30b01a14e8
Backed out changeset f99621542727 (bug 1038068) for test failures in test_corrupt.js etc on a CLOSED TREE
2015-04-23 09:09:30 +02:00
b43e5283da
Merge m-c to fx-team a=merge
2015-04-22 17:27:15 -07:00
24f35dfe49
Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler
...
--HG--
extra : rebase_source : 11fb8b1c1a3044b82668136f4cfec4c758d9270c
2015-04-22 12:55:23 -07:00
acb448f5f9
Bug 1153809 - Loosen Mac content process sandbox rules for NVidia and Intel HD 3000 graphics hardware. r=areinald
2015-04-22 14:56:09 -05:00
2fb50ac667
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz
...
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
extra : amend_source : 4aa3ae86e2afc75529e880ab962c67163405248b
2015-03-31 11:32:40 -07:00
9adc1fecb8
Backed out changeset 3b48e1a81a17 (bug 1038068) for xpcshell orange even after a clobbering IGNORE IDL
...
--HG--
extra : amend_source : 086173e953ae46aa2292993601380ab04884b1ac
2015-04-21 18:21:52 -07:00
1c8090ed35
Merge m-c to fx-team a=merge
2015-04-21 15:39:12 -07:00
ec1aede15a
Bug 1150765 - Add sandbox rules to allow hardware rendering of OpenGL on Mac. r=smichaud
...
--HG--
extra : rebase_source : 1fa38a01840f24b63f27254d434c9e0bc3382309
2015-04-21 11:17:16 +02:00
04795f03be
bug 1153212 - Alt-Svc Fixes r=dkeeler r=hurley
2015-04-13 17:11:59 -04:00
803079473a
Bug 1144055, Upgrade Firefox 39 to use NSS 3.19, NSS_3_19_BETA4 to pick up bug 1155279
2015-04-20 21:46:19 +02:00
7d4e804ec6
Merge m-i to m-c, a=merge
2015-04-18 16:36:32 -07:00
a178fd47b7
No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update
2015-04-18 03:29:47 -07:00
aa4085d52f
No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update
2015-04-18 03:29:45 -07:00
e69f0f4b4b
bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith
2015-04-08 16:17:39 -07:00
f4b5328e0d
Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). IGNORE IDL. r=dveditz
...
--HG--
extra : rebase_source : a48282c6b3f10391e9492d4f0a89cef8697ea622
extra : amend_source : 17c0645d0577dad789b2d9b4879459327fcef1f7
2015-03-31 11:32:40 -07:00
c2568b80a0
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA2, r=nss-confcall
2015-04-17 13:49:43 +02:00
af1ece91c4
Bug 1153248, re-enable a bunch of tests that now work with e10s, r=billm
2015-04-16 15:38:12 -04:00
5ff51a7744
bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes
2015-04-07 17:29:05 -07:00
d15620fcea
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA3, r=nss-confcall
2015-04-17 18:43:30 +02:00
81764496cd
bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past
2015-03-25 11:04:49 -07:00
95bd8011e6
Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler
...
--HG--
extra : rebase_source : caf903d29b0adc22fcc7e87e4fa0019cfa48007e
2015-04-14 05:33:03 -10:00
f124561818
Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler
...
We used to avoid using Nested and NestedOf because they were based on
bind and it was difficult to maintain our std::bind polyfill. Now that
we use lambdas, it is easy to use Nested and NestedOf, so we should do
so wherever it makes the code clearer.
--HG--
extra : rebase_source : 1157d16320b3b211e3ce612b75782e8bd9c55f30
2015-04-14 05:32:46 -10:00
d09798e9f5
Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler
...
Also fixes the wrong comment. The syntax for version in OCSP and X.509
certs is identical.
--HG--
extra : rebase_source : 744a2998ce8c55a61fbbc1966bc22e4903fa2484
2015-04-14 05:32:29 -10:00
0cac719ba9
Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler
...
--HG--
extra : rebase_source : 899eaed19b13edc9c257f0ab212d447bb54e607d
2015-04-14 05:06:41 -10:00
5389bbbf54
Bug 1137437 - move security/apps/ cert header generation to moz.build; r=mshal,keeler
...
Moving the cert header generation to GENERATED_FILES means that we can
delete all the manually-written out rules; we can also delete the
export:: rule because the build system automatically builds
GENERATED_FILES during the export phase. For ease of converion, we opt
to create an empty trusted-app-public.der cert for manifest-signing-root.inc;
partners are free to overwrite that cert with their own.
2015-02-27 12:50:49 -05:00
67e9dfaaf8
Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith
...
This avoids -Wunused-variable fatal warnings with GCC 5.0
2015-04-15 09:21:23 +09:00
c755113bc5
Bug 1153090 followup - consistently use sizeof(hash) r=dkeeler
2015-04-14 22:19:18 +02:00
88aa8d67cc
Bug 1153090 - Unaligned access in cert block list (r=keeler)
2015-04-14 21:19:52 +02:00
5ab8ccdeac
Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith
2015-04-14 14:30:09 +02:00
566d65be48
Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler
...
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.
--HG--
rename : security/pkix/include/pkix/ScopedPtr.h => security/pkix/lib/ScopedPtr.h
extra : rebase_source : 206bfb32aa5a04a4719f28b4aca59fe2f0abbec3
2015-04-13 00:28:11 -10:00
b1035c0992
Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler
...
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
2015-04-12 19:57:48 -10:00
ede9c4f220
merge mozilla-inbound to mozilla-central a=merge
2015-04-13 12:00:00 +02:00
bd0890186b
No bug, Automated HPKP preload list update from host bld-linux64-spot-009 - a=hpkp-update
2015-04-11 03:29:55 -07:00
83c81d6e76
No bug, Automated HSTS preload list update from host bld-linux64-spot-009 - a=hsts-update
2015-04-11 03:29:53 -07:00
ba1cc023b7
Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang
...
This needs more unit tests for the various pieces of what's going on
here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but
that's nontrivial due to needing a single-threaded process -- and
currently they can't be run on Mozilla's CI anyway due to needing user
namespaces, and local testing can just try using GMP and manually
inspecting the child process. So that will be a followup.
2015-04-10 18:05:19 -07:00
6bf3d102d8
Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang
...
Using the equivalent of release assertions in the patch after this one
is easier to justify if I can't come up with vaguely legitimate reasons
why they might fail; this detects the ones I thought of.
2015-04-10 18:05:19 -07:00
32cb9ee32d
Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent
...
This means that B2G plugin-container must (dynamically) link against
libmozsandbox in order to call into it before initializing Binder.
(Desktop Linux plugin-container already contains the sandbox code.)
2015-04-10 18:05:19 -07:00
cf24e12150
Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang
2015-04-10 18:05:19 -07:00
2c5369d16e
Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler
...
--HG--
extra : rebase_source : 43a28d1b97c569280979c8a2d95494e4d2f9a67c
extra : amend_source : 056721a65cc7d0738d9ab2a92071f8f7eaf48262
2015-03-30 08:57:00 +02:00
01409dbd35
bug 1147085 - remove nsINSSCertCache (replace it with nsIX509CertDB.getCerts()) r=Cykesiopka
2015-04-03 14:01:05 -07:00
bdc70031c6
Bug 1152895 - remove dead code in nsSSLIOLayerSetOptions r=dkeeler
2015-04-09 13:40:04 -04:00
17b87281f2
Bug 1147212 - Add support for goog-unwanted-shavar. r=gcp,r=matej,r=smaug
...
--HG--
rename : toolkit/components/url-classifier/tests/mochitest/evilWorker.js => toolkit/components/url-classifier/tests/mochitest/unwantedWorker.js
extra : rebase_source : efe09564160fb2fcb1adb5f6599183f053268c40
2015-04-22 21:01:37 +12:00
ed2915b75f
Backed out changeset 7f3cf84c11a9 (bug 1124076) for bustage on a CLOSED TREE
2015-04-22 13:44:23 +02:00
3a94be560c
Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler
...
--HG--
extra : rebase_source : 00240091ae66180390a76a9613a4215cf591401d
2015-04-21 14:56:00 +02:00
399276d5fc
Bug 1153348 - Add an analysis to prohibit operator bools which aren't marked as either explicit or MOZ_IMPLICIT; r=jrmuizel
...
This is the counterpart to the existing analysis to catch
constructors which aren't marked as either explicit or
MOZ_IMPLICIT.
2015-04-21 21:40:49 -04:00
3487ae0262
Bug 1147725 - Disable test_ocsp_fetch_method.js and test_ocsp_url.js on slow B2G Emulator debug builds. r=keeler
...
--HG--
extra : rebase_source : 87d4b8284b33498a50542d49b956db84cdae1b62
2015-04-06 14:05:00 +02:00
077c2e64f4
Bug 1149483: Change content sandbox level 1 to a working low integrity sandbox. r=tabraldes, r=billm
2015-04-05 14:01:38 +01:00
fa3a91e936
Merge m-i to m-c, a=merge
2015-04-04 09:59:17 -07:00
3a6df834e2
No bug, Automated HPKP preload list update from host bld-linux64-spot-220 - a=hpkp-update
2015-04-04 03:27:46 -07:00
81b8c93237
No bug, Automated HSTS preload list update from host bld-linux64-spot-220 - a=hsts-update
2015-04-04 03:27:44 -07:00
Carsten "Tomcat" Book
Wes Kocher
Blake Kaplan
Steven Michaud
Dave Townsend
André Reinald
Patrick McManus
Kai Engert
Phil Ringnalda
ffxbld
David Keeler
Neil Deakin
Brian Smith
Nathan Froyd
Mike Hommey
Landry Breuil
Jan Beich
Jed Davis
Mark Goodwin
Francois Marier
Ehsan Akhgari
Cykesiopka
Bob Owen