versions break pycert/pykey/pycms)
MozReview-Commit-ID: Fk98UPd8bJo
--HG--
extra : rebase_source : 79436d4e99cda1dca438015835fdfa83a78c4dc7
2017-10-25 16:03:58 -05:00
443416f881
Merge mozilla-central to autoland. r=merge a=merge
2017-10-26 00:39:55 +02:00
ffxbld
EKR
manikishan
David Keeler
Jed Davis
Sylvestre Ledru
Cosmin Sabou
Brindusan Cristian
cku
Dorel Luca
Alex Gaynor
Ciure Andrei
Franziskus Kiefer
Gurzau Raul
Tiberius Oros
shindli
Michal Novotny
Gabriele Svelto
Bogdan Tara
Tooru Fujisawa
Gian-Carlo Pascutto
Noemi Erli
Bob Owen
Jonathan Kew
Mark Banner
Andreea Pavel
Csoregi Natalia
Ryan VanderMeulen
Margareta Eliza Balazs
Sebastian Hengst
Kyle Machulis
Narcis Beleuzu
Martin Thomson
J.C. Jones
Attila Craciun
Mark Goodwin
Phil Ringnalda
Haik Aftandilian