ffxbld
e95c193a16
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-20 10:37:28 -08:00
Haik Aftandilian
4e95d558ac
Bug 1404298 - Crashes with read-access content sandboxing triggered by mounted volumes. r=Alex_Gaynor
...
Allow read-metadata access to top-level directory entries.
MozReview-Commit-ID: 1Q7QXN2gX36
--HG--
extra : rebase_source : 86e3cc1906bb805e158c70c703ec204f11452199
2017-12-18 12:58:30 -08:00
Michal Novotny
32a0630b56
Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841.vr=honzab
...
Initialize in advance all security services whose initialization on background thread could cause a deadlock.
--HG--
extra : rebase_source : 399f9acf736f9a06665d45a71b354076c1b85fa6
2017-12-19 21:08:15 -05:00
Bogdan Tara
9ac9aa3461
Merge mozilla-central to inbound. r=merge a=merge on a CLOSED TREE
2017-12-20 00:17:00 +02:00
ffxbld
f64b319956
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-19 10:36:42 -08:00
ffxbld
f3af52924b
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-19 10:36:38 -08:00
Franziskus Kiefer
da627bdc03
Bug 1420060 - land NSS 04fc9a90997b UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: 5VMV4wtzMKA
--HG--
extra : rebase_source : 43ea63a50d243bcc46fbae3b65f5d117e8fba771
2017-12-19 15:26:12 +01:00
Csoregi Natalia
0393c9235f
Backed out changeset 8a71f6e05783 (bug 1393287) for Hazard Build Bustage. r=backout on a CLOSED TREE
2017-12-19 02:49:50 +02:00
Jed Davis
b99c2f8096
Bug 1393287 - Intercept sigaction() to fix signal masks for sandboxing. r=gcp
...
Also changes gSeccompTsyncBroadcastSignum to an atomic, in case these
wrappers race with starting the sandbox, and optimizes the wrappers
slightly by avoiding unnecessary copying of signal sets or sigactions.
Tested by manaully LD_PRELOADing libmozsandbox in the parent process,
because it already has a few signal handlers with block-by-default
masks.
MozReview-Commit-ID: CiHsA6rOCrQ
--HG--
extra : rebase_source : 43c52a1169d6f510c3dc83143736b9be7ed7141d
2017-12-08 17:31:07 -07:00
Jed Davis
7dcac56405
Bug 1422198 - Log about failure to send a sandbox broker reply. r=gcp
...
MozReview-Commit-ID: eDcoMHGFxo
--HG--
extra : rebase_source : 6033f39a290b7b3dcbcebfaa8712e838e63fc09e
2017-12-08 14:43:36 -07:00
ffxbld
869f194506
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-17 10:58:36 -08:00
ffxbld
c9d95edd9f
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-17 10:58:33 -08:00
ffxbld
0e3e215a27
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-16 10:39:43 -08:00
ffxbld
d762c29622
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-16 10:39:40 -08:00
David Keeler
27da53bcf6
bug 1425032 - use new "cancel all connections" notification for PKCS#11 logout r=mgoodwin
...
When the user performs a PKCS#11 logout, we need to cancel all in-progress
network connections. Before this patch, PSM would track all the sockets it
created to implement this feature. However, bug 1411316 added the ability to
cancel these connections by sending the notification
"net:cancel-all-connections". This patch removes the now-unnecessary tracking
machinery in favor of delegating this to necko.
MozReview-Commit-ID: 7IzC14bH2R4
--HG--
extra : rebase_source : 57ff2121a2395cb2b012785ec3a11f75d923e675
2017-12-13 17:41:02 -06:00
ffxbld
eea8fcf5e8
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-12-15 11:20:42 -08:00
ffxbld
cce9ab656b
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-12-15 11:20:38 -08:00
ffxbld
e5088d2dbb
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-15 11:02:59 -08:00
ffxbld
b18ce43492
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-15 11:02:55 -08:00
Narcis Beleuzu
b73dac9611
Merge autoland to mozilla-central. r=merge a=merge on a CLOSED TREE
2017-12-15 03:43:08 +02:00
ffxbld
4c5305936a
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-12-14 11:19:41 -08:00
ffxbld
96bf1438a5
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-12-14 11:19:38 -08:00
ffxbld
7fccec6502
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-14 10:39:44 -08:00
ffxbld
5d995473be
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-14 10:39:40 -08:00
David Keeler
95159e1851
bug 1424392 - remove unnecessary nsINSSComponent usage in nsNSSCallbacks r=mgoodwin
...
PK11PasswordPromptRunnable::RunOnTargetThread instantiates nsINSSComponent and
calls GetPIPNSSBundleString/PIPBundleFormatStringFromName to get some localized
strings. Since that runs on the main thread, we can call the helpers in
nsNSSCertHelper instead.
MozReview-Commit-ID: GsHoGDKBKdB
--HG--
extra : rebase_source : 7c18498ad0d01ab01f6e7d8c3d2ccdb1d6e20734
2017-12-08 14:07:04 -08:00
Csoregi Natalia
1134c27c23
Merge mozilla-central to autoland. r=merge a=merge CLOSED TREE
2017-12-14 00:15:40 +02:00
ffxbld
c958fc3b7b
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-12-13 12:01:21 -08:00
ffxbld
1377bf03a3
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-12-13 12:01:17 -08:00
ffxbld
354a4163c6
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-13 11:24:25 -08:00
ffxbld
2db6eb28d0
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-13 11:24:21 -08:00
Alex Gaynor
bf2d3984cb
Bug 1424942 - Remove fallback code for old macOS releases in the sandbox policy; r=haik
...
MozReview-Commit-ID: LCU4TWNMs8T
--HG--
extra : rebase_source : b01ba6c163da653717c9201cba70b89540676330
2017-12-12 14:58:46 -06:00
Margareta Eliza Balazs
4551f2e31e
Merge inbound to mozilla-central r=merge a=merge
2017-12-12 23:58:36 +02:00
ffxbld
01c7631757
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-12-12 12:10:25 -08:00
ffxbld
561b61d3ff
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-12-12 12:10:21 -08:00
ffxbld
fc20a5a0ab
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-12 11:23:12 -08:00
ffxbld
4338c47957
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-12 11:23:09 -08:00
ffxbld
7a8fc93f68
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-12-11 12:07:39 -08:00
ffxbld
00d93b43c8
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-12-11 12:07:35 -08:00
ffxbld
cba1cda89a
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-11 11:37:07 -08:00
ffxbld
2077079b20
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-11 11:37:03 -08:00
Andrea Marchesini
b32bea6044
Bug 1424809 - Get rid of NS_NewPostDataStream, r=valentin
2017-12-12 06:01:17 -06:00
cku
07e7f9f727
Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt
...
MozReview-Commit-ID: 6ED7EPZvOMR
--HG--
extra : rebase_source : d8ddd2bb3551cf25c0f18151c4340e1f48d659ca
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
2017-10-18 20:52:45 +08:00
ffxbld
7b5a586bff
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-12-10 12:02:11 -08:00
ffxbld
20053f4730
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-12-10 12:02:07 -08:00
ffxbld
4d1e04053a
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-10 11:22:34 -08:00
ffxbld
31d8adf7f1
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-10 11:22:30 -08:00
Andreea Pavel
5ba2665757
Merge inbound to mozilla-central r=merge a=merge
2017-12-09 22:21:17 +02:00
ffxbld
317996d0b6
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-12-09 12:01:49 -08:00
ffxbld
0aba3da0bd
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-12-09 12:01:45 -08:00
ffxbld
b6ea2cfac7
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-12-09 11:07:05 -08:00
ffxbld
90b3db49cd
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-12-09 11:07:01 -08:00
Gurzau Raul
096b0974bc
Merge autoland to mozilla-central r=merge a=merge
2017-12-08 23:56:46 +02:00
ffxbld
8f7724e963
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-12-08 12:00:55 -08:00
ffxbld
ab5cafe292
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-12-08 12:00:51 -08:00
ffxbld
4d2f167f48
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-12-08 11:11:49 -08:00
ffxbld
2582928f13
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-12-08 11:11:46 -08:00
Eric Rahm
6058ba50a3
Bug 1423798 - Remove headers included for backwards compat in nsString.h. r=njn on a CLOSED TREE
...
Remove the headers included for "backwards compatibility" and just include them
where required.
--HG--
extra : source : e2beba7e6875120ebbbcadf24bcbcb5b86411a94
extra : amend_source : 11f07a27431cd468511f0bd45afe36150c6e342c
2017-12-06 19:36:57 -08:00
Csoregi Natalia
f488657fbd
Backed out changeset e2beba7e6875 (bug 1423798) for failing Browser Chrome tests browser_temporary_permissions_expiry.js on Windows 7 debug. r=backout on a CLOSED TREE
2017-12-09 07:23:35 +02:00
Gurzau Raul
0fcc1a37e6
Merge mozilla-central to mozilla-inbound. r=merge a=merge CLOSED TREE
2017-12-09 00:57:59 +02:00
Eric Rahm
74880b3483
Bug 1423798 - Remove headers included for backwards compat in nsString.h. r=njn
...
Remove the headers included for "backwards compatibility" and just include them
where required.
--HG--
extra : rebase_source : 03e703a81ed4b80f4f116ff36d8787464ce5acba
2017-12-06 19:36:57 -08:00
shindli
2f09c0a994
Merge mozilla-central to inbound. r=merge a=merge CLOSED TREE
2017-12-08 00:26:07 +02:00
shindli
0bed6b5d6d
Merge inbound to mozilla-central r=merge a=merge
2017-12-08 00:12:14 +02:00
ffxbld
8e05423bf3
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-12-07 12:05:58 -08:00
ffxbld
62f9cfe3ca
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-12-07 12:05:54 -08:00
ffxbld
10287820a9
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-07 11:18:38 -08:00
ffxbld
e88025e01c
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-07 11:18:34 -08:00
Andreea Pavel
89531e8dc3
Backed out 9 changesets (bug 1412456) for crashing talos g2 and unexpected network connections in browser-chrome's browser_searchEngine_behaviors.js r=backout a=backout on a CLOSED TREE
...
Backed out changeset 0c01a98f4fd5 (bug 1412456)
Backed out changeset 27077db47231 (bug 1412456)
Backed out changeset f35ec2a884f8 (bug 1412456)
Backed out changeset 602b30ac3c69 (bug 1412456)
Backed out changeset b1ff1050c589 (bug 1412456)
Backed out changeset f100d953f9eb (bug 1412456)
Backed out changeset d85af60fe259 (bug 1412456)
Backed out changeset 736f38486832 (bug 1412456)
Backed out changeset 13a637602dc2 (bug 1412456)
2017-12-07 12:20:21 +02:00
Bob Owen
8ba04e79f9
Bug 1422053: Create Windows sandbox sLaunchErrors hashtable on the main thread. r=aklotz
2017-12-07 09:07:43 +00:00
Bill McCloskey
9f4d083047
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-07 12:55:24 -08:00
Bob Owen
cd83addd77
Bug 1395187: Use STARTF_FORCEOFFFEEDBACK flag when starting Windows child processes to prevent app starting cursor. r=jimm
2017-12-07 10:24:38 +00:00
Bill McCloskey
bef7c122df
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-06 21:17:05 -08:00
Dorel Luca
eb65c24c7b
Backed out 8 changesets (bug 1412456) for ESlint failure on browser_urlbarKeepStateAcrossTabSwitches.js:13:49 r=backout on a CLOSED TREE
...
Backed out changeset 0e88de036c55 (bug 1412456)
Backed out changeset 49b93f807db0 (bug 1412456)
Backed out changeset 039e980b7dc6 (bug 1412456)
Backed out changeset c7698410ddbd (bug 1412456)
Backed out changeset e56a1ba26b7c (bug 1412456)
Backed out changeset 0c4506e124ac (bug 1412456)
Backed out changeset a7aec2ce903b (bug 1412456)
Backed out changeset 3e9fb71f1e8e (bug 1412456)
2017-12-07 07:09:33 +02:00
Bob Owen
e19c11cd2a
Bug 1423296: Don't use MITIGATION_IMAGE_LOAD_NO_LOW_LABEL when running from a network drive. r=jimm
2017-12-08 19:00:54 +00:00
Bill McCloskey
be77cf4a01
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-06 20:46:58 -08:00
Dorel Luca
777fa218a9
Backed out changeset 4928928a5e46 (bug 1417680) for leaks detected by valgrind r=backout on a CLOSED TREE
...
--HG--
extra : amend_source : 48d7d6291b7f1e68cc554caa3374cda326d17681
2017-12-07 02:14:25 +02:00
David Keeler
094791c2d0
bug 1417680 - explore the feasibility of not shutting down NSS by no-op-ing the guts of the shutdown infrastructure r=jcj r=franziskus
...
Adapted from https://wiki.mozilla.org/SecurityEngineering/NSS_Startup_and_Shutdown_in_Gecko :
Properly implementing the coordinated shutdown of NSS has, to date, proved
intractable. For architectural reasons and due to the significant complexity
involved, the NSS resource tracking and shutdown infrastructure has been an
ongoing source of crashes and hangs in Firefox. To that end, we have been
exploring the possibility of not shutting down NSS at all. For this to work, we
have had to address a number of potential concerns.
Certificate and key database corruption: In theory, if Firefox were to exit
without coordinating with NSS, data stored in the certificate and key databases
(backed by BerkeleyDB) could be lost. To mitigate this, we have migrated to
using the sqlite-backed implementation. The databases are now journaled, and
short of a bug in sqlite, we do not anticipate data loss due to database
corruption.
PKCS#11 devices: In theory, if Firefox were to exit without coordinating with
NSS and thus any attached PKCS#11 devices, data could be lost on these devices.
However, it is our understanding that these devices must be robust against
unexpected physical removal. Uncoordinated shutdown should present no worse a
risk to user data.
FIPS 140-2 mode: While Mozilla does not ship a version of Firefox that supports
FIPS mode out of the box, Red Hat does. It is our understanding that clearing
key material is a requirement of FIPS and that not shutting down NSS may pose a
problem for this requirement. Red Hat's FIPS 140-2 Security Policy[0] specifies
that the application (i.e. Firefox) using the module (i.e. NSS) is responsible
for zeroization of key material. More specifically, it says "All plaintext
secret and private keys must be zeroized when the Module is shut down (with a
FC_Finalize call), reinitialized (with a FC_InitToken call), or when the session
is closed (with a FC_CloseSession or FC_CloseAllSessions call)." Thus, if
Firefox never shuts down NSS, this requirement is trivially met.
Leak detection: By not shutting down NSS, technically we leak some allocated
memory until shutdown. This could cause problems if our test infrastructure
detected and reported these leaks. However, it appears not to (which itself is
somewhat concerning). In any case, we will have to deal with this if and when we
can detect these leaks.
Given that these concerns all have at least a preliminary answer, we will move
forward with attempting to not shut down NSS in Firefox. This may expose
unexpected issues that may lead to a reassessment of the situation, so this will
be on a trial basis only in Nightly.
[0] https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3070.pdf
MozReview-Commit-ID: LjgEl1UZqkC
--HG--
extra : rebase_source : 99bf715f7f6566ec92ca763eefdbd8d2f69d2ba2
extra : amend_source : d4177cc87f54fccbd49312feef7e29b77bf01432
2017-11-10 15:03:23 -08:00
Dorel Luca
ada131e8c5
Merge autoland to mozilla-central r=merge a=merge
2017-12-06 23:57:33 +02:00
ffxbld
638c4fcef4
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-06 12:06:18 -08:00
ffxbld
d4149255ed
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-06 12:06:14 -08:00
ffxbld
283abf5e1b
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-12-06 11:12:09 -08:00
ffxbld
7711ad2f7d
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-12-06 11:12:06 -08:00
Francesco Lodolo (:flod)
0b2047cb81
Bug 320231 - Update localization notes for length-limited PKCS#11 strings in pipnss.properties r=Pike
...
MozReview-Commit-ID: 11iUjRi8eUX
--HG--
extra : rebase_source : 029f6e8a06a0d2903297d1726352c584f69ce69d
2017-12-06 12:11:59 +01:00
Tristan Bourvon
1d42ce1f7b
Bug 1412646 - Initialize some uninitialized fields in security/manager/ r=keeler
...
MozReview-Commit-ID: HGj8xw5Uq6j
--HG--
extra : rebase_source : 8c9bd7b966bfdead6244c71642a843e8b9e507ff
2017-10-31 11:04:40 +01:00
Narcis Beleuzu
1f7fdd5826
Merge mozilla-central to inbound. r=merge a=merge on a CLOSED TREE
2017-12-06 01:49:19 +02:00
ffxbld
4df7f01104
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-12-05 12:00:21 -08:00
ffxbld
276f13a7ec
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-12-05 12:00:17 -08:00
ffxbld
fdadcd5373
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-05 11:21:42 -08:00
ffxbld
1516337050
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-05 11:21:38 -08:00
shindli
2e08acdf88
Merge inbound to mozilla-central r=merge a=merge
2017-12-05 11:58:51 +02:00
shindli
7c657fc158
Merge autoland to mozilla-central r=merge a=merge
2017-12-05 11:57:21 +02:00
ffxbld
795d7ec557
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2017-12-04 15:45:48 -08:00
ffxbld
8294b83561
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2017-12-04 15:45:44 -08:00
ffxbld
2dd6a8b4ce
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-04 11:15:44 -08:00
ffxbld
28bd5a677f
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-04 11:15:40 -08:00
ffxbld
5fa824ebb0
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-12-03 11:42:48 -08:00
ffxbld
423369169d
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-12-03 11:42:45 -08:00
ffxbld
fd3700d56b
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-03 11:03:49 -08:00
ffxbld
c321b37eee
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-03 11:03:45 -08:00
EKR
477ac066b5
Bug 1422156 - Update tlsFlags to change 0x40 to be compat mode rather than 7e02 handshake. r=keeler
...
Reviewers: keeler
Reviewed By: keeler
Subscribers: mcmanus
Bug #: 1422156
Differential Revision: https://phabricator.services.mozilla.com/D306
2017-12-02 17:18:33 -08:00
manikishan
8752d4637d
Bug 1198481 - Fixed typo 'id_pk_serverAuth' to 'id_kp_serverAuth'. r=keeler
2017-12-02 18:03:18 +05:30
David Keeler
e6fe3285be
bug 1421816 - (2/2) add option to sign_app.py to include COSE signatures r=franziskus
...
MozReview-Commit-ID: H7ZLCsH9HrJ
--HG--
extra : rebase_source : 143ac8bdac4cf000809ada4560382bb9ed582b55
extra : histedit_source : fbb72d143a54fa1cd79af560d515068dcc4610ab
2017-11-29 13:37:42 -08:00
ffxbld
1aeab12df2
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-12-02 11:45:05 -08:00
ffxbld
932f702aac
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-12-02 11:45:01 -08:00
ffxbld
8466d82737
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-02 11:01:49 -08:00
ffxbld
2955ac7f1c
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-02 11:01:45 -08:00
David Keeler
36f5d05cd8
bug 1397837 - remove vestigial references to "code signing" from PSM r=Cykesiopka,snorp
...
As of bug 1257362, the platform does not verify code signing certificates in
general, so anything involving the code signing trust of certificates can go.
MozReview-Commit-ID: 9g9kM62xfYZ
--HG--
extra : rebase_source : 5bec64e5f451c8433aff0de82a91f7bd54c24608
2017-12-01 16:16:20 -08:00
David Keeler
a92c339a33
bug 1424085 - add owning handles so cert references don't leak in IsCertificateDistrustImminent r=jcj
...
nsIX509Cert::GetCert() returns a CERTCertificate whose reference count has
already been increased. Before this patch, when IsCertificateDistrustImminent
called CertDNIsInList(rootCert->GetCert(), RootSymantecDNs) and
CertDNIsInList(aCert->GetCert(), RootAppleAndGoogleDNs), the reference count on
those certificates would never get a corresponding decrement, so we would keep
those certificates alive until shut down. A reasonable and consistent solution
is to introduce a UniqueCERTCertificate handle in each case to own the
reference.
The status of this fix can be verified by setting MOZ_LOG="pipnss:4", running
Firefox, connecting to any host, and then shutting down. If an NSS resource
reference has been leaked, "[Main Thread]: E/pipnss NSS SHUTDOWN FAILURE" will
be in the console output. Otherwise,
"[Main Thread]: D/pipnss NSS shutdown =====>> OK <<=====" will be in the console
output.
This patch also removes nsIX509CertList::DeleteCert because it would also leak a
reference. Luckily, nothing was using it.
This patch also clarifies the implementation of nsIX509CertList::AddCert by
making the ownership transfers explicit.
MozReview-Commit-ID: 2qHo3DmhTPz
--HG--
extra : rebase_source : 42cd42d082431b4637733d8f94fcd560bdea8a44
2017-12-07 15:08:43 -08:00
Jed Davis
7e9b75f531
Bug 1409895 - Deny getcwd in the Linux content process sandbox. r=gcp
...
getcwd won't do anything useful once we start chroot()ing to remove
filesystem access; with this patch it will at least fail the same way
regardless of whether user namespaces are available or if other factors
prevent complete FS isolation.
Bonus fix: improve the comments for this group of syscalls.
MozReview-Commit-ID: KueZzly2mlO
--HG--
extra : rebase_source : a6b5dbebbc4d2477909d46085499f2648091b94c
2017-11-20 10:47:54 -07:00
Sylvestre Ledru
a9961096c0
Bug 1394734 - Simplify various corner cases r=glandium
...
MozReview-Commit-ID: 4s4JdXZPvmv
--HG--
extra : rebase_source : c8f663c99442d41db5f81ac5fe1aa1f47fd5ed82
2017-12-07 22:10:19 +01:00
Sylvestre Ledru
4591d82b23
Bug 1394734 - Replace CONFIG['CLANG*'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: HbF5oT5HW6f
--HG--
extra : rebase_source : eca479b6ae4bff7f600d1cdb39e11ac2057e4e79
2017-12-07 22:09:38 +01:00
Sylvestre Ledru
5de63ef061
Bug 1394734 - Replace CONFIG['MSVC'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: 5orfnoude7h
--HG--
extra : rebase_source : 1ed9a6b56e1d27221a07624767a7fb0e6147117f
2017-12-08 13:46:13 +01:00
Sylvestre Ledru
9bfe27d903
Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: 7duJk2gSd4m
--HG--
extra : rebase_source : 7312fe276e561e8c034a5f6749774ae812727f9c
2017-12-07 22:09:15 +01:00
Cosmin Sabou
79d933ec34
Backed out 22 changesets (bug 1399787) for shutdown leaks on windows 7 debug tc-M without e10s r=backout on a CLOSED TREE
...
Backed out changeset 463d676df5da (bug 1399787)
Backed out changeset fc9776a2605d (bug 1399787)
Backed out changeset 2e91a90dfbc3 (bug 1399787)
Backed out changeset e82ab72f71ee (bug 1399787)
Backed out changeset d7fef200e8b9 (bug 1399787)
Backed out changeset a7d70f7f3335 (bug 1399787)
Backed out changeset 2800f9d20d96 (bug 1399787)
Backed out changeset 9dfa404abf9d (bug 1399787)
Backed out changeset 09b3c172a01e (bug 1399787)
Backed out changeset f9fd3e750636 (bug 1399787)
Backed out changeset 01284c55bf8a (bug 1399787)
Backed out changeset c2ab1b454283 (bug 1399787)
Backed out changeset e7bfa51404c5 (bug 1399787)
Backed out changeset 3fd2a734f887 (bug 1399787)
Backed out changeset ef21f295db3f (bug 1399787)
Backed out changeset c186893ce0fc (bug 1399787)
Backed out changeset 323da3bddaaa (bug 1399787)
Backed out changeset 3b89f189edff (bug 1399787)
Backed out changeset a47bd86c35ee (bug 1399787)
Backed out changeset 558526301a4c (bug 1399787)
Backed out changeset baa99fb50ba9 (bug 1399787)
Backed out changeset 6d82ed0ba805 (bug 1399787)
2017-12-08 13:09:56 +02:00
Brindusan Cristian
5b9ee89503
Merge mozilla-central to autoland a=merge r=merge on a CLOSED TREE
2017-12-08 12:06:24 +02:00
cku
d70af3d034
Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt
...
MozReview-Commit-ID: 6ED7EPZvOMR
--HG--
extra : rebase_source : 60e6d103573436d923f8b2b00c70cb2a4a7986df
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
2017-10-18 20:52:45 +08:00
Jed Davis
5161a86c36
Bug 1401062 - Delete the old namespace/chroot code and reorganize sandbox init. r=gcp
...
This is mostly deletion, except for SandboxEarlyInit. The unshare()
parts are going away, and the "unexpected threads" workaround can go away
along with them, but the signal broadcast setup still needs to happen
early so we can prevent blocking the signal.
So, SandboxEarlyInit's contract changes slightly from "call before
any other threads exist" to "before any threads that might block all
signals", and everything that can be deferred to immedately before
sandbox startup is. As a result, some getenv()s change to PR_GetEnv
because there can be threads, and there is now an NSPR dependency.
(This may mean that mozglue can no longer interpose symbols in NSPR,
because libmozsandbox is preloaded, but I don't think we're doing that.)
MozReview-Commit-ID: 7e9u0qBNOqn
--HG--
extra : rebase_source : 1a8442f7e0e26231ecf01b19078433d1b5b2763c
2017-08-31 20:38:25 -06:00
Brindusan Cristian
5bedf1df18
Merge autoland to mozilla-central r=merge a=merge
2017-11-30 23:51:58 +02:00
ffxbld
6eac8dccfc
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-11-30 11:03:17 -08:00
ffxbld
39509ef8f2
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-11-30 11:03:13 -08:00
ffxbld
9175066393
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-11-30 10:49:34 -08:00
ffxbld
83f995c0a0
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-11-30 10:49:30 -08:00
ffxbld
8b1f82ef39
No bug, Automated HPKP preload list update from host bld-linux64-spot-320 - a=hpkp-update
2017-11-29 11:07:42 -08:00
ffxbld
d471604f22
No bug, Automated HSTS preload list update from host bld-linux64-spot-320 - a=hsts-update
2017-11-29 11:07:38 -08:00
ffxbld
2b8c0a2be5
No bug, Automated HPKP preload list update from host bld-linux64-spot-341 - a=hpkp-update
2017-11-29 10:13:03 -08:00
ffxbld
73f3ea227b
No bug, Automated HSTS preload list update from host bld-linux64-spot-341 - a=hsts-update
2017-11-29 10:12:59 -08:00
Dorel Luca
b3d418aa6c
Merge autoland to mozilla-central r=merge a=merge
2017-11-29 12:09:11 +02:00
ffxbld
f54d52a50d
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-28 11:45:43 -08:00
ffxbld
61c54f501b
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-28 11:45:40 -08:00
ffxbld
d7a19d2216
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-28 10:46:06 -08:00
ffxbld
812cb244f0
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-28 10:46:03 -08:00
David Keeler
13b5a0e017
bug 1421413 - add a preference to control which add-on signature algorithms are valid r=jcj
...
MozReview-Commit-ID: EwkpY9ADAtw
--HG--
extra : rebase_source : 7fce75b0ff7b42057840df0450d97ce840a69c89
2017-11-28 14:24:11 -08:00
Alex Gaynor
52d69a63ca
Bug 1421372 - simplify the macOS content sandbox rules by splitting the file process rules out; r=haik
...
MozReview-Commit-ID: GJukCOAyE10
--HG--
extra : rebase_source : 7bfdd02482d45e72a785ec2abe2260577238406d
2017-11-28 14:06:06 -05:00
ffxbld
a04e49663b
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-27 11:34:28 -08:00
ffxbld
f5bdc50a83
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-27 11:34:24 -08:00
ffxbld
5fd51d8f5b
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-27 11:04:50 -08:00
ffxbld
6c2b138c87
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-27 11:04:46 -08:00
ffxbld
899f55bc70
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-26 11:29:24 -08:00
ffxbld
b7e36e0dad
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-26 11:29:20 -08:00
ffxbld
a1b8503be3
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-26 10:57:54 -08:00
ffxbld
ad8f2d950c
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-26 10:57:51 -08:00
ffxbld
fde154d757
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-25 11:31:33 -08:00
ffxbld
b75d3913b0
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-25 11:31:30 -08:00
ffxbld
24ce5b57e7
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-25 10:49:45 -08:00
ffxbld
80fa133054
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-25 10:49:41 -08:00
Ciure Andrei
327405164b
Merge inbound to mozilla-central r=merge a=merge
2017-11-25 00:04:02 +02:00
ffxbld
b8d5e9b625
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-24 11:37:55 -08:00
ffxbld
1f4c6721e4
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-24 11:37:51 -08:00
ffxbld
75089cd8b7
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-24 11:00:34 -08:00
ffxbld
a29abc7f7d
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-24 11:00:30 -08:00
Franziskus Kiefer
5083a36782
Bug 1420060 - FIPS can no longer be toggled in Firefox with the builtin NSS, r=ttaubert
...
MozReview-Commit-ID: 5lgEBiFozSG
Differential Revision: https://phabricator.services.mozilla.com/D282
--HG--
extra : rebase_source : 795b81b79f5c407cbfed3c0607c479d9880f0deb
2017-11-24 09:01:49 +01:00
Franziskus Kiefer
34900c8a57
Bug 1420060 - land NSS ceb8b9290b35 UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: KprUV50uNDs
--HG--
extra : rebase_source : d67b83423351ac6581889cc95ec979a6f12adc07
2017-11-24 09:00:26 +01:00
Gurzau Raul
21905d169e
Merge mozilla-central to mozilla-inbound. r=merge a=merge CLOSED TREE
2017-11-24 00:38:13 +02:00
Tiberius Oros
da0a72a9d7
Merge inbound to mozilla-central r=merge a=merge
2017-11-24 00:28:29 +02:00
ffxbld
7ede3e4787
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-23 11:37:49 -08:00
ffxbld
eb15ed90ea
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-23 11:37:46 -08:00
ffxbld
4018e652ff
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-23 10:42:06 -08:00
ffxbld
ce8ed40893
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-23 10:42:02 -08:00
Cosmin Sabou
a5d613086a
Merge mozilla-inbound to mozilla-central r=merge a=merge
2017-11-23 11:42:46 +02:00
Franziskus Kiefer
7b10164f9f
Bug 1403840 - add cose rust lib with a test, r=keeler,ttaubert
...
Summary:
This adds the COSE rust library from https://github.com/franziskuskiefer/cose-rust with its C API from https://github.com/franziskuskiefer/cose-c-api to gecko with a basic test.
The COSE library will be used for verifying add-on signatures in future.
Reviewers: keeler, ttaubert
Reviewed By: keeler
Bug #: 1403840
Differential Revision: https://phabricator.services.mozilla.com/D232
--HG--
extra : rebase_source : 433ca6894d88ccda333bfac53507eba4e84924fb
2017-11-22 16:37:15 +01:00
shindli
a0b20fcb81
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-22 23:42:02 +02:00
shindli
82254ca1cf
Merge inbound to mozilla-central r=merge a=merge
2017-11-22 23:29:44 +02:00
ffxbld
ad970571e9
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-22 11:38:06 -08:00
ffxbld
013da9f3f3
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-22 11:38:02 -08:00
ffxbld
2795ad9547
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-11-22 10:46:15 -08:00
ffxbld
36b4732f5f
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-11-22 10:46:12 -08:00
Michal Novotny
96f9c8ac5c
Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841 . r=ttaubert
...
EnsureNSSInitializedChromeOrContent() sends sync event to main thread from non-main thread even if it's already initialized. This can make fix at https://searchfox.org/mozilla-central/rev/919dce54f43356c22d6ff6b81c07ef412b1bf933/netwerk/protocol/http/nsHttpHandler.cpp#2105 inefficient and can lead to a deadlock.
--HG--
extra : rebase_source : 18333d17e1d959accd667c8ce25a20ea51c15266
2017-11-22 12:46:08 -05:00
Gabriele Svelto
80fbb39861
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
...
MozReview-Commit-ID: CfPBvffjEhq
--HG--
extra : rebase_source : 51c522746b48f0819b926607ceebf7d070df4ffd
2017-10-10 15:25:39 +02:00
ffxbld
5fbf717e5b
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-21 11:48:53 -08:00
ffxbld
d05982f0f1
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-21 11:48:49 -08:00
ffxbld
511b2cf5e6
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-21 11:14:55 -08:00
ffxbld
cf7bf94e79
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-21 11:14:52 -08:00
ffxbld
cde731d2d0
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-20 11:37:26 -08:00
ffxbld
d7e570ab96
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-20 11:37:22 -08:00
ffxbld
21d7bcc344
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-20 10:57:37 -08:00
ffxbld
2fb6a219c1
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-20 10:57:34 -08:00
Bogdan Tara
b3f0c3ded3
Merge mozilla-central to autoland. r=merge a=merge on a CLOSED TREE
2017-11-20 00:17:43 +02:00
ffxbld
c21102410d
No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update
2017-11-19 11:40:51 -08:00
ffxbld
502a538775
No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update
2017-11-19 11:40:47 -08:00
ffxbld
3fc5579f87
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-11-19 10:55:01 -08:00
ffxbld
6b1e59b641
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-11-19 10:54:58 -08:00
Gurzau Raul
79f64eb568
Merge inbound to mozilla-central r=merge a=merge
2017-11-18 22:48:47 +02:00
ffxbld
22b9cb8f84
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-11-18 11:41:00 -08:00
ffxbld
2d07f0f683
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-11-18 11:40:56 -08:00
ffxbld
973e21879e
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-18 11:05:10 -08:00
ffxbld
aa9e3a35ac
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-18 11:05:07 -08:00
Tooru Fujisawa
b0ee34bea3
Bug 1416466 - Wait for the next event tick before resolving Promise for onload event in tests in security/manager/ssl/tests/mochitest/browser/. r=mossop
2017-11-18 22:57:18 +09:00
Gian-Carlo Pascutto
34be833347
Bug 1416016 - Add ../config to the sandbox whitelist for older Mesa. r=jld
...
MozReview-Commit-ID: KahivmVJR1l
--HG--
extra : rebase_source : 7d77f0ee77813a1214cfa5bc618b57c3208443c3
2017-11-17 15:23:28 +01:00
Gian-Carlo Pascutto
c979b7a21f
Bug 1416808 - Add "$XDG_DATA_(HOME|DIRS)"/fonts to the sandbox whitelist. r=jld
...
MozReview-Commit-ID: DwwltKQg8x4
--HG--
extra : rebase_source : e92b60e320bb26e66bfb38039f141ec83a34fff7
2017-11-17 15:45:11 +01:00
Noemi Erli
696ac83de9
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-18 02:55:06 +02:00
Noemi Erli
1d5be20b0d
Merge autoland to mozilla-central r=merge a=merge
2017-11-18 00:00:22 +02:00
ffxbld
4f3980082f
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-17 11:41:51 -08:00
ffxbld
794ea08b42
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-17 11:41:47 -08:00
ffxbld
4da78d1a66
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-17 11:02:48 -08:00
ffxbld
8591b856f3
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-17 11:02:45 -08:00
Bob Owen
5a64c2aeb7
Bug 1417959: Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm
2017-11-16 18:10:00 +00:00
David Keeler
cdac966d1b
bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
...
MozReview-Commit-ID: 2qoJz5gDPyY
--HG--
extra : rebase_source : 89ccda87138ac02004d290f621e9d53dcddc08ff
2017-11-15 15:24:58 -08:00
David Keeler
68dd6026ab
bug 1418135 - asynchronously determine the chain to display in the details pane of the certificate viewer r=mgoodwin
...
The current certificate viewer uses "getChain" to determine what chain to show
in the details pane. This is problematic for a number of reasons including a)
it's synchronous (and potentially slow) and b) getChain may return something
almost entirely quite unlike any actual trusted path (see bug 1004580 comment
0).
This won't fix the whole problem (whatever's opening the certificate viewer
should really be passing in the chain itself), but that's hard, so this would at
least change the determination to be asynchronous and at least won't result in
something completely bogus.
MozReview-Commit-ID: J9uqRgxL52j
--HG--
extra : rebase_source : 0cb0a02564f7d962a57af90a9d1177ff41f064fe
2017-11-16 15:48:47 -08:00
Brindusan Cristian
cdb95907ba
Merge mozilla-central to autoland r=merge a=merge on a CLOSED TREE
2017-11-16 00:41:40 +02:00
Brindusan Cristian
d0a4ab96a0
Merge inbound to mozilla-central r=merge a=merge
2017-11-16 00:24:15 +02:00
ffxbld
6c10f7d914
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-15 11:31:52 -08:00
ffxbld
393e147523
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-15 11:31:48 -08:00
ffxbld
dd02544d02
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-15 10:54:33 -08:00
ffxbld
bab5f228d3
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-15 10:54:29 -08:00
Jonathan Kew
304ec4c15e
Bug 1417420 - Add the path used by FontAgent to the sandbox rules on macOS. r=haik
2017-11-15 17:59:44 +00:00
David Keeler
ab21773795
bug 1417277 - remove support for MOZPSM_NSSDBDIR_OVERRIDE r=jcj
...
MOZPSM_NSSDBDIR_OVERRIDE was added in bug 462919 for integration with xulrunner
applications. Upcoming changes we're aiming to make with how PSM handles NSS and
the certificate/key databases (e.g. making the sqlite-backed implementation
mandatory) mean we have to take this feature into account. xulrunner isn't
supported any longer. Searching the web for "MOZPSM_NSSDBDIR_OVERRIDE" yields
two kinds of results: mozilla-central source code and a man page for nss-gui,
which it seems is the only project that ever made use of
MOZPSM_NSSDBDIR_OVERRIDE (and hasn't been updated since 2013, from what I can
tell). I think it's fair to conclude that this isn't a widely-used (let alone
known) feature. To make development easier, we should remove it.
MozReview-Commit-ID: 56vcTYSzDPq
--HG--
extra : rebase_source : 683a65bcd79182c04524562bc26ed5925f5d902b
2017-11-14 16:38:34 -08:00
ffxbld
7af6788dd0
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-11-14 11:51:23 -08:00
ffxbld
1d90c326d7
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-11-14 11:51:19 -08:00
ffxbld
e943551045
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-14 10:58:36 -08:00
ffxbld
cc72aaf33e
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-14 10:58:32 -08:00
Mark Banner
ba94a5128c
Bug 1371293 - Fix instances of missing 'use strict;' in html files as found after ESLint 4 upgrade. r=mossop
...
MozReview-Commit-ID: 2q3nqLaXA3E
--HG--
extra : rebase_source : 971ee6ae4dd565ead6f4aa16e06638445ecc5da0
2017-10-31 16:40:37 +00:00
Andreea Pavel
3039b5c625
Backed out 1 changesets (bug 1417677) for failing security/manager/ssl/tests/unit/test_broken_fips.js r=backout on a CLOSED TREE
...
Backed out changeset 614a09e35ff0 (bug 1417677)
2017-11-17 12:49:16 +02:00
Ciure Andrei
fdbe147ffb
Merge mozilla-central to autoland. r=merge a=merge CLOSED TREE
2017-11-17 12:09:31 +02:00
David Keeler
82c2e0ec18
bug 1413336 - (7/7) regenerate all the certificates! r=Cykesiopka
...
Also regenerate the test_signed_app.js testcases.
MozReview-Commit-ID: 483uNQT0wuG
--HG--
extra : rebase_source : 4dfddf89d151dceb970a1a9139a5c90e6b578f8c
2017-11-08 12:57:03 -08:00
David Keeler
cfc4721f33
bug 1413336 - (6/7) replace setComponentByName with direct property setters r=Cykesiopka
...
MozReview-Commit-ID: EIIzP04YHo9
--HG--
extra : rebase_source : bf04301265175f59a3db429667322caffeeeb767
2017-11-14 13:35:10 -08:00
David Keeler
d64022f084
bug 1413336 - (5/7) ensure text files generated by pycert et. al. have trailing newlines r=Cykesiopka
...
MozReview-Commit-ID: KduWJRzTxBp
--HG--
extra : rebase_source : 74c5baf9747a85d71bc93d7459a8b519b40f6dd4
2017-10-25 16:59:18 -07:00
David Keeler
d6bd3927e3
bug 1413336 - (4/7) make certificate serial number generation not depend on pyasn1 object string representation r=Cykesiopka
...
MozReview-Commit-ID: 69GjudEKwQM
--HG--
extra : rebase_source : 707413a77478e17a398fbb3c75eb27b64486b313
2017-11-08 14:12:03 -08:00
David Keeler
4a5bf460ad
bug 1413336 - (3/7) fix pycert.py and pykey.py with respect to pyasn1/pyasn1-modules updates r=Cykesiopka
...
MozReview-Commit-ID: CsxOF7LdEHB
--HG--
extra : rebase_source : 09b901b640779a9fe33de9d8c160b6918e6f12f7
2017-11-08 13:23:17 -08:00
David Keeler
dcb596244e
bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
...
MozReview-Commit-ID: 2qoJz5gDPyY
--HG--
extra : rebase_source : c84d7975fa30c753af7481d04e2db8c19daff180
2017-11-15 15:24:58 -08:00
David Keeler
2d6eb184f1
bug 1368868 - give up on ocsp stapling strictness because we can't have nice things r=jcj
...
MozReview-Commit-ID: nbX0c251oC
--HG--
extra : rebase_source : 2adda43c5ea137c17474e4b9303107f4ba3815ff
2017-11-08 15:50:26 -08:00
David Keeler
d49916e353
bug 1415991 - remove support for signed unpacked addons r=jcj,rhelmer
...
Unfortunately we have a number of add-on installation tests that rely on
unpacked addons verifying as signed. The test infrastructure achieves this by
monkey-patching nsIX509CertDB.verifySignedDirectoryAsync to always succeed.
These tests are, in general, not actually testing the successful verification of
signed unpacked add-ons but rather other aspects of add-on installation,
updating, etc.. Some of these tests are certainly no longer relevant now that
legacy add-ons aren't supported, but we don't have the time to go through all of
them at the moment (this blocks updating add-on signature verification to use
COSE signatures, which we need to ship in 59 or we're probably not shipping at
all).
MozReview-Commit-ID: 3TVPK703mUy
--HG--
extra : rebase_source : 5bf0b72a4d7c8ade702334345fdc3bf6a8761b15
2017-11-09 11:19:23 -08:00
Csoregi Natalia
e520b4f458
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-14 00:59:27 +02:00
ffxbld
6f5e1e666f
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2017-11-13 11:38:59 -08:00
ffxbld
4d11774312
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2017-11-13 11:38:56 -08:00
ffxbld
96d2701aef
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-13 10:56:59 -08:00
ffxbld
02130351db
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-13 10:56:56 -08:00
ffxbld
8802fbf292
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-11-12 11:35:21 -08:00
ffxbld
014fe21cbb
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-11-12 11:35:17 -08:00
ffxbld
54eff2095e
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-12 11:06:31 -08:00
ffxbld
f5ee17bd6f
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-12 11:06:28 -08:00
ffxbld
14b2379843
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-11 11:46:19 -08:00
ffxbld
844ee0c1d3
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-11 11:46:15 -08:00
ffxbld
a99e2a57b4
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-11 11:07:18 -08:00
ffxbld
0411746801
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-11 11:07:14 -08:00
Jed Davis
873f611a48
Bug 1401786 - Move the Linux sandboxing parts of GeckoChildProcessHost into security/sandbox. r=gcp
...
MozReview-Commit-ID: JknJhF5umZc
--HG--
extra : rebase_source : 2fa246e9a8b350becc21ed5bfd69820d3a321064
2017-10-06 17:15:46 -06:00
Alex Gaynor
af821e1fe3
Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
...
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.
MozReview-Commit-ID: 4CsOf89vlRB
--HG--
extra : rebase_source : b9130f522e860e6a582933799a9bac07b771139b
2017-06-01 10:38:22 -04:00
Ryan VanderMeulen
b16410f51c
Merge inbound to m-c. a=merge
2017-11-10 16:13:15 -05:00
ffxbld
018987af9e
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-10 11:40:26 -08:00
ffxbld
fef8559955
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-10 11:40:22 -08:00
ffxbld
5f8a70cc67
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-10 11:07:01 -08:00
ffxbld
dc41b393b4
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-10 11:06:58 -08:00
Margareta Eliza Balazs
7e070192d7
Merge inbound to mozilla-central r=merge a=merge
2017-11-10 11:55:43 +02:00
Sebastian Hengst
ed9d8c71ea
merge mozilla-central to autoland. r=merge a=merge on a CLOSED TREE
2017-11-10 02:46:00 +02:00
ffxbld
80565ab2ca
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-09 12:27:53 -08:00
ffxbld
5e3d80e936
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-09 12:27:50 -08:00
ffxbld
b730c6b38d
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-09 11:48:10 -08:00
ffxbld
7e80b102d5
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-09 11:48:06 -08:00
Sebastian Hengst
96773b2710
merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE
2017-11-10 02:47:06 +02:00
Andreea Pavel
e1c8aba28f
Merge mozilla-central to mozilla-inbound r=merge a=merge on a CLOSED TREE
2017-11-09 22:17:00 +02:00
David Keeler
0c8c69a89a
bug 1235287 - set a longer ocsp request timeout in test_ocsp_stapling_expired.js to avoid intermittent failures on android r=jcj
...
MozReview-Commit-ID: 3CJqnQ4EGXn
--HG--
extra : rebase_source : 3bdeac9d603d2f7d723e82fcfc75971ff9c44df0
2017-11-09 09:40:28 -08:00
Kyle Machulis
bcce449ae5
Bug 1408186 - Remove nsIDOMHTMLSelectElement and nsIDOMHTMLOptionsCollection; r=bz
...
MozReview-Commit-ID: Gh3JwLUtmz9
--HG--
extra : rebase_source : 6cdee487246406cafe0e5a9afe4a44f62d131c8b
2017-10-12 16:32:25 -07:00