6ac04795af
Bug 1145893 - Shutdown nsNSSComponent background threads during xpcom-shutdown. r=keeler, a=me
2015-03-23 10:58:25 -07:00
8a4bc22436
Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler
2015-05-28 13:29:13 -07:00
56574135d1
Backed out changeset fda85020d842 (bug 1010068) for Android test_cert_overrides.js failures.
...
CLOSED TREE
2015-06-08 11:37:33 -04:00
3824033dee
Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler
2015-05-28 13:29:13 -07:00
ac2974150a
merge mozilla-inbound to mozilla-central a=merge
2015-06-08 11:55:30 +02:00
9df7fce9a4
No bug, Automated HPKP preload list update from host bld-linux64-spot-1061 - a=hpkp-update
2015-06-06 03:26:59 -07:00
671e873521
No bug, Automated HSTS preload list update from host bld-linux64-spot-1061 - a=hsts-update
2015-06-06 03:26:57 -07:00
9db695d73b
Bug 1055310 - Step 3: Move syscall interceptions into SandboxFilter.cpp. r=kang
...
We can now keep the part of the policy implemented by upcalls to
userspace in the same place as the part of the policy that's handled
entirely in the kernel. This will become more useful in the future
(e.g., bug 930258).
2015-06-05 15:17:40 -07:00
5e4e0f9184
Bug 1055310 - Step 2: Move SIGSYS handling to Chromium TrapRegistry. r=kang
...
This is more complicated than I'd like it to be, because we don't have
a good way to combine a specific trap function's knowledge that we want
to get a crash dump with the SIGSYS handler's copy of the unprocessed
signal info (which breakpad wants). The bpf_dsl interface requires a
specific trap function type (via the TrapRegistry superclass), so even
if we implement our own registry we can't change what's passed to it.
Normally we could use thread-local storage to get around that, but it's
not async signal safe.
As a result there is an imperfect compromise: the trap function returns
a failure with ENOSYS, Chromium's SIGSYS handler writes it into the
context, our SIGSYS handler reads it back out and uses a copy of
the original signal context for the crash dump. Other error codes
(and returning ENOSYS via the seccomp-bpf policy itself) are handled
normally.
2015-06-05 15:17:35 -07:00
3bd337c32c
Bug 1055310 - Step 1: Convert seccomp-bpf policies to Chromium PolicyCompiler. r=kang
...
This completely rewrites SandboxFilter.cpp and removes SandboxAssembler.
System calls are now loosely grouped by what they do, now that order
doesn't matter, and most of the intersection the content and media
plugin whitelists is moved into a common superclass. Hopefully this
improves the readability and comprehensibility of the syscall policies.
Also, the macros that take the syscall name are gone, because a plain
case label usually suffices now (the CASES_FOR_thing macros are a little
unsightly, but they're relatively simple), and at one point we saw
strange macro expansion issues with system header files that #define'd
some syscall names.
The signal handling is not migrated yet, so Trap() actions can't be used
yet; the next patch will take care of that, and to keep the intermediate
state working there's a minimal shim.
Bonus fix: non-const global variables use the "g" prefix; "s" is for
static class members and static variables in a function (where the
default is to allocate a separate copy per instance/activation).
2015-06-05 15:17:32 -07:00
1658fa2a61
bug 969985 - cleanup of test_certificate_usages.js - see the rest of this commit message r=mgoodwin
...
Converts test_certificate_usages.js to generate certificates at build time.
Also does miscellaneous cleanup to use modern JS practices.
Since the test_cert_eku-* suite of tests covers the extended key usage extension,
removes superfluous testcases involving EKU.
Finally, renames test_certificate_usages.js to test_cert_keyUsage.js for a more
consistent naming scheme.
--HG--
rename : security/manager/ssl/tests/unit/test_certificate_usages.js => security/manager/ssl/tests/unit/test_cert_keyUsage.js
2015-06-02 10:58:59 -07:00
75c4bebb79
Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
...
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
PR_LOG_ERROR -> LogLevel::Error
PR_LOG_WARNING -> LogLevel::Warning
PR_LOG_WARN -> LogLevel::Warning
PR_LOG_INFO -> LogLevel::Info
PR_LOG_DEBUG -> LogLevel::Debug
PR_LOG_NOTICE -> LogLevel::Debug
PR_LOG_VERBOSE -> LogLevel::Verbose
Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.
Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
2015-06-03 15:25:57 -07:00
67f6de2a30
Bug 1165515 - Part 9: Remove instances of using numeric log levels 1-5. rs=froydnj
2015-06-03 15:22:35 -07:00
cc58068318
Bug 1165515 - Part 5: Convert instances of PR_LOG_ALWAYS. r=froydnj
...
Most instances were converted to PR_LOG_INFO, some to PR_LOG_DEBUG, and some
to PR_LOG_ERROR.
2015-06-03 15:22:30 -07:00
f50b813989
Bug 1165515 - Part 3: Convert PR_LOG_TEST to MOZ_LOG_TEST. r=froydnj
2015-06-03 15:22:28 -07:00
0d334e23eb
Bug 1169195 - Convert test_bug644006.html mochitest to an xpcshell test. r=keeler
...
--HG--
rename : security/manager/ssl/tests/mochitest/bugs/test_bug644006.html => security/manager/ssl/tests/unit/test_constructX509FromBase64.js
2015-06-02 22:49:00 -04:00
07490a1951
Bug 1166669: Enable process-level mitigations for the Windows content process sandbox. r=tabraldes
2015-06-03 09:13:00 +01:00
e849e6588b
Bug 1170416 (part 3) - Remove the PLDHashTable2 typedef. r=froydnj.
...
--HG--
extra : rebase_source : 9510ea47204fffa163cac43aeaaac6ae1ad80419
2015-05-19 16:46:17 -07:00
d060bd3d86
Bug 1170431 - Pass buildid as input to pycert.py. r=gps
2015-06-03 07:10:25 +09:00
79ea9f2368
Bug 1170431 part 0 - Use the *Path classes for GENERATED_FILES scripts and inputs. r=gps
2015-06-03 07:10:12 +09:00
5471309381
Backed out 14 changesets (bug 1165515) for linux x64 e10s m2 test failures
...
Backed out changeset d68dcf2ef372 (bug 1165515)
Backed out changeset 7c3b45a47811 (bug 1165515)
Backed out changeset b668b617bef2 (bug 1165515)
Backed out changeset d0916e1283a2 (bug 1165515)
Backed out changeset ac4dc7489942 (bug 1165515)
Backed out changeset e9632ce8bc65 (bug 1165515)
Backed out changeset c16d215cc7e4 (bug 1165515)
Backed out changeset e4d474f3c51a (bug 1165515)
Backed out changeset d87680bf9f7c (bug 1165515)
Backed out changeset b3c0a45ba99e (bug 1165515)
Backed out changeset 9370fa197674 (bug 1165515)
Backed out changeset 50970d668ca1 (bug 1165515)
Backed out changeset ffa4eb6d24b9 (bug 1165515)
Backed out changeset 5fcf1203cc1d (bug 1165515)
--HG--
extra : rebase_source : 6fb850d063cbabe738f97f0380302153e3eae97a
2015-06-02 13:05:56 +02:00
a9afd68cef
Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
...
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
PR_LOG_ERROR -> LogLevel::Error
PR_LOG_WARNING -> LogLevel::Warning
PR_LOG_WARN -> LogLevel::Warning
PR_LOG_INFO -> LogLevel::Info
PR_LOG_DEBUG -> LogLevel::Debug
PR_LOG_NOTICE -> LogLevel::Debug
PR_LOG_VERBOSE -> LogLevel::Verbose
Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.
Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
2015-06-01 22:17:33 -07:00
fb40eb5516
Bug 1165515 - Part 9: Remove instances of using numeric log levels 1-5. rs=froydnj
2015-06-01 22:17:26 -07:00
28978ade8c
Bug 1165515 - Part 5: Convert instances of PR_LOG_ALWAYS. r=froydnj
...
Most instances were converted to PR_LOG_INFO, some to PR_LOG_DEBUG, and some
to PR_LOG_ERROR.
2015-06-01 22:17:21 -07:00
141e0ff4a2
Bug 1165515 - Part 3: Convert PR_LOG_TEST to MOZ_LOG_TEST. r=froydnj
2015-06-01 22:17:19 -07:00
4e9f80ed2e
Backed out 14 changesets (bug 1165515) for b2g mochitest-6 permafail CLOSED TREE
...
Backed out changeset 9b97e2aa2ed9 (bug 1165515)
Backed out changeset 150606c022a2 (bug 1165515)
Backed out changeset 4e875a488349 (bug 1165515)
Backed out changeset 467e7feeb546 (bug 1165515)
Backed out changeset d6b6cc373197 (bug 1165515)
Backed out changeset 0615265b593c (bug 1165515)
Backed out changeset fafd1dce9f08 (bug 1165515)
Backed out changeset d1df869245f9 (bug 1165515)
Backed out changeset 6876a7c63611 (bug 1165515)
Backed out changeset b7841c94a9a3 (bug 1165515)
Backed out changeset e5e3617f7c73 (bug 1165515)
Backed out changeset 39be3db95978 (bug 1165515)
Backed out changeset 0ec74176f8de (bug 1165515)
Backed out changeset 5b928dd10d71 (bug 1165515)
2015-06-01 17:57:58 -07:00
f82c0e7caf
Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel and PR_LOG_*. rs=froydnj
...
This is straightforward mapping of PR_LOG levels to their LogLevel
counterparts:
PR_LOG_ERROR -> LogLevel::Error
PR_LOG_WARNING -> LogLevel::Warning
PR_LOG_WARN -> LogLevel::Warning
PR_LOG_INFO -> LogLevel::Info
PR_LOG_DEBUG -> LogLevel::Debug
PR_LOG_NOTICE -> LogLevel::Debug
PR_LOG_VERBOSE -> LogLevel::Verbose
Instances of PRLogModuleLevel were mapped to a fully qualified
mozilla::LogLevel, instances of PR_LOG levels in #defines were mapped to a
fully qualified mozilla::LogLevel::* level, and all other instances were
mapped to us a shorter format of LogLevel::*.
Bustage for usage of the non-fully qualified LogLevel were fixed by adding
|using mozilla::LogLevel;| where appropriate.
2015-06-01 14:31:01 -07:00
4095cdb19f
Bug 1165515 - Part 9: Remove instances of using numeric log levels 1-5. rs=froydnj
2015-06-01 14:31:00 -07:00
0a502beb23
Bug 1165515 - Part 5: Convert instances of PR_LOG_ALWAYS. r=froydnj
...
Most instances were converted to PR_LOG_INFO, some to PR_LOG_DEBUG, and some
to PR_LOG_ERROR.
2015-06-01 14:31:00 -07:00
dc090e3fe5
Bug 1165515 - Part 3: Convert PR_LOG_TEST to MOZ_LOG_TEST. r=froydnj
2015-06-01 14:31:00 -07:00
7531d9be17
Merge mozilla-central to mozilla-inbound
2015-06-01 15:19:42 +02:00
cfa2965ba6
merge mozilla-inbound to mozilla-central a=merge
2015-06-01 15:00:24 +02:00
b6ea902b96
No bug, Automated HPKP preload list update from host bld-linux64-spot-534 - a=hpkp-update
2015-05-30 03:26:59 -07:00
e6879816ca
No bug, Automated HSTS preload list update from host bld-linux64-spot-534 - a=hsts-update
2015-05-30 03:26:57 -07:00
71fd1e3612
Bug 1169530 - Add l10n string for SSL_ERROR_WEAK_SERVER_CERT_KEY. r=dkeeler
...
Also removes the strings for the SSL_ERROR_UNUSED_5 and SSL_ERROR_UNUSED_10 errors.
--HG--
extra : rebase_source : 252d8f50085ccc57294a71c31f3b8b37c9cf2a90
2015-05-28 22:50:00 +02:00
51a5fe52f3
Bug 1123759: Set low integrity on NPAPI processes for Windows sandboxing policy level >= 2. r=bbondy, r=bsmedberg
2015-05-22 17:05:45 +01:00
a83c753047
bug 1166976 - generate some PSM xpcshell test certificates at build time r=Cykesiopka,mgoodwin,froydnj
2015-05-20 16:35:16 -07:00
5eae5c2c7b
Bug 1166031 - Update NSS to NSS_3_19_1_RTM. a=sledru
...
--HG--
extra : transplant_source : %A7%DD%B5%C6%8C%1C%C1%C1%8C%CBY%E4%AD%87%0Bt%02%A9%B0%13
2015-05-28 14:14:52 -04:00
df91e412ac
Bug 1168007 (part 7) - Use PLDHashTable2 in nsCertTree. r=froydnj.
...
It's possible that Clear() will be called on a table that hasn't had anything
inserted in it, but that's ok.
--HG--
extra : rebase_source : 454a79d9ec0fbf8d82706c12535c5862fe687cba
2015-05-18 21:14:51 -07:00
58ee0c69e5
Bug 1168007 (part 6) - Use PLDHashTable2 in nsSecureBrowserUIImpl. r=froydnj.
...
--HG--
extra : rebase_source : fe8f14d5caf24931bace563518b7541beb838074
2015-05-18 21:02:48 -07:00
563c609fd0
Bug 1168695 - Add result strings to PSM xpcshell HPKP tests. r=keeler
...
--HG--
extra : rebase_source : 75fd17476020a68c60fd5e733c4d7a30fd05b8da
2015-05-28 02:26:00 +02:00
c2bc81fbea
Bug 1167254 - Convert test_bug234856.html mochitest to an xpcshell test. r=keeler
...
--HG--
extra : rebase_source : c8bad9f0d55aa2a037ae508da988a137c5239006
2015-05-28 02:22:00 +02:00
6ddb65f184
Bug 1166323 - Remove IME sequence number. r=masayuki,nchen
2015-05-28 13:51:40 +09:00
20a5506187
Bug 1164714 - Fix unified compilation bustage on Windows. r=me
...
CLOSED TREE
2015-05-27 19:37:09 -07:00
133069acd0
Bug 1164714 - Move netwerk/base/nsISiteSecurityService.idl into security/manager/ssl. r=keeler,mcmanus
...
--HG--
rename : netwerk/base/nsISiteSecurityService.idl => security/manager/ssl/nsISiteSecurityService.idl
2015-05-26 10:31:30 -07:00
a028ea5c2d
Bug 1164714 - Move and flatten security/manager/boot/{public,src}/ into security/manager/ssl/. r=keeler
...
--HG--
rename : security/manager/boot/src/CertBlocklist.cpp => security/manager/ssl/CertBlocklist.cpp
rename : security/manager/boot/src/CertBlocklist.h => security/manager/ssl/CertBlocklist.h
rename : security/manager/boot/src/DataStorage.cpp => security/manager/ssl/DataStorage.cpp
rename : security/manager/boot/src/DataStorage.h => security/manager/ssl/DataStorage.h
rename : security/manager/boot/src/PublicKeyPinningService.cpp => security/manager/ssl/PublicKeyPinningService.cpp
rename : security/manager/boot/src/PublicKeyPinningService.h => security/manager/ssl/PublicKeyPinningService.h
rename : security/manager/boot/src/RootCertificateTelemetryUtils.cpp => security/manager/ssl/RootCertificateTelemetryUtils.cpp
rename : security/manager/boot/src/RootCertificateTelemetryUtils.h => security/manager/ssl/RootCertificateTelemetryUtils.h
rename : security/manager/boot/src/RootHashes.inc => security/manager/ssl/RootHashes.inc
rename : security/manager/boot/src/StaticHPKPins.errors => security/manager/ssl/StaticHPKPins.errors
rename : security/manager/boot/src/StaticHPKPins.h => security/manager/ssl/StaticHPKPins.h
rename : security/manager/boot/src/nsEntropyCollector.cpp => security/manager/ssl/nsEntropyCollector.cpp
rename : security/manager/boot/src/nsEntropyCollector.h => security/manager/ssl/nsEntropyCollector.h
rename : security/manager/boot/public/nsIBufEntropyCollector.idl => security/manager/ssl/nsIBufEntropyCollector.idl
rename : security/manager/boot/public/nsICertBlocklist.idl => security/manager/ssl/nsICertBlocklist.idl
rename : security/manager/boot/public/nsISSLStatusProvider.idl => security/manager/ssl/nsISSLStatusProvider.idl
rename : security/manager/boot/public/nsISecurityUITelemetry.idl => security/manager/ssl/nsISecurityUITelemetry.idl
rename : security/manager/boot/src/nsSTSPreloadList.errors => security/manager/ssl/nsSTSPreloadList.errors
rename : security/manager/boot/src/nsSTSPreloadList.inc => security/manager/ssl/nsSTSPreloadList.inc
rename : security/manager/boot/src/nsSecureBrowserUIImpl.cpp => security/manager/ssl/nsSecureBrowserUIImpl.cpp
rename : security/manager/boot/src/nsSecureBrowserUIImpl.h => security/manager/ssl/nsSecureBrowserUIImpl.h
rename : security/manager/boot/src/nsSecurityHeaderParser.cpp => security/manager/ssl/nsSecurityHeaderParser.cpp
rename : security/manager/boot/src/nsSecurityHeaderParser.h => security/manager/ssl/nsSecurityHeaderParser.h
rename : security/manager/boot/src/nsSiteSecurityService.cpp => security/manager/ssl/nsSiteSecurityService.cpp
rename : security/manager/boot/src/nsSiteSecurityService.h => security/manager/ssl/nsSiteSecurityService.h
2015-05-26 10:31:25 -07:00
ae04912e48
Bug 1164714 - Flatten security/manager/ssl/src/ directory. r=keeler
...
--HG--
rename : security/manager/ssl/src/CryptoTask.cpp => security/manager/ssl/CryptoTask.cpp
rename : security/manager/ssl/src/CryptoTask.h => security/manager/ssl/CryptoTask.h
rename : security/manager/ssl/src/CryptoUtil.h => security/manager/ssl/CryptoUtil.h
rename : security/manager/ssl/src/IntolerantFallbackList.inc => security/manager/ssl/IntolerantFallbackList.inc
rename : security/manager/ssl/src/NSSErrorsService.cpp => security/manager/ssl/NSSErrorsService.cpp
rename : security/manager/ssl/src/NSSErrorsService.h => security/manager/ssl/NSSErrorsService.h
rename : security/manager/ssl/src/PPSMContentDownloader.ipdl => security/manager/ssl/PPSMContentDownloader.ipdl
rename : security/manager/ssl/src/PSMContentListener.cpp => security/manager/ssl/PSMContentListener.cpp
rename : security/manager/ssl/src/PSMContentListener.h => security/manager/ssl/PSMContentListener.h
rename : security/manager/ssl/src/PSMRunnable.cpp => security/manager/ssl/PSMRunnable.cpp
rename : security/manager/ssl/src/PSMRunnable.h => security/manager/ssl/PSMRunnable.h
rename : security/manager/ssl/src/PublicSSL.h => security/manager/ssl/PublicSSL.h
rename : security/manager/ssl/src/SSLServerCertVerification.cpp => security/manager/ssl/SSLServerCertVerification.cpp
rename : security/manager/ssl/src/SSLServerCertVerification.h => security/manager/ssl/SSLServerCertVerification.h
rename : security/manager/ssl/src/ScopedNSSTypes.h => security/manager/ssl/ScopedNSSTypes.h
rename : security/manager/ssl/src/SharedCertVerifier.h => security/manager/ssl/SharedCertVerifier.h
rename : security/manager/ssl/src/SharedSSLState.cpp => security/manager/ssl/SharedSSLState.cpp
rename : security/manager/ssl/src/SharedSSLState.h => security/manager/ssl/SharedSSLState.h
rename : security/manager/ssl/src/TransportSecurityInfo.cpp => security/manager/ssl/TransportSecurityInfo.cpp
rename : security/manager/ssl/src/TransportSecurityInfo.h => security/manager/ssl/TransportSecurityInfo.h
rename : security/manager/ssl/src/md4.c => security/manager/ssl/md4.c
rename : security/manager/ssl/src/md4.h => security/manager/ssl/md4.h
rename : security/manager/ssl/src/nsCertOverrideService.cpp => security/manager/ssl/nsCertOverrideService.cpp
rename : security/manager/ssl/src/nsCertOverrideService.h => security/manager/ssl/nsCertOverrideService.h
rename : security/manager/ssl/src/nsCertPicker.cpp => security/manager/ssl/nsCertPicker.cpp
rename : security/manager/ssl/src/nsCertPicker.h => security/manager/ssl/nsCertPicker.h
rename : security/manager/ssl/src/nsCertTree.cpp => security/manager/ssl/nsCertTree.cpp
rename : security/manager/ssl/src/nsCertTree.h => security/manager/ssl/nsCertTree.h
rename : security/manager/ssl/src/nsCertVerificationThread.cpp => security/manager/ssl/nsCertVerificationThread.cpp
rename : security/manager/ssl/src/nsCertVerificationThread.h => security/manager/ssl/nsCertVerificationThread.h
rename : security/manager/ssl/src/nsClientAuthRemember.cpp => security/manager/ssl/nsClientAuthRemember.cpp
rename : security/manager/ssl/src/nsClientAuthRemember.h => security/manager/ssl/nsClientAuthRemember.h
rename : security/manager/ssl/src/nsCrypto.cpp => security/manager/ssl/nsCrypto.cpp
rename : security/manager/ssl/src/nsCrypto.h => security/manager/ssl/nsCrypto.h
rename : security/manager/ssl/src/nsCryptoHash.cpp => security/manager/ssl/nsCryptoHash.cpp
rename : security/manager/ssl/src/nsCryptoHash.h => security/manager/ssl/nsCryptoHash.h
rename : security/manager/ssl/src/nsDataSignatureVerifier.cpp => security/manager/ssl/nsDataSignatureVerifier.cpp
rename : security/manager/ssl/src/nsDataSignatureVerifier.h => security/manager/ssl/nsDataSignatureVerifier.h
rename : security/manager/ssl/src/nsKeyModule.cpp => security/manager/ssl/nsKeyModule.cpp
rename : security/manager/ssl/src/nsKeyModule.h => security/manager/ssl/nsKeyModule.h
rename : security/manager/ssl/src/nsKeygenHandler.cpp => security/manager/ssl/nsKeygenHandler.cpp
rename : security/manager/ssl/src/nsKeygenHandler.h => security/manager/ssl/nsKeygenHandler.h
rename : security/manager/ssl/src/nsKeygenHandlerContent.cpp => security/manager/ssl/nsKeygenHandlerContent.cpp
rename : security/manager/ssl/src/nsKeygenHandlerContent.h => security/manager/ssl/nsKeygenHandlerContent.h
rename : security/manager/ssl/src/nsKeygenThread.cpp => security/manager/ssl/nsKeygenThread.cpp
rename : security/manager/ssl/src/nsKeygenThread.h => security/manager/ssl/nsKeygenThread.h
rename : security/manager/ssl/src/nsNSSASN1Object.cpp => security/manager/ssl/nsNSSASN1Object.cpp
rename : security/manager/ssl/src/nsNSSASN1Object.h => security/manager/ssl/nsNSSASN1Object.h
rename : security/manager/ssl/src/nsNSSCallbacks.cpp => security/manager/ssl/nsNSSCallbacks.cpp
rename : security/manager/ssl/src/nsNSSCallbacks.h => security/manager/ssl/nsNSSCallbacks.h
rename : security/manager/ssl/src/nsNSSCertHelper.cpp => security/manager/ssl/nsNSSCertHelper.cpp
rename : security/manager/ssl/src/nsNSSCertHelper.h => security/manager/ssl/nsNSSCertHelper.h
rename : security/manager/ssl/src/nsNSSCertTrust.cpp => security/manager/ssl/nsNSSCertTrust.cpp
rename : security/manager/ssl/src/nsNSSCertTrust.h => security/manager/ssl/nsNSSCertTrust.h
rename : security/manager/ssl/src/nsNSSCertValidity.cpp => security/manager/ssl/nsNSSCertValidity.cpp
rename : security/manager/ssl/src/nsNSSCertValidity.h => security/manager/ssl/nsNSSCertValidity.h
rename : security/manager/ssl/src/nsNSSCertificate.cpp => security/manager/ssl/nsNSSCertificate.cpp
rename : security/manager/ssl/src/nsNSSCertificate.h => security/manager/ssl/nsNSSCertificate.h
rename : security/manager/ssl/src/nsNSSCertificateDB.cpp => security/manager/ssl/nsNSSCertificateDB.cpp
rename : security/manager/ssl/src/nsNSSCertificateDB.h => security/manager/ssl/nsNSSCertificateDB.h
rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp => security/manager/ssl/nsNSSCertificateFakeTransport.cpp
rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.h => security/manager/ssl/nsNSSCertificateFakeTransport.h
rename : security/manager/ssl/src/nsNSSComponent.cpp => security/manager/ssl/nsNSSComponent.cpp
rename : security/manager/ssl/src/nsNSSComponent.h => security/manager/ssl/nsNSSComponent.h
rename : security/manager/ssl/src/nsNSSErrors.cpp => security/manager/ssl/nsNSSErrors.cpp
rename : security/manager/ssl/src/nsNSSHelper.h => security/manager/ssl/nsNSSHelper.h
rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/nsNSSIOLayer.cpp
rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/nsNSSIOLayer.h
rename : security/manager/ssl/src/nsNSSModule.cpp => security/manager/ssl/nsNSSModule.cpp
rename : security/manager/ssl/src/nsNSSShutDown.cpp => security/manager/ssl/nsNSSShutDown.cpp
rename : security/manager/ssl/src/nsNSSShutDown.h => security/manager/ssl/nsNSSShutDown.h
rename : security/manager/ssl/src/nsNSSVersion.cpp => security/manager/ssl/nsNSSVersion.cpp
rename : security/manager/ssl/src/nsNSSVersion.h => security/manager/ssl/nsNSSVersion.h
rename : security/manager/ssl/src/nsNTLMAuthModule.cpp => security/manager/ssl/nsNTLMAuthModule.cpp
rename : security/manager/ssl/src/nsNTLMAuthModule.h => security/manager/ssl/nsNTLMAuthModule.h
rename : security/manager/ssl/src/nsPK11TokenDB.cpp => security/manager/ssl/nsPK11TokenDB.cpp
rename : security/manager/ssl/src/nsPK11TokenDB.h => security/manager/ssl/nsPK11TokenDB.h
rename : security/manager/ssl/src/nsPKCS11Slot.cpp => security/manager/ssl/nsPKCS11Slot.cpp
rename : security/manager/ssl/src/nsPKCS11Slot.h => security/manager/ssl/nsPKCS11Slot.h
rename : security/manager/ssl/src/nsPKCS12Blob.cpp => security/manager/ssl/nsPKCS12Blob.cpp
rename : security/manager/ssl/src/nsPKCS12Blob.h => security/manager/ssl/nsPKCS12Blob.h
rename : security/manager/ssl/src/nsPSMBackgroundThread.cpp => security/manager/ssl/nsPSMBackgroundThread.cpp
rename : security/manager/ssl/src/nsPSMBackgroundThread.h => security/manager/ssl/nsPSMBackgroundThread.h
rename : security/manager/ssl/src/nsProtectedAuthThread.cpp => security/manager/ssl/nsProtectedAuthThread.cpp
rename : security/manager/ssl/src/nsProtectedAuthThread.h => security/manager/ssl/nsProtectedAuthThread.h
rename : security/manager/ssl/src/nsRandomGenerator.cpp => security/manager/ssl/nsRandomGenerator.cpp
rename : security/manager/ssl/src/nsRandomGenerator.h => security/manager/ssl/nsRandomGenerator.h
rename : security/manager/ssl/src/nsSDR.cpp => security/manager/ssl/nsSDR.cpp
rename : security/manager/ssl/src/nsSDR.h => security/manager/ssl/nsSDR.h
rename : security/manager/ssl/src/nsSSLSocketProvider.cpp => security/manager/ssl/nsSSLSocketProvider.cpp
rename : security/manager/ssl/src/nsSSLSocketProvider.h => security/manager/ssl/nsSSLSocketProvider.h
rename : security/manager/ssl/src/nsSSLStatus.cpp => security/manager/ssl/nsSSLStatus.cpp
rename : security/manager/ssl/src/nsSSLStatus.h => security/manager/ssl/nsSSLStatus.h
rename : security/manager/ssl/src/nsSmartCardMonitor.cpp => security/manager/ssl/nsSmartCardMonitor.cpp
rename : security/manager/ssl/src/nsSmartCardMonitor.h => security/manager/ssl/nsSmartCardMonitor.h
rename : security/manager/ssl/src/nsTLSSocketProvider.cpp => security/manager/ssl/nsTLSSocketProvider.cpp
rename : security/manager/ssl/src/nsTLSSocketProvider.h => security/manager/ssl/nsTLSSocketProvider.h
rename : security/manager/ssl/src/nsUsageArrayHelper.cpp => security/manager/ssl/nsUsageArrayHelper.cpp
rename : security/manager/ssl/src/nsUsageArrayHelper.h => security/manager/ssl/nsUsageArrayHelper.h
rename : security/manager/ssl/src/nsVerificationJob.h => security/manager/ssl/nsVerificationJob.h
2015-05-26 10:31:23 -07:00
e02a99f68f
Bug 1164714 - Flatten security/manager/ssl/public/ directory. r=keeler
...
--HG--
rename : security/manager/ssl/public/nsIASN1Object.idl => security/manager/ssl/nsIASN1Object.idl
rename : security/manager/ssl/public/nsIASN1PrintableItem.idl => security/manager/ssl/nsIASN1PrintableItem.idl
rename : security/manager/ssl/public/nsIASN1Sequence.idl => security/manager/ssl/nsIASN1Sequence.idl
rename : security/manager/ssl/public/nsIAssociatedContentSecurity.idl => security/manager/ssl/nsIAssociatedContentSecurity.idl
rename : security/manager/ssl/public/nsIBadCertListener2.idl => security/manager/ssl/nsIBadCertListener2.idl
rename : security/manager/ssl/public/nsICertOverrideService.idl => security/manager/ssl/nsICertOverrideService.idl
rename : security/manager/ssl/public/nsICertPickDialogs.idl => security/manager/ssl/nsICertPickDialogs.idl
rename : security/manager/ssl/public/nsICertTree.idl => security/manager/ssl/nsICertTree.idl
rename : security/manager/ssl/public/nsICertificateDialogs.idl => security/manager/ssl/nsICertificateDialogs.idl
rename : security/manager/ssl/public/nsIClientAuthDialogs.idl => security/manager/ssl/nsIClientAuthDialogs.idl
rename : security/manager/ssl/public/nsIDataSignatureVerifier.idl => security/manager/ssl/nsIDataSignatureVerifier.idl
rename : security/manager/ssl/public/nsIGenKeypairInfoDlg.idl => security/manager/ssl/nsIGenKeypairInfoDlg.idl
rename : security/manager/ssl/public/nsIKeyModule.idl => security/manager/ssl/nsIKeyModule.idl
rename : security/manager/ssl/public/nsIKeygenThread.idl => security/manager/ssl/nsIKeygenThread.idl
rename : security/manager/ssl/public/nsINSSVersion.idl => security/manager/ssl/nsINSSVersion.idl
rename : security/manager/ssl/public/nsIPK11Token.idl => security/manager/ssl/nsIPK11Token.idl
rename : security/manager/ssl/public/nsIPK11TokenDB.idl => security/manager/ssl/nsIPK11TokenDB.idl
rename : security/manager/ssl/public/nsIPKCS11.idl => security/manager/ssl/nsIPKCS11.idl
rename : security/manager/ssl/public/nsIPKCS11Module.idl => security/manager/ssl/nsIPKCS11Module.idl
rename : security/manager/ssl/public/nsIPKCS11ModuleDB.idl => security/manager/ssl/nsIPKCS11ModuleDB.idl
rename : security/manager/ssl/public/nsIPKCS11Slot.idl => security/manager/ssl/nsIPKCS11Slot.idl
rename : security/manager/ssl/public/nsIProtectedAuthThread.idl => security/manager/ssl/nsIProtectedAuthThread.idl
rename : security/manager/ssl/public/nsISSLStatus.idl => security/manager/ssl/nsISSLStatus.idl
rename : security/manager/ssl/public/nsITokenDialogs.idl => security/manager/ssl/nsITokenDialogs.idl
rename : security/manager/ssl/public/nsITokenPasswordDialogs.idl => security/manager/ssl/nsITokenPasswordDialogs.idl
rename : security/manager/ssl/public/nsIUserCertPicker.idl => security/manager/ssl/nsIUserCertPicker.idl
rename : security/manager/ssl/public/nsIX509Cert.idl => security/manager/ssl/nsIX509Cert.idl
rename : security/manager/ssl/public/nsIX509CertDB.idl => security/manager/ssl/nsIX509CertDB.idl
rename : security/manager/ssl/public/nsIX509CertList.idl => security/manager/ssl/nsIX509CertList.idl
rename : security/manager/ssl/public/nsIX509CertValidity.idl => security/manager/ssl/nsIX509CertValidity.idl
2015-05-26 10:30:46 -07:00
ea7750bcb1
Bug 991983 - Define SOURCES as SourcePath. r=gps
2015-05-28 07:34:15 +09:00
b24a26ecdc
Bug 1168048 - Avoid potential null-pointer dereferencing in nsNSSCertificateDB r=keeler
...
--HG--
extra : histedit_source : 63ddf50ccbd79eb320c52aa47959f76a8b247e21
2015-05-27 14:12:26 -07:00
8b1facad54
Bug 1167866 - Add result strings to PSM test_cert* xpcshell tests. r=keeler
...
--HG--
extra : rebase_source : 306e5f3230350fefe1ade0f748f8d593a79f3392
2015-05-23 19:57:32 -07:00
9e5deef0e2
Merge m-i to m-c, a=merge
2015-05-23 13:31:21 -07:00
70743008c3
No bug, Automated HPKP preload list update from host bld-linux64-spot-023 - a=hpkp-update
2015-05-23 03:32:23 -07:00
3cb82ca5b5
No bug, Automated HSTS preload list update from host bld-linux64-spot-023 - a=hsts-update
2015-05-23 03:32:21 -07:00
685504d65d
Bug 958421 - XUL dialog for certificate is security/manager/pki/resouces is unnecessary on Firefox Android. r=snorp
2015-05-22 14:28:04 +09:00
db188ea282
Bug 1160485 - remove implicit conversion from RefPtr<T> to TemporaryRef<T>; r=ehsan
...
Having this implicit conversion means that we can silently do extra
refcounting when it's completely unnecessary. It's also an obstacle to
making RefPtr more nsRefPtr-like, so let's get rid of it.
2015-05-01 09:14:16 -04:00
ab7196486a
Bug 1060112 - Don't treat OCSP responses omitting the requested certificate status as "unknown certificate" responses blocking the connection r=keeler
2015-05-21 13:39:34 -04:00
3925a960aa
Bug 1165515 - Part 1: Convert PR_LOG to MOZ_LOG. r=froydnj
2015-05-21 13:22:04 -07:00
e90de3e5e0
Bug 1166586 (part 2) - Convert some easy PL_DHashTable{Init,Finish} cases. r=froydnj.
...
This patch converts easy cases, i.e. where the PL_DHashTableInit() call occurs
in a constructor and the PL_DHashTableFinish() call occurs in a destructor.
--HG--
extra : rebase_source : d8dc450f80ac23b8455141b471cc9ae823e1e384
2015-05-04 22:59:24 -07:00
5edd9ca1e4
Backed out changeset 38ff380719e4 (bug 1166031) for test_WebCrypto_DH.html failures.
2015-05-20 22:05:15 -04:00
2249f71a31
Bug 1166031 - Update NSS to NSS_3_19_1_BETA1. r=mt
2015-05-20 21:06:06 -04:00
309d57da39
Bug 1166031 - Update PSM xpcshell small RSA key test to reflect new error. r=Cykesiopka
...
Previously NSS would accept smaller RSA key sizes than PSM would in TLS handshakes. Now that the limit is the same, NSS handles the handshake termination with a different error code before PSM can make its own policy decision.
--HG--
extra : rebase_source : ceb01cc28cb63e9ca52b935ea22d917d79dee1b9
2015-05-21 12:57:03 -07:00
d29d3d14b0
Bug 1166031 - Update NSS to NSS_3_19_1_BETA1. r=mt
...
--HG--
extra : rebase_source : bb3c28e7ece399d4e1902e96b052a4c7c69e81af
extra : source : 38ff380719e46767d2eadd47891980e47a473d0f
2015-05-20 21:06:06 -04:00
740177a058
Bug 1166078 - Clean up and add expected result strings to test_hmac.js. r=keeler
...
--HG--
extra : rebase_source : 7d8d3e38e2f706324bb4563f65a4d85b1af8866b
2015-05-18 15:22:54 -07:00
ed468964b8
Bug 1164714 - Flatten security/manager/pki/src/ directory. r=keeler
...
--HG--
rename : security/manager/pki/src/nsASN1Tree.cpp => security/manager/pki/nsASN1Tree.cpp
rename : security/manager/pki/src/nsASN1Tree.h => security/manager/pki/nsASN1Tree.h
rename : security/manager/pki/src/nsNSSDialogHelper.cpp => security/manager/pki/nsNSSDialogHelper.cpp
rename : security/manager/pki/src/nsNSSDialogHelper.h => security/manager/pki/nsNSSDialogHelper.h
rename : security/manager/pki/src/nsNSSDialogs.cpp => security/manager/pki/nsNSSDialogs.cpp
rename : security/manager/pki/src/nsNSSDialogs.h => security/manager/pki/nsNSSDialogs.h
rename : security/manager/pki/src/nsPKIModule.cpp => security/manager/pki/nsPKIModule.cpp
rename : security/manager/pki/src/nsPKIParamBlock.cpp => security/manager/pki/nsPKIParamBlock.cpp
rename : security/manager/pki/src/nsPKIParamBlock.h => security/manager/pki/nsPKIParamBlock.h
2015-05-19 10:47:42 -07:00
b8b7e39d71
Bug 1164714 - Flatten security/manager/pki/public/ directory. r=keeler
...
--HG--
rename : security/manager/pki/public/nsIASN1Tree.idl => security/manager/pki/nsIASN1Tree.idl
rename : security/manager/pki/public/nsIPKIParamBlock.idl => security/manager/pki/nsIPKIParamBlock.idl
2015-05-19 10:47:38 -07:00
4879ae86f4
Bug 1165518 - Part 2: Replace prlog.h with Logging.h. rs=froydnj
2015-05-19 11:15:34 -07:00
44861c2d49
bug 1165911 - do more safety checks when gathering successful TLS connection telemetry r=Cykesiopka
2015-05-18 10:37:38 -07:00
4a930bc0f3
Back out a1f7ae44c7bb (bug 1164373) for causing intermittent test failures.
...
--HG--
extra : rebase_source : ac3d87bc11cf5cff81bc94f72ba01d1f05dfe445
2015-05-18 19:00:54 -07:00
09631fba2e
merge mozilla-inbound to mozilla-central a=merge
2015-05-18 13:43:01 +02:00
c38e008367
Bug 1152842 - Remove legacy Download Manager support from test_bug383369.html. r=paolo
2015-05-11 17:43:15 -07:00
cfe5014bab
Backed out changeset fe10feec1ede because of OCSP test failures
2015-05-16 16:38:34 -04:00
a9f5d9c05c
Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler
2015-05-15 16:17:47 -04:00
e67e1e2a38
Merge m-c to m-i
2015-05-16 09:49:14 -07:00
d22fb4c9fd
Merge m-i to m-c, a=merge
2015-05-16 08:50:37 -07:00
d89ecd849b
No bug, Automated HPKP preload list update from host bld-linux64-spot-152 - a=hpkp-update
2015-05-16 03:30:30 -07:00
0c4a5d8d8b
No bug, Automated HSTS preload list update from host bld-linux64-spot-152 - a=hsts-update
2015-05-16 03:30:28 -07:00
cf42e317ab
Bug 1155963 Only allow NS_LITERAL_CSTRING to be used on compile-time literals r=froydnj,ehsan
2015-05-16 09:07:10 +01:00
eab9ff6d25
Back out all four patches from bug 1161377. r=me.
...
Due to Android startup regressions (bug 1163066) and plugin crashes (bug
1165155).
--HG--
extra : rebase_source : 380f79e67dff4c4eaa2614f286a4d0669666b652
2015-05-14 21:48:43 -07:00
3c714c42eb
Backed out changeset 17cfad44e12b (bug 1155963) for breaking b2g builds
2015-05-14 16:35:18 -07:00
06998bb825
Bug 1162965 - Use /dev/shm instead of /tmp for sandbox chroot if possible. r=kang
2015-05-14 16:19:08 -07:00
ae441fafa2
Bug 1155963 Only allow NS_LITERAL_CSTRING to be used on compile-time literals r=froydnj,ehsan
2015-05-15 00:00:33 +01:00
cb7ae71daf
Bug 1164409 - Reduce PSM xpcshell script code duplication. r=keeler
2015-05-15 02:28:00 -04:00
4e7fc3055e
bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes
2015-04-06 16:10:28 -07:00
424c7b08b9
Bug 1164373 - Remove two static constructors involving PR_NewLogModule(). r=froydnj.
...
--HG--
extra : rebase_source : 089cbc39be20f60ca3c7e07b9f42034f19c4ea29
2015-05-13 18:02:56 -07:00
ba79e01ad2
Bug 1161377 (part 3, attempt 2) - Convert some easy PL_DHashTable{Init,Finish} cases. r=froydnj.
...
--HG--
extra : rebase_source : 990907701818b7da2b4e8955c419bb61130e266f
2015-05-12 17:33:26 -07:00
8cac570831
Bug 1149718: Fix wow_helper lib path for VS2015. r=glandium
...
--HG--
extra : rebase_source : 91893548992b2c0929abaa4e81bce60e473247ff
2015-05-12 18:20:28 -04:00
3c315d18c3
bug 1102436 - remove PublicKeyPinningService::CheckChainAgainstAllNames r=Cykesiopka
2015-05-07 11:06:07 -07:00
737fac0f14
Bug 1163358 - Add "psm" tag to PSM xpcshell and mochitest manifests. r=dkeeler
...
--HG--
extra : rebase_source : 43570fd1ec37a363df530dac0fd457c1019d194d
2015-05-09 18:21:00 +02:00
fe90037862
Bug 1043692 - Add a DIST_INSTALL variable to moz.build, and replace NO_DIST_INSTALL with it. r=gps
2015-05-12 07:55:21 +09:00
94925de358
Bug 1146874 Part 1: Check that Windows sandboxed process starts correctly. r=tabraldes
2015-05-11 08:24:39 +01:00
0323a0a1b5
Backout c375efe78e07 (bug 1161377 part 3) for (probably) increasing the static constructor count and regressing Fennec start-up time. r=me.
2015-05-10 22:16:18 -07:00
256161c570
Merge m-c to m-c, a=merge
2015-05-09 14:16:58 -07:00
2e46137393
No bug, Automated HPKP preload list update from host bld-linux64-spot-270 - a=hpkp-update
2015-05-09 03:31:59 -07:00
9dfe0d6356
No bug, Automated HSTS preload list update from host bld-linux64-spot-270 - a=hsts-update
2015-05-09 03:31:58 -07:00
e43a05d6d2
Merge fx-team to m-c a=merge
2015-05-08 10:29:41 -07:00
bfb87f34ff
Bug 1162691 - Part 2: Wrap expensive calls in PR_LOG_TEST. r=froydnj
...
Check that logging is enabled before performing potentially expensive
operations.
2015-05-08 14:36:34 -07:00
4eceb82c1f
Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj
...
PR_LOGGING is now always defined, we can remove #ifdefs checking for it.
2015-05-08 14:36:33 -07:00
7b4994dfc8
Bug 1038072 - signature verification for JAR files unpacked into a directory. r=keeler
...
--HG--
extra : rebase_source : 5728bfc05f8326f5392a787d38bc64ec8dbefe21
extra : source : a02ea85607a2c0989f057053858125fa5046763b
2015-05-05 20:21:00 +02:00
d65b604e3b
Bug 1158773: Use the same initial and delayed integrity level for Windows content sandbox level 0. r=tabraldes
2015-05-06 10:11:56 +01:00
d8275d9234
Back out changeset a02ea85607a2 (bug 1038072) for widespread test failures (at least Linux, Android, and Mulet), on a CLOSED TREE.
2015-05-06 09:58:55 +02:00
a956162b00
Bug 1038072 - signature verification for JAR files unpacked into a directory. r=keeler
...
--HG--
extra : rebase_source : 3afa62b566718cfbfaaf53765d385187388e83e5
2015-05-05 20:21:00 +02:00
17348fdef0
Bug 1161377 (part 3) - Convert some easy PL_DHashTable{Init,Finish} cases. r=froydnj.
...
This patch converts easy cases, i.e. where the PL_DHashTableInit() call occurs
in a constructor and the PL_DHashTableFinish() call occurs in a destructor.
2015-05-04 22:59:24 -07:00
cb581e0eff
Bug 1128607 - Test the freshness check for OneCRL (r=keeler)
2015-05-07 18:54:07 +01:00
f82bee04e1
Bug 1128607 - Add freshness check for OneCRL (r=keeler)
2015-05-07 18:54:05 +01:00
6c728ddf43
bug 1153212 - 2/2 Necko explicitly track origin vs routed host and give psm only origin r=dkeeler r=hurley IGNORE IDL
...
Allow necko to simultaneously track the dual concept of routed host
and origin (authenticated host). The origin is given to the socket
provider and the routed host is inserted at DNS lookup time as if it
were a SRV or CNAME.
--HG--
extra : rebase_source : f9cc87b92084025443bc0374b1dd994f01662ebb
2015-04-09 11:31:59 -04:00
6a940b1edd
bug 1153212 - 1/2 revert 90d6a38931fa to make room for better fix r=backout
...
--HG--
extra : rebase_source : a812bd796d4aa9df8e51c32a014663c025f3e0a6
2015-05-07 13:16:26 -04:00
c0e295b256
Bug 1144055, Upgrade Firefox to use NSS 3.19, landing NSS_3_19_RTM
2015-05-04 21:34:38 +02:00
f7b3a781d8
Bug 1153446 - Replace instances of double spacing with single spacing in nsserrors.properties. r=dkeeler
2015-05-01 02:40:00 +02:00
0dc457eba2
Merge m-i to m-c, a=merge
2015-05-02 10:02:17 -07:00
ba8964f0c6
No bug, Automated HPKP preload list update from host bld-linux64-spot-137 - a=hpkp-update
2015-05-02 03:30:49 -07:00
aaf9d7d061
No bug, Automated HSTS preload list update from host bld-linux64-spot-137 - a=hsts-update
2015-05-02 03:30:48 -07:00
924c9eb636
Bug 1134923 - Remove NS_Alloc/NS_Realloc/NS_Free. r=nfroyd
...
They are kept around for the sake of the standalone glue, which is used
for e.g. webapprt, which doesn't have direct access to jemalloc, and thus
still needs a wrapper to go through the xpcom function list and get to
jemalloc from there.
2015-05-01 09:40:30 +09:00
c8ff2d51c8
Bug 1159972 - Remove the fallible version of PL_DHashTableInit(). r=froydnj.
...
It's no longer needed now that entry storage isn't allocated there. (The other
possible causes of failures in that function are less interesting and simply
crashing is a reasonable thing to do for them.)
This also makes PL_DNewHashTable() infallible, so I removed some
now-unnecessary checks of its result.
--HG--
extra : rebase_source : 4c6ab0c449bc18e8bace8bf036b5bd78d3a2f1c4
2015-04-29 16:38:29 -07:00
2343aee19b
Bug 1150515: Set the subsystem to WINDOWS,5.02 for wow_helper so that it runs on WinXP 64-bit. r=glandium
2015-04-30 09:48:03 +01:00
8beb5af44d
Bug 1145844 - Update fallback whitelist. r=keeler
2015-04-29 13:48:53 +09:00
ca3e5326e2
Bug 734229 - Partially address by refusing to re-negotiate on NTLM. r=mayhemer, r=keeler
...
Now only one NTLM Negotiate packet will be sent per connection, rather
than again after a failed authentication. The problem situation is
triggered due to failed Negotiate authentication, and is probably more
complex.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
--HG--
extra : rebase_source : dc2bac8a3b7dab5e774dcfb9ce33b73c7233d686
2014-11-28 11:34:06 +13:00
ebde6b9f4f
Bug 1157835: Remove the MSVC_ENABLE_PGO flag from the build system. r=glandium
...
--HG--
extra : rebase_source : 0c47c99bb8b92f8361a51fd81b20a2cc8647a986
2015-04-27 19:59:27 -04:00
596e5f9960
merge fx-team to mozilla-central a=merge
2015-04-27 12:34:03 +02:00
107708af7c
merge mozilla-inbound to mozilla-central a=merge
2015-04-27 12:00:14 +02:00
2ecabecaa7
No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update
2015-04-25 03:32:33 -07:00
d0e7b73b16
No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update
2015-04-25 03:32:31 -07:00
89c80effa2
Bug 1154184 - Don't use Linux sandbox gtest dir if not building tests. r=gps
2015-04-24 17:36:08 -07:00
7b5d12ad46
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz
...
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
2015-03-31 11:32:40 -07:00
cdf101ec43
merge mozilla-inbound to mozilla-central a=merge
2015-04-24 14:37:13 +02:00
ee333796b2
Bug 1121982 - Update PSM to use NSS name constraints
2015-04-23 20:26:29 -04:00
471d07992f
Bug 1144600 - Don't crash when submitting <keygen> on b2g r=dkeeler
2015-04-23 13:35:49 -07:00
24f35dfe49
Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler
...
--HG--
extra : rebase_source : 11fb8b1c1a3044b82668136f4cfec4c758d9270c
2015-04-22 12:55:23 -07:00
acb448f5f9
Bug 1153809 - Loosen Mac content process sandbox rules for NVidia and Intel HD 3000 graphics hardware. r=areinald
2015-04-22 14:56:09 -05:00
a4f79b207d
bug 1157873 - remove certificates from CNNIC whitelist that aren't in the Pilot Certificate Transparency log r=rbarnes
...
Also remove certificates where notBefore is on or after 1 April 2015.
2015-04-21 16:07:33 -07:00
0343243a12
Bug 1124076 followup - fix the build when PR_LOGGING is not defined. r=mrbkap
2015-04-23 13:24:57 -07:00
6c532d910b
bug 1081128 - test_pinning.js takes ~300 seconds on b2g debug emulator - request a longer timeout for it r=Cykesiopka
...
--HG--
extra : amend_source : 9ba64939a0f277c9407f47731186cfea4da64774
2015-04-22 11:06:36 -07:00
9470ab9873
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, r=nss-confcall
2015-04-23 21:16:20 +02:00
17b87281f2
Bug 1147212 - Add support for goog-unwanted-shavar. r=gcp,r=matej,r=smaug
...
--HG--
rename : toolkit/components/url-classifier/tests/mochitest/evilWorker.js => toolkit/components/url-classifier/tests/mochitest/unwantedWorker.js
extra : rebase_source : efe09564160fb2fcb1adb5f6599183f053268c40
2015-04-22 21:01:37 +12:00
ed2915b75f
Backed out changeset 7f3cf84c11a9 (bug 1124076) for bustage on a CLOSED TREE
2015-04-22 13:44:23 +02:00
3a94be560c
Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler
...
--HG--
extra : rebase_source : 00240091ae66180390a76a9613a4215cf591401d
2015-04-21 14:56:00 +02:00
399276d5fc
Bug 1153348 - Add an analysis to prohibit operator bools which aren't marked as either explicit or MOZ_IMPLICIT; r=jrmuizel
...
This is the counterpart to the existing analysis to catch
constructors which aren't marked as either explicit or
MOZ_IMPLICIT.
2015-04-21 21:40:49 -04:00
ec1aede15a
Bug 1150765 - Add sandbox rules to allow hardware rendering of OpenGL on Mac. r=smichaud
...
--HG--
extra : rebase_source : 1fa38a01840f24b63f27254d434c9e0bc3382309
2015-04-21 11:17:16 +02:00
04795f03be
bug 1153212 - Alt-Svc Fixes r=dkeeler r=hurley
2015-04-13 17:11:59 -04:00
803079473a
Bug 1144055, Upgrade Firefox 39 to use NSS 3.19, NSS_3_19_BETA4 to pick up bug 1155279
2015-04-20 21:46:19 +02:00
7d4e804ec6
Merge m-i to m-c, a=merge
2015-04-18 16:36:32 -07:00
a178fd47b7
No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update
2015-04-18 03:29:47 -07:00
aa4085d52f
No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update
2015-04-18 03:29:45 -07:00
e69f0f4b4b
bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith
2015-04-08 16:17:39 -07:00
c2568b80a0
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA2, r=nss-confcall
2015-04-17 13:49:43 +02:00
af1ece91c4
Bug 1153248, re-enable a bunch of tests that now work with e10s, r=billm
2015-04-16 15:38:12 -04:00
5ff51a7744
bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes
2015-04-07 17:29:05 -07:00
d15620fcea
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA3, r=nss-confcall
2015-04-17 18:43:30 +02:00
81764496cd
bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past
2015-03-25 11:04:49 -07:00
95bd8011e6
Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler
...
--HG--
extra : rebase_source : caf903d29b0adc22fcc7e87e4fa0019cfa48007e
2015-04-14 05:33:03 -10:00
f124561818
Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler
...
We used to avoid using Nested and NestedOf because they were based on
bind and it was difficult to maintain our std::bind polyfill. Now that
we use lambdas, it is easy to use Nested and NestedOf, so we should do
so wherever it makes the code clearer.
--HG--
extra : rebase_source : 1157d16320b3b211e3ce612b75782e8bd9c55f30
2015-04-14 05:32:46 -10:00
d09798e9f5
Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler
...
Also fixes the wrong comment. The syntax for version in OCSP and X.509
certs is identical.
--HG--
extra : rebase_source : 744a2998ce8c55a61fbbc1966bc22e4903fa2484
2015-04-14 05:32:29 -10:00
0cac719ba9
Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler
...
--HG--
extra : rebase_source : 899eaed19b13edc9c257f0ab212d447bb54e607d
2015-04-14 05:06:41 -10:00
5389bbbf54
Bug 1137437 - move security/apps/ cert header generation to moz.build; r=mshal,keeler
...
Moving the cert header generation to GENERATED_FILES means that we can
delete all the manually-written out rules; we can also delete the
export:: rule because the build system automatically builds
GENERATED_FILES during the export phase. For ease of converion, we opt
to create an empty trusted-app-public.der cert for manifest-signing-root.inc;
partners are free to overwrite that cert with their own.
2015-02-27 12:50:49 -05:00
67e9dfaaf8
Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith
...
This avoids -Wunused-variable fatal warnings with GCC 5.0
2015-04-15 09:21:23 +09:00
c755113bc5
Bug 1153090 followup - consistently use sizeof(hash) r=dkeeler
2015-04-14 22:19:18 +02:00
88aa8d67cc
Bug 1153090 - Unaligned access in cert block list (r=keeler)
2015-04-14 21:19:52 +02:00
5ab8ccdeac
Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith
2015-04-14 14:30:09 +02:00
566d65be48
Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler
...
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.
--HG--
rename : security/pkix/include/pkix/ScopedPtr.h => security/pkix/lib/ScopedPtr.h
extra : rebase_source : 206bfb32aa5a04a4719f28b4aca59fe2f0abbec3
2015-04-13 00:28:11 -10:00
b1035c0992
Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler
...
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
2015-04-12 19:57:48 -10:00
ede9c4f220
merge mozilla-inbound to mozilla-central a=merge
2015-04-13 12:00:00 +02:00
bd0890186b
No bug, Automated HPKP preload list update from host bld-linux64-spot-009 - a=hpkp-update
2015-04-11 03:29:55 -07:00
83c81d6e76
No bug, Automated HSTS preload list update from host bld-linux64-spot-009 - a=hsts-update
2015-04-11 03:29:53 -07:00
ba1cc023b7
Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang
...
This needs more unit tests for the various pieces of what's going on
here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but
that's nontrivial due to needing a single-threaded process -- and
currently they can't be run on Mozilla's CI anyway due to needing user
namespaces, and local testing can just try using GMP and manually
inspecting the child process. So that will be a followup.
2015-04-10 18:05:19 -07:00
6bf3d102d8
Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang
...
Using the equivalent of release assertions in the patch after this one
is easier to justify if I can't come up with vaguely legitimate reasons
why they might fail; this detects the ones I thought of.
2015-04-10 18:05:19 -07:00
32cb9ee32d
Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent
...
This means that B2G plugin-container must (dynamically) link against
libmozsandbox in order to call into it before initializing Binder.
(Desktop Linux plugin-container already contains the sandbox code.)
2015-04-10 18:05:19 -07:00
cf24e12150
Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang
2015-04-10 18:05:19 -07:00
2c5369d16e
Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler
...
--HG--
extra : rebase_source : 43a28d1b97c569280979c8a2d95494e4d2f9a67c
extra : amend_source : 056721a65cc7d0738d9ab2a92071f8f7eaf48262
2015-03-30 08:57:00 +02:00
01409dbd35
bug 1147085 - remove nsINSSCertCache (replace it with nsIX509CertDB.getCerts()) r=Cykesiopka
2015-04-03 14:01:05 -07:00
bdc70031c6
Bug 1152895 - remove dead code in nsSSLIOLayerSetOptions r=dkeeler
2015-04-09 13:40:04 -04:00
3487ae0262
Bug 1147725 - Disable test_ocsp_fetch_method.js and test_ocsp_url.js on slow B2G Emulator debug builds. r=keeler
...
--HG--
extra : rebase_source : 87d4b8284b33498a50542d49b956db84cdae1b62
2015-04-06 14:05:00 +02:00
077c2e64f4
Bug 1149483: Change content sandbox level 1 to a working low integrity sandbox. r=tabraldes, r=billm
2015-04-05 14:01:38 +01:00
fa3a91e936
Merge m-i to m-c, a=merge
2015-04-04 09:59:17 -07:00
3a6df834e2
No bug, Automated HPKP preload list update from host bld-linux64-spot-220 - a=hpkp-update
2015-04-04 03:27:46 -07:00
81b8c93237
No bug, Automated HSTS preload list update from host bld-linux64-spot-220 - a=hsts-update
2015-04-04 03:27:44 -07:00
33228918ed
Bug 1110911 - Move Mac sandboxing code into plugin-container. r=cpearce,areinald,jld
2015-04-03 11:51:41 -05:00
c2f2ce39ec
Bug 1149805 - Switch head_psm.js to Assert.jsm methods and add expected result strings. r=keeler
2015-04-02 05:50:00 -04:00
6680672cfb
Bug 488480 - Correct documentation about the function hasMatchingOverride() in nsICertOverrideService.idl. Original patch by Johnathan Nightingale. r=keeler
...
IGNORE IDL
--HG--
extra : rebase_source : 3e2f7be6a165caf413726d13c9ccee26abbd2925
2015-04-02 05:45:00 -04:00
4c7234747e
Bug 1143651 - don't use CallQueryInterface when the compiler can do the cast for us; r=ehsan
2015-03-12 13:20:29 -04:00
7eb3221db7
Bug 1147726: Disable test_keysize_ev.js on slow B2G Emulator debug builds. r=dkeeler
2015-03-31 11:53:00 +02:00
a0437d5b8f
Bug 1146057: Remove support for GCC 4.6, r=keeler
...
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.
--HG--
extra : rebase_source : 0f104f16be9e7c1ff87bbdd0d4ba6700b1081fb8
2015-03-30 20:18:46 -10:00
e4f543bb58
Bug 1119878 Part 2: Change IPC code to hold ProcessID instead of ProcessHandle. r=billm, r=dvander, r=aklotz, r=cpearce
2015-04-01 09:40:35 +01:00
eef3ca5f6e
Bug 1119878 Part 1: Change SandboxTarget to hold sandbox target services to provide functions. r=aklotz, r=glandium, r=cpearce
2015-04-01 09:40:35 +01:00
b077d9624d
Bug 1134920 - Use moz_xmalloc/moz_xrealloc/free instead of nsMemory::Alloc/Realloc/Free. r=nfroyd
2015-04-01 13:51:45 +09:00
d7b3e00bed
Bug 1138848 - Tests for modified OneCRL (r=keeler, unfocused)
...
* * *
* * *
give blocklist debug info to NSPR_LOG
2015-03-31 15:10:19 -07:00
1b0d6fb879
Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused)
2015-03-31 15:10:09 -07:00
5a690c59fa
bug 844351 - remove nsISSLErrorListener r=cykesiopka
...
--HG--
extra : amend_source : e2adec756356509f0a4601bbeabf7ba7c8d15a8e
2015-03-24 16:00:10 -07:00
ee04a8b86a
Bug 1147247 - Use PRErrorCodeSuccess constant instead of literal 0 to represent success in PSM xpcshell tests. r=dkeeler
...
--HG--
extra : rebase_source : 75a144cbf0e166f92884275fb6c511c98d7e61bd
2015-03-27 23:16:00 +01:00
bb6cbdf02b
Bug 667471 - Pretty print names of ECDSA with SHA-2 algorithms in Certificate Viewer. r=dkeeler
...
--HG--
extra : rebase_source : eb961cbdf8fe1ccf74642d86c03ee6c41c30f2d4
2015-03-27 23:13:00 +01:00
c39e359c7d
Bug 1138293 - Use malloc/free/realloc/calloc instead of moz_malloc/moz_free/moz_realloc/moz_calloc. r=njn
...
The distinction between moz_malloc/moz_free and malloc/free is not
interesting. We are inconsistent in our use of one or the other, and
I wouldn't be surprised if we are mixing them anyways.
2015-03-31 12:32:49 +09:00
36b7acc82a
Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler
...
--HG--
extra : rebase_source : 7bb0327749fd013ba5de17483d21a9e9f21eb07a
extra : source : 9f3617a5b85a8a2ae9a82c0f0584b413a9b635b4
2015-02-26 13:10:13 -08:00
3ab08d7fdb
Bug 1136278, Part 1: Refactor algorithm identifiers in tests, r=keeler
...
This will make it easier to expand the tests to additional
signature algorithms and additional public key types.
--HG--
extra : rebase_source : 256923fff83d58732b6c995a4096b773fdbb28c1
2015-02-26 16:11:41 -08:00
2f48802ae0
Bug 1147572 - Remove implementation language field from DOM class info. r=jst
2015-03-30 10:45:39 -07:00
c6676519f2
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, florian, billm, jesup
2015-03-03 09:51:05 -05:00
46dfeaba0b
Bug 1148070 - Change nsIClassInfo::getHelperForLanguage() to getScriptableHelper(). r=bholley
2015-03-29 07:52:54 -07:00
2b3486247c
Backed out 6 changesets (bug 1046245) on a CLOSED TREE
2015-03-29 01:42:32 -04:00
cdd0b089a5
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
24b4f38005
Back out 6 changesets (bug 1046245) for thinking that MSVC would have anything to do with a __PRETTY_FUNCTION__
...
CLOSED TREE
Backed out changeset 9e3ecca831d8 (bug 1046245)
Backed out changeset 87dc145f4da8 (bug 1046245)
Backed out changeset 01606cf19a77 (bug 1046245)
Backed out changeset 2ed2b15fe940 (bug 1046245)
Backed out changeset 2b99b193828a (bug 1046245)
Backed out changeset d1ac67faccbb (bug 1046245)
2015-03-28 19:57:17 -07:00
222e93c87c
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
003e8f5278
Backed out 6 changesets (bug 1046245) for bustage on a CLOSED TREE.
...
Backed out changeset 222c2f9e3bc9 (bug 1046245)
Backed out changeset 4251eef464a2 (bug 1046245)
Backed out changeset 592f4cc23197 (bug 1046245)
Backed out changeset 5bfb9a1c0550 (bug 1046245)
Backed out changeset e966a5df87b6 (bug 1046245)
Backed out changeset 609f3ca64004 (bug 1046245)
2015-03-28 16:24:25 -04:00
Eric Rahm
Richard Barnes
Ryan VanderMeulen
Carsten "Tomcat" Book
ffxbld
Jed Davis
David Keeler
Cykesiopka
Bob Owen
Nicholas Nethercote
Mike Hommey
Wes Kocher
Makoto Kato
Birunthan Mohanathas
Kaspar Brand
Phil Ringnalda
Nathan Froyd
Tim Taubert
cedric
Neil Rashbrook
David Major
Daniel Veditz
L. David Baron
Mark Goodwin
Patrick McManus
Kai Engert
Masatoshi Kimura
Andrew Bartlett
Dave Townsend
Fabrice Desré
Blake Kaplan
Steven Michaud
Nathan Toone
Francois Marier
Ehsan Akhgari
André Reinald
Neil Deakin
Brian Smith
Landry Breuil
Jan Beich
David Cooper
Andrew McCreight
Jan-Ivar Bruaroey
Randell Jesup