Граф коммитов

10527 Коммитов

Автор SHA1 Сообщение Дата
Cykesiopka 63654161d3 Bug 1252385 - Remove unused nsNSSCertTrust methods. r=mgoodwin
MozReview-Commit-ID: 4vcFlcv5FJo

--HG--
extra : transplant_source : %EB%CC%1ARI%AE%B0%D0L%EF%CE7L%91%C43%92%22%B9%2B
2016-09-03 22:47:20 +08:00
Cykesiopka 2e47d34ebc Bug 1256302 - Remove CertVerifier::InitCertVerifierLog(). r=jcj 2016-09-02 10:45:47 +02:00
Nicholas Nethercote 742fc7eb48 Bug 1297961 (part 1) - Introduce nsURI::GetSpecOrDefault(). r=hurley.
This function is an infallible alternative to nsIURI::GetSpec(). It's useful
when it's appropriate to handle a GetSpec() failure with a failure string, e.g.
for log/warning/error messages. It allows code like this:

  nsAutoCString spec;
  uri->GetSpec(spec);
  printf("uri: %s", spec.get());

to be changed to this:

  printf("uri: %s", uri->GetSpecOrDefault().get());

This introduces a slight behavioural change. Previously, if GetSpec() failed,
an empty string would be used here. Now, "[nsIURI::GetSpec failed]" will be
produced instead. In most cases this failure string will make for a clearer
log/warning/error message than the empty string.
* * *
Bug 1297961 (part 1b) - More GetSpecOrDefault() additions. r=hurley.

I will fold this into part 1 before landing.

--HG--
extra : rebase_source : ddc19a5624354ac098be019ca13cc24b99b80ddc
2016-08-26 16:02:31 +10:00
David Keeler abc60241f8 bug 1290613 - test_ev_certs.js cleanup r=Cykesiopka,mgoodwin
MozReview-Commit-ID: KcCV161J3qV

--HG--
rename : security/manager/ssl/tests/unit/test_ev_certs/ev-valid-anypolicy-int.pem => security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem
rename : security/manager/ssl/tests/unit/test_ev_certs/ev-valid-anypolicy-int.pem.certspec => security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec
rename : security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid-anypolicy-int.pem => security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem
rename : security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid-anypolicy-int.pem.certspec => security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec
rename : security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-url-cert.pem => security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem
rename : security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-url-cert.pem.certspec => security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec
rename : security/manager/ssl/tests/unit/test_ev_certs/non-ev-root.pem => security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem
rename : security/manager/ssl/tests/unit/test_ev_certs/non-ev-root.pem.certspec => security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec
rename : security/manager/ssl/tests/unit/test_ev_certs/int-non-ev-root.pem => security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem
rename : security/manager/ssl/tests/unit/test_ev_certs/int-non-ev-root.pem.certspec => security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec
rename : security/manager/ssl/tests/unit/test_ev_certs/ev-valid.pem => security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem
rename : security/manager/ssl/tests/unit/test_ev_certs/ev-valid.pem.certspec => security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec
rename : security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.key => security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key
rename : security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.key.keyspec => security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec
rename : security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.pem => security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem
rename : security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.pem.certspec => security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec
extra : rebase_source : 4a84a44616a396ae484550fcfcaf0df5e533dd51
2016-08-01 17:01:27 -07:00
David Keeler dcd144713e bug 1290613 - remove unnecessary invalidIdentities parameter from startOCSPResponder r=Cykesiopka
MozReview-Commit-ID: KBiRbkLllmu

--HG--
extra : rebase_source : 3332140b7944b3115c2b20fc6688ccd55e04f6e8
2016-08-03 15:01:50 -07:00
Wes Kocher 81db6ce036 Merge m-c to autoland, a=merge 2016-08-30 18:15:33 -07:00
Gian-Carlo Pascutto dd0d72c51a Bug 1295190 - Add sys_flock to seccomp whitelist. r=jld
MozReview-Commit-ID: 2GxNWzwfh3u

--HG--
extra : rebase_source : e64bb3d7e499f97dd77721c230bb849e0654ca05
2016-08-22 15:51:05 +02:00
Franziskus Kiefer 700b1cde18 Bug 1296266 - Land NSS_3_27_BETA2, r=me
--HG--
extra : rebase_source : f42bcb4332c98ba5e1941016f372ed0a18aea1f4
2016-08-30 07:58:30 +02:00
Gian-Carlo Pascutto 7cb06880d3 Bug 1296309 - Return umask (PulseAudio) and wait4 (threads) to the whitelist. r=tedd
MozReview-Commit-ID: 72RrNf57FQQ

--HG--
extra : rebase_source : 875e95ee560ff35e81fb38e8459dfe7256c24735
2016-08-30 16:59:39 +02:00
Wes Kocher ecea29f6a3 Backed out changeset 0f53bc1a9aea (bug 1290619) a=merge 2016-08-29 17:40:59 -07:00
Haik Aftandilian 3c44a5f111 Bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regexes. r=jimm
Passes the profile dir to the content process as a -profile CLI option so
that the correct profile dir can be used in the OS X content sandbox rules.
Only enabled on OS X for now.

On Nightly, profile directories will now be read/write protected from the
content process (apart from a few profile subdirectories) even when they
don't reside in ~/Library.

MozReview-Commit-ID: rrTcQwTNdT

--HG--
extra : rebase_source : d91d8939cabb0eed36b640766756548a790a301c
2016-08-25 15:19:52 -07:00
ffxbld 21ac721516 No bug, Automated HPKP preload list update from host bld-linux64-spot-561 - a=hpkp-update 2016-08-27 05:56:54 -07:00
ffxbld a2da90fae1 No bug, Automated HSTS preload list update from host bld-linux64-spot-561 - a=hsts-update 2016-08-27 05:56:51 -07:00
David Keeler 247986c342 bug 1298056 - fix HSTS preload update script so it will continue when requests result in errors r=jcj DONTBUILD NPOTB a=KWierso
MozReview-Commit-ID: b697Aa4iqQ

--HG--
extra : amend_source : 96e9e1c05520fab13f79990a99a4c507fe83fd44
2016-08-26 14:18:39 -07:00
Wes Kocher 3343f6c576 Backed out changeset b357fab2feb4 (bug 1290619) for osx e10s crashes a=backout CLOSED TREE 2016-08-24 10:59:04 -07:00
Haik Aftandilian d1e8cf113e Bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's. r=jimm
Passes the profile dir to the content process as a -profile CLI option so
that the correct profile dir can be used in the OS X content sandbox rules.
Only enabled on OS X for now.

On Nightly, profile directories will now be read/write protected from the
content process (apart from a few profile subdirectories) even when they
don't reside in ~/Library.

--HG--
extra : rebase_source : 7bf426f14f31b35c8b541e6d21183226db9836c7
2016-08-22 11:58:18 -07:00
Ryan VanderMeulen 69113163cf Merge m-c to inbound. a=merge 2016-08-24 09:09:05 -04:00
David Keeler de93e5e361 bug 1296619 - add a test to ensure that prompting for the master password probably works r=Cykesiopka
MozReview-Commit-ID: 5p5Pn5Mk1km

--HG--
extra : rebase_source : e6ca122e4000048aad6fcde377ae25c51ece343f
2016-08-18 15:31:56 -07:00
Cykesiopka ba96e52654 Bug 1296219 - Use the Mozilla Base64 functions instead of the NSPR ones in PSM. r=keeler
NSPR should generally be avoided in favour of modern C++ code.

This patch does not convert uses of the NSS Base64 functions. It does however
take the opportunity to switch over some IDL functions to use the safer Mozilla
string classes, and fixes Bug 1251050 along the way.

MozReview-Commit-ID: CM8g9DzIcnC

--HG--
extra : rebase_source : 9d07db1bcefc9d9ed6a1f7e102f5c01bd9caa522
2016-08-23 13:29:15 +08:00
Cykesiopka a16f7b0f6a Bug 1296316 - Convert nsNSSShutDownObject::CalledFromType to an enum class. r=mgoodwin
enum classes are in general safer than plain enums, and as such should be
preferred.

MozReview-Commit-ID: 1FK89SNhdk4

--HG--
extra : rebase_source : 764c4855026c02d8c9e33ca33637fec54ea5ca31
2016-08-20 23:00:19 +08:00
Ryan VanderMeulen 82663d8710 Merge inbound to m-c. a=merge 2016-08-23 10:05:18 -04:00
Dragana Damjanovic 3cf6ee23d9 Bug 1264578 - NSS support for http with TLS 1.3. r=keeler
--HG--
extra : rebase_source : 26b322f6d6f8e0160087c5214024dc9cccd328f9
2016-08-19 05:01:00 -04:00
Kan-Ru Chen b6d880aca1 Bug 1297276 - Rename mfbt/unused.h to mfbt/Unused.h for consistency. r=froydnj
The patch is generated from following command:

  rgrep -l unused.h|xargs sed -i -e s,mozilla/unused.h,mozilla/Unused.h,

MozReview-Commit-ID: AtLcWApZfES


--HG--
rename : mfbt/unused.h => mfbt/Unused.h
2016-08-24 14:47:04 +08:00
Wes Kocher bb22cc4067 Merge inbound to central, a=merge 2016-08-19 18:16:20 -07:00
Cykesiopka a2072b8e93 Bug 1275841 - Make nsISecretDecoderRing.idl encryptString() and decryptString() use the Mozilla string classes. r=keeler
The Mozilla string classes don't require manual memory management and
automatically keep track of length, making them a safer choice than raw C
strings.

MozReview-Commit-ID: EwCiiP9EhDr

--HG--
extra : transplant_source : %05%D4%B6s%C1%DBye%2C3%C3%85%DB%22%91h%B4%27%E1l
2016-08-19 09:37:48 +08:00
Cykesiopka a120c3d754 Bug 1275841 - Remove unnecessary methods and interfaces from nsISecretDecoderRing.idl. r=keeler
1. encrypt() and decrypt() are C++ only.
The only callers are in SecretDecoderRing.cpp, and binary add-ons aren't
supported anymore. So, there is no need for these methods to be defined in the
IDL, and they should be treated as private to the nsISecretDecoderRing
implementation.

2. nsISecretDecoderRingConfig has never been implemented.
The interface and implementation are currently just bloat. If there is a need
for specifying the window for prompts in the future, a better way can be devised
then.

MozReview-Commit-ID: 1wXCDTIBJA2

--HG--
extra : transplant_source : %D7%27%5E3%BF%E9%16%0E%A3%8B%E1%8E%ADj%3F%25%B3i%9Al
2016-08-19 09:37:43 +08:00
Cykesiopka 1f4d5333d5 Bug 1275841 - Move nsISecretDecoderRing.idl from netwerk/ to security/manager/ssl. r=mcmanus
The interfaces defined within have basically nothing to do with Necko.

MozReview-Commit-ID: 5J4D3w61Yry

--HG--
rename : netwerk/base/nsISecretDecoderRing.idl => security/manager/ssl/nsISecretDecoderRing.idl
extra : transplant_source : %AAP%26%5D%DE%ED%F6Q%C4%5Eia%F1%84T%8D%A7E%8Aw
2016-08-19 09:37:38 +08:00
Cykesiopka 986f32c262 Bug 1275841 - Rename nsSDR.(cpp|h) to SecretDecoderRing.(cpp|h). r=keeler
There are currently two ways of naming files containing the implementation of
interface nsIFoo:
1. nsFoo.(cpp|h) (previous convention)
2. Foo.(cpp|h) (new convention)

nsSDR.(cpp|h) matches neither of these. Renaming the files to follow convention
makes it easier to discover what the files implement, and increases codebase
consistency.

MozReview-Commit-ID: 3ThPxPouiie

--HG--
rename : security/manager/ssl/nsSDR.cpp => security/manager/ssl/SecretDecoderRing.cpp
rename : security/manager/ssl/nsSDR.h => security/manager/ssl/SecretDecoderRing.h
extra : transplant_source : %7D%FC%AD%9C%E8%AD%CFz%FE%F2%D6%1E%A0%0A%06sk%3D%AD%AC
2016-08-19 09:36:53 +08:00
Franziskus Kiefer d75c53e790 Bug 1296266 - Land NSS_3_27_BETA1, r=kaie
--HG--
extra : amend_source : 1408228c898d6683a384508ca2154fc9d8895e81
2016-08-19 11:20:21 +02:00
Robert Strong 2719d42c9a Bug 1182352 nsISecurityUITelemetry.idl - Remove custom cert check code from app update. r=dveditz 2016-08-18 10:34:18 -07:00
Sebastian Hengst e50251a747 Backed out changeset 80942fb9a0f1 (bug 1264578) 2016-08-18 17:28:09 +02:00
Cykesiopka a4ee314af5 Bug 1296218 - Clean up PK11PasswordPromptRunnable::RunOnTargetThread(). r=keeler
MozReview-Commit-ID: Bhp192YgldD

--HG--
extra : rebase_source : 918aa393c22cb409265f6e5b004e30f8cceec3fe
2016-08-19 22:16:00 +08:00
Gian-Carlo Pascutto e2d263a0f4 Bug 1296309 - Remove unused syscalls from the seccomp whitelist. r=tedd
MozReview-Commit-ID: BUDRwsuAu0W

--HG--
extra : rebase_source : 9fa3cf044d67ed09e9a6a4cd8c5d5b0023d8077d
2016-08-18 16:56:12 +02:00
Dragana Damjanovic 4cf673afa8 Bug 1264578 - NSS support for http with TLS 1.3. r=keeler
--HG--
extra : rebase_source : ed323e68723ecbe2687dcc23acd279a64225c5ba
2016-08-17 13:57:00 -04:00
Wes Kocher 45575a7f86 Merge m-c to autoland, a=merge
a=release for the webidl hook for a comment-only change

--HG--
extra : amend_source : e590e515ab273d097f88b35be0e5c999502ebdf4
2016-08-16 22:07:30 -07:00
Wes Kocher 48b8d407c8 Merge inbound to central, a=merge
a=release to get around the webidl hook for a comment-only change

--HG--
extra : amend_source : f7e57101e1a25d3cf3536a256898ec2a21c54b38
2016-08-16 17:05:30 -07:00
Nicholas Nethercote ca40b738e4 Bug 1294620 - Use infallible XPIDL attribute getters more. r=erahm.
This makes a lot of code more compact, and also avoids some redundant nsresult
checks.

The patch also removes a handful of redundant checks on infallible setters.

--HG--
extra : rebase_source : f82426e7584d0d5cddf7c2524356f0f318fbea7d
2016-08-12 15:19:29 +10:00
Wes Kocher 2253eb9510 Merge m-c to inbound, a=merge 2016-08-15 14:53:49 -07:00
Wes Kocher d602abb016 Merge inbound to central, a=merge 2016-08-15 14:20:38 -07:00
Igor 175543fda8 Bug 1293384 - Part 2: Rename Snprintf.h header to Sprintf.h. r=froydnj 2016-08-14 23:43:21 -07:00
Igor a57972337d Bug 1293384 - Part 1: Rename snprintf_literal to SprintfLiteral. r=froydnj 2016-08-14 23:44:00 -07:00
Wes Kocher 4aec37ca6e Merge m-c to autoland, a=merge 2016-08-12 16:30:03 -07:00
Jed Davis 10843a73b7 Bug 1290896 - Allow readlink() in desktop Linux content processes. r=gps
Making readlink() always fail with EINVAL (the result of applying it
to a non-symlink) worked on B2G, but this is not the case on desktop.
(Note: originally the idea for the B2G file broker was that it would
ignore symlinks and map lstat to stat, so that behavior for readlink
would have been consistent, but as eventually implemented it does do
lstat as actual lstat.)

In particular, this seems to be causing something in the graphics
library stack to change what GL renderer it uses (?), and on some
systems the presence of the readlink->EINVAL rule causes it to load a
version of the llvmpipe software renderer with a crash bug, instead of
(we assume) some other driver that works.
2016-08-08 14:59:19 -07:00
Cykesiopka cb172720f2 Bug 623917 - Add basic client authentication tests. r=keeler
This patch adds tests for the core aspects of the client authentication code,
mainly to ensure the client auth process even works.

MozReview-Commit-ID: DzV4BuwlrDE

--HG--
extra : rebase_source : 43224d3159964f02b175e8c54491b2cabba2cb8a
2016-08-12 16:36:43 +08:00
Wes Kocher 88bc8189f9 Merge m-c to autoland, a=merge 2016-08-15 14:54:25 -07:00
Cykesiopka 9529f2321e Bug 1294011 - Obviate manual calls to SECITEM_FreeItem() in PSM. r=keeler
MozReview-Commit-ID: 7RNV0YNraBx

--HG--
extra : rebase_source : bd4c8981b52e3f5a504fc09958872415cf757eff
2016-08-13 21:45:00 +08:00
Haik Aftandilian f796c32cc7 Bug 1286480 - [10.12] Widevine CDM always crashes on Amazon since upgrade to macOS Sierra. r=gcp
Allow /System/Library/PrivateFrameworks/ to be read from the from the plugin sandbox.

--HG--
extra : rebase_source : 8b71b7daed4792d8ce67131819c90acb2f5891ea
2016-08-11 00:57:52 -07:00
Wes Kocher fa1a1180c4 Merge autoland to central, a=merge 2016-08-10 16:29:26 -07:00
Gian-Carlo Pascutto c53a105dc7 Bug 1288410 - Basic implementation of AddDir and recursive Lookup. r=tedd
MozReview-Commit-ID: 36jAPfm29LO

--HG--
extra : rebase_source : 5eb2a9b02ad3c40375b9a4d9b3f38d75932e29b1
2016-08-10 15:09:58 +02:00
Nicholas Nethercote e7f10a07fd Bug 1293603 (part 2) - Make Run() declarations consistent. r=erahm.
This patch makes most Run() declarations in subclasses of nsIRunnable have the
same form: |NS_IMETHOD Run() override|.

As a result of these changes, I had to add |override| to a couple of other
functions to satisfy clang's -Winconsistent-missing-override warning.

--HG--
extra : rebase_source : 815d0018b0b13329bb5698c410f500dddcc3ee12
2016-08-08 12:18:10 +10:00