cdb95907ba
Merge mozilla-central to autoland r=merge a=merge on a CLOSED TREE
2017-11-16 00:41:40 +02:00
d0a4ab96a0
Merge inbound to mozilla-central r=merge a=merge
2017-11-16 00:24:15 +02:00
6c10f7d914
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-15 11:31:52 -08:00
393e147523
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-15 11:31:48 -08:00
dd02544d02
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-15 10:54:33 -08:00
bab5f228d3
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-15 10:54:29 -08:00
304ec4c15e
Bug 1417420 - Add the path used by FontAgent to the sandbox rules on macOS. r=haik
2017-11-15 17:59:44 +00:00
ab21773795
bug 1417277 - remove support for MOZPSM_NSSDBDIR_OVERRIDE r=jcj
...
MOZPSM_NSSDBDIR_OVERRIDE was added in bug 462919 for integration with xulrunner
applications. Upcoming changes we're aiming to make with how PSM handles NSS and
the certificate/key databases (e.g. making the sqlite-backed implementation
mandatory) mean we have to take this feature into account. xulrunner isn't
supported any longer. Searching the web for "MOZPSM_NSSDBDIR_OVERRIDE" yields
two kinds of results: mozilla-central source code and a man page for nss-gui,
which it seems is the only project that ever made use of
MOZPSM_NSSDBDIR_OVERRIDE (and hasn't been updated since 2013, from what I can
tell). I think it's fair to conclude that this isn't a widely-used (let alone
known) feature. To make development easier, we should remove it.
MozReview-Commit-ID: 56vcTYSzDPq
--HG--
extra : rebase_source : 683a65bcd79182c04524562bc26ed5925f5d902b
2017-11-14 16:38:34 -08:00
7af6788dd0
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-11-14 11:51:23 -08:00
1d90c326d7
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-11-14 11:51:19 -08:00
e943551045
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-14 10:58:36 -08:00
cc72aaf33e
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-14 10:58:32 -08:00
ba94a5128c
Bug 1371293 - Fix instances of missing 'use strict;' in html files as found after ESLint 4 upgrade. r=mossop
...
MozReview-Commit-ID: 2q3nqLaXA3E
--HG--
extra : rebase_source : 971ee6ae4dd565ead6f4aa16e06638445ecc5da0
2017-10-31 16:40:37 +00:00
3039b5c625
Backed out 1 changesets (bug 1417677) for failing security/manager/ssl/tests/unit/test_broken_fips.js r=backout on a CLOSED TREE
...
Backed out changeset 614a09e35ff0 (bug 1417677)
2017-11-17 12:49:16 +02:00
fdbe147ffb
Merge mozilla-central to autoland. r=merge a=merge CLOSED TREE
2017-11-17 12:09:31 +02:00
82c2e0ec18
bug 1413336 - (7/7) regenerate all the certificates! r=Cykesiopka
...
Also regenerate the test_signed_app.js testcases.
MozReview-Commit-ID: 483uNQT0wuG
--HG--
extra : rebase_source : 4dfddf89d151dceb970a1a9139a5c90e6b578f8c
2017-11-08 12:57:03 -08:00
cfc4721f33
bug 1413336 - (6/7) replace setComponentByName with direct property setters r=Cykesiopka
...
MozReview-Commit-ID: EIIzP04YHo9
--HG--
extra : rebase_source : bf04301265175f59a3db429667322caffeeeb767
2017-11-14 13:35:10 -08:00
d64022f084
bug 1413336 - (5/7) ensure text files generated by pycert et. al. have trailing newlines r=Cykesiopka
...
MozReview-Commit-ID: KduWJRzTxBp
--HG--
extra : rebase_source : 74c5baf9747a85d71bc93d7459a8b519b40f6dd4
2017-10-25 16:59:18 -07:00
d6bd3927e3
bug 1413336 - (4/7) make certificate serial number generation not depend on pyasn1 object string representation r=Cykesiopka
...
MozReview-Commit-ID: 69GjudEKwQM
--HG--
extra : rebase_source : 707413a77478e17a398fbb3c75eb27b64486b313
2017-11-08 14:12:03 -08:00
4a5bf460ad
bug 1413336 - (3/7) fix pycert.py and pykey.py with respect to pyasn1/pyasn1-modules updates r=Cykesiopka
...
MozReview-Commit-ID: CsxOF7LdEHB
--HG--
extra : rebase_source : 09b901b640779a9fe33de9d8c160b6918e6f12f7
2017-11-08 13:23:17 -08:00
dcb596244e
bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
...
MozReview-Commit-ID: 2qoJz5gDPyY
--HG--
extra : rebase_source : c84d7975fa30c753af7481d04e2db8c19daff180
2017-11-15 15:24:58 -08:00
2d6eb184f1
bug 1368868 - give up on ocsp stapling strictness because we can't have nice things r=jcj
...
MozReview-Commit-ID: nbX0c251oC
--HG--
extra : rebase_source : 2adda43c5ea137c17474e4b9303107f4ba3815ff
2017-11-08 15:50:26 -08:00
d49916e353
bug 1415991 - remove support for signed unpacked addons r=jcj,rhelmer
...
Unfortunately we have a number of add-on installation tests that rely on
unpacked addons verifying as signed. The test infrastructure achieves this by
monkey-patching nsIX509CertDB.verifySignedDirectoryAsync to always succeed.
These tests are, in general, not actually testing the successful verification of
signed unpacked add-ons but rather other aspects of add-on installation,
updating, etc.. Some of these tests are certainly no longer relevant now that
legacy add-ons aren't supported, but we don't have the time to go through all of
them at the moment (this blocks updating add-on signature verification to use
COSE signatures, which we need to ship in 59 or we're probably not shipping at
all).
MozReview-Commit-ID: 3TVPK703mUy
--HG--
extra : rebase_source : 5bf0b72a4d7c8ade702334345fdc3bf6a8761b15
2017-11-09 11:19:23 -08:00
e520b4f458
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-14 00:59:27 +02:00
6f5e1e666f
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2017-11-13 11:38:59 -08:00
4d11774312
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2017-11-13 11:38:56 -08:00
96d2701aef
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-13 10:56:59 -08:00
02130351db
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-13 10:56:56 -08:00
8802fbf292
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-11-12 11:35:21 -08:00
014fe21cbb
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-11-12 11:35:17 -08:00
54eff2095e
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-12 11:06:31 -08:00
f5ee17bd6f
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-12 11:06:28 -08:00
14b2379843
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-11 11:46:19 -08:00
844ee0c1d3
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-11 11:46:15 -08:00
a99e2a57b4
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-11 11:07:18 -08:00
0411746801
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-11 11:07:14 -08:00
873f611a48
Bug 1401786 - Move the Linux sandboxing parts of GeckoChildProcessHost into security/sandbox. r=gcp
...
MozReview-Commit-ID: JknJhF5umZc
--HG--
extra : rebase_source : 2fa246e9a8b350becc21ed5bfd69820d3a321064
2017-10-06 17:15:46 -06:00
af821e1fe3
Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
...
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.
MozReview-Commit-ID: 4CsOf89vlRB
--HG--
extra : rebase_source : b9130f522e860e6a582933799a9bac07b771139b
2017-06-01 10:38:22 -04:00
b16410f51c
Merge inbound to m-c. a=merge
2017-11-10 16:13:15 -05:00
018987af9e
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-10 11:40:26 -08:00
fef8559955
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-10 11:40:22 -08:00
5f8a70cc67
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-10 11:07:01 -08:00
dc41b393b4
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-10 11:06:58 -08:00
7e070192d7
Merge inbound to mozilla-central r=merge a=merge
2017-11-10 11:55:43 +02:00
ed9d8c71ea
merge mozilla-central to autoland. r=merge a=merge on a CLOSED TREE
2017-11-10 02:46:00 +02:00
80565ab2ca
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-09 12:27:53 -08:00
5e3d80e936
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-09 12:27:50 -08:00
b730c6b38d
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-09 11:48:10 -08:00
7e80b102d5
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-09 11:48:06 -08:00
96773b2710
merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE
2017-11-10 02:47:06 +02:00
e1c8aba28f
Merge mozilla-central to mozilla-inbound r=merge a=merge on a CLOSED TREE
2017-11-09 22:17:00 +02:00
0c8c69a89a
bug 1235287 - set a longer ocsp request timeout in test_ocsp_stapling_expired.js to avoid intermittent failures on android r=jcj
...
MozReview-Commit-ID: 3CJqnQ4EGXn
--HG--
extra : rebase_source : 3bdeac9d603d2f7d723e82fcfc75971ff9c44df0
2017-11-09 09:40:28 -08:00
bcce449ae5
Bug 1408186 - Remove nsIDOMHTMLSelectElement and nsIDOMHTMLOptionsCollection; r=bz
...
MozReview-Commit-ID: Gh3JwLUtmz9
--HG--
extra : rebase_source : 6cdee487246406cafe0e5a9afe4a44f62d131c8b
2017-10-12 16:32:25 -07:00
a353221537
merge mozilla-inbound to mozilla-central. r=merge a=merge
2017-11-09 00:00:16 +02:00
f9ad119371
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-08 11:49:18 -08:00
d3a0bf4332
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-08 11:49:15 -08:00
5a7c2c5964
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-08 10:47:08 -08:00
ac31e8cfe6
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-08 10:47:05 -08:00
218e1676cb
Merge inbound to mozilla-central r=merge a=merge
2017-11-08 12:51:09 +02:00
cd430d0c58
Bug 1415250 Part 1: Block prntm64.dll and guard32.dll in sandboxed child processes. r=jimm
2017-11-08 08:06:14 +00:00
327d4f6ae1
Bug 1401594 - land NSS NSS_3_34_BETA3 UPGRADE_NSS_RELEASE CLOSED TREE, r=me
...
MozReview-Commit-ID: HCa9qQq2zPP
2017-11-08 15:26:20 +01:00
714a126090
Bug 1401594 - land NSS NSS_3_34_BETA2 UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: IZcYFTH0x9o
--HG--
extra : rebase_source : 224952488b3e4beef03d707aa43c17a095df02f9
2017-11-08 11:44:14 +01:00
0c57f53d9c
Merge autoland to mozilla-central r=merge a=merge
2017-11-07 23:55:23 +02:00
c9735e7bb6
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-07 11:43:05 -08:00
d45b8e51c2
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-07 11:43:01 -08:00
d5e7732988
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-07 10:43:47 -08:00
5a48a94698
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-07 10:43:43 -08:00
195dbda63e
Bug 1414735 - Upgrade Firefox to NSS 3.35, r=franziskus UPGRADE_NSS_RELEASE
...
MozReview-Commit-ID: 6hDnHCWVeWz
--HG--
extra : rebase_source : 4bf98010c7afefe9bc0f2da240bb676bd82496b6
2017-11-07 12:24:58 +11:00
a2f1dcd1e0
Merge m-c to autoland. a=merge
2017-11-06 14:51:08 -05:00
fe19e42a3c
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-06 11:36:57 -08:00
5ec06cbae9
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-06 11:36:53 -08:00
883506c13d
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-06 11:03:31 -08:00
af031d585f
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-06 11:03:27 -08:00
38bf4c4f20
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-05 11:26:07 -08:00
f03e7e263d
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-05 11:26:03 -08:00
9b91644ce1
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-05 10:47:13 -08:00
0e84a5f304
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-05 10:47:09 -08:00
a9ac7e1e95
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-04 11:27:47 -07:00
0c16c4d46a
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-04 11:27:43 -07:00
3af6639030
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 6lOkhi71eQ3
2017-11-04 10:53:33 +01:00
066b6713fd
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-03 11:33:33 -07:00
422df817cd
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-03 11:33:29 -07:00
68106833b3
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: xcHQOq7Rbv
2017-11-02 22:59:04 +01:00
8da0763166
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 60XtziNG2CK
2017-11-02 22:57:14 +01:00
299b665375
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2017-11-02 11:32:01 -07:00
06f236c2b4
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2017-11-02 11:31:57 -07:00
1db8f13af3
Bug 1401594 - land NSS NSS_3_34_BETA1 UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: 8ckNdJ29KWZ
--HG--
extra : rebase_source : 9766af247842aabce5e46c4a8d1d03c3f70d21f7
2017-11-01 15:38:36 +01:00
bc2d08ffc7
Bug 1414198 - Include <functional> in nsNSSCertificate.h r=keeler
...
We've a report of a compilation error on a different system because
std::function was undefined.
MozReview-Commit-ID: 2MboMUdLzHj
--HG--
extra : rebase_source : be6d73506402a1838b96ce55e69b44dcb00949f1
2017-11-03 17:11:04 -07:00
6922b82c52
bug 1357815 - 4/4: go a bit overboard on testcases for SHA-256 support in add-on signatures r=jcj
...
MozReview-Commit-ID: K4WYTYPXpi1
--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha1_and_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1-256.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha1_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha256_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_manifest.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-256.zip
extra : rebase_source : f56c5c9309590bd37d933e8e8fbff8535296b874
2017-10-27 11:20:33 -07:00
0b91cda795
Bug 1413312 - Fix media plugin sandbox policy for sched_get_priority_{min,max}. r=gcp
...
MozReview-Commit-ID: Bz4EWU13HAJ
--HG--
extra : rebase_source : 848880e083827a6f40e6ba289a5357ff6b4fa5f6
2017-10-31 18:12:43 -06:00
de1cbf125f
Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp
...
MozReview-Commit-ID: DY0qdGYGNdL
--HG--
extra : rebase_source : 02448ea28e8c1ea0d25776455d9ebb30d829b482
2017-10-30 19:45:39 -06:00
a2451f13e5
Bug 1412480 - Statically check for overly large syscall arguments. r=gcp
...
See the previous patch for an explanation of the mistake that this is
meant to catch.
Note that, even for arguments that really are 64-bit on 32-bit platforms
(typically off_t), it's generally not safe to pass them directly to
syscall(): some architectures, like ARM, use ABIs that require such
arguments to be passed in aligned register pairs, and they'll be aligned
differently for syscall() vs. the actual system call due to the leading
system call number argument. The syscall(2) man page discusses this
and documents that such arguments should be split into high/low halves,
passed separately, and manually padded.
Therefore, this patch rejects any argument types larger than a word.
MozReview-Commit-ID: FVhpri4zcWk
--HG--
extra : rebase_source : 0329fe68be2a4e16fb71736627f0190e005c9972
2017-10-27 19:51:26 -06:00
6d4b2907e1
Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp
...
The values in arch_seccomp_data::args are uint64_t even on 32-bit
platforms, and syscall takes varargs, so the arguments need to be
explicitly cast to the word size in order to be passed correctly.
MozReview-Commit-ID: 5ldv6WbL2Z3
--HG--
extra : rebase_source : c6ef37d8b367ad6025e510e58e6ab4d2f96cfc9e
2017-10-27 20:51:25 -06:00
6034b39937
bug 1357815 - 3/4: support SHA256 in PKCS#7 signatures on add-ons r=dveditz,jcj
...
As a result of this patch, the hash algorithm used in add-on signature
verification will come from the PKCS#7 signature. If SHA-256 is present, it will
be used. SHA-1 is used as a fallback. Otherwise, the signature is invalid.
This means that, for example, if the PKCS#7 signature only has SHA-1 but there
are SHA-256 hashes in the signature file and/or manifest file, only the SHA-1
hashes in the signature file and manifest file will be used, if they are present
(and verification will fail if they are not present). Similarly, if the PKCS#7
signature has SHA-256, there must be SHA-256 hashes in the signature file and
manifest file (even if SHA-1 is also present in the PKCS#7 signature).
MozReview-Commit-ID: K3OQEpIrnUW
--HG--
extra : rebase_source : 704a2a18e166bfaf3e3d944d13918054bd012000
2017-10-24 15:27:53 -07:00
7617737c9f
bug 1357815 - 2/4: refactor away unnecessary parts of certificate verification in add-on signature verification r=jcj
...
MozReview-Commit-ID: 4JKWIZ0wnuO
--HG--
extra : rebase_source : 7f032046b3a81c2b3f2135451af07a1e38e94664
2017-10-24 13:32:02 -07:00
543678ab80
bug 1357815 - 1/4: move VerifyCMSDetachedSignatureIncludingCertificate to where it's used r=jcj
...
MozReview-Commit-ID: JsBPGhDxQoS
--HG--
extra : rebase_source : 88a1c0b73762f28c53ffd645f2eba260743a4062
2017-10-24 13:18:14 -07:00
f44bfd0fc0
Merge m-c to autoland. a=merge
2017-11-01 21:55:56 -04:00
269dcb47f7
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-11-01 18:38:41 -07:00
249a4851fb
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-11-01 18:38:37 -07:00
f2bc4e722f
No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update
2017-10-31 12:14:57 -07:00
f4901979dd
No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update
2017-10-31 12:14:53 -07:00
f04a229953
Bug 1412994 - Ensure SegmentCertificateChain returns results in PSM order r=keeler
...
SegmentCertificateChain, when provided a cert chain from nsISSLStatus, delivers
the EE as the Root, the Root as the EE, and the intermediates in reverse order.
Basically, now that Bug 1406856 landed, it's clear this was backward in its
thinking, so reverse it for the common case.
MozReview-Commit-ID: Ahtv9U9A9oS
--HG--
extra : rebase_source : 75c8688c5041652fd966babe91cb8c6287e19ad0
2017-10-30 16:49:41 -07:00
6979ea37b4
merge mozilla-central to autoland. r=merge a=merge
2017-10-30 23:58:16 +01:00
f07fc93141
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 4PW6ESqLL73
2017-10-30 23:52:23 +01:00
da6d577b00
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-10-30 11:46:17 -07:00
0eee83e64e
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-10-30 11:46:14 -07:00
e67fce9b1f
Bug 1412827: Add Symantec DLLs ffm64 and ffm to the sandboxed child blocklist. r=jimm
...
This patch also adds k7pswsen.dll unconditionally as it is still appearing
in many crash reports despite the block working in a test VM.
2017-10-30 16:28:26 +00:00
6557099666
Bug 1411115 - Allow F_SETLK fcntl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: ARc7EpfN73o
--HG--
extra : rebase_source : 21c35a65a7c45387e2bd7fd7aba5f82ecf7c9ab3
2017-10-27 18:05:53 -06:00
ee247f0d5f
Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp
...
MozReview-Commit-ID: 4Q0XMWcxaAc
--HG--
extra : rebase_source : e6065c91ddb271b71b5577ca0d6c39349565724c
2017-10-27 19:32:37 -06:00
27d4543313
Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: 3svUgLLTZKL
--HG--
extra : rebase_source : 2f51310f19cff45313cafd2bdcc60f2999b729b3
2017-10-25 12:43:13 -06:00
d67d120cc4
Backed out 4 changesets (bug 1386404) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE
...
Backed out changeset 36556e1a5ac7 (bug 1386404138640413864041386404
2017-10-30 19:10:01 +01:00
3d94d8e8e1
Bug 1386404 - Only do the tmp remapping if needed. r=jld
...
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.
It's also a bit faster.
MozReview-Commit-ID: CWtngVNhA0t
--HG--
extra : rebase_source : 304481a18c371c3253448971f48064bcbd681a81
2017-10-26 18:02:10 +02:00
577b3a7731
Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld
...
MozReview-Commit-ID: 2h9hw6opYof
--HG--
extra : rebase_source : f3121d7afff22e3f72c66e3a5553e731a83a2e1c
2017-10-26 17:50:49 +02:00
6a66615d8d
Bug 1386404 - Enable access to the entire chrome dir from content. r=jld
...
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.
MozReview-Commit-ID: 8uJcWiC2rli
--HG--
extra : rebase_source : 3542ea305aabaca0500d66f8e86f5c12170d793e
2017-10-26 18:57:03 +02:00
802f1b9395
Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik
...
MozReview-Commit-ID: 6Hijq0to9MG
--HG--
extra : rebase_source : c7a3559e4cbdfd1885d13a489c4eeb311ca973fa
2017-10-12 11:18:25 +02:00
0ab6bdd2fa
Bug 1413937 - add sha384 and sha512 to pycert and pykey, r=keeler
...
MozReview-Commit-ID: ArjNHLC1MFC
Differential Revision: https://phabricator.services.mozilla.com/D185
--HG--
extra : rebase_source : 781abe2faa33aa4f55902db1b191159f9c88254d
2017-11-09 16:55:12 +01:00
794abc6fba
merge mozilla-central to autoland. r=merge a=merge
2017-10-29 23:01:08 +01:00
8af3c26b61
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-10-29 11:34:19 -07:00
c61725847a
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-10-29 11:34:15 -07:00
d6f574cf1b
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: DMG276CdAzv
2017-10-28 23:57:08 +02:00
8d7205d5c7
No bug, Automated HPKP preload list update from host bld-linux64-spot-023 - a=hpkp-update
2017-10-28 11:38:28 -07:00
b03d306da6
No bug, Automated HSTS preload list update from host bld-linux64-spot-023 - a=hsts-update
2017-10-28 11:38:24 -07:00
e009038b12
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-10-28 11:23:31 -07:00
261757d83a
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-10-28 11:23:28 -07:00
2f6f3e1167
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: JSVOeP0nq5J
2017-10-27 23:28:23 +02:00
a5b2d14190
No bug, Automated HPKP preload list update from host bld-linux64-spot-022 - a=hpkp-update
2017-10-27 11:38:58 -07:00
28eb630b74
No bug, Automated HSTS preload list update from host bld-linux64-spot-022 - a=hsts-update
2017-10-27 11:38:54 -07:00
21363323fd
Backed out 2 changesets (bug 1409900) for failing browser chrome on Linux opt at browser/base/content/test/general/browser_bug590206.js r=backout a=backout.
...
Backed out changeset 83296a355dd4 (bug 1409900)
Backed out changeset 072007f83431 (bug 1409900)
2017-10-27 16:15:47 +03:00
5c15da1f08
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
--HG--
rename : testing/talos/tests/__init__.py => testing/talos/talos/unittests/__init__.py
rename : testing/talos/tests/browser_output.ts.txt => testing/talos/talos/unittests/browser_output.ts.txt
rename : testing/talos/tests/browser_output.tsvg.txt => testing/talos/talos/unittests/browser_output.tsvg.txt
rename : testing/talos/tests/profile.tgz => testing/talos/talos/unittests/profile.tgz
rename : testing/talos/tests/ps-Acj.out => testing/talos/talos/unittests/ps-Acj.out
rename : testing/talos/tests/test_talosconfig_browser_config.json => testing/talos/talos/unittests/test_talosconfig_browser_config.json
rename : testing/talos/tests/test_talosconfig_test_config.json => testing/talos/talos/unittests/test_talosconfig_test_config.json
rename : testing/talos/tests/xrestop_output.txt => testing/talos/talos/unittests/xrestop_output.txt
2017-10-27 12:45:34 +03:00
d4d890633b
Bug 1411683 - Add foreach and segment utility methods to nsNSSCertList r=keeler
...
This adds two methods to nsNSSCertList: ForEachCertificateInChain, and
SegmentCertificateChain. The ForEach method calls a supplied function for each
certificate in the chain, one by one.
That method is then used by the Segment method, which (assuming the chain is
ordered) splits it into Root, End Entity, and everything in-between as a list of
Intermediates.
This patch does _not_ try to add these methods to the IDL, as it's not
straightforward to me on how to handle the nsCOMPtr or std::function arguments.
These methods will be first used by Bug 1409259.
(Update to fix gtest bustage on Linux)
MozReview-Commit-ID: 8qjwF3juLTr
--HG--
extra : rebase_source : 3dee871a4622b8ad84cca247dc9a9f3ceb3b4bd9
2017-10-25 13:37:50 -05:00
eac42bd3b1
Bug 1411683 - Add "requirements.txt" for pycert.py r=keeler
...
There are specific versions needed for security/manager/ssl/tests/unit/pycert.py,
so let's give PIP some installation help:
0.1.7 for pyasn1 and 0.0.5 for pyasn1_modules
(recent versions break pycert/pykey/pycms)
MozReview-Commit-ID: Fk98UPd8bJo
--HG--
extra : rebase_source : 79436d4e99cda1dca438015835fdfa83a78c4dc7
2017-10-25 16:03:58 -05:00
032fc16f72
Bug 1406856 - Re-plumb nsISSLStatus.idl to carry with it the whole nsIX509CertList r=jcj,keeler
...
MozReview-Commit-ID: 2YDmCzqdm26
--HG--
extra : rebase_source : 5b1f345698948b193addfa9326b5a29f9572a411
2017-10-26 17:52:11 +01:00
e434e03817
Backed out changeset 51eaba841505 (bug 1406856) for failing eslint at security/manager/ssl/tests/unit/head_psm.js:732:53 | Multiple spaces found before '='. r=backout
...
--HG--
extra : amend_source : 46ecb5c0f3f8c682aa0eaf27e14527b516710903
2017-10-28 12:49:09 +02:00
63bf63249d
Bug 1406856 - Re-plumb nsISSLStatus.idl to carry with it the whole nsIX509CertList r=keeler
...
MozReview-Commit-ID: 2YDmCzqdm26
--HG--
extra : rebase_source : 7de06b44adbcfc3891555b4176663d20d4f96a1a
2017-10-26 17:52:11 +01:00
76b1bdf7de
Bug 1408497 - Disallow inotify in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: nKyIvMNQAt
--HG--
extra : rebase_source : 5347e8da745d6f4a0cd4e81e76fe6b94d94eac30
2017-10-25 13:35:47 -06:00
5f10d1f416
Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp
...
MozReview-Commit-ID: 4Q0XMWcxaAc
--HG--
extra : rebase_source : 6bd36df3155fc5cdda67720e313028a68e2f0901
2017-10-25 13:08:26 -06:00
fce1017953
Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: 3svUgLLTZKL
--HG--
extra : rebase_source : 54623b48c65a1319905cab5aa520928681ec0023
2017-10-25 12:43:13 -06:00
160e1dcfe0
Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp
...
MozReview-Commit-ID: JX81xpNBMIm
--HG--
extra : rebase_source : c7334f3e0b61b4fb4e0305cc6fc5d3173d08c032
2017-10-25 16:38:20 -06:00
b8aa6b6de9
Bug 1410241 - Don't call destructors on objects we use in the SIGSYS handler. r=gcp
...
MozReview-Commit-ID: LAgORUSvDh9
--HG--
extra : rebase_source : b39836ebb7405202c60b075b30b48966ac644e71
2017-10-25 17:58:22 -06:00
aa4363afaa
Bug 1410280 - Re-allow PR_GET_NAME for sandboxed content processes. r=gcp
...
This prctl is used by PulseAudio; once bug 1394163 is resolved, allowing
it can be made conditional on the media.cubeb.sandbox pref.
MozReview-Commit-ID: 6jAM65V32vK
--HG--
extra : rebase_source : abb039aff7cefc0aa3b95f4574fdf1e3fb0d93a6
2017-10-25 11:04:34 -06:00
d10e26c913
merge mozilla-central to mozilla-inbound. r=merge a=merge
2017-10-27 00:00:25 +02:00
7c460507ae
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-10-26 11:33:02 -07:00
13bc938b90
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-10-26 11:32:58 -07:00
a173b09db6
Backed out changeset ccc0e72f2152 (bug 1403260) for hanging Mac browser-chrome in printing tests
...
MozReview-Commit-ID: IZNT5Jh8nzB
2017-10-25 23:00:17 -07:00
362316451f
Bug 1403260 - [Mac] Remove access to print server from content process sandbox r=mconley
...
MozReview-Commit-ID: Ia21je8TTIg
--HG--
extra : rebase_source : 656e9e3ac8d1fb741d46881458bb0b7fb402d688
2017-10-22 23:02:58 -07:00
23c958dc39
Backed out 2 changesets (bug 1411683) for build bustage in security/manager/ssl/tests/gtest/CertListTest.cpp. r=backout on a CLOSED TREE
...
Backed out changeset 9d579c7e46b9 (bug 1411683)
Backed out changeset 21a17ab8b0fc (bug 1411683)
2017-10-27 23:53:55 +02:00
841ee307e6
merge mozilla-central to autoland. r=merge a=merge
2017-10-27 23:32:15 +02:00
de44bcbd15
Bug 1411683 - Add foreach and segment utility methods to nsNSSCertList r=keeler
...
This adds two methods to nsNSSCertList: ForEachCertificateInChain, and
SegmentCertificateChain. The ForEach method calls a supplied function for each
certificate in the chain, one by one.
That method is then used by the Segment method, which (assuming the chain is
ordered) splits it into Root, End Entity, and everything in-between as a list of
Intermediates.
This patch does _not_ try to add these methods to the IDL, as it's not
straightforward to me on how to handle the nsCOMPtr or std::function arguments.
These methods will be first used by Bug 1409259.
MozReview-Commit-ID: 8qjwF3juLTr
--HG--
extra : rebase_source : 39e2e8530ac23c6b96eb73f406bca32a59bcccf5
2017-10-25 13:37:50 -05:00
6594c2801b
Bug 1411683 - Add "requirements.txt" for pycert.py r=keeler
...
There are specific versions needed for security/manager/ssl/tests/unit/pycert.py,
so let's give PIP some installation help:
0.1.7 for pyasn1 and 0.0.5 for pyasn1_modules
(recent versions break pycert/pykey/pycms)
MozReview-Commit-ID: Fk98UPd8bJo
--HG--
extra : rebase_source : 79436d4e99cda1dca438015835fdfa83a78c4dc7
2017-10-25 16:03:58 -05:00
443416f881
Merge mozilla-central to autoland. r=merge a=merge
2017-10-26 00:39:55 +02:00
f9617fb9bd
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-10-25 11:22:54 -07:00
769ad2d454
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-10-25 11:22:50 -07:00
c86173526a
Bug 1403346 - Replace all uses of ALLOW_COMPILER_WARNINGS with a template, remove ALLOW_COMPILER_WARNINGS. r=glandium
...
MozReview-Commit-ID: 1G2o4fy74cf
2017-10-25 15:12:09 -07:00
83ca10065e
bug 1180826 - add support for sha256 digests in add-on signature manifests r=dveditz,jcj
...
MozReview-Commit-ID: HTlm6esgPUx
--HG--
extra : rebase_source : 50f082dea0b2afb1e9099fb94364863a4d85543b
2017-10-09 13:53:23 -07:00
ec610d5b7e
Bug 1409329 - NS_NewBufferedOutputStream should take the ownership of the outputStream, r=smaug
2017-10-24 14:38:23 +02:00
af53b8aad8
merge mozilla-central to autoland. r=merge a=merge
2017-10-23 23:52:54 +02:00
0021c0caf6
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 4FPQxtXkXoF
2017-10-23 23:48:36 +02:00
9224f75aad
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-10-23 11:21:33 -07:00
8322ac2945
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-10-23 11:21:30 -07:00
6a17c316ba
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-10-22 11:23:23 -07:00
eabd4bce16
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-10-22 11:23:19 -07:00
3f2fe4b3fa
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2017-10-22 11:10:23 -07:00
cc6a84456b
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2017-10-22 11:10:20 -07:00
fc5faa6d80
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: DmqQMMkwBYJ
2017-10-22 11:33:04 +02:00
198fe54503
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-10-21 11:24:10 -07:00
3aeaefef0b
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-10-21 11:24:06 -07:00
7f7b3b43f6
No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update
2017-10-20 22:50:42 -07:00
a84b3aab6c
No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update
2017-10-20 22:50:38 -07:00
7e9a8a9bc9
merge mozilla-central to autoland. r=merge a=merge
2017-10-21 11:00:23 +02:00
3961574fa2
bug 1381154 - remove smartcard monitoring threads r=jcj,mgoodwin
...
Modified from bug 1248818 comment 11:
Before this patch, if a user had a smart card (PKCS#11 device) with removable
slots, Firefox would launch a thread for each module and loop, calling
SECMOD_WaitForAnyTokenEvent to be alerted to any insertions/removals. At
shutdown, we would call SECMOD_CancelWait, which would cancel any waiting
threads. However, since that involved calling 3rd party code, we really had no
idea if these modules were behaving correctly (and, indeed, they often weren't,
judging by the shutdown crashes we were getting).
The real solution is to stop relying on PKCS#11, but since that's unlikely in
the near future, the next best thing would be to load these modules in a child
process. That way, misbehaving modules don't cause Firefox to hang/crash/etc.
That's a lot of engineering work, though, so what this patch does is avoids the
issue by never calling SECMOD_WaitForAnyTokenEvent (and thus we never have to
call SECMOD_CancelWait, etc.). Instead, every time Firefox performs an operation
that may be affected by a newly added or removed smart card, it first has NSS
refresh its view of any removable slots. This is similar to how we ensure the
loadable roots module has been loaded (see bug 1372656).
MozReview-Commit-ID: JpmLdV7Vvor
--HG--
extra : rebase_source : d3503d19fa9297106d661a017a38c30969fa39b4
2017-09-28 14:27:21 -07:00
dbd92543c6
Bug 1313150 - Remove |weak| parameter from nsIMutableArray methods. r=froydnj
...
MozReview-Commit-ID: 7JoD4VYzZp3
--HG--
extra : rebase_source : 5db437f1c34608aa223916874d62b48c59baeae8
2017-10-21 23:53:02 +09:00
387fbfc8b6
Bug 1406736 Match MinGW's macro so we declare gmtime_r under MinGW too r=froydnj
...
MozReview-Commit-ID: 2U2ToeyVUUt
--HG--
extra : rebase_source : a4ebd43f4529cc6b815f5bb849021a994dda959f
2017-10-09 00:18:19 -05:00
2592ce224a
merge mozilla-central to autoland. r=merge a=merge
2017-10-20 11:45:03 +02:00
bc6dddb88b
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: BY4c5BIOF81
2017-10-20 11:37:54 +02:00
dec4e39e21
No bug, Automated HPKP preload list update from host bld-linux64-spot-326 - a=hpkp-update
2017-10-19 22:45:36 -07:00
e46be631b4
No bug, Automated HSTS preload list update from host bld-linux64-spot-326 - a=hsts-update
2017-10-19 22:45:32 -07:00
1c4da216e0
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-10-19 10:44:01 -07:00
e93bac77bf
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-10-19 10:43:57 -07:00
bf793df477
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: HasKw28SN45
2017-10-19 11:26:22 +02:00
161b9f45ac
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-10-18 23:02:08 -07:00
9e31463fe9
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-10-18 23:02:04 -07:00
cb612851ed
Merge inbound to m-c. a=merge
2017-10-18 21:01:34 -04:00
3e8ed7e2b5
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: D8YSuNsBw9o
2017-10-19 00:04:37 +02:00
d0448c9700
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-10-18 10:44:21 -07:00
e71bbf3687
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-10-18 10:44:17 -07:00
73dd633569
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: JvxL3r663v
2017-10-18 11:42:41 +02:00
ef0a21cfb7
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-10-17 22:48:33 -07:00
618a00c142
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-10-17 22:48:30 -07:00
78030c0e7b
Bug 1409598 - Change nsIXPCScriptable::className and nsIClassInfo::{contractID,classDescription} from string to AUTF8String. r=froydnj.
...
This lets us replace moz_xstrdup() of string literals with AssignLiteral(),
among other improvements.
--HG--
extra : rebase_source : 9994d8ccb4f196cf63564b0dac2ae6c4370defb4
2017-10-18 13:17:26 +11:00
dca019c94b
No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update
2017-10-17 10:44:24 -07:00
64dcdb175e
No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update
2017-10-17 10:44:21 -07:00
32f7c8fec3
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 1h3kZyrtqSt
2017-10-17 11:45:16 +02:00
af89102d41
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: JRsSap6SwOZ
2017-10-17 11:42:24 +02:00
0498069c9a
No bug, Automated HPKP preload list update from host bld-linux64-spot-315 - a=hpkp-update
2017-10-16 23:06:00 -07:00
962f3aa143
No bug, Automated HSTS preload list update from host bld-linux64-spot-315 - a=hsts-update
2017-10-16 23:05:56 -07:00
e5bbda30b9
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-10-15 22:50:12 -07:00
28ef948b68
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-10-15 22:50:09 -07:00
40b456626e
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-10-15 10:33:36 -07:00
93cacab1f5
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-10-15 10:33:33 -07:00
39f4a652d1
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-10-14 22:59:04 -07:00
0c0219f6c4
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-10-14 22:59:01 -07:00
01970ed92d
No bug, Automated HPKP preload list update from host bld-linux64-spot-327 - a=hpkp-update
2017-10-14 10:38:55 -07:00
957ff16de8
No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update
2017-10-14 10:38:51 -07:00
b864294e1e
No bug, Automated HPKP preload list update from host bld-linux64-spot-329 - a=hpkp-update
2017-10-13 23:34:33 -07:00
36c79a8634
No bug, Automated HSTS preload list update from host bld-linux64-spot-329 - a=hsts-update
2017-10-13 23:34:30 -07:00
24583b9443
merge mozilla-central to autoland. r=merge a=merge
2017-10-20 01:08:09 +02:00
471e3a93c9
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2017-10-13 10:47:02 -07:00
c478ef3218
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2017-10-13 10:46:59 -07:00
138ee08992
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-10-13 00:02:05 -07:00
15e460fc58
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-10-13 00:02:01 -07:00
5c00b8540d
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: AlcL6XYDkf
2017-10-12 23:58:31 +02:00
ef0d419a79
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-10-12 10:52:26 -07:00
ee7b9d0f42
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-10-12 10:52:23 -07:00
e22c8fc5ef
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: JX8NRn7MQY4
2017-10-12 11:34:05 +02:00
32465a09d0
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-10-11 23:23:04 -07:00
5459aabb52
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-10-11 23:23:00 -07:00
28e8f43756
Bug 1408821 - Allow FIONBIO ioctl from the content sandbox. r=jld
...
--HG--
extra : rebase_source : c6a1b525bc7d9207583200fd5d5059a8155b889f
2017-10-16 14:54:46 +13:00
90fa230f6d
No bug, Automated HPKP preload list update from host bld-linux64-spot-327 - a=hpkp-update
2017-10-11 11:05:07 -07:00
5793b91bb2
No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update
2017-10-11 11:05:03 -07:00
6ecc0e0e1a
Bug 1401594 - land NSS 4bf658832d89 UPGRADE_NSS_RELEASE, r=me
2017-10-12 15:34:02 +02:00
e8c853cf32
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-10-10 22:59:38 -07:00
426bb81282
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-10-10 22:59:34 -07:00
01cd7f3d0f
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: GbmY183Epi2
2017-10-10 23:56:11 +02:00
c8b9469182
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-10-10 10:45:25 -07:00
4d59676f4f
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-10-10 10:45:22 -07:00
678b6b5093
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-10-09 22:53:39 -07:00
c5ca0896eb
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-10-09 22:53:35 -07:00
c2d6023454
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 36L7JL73CzG
2017-10-09 23:52:04 +02:00
c623cb074c
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 63rZAVDkxDT
2017-10-09 23:46:29 +02:00
b53e29293c
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-10-09 10:45:59 -07:00
50ebdd5c44
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-10-09 10:45:55 -07:00
f7efb5fc2c
Merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE
2017-10-12 12:03:15 +02:00
17a6cb2cbf
Bug 1407766 - Remove symantec dlls from the content process dll blocklist due to process startup issues associated with symantec av products. r=bobowen
...
MozReview-Commit-ID: JMOIptO2y7F
2017-10-11 18:00:18 -05:00
aa78440a09
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: EE6DcCgHufi
2017-10-09 11:19:20 +02:00
6c0975fc33
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-10-08 22:51:19 -07:00
f804ab0aa0
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-10-08 22:51:15 -07:00
7e3b55bb22
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-10-07 23:08:04 -07:00
d51cd0971c
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-10-07 23:08:00 -07:00
aa721cc82a
No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update
2017-10-07 10:39:48 -07:00
c48db0de1a
No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update
2017-10-07 10:39:44 -07:00
8a68e6fb83
Bug 1403868 (part 4) - Reduce tools/profiler/public/*.h to almost nothing in non-MOZ_GECKO_PROFILER builds. r=mstange.
...
Currently the Gecko Profiler defines a moderate amount of stuff when
MOZ_GECKO_PROFILER is undefined. It also #includes various headers, including
JS ones. This is making it difficult to separate Gecko's media stack for
inclusion in Servo.
This patch greatly simplifies how things are exposed. The starting point is:
- GeckoProfiler.h can be #included unconditionally;
- everything else from the profiler must be guarded by MOZ_GECKO_PROFILER.
In practice this introduces way too many #ifdefs, so the patch loosens it by
adding no-op macros for a number of the most common operations.
The net result is that #ifdefs and macros are used a bit more, but almost
nothing is exposed in non-MOZ_GECKO_PROFILER builds (including
ProfilerMarkerPayload.h and GeckoProfiler.h), and understanding what is exposed
is much simpler than before.
Note also that in BHR, ThreadStackHelper is now entirely absent in
non-MOZ_GECKO_PROFILER builds.
2017-10-04 09:11:18 +11:00
5f608d08d6
bug 1404824 - reconcile inconsistent TLS version range settings by erring on the conservative side r=mayhemer
...
Before this patch, if a user set their TLS version range preferences to only
allow TLS 1.3, any connections made with the BE_CONSERVATIVE flag or via the
telemetry studies flags would fail because we would attempt to set an
inconsistent TLS version range (the minimum was greater than the maximum). This
fixes that by setting the minimum to the flag-configured maximum. This
intentionally overrides the user's preferences because it is in the context of
browser-critical services (i.e. update servers) or telemetry studies.
MozReview-Commit-ID: 1kKE5nOVQz8
--HG--
extra : rebase_source : 047aa03f401d75aba3f6c5f4c572d2cc451a329e
2017-10-03 14:51:57 -07:00
c24fb615fa
bug 1404824 - fix error-handling case of plaintext-layer popping in nsNSSSocketInfo r=mayhemer
...
The PRFileDesc* returned by PR_PopIOLayer must be used rather than a preexisting
pointer to the layer in question.
MozReview-Commit-ID: 8PsCA5npaj6
--HG--
extra : rebase_source : 7488d70ffd428b103ae51d1ebcf15745acd9bf12
2017-10-03 14:29:31 -07:00
ff9470afb1
Bug 1406068: Expand the list of DLLs that are suspected of causing a crash in ImageBridgeChild::InitForContent. r=jimm
...
I think that trying to slice this up by feature is just going to lead to complications down the line,
so to keep it simple I've moved this to the launch code for all sandboxed children, not just when the
Alternate Desktop is enabled.
This also, similar to chromium, only adds them to the blocklist if they are loaded in the parent.
2017-10-10 10:42:22 +01:00
4a767c7e6e
Bug 1404198: Part 2j - Switch to NS_NewTimer* everywhere else. r=njn
...
MozReview-Commit-ID: LmGIgfmNSmk
--HG--
extra : rebase_source : bf34e852beb0c8f6eafd09184c2e0cda95f95f83
2017-09-24 19:57:48 -07:00
900dd77859
Bug 1404421 - Add an empty slot to the test PKCS#11 module r=keeler
...
It is helpful to have a slot which never has a token, so that the
absense of a token can be asserted in unit tests.
Add a third token that is always empty, and update a number of unit
tests to check for it.
MozReview-Commit-ID: 4apvRRhZJus
--HG--
extra : rebase_source : cd3bb819bcf66c769f36a428ed26ea8fa6c68a26
2017-10-01 12:10:20 +02:00
3709f8d1e4
Bug 1406233 - Include sys/sysmacros.h for major()/minor() macros in Linux sandbox broker. r=gcp
...
MozReview-Commit-ID: G1D4yxLAAqg
--HG--
extra : rebase_source : 2b13a20e324a3160ce393f7eb7913d78cc274419
2017-10-05 18:10:49 -06:00
860bc842e2
Bug 1405891 - Block tty-related ioctl()s in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: KiBfibjLSfK
--HG--
extra : rebase_source : e0cdbb5026c03d2b5a12fb49161aee392efb4189
2017-10-05 19:53:31 -06:00
90adeb05d8
Bug 1404919 - Whitelist Extensis Suitcase Fusion fontvaults and /System/Library/Fonts. r=Alex_Gaynor
...
MozReview-Commit-ID: 5UaqiHBKd90
--HG--
extra : rebase_source : 3497f97815d57e9e3fa0cc13482af5d0d81cfd87
2017-10-12 18:29:42 -07:00
6bbfc835f0
bug 1406396 - work around NSS utils potentially loading spurious root cert modules r=mgoodwin
...
NSS command-line utilities may add a built-in root certificate module with the
name "Root Certs" if run on a profile that has a copy of the module file (which
is an unexpected configuration in general for Firefox). This can cause breakage.
To work around this, PSM now simply deletes any module named "Root Certs" at
startup. In an effort to prevent PSM from deleting unrelated modules
coincidentally named "Root Certs", we also prevent the user from using the
Firefox UI to name modules "Root Certs".
MozReview-Commit-ID: ABja3wpShO9
--HG--
extra : rebase_source : cfc62fb3fabf491a72f009601f3ec6973244642e
2017-10-13 11:27:30 -07:00
2a15781174
Bug 1369561 - Address misc. SnprintfLiteral correctness nits. r=jld, r=froydnj
2017-09-15 14:47:54 -07:00
4438ffeabf
Bug 1406486 - provide nsClientAuthRememberEntry/nsCertOverrideEntry with move constructors; r=keeler
...
Move constructors are more appropriate for these classes, since the
underlying hashtable code will be moving them around, not copying them.
We can take this opportunity to fix a bug in nsClientAuthRememberEntry:
it wasn't transferring the value of mEntryKey, which would have been
disastrous if the underlying hash table was ever resized.
2017-10-09 10:39:38 -04:00
0dcd727f08
Merge m-c to autoland. a=merge
2017-10-11 17:55:13 -04:00
a9b7865141
Bug 1316153 - Remove base::ChildPrivileges from IPC. r=billm,bobowen
...
ChildPrivileges is a leftover from the B2G process model; it's now
mostly unused, except for the Windows sandbox using it to carry whether
a content process has file:/// access.
In general, when sandboxing needs to interact with process launch, the
inputs are some subset of: the GeckoProcessType, the subtype if content,
various prefs and even GPU configuration; and the resulting launch
adjustments are platform-specific. And on some platforms (e.g., OS X)
it's all done after launch. So a simple enum used cross-platform isn't
a good fit.
MozReview-Commit-ID: K31OHOpJzla
--HG--
extra : rebase_source : 3928b44eb86cd076bcac7897536590555237b76b
2017-09-08 16:16:50 -06:00
701ee70a22
Bug 1406687 Pass return values from fwrite to Unused to silence the warn-unused-result warning r=njn
...
MozReview-Commit-ID: 4v6tPF5aMz7
--HG--
extra : rebase_source : fe434db73a8da686391462c12b91648348abcdc9
2017-10-09 15:01:48 -05:00
57b7c19650
merge mozilla-central to autoland. r=merge a=merge
2017-10-11 11:51:32 +02:00
433feb3f7e
Bug 1387837 - Add library paths from /etc/ld.so.conf to broker read access policy. r=jld
...
MozReview-Commit-ID: S5vq6suTU4
--HG--
extra : rebase_source : b82f3ff902ca6e4929a8458aa952f409e30356b5
2017-10-06 12:35:35 +02:00
21244bc461
Bug 1305396 - Replace memmove with std::copy_backward in a file that doesn't include cstring explicitly. r=keeler
2017-10-16 20:03:54 +02:00
d01c97d43a
Bug 1392852 - Disable EV treatment for old StartCom root certificates r=keeler
...
Per the root program's request, this patch removes EV treatment for three
StartCom roots:
1) CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: C7:66:A9:BE:F2:D4:07:1C:86:3A:31:AA:49:20:E8:13:B2:D1:98:60:8C:B7:B7:CF:E2:11:43:B8:36:DF:09:EA
2) CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: E1:78:90:EE:09:A3:FB:F4:F4:8B:9C:41:4A:17:D6:37:B7:A5:06:47:E9:BC:75:23:22:72:7F:CC:17:42:A9:11
3) CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: C7:BA:65:67:DE:93:A7:98:AE:1F:AA:79:1E:71:2D:37:8F:AE:1F:93:C4:39:7F:EA:44:1B:B7:CB:E6:FD:59:95
MozReview-Commit-ID: COOu1zvoNWG
--HG--
extra : rebase_source : 68ce6ebd850f3a796bb52e71d05b02b8d860c9f7
2017-10-16 16:14:06 -07:00
11a9b47490
Bug 1387261 - Remove EV treatment for WoSign roots r=keeler
...
Per the root program's request, this patch removes EV treatment for four WoSign
roots:
Common Name: CA 沃通根证书
SHA-256 Fingerprint: D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54
Common Name: Certification Authority of WoSign
SHA-256 Fingerprint: 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08
Common Name: Certification Authority of WoSign G2
SHA-256 Fingerprint: D4:87:A5:6F:83:B0:74:82:E8:5E:96:33:94:C1:EC:C2:C9:E5:1D:09:03:EE:94:6B:02:C3:01:58:1E:D9:9E:16
Common Name: CA WoSign ECC Root
SHA-256 Fingerprint: 8B:45:DA:1C:06:F7:91:EB:0C:AB:F2:6B:E5:88:F5:FB:23:16:5C:2E:61:4B:F8:85:56:2D:0D:CE:50:B2:9B:02
MozReview-Commit-ID: Bxp9LgvxCsp
--HG--
extra : rebase_source : 065d98cc654d3fb22c17ea185253ce917b48e270
2017-10-16 16:08:56 -07:00
9d77bd9d20
Bug 1393805 - Part 5 - Test that the system extensions dev dir is readable from content. r=bobowen
...
MozReview-Commit-ID: 7YN7S7R39CU
--HG--
extra : rebase_source : 092f1046a3f6b44c807f7632275615a6bdd674dd
2017-09-27 16:01:57 -07:00
1e86039b0d
Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp
...
MozReview-Commit-ID: 2eTx1eM1fCM
--HG--
extra : rebase_source : c9c40b552b65a36b1ddb94e31ab04d84571e8d87
2017-10-04 10:50:48 -07:00
35249752a0
Bug 1393805 - Part 3 - Add Windows whitelisted directory for system extensions development. r=bobowen
...
MozReview-Commit-ID: 8K5c3mUlqna
--HG--
extra : rebase_source : 0f5a47e8504a38939a1c34a4bc4073bcdc1545d3
2017-10-02 15:17:15 -07:00
c0bfbc91e0
Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r=Alex_Gaynor
...
MozReview-Commit-ID: ADkcqFAsKaY
--HG--
extra : rebase_source : 02db543e05109e764228862ef5c760a0132eb4c2
2017-10-05 16:06:36 -07:00
4de6bf22b1
Bug 1411368 - Automatically fix no-multi-spaces issues raised when using ESLint 4. r=mossop
...
MozReview-Commit-ID: H5YVp3rnzGo
--HG--
extra : rebase_source : 5b45b6c0df834131812d094e975047eaad374e06
2017-10-26 11:47:01 +01:00
ee63f2e30a
Backed out changeset 0317bcff40bc (bug 1406687) for build bustage at testing/gtest/gtest/src/gtest.cc:3871: 'Unused' was not declared in this scope. r=backout
2017-10-09 18:52:39 +02:00
22d2cdf063
Bug 1406687 Pass return values from fwrite to Unused to silence the warn-unused-result warning r=njn
...
MozReview-Commit-ID: 4v6tPF5aMz7
--HG--
extra : rebase_source : c54b129c6815096035e262322f40aa0884b1ae56
2017-10-09 00:26:16 -05:00
e0ca72f574
Bug 1406845 - AddMesaSysfsPaths: Resource leak on dir r=gcp
...
MozReview-Commit-ID: 3ul84cttRAF
--HG--
extra : rebase_source : 6d5306ef859f2db6101c08fb6aad405ffce30696
2017-10-09 09:29:29 +02:00
9bac6e88bd
Bug 1328896 - Restrict fcntl() in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: BDBTwlT82mf
--HG--
extra : rebase_source : 9036abfb23768e7b17181fbc680692468d66ccd0
2017-07-24 17:33:07 -06:00
14bdb29dc1
bug 1407081 - rework signed app tests for flexibility with upcoming hash algorithm changes r=Cykesiopka,jcj
...
MozReview-Commit-ID: 6HnJPrG7GfK
--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py => security/manager/ssl/tests/unit/sign_app.py
rename : dom/manifest/test/blue-150.png => security/manager/ssl/tests/unit/test_signed_apps/app/data/image.png
rename : security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip => security/manager/ssl/tests/unit/test_signed_apps/signed_app.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip => security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip => security/manager/ssl/tests/unit/test_signed_apps/unsigned_app.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der => security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.der
extra : rebase_source : eacc6ec67b282c93e86254693f48c8bdf6f55816
2017-10-10 16:55:09 -07:00
65f33e8410
bug 1257362 - remove the code-signing usage from certverifier as nothing uses it r=Cykesiopka
...
MozReview-Commit-ID: 6nWy8k6fMvw
--HG--
extra : rebase_source : fa9f78d39b89bfd3416a7a869bf6436d19ac74bc
2017-10-02 16:24:38 -07:00
6dc323cfe9
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: Dxbv9TjDlDY
2017-10-04 16:47:41 -07:00
d8985b6e57
Merge inbound to central, a=merge
...
MozReview-Commit-ID: IUFdbLdYFhX
2017-10-04 16:37:59 -07:00
960beae3a6
Merge autoland to central, a=merge
...
MozReview-Commit-ID: 5q3B4i0wpSI
2017-10-04 14:57:59 -07:00
278e956997
No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update
2017-10-04 10:43:24 -07:00
9e73581c10
No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update
2017-10-04 10:43:20 -07:00
7b3327cb2e
Merge autoland to central, a=merge
...
MozReview-Commit-ID: 4jAMhgCDoPO
2017-10-03 13:25:44 -07:00
6068998290
No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update
2017-10-03 10:57:31 -07:00
fb3d97bc0b
No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update
2017-10-03 10:57:27 -07:00
535c9e8dc3
Bug 1380674 - remove the ability to create directories in the content temp directory on macOS; r=haik
...
MozReview-Commit-ID: 8SDcDTqp2F5
--HG--
extra : rebase_source : e8094606e5a302db41f7d7fd22656b7e8697d549
2017-10-03 09:49:44 -04:00
508993b411
Backed out changeset ee6479d783a6 (bug 1257362) for sometimes failing security/manager/ssl/tests/mochitest/browser/browser_certViewer.js, at least on Linux x64 debug. r=backout on a CLOSED TREE
2017-10-05 00:36:02 +02:00
6c211079d0
Backed out changeset 8198bc4c7e3c (bug 1393805)
2017-10-05 00:20:11 +02:00
d60d5571f3
Backed out changeset 45695eda1c1c (bug 1393805)
2017-10-05 00:20:06 +02:00
072e34c960
Backed out changeset 1ba3220d84fa (bug 1393805)
2017-10-05 00:20:00 +02:00
e8b4c9dc97
Backed out changeset 4fe99f70e199 (bug 1393805)
2017-10-05 00:19:55 +02:00
fcb5ab8367
bug 1257362 - remove the code-signing usage from certverifier as nothing uses it r=Cykesiopka
...
MozReview-Commit-ID: 6nWy8k6fMvw
--HG--
extra : rebase_source : 47a708ecc729c1b25a2a0382001ebd53716cd395
2017-10-02 16:24:38 -07:00
2d9f082720
Bug 1401594 - "Upgrade Firefox 58 to use NSS 3.34" r=franziskus
...
MozReview-Commit-ID: 2ExI2oh0bPY
--HG--
extra : rebase_source : aa820344a3bbe16bb87186dddd0e8585d54981ae
2017-09-20 08:17:00 +02:00
a4d3f610eb
Bug 1401594 - land NSS 6fb9c5396d52 UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: 8NmVvC1r7uS
--HG--
extra : rebase_source : a14736e0191c18ffd63b3268b5cefd6e33cccc60
2017-10-04 10:42:25 +02:00
83fd890d27
Merge m-c to autoland, a=merge CLOSED TREE
...
MozReview-Commit-ID: HeJwJwwTzhQ
2017-10-02 16:26:42 -07:00
382a7d90d6
Merge inbound to central, a=merge
...
MozReview-Commit-ID: CvJ9hmTQBcR
2017-10-02 16:22:37 -07:00
55fe1fc9f2
Merge autoland to central, a=merge
...
MozReview-Commit-ID: 4ygim4sQ5zd
2017-10-02 16:02:42 -07:00
fbd250c41f
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-10-02 10:46:46 -07:00
00090bf720
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-10-02 10:46:43 -07:00
ecafa414e2
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-10-01 10:58:36 -07:00
4e45118331
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-10-01 10:58:32 -07:00
55e6971a70
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 3D21HjGG3i4
2017-10-01 00:59:41 +02:00
97263882e6
No bug, Automated HPKP preload list update from host bld-linux64-spot-326 - a=hpkp-update
2017-09-30 11:03:15 -07:00
7dfb61f787
No bug, Automated HSTS preload list update from host bld-linux64-spot-326 - a=hsts-update
2017-09-30 11:03:11 -07:00
4ebb238032
Bug 1384804 - Allow reading /proc/self/status for libnuma. r=jld
...
MozReview-Commit-ID: LLwmPVtj0PE
--HG--
extra : rebase_source : 13d3a0cfce2ffc05280ce80d5d84e37b48f242e9
extra : histedit_source : e4e63c8a90c7b7ef16078d6ad9228b685e681c7e
2017-09-28 16:19:02 +02:00
eb9a2ed0f2
Merge inbound to central, a=merge
...
MozReview-Commit-ID: IqwKWn7ceHC
2017-09-29 14:47:25 -07:00
1b5b528b2e
Merge autoland to central, a=merge
...
MozReview-Commit-ID: LJgJXsmBQcx
2017-09-29 14:45:37 -07:00
f2b181af94
No bug, Automated HPKP preload list update from host bld-linux64-spot-327 - a=hpkp-update
2017-09-29 10:33:54 -07:00
00f17ea93c
No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update
2017-09-29 10:33:50 -07:00
5253bb7207
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 2gWLO0vz64b
2017-09-29 13:30:42 +02:00
d755224ded
Bug 1403567 - Remove unused access to AppleGraphicsPolicyClient iokit from content process; r=haik
...
MozReview-Commit-ID: 9yTMgo2FNKm
--HG--
extra : rebase_source : 72cc3a295d8823460aae21ebe149ece2df69d087
2017-09-26 13:05:18 -04:00
d1aef777b6
Bug 1404426 - Simplify the macOS content sandbox policy; r=haik
...
This does two things:
1) Move the level 3 rules to always be applicable, and simplifies level 2 accordingly
2) Consistently uses the raw string literal syntax for regexes
MozReview-Commit-ID: 6iwjOvRVMM7
--HG--
extra : rebase_source : 3ac59219ad0793a98bdb203fb3d247561216a560
2017-09-29 13:13:49 -04:00
d26e95be10
bug 1257403 - don't bother verifying CA or email certificates when importing r=Cykesiopka
...
Incidentally, this means we can remove certificateUsageVerifyCA and
certificateUsageStatusResponder from CertVerifier, since we no longer use them.
MozReview-Commit-ID: Bbqn8fShfTm
--HG--
extra : rebase_source : 012cb08dcbe33fe889c9f6824959b1a02cd0bdc7
2017-09-22 15:42:20 -07:00
5e8bacff75
merge mozilla-central to mozilla-inbound. r=merge a=merge
2017-09-29 13:32:19 +02:00
47d3b3ac0b
Bug 730495, guarantee that sqlite3_config is called before any other SQLite function, r=asuth, r=froydnj, r=mak
2017-09-29 13:25:06 +02:00
134e495909
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: 6RdWW73Lc0A
2017-09-28 17:16:12 -07:00
f39cc5cc25
Bug 1401756 - [Mac] Remove unneeded mach-lookups from plugin sandbox rules. r=Alex_Gaynor
...
MozReview-Commit-ID: JsgBzNJC4zF
--HG--
extra : rebase_source : deffeff5e6d39318c55bf3d487071139abaf3c92
2017-09-20 14:05:27 -07:00
414270b14a
Bug 1403669 - [Mac] Per-user and system extensions dir regexes only work for 1-character subdirectory names. r=Alex_Gaynor
...
MozReview-Commit-ID: L9vNruzMEez
--HG--
extra : rebase_source : 8530cbf1baef919a5a379564d190fb08674aa28d
2017-09-27 11:48:39 -07:00
29d5db60ba
Bug 1403707 - Change content sandbox job level to JOB_LOCKDOWN. r=bobowen
...
Changing definition of Windows content sandbox level 4 (the current Nightly default) to increase the job level from JOB_RESTRICTED to JOB_LOCKDOWN.
2017-09-27 13:36:06 -07:00
9a88df4221
Bug 1393805 - Part 5 - Test that the system extensions dev dir is readable from content. r=bobowen
...
MozReview-Commit-ID: 7YN7S7R39CU
--HG--
extra : rebase_source : 01e3fe0acb051723219d9d5de5b1fd19d9751c34
2017-09-27 16:01:57 -07:00
e1dd4bac03
Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp
...
MozReview-Commit-ID: 2eTx1eM1fCM
--HG--
extra : rebase_source : 25cff10f2887795ce954b5fbca74df41fefa5c3e
2017-10-04 10:50:48 -07:00
213bec3e84
Bug 1393805 - Part 3 - Add Windows whitelisted directory for system extensions development. r=bobowen
...
MozReview-Commit-ID: 8K5c3mUlqna
--HG--
extra : rebase_source : 33b71d3ab20c0fdf24bcee39d4395757031213be
2017-10-02 15:17:15 -07:00
165980edfa
Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r=Alex_Gaynor
...
MozReview-Commit-ID: ADkcqFAsKaY
--HG--
extra : rebase_source : 492194ea7914d6f09b349f95b3eeea0bd003256a
2017-09-27 13:27:39 -07:00
ae5c1fb5c6
Bug 1401666 - Adjust sandbox policy to allow Mesa 12 to use libudev for device identification. r=gcp
...
MozReview-Commit-ID: JRRI9nd83TP
--HG--
extra : rebase_source : 3c5e3edd6606f33468120100f2a63533f1757935
2017-10-03 20:35:28 -06:00
9e6798ac00
Bug 1402012 - Update buildconfig.py to use PartialConfigEnvironment; r=glandium
...
By using the PartialConfigEnvironment, the clients of buildconfig will
depend on config.statusd/ files instead of config.status directly.
Clients can access substs and defines using buildconfig.substs['FOO'] or
buildconfig.defines['BAR'], and then collect file-level dependencies for
make using buildconfig.get_dependencies(). All GENERATED_FILES rules
already make use of this because file_generate.py automatically includes
these dependencies (along with all python modules loaded).
As a result of this commit, re-running configure will no longer cause
the world to be rebuilt. Although config.status is updated, no build
steps use config.status directly and instead depend on values in
config.statusd/, which are written with FileAvoidWrite. Since those
files are not official targets according to the make backend, make won't
try to continually rebuild the backend when those files are out of date.
And since they are FileAvoidWrite, make will only re-run dependent steps
if the actual configure value has changed.
As a result of using JSON to load data from the config.statusd
directory, substs can be unicode (instead of a bare string type).
generate_certdata.py converts the subst manually to a string so the
value can be exported to the environment without issue on Windows.
Additionally, patching the buildconfig.substs dict no longer works, so
the unit-symbolstore.py test was modified to patch the underlying
buildconfig.substs._dict instead.
The other files that needed to be modified make use of all the defines
for the preprocessor. Those that are used during 'mach build' now use
buildconfig.defines['ALLDEFINES'], which maps to a special
FileAvoidWrite file generated for the PartialConfigEnvironment.
MozReview-Commit-ID: 2pJ4s3TVeS8
--HG--
extra : rebase_source : d6bb0208483f9f043e7be1b36907ca13243985f8
2017-08-24 22:52:01 -04:00
ae55f5a197
Bug 1359428 - Remove preference to select OneCRL update mechanism r=keeler,leplatrem,rhelmer
...
MozReview-Commit-ID: A6CwZrIDmTn
--HG--
extra : rebase_source : 41e17d29f982d23f30f48a6f85ad20fc84b018c6
2017-09-29 10:47:27 +01:00
5a95ac34b4
merge mozilla-central to autoland. r=merge a=merge
2017-09-29 11:49:46 +02:00
fa37753064
Bug 1403744 - Part 2 - Test that the per-user extensions dir is readable from content on Windows. r=bobowen
...
MozReview-Commit-ID: 7YN7S7R39CU
--HG--
extra : rebase_source : c86998b1738ee1f4d24562105acf63c20811b8a1
2017-09-29 12:44:22 -07:00
d54db04ac2
Bug 1403744 - Part 1 - Whitelist the per-user extensions dir XRE_USER_SYS_EXTENSION_DIR on Windows. r=bobowen
...
MozReview-Commit-ID: 8K5c3mUlqna
--HG--
extra : rebase_source : 00f91b3e1112766731119c1cbe14a08387202f60
2017-09-27 16:14:30 -07:00
86123e3d8d
Bug 1405511 - Re-enable 3DES on nightly builds r=keeler
...
In bug 1386754 we disabled 3DES after determining that it had a similar-ish
usage level as RC4. We gathered compatibility reports and telemetry for the last
two months and see that while 3DES usage is fairly low, it is the only
ciphersuite available for a variety of websites, including many government
systems.
3DES, while legacy, is not known to be insecure. Therefore, we're going to call
this experiment complete, use the collected WebCompat issues from Bug 1386908
for future reference, and re-enable 3DES.
MozReview-Commit-ID: 3lY1zHLNO9l
--HG--
extra : rebase_source : ecb51c6dbc6862991083b1f46920d86d7480582f
2017-10-03 16:25:36 -07:00
fea24c0daf
merge mozilla-central to autoland. r=merge a=merge
...
--HG--
extra : rebase_source : 819bdfcc5e3f50cb5a3d8d76ce1f88ceeb0dd5a9
2017-10-17 23:54:52 +02:00
56adac5efc
bug 783994 - use the sqlite-backed certificate and key DBs r=jcj
...
MozReview-Commit-ID: 2K8JVGc0mAj
--HG--
rename : security/manager/ssl/tests/unit/test_sdr_preexisting.js => security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
extra : rebase_source : e9d3a7470dfdad3ea43b788e5eda0eb7a93e5cd0
2017-09-22 14:34:20 -07:00
fe45ae3748
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-08 00:08:26 +02:00
67fd50d803
bug 1410546 - Disable EV treatment for "Security Communication EV RootCA1" root certificate r=mgoodwin
...
MozReview-Commit-ID: 7sERUm9gaQX
--HG--
extra : rebase_source : 9ec46921974dd9fce19fa4a3308804dfdc8c731d
2017-11-02 13:19:04 -07:00
f54c1723be
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-09-27 10:38:25 -07:00
3a16ce743e
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-09-27 10:38:22 -07:00
9d9610f6a3
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: Kjjgw1Pdb3U
2017-09-26 17:15:46 -07:00
22a72df7fe
Merge inbound to m-c a=merge
...
MozReview-Commit-ID: 6viJ4wRxLa8
2017-09-26 15:54:51 -07:00
8cf423ff54
Bug 1403230: Block WRusr.dll in child processes when using Alternate Desktop. r=jimm
2017-09-26 19:23:39 +01:00
3dbb47302e
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-09-26 10:34:42 -07:00
00a87df5f6
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-09-26 10:34:38 -07:00
3a1e5b73d3
Merge autoland to central, a=merge
...
MozReview-Commit-ID: 9UQPQrkhjsZ
2017-09-25 16:25:22 -07:00
cf9c6529ef
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-09-25 10:41:00 -07:00
13d0d05c38
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-09-25 10:40:56 -07:00
c0203b7b61
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: HGJIeJkelZe
2017-09-24 23:52:35 +02:00
f6dc0e40b5
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-09-24 10:43:38 -07:00
9fb62f395f
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-09-24 10:43:34 -07:00
3d38c3ccc5
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-09-23 10:33:39 -07:00
d4542c60a8
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-09-23 10:33:35 -07:00
c92594521f
No bug, Automated HPKP preload list update from host bld-linux64-spot-360 - a=hpkp-update
2017-09-22 20:41:32 -07:00
8efdfac860
No bug, Automated HSTS preload list update from host bld-linux64-spot-360 - a=hsts-update
2017-09-22 20:41:29 -07:00
56ad02e34d
No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update
2017-09-22 10:34:18 -07:00
fce8a1a7fd
No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update
2017-09-22 10:34:14 -07:00
4c42c44c85
bug 1401796 - fix HSTS preload script to keep preexisting hosts if there was a connection error r=jcj DONTBUILD NPOTB
...
Bug 1255425
2017-09-25 11:00:21 -07:00
5698729243
Bug 870698 - Part 10: Replace Append(NS_LITERAL_STRING("")) with AppendLiteral(u""). r=erahm
...
The NS_LITERAL_STRING macro creates a temporary nsLiteralString to encapsulate the char16_t string literal and its length, but AssignLiteral() can determine the char16_t string literal's length at compile-time without nsLiteralString.
MozReview-Commit-ID: H9I6vNDMdIr
--HG--
extra : rebase_source : cf537a1f65af003c6c4f8919b925b0f305c1dd4d
extra : source : 13b89ce4e6a66c840f82a335c71f5a12938aba22
2017-09-07 18:32:54 -07:00
a0c8081df4
Bug 870698 - Part 4: Replace Equals("") with EqualsLiteral(""). r=erahm
...
MozReview-Commit-ID: G1GhyvD29WK
--HG--
extra : rebase_source : 115842c37a40041bdca7b4e1ff0a5680b02ced15
extra : source : 90bfff9c01d80086cdc17637f310e898fea295ea
2017-09-06 01:13:45 -07:00
Brindusan Cristian
ffxbld
Jonathan Kew
David Keeler
Mark Banner
Andreea Pavel
Ciure Andrei
Csoregi Natalia
Jed Davis
Alex Gaynor
Ryan VanderMeulen
Margareta Eliza Balazs
Sebastian Hengst
Kyle Machulis
Narcis Beleuzu
Bob Owen
Franziskus Kiefer
Martin Thomson
J.C. Jones
Gian-Carlo Pascutto
Attila Craciun
Mark Goodwin
Phil Ringnalda
Haik Aftandilian
Chris Manchester
Andrea Marchesini
Masatoshi Kimura
Tom Ritter
Nicholas Nethercote
Matthew Gregan
Tim Taubert
Jim Mathies
Kris Maglione
Wouter Verhelst
Nathan Froyd
Nicolas Vigier
Sylvestre Ledru
Wes Kocher
Kai Engert
Kai Engert
David Parks
Mike Shal
Chris Peterson