Граф коммитов

10488 Коммитов

Автор SHA1 Сообщение Дата
Nicholas Nethercote ca40b738e4 Bug 1294620 - Use infallible XPIDL attribute getters more. r=erahm.
This makes a lot of code more compact, and also avoids some redundant nsresult
checks.

The patch also removes a handful of redundant checks on infallible setters.

--HG--
extra : rebase_source : f82426e7584d0d5cddf7c2524356f0f318fbea7d
2016-08-12 15:19:29 +10:00
Wes Kocher 2253eb9510 Merge m-c to inbound, a=merge 2016-08-15 14:53:49 -07:00
Wes Kocher d602abb016 Merge inbound to central, a=merge 2016-08-15 14:20:38 -07:00
Igor 175543fda8 Bug 1293384 - Part 2: Rename Snprintf.h header to Sprintf.h. r=froydnj 2016-08-14 23:43:21 -07:00
Igor a57972337d Bug 1293384 - Part 1: Rename snprintf_literal to SprintfLiteral. r=froydnj 2016-08-14 23:44:00 -07:00
Wes Kocher 4aec37ca6e Merge m-c to autoland, a=merge 2016-08-12 16:30:03 -07:00
Jed Davis 10843a73b7 Bug 1290896 - Allow readlink() in desktop Linux content processes. r=gps
Making readlink() always fail with EINVAL (the result of applying it
to a non-symlink) worked on B2G, but this is not the case on desktop.
(Note: originally the idea for the B2G file broker was that it would
ignore symlinks and map lstat to stat, so that behavior for readlink
would have been consistent, but as eventually implemented it does do
lstat as actual lstat.)

In particular, this seems to be causing something in the graphics
library stack to change what GL renderer it uses (?), and on some
systems the presence of the readlink->EINVAL rule causes it to load a
version of the llvmpipe software renderer with a crash bug, instead of
(we assume) some other driver that works.
2016-08-08 14:59:19 -07:00
Cykesiopka cb172720f2 Bug 623917 - Add basic client authentication tests. r=keeler
This patch adds tests for the core aspects of the client authentication code,
mainly to ensure the client auth process even works.

MozReview-Commit-ID: DzV4BuwlrDE

--HG--
extra : rebase_source : 43224d3159964f02b175e8c54491b2cabba2cb8a
2016-08-12 16:36:43 +08:00
Haik Aftandilian f796c32cc7 Bug 1286480 - [10.12] Widevine CDM always crashes on Amazon since upgrade to macOS Sierra. r=gcp
Allow /System/Library/PrivateFrameworks/ to be read from the from the plugin sandbox.

--HG--
extra : rebase_source : 8b71b7daed4792d8ce67131819c90acb2f5891ea
2016-08-11 00:57:52 -07:00
Wes Kocher fa1a1180c4 Merge autoland to central, a=merge 2016-08-10 16:29:26 -07:00
Gian-Carlo Pascutto c53a105dc7 Bug 1288410 - Basic implementation of AddDir and recursive Lookup. r=tedd
MozReview-Commit-ID: 36jAPfm29LO

--HG--
extra : rebase_source : 5eb2a9b02ad3c40375b9a4d9b3f38d75932e29b1
2016-08-10 15:09:58 +02:00
Nicholas Nethercote e7f10a07fd Bug 1293603 (part 2) - Make Run() declarations consistent. r=erahm.
This patch makes most Run() declarations in subclasses of nsIRunnable have the
same form: |NS_IMETHOD Run() override|.

As a result of these changes, I had to add |override| to a couple of other
functions to satisfy clang's -Winconsistent-missing-override warning.

--HG--
extra : rebase_source : 815d0018b0b13329bb5698c410f500dddcc3ee12
2016-08-08 12:18:10 +10:00
Cykesiopka 2c9b1285df Bug 1289455 - Obviate manual CERT_DestroyCertificate() calls in PSM. r=dkeeler
MozReview-Commit-ID: Aoi1VWvkNjp

--HG--
extra : transplant_source : B%8F9%E7%E8%84%7D%D1%7B%5Due%ED%9A%E8%DE%05%5B%E2D
2016-08-05 23:57:44 +08:00
Nicholas Nethercote bb1d1454ea Bug 1275309 (part 4) - Inline nsSecretDecoderRing::{decode,encode}. r=cykesiopka.
--HG--
extra : rebase_source : 6328c6e0dd211e43b5d171df50c6079853e6b15a
2016-08-04 11:53:09 +10:00
Nicholas Nethercote afef61ac1b Bug 1275309 (part 3) - Use unsigned integers for lengths in nsSecretDecoderRing. r=cykesiopka.
This avoids the need for some range checks and some casts.

--HG--
extra : rebase_source : e4dc7647791236085fdf65beda82ce063042d182
2016-08-04 11:53:07 +10:00
Nicholas Nethercote f02b5adb6c Bug 1275309 (part 2) - Use Base64Decode() in nsSecretDecoderRing::decode(). r=cykesiopka.
This mirrors the changes made to encoding in bug 1273711.

--HG--
extra : rebase_source : 3976f9888f05a588549fd6c309fc451a020aa9e9
2016-08-04 11:53:06 +10:00
Sergei Chernov 21be681857 Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka
MozReview-Commit-ID: IgcnyBH4Up

--HG--
extra : transplant_source : %98%A3%5E%B4%DA%89qI1%01A%F8%FF%C7%1FS%D4%23v%B3
2016-07-05 08:35:06 +03:00
J.C. Jones afe8f0c2f8 Bug 1273475 - use release assertions for PSM->NSS shutdown. r=ttaubert
Update the prior patch to use MOZ_RELEASE_ASSERT so that we cleanly crash
if there's still an error somewhere in this logic, instead of deadlocking
on beta (but crashing on aurora).

MozReview-Commit-ID: InttEcC55Dn

--HG--
extra : rebase_source : c79726acbaf1eb8374500f43cd3c7d33362466ad
2016-08-05 14:47:23 -07:00
David Keeler d922ace809 Bug 1273475 - fix deadlock and potential crash when PSM shuts down NSS. r=ttaubert, r=jcj
This fixes two issues:
1. nsNSSShutDownList::evaporateAllNSSResources could deadlock by acquiring
sListLock and then the singleton's mNSSActivityStateLock in
nsNSSActivityState::restrictActivityToCurrentThread.

2. Calling UnloadLoadableRoots before
nsNSSShutDownList::evaporateAllNSSResources could result in removing modules
that were still in use, causing assertion failures and potential crashes.

MozReview-Commit-ID: 8ZgZTVw7sWh

--HG--
extra : rebase_source : 43452add4612b3d12c2b877c3a38169c9676f445
2016-08-02 12:16:37 -07:00
Kai Engert 1d17a259bc Bug 1291253, land NSS_3_26_RTM, r=franziskus 2016-08-05 18:16:01 +02:00
Carsten "Tomcat" Book 389a3e0817 merge mozilla-inbound to mozilla-central a=merge
--HG--
rename : mobile/android/base/java/org/mozilla/gecko/GeckoAppShell.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/GeckoLayerClient.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/GeckoLayerClient.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/LayerRenderer.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/LayerRenderer.java
rename : mobile/android/base/java/org/mozilla/gecko/gfx/PanningPerfAPI.java => mobile/android/geckoview/src/main/java/org/mozilla/gecko/gfx/PanningPerfAPI.java
2016-08-04 15:55:50 +02:00
David Keeler 67199d7bf6 bug 1289885 - Enable VeriSign Class 3 Public PCA - G4 for EV in PSM r=jcj
MozReview-Commit-ID: GDZnZcVCNl6

--HG--
extra : rebase_source : ffdfa0fac7d4114e1251d00ced4c6ca7aab1ec86
2016-07-27 14:06:09 -07:00
Alexandre Lissy 0af5b943b6 Bug 1284674 - Remove NUWA r=cyu
MozReview-Commit-ID: GyMRNzOBKw6

--HG--
extra : rebase_source : 293af1cd55f2035ce6a99f4ebf144059c32a2b8f
2016-08-02 14:54:00 +02:00
Tom Schuster 473d3dc22d Bug 1197324 - Fix new warnings. r=froydnj 2016-08-03 14:37:31 +02:00
Jed Davis 5fc855cf94 Bug 1290343 - Fix Linux GMP sandbox policy's geteuid rule for 32-bit. r=tedd 2016-08-01 13:10:00 +02:00
Jed Davis 6f2404e02a Bug 1290633 - Soft-fail unexpected open() in GMP processes to avoid recursive crash. r=gcp 2016-08-01 15:47:00 +02:00
Jed Davis 938691d027 Bug 1290618 - Allow PR_SET_PTRACER in Linux sandbox policies to avoid recursive crash. r=tedd 2016-08-01 15:44:00 +02:00
Carsten "Tomcat" Book bd81ddd0b0 merge mozilla-inbound to mozilla-central a=merge 2016-08-02 17:09:31 +02:00
David Keeler a033a593cb bug 1119778 - make "Forget About This Site" clear HSTS and HPKP info r=MattN,mgoodwin
MozReview-Commit-ID: IJVQBsryfHq

--HG--
extra : rebase_source : c8d3c431ee44112985d53907e3e3e83d80108805
2016-07-27 17:11:52 -07:00
Thomas Wisniewski 6a1fb99d2b Bug 709991 - Fire onerror instead of throwing on network errors for async XHRs. r=bz 2016-07-30 00:24:56 -04:00
Julian Seward a3b23bd33c Bug 1288726 - Seccomp sandbox doesn't play well with Valgrind. r=julian.r.hector. 2016-07-29 17:42:55 +02:00
Carsten "Tomcat" Book 8c47612fee merge mozilla-inbound to mozilla-central a=merge 2016-07-29 11:56:43 +02:00
Makoto Kato 2e27b62687 Bug 1288644 - Don't define RTLD_NOLOAD when __ANDROID_API__ >= 21. r=glandium
MozReview-Commit-ID: AUEQjIBk50H

--HG--
extra : rebase_source : 6ce4e2d3537951054432ce2a9689222a8923f69a
2016-07-22 16:40:21 +09:00
Haik Aftandilian 4350d1fefd Bug 1288774 - Remove the OSX rule added in bug 1190032 for nsPluginHost::GetPluginTempDir. r=jimm 2016-07-25 14:43:00 -04:00
Julian Hector 6c0d578d0e Bug 1287008 - Add sys_fadvise64_64 to seccomp whitelist. r=gcp 2016-07-27 15:45:02 +02:00
Carsten "Tomcat" Book 7293066753 merge mozilla-inbound to mozilla-central a=merge 2016-07-27 16:35:44 +02:00
Cykesiopka 13116b6d68 Bug 1289151 - Remove obsolete nsIWalletService related code. r=jcj
It appears the wallet code was not included during the initial 2007 import of
code from CVS to Mercurial, so anything referencing wallet has been dead code
ever since.

MozReview-Commit-ID: BRTd1M0DsT0

--HG--
extra : transplant_source : %BC%FC%05%AE%B5%8C%DC%21J%DC%B4%B17M%19%AA%F3%B9%05L
2016-07-27 01:53:20 +08:00
Cykesiopka 4a43c75897 Bug 1287290 - Use ScopedAutoSECItem in PSM more. r=dkeeler
ScopedAutoSECItem is useful for:
1. Removing manual memory management.
2. Getting rid of this pattern:
   > UniqueSECItem item(SECITEM_AllocItem(nullptr, nullptr, 0));
   While this pattern works, ScopedAutoSECItem is slightly superior in that it
   doesn't unnecessarily cause a SECItem to be allocated from the heap.

MozReview-Commit-ID: 8DPD9gtzeru

--HG--
extra : transplant_source : %10l%27C%12%3E%08%85q%06%1A%FC%FB%DE%F9%A3%99%0AN%A1
2016-07-25 15:06:34 +08:00
Wes Kocher cef61ca9ed Merge m-c to autoland, a=merge 2016-07-26 16:54:33 -07:00
Fabrice Desré c23a54d9ec Bug 1289381 - Don't fail to build sandboxing with --disable-crashreporter r=gcp 2016-07-26 04:35:43 -07:00
Carsten "Tomcat" Book 25aa8617fc Backed out changeset 1825b8fa636a (bug 1246540) for bustage
--HG--
extra : rebase_source : 45defacae713b2c2f75813fea6f2f289ebc481cd
2016-07-26 12:52:15 +02:00
Andi-Bogdan Postelnicu d19b17ffc3 Bug 1289366 - added return statement for CharToByte when assertion fails. r=keeler
MozReview-Commit-ID: LDAamOxHdli

--HG--
extra : rebase_source : 7a180b058c3d756074b4cb2f56356c41eaf9919d
2016-07-26 12:48:49 +03:00
Bob Owen 22830b7f8f Bug 1287984: Add rule to allow content process to duplicate handles to other non-broker processes. r=jimm
MozReview-Commit-ID: A79P9G9t7Ax

--HG--
extra : transplant_source : %C2%0A-%FB%7E%AF%99%95%C7%AF%A6%21%BC%18%D4a%9C%24z%8C
2016-07-20 14:41:18 +01:00
Julian Hector 3236586a67 Bug 1285769 - Add sys_get_mempolicy to seccomp whitelist. r=gcp 2016-07-25 19:37:58 +02:00
Julian Hector 1ab18ae903 Bug 1285770 - Add sys_fallocate to seccomp whitelist. r=gcp 2016-07-23 17:13:52 +02:00
Haik Aftandilian 8f7ffc84b7 Bug 1274540 - Record sandboxing status in crash reports; r=gcp
Adds content sandbox metadata to parent and child crash reports:
Includes the value of pref security.sandbox.content.level,
whether or not the system is capable of sandboxing, if the
sandbox was successfully turned on, and (on Linux systems)
the sandbox capabilities flags.

New crash report keys:
"ContentSandboxLevel" in parent and content
"ContentSandboxCapable" in parent
"ContentSandboxEnabled" in content
"ContentSandboxCapabilities" in content on Linux
2016-07-25 13:21:00 +02:00
Kate McKinley 01cbd73591 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-25 12:37:00 +02:00
Cykesiopka 8297eb8984 Bug 1281665 - Change nsIClientAuthDialogs.chooseCertificate() to use hostname instead of CN. r=keeler
chooseCertificate() currently uses a concatenation of the Common Name of the
server cert and the port of the server to allow the user to identify the server
requesting client authentication. Unfortunately, this approach is flawed, since
it doesn't take into account things like SAN entries, which might be very
different from the CN.

Using the hostname instead avoids this problem.

MozReview-Commit-ID: 6XjGCknWNi9

--HG--
extra : transplant_source : k%10N%7B%E8%A4%9B%C9%9A%23Q%D1%99%D2%A3%C0.%2B%7F%A5
2016-07-26 20:16:58 +08:00
Iris Hsiao caea40742f Backed out changeset 8dc198cd46ff (bug 1246540) for Mochitest failures 2016-07-27 13:14:07 +08:00
Kate McKinley c6650db185 Bug 1246540 HSTS Priming Proof of Concept
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-26 13:03:00 +08:00