Граф коммитов

10556 Коммитов

Автор SHA1 Сообщение Дата
Masatoshi Kimura bdcdded91f Bug 1281084 - Enable TLS 1.3 PSK-resumption for AES-256-GCM and ChaCha20/Poly1305. r=keeler 2016-06-22 21:55:13 +09:00
Mark Goodwin d3dde26071 Bug 1280224 - Initial values for the content signature root pref are ignored. r=keeler
MozReview-Commit-ID: 9y8wsVcz0hz
2016-06-21 15:24:52 +01:00
David Keeler 540b8f3d01 bug 1278041 - skip TLS Feature checks so HPKP can be set r=mgoodwin
This is safe because TLS Feature checks have already been done when connecting
to the site in the first place.

MozReview-Commit-ID: HfbcrAv4bCJ

--HG--
extra : rebase_source : d1f22c1a4e2c8535e10bd071c937a1aac7b8e2fd
2016-06-20 16:36:36 -07:00
Kai Engert c6ce2eb18b Bug 1277255, land NSS_3_25_RC1, r=me 2016-06-20 19:17:28 +02:00
Carsten "Tomcat" Book ecdef8e6f4 merge mozilla-inbound to mozilla-central a=merge 2016-06-17 00:32:10 +01:00
Thomas Zimmermann 97a43c0b93 Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.

MozReview-Commit-ID: oKwdjzDjij
2016-06-16 08:43:51 +01:00
Thomas Zimmermann 7d6335ca2d Bug 1276927: Fix B2G sandboxing code to build with Android NDK, r=fabrice
This patch fixes an incorrect C++ namespace of STL datastructures.

MozReview-Commit-ID: FYx38sTzF4I
2016-06-16 08:43:51 +01:00
Onno Ekker f1de083a08 Bug 1279953 - Ambiguous string usage for "not encrypted page". r=dolske
--HG--
extra : rebase_source : e6ea020d8b98e9bef2e895e5312edc47d839cc2c
2016-06-13 22:14:04 +02:00
Sebastian Hengst 809cc61389 Backed out changeset a4f95658a29b (bug 1276927) 2016-06-15 12:24:14 +02:00
Sebastian Hengst bb691db120 Backed out changeset b6c190b08824 (bug 1276927) 2016-06-15 12:23:52 +02:00
Thomas Zimmermann 565a7b74dc Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.

MozReview-Commit-ID: oKwdjzDjij
2016-06-15 10:59:49 +01:00
Thomas Zimmermann 652691d85a Bug 1276927: Fix B2G sandboxing code to build with Android NDK, r=fabrice
This patch fixes an incorrect C++ namespace of STL datastructures.

MozReview-Commit-ID: FYx38sTzF4I
2016-06-15 10:59:48 +01:00
Franziskus Kiefer a394235094 Bug 1277255, land NSS_3_25_RC0, r=kaie 2016-06-13 17:31:45 +02:00
Julian Hector 14d815c27e Bug 1275920 - Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld
--HG--
extra : rebase_source : 4808d641597e40e124be0bae1e10ad37570355c9
2016-05-27 19:29:21 +02:00
Gian-Carlo Pascutto d543e16807 Bug 1273859 - Add sys_pwrite64 to seccomp whitelist for content process. r=jld
MozReview-Commit-ID: FsJ8ER9B9EY

--HG--
extra : rebase_source : a76bb584e8804a3f73abf2c821fa2d9d25997a17
2016-05-18 14:39:20 +02:00
David Keeler febcbb464f bug 1278605 - ensure that nsICertOverrideService can be implemented in JS r=Cykesiopka
MozReview-Commit-ID: KSVeraWuRPZ

--HG--
extra : rebase_source : 15f7abb08b57c8525e44f39c5e10c9cc5299dc47
2016-06-07 11:27:33 -07:00
Masatoshi Kimura dfb8d11072 Bug 1268728 - Remove ability to enable RC4. r=keeler 2016-06-07 22:17:43 +09:00
Bob Owen 5714578c95 Bug 1278528: Don't try to initialize the sandbox TargetServices when we are not sandboxed. r=jimm
MozReview-Commit-ID: EpXy9LYXwQL
2016-06-07 14:03:51 +01:00
Julian Hector d5bb492be4 Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld 2016-05-26 16:20:44 +02:00
Julian Hector 1f2003d5b1 Bug 1274873 - Part 1: Change search order for free signal r=jld 2016-05-26 16:19:28 +02:00
Carsten "Tomcat" Book efa443d4d3 Backed out changeset ae5286493f15 (bug 1274873) for frequent timeouts in browser_ManifestObtainer_obtain.js
--HG--
extra : rebase_source : 5aa2340db1e93f26feb5c3173b8af4aacdb60b31
2016-06-07 12:07:16 +02:00
Carsten "Tomcat" Book 1d324ed30a Backed out changeset 62646bfa1f95 (bug 1274873)
--HG--
extra : rebase_source : 644a5678b4f8e32e9809583cf7eb88fb0a518f31
2016-06-07 12:06:51 +02:00
Julian Hector fd5c167bdc Bug 1276470 - Add sys_statfs to seccomp whitelist. r=jld 2016-05-28 20:33:49 +02:00
Julian Hector 1b857c2f98 Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld 2016-05-26 16:20:44 +02:00
Julian Hector 1c0ad8ce67 Bug 1274873 - Part 1: Change search order for free signal r=jld 2016-05-26 16:19:28 +02:00
Haik Aftandilian 99f34a0cfe Bug 1272764 - Remove OS X 10.6-10.8-Specific Sandboxing Code (fix indentation); r=bobowen 2016-06-06 13:15:00 +02:00
Haik Aftandilian ad91978a78 Bug 1272764 - Remove OS X 10.6-10.8-Specific Sandboxing Code; r=bobowen 2016-06-06 13:15:00 +02:00
David Keeler 5e35bedf79 bug 1266563 - regenerate CA telemetry hash table r=jcj
MozReview-Commit-ID: 1NXDU2ejfzl

--HG--
extra : rebase_source : 86abe8c3009542557da524f3697414b7cee9fcb3
2016-06-03 16:12:38 -07:00
Gabor Krizsanits 6c0e1dc69f Bug 1146873 - Handling sandbox policy setup failures. r=bobowen 2016-06-06 15:13:33 +02:00
Carsten "Tomcat" Book 4aea0165dc merge mozilla-inbound to mozilla-central a=merge 2016-06-06 11:55:56 +02:00
ffxbld 989a828304 No bug, Automated HPKP preload list update from host bld-linux64-spot-384 - a=hpkp-update 2016-06-04 05:09:33 -07:00
ffxbld 237f18948d No bug, Automated HSTS preload list update from host bld-linux64-spot-384 - a=hsts-update 2016-06-04 05:09:30 -07:00
Haik Aftandilian c0be03a3bd Bug 1272772 - Inline system.sb and remove unneeded rules (removes unneeded rules); r=gcp 2016-06-01 15:40:00 +02:00
Haik Aftandilian 5b9493970f Bug 1272772 - Inline system.sb and remove unneeded rules (removes unused macros); r=gcp 2016-06-01 15:40:00 +02:00
Haik Aftandilian 3cb7c0e726 Bug 1272772 - Inline system.sb and remove unneeded rules (inline system.sb rules); r=gcp 2016-06-01 15:40:00 +02:00
Masatoshi Kimura ee23c0a77c Bug 975832 - Enable AES-256 variants of the AES-128 GCM cipher suites we have already enabled. r=keeler 2016-06-04 08:19:29 +09:00
David Keeler baead5135e bug 1277240 - don't import trust anchors in SaveIntermediateCerts r=Cykesiopka
MozReview-Commit-ID: KHwA2LJSeUS

--HG--
extra : rebase_source : e1f7a469d2dc8608adf4b0172f99d9adb192bbb5
2016-06-02 13:17:14 -07:00
Julian Hector d0f949dad4 Bug 1275786 - Add sys_listen to seccomp whitelist. r=jld
--HG--
extra : rebase_source : 7028482ca148f63e53e1fe915d0be507b5116c84
2016-05-27 16:00:50 +02:00
Julian Hector cb6d29b0b7 Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld
--HG--
extra : rebase_source : 90d403a3b21547ff7f280b2bff7746f4b8e32fe3
2016-05-27 15:58:51 +02:00
Julian Hector 5eb8b17162 Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld
--HG--
extra : rebase_source : e4761ce8c466987f54ddd41603fa626923fe0865
2016-05-27 15:56:35 +02:00
Kai Engert c50d0b99ce Bug 1277255, land NSS_3_25_BETA1, r=franziskus 2016-06-02 22:33:04 +02:00
Cykesiopka 4e54963733 Bug 1275197 - Ensure nsNSSU2FToken.cpp GetSymKeyByNickname() does not cause leaks. r=keeler
Prior to these changes, GetSymKeyByNickname() could theoretically leak. This
should not happen in practice, so the changes here just ensure that the code
doesn't cause leaks.

MozReview-Commit-ID: LWtqLmsBPV2

--HG--
extra : transplant_source : rWE%CD%D8%A7%87%3C%95%03%B5%03E%3E%06E%C7O%0D%F6
2016-06-01 22:43:37 -07:00
Jonas Sicking c706b7f059 Bug 1275714 - Changes in preparation for FlyWeb landing. Add ability to pin using a cert fingerprint, in addition to using a cert. r=dkeeler
--HG--
extra : amend_source : 41336f6eeaf5e26b91e177dd60a91ad9ed3a064c
2016-06-01 17:02:34 -04:00
Haik Aftandilian 7c418a5f4a Bug 1276420 - Widevine plugin crashing on OS X due to -stdlib=libc++ and sandboxing interaction; r=gcp 2016-06-01 12:26:04 -07:00
J.C. Jones 8524776280 Bug 1275479 - Create nsIU2FToken base interface (Part 2). r=keeler
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.

MozReview-Commit-ID: GQuu6NolF4D

--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
2016-05-27 13:44:20 -07:00
Chris Peterson 6b776e8000 Bug 1277014 - Fix -Wstring-conversion warnings in security/manager/ssl/. r=keeler
security/manager/ssl/nsNSSComponent.cpp:1694:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [31]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1333:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1341:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1349:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1357:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
2016-05-31 21:51:50 -07:00
Carsten "Tomcat" Book 76fd727737 Merge mozilla-central to mozilla-inbound 2016-05-30 15:30:55 +02:00
Carsten "Tomcat" Book 463212f69f merge mozilla-inbound to mozilla-central a=merge 2016-05-30 15:29:19 +02:00
Julian Seward 8562142079 Bug 1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 SHA1_End. r=dkeeler.
--HG--
extra : rebase_source : d8e517c891212c0b7794e7db433f6ed626c4cac5
2016-05-30 15:25:52 +02:00
ffxbld dca36f5e32 No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update 2016-05-28 05:20:15 -07:00
ffxbld 3eac728432 No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update 2016-05-28 05:20:13 -07:00
Wes Kocher 9749648a79 Merge inbound to m-c a=merge 2016-05-27 14:14:36 -07:00
Ryan VanderMeulen 687dcb9a8f Backed out changesets d3bde9a513bb and 9fd1d6aeed21 (bug 1272764) for causing startup crashing on OSX 10.9. a=me 2016-05-27 14:50:50 -04:00
Chris Peterson 11ef78ae89 Bug 1275016 - Rename Endian.h to EndianUtils.h to avoid #include confusion with Android's endian.h stdlib header. r=froydnj
--HG--
rename : mfbt/Endian.h => mfbt/EndianUtils.h
2016-05-22 13:31:11 -07:00
David Keeler 8ba29d1473 bug 1265113 - implement platform support for enterprise roots r=Cykesiopka,mhowell,rbarnes
MozReview-Commit-ID: JKxwCjoH0Oa

--HG--
extra : rebase_source : 9eaf3f1c5371e7b4b4df304bc6ce132ade5775da
2016-04-13 15:36:22 -07:00
Haik Aftandilian 0c9bf9e670 Bug 1272764 - Indentation and whitespace cleanups. r=bobowen
--HG--
extra : rebase_source : d3ac9c55cbe4924702fad32dabbc97ac921cce07
2016-05-26 00:08:00 -04:00
Haik Aftandilian 4c4557e85c Bug 1272764 - Remove OS X 10.6-10.8-specific sandboxing code. r=bobowen
--HG--
extra : rebase_source : 94630f8208b4ee1e3664e61425c083a05157e64d
2016-05-26 00:07:00 -04:00
Alexandre Lissy c6be1d0d13 Bug 1274826 - Bypass building SandboxHooks on Gonk r=jld
MozReview-Commit-ID: 3TVdcY7aXvW

--HG--
extra : rebase_source : b734c54ad4e7b8fff384f399b84014410b4cf719
2016-05-26 01:02:25 +02:00
Carsten "Tomcat" Book b6b164ec6d Merge mozilla-central to mozilla-inbound 2016-05-25 15:20:00 +02:00
Carsten "Tomcat" Book c715836c7f merge mozilla-inbound to mozilla-central a=merge 2016-05-25 15:04:00 +02:00
Carsten "Tomcat" Book 3cab03a461 Merge mozilla-central to fx-team 2016-05-24 15:15:55 +02:00
Carsten "Tomcat" Book cb4337c62c merge mozilla-inbound to mozilla-central a=merge
--HG--
rename : dom/presentation/tests/mochitest/file_presentation_non_receiver_oop.html => dom/presentation/tests/mochitest/file_presentation_non_receiver.html
rename : dom/presentation/tests/mochitest/file_presentation_non_receiver_inner_iframe_oop.html => dom/presentation/tests/mochitest/file_presentation_non_receiver_inner_iframe.html
rename : dom/presentation/tests/mochitest/file_presentation_receiver_inner_iframe_oop.html => dom/presentation/tests/mochitest/file_presentation_receiver_inner_iframe.html
2016-05-24 14:52:23 +02:00
ffxbld d8a85e51ac No bug, Automated HPKP preload list update from host bld-linux64-spot-425 - a=hpkp-update 2016-05-21 05:05:21 -07:00
ffxbld 0ffea88a0a No bug, Automated HSTS preload list update from host bld-linux64-spot-425 - a=hsts-update 2016-05-21 05:05:19 -07:00
Bob Owen ecee115838 Bug 1250125: Make a 0 security.sandbox.content.level turn off the content process sandbox. r=TimAbraldes
This also fixes a bug where we weren't setting parts of the policy correctly for levels 3 to 9.

MozReview-Commit-ID: IXsg2nGOqoa

--HG--
extra : rebase_source : 65c76a581dcd498c7d7d5b01e4f4e140acdb244f
2016-05-25 09:06:23 +01:00
Masatoshi Kimura 3e0685deec Bug 1274953 - Bump the lowest valid TLS insecure fallback limit to 3 (TLS 1.2). r=keeler 2016-05-24 19:08:13 +09:00
Masatoshi Kimura 877c4b8482 Bug 1275252 - Deal with some TLS 1.3 intolerance. r=keeler 2016-05-25 19:36:57 +09:00
Mathieu Leplatre 695a9942a4 Bug 1266235 - Use blocklist prefix in preference names. r=MattN
MozReview-Commit-ID: 5aeoiSEMwYw

--HG--
extra : rebase_source : ff4e77c88de58923afe75be2046dcdb98e40ad2f
2016-05-19 12:51:13 +02:00
Sergei Chernov d46c2e938b Bug 1241574 - Certificate Transparency - base definitions and serialization to/from TLS wire format. r=keeler, r=Cykesiopka
MozReview-Commit-ID: KmJOr2crof7

--HG--
extra : transplant_source : %97%2A%03p%7CP%09%CA%60J%D22%91%3C%C1%C9%B8%C6%89%D8
2016-04-11 16:17:25 +03:00
Johnathan Nightingale c40db9a65c bug 466011 - clarify comments in cert override service IDL r=kaie DONTBUILD NPOTB
--HG--
extra : rebase_source : 6c67c12f768c4f5e9df84a7ab982d08095ba29ae
2016-05-27 13:11:32 -07:00
David Keeler e87f6f88e2 bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r=mcmanus
MozReview-Commit-ID: 6i7HxTdLcID

--HG--
extra : rebase_source : 3c1b4c0ed798c166cbc2bcad71de90543af176c1
2016-05-23 13:58:56 -07:00
Gian-Carlo Pascutto e8fd20fdcf Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
MozReview-Commit-ID: 6Un4yNzxGgg

--HG--
extra : rebase_source : fc8762b9802fab071cb194513a5ad390ae7984f3
2016-05-18 18:37:44 +02:00
Carsten "Tomcat" Book 805f86c2b5 Merge mozilla-central to mozilla-inbound 2016-05-24 15:13:51 +02:00
Carsten "Tomcat" Book be11014a2b Backed out changeset 767f65379fdf (bug 1098428) for causing linux crashes on a CLOSED TREE 2016-05-24 13:03:00 +02:00
Gian-Carlo Pascutto 42b1907a65 Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
MozReview-Commit-ID: GtIPsRqq5hr

--HG--
extra : rebase_source : 6b918e5119f15536c9437c27cfee413577268b78
2016-05-18 18:37:44 +02:00
Cykesiopka 0b04616a47 Bug 1271496 - Stop using Scoped.h in non-exported PSM code. r=keeler
Scoped.h is deprecated in favour of the standardised UniquePtr.

This patch removes use of Scoped.h everywhere in PSM except ScopedNSSTypes.h,
which is exported. Other consumers of ScopedNSSTypes.h can move off Scoped.h
at their own pace.

This patch also changes parameters and return types of various functions to make
ownership more explicit.

MozReview-Commit-ID: BFbtCDjENzy

--HG--
extra : transplant_source : %0B%C7%9F%40%FA9%A4%F2%5E%0D%92%1C%A6%A49%94%C3%7E%1Cz
2016-05-23 19:50:26 -07:00
Cykesiopka 378731742d Bug 883718 - Followup: Remove nsIBufEntropyCollector.idl. r=trivial
This file is no longer used post
https://hg.mozilla.org/mozilla-central/rev/8dd88e2a1976, but was not removed.
2016-05-24 00:51:00 +02:00
Nicholas Nethercote 99a82c0ac7 Bug 1273711 - Avoid OOM aborts in nsSecretDecoderRing::encode(). r=cykesiopka.
This patch removes an infallible duplication of the base64-encoded string,
which can be large.

--HG--
extra : rebase_source : c8e709d7afcb53e23fdea919fade857a7fd3fea4
2016-05-19 08:55:48 +10:00
Julian Hector 5894681e14 Bug 1274553 - Properly handle stat() requests in permissive mode. r=jld
MozReview-Commit-ID: IeFwQ2Gv21z

--HG--
extra : rebase_source : 0198c5df41f728f85bea149a10dfe0b7c0fae43f
2016-05-20 14:42:50 +02:00
Cykesiopka 5a7878cf2c Bug 1222754 - Replace nsSecureBrowserUIImpl::mOnStateLocationChangeReentranceDetection and nsAutoAtomic. r=keeler
mOnStateLocationChangeReentranceDetection and nsAutoAtomic form an unnecessarily
threadsafe reentrance prevention mechanism that can be replaced by
mozilla::ReentrancyGuard.

MozReview-Commit-ID: KWDdFD5TpCk

--HG--
extra : rebase_source : c3e0a9ad32ff169c6afb00dd10099835b6196682
2016-05-19 22:00:44 -07:00
Cykesiopka 1d22abcec2 Bug 1271953 - Remove nss_addEscape(). r=mgoodwin
The function basically duplicates existing Mozilla string class functionality.

MozReview-Commit-ID: 9IFEXuT9cW1

--HG--
extra : rebase_source : 0d0c4492a63f7a168b6092fdb2e1bf8ec09d5308
2016-05-16 09:04:09 -07:00
Cykesiopka 2677d5c111 Bug 1273749 - Address misc issues with nsNSSCertValidity. r=keeler
Prior to the changes here, nsNSSCertValidity had the following issues:
 - Did not check for NSS shut down.
 - Provided an irrelevant zero argument constructor.
 - Did not explicitly delete the unwanted copy constructor and assignment
   operators.
 - Misc style issues.
 - Did not have a dedicated test.

MozReview-Commit-ID: JUPtk1OjsNg

--HG--
extra : rebase_source : 2f6475c842b8c1c2570a7a5e4e9f87f0bb12deae
2016-05-19 17:35:09 -07:00
Cykesiopka ff87cc2acc Bug 1251133 - Remove DSA telemetry. r=jcj
Firefox no longer supports DSA cipher suites, so this telemetry is dead code.

MozReview-Commit-ID: G3ipd0TADM

--HG--
extra : rebase_source : 6cd2b10727107c048010d39b24e328f5539a7220
2016-05-19 18:42:16 -07:00
Wes Kocher 4f7146f46c Backed out changeset 1b8f35a4774e (bug 1273677) for valgring leaks CLOSED TREE 2016-05-20 18:13:12 -07:00
David Keeler a53c0feecf bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r=mcmanus
MozReview-Commit-ID: 6i7HxTdLcID

--HG--
extra : rebase_source : 5a64db198fe582e6057bb58f8f51be3e9a63192b
2016-05-17 15:17:33 -07:00
Cykesiopka 6b12fc8650 Bug 1271501 - Use mozilla::BitwiseCast instead of reinterpret_cast in PSM. r=keeler
mozilla::BitwiseCast does the same thing, but provides static asserts that
mitigate some of the risk of using reinterpret_cast.

MozReview-Commit-ID: ENQ8QC6Nl9o

--HG--
extra : rebase_source : c1725c8363c0f7f9877601de5ab5f152ef4d0439
2016-05-18 21:20:56 -07:00
Cykesiopka 179b27667b Bug 1271501 - Downgrade unnecessarily strong reinterpret_casts in PSM. r=keeler
These reinterpret_casts can be static_casts or const_casts instead.

MozReview-Commit-ID: 1KQDWHO9CGS

--HG--
extra : rebase_source : a629d91577bdcb6d7fd94416e61ad46ca43f945d
2016-05-18 18:58:41 -07:00
Cykesiopka 5e0c49ff77 Bug 1271501 - Remove unnecessary uses of reinterpret_cast in PSM. r=keeler
These uses of reinterpret_cast are either pointless, or can be removed via
refactoring.

MozReview-Commit-ID: Aw2rlJfrT6J

--HG--
extra : rebase_source : 243d6c38eedc086c59d47c93d4a57cb6a922910a
2016-05-18 18:58:40 -07:00
Martin Thomson 103d3aba59 Bug 1250568 - Adding TLS 1.3 to nsISSLStatus, r=keeler
MozReview-Commit-ID: 4mLdtsdFoKN

--HG--
extra : rebase_source : 8526499c8765a14efeec22950372c738d8dc8b95
2016-04-04 16:21:19 -03:00
Martin Thomson ec792f4dff Bug 1250568 - Adding ECDHE_PSK suites, r=keeler
MozReview-Commit-ID: 1MGB7ewpDuZ

--HG--
extra : rebase_source : 5afd535d6f853db31dd98f70dbc189d01a0246fa
2016-04-04 16:21:19 -03:00
Martin Thomson 9b8f068092 Bug 1250568 - Add support for TLS1.3 in prefs and telemetry, r=keeler
MozReview-Commit-ID: AH8SO3fRUp4

--HG--
extra : rebase_source : f7b367bc4577c2fea2741c60793f7cde6cba0aef
2016-04-19 14:29:36 +10:00
Ralph Giles 0946db2658 Bug 1271794 - Use SSE2 instructions on win32. r=glandium
We've decided supporting the small number of x86 machines
without SSE2 instructions is no longer worth the cost in
developer time nor the performance impact for other users.

https://groups.google.com/d/msg/mozilla.dev.platform/dZC39mj5V-s/Xt_UqZXkAAAJ

Set -arch:SSE2 by default on x86 if an arch hasn't already
been supplied. This ensures we'll continue to build with
the right instruction set if the compiler changes its default
in the future, while still allowing custom builds to set
a lower minimum.

Also updates the filter to strip all arch switches on win64
when building the sandbox. The 64-bit compiler doesn't
support -arch:SSE2 either.

MozReview-Commit-ID: JzTRGPn9vzI
2016-05-18 11:06:30 -07:00
Phil Ringnalda 2657cac015 Backed out 3 changesets (bug 1271794, bug 1271829) on suspicion of making Windows builds less likely to... build
CLOSED TREE

Backed out changeset d0ab0d508a24 (bug 1271829)
Backed out changeset 9f4983dfd881 (bug 1271829)
Backed out changeset 28b45df659b7 (bug 1271794)
2016-05-18 00:04:29 -04:00
Cykesiopka 18c21f386e Bug 1271495 - Replace uses of ScopedPK11Context with UniquePK11Context. r=keeler,mcmanus
ScopedPK11Context is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

MozReview-Commit-ID: HE8UY1hOuph

--HG--
extra : transplant_source : 4%BF%81M%09Q-%2A%E6%04%86i%18%1B%3CL%90%88%04%C7
2016-05-13 05:53:57 -07:00
Ralph Giles 90a00904df Bug 1271794 - Use SSE2 instructions on win32. r=glandium
We've decided supporting the small number of x86 machines
without SSE2 instructions is no longer worth the cost in
developer time nor the performance impact for other users.

https://groups.google.com/d/msg/mozilla.dev.platform/dZC39mj5V-s/Xt_UqZXkAAAJ

Set -arch:SSE2 by default on x86 if an arch hasn't already
been supplied. This ensures we'll continue to build with
the right instruction set if the compiler changes its default
in the future, while still allowing custom builds to set
a lower minimum.

Also updates the filter to strip all arch switches on win64
when building the sandbox. The 64-bit compiler doesn't
support -arch:SSE2 either.

MozReview-Commit-ID: JzTRGPn9vzI
2016-05-17 11:35:51 -07:00
Kate McKinley 567ebcf321 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
2016-07-26 13:03:00 -04:00
Kai Engert f586b10fe0 Bug 1258375, land final release tag of nss 3.24. Changes version numbers.
This backs out bug 1270836, as it wasn't landed according to NSS procedures. It will be re-landed once we go to a NSS 3.25 beta version.
2016-05-17 11:00:15 +02:00
Bob Owen e809e9f918 Bug 1035125 Part 9: Link Chromium sandbox into firefox.exe instead of having a separate DLL. r=aklotz,glandium
MozReview-Commit-ID: 1vgDPjpcwz3

--HG--
extra : rebase_source : 40966d98ca6c37f30884639d648907b4760ae240
2016-05-15 16:41:40 +01:00
Bob Owen c43bf02cda Bug 1035125 Part 8: Pass sandboxing pointers through XRE_InitChildProcess instead of linking to more functions in xul. r=aklotz,glandium
MozReview-Commit-ID: 5AiktOArpfU

--HG--
extra : rebase_source : 1ba3be949e2bfeb3b67687ab05d43342852ab764
2016-05-15 16:35:22 +01:00
Bob Owen 209b6e6e18 Bug 1035125 Part 7: Remove unused functions in security/sandbox/chromium/base/time/time.h to avoid nspr dependency. r=aklotz
MozReview-Commit-ID: 4TwVMQGTXUU

--HG--
extra : rebase_source : 0757390f3ff6fc71242ae09d95e1934d3e80fa26
2016-05-15 16:23:57 +01:00
Bob Owen 43b53afacf Bug 1035125 Part 6: Take Chromium commit 3181ba39ee787e1b40f4aea4be23f4f666ad0945 to add Windows 10 version to enumeration. r=aklotz
MozReview-Commit-ID: 8sR9F72JJ1k

--HG--
extra : rebase_source : bc911fbaa12c8186e2c9539e21fe776282280304
2016-05-15 16:23:57 +01:00
Bob Owen 71b3258726 Bug 1035125 Part 4: Back out changeset 8ae39d920f5c and associated subsequent changes. r=glandium
The original changeset that is being backed out had comment:
Bug 1023941 - Part 2: Static-link the CRT into plugin-container.exe.

MozReview-Commit-ID: 1iPJghgd0t2

--HG--
extra : rebase_source : cbed4e43f51af8ea0c3adbfc150ed029fe0d0f57
2016-05-15 16:23:57 +01:00
Chris Peterson 353ee65255 Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium 2016-05-11 00:00:01 -07:00
Hasse 692b996c80 bug 428421 - fix ordering of FIPS description strings r=keeler
In bug 317630, in the call to PK11_ConfigurePKCS11, the order of the strings
provided was switched such that the FIPS token description appeared before the
FIPS slot description, when in fact the reverse should happen.
2016-05-12 15:45:30 -07:00
David Keeler c17f3a2733 bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj
MozReview-Commit-ID: 88JhIU1pUji

--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
2016-05-05 16:11:11 -07:00
Cykesiopka ebd2e17c94 Bug 1265207 - Enable ESLint "var-only-at-top-level" rule for PSM tests. r=jjones
|let| is generally preferred over |var| in PSM JS.

MozReview-Commit-ID: 7SJWQSKFxI4

--HG--
extra : rebase_source : 387c6259ffa2cb0585ff366edc568ccc39bfd902
2016-05-09 18:04:14 -07:00
David Keeler 3a4d7b486c bug 883718 - remove nsIEntropyCollector and implementation r=mgoodwin,mrbkap
The rationale behind nsIEntropyCollector was to supplement NSS' source of
entropy with randomness from mouse move events. This obviously doesn't work on
platforms without a mouse (e.g. mobile platforms). Furthermore, as NSS seeds its
random number generator with robust randomness from the operating system, this
is unnecessary anyway. The primary concern is that initialization of the random
number generator must happen after forking, which is exactly what we do with the
child process in e10s mode.

MozReview-Commit-ID: GYQDElSCZy0

--HG--
extra : rebase_source : 6273a78203121c4d4ddf3ed97451f393ceef4b88
2016-05-10 16:24:44 -07:00
Cykesiopka 8f7bebaa5c Bug 160122 - Stop using PR_smprintf in PSM. r=keeler
The (more) modern Mozilla string classes can be used instead, which at the very
least provide built in automatic memory management and performance improvements.

MozReview-Commit-ID: 4l2Er5rkeI0

--HG--
extra : transplant_source : %A1%16%AB%02m%CA%25HfW%40%96Mq%0D%F0%91%9C%99%29
2016-05-10 23:38:55 -07:00
Chuck Lee 6ad8527ba5 Bug 1082346 - 02. Test case. r=keeler r=Cykesiopka
MozReview-Commit-ID: 3O8gBQ06Q96

--HG--
extra : rebase_source : b7425f43de7bb2f7200416f2bed35eb6b51866aa
2016-05-10 23:08:04 +08:00
Chuck Lee d568bac51d Bug 1082346 - 01. Convert PKCS12 password endian using copyAndSwapToBigEndian. r=keeler
MozReview-Commit-ID: 83fRWTRzoMd

--HG--
extra : rebase_source : 7eb145e8d84a4778b46f989d1766db3c9e39bb4b
2016-05-07 15:58:12 +08:00
Randell Jesup 73a32768d1 Bug 1271402: name and cleanup DataStorage thread when running XPCshell r=froyd,dkeeler
MozReview-Commit-ID: 2brXgEcp91J
2016-05-11 00:11:40 -04:00
Cykesiopka 391584fd9d Bug 1270005 - Replace uses of ScopedPK11SlotInfo with UniquePK11SlotInfo in PSM. r=keeler
ScopedPK11SlotInfo is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes PK11SlotInfo parameters of various functions to make ownership more
explicit, and replaces some manual management of PK11SlotInfo pointers.

MozReview-Commit-ID: JtNH2lJsjwx

--HG--
extra : rebase_source : 9d764e0dd3a1f2df14c16f8f14a3c5392770c9a1
2016-05-09 18:02:40 -07:00
Andi-Bogdan Postelnicu 03b633450d Bug 1270836 - prevent null pointer dereference on |data|. r=emaldona+298309
MozReview-Commit-ID: 45LFxknL9Jy

--HG--
extra : rebase_source : 268874b34c4dd4466eb75376e2860b6940833399
2016-05-10 09:47:28 +03:00
Carsten "Tomcat" Book 56fe0e8f2c merge mozilla-inbound to mozilla-central a=merge 2016-05-09 11:17:59 +02:00
ffxbld f91f69689f No bug, Automated HPKP preload list update from host bld-linux64-spot-1062 - a=hpkp-update 2016-05-07 05:00:36 -07:00
ffxbld c67ee9ebbd No bug, Automated HSTS preload list update from host bld-linux64-spot-1062 - a=hsts-update 2016-05-07 05:00:34 -07:00
Cykesiopka 128f004a1f Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes CERTCertList parameters of various functions to make ownership more
explicit.

MozReview-Commit-ID: EXqxTK6inqy

--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
2016-05-05 14:56:36 -07:00
David Keeler 4c6c57ed83 bug 1269812 - e10s-ify test_bug383369.html and test_unsecureRedirect.html r=Cykesiopka,mrbkap
MozReview-Commit-ID: E6z91sfEjan

--HG--
extra : rebase_source : 0561b67cb63262c46289134a250fb2c59d6af17d
2016-05-03 11:00:50 -07:00
Kyle Huey 941ab1f522 Bug 1268313: Part 7 - Move NS_NewRunnableMethod and friends to mozilla::NewRunnableMethod. r=froydnj 2016-05-05 01:45:00 -07:00
Cykesiopka 5598e0ec78 Bug 1268365 - Check argument validity more in nsASN1Tree.cpp. r=jcj
MozReview-Commit-ID: 6DqyT1veMR7

--HG--
extra : rebase_source : ca4d914285e651fe4fec1cd032e3106c8fc3a5b3
2016-05-03 21:31:13 -07:00
Haik Aftandilian 01b38f360c Bug 1267453 - Amazon Widevine rejects HDCP on MacBook Pro with or without an external display. r=gcp
--HG--
extra : amend_source : 6a8094ddea6ac6c50e8ec8c11e0656eaddafc20e
2016-05-02 19:33:08 +02:00
Carsten "Tomcat" Book 87bdb8ed2d merge fx-team to mozilla-central a=merge 2016-05-02 11:19:50 +02:00
ffxbld e526d34125 No bug, Automated HPKP preload list update from host bld-linux64-spot-576 - a=hpkp-update 2016-04-30 04:56:03 -07:00
ffxbld 484795c7ec No bug, Automated HSTS preload list update from host bld-linux64-spot-576 - a=hsts-update 2016-04-30 04:56:01 -07:00
Kai Engert 4673d27617 Bug 1258375, NSS_3_24_RC0, r=nss-confcall 2016-04-29 18:02:50 +02:00
Carsten "Tomcat" Book ba3fe0975c Backed out changeset 85ce8cb0639a (bug 1268313)
--HG--
extra : rebase_source : 56d1cf41a2dc4959b67f834e07192a5c772176a8
2016-04-29 14:21:16 +02:00
Gian-Carlo Pascutto 6491a25e6f Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld
MozReview-Commit-ID: DvaHjOa5GOv

--HG--
extra : rebase_source : 1105ebd32973f8608c4c8b21dc72ba9313661735
2016-04-28 20:04:06 +02:00
Nicholas Nethercote 2511b2c327 Bug 1267550 (part 2) - Rename MOZ_WARN_UNUSED_RESULT as MOZ_MUST_USE. r=froydnj.
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.

MozReview-Commit-ID: 1VS4Dney4WX

--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf
2016-04-27 14:16:50 +10:00
Wes Kocher 56fe7c4bcb Merge m-c to fx-team a=merge
MozReview-Commit-ID: 3H9BxQQQnNI
2016-04-29 16:05:30 -07:00
Jared Wein e889366796 Bug 1268159 - Use GreD in addition to XCurProcD for browser_misused_characters_in_strings.js to cover more string files. r=gijs
MozReview-Commit-ID: IlC170W0nlG
* * *
[mq]: temp

MozReview-Commit-ID: GF0k4zvONPD
2016-04-29 09:28:48 -04:00
Cykesiopka fc68a083a3 Bug 1265164 - Always use nsCOMPtrs with getNSSDialogs(). r=keeler
MozReview-Commit-ID: 430uuWHIZjC

--HG--
extra : rebase_source : 3192e40558ac36a3a8bf6ff3c1399be1196f8dcb
2016-04-27 18:16:48 -07:00
Julian Hector 3871240519 Bug 1176099 - Add hooks for sigprocmask/pthread_sigmask. r=jld r=glandium 2016-04-21 13:17:50 +00:00
Kai Engert b565a3d437 Bug 1258375, land NSS_3_24_BETA7, second attempt, r=franziskus 2016-04-27 14:51:59 +02:00
Carsten "Tomcat" Book 05d6ba16fa merge mozilla-inbound to mozilla-central a=merge 2016-04-27 11:57:21 +02:00
Daniel Veditz 19be5bed6c Bug 1267318 ignore cert expiration for mozilla-signed packages, r=dkeeler
MozReview-Commit-ID: Lw6jGmK8gkS
2016-04-26 11:54:08 -07:00
Julian Hector 1942e09c83 Bug 1266298 - Add sys_fchmod to seccomp whitelist r=jld
MozReview-Commit-ID: 4kFgfxhCMFl

--HG--
extra : transplant_source : h%D1%90%ACfP%DC%5C%CB%CC%84%CE%B7%40%17%14%B1%10%FC%AA
2016-04-21 15:59:53 +02:00
Kyle Huey 48a594a09e Bug 1268313: Part 7 - Move NS_NewRunnableMethod and friends to mozilla::NewRunnableMethod. r=froydnj 2016-04-28 14:08:25 -07:00
Julian Hector 4c291ae709 Bug 1176099 - Fix missing NULL check r=luke
MozReview-Commit-ID: ICNQNqJZzA8
2016-04-28 20:41:14 +02:00
David Keeler 1fdc1bdd0a bug 1267463 - add a more nuanced subject common name fallback option for prerelease channels r=Cykesiopka,jcj
MozReview-Commit-ID: 1vHXrPAHTRm

--HG--
extra : rebase_source : dddd8ae973d1d793890bbfc44d9fe84ef4a47ee2
2016-04-25 15:55:18 -07:00
Kyle Huey c73656947b Bug 1265927: Move nsRunnable to mozilla::Runnable, CancelableRunnable to mozilla::CancelableRunnable. r=froydnj 2016-04-25 17:23:21 -07:00
Cykesiopka 33825b4eb1 Bug 1257031 - Return more informative error code when encountering invalid integers rather than SEC_ERROR_BAD_DER. r=keeler
Also adds some missing l10n entries to nsserrors.properties (but not for errors
that are specific to TLS 1.3, since TLS 1.3 is not yet finalised).

MozReview-Commit-ID: A42fmTDTe8W

--HG--
extra : transplant_source : x%F7s%DB%05%B4%81%9Dm%FDC%A1f%B3%0D%7DR%C1%BA%B1
2016-04-21 16:41:22 -07:00
Phil Ringnalda d4f9b788bc Merge m-c to m-i 2016-04-23 20:05:49 -07:00
Phil Ringnalda af470d6828 Bug 1267012 - Disable test_signed_dir.js for having a timebomb that makes it fail after one year, a=orange 2016-04-23 18:10:46 -07:00
ffxbld 41b0888167 No bug, Automated HPKP preload list update from host bld-linux64-spot-508 - a=hpkp-update 2016-04-23 05:00:27 -07:00
ffxbld 0b254f9255 No bug, Automated HSTS preload list update from host bld-linux64-spot-508 - a=hsts-update 2016-04-23 05:00:25 -07:00
David Keeler 1e53398a23 bug 1182742 - allow users to override small key size errors r=rbarnes
Key size enforcement for TLS certificates happens at two levels: PSM and NSS.
PSM enforces a minimum of 1024 bits. NSS enforces a minimum of 1023 bits by
default. The NSS error is not overridable, but the PSM error is. This change
allows users to connect to devices with small RSA keys (as little as 512 bits)
using the certificate error override functionality.

MozReview-Commit-ID: 2TZ8c4I3hXC

--HG--
extra : rebase_source : a9c550f15261c711e789a670c90c129c65802ff0
2016-04-11 13:45:47 -07:00
David Keeler 13d02ebbb6 bug 1264761 - improve handling of x509 versions in certificate manager r=Cykesiopka
MozReview-Commit-ID: B7EPx63ttlt

--HG--
extra : rebase_source : a39e04a7b2393130888ecfe02b09b495c9e068af
2016-04-18 11:07:24 -07:00
Cykesiopka 372fe1a598 Bug 1260643 - Convert most uses of ScopedCERTCertificate in PSM to UniqueCERTCertificate. r=keeler
MozReview-Commit-ID: JnjoUd7d2M0

--HG--
extra : transplant_source : %99x%B6%F5%09%97%E6%60%B6%3C%3C%C2%D5vt%27%0C-%96%1B
2016-04-20 01:14:22 -07:00
Mark Goodwin fccc28a54a Bug 1265085 - Replace verification source with a SAN in the content signature verifier interface. r=Cykesiopka,r=fkiefer
This change replaces the hardcoded 'sourceis' in nsIContentSignatureVerifier and
ContentSignatureVerifier.cpp with a string parameter which allows the caller
to specify which hostname the signing certificate must be valid for. This allows
us to create and use new signing certificates without having to wait for new
sources to ride the trains.

MozReview-Commit-ID: KGpOVOuJrk3
2016-04-18 14:55:56 +01:00
Jacek Caban a9c53bd3c0 Bug 1263622 - Fixed nsNSSComponent.cpp compilation on mingw. r=dkeeler,ted 2016-04-23 10:55:50 +02:00
Sebastian Hengst 926ff145c8 Backed out changeset 178243415be6 (bug 1258375) for crash [@ HandshakeCallback] on Android e.g. in dom/base/test/test_bug704320_http_http.html. r=backout on a CLOSED TREE 2016-04-26 18:00:11 +02:00
Kai Engert 2751db2b05 Bug 1258375, lang NSS_3_24_BETA7, r=franziskus 2016-04-26 16:42:37 +02:00
Wes Kocher 01ea27062a Backed out changeset bb60c7a0b0c5 (bug 1264761) for build failures in nsNSSCertHelper CLOSED TREE
MozReview-Commit-ID: KwFHe6X2WCE
2016-04-19 16:09:49 -07:00
David Keeler 9ae62ef7c9 bug 1264761 - improve handling of x509 versions in certificate manager r=Cykesiopka
MozReview-Commit-ID: B7EPx63ttlt

--HG--
extra : rebase_source : 0234079b42b1a3e46b4a6a790049b8f0769fc79a
2016-04-18 11:07:24 -07:00
Carsten "Tomcat" Book fbeb4ca1bd Merge mozilla-central to mozilla-inbound 2016-04-18 08:51:38 +02:00
ffxbld 9fa9277647 No bug, Automated HPKP preload list update from host bld-linux64-spot-312 - a=hpkp-update 2016-04-16 04:49:09 -07:00
ffxbld 1d4acf2cee No bug, Automated HSTS preload list update from host bld-linux64-spot-312 - a=hsts-update 2016-04-16 04:49:07 -07:00
Cykesiopka 59774a5b4e Bug 1262645 - Address misc issues with nsGetUserCertChoice(). r=keeler
The follow issues are fixed:
  - Returning a failure result when failing to get a pref value instead of more
    gracefully falling back to a default.
  - Using an enum instead of a more strongly typed enum class.
  - Using a pref branch instead of the preferred Preferences.h API.
  - Manual memory management.
  - Unnecessary use of pointers.

MozReview-Commit-ID: FKw5kBhnwxL

--HG--
extra : transplant_source : %21K%E2%83/%A5%AB%DB3%F4%FB%2CUD%9E%B6l%1C%3A%22
2016-04-15 16:51:41 -07:00
Carsten "Tomcat" Book eae4a312af Bug 1261751 - Problems with OS X Sandboxed TempDir and Rules. r=bobowen r=gcp
--HG--
extra : amend_source : 2011128c7e5406d7865da2b24f81facf7889cb0e
2016-04-16 09:00:29 +02:00
Jonas Sicking d310d4dcee Fix unified-build bustage from bug 1264706. r=bustage 2016-04-15 15:21:38 -07:00
Jonas Sicking 32e5673b7a Fix linting bustage for bug 1264706. r=bustage 2016-04-15 15:12:39 -07:00
Jonas Sicking 9c521f30da Bug 1264706: Move nsILocalCertService, and implementation, to security/manager/ssl in order to alloow use w use elsewhere in gecko. r=dkeeler
--HG--
rename : devtools/shared/security/LocalCertService.cpp => security/manager/ssl/LocalCertService.cpp
rename : devtools/shared/security/LocalCertService.h => security/manager/ssl/LocalCertService.h
rename : devtools/shared/security/nsILocalCertService.idl => security/manager/ssl/nsILocalCertService.idl
rename : devtools/shared/security/tests/unit/test_cert.js => security/manager/ssl/tests/unit/test_local_cert.js
2016-04-15 14:52:13 -07:00
Julian Hector d9a01beca2 Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld 2016-04-13 12:41:19 +00:00
J.C. Jones 63f7ce5155 Bug 1244960 - Complete FIDO u2f NSSToken (Part 1). r=keeler, r=baku
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
  onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
  with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.

Updates per keeler review comments:

- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review

April 11-12:

- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest

April 15:
- Rebase to latest

MozReview-Commit-ID: 6T8jNmwFvHJ

--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
2016-04-15 09:29:12 -07:00
Tim Taubert 501a3b98fe Bug 1235634 - Construct nsNSSShutdownList::singleton lazily on first use r=keeler 2016-04-13 11:06:44 +02:00
Mark Goodwin 23e56a0fd2 Bug 1252882 - Add a Content Signature Service r=keeler,r=franziskus,r=Cykesiopka
MozReview-Commit-ID: 2nS6vN3iDKe
2016-04-13 13:26:01 +01:00
Mark Goodwin bc46a6a645 Bug 1252882 - Content-Signature Service - some tests r=keeler,r=fkiefer
MozReview-Commit-ID: AQGAABvRbNZ
2016-04-08 14:27:52 +01:00
Thomas Zimmermann e1b5ef463a Bug 1264226: Don't use '_COARSE' Posix clocks if not defined, r=jld
Not all systems (i.e., Gonk) support CLOCK_MONOTONIC_COARSE and
CLOCK_REALTIME_COARSE. With this patch, we don't refer to them if
they are not supported.
2016-04-14 10:12:39 +02:00
Cykesiopka c510e4037b Bug 1029173 - Clean up nsDataSignatureVerifier. r=keeler
This patch does the following:
 - Implements nsNSSShutDownObject.
 - Replaces more raw pointers with smart pointers.
 - Fixes other misc issues.

MozReview-Commit-ID: HulWdonEbP8

--HG--
extra : transplant_source : %DC%27%14%AE%28%A2F%80%1F%2C%83L%D3h%A2%C7k%F0%1C%2B
2016-04-12 18:09:06 -07:00
Kai Engert 70551ded71 Bug 1258375, NSS_3_24_BETA6 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium 2016-04-12 14:40:44 +02:00
Chris Pearce cb3b390405 Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed
MozReview-Commit-ID: C6bpItv1qpi
2016-04-12 16:12:21 +12:00
Chris Pearce 114ad957d2 Bug 1245789 - Load Widevine CDM with sandbox level USER_RESTRICTED instead of USER_LOCKDOWN. r=bobowen
Otherwise Widevine CDM won't load on Windows. Other GMPs are still loaded at USER_LOCKDOWN.

MozReview-Commit-ID: aCTG1tQuwt
2016-04-12 16:12:20 +12:00
David Keeler b2887661d5 bug 1263221 - improve how PSM handles the visibility of __CERT_AddTempCertToPerm r=chmanchester,mgoodwin
MozReview-Commit-ID: GXiXANNa6Op

--HG--
extra : rebase_source : ffb96a89aabd933f200e39d528d6f5f41e035d7e
2016-04-08 10:30:32 -07:00
Kai Engert f8da0365fd Backout revision 36f75c2863a1, bug 1258375 2016-04-11 17:00:39 +02:00
Kai Engert b471460db8 Bug 1258375, NSS_3_24_BETA5 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium 2016-04-11 16:40:36 +02:00
Cykesiopka b883b2533f Bug 1259909 - Obviate char PORT_Free() calls in PSM. r=keeler
Also converts the longer |UniquePtr<char, void(&)(void*)> foo(..., PORT_Free)|
to the shorter and equivalent |UniquePORTString foo(...)|.

MozReview-Commit-ID: LlrTNUYBP4V

--HG--
extra : transplant_source : afU%FB%0EC%3E%E0pm%A3-%0E%C8%83%CF%0A%B1%9E%ED
2016-04-09 01:03:59 -07:00
Ryan VanderMeulen bb5308d31a Merge m-c to inbound. a=merge 2016-04-09 10:08:57 -04:00
ffxbld e7db699836 No bug, Automated HPKP preload list update from host bld-linux64-spot-428 - a=hpkp-update 2016-04-09 04:47:02 -07:00
ffxbld eae40b0bb0 No bug, Automated HSTS preload list update from host bld-linux64-spot-428 - a=hsts-update 2016-04-09 04:47:00 -07:00
Wes Kocher dfc7e5253f Merge m-c to inbound, a=merge
MozReview-Commit-ID: 9YZdlIARozU
2016-04-08 16:47:03 -07:00
Wes Kocher b6d0503738 Merge fx-team to central, a=merge
MozReview-Commit-ID: yuSA0kqs0F
2016-04-08 15:26:49 -07:00
Dave Townsend bf59524a62 Bug 1257246: Update security/manager for eslint 2. r=cykesiopka
MozReview-Commit-ID: C04uJOhTbjw

--HG--
extra : rebase_source : 39fb9a3ce183b05e0b924563e055431828bab50d
extra : histedit_source : aacec3a02d251d0ec8e13e78900a6f53bc205ec3
2016-04-05 11:32:28 -07:00
David Keeler 7dd242bb39 bug 1261936 - stop using the subject common name in certificate verification error messages r=Cykesiopka
MozReview-Commit-ID: G08cV5GmNDh

--HG--
extra : rebase_source : c79b34d893e7acddc8ee02a6c354dcaa1de07d61
2016-04-04 16:25:24 -07:00
Julian Hector 2d64db058c Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld 2016-04-06 19:48:23 +00:00
Tim Taubert 63c7f51d31 Bug 842818 - Make Crypto::GetRandomValues() work off the main thread r=baku,keeler,mt 2015-09-22 10:50:36 +02:00
Cykesiopka 54da7e65e7 Bug 1252384 - Remove nsICertTree.isHostPortOverride(). r=dkeeler
It is unused since the changes in Bug 825583 landed.

MozReview-Commit-ID: 2u2eu0aDqeH

--HG--
extra : transplant_source : f%5Ev%00%B6%8B%3E%5E%26%C3%10%25%D9%16%C1%98yhf%D2
2016-04-06 07:02:17 -07:00
Bob Owen 907939a278 Bug 1256992 Part 2: Move SandboxBroker Initialization earlier and add telemetry and extra null checks. r=aklotz
MozReview-Commit-ID: Fu05wLn27UG
2016-04-07 08:28:14 +01:00
Wes Kocher 06944947a0 Backed out changeset 069c82269f81 (bug 1258375) for Windows xperf failures
MozReview-Commit-ID: DwhDorbB2PO
2016-04-06 16:51:48 -07:00
Kai Engert 02dd23b86a Bug 1258375, NSS_3_24_BETA4 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium 2016-04-06 21:43:36 +02:00
Cykesiopka efe5b47ede Bug 1260644 - Use UniquePLArenaPool to manage PLArenaPools in PSM. r=keeler
MozReview-Commit-ID: HyLXbWoHMGz

--HG--
extra : rebase_source : 6164b7df51e11c4d3814a06bd41765d40be85a9d
2016-04-04 17:35:24 -07:00
Tim Taubert 313721942c Bug 1261213 - Follow-up to make eslint happy r=bustage 2016-04-06 10:32:16 +02:00
Tim Taubert 96b0d713ad Bug 1261213 - make test_sts_privatebrowsing_perwindowpb.html work under e10s r=keeler,mrbkap,felipe 2016-04-05 12:52:19 +02:00
Cykesiopka 1f493434a0 Bug 1127158 - Remove brittle debug only flag math in nsSecureBrowserUIImpl.cpp. r=dkeeler
MozReview-Commit-ID: 3d5mYDjzJwf

--HG--
extra : rebase_source : ce0b714b92d9deed79a8a9e24e0d8db4b9eef8c7
2016-04-01 06:16:58 -07:00
timeless@mozdev.org cbc8dc0b64 Bug 550185 - Ensure nsCertTree::GetCellText returns an initialized value. r=kaie
--HG--
extra : rebase_source : 4c4529a62c5acb7bba52e8cb94e69e795a85b7e1
2016-04-04 21:18:00 +02:00
David Keeler 9825c57bc3 bug 1239166 - platform work to support Microsoft Family Safety functionality r=froydnj,mgoodwin,mhowell,rbarnes,vladan
MozReview-Commit-ID: GhpJqJB97r9

--HG--
extra : rebase_source : e943c1e4d0f008ffd6b6bb4bb63e1daf27ae2c96
2016-01-12 15:39:43 -08:00
David Keeler 6e4140d766 bug 1245280 - add policy mechanism to optionally enforce BRs for falling back to subject CN r=Cykesiopka,mgoodwin
MozReview-Commit-ID: 7xT6JGpOH1g

--HG--
extra : rebase_source : 0def29e8be898a2d975ee4390b3bc6a193766b1b
2016-02-09 10:14:27 -08:00
Cykesiopka ed5502e22f Bug 1252722 - Add additional tests. r=keeler
MozReview-Commit-ID: Ds5t8RSd1Mk

--HG--
extra : transplant_source : %92Nx%E8%7E%3A%E6%97w%8A%D0%102%7D%8D%93%A2%9D%A4%25
2016-03-31 17:33:06 -07:00
Cykesiopka bc9cb4c633 Bug 1252722 - Improve handling of PK11_* function error codes. r=keeler
MozReview-Commit-ID: DWNNXq8ZJ47

--HG--
extra : transplant_source : N%10%80%B2%9C%DEwu%0B%BF%FB%3B%D4%06%D8W%2AyBh
2016-03-31 17:33:00 -07:00
Cykesiopka 531fe59f42 Bug 1252722 - Ensure arguments of all public methods are checked. r=keeler
MozReview-Commit-ID: 5UJup8k8iGe

--HG--
extra : transplant_source : %D0v%7B%F2%60%04%E3%11%15_%AC%A0%D0%CE%0D%3A0q%96%24
2016-03-31 17:32:53 -07:00
Cykesiopka 0ebbbafe4b Bug 1252722 - Use smart pointers for NSS resources. r=keeler
MozReview-Commit-ID: Gg3DNjGiNIQ

--HG--
extra : transplant_source : _%AC%97%FA%DA%FF%FE%95%E5%D4%3C%BE%82%E4%24%D9F%ADB%89
2016-03-31 17:31:55 -07:00
Cykesiopka db361c5c2d Bug 1252722 - Fully implement nsNSSShutDownObject everywhere. r=keeler
MozReview-Commit-ID: 4OZ6tCdCGEP

--HG--
extra : transplant_source : U%27%E3%E2A%85%03%AC%FA%C9%9A%9Et%87%E9%F6s%FFy%AC
2016-03-31 17:31:50 -07:00
David Keeler 581a304acb bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.

MozReview-Commit-ID: 8GxtgdbaS3P

--HG--
extra : rebase_source : d1bed911f2d5d40229ea06556fee0848668e98b6
2016-03-28 12:52:40 -07:00
Cykesiopka 7167af4f5a Bug 1251801 - Ensure arguments of all public methods are checked. r=keeler
MozReview-Commit-ID: 1UQ4thOmUGb

--HG--
extra : transplant_source : V%24o%40%403%BF%B4o%5E%F5%28%91%B8%8A%E2%E3%E9%8B%BF
2016-03-29 18:14:29 -07:00
Cykesiopka 703b7ef6b1 Bug 1251801 - Improve handling of PK11_* function error codes. r=keeler
MozReview-Commit-ID: 18acVVAuapm

--HG--
extra : transplant_source : %C3%FD%1D%BF/%E4%A5%BBl%DE%03%BC%0E%CA%04%D8%C6%0Fze
2016-03-29 18:14:29 -07:00
Cykesiopka b2f33b0ba8 Bug 1251801 - Fully implement nsNSSShutDownObject and obviate manual NSS resource management. r=keeler
MozReview-Commit-ID: A7a9TVikRPh

--HG--
extra : transplant_source : v%CE%9Df%F6%0AaqJ%D5A%07%B0%2A.%E2%01c%C5%A5
2016-03-29 18:14:28 -07:00
Wes Kocher caea64b900 Backed out changeset 3ff2b12ffedc (bug 1254667) for upsetting the test_ocsp_caching.js gods on android CLOSED TREE
MozReview-Commit-ID: JaJXHxKEAvu
2016-03-29 16:38:18 -07:00
David Keeler 4a9f753dd1 bug 1254667 - change certificate verification SHA1 policy to "allow for locally-installed roots" r=jcj
Before this patch, the default policy for the use of SHA1 in certificate
signatures was "allow all" due to compatibility concerns.
After gathering telemetry, we are confident that we can enforce the policy of
"allow for locally-installed roots" (or certificates valid before 2016) without
too much breakage.

MozReview-Commit-ID: 8GxtgdbaS3P

--HG--
extra : rebase_source : 7e81131a6c215bf7af514f150ebe2eb16a5c612a
2016-03-28 12:52:40 -07:00
Martin Thomson 83f1770c2c Bug 1238001 - Allow TLS info to be updated on renegotiation, r=keeler
MozReview-Commit-ID: KJaPgEwTvhv

--HG--
extra : rebase_source : f7d0025eca46e191d23aee182c9ace58b7d59b8b
extra : amend_source : 7e98ef0aa34b0c2def205644e1ab9e576417930d
2016-02-23 08:00:00 -08:00
ffxbld b83f7e6b04 No bug, Automated HPKP preload list update from host bld-linux64-spot-413 - a=hpkp-update 2016-03-28 14:10:40 -04:00
ffxbld fbba08e207 No bug, Automated HSTS preload list update from host bld-linux64-spot-413 - a=hsts-update 2016-03-28 14:10:40 -04:00
Kyle Huey d9265a3eaf Bug 1259294: Part 2 - Use MOZ_ALWAYS_SUCCEEDS. r=froydnj 2016-03-28 10:28:15 -07:00
Cykesiopka e05e655f1b Bug 1258298 - Switch more Scoped.h templates in PSM to UniquePtr equivalents. r=keeler
MozReview-Commit-ID: 8VOhiuNOlBX

--HG--
extra : amend_source : 70d01c7a061c4b751d643d1277e3185ccf348e54
2016-03-24 18:30:37 -07:00
Cykesiopka e031eef545 Bug 1259149 - Add additional tests for the nsIPK11* and nsIPKCS11* implementations. r=keeler
After these additions, the majority of the API surface should be covered.

MozReview-Commit-ID: CvpEX6Cm94d

--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_list.js => security/manager/ssl/tests/unit/test_pkcs11_module.js
extra : transplant_source : %B3%E0%09%B9%E4b%D0A%F0%00r%08%1F%9Dm%E7%CC9%E3l
2016-03-24 18:29:39 -07:00
Ted Mielczarek 815dd278b6 bug 1259753 - fix some C++ unittests to use ScopedXPCOM to init XPCOM. r=ms2ger
MozReview-Commit-ID: B6xdlB9Di0y

--HG--
extra : rebase_source : 182d29d677c77ae6780260f5fc9b0792bdd98f84
extra : amend_source : 1e4fa2453d6773bd1e63f52b7aa3bf61e61600ff
2016-03-25 10:04:37 -04:00
Nathan Froyd 8cd3125d35 Bug 1255438 - fix OS X warning bustage and reopen this CLOSED TREE; r=me 2016-03-25 10:09:01 -04:00
Nathan Froyd 0e58a8d0a5 Bug 1255438 - create nsI{Mutable,}Array directly; r=keeler 2016-03-25 09:36:25 -04:00
Nathan Froyd e1d8b92ec6 Bug 1255425 - part 2 - pack kSTSPreloadList into a more efficient format; r=keeler
Entries in kSTSPreloadList currently look like:

class nsSTSPreload
{
  public:
    const char *mHost;
    const bool mIncludeSubdomains;
};

This is inefficient for a couple of reasons:

* The structure has a bunch of wasted space: it takes 8 bytes on 32-bit
  platforms and 16 bytes on 64-bit platforms, even though it only uses 5
  and 9 bytes, respectively.

* The |const char*| requires additional space in the form of relocations
  (at least on Linux/Android), which doubles the space cost of
  individual entries.  (The space cost of the relocations is mitigated
  somewhat on Linux and Android because of elfhack, but there's still
  extra cost in the on-disk format and during the load of libxul to
  process those relocations.)

* The relocations the structure requires means that the data in it can't
  be shared between processes, which is important for e10s with multiple
  content processes.

We can make it more efficient by structuring it like so:

static const char kSTSPreloadHosts[] = {
  // One giant character array containing the hosts, in order:
  //   "example.com\0example.org\0example.test\0..."
  // Use an array rather than a literal string due to compiler limitations.
};

struct nsSTSPreload
{
  // An index into kSTSPreloadHosts for the hostname.
  uint32_t mHostIndex: 31;
  // We use the same datatype for both members so that MSVC will pack
  // the bitfields into a single uint32_t.
  uint32_t mIncludeSubdomains: 1;
};

nsSTSPreload now has no wasted space and is significantly smaller,
especially on 64-bit platforms (saves ~29K on 32-bit platforms and ~85K
on 64-bit platforms).  This organization does add a couple extra
operations to searching for preload list entries, depending on your
platform, but the space savings make it worth it.
2016-03-24 15:09:28 -04:00
Nathan Froyd b2490bf812 Bug 1255425 - part 1 - clearly delineate steps when outputting HSTS preload list; r=keeler
The main loop of |output| tweaks entries, filters out entries based on
some conditions, and writes out the actual entries we're going to use.
Let's separate those three steps so it's clearer what's happening where.
2016-03-11 15:35:47 -05:00
David Keeler 08f83f4f99 bug 1257969 - update test_pinning_dynamic.js test certificates to not use subject common name for name information r=jcj
MozReview-Commit-ID: 1NpjJO9r8ma

--HG--
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.a.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-badca.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem
rename : security/manager/ssl/tests/unit/test_pinning_dynamic/cn-x.b.pinning2.example.com-pinningroot.pem.certspec => security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec
extra : rebase_source : 9fa95f73f616da87f19bf8c5f7749b02b52b9696
2016-03-18 14:14:00 -07:00
Gregory Szorc 6a9168778b Bug 1124033 - Disable C4311 and C4312 in directories exhibiting warnings; r=ehsan
There are a long tail of C4311 and C4312 warnings in VS2015. Rather than
wait until all of them are fixed to land VS2015, we're taking the easy
way out and disabling these warnings in every directory currently
exhibiting a warning. This is evil. But it is a lesser evil than
globally disabling C4311 and C4312. At least with this approach new
C4311 and C4312 warnings in directories that aren't suppressing them
shouldn't be introduced.

MozReview-Commit-ID: 2cwWrjMD6B9

--HG--
extra : rebase_source : 3e7b8ea042765fdf138f5ca93a0f9dab75a95fcd
2016-03-23 17:19:20 -07:00
David Keeler eabc80d212 bug 1258579 - remove some unnecessary time-related globals from mozilla::pkix tests r=Cykesiopka
MozReview-Commit-ID: C0XPTdO4Ab7

--HG--
extra : rebase_source : cb97b17cc5f3bd2fe1fe2bd13cae5447e029c14d
2016-03-22 10:26:30 -07:00
Bob Owen db4259c176 Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley 2016-03-23 08:10:43 +00:00
Cykesiopka c343159d73 Bug 1253108 - Enable ESLint "strict" rule for PSM. r=keeler
MozReview-Commit-ID: 4wElZ8Guq9z

--HG--
extra : rebase_source : 60fb87c33d041994f35cbf9fd2fb3a55bd753bc6
2016-03-19 03:07:13 -07:00
Boris Zbarsky bc347a401b Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:35 -04:00
Boris Zbarsky 42b3bbe27a Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky 54987c5cc1 Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky efa07c06d1 Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Sebastian Hengst 0e9bf1445a Backed out changeset 6e95ee3cd4c6 (bug 1257919) 2016-03-22 21:10:21 +01:00
Sebastian Hengst e6e4d30446 Backed out changeset c4faeb0be959 (bug 1257919) 2016-03-22 21:10:12 +01:00
Sebastian Hengst 336c2cc4ae Backed out changeset 08f1c7239cdf (bug 1257919) 2016-03-22 21:10:01 +01:00
Sebastian Hengst 8b2bf79a7a Backed out changeset ff81c52375ba (bug 1257919) 2016-03-22 21:09:32 +01:00
Boris Zbarsky 8062407932 Bug 1257919 part 10. Make the caller and formattedStack getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:35 -04:00
Boris Zbarsky 5df498fbd2 Bug 1257919 part 8. Make the line/column number getters on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky cc563df19f Bug 1257919 part 7. Make the name getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Boris Zbarsky 38af226a36 Bug 1257919 part 6. Make the filename getter on JSStackFrame take an explicit JSContext. r=khuey 2016-03-22 13:50:31 -04:00
Carsten "Tomcat" Book 0262976513 Backed out changeset 917819510b3f (bug 1235634) for memory leaks on a CLOSED TREE 2016-03-22 16:08:55 +01:00
Tim Taubert 5706816622 Bug 1235634 - Construct nsNSSShutdownList::singleton lazily on first use r=keeler 2016-03-22 15:13:05 +01:00
Carsten "Tomcat" Book 417d5d9533 Backed out changeset 0fedfd441a06 (bug 1256992) for gtest failures 2016-03-22 09:54:55 +01:00
Bob Owen 72e4566fa4 Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley 2016-03-22 07:40:03 +00:00
Cykesiopka 1a9cf03eb1 Bug 1251009 - Remove unused nsICertificateDialogs.notifyCACertExists() method. r=keeler, r=mfinkle
MozReview-Commit-ID: 5CFAsy5e1Cl

--HG--
extra : rebase_source : eed2fc5d3511c140dfe6046079347e9a881e2803
2016-03-16 12:48:59 -07:00
Cykesiopka 9e0106d044 Bug 1004149 - Add some missing OCSP URL tests. r=keeler
MozReview-Commit-ID: Iiyv6sMKEWV

--HG--
extra : transplant_source : S%CCT/%B2%7C%F1%3E%D4%A6%C4%C2%AA%F0%AA%40%DF%F2%29d
2016-03-18 21:11:09 -07:00
Cykesiopka bdfc5290f6 Bug 1004149 - Return mozilla::pkix::Result values in nsNSSHttpInterface functions. r=keeler
MozReview-Commit-ID: Kx1E3HLP7zC

--HG--
extra : transplant_source : %F0%068%83%E21dM-%FE%7C%EC1%1E%05h%E6%1D%271
2016-03-18 21:11:03 -07:00
Cykesiopka 6698ff0184 Bug 1004149 - Remove some dead code. r=keeler
MozReview-Commit-ID: JF6IgVCEUVe

--HG--
extra : transplant_source : %B5%E0%F4%20%8C%BC%CF%23a%2B%DB%A5kG%D6%98%CC%D1%1D%23
2016-03-18 21:10:54 -07:00
ffxbld ce9073e1b8 No bug, Automated HPKP preload list update from host bld-linux64-spot-543 - a=hpkp-update 2016-03-19 04:43:32 -07:00
ffxbld a593c802bf No bug, Automated HSTS preload list update from host bld-linux64-spot-543 - a=hsts-update 2016-03-19 04:43:30 -07:00
David Keeler 3db46cef2e bug 1240118 - add functionality to treat a test certificate as a built-in root r=mgoodwin
MozReview-Commit-ID: GJMd2zEAcmX

--HG--
extra : rebase_source : d2d55c593368b4e5d8562484673a1018dc5ad02d
2016-03-15 17:19:00 -07:00
Cykesiopka e6008c2304 Bug 1251011 - Enable ESLint "no-undef" rule for PSM. r=keeler r=mossop
MozReview-Commit-ID: 1lbwWWkJjqq

--HG--
extra : rebase_source : 10fa76138cb5c4ac53b2b49f99b26ce3748f9fff
2016-03-16 16:50:33 -07:00
Gregory Szorc 4ab279264e Bug 1257036 - Disable C4302 to unblock compilation on VS2015; r=bobowen
As part of unblocking building with VS2015u1 in automation, I'm mass
disabling compiler warnings that are turned into errors. This is not
the preferred mechanism to fix compilation warnings. But the warning
occurs in third party code, so my hands are tied.

MozReview-Commit-ID: A0UF2RHJzVo

--HG--
extra : rebase_source : 3fc5300f6f67274162f4d65fd83eb9c18b4bf716
2016-03-16 13:27:59 -07:00
David Keeler d27e176906 bug 1236964 - enable Certum Trusted Network CA 2 root certificate for EV treatment r=jcj
MozReview-Commit-ID: 8QlBgAdXjlm

--HG--
extra : rebase_source : 07affb67f289f9d460e3eac147dcd44945da182d
2016-03-15 16:08:15 -07:00
David Keeler fceae4c33d bug 1256495 - temporarily check build-time-generated PSM xpcshell test certificates in to the tree r=Cykesiopka
MozReview-Commit-ID: GIJgI4mFpGL

--HG--
extra : rebase_source : 143f72f3c8d6c0ac41151b9db38bec2fbaacd76b
2016-03-14 17:30:36 -07:00