Граф коммитов

11464 Коммитов

Автор SHA1 Сообщение Дата
ffxbld 381a7b8f8a No bug, Automated HPKP preload list update from host bld-linux64-spot-382 - a=hpkp-update 2017-04-03 08:07:24 -07:00
ffxbld 89740567f2 No bug, Automated HSTS preload list update from host bld-linux64-spot-382 - a=hsts-update 2017-04-03 08:07:21 -07:00
Franziskus Kiefer d040cb9cea Bug 1345368 - land NSS 1fb7e5f584de, r=me
--HG--
extra : rebase_source : 6ac73d3dc219a02194914ae4cfbe2027c258bbfe
2017-04-03 06:00:54 +02:00
ffxbld de880295b7 No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update 2017-04-02 07:47:41 -07:00
ffxbld c5fb8d9bde No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update 2017-04-02 07:47:38 -07:00
ffxbld fd99701caf No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update 2017-04-01 08:01:15 -07:00
ffxbld 91174d78b7 No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update 2017-04-01 08:01:12 -07:00
Wes Kocher 23ba88918a Merge m-c to autoland, a=merge 2017-03-31 17:52:17 -07:00
ffxbld 4e20a5b623 No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update 2017-03-31 08:52:14 -07:00
ffxbld 7df2a596c5 No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update 2017-03-31 08:52:11 -07:00
David Keeler 11c347b6b7 bug 1351604 - don't ship DER.jsm and X509.jsm until they're actually used in production r=Cykesiopka
MozReview-Commit-ID: 2DlMrB5TfKU

--HG--
extra : rebase_source : 9944352ccc66a5fdbd843bda8e4d2b26328d1bdd
2017-03-30 11:00:54 -07:00
Franziskus Kiefer c2c9435c51 Bug 1345368 - land NSS 215207b4864c, r=me
--HG--
extra : rebase_source : 727d919dd9bd85ee2a5b6dc3d71653d022d136ad
2017-03-31 06:01:05 +02:00
ffxbld 8aa12a88dc No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update 2017-03-30 07:59:23 -07:00
ffxbld 27b59fd695 No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update 2017-03-30 07:59:20 -07:00
Tim Taubert 00b8400985 Bug 1351779 - Removed unused variable 'loopDetected' from PathBuildingStep::Check() r=keeler 2017-03-29 20:17:06 +02:00
Ryan VanderMeulen cf8bee36b5 Merge m-c to inbound. a=merge 2017-03-29 09:44:13 -04:00
Ryan VanderMeulen f4a0d77ffc Merge inbound to m-c. a=merge 2017-03-29 09:41:54 -04:00
Bob Owen 22ff7c4117 Bug 1337331 Part 7: Re-apply - Allow a special all paths rule in the Windows process sandbox when using semantics FILES_ALLOW_READONLY. r=jimm
This also changes the read only related status checks in filesystem_interception.cc to include STATUS_NETWORK_OPEN_RESTRICTION (0xC0000201), which gets returned in some cases and fails because we never ask the broker.

Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/1755a454e2de

MozReview-Commit-ID: 4tfygPiKG9Z
2017-03-28 08:36:16 +01:00
Bob Owen 6a5727b408 Bug 1337331 Part 6: Re-apply - Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/0e6bf137521e

MozReview-Commit-ID: ExTtkUIPXH8
2017-03-29 14:23:17 +01:00
Franziskus Kiefer d6f74d9372 Bug 1345368 - land NSS 215207b4864c, r=me
--HG--
rename : security/nss/gtests/ssl_gtest/databuffer.h => security/nss/cpputil/databuffer.h
rename : security/nss/gtests/ssl_gtest/tls_parser.cc => security/nss/cpputil/tls_parser.cc
rename : security/nss/gtests/ssl_gtest/tls_parser.h => security/nss/cpputil/tls_parser.h
extra : rebase_source : 2242a1632ba3a96988a341d84b4abe78dbd4e0b2
2017-03-29 06:01:13 +02:00
Bob Owen 2a12392590 Bug 1344453 Part 2: Add FILES_ALLOW_READONLY rule to all paths when Windows child process should have full read access. r=jimm 2017-03-28 08:36:16 +01:00
Bob Owen 0ee38abf35 Bug 1344453 Part 1: Allow a special all paths rule in the Windows process sandbox when using semantics FILES_ALLOW_READONLY. r=jimm
This also changes the read only related status checks in filesystem_interception.cc to include STATUS_NETWORK_OPEN_RESTRICTION (0xC0000201), which gets returned in some cases and fails because we never ask the broker.
2017-03-28 08:36:16 +01:00
Wes Kocher f48488db89 Backed out changeset e46f832ac262 (bug 1351604) for browser_all_files_referenced.js failures a=backout
--HG--
extra : rebase_source : a091c76e54559dafa6435c22962231249c9dbac1
2017-03-31 13:20:37 -07:00
David Keeler 093a9fef3a bug 1351604 - don't ship DER.jsm and X509.jsm until they're actually used in production r=Cykesiopka
MozReview-Commit-ID: 2DlMrB5TfKU

--HG--
extra : rebase_source : eef6c21564d831feda43c85e14630b495b5b5761
2017-03-30 11:00:54 -07:00
David Keeler cb2ce54903 bug 1347859 - prevent dialog overflow in certificate exception dialog by resizing to content r=Cykesiopka
MozReview-Commit-ID: HDjE9QldcxF

--HG--
extra : rebase_source : c0240e37ee10ece4e908b0f542627ab41457242a
2017-03-30 14:00:29 -07:00
Cykesiopka f4a14ffb4c Bug 1342737 - Avoid using nsCRT.h and nsCRTGlue.h in PSM. r=keeler
There are a few places where we can use the safer functionality provided by the
Mozilla string classes instead.

Also fixes Bug 1268657 (remove vestigial
TransportSecurityInfo::SetShortSecurityDescription declaration).

MozReview-Commit-ID: Cxv5B4bsDua

--HG--
extra : rebase_source : 074a154c9000807d6dd466f23e92289e0d4c76d8
2017-03-28 22:57:15 +08:00
Cykesiopka 593e14fdee Bug 1350599 - Use guaranteed preloaded test domains instead of real domains in HSTS tests. r=keeler
Some of our tests currently assume that certain real domains are HSTS preloaded.
While most of the time these domains are in fact preloaded, this may change
during periods of maintenance or other events.

To avoid this, the changes here perform the following renames:
bugzilla.mozilla.org -> includesubdomains.preloaded.test
login.persona.org -> includesubdomains2.preloaded.test
www.torproject.org -> noincludesubdomains.preloaded.test

In addition, some tests that refer to mozilla.com (but don't depend on it being
preloaded) are made to refer to example.com instead to avoid referring to real
domains in tests.

MozReview-Commit-ID: 3987moJnKGk

--HG--
extra : rebase_source : 0ec49c9a410ba891f11668e7e11c48b7547e1825
2017-03-27 22:56:38 +08:00
Cykesiopka 0e63ffc494 Bug 1350868 - Semi-manually update nsSTSPreloadList.inc to include test domains. r=keeler
Periodic updates on m-c are currently broken due to Bug 1350619, so this change
inserts the test domains into the preload list semi-manually.

MozReview-Commit-ID: EBOiQcKDSHr

--HG--
extra : rebase_source : bc5880af95dc9934132d0e9251d9060ad9c6871a
2017-03-29 07:21:34 +08:00
Cykesiopka bbd1adad48 Bug 1350868 - Make HSTS preload script preload test domains for use in tests. r=keeler
This lets us migrate off depending on real preloaded domains and onto
domains that are guaranteed to have the correct characteristics.

MozReview-Commit-ID: 4TyOfdIA9I7

--HG--
extra : rebase_source : f49109de9292dec31b72d87819dd52b5a6b659ed
2017-03-29 07:21:01 +08:00
Bob Owen 927986bc20 Bug 1337331 Part 5: Re-apply - Add KEY_WOW64_64Key and KEY_WOW64_32KEY to the Chromium sandbox allowed registry read flags. r=aklotz
Carrying r=aklotz from previous changset:
https://hg.mozilla.org/mozilla-central/rev/d24db55deb85
2016-12-22 11:11:07 +00:00
Cykesiopka dbb0d99a70 Bug 1319252 - Remove nsIX509Cert.getAllTokenNames(). r=keeler,mossop
nsIX509Cert.getAllTokenNames() is only used (improperly) to determine if a
certificate is a built-in. nsIX509Cert.isBuiltInRoot should be used instead.

MozReview-Commit-ID: LBwI8nTc05C

--HG--
extra : rebase_source : 9494cd1243395b0d293022e981f64be560a54dec
2017-03-19 16:02:26 +08:00
Phil Ringnalda 81c566a8a2 Merge autoland to m-c, a=merge 2017-03-25 18:38:42 -07:00
Phil Ringnalda 2e782ce511 Bug 1350599 - disable hsts tests which depend on bugzilla.mozilla.org always being in the preload list, a=bustage
--HG--
extra : source : 997b98cce1aebf76641e14c79ac250cdb147041c
2017-03-25 14:04:24 -07:00
Carsten "Tomcat" Book 5f408d092d Merge mozilla-central to mozilla-inbound 2017-03-24 14:29:00 +01:00
Carsten "Tomcat" Book 0a1fc914ce Backed out changeset d9872fdd25f8 (bug 1337331) for causing build problems for others + on request on bob 2017-03-24 11:24:13 +01:00
Carsten "Tomcat" Book 50ef4d1d1b Backed out changeset 226c893c5d62 (bug 1337331) 2017-03-24 11:23:42 +01:00
Carsten "Tomcat" Book 3a931395eb Backed out changeset 438b6307c802 (bug 1337331) 2017-03-24 11:23:40 +01:00
Carsten "Tomcat" Book 8dd606e5ce Backed out changeset c4aa6b85411d (bug 1337331) 2017-03-24 11:23:37 +01:00
Carsten "Tomcat" Book a69a0cc262 Backed out changeset 5cd2e692ee0c (bug 1337331) 2017-03-24 11:23:35 +01:00
Carsten "Tomcat" Book ed6b3bc409 Backed out changeset 0dd9bae0b6b1 (bug 1337331) 2017-03-24 11:23:33 +01:00
Wes Kocher 2ea6238e55 Merge inbound to central, a=merge
MozReview-Commit-ID: 6od53T3ozcm
2017-03-23 16:15:37 -07:00
ffxbld e21d1dde53 No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update 2017-03-23 07:49:00 -07:00
ffxbld 4458112d90 No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update 2017-03-23 07:48:58 -07:00
Bob Owen b99c6e7ae0 Bug 1337331 Part 6: Re-apply - Change USER_NON_ADMIN access token level from whitelist to blacklist containing Admin SIDs. r=jimm
Carrying r=jimm from original changeset:
https://hg.mozilla.org/mozilla-central/rev/0e6bf137521e

MozReview-Commit-ID: ExTtkUIPXH8
2017-03-23 10:29:05 +00:00
Franziskus Kiefer c055a4757e Bug 1345368 - land NSS 06158d335df0, r=me
--HG--
extra : rebase_source : 75bb3b75d3bbbd4ba3a4e199fa0ad8c999ab38af
2017-03-24 08:38:05 +01:00
Wes Kocher 04968c7c99 Merge m-c to autoland, a=merge
MozReview-Commit-ID: DwtKxCKV42X
2017-03-24 17:20:07 -07:00
David Keeler d4f3dd148e bug 1345612 - avoid calling NS_NewURI on IP addresses when checking certificate overrides r=Cykesiopka
When determining if a certificate error override is allowed for a host, we
consult nsISiteSecurityService::IsSecureURI to see if the host is HSTS/HPKP.
This API takes an nsIURI, but the calling code only has a hostname as an
nsCString. Calling NS_NewURI works in all situations we will encounter except
when the hostname is an IPv6 address. Since IP addresses are never HSTS/HPKP
anyway, we can skip the NS_NewURI / IsSecureURI calls in those cases as a
workaround.

MozReview-Commit-ID: JXa8cGvqqTA

--HG--
extra : rebase_source : b8dcd2cb4211af230f867ce3954d5333b7a49684
2017-03-20 13:42:27 -07:00
ffxbld 71d521184f No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update 2017-03-22 07:50:19 -07:00
ffxbld cebf9f4e25 No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update 2017-03-22 07:50:16 -07:00
Mark Banner d7d8be9285 Bug 1347712 - Move toolkit/.eslintrc.js rules into a 'recommended' set within eslint-plugin-mozilla. r=jaws
MozReview-Commit-ID: Jy4apKnmWcV

--HG--
rename : toolkit/.eslintrc.js => tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js
extra : rebase_source : ae0c740c1c2a9cf620c1ac34024622ade12e6fd4
2017-03-22 10:43:00 +01:00