Граф коммитов

10477 Коммитов

Автор SHA1 Сообщение Дата
Julian Hector 21e153fc19 Bug 742434 - Part 1: Make ContentSecurityPolicy constructor explicit. r=gcp
MozReview-Commit-ID: HrBpcQ1BYFI
2016-07-05 03:07:00 +02:00
Cykesiopka 90d2c0d630 Bug 1281955 - Don't Adopt() NSS allocated strings in PSM to avoid using the wrong deallocator. r=dkeeler
There are a few places in PSM where the result of an NSS function returning
char* is adopted by e.g. an nsXPIDLCString, which will use the wrong deallocator
when the string eventually gets destroyed.

This is basically Bug 1281564, but the free() call is buried within the Mozilla
string code instead.

MozReview-Commit-ID: HVSMyRpLnjS

--HG--
extra : transplant_source : Msmc%DB%16%23%87%00%A1%05%ABB%0BD%97%3B%A1%E7x
2016-06-29 18:42:37 -07:00
Gian-Carlo Pascutto 0a5cac2ffc Backed out 2 changesets (bug 742434)
Backed out changeset 4e0e2373e234 (bug 742434)
Backed out changeset 66a937c6ca0e (bug 742434)

MozReview-Commit-ID: 8Chchv4HUL

--HG--
extra : rebase_source : 78f35317a643a48c3f45ec34d88fe321d71d04d1
2016-07-04 18:00:53 +02:00
Julian Hector c50fb0578f Bug 742434 - Part 1: Introduce pref to control content sandbox. r=jld
MozReview-Commit-ID: CuSCwcwRiND
2016-06-16 12:39:07 +02:00
Sergei Chernov edb1f658f6 Bug 1275238 - Certificate Transparency support in mozilla::pkix; r=keeler
MozReview-Commit-ID: HZwzSgxarTw

--HG--
extra : transplant_source : %BF%F9%A8T%C6x%82%03%3Ez%9F%3BT%E3%1B%11s%294%F4
2016-06-15 11:11:00 +03:00
Gian-Carlo Pascutto d56f275c43 Bug 1273852 - Update chromium's list of linux-x86-32 syscalls. r=jld
MozReview-Commit-ID: KpjitH5GQEq

--HG--
extra : rebase_source : d45c7d0c1bf13481fe30ec484a15a409771f04ff
2016-06-08 20:36:04 +02:00
Gian-Carlo Pascutto a7f65e7eac Bug 1273852 - Allow getsockopt in EvaluateSocketCall. r=jld
MozReview-Commit-ID: F9rVM0VKmUR

--HG--
extra : rebase_source : 86271db1e6c24a4ca98ccb0580cd608c2a4cc580
2016-06-08 19:05:08 +02:00
Gian-Carlo Pascutto d270c42cdd Bug 1273852 - Always add seccomp-bpf socketcall dispatcher. r=jld
For 32-bit Linux 4.3+, always add socketcall dispatcher even if relevant
syscalls are known, because both entry points will exist.

See Linux kernel commit:

commit 9dea5dc921b5f4045a18c63eb92e84dc274d17eb
Author: Andy Lutomirski <luto@kernel.org>
Date:   Tue Jul 14 15:24:24 2015 -0700

    x86/entry/syscalls: Wire up 32-bit direct socket calls


MozReview-Commit-ID: I3GEvolGfsR

--HG--
extra : rebase_source : c358a6d39d9bf5701150e58f1002f6c6dc91cd6f
2016-06-29 20:34:40 +02:00
Carsten "Tomcat" Book 6152d5afcc Merge mozilla-central to mozilla-inbound 2016-06-30 12:46:28 +02:00
Carsten "Tomcat" Book 3a42c363cc merge mozilla-inbound to mozilla-central a=merge 2016-06-30 12:33:41 +02:00
Tim Taubert 4b5f869ce3 Bug 1283376 - Land NSS_3_26_BETA1 r=franziskus 2016-06-30 08:42:30 +02:00
Cykesiopka d93f9d1b28 Bug 1282004 - Convert TestMD4 CPP unit test into a GTest. r=mgoodwin
Nothing in the file requires functionality provided by the CPP unit test harness,
so making the file a GTest makes it more accessible.

MozReview-Commit-ID: FaAtF0blCwV

--HG--
rename : security/manager/ssl/tests/compiled/TestMD4.cpp => security/manager/ssl/tests/gtest/MD4Test.cpp
extra : transplant_source : edV%1F%0B97%1B%25%FA%0ABH%14%F5%A2Ms/%7E
2016-06-27 09:06:51 -07:00
Cykesiopka 3f7ca34d26 Bug 1282004 - Make it easier to run all PSM GTests at once. r=mgoodwin
Currently, running all the PSM GTests involves providing a filter that catches
all the various tests. This is annoying and error prone.

The changes here make running all PSM GTests as easy as:
  mach gtest "psm*"

MozReview-Commit-ID: EqaysNvwJaQ

--HG--
extra : transplant_source : %0CCM%99%12%18%8D%B9%DD%84%0C%A06%0Ba%AD%A7%EB%B3%FB
2016-06-27 09:06:43 -07:00
David Keeler 3fed4e5ecc bug 1272858 - use a name-agnostic method to find the built-in root PKCS#11 slot r=Cykesiopka
Previously this implementation would use the expected names of the built-in
module and slot to get a handle on them. This doesn't work on distributions that
use other names. The new implementation searches through the slots from the
default module list for one where PK11_HasRootCerts returns true (which
indicates that NSS considers that slot to contain the default built-in root
list).

MozReview-Commit-ID: LmX27hQfFJU

--HG--
extra : rebase_source : 50383dcc77257fe08ce2c7d908e95cda7c4bbe9d
2016-06-23 15:43:47 -07:00
David Keeler fbd578cfcf bug 826783 - make certificate viewer more flexible about its minimum size r=mgoodwin
This makes the certificate viewer able to shrink itself down a bit on small
screen sizes. Without this patch, the "Close" button would be off the screen on
small resolutions like 1024x768. On larger screen sizes, this patch should have
no effect on the initial size of the certificate viewer window (although it now
can be made smaller manually).

MozReview-Commit-ID: IET9dxx23Xc

--HG--
extra : rebase_source : 487c88d626df7184502226b9ce02410adc504f12
2016-06-24 10:23:18 -07:00
Masatoshi Kimura 759c6d2a52 Bug 1279479 - Hide DHE cipher suites from the first handshake. r=keeler
MozReview-Commit-ID: BXZm6EMaLy2

--HG--
rename : security/manager/ssl/tests/unit/test_weak_crypto.js => security/manager/ssl/tests/unit/test_fallback_cipher.js
extra : rebase_source : 925361a6114fa5b09f74e2f61e504a1e3b938805
2016-06-23 03:48:02 +09:00
Cykesiopka 577a05865b Bug 307081 - Make nsIClientAuthDialogs::ChooseCertificate() pass an nsIArray of nsIX509Certs, not strings. r=kats,keeler
This provides implementations of ChooseCertificate() with more flexibility, and
allows callers of ChooseCertificate() to be less complex.

A portion of this work involves reimplementing
nsNSSCertificate::FormatUIStrings() in JS and improving UI strings for l10n.

MozReview-Commit-ID: CE7Uc2ntwmZ

--HG--
extra : transplant_source : R%A8eC%CEO2%DC%20%F7%B4V%F3g%E6h%EB%D5%8D3
2016-06-24 00:12:16 -07:00
Cykesiopka 313db6b516 Bug 307081 - Clean up nsIClientAuthDialogs.idl and implementations. r=kats,keeler
This fixes the following in the IDL:
1. Misleading or unclear parameter names in the IDL. |cn| in practice is the
   concatenation of the CN of the server cert and the port of the server, and
   |issuer| is the Organization of the issuer cert of the server cert.
2. Use of the |wstring| type. |AString| is generally preferred, and has the
   benefit of letting implementations skip null checks due to the use of
   references.
3. Using an explicit |canceled| outparam instead of just setting a return type.
   There is no need for the outparam if the return type can be used.
4. Using |long| (int32_t) for |selectedIndex|. |unsigned long| (uint32_t) is
   more logical, and paves the way for future changes.

This fixes the following in the Android implementation:
1. Lack of checks to ensure the QueryInterface() call succeeded. In practice,
   the call will always succeed, but it's good practice to check anyways.
2. Setting a variable to an nsIPrefService instance initially, then later
   setting it to a pref branch instance later on. This is confusing and
   unnecessary.

This fixes the following in the desktop implementation:
1. Lack of null pointer checking.
2. Trying to get a parent window ref off a context that doesn't actually support
   doing so.
3. Setting a variable to an nsIPrefService instance initially, then later
   setting it to a pref branch instance later on. This is confusing and
   unnecessary.
4. Abusal of the CAPS bundle.
5. Unnecessary variables.
6. Variables declared far away from where they are used.
7. Variable shadowing.
8. Style issues.
9. Lack of documentation.

This also fixes the following:
1. Lack of localisation notes.

MozReview-Commit-ID: FTc6XecJd6h

--HG--
extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.-
2016-06-24 00:12:11 -07:00
Cykesiopka 1bc7589c72 Bug 307081 - Expose nsNSSCertificate.cpp GetKeyUsagesString() as the keyUsages attribute on nsIX509Cert. r=keeler
This allows nsNSSCertificate::FormatUIStrings() to be reimplemented in JS, which
is a necessary step for making nsIClientAuthDialogs::ChooseCertificate() pass an
nsIArray of nsIX509Certs.

Also removes some deprecated and unused constants.

MozReview-Commit-ID: CJITKVlUEtP

--HG--
extra : transplant_source : %1C%09%B2%B5%F4%C4%28%1A%B2%E5%CFsu%8B%B6W%8El%9Cn
2016-06-24 00:12:06 -07:00
Cykesiopka 97ab4b046e Bug 1281564 - Fix misuses of free() as the deallocator in PSM. r=keeler
There are a few places in PSM where free() is used to free memory allocated by
NSS instead of PORT_Free() (or higher level deallocation functions that end up
calling PORT_Free()).

In practice, PORT_Free() is just a wrapper around PR_Free(), which is just a
wrapper around free() if we don't ask NSPR to use a zone allocator.
Gecko explicitly tells NSPR not to use a zone allocator, so the changes here are
mainly for making the code more obviously correct.

This patch also includes some misc cleanup.

MozReview-Commit-ID: 9Ccg5OwlhWR

--HG--
extra : rebase_source : 768979a4bedb1cbdab2398d2a416429d9a241dd6
2016-06-22 15:56:11 -07:00
Cykesiopka 26dc8be640 Bug 1280331 - Update HPKP preload script URL to deal with renaming of transport_security_state_static.certs. r=keeler
4361f2ad66
renamed transport_security_state_static.certs to
transport_security_state_static.pins, so the URL needs to be updated to avoid
a 404.

MozReview-Commit-ID: 1FmYdi0mMcI

--HG--
extra : rebase_source : 25ebf2290cab6ee12f98bc65972b696c45d506d0
2016-06-21 16:11:57 -07:00
Masatoshi Kimura bdcdded91f Bug 1281084 - Enable TLS 1.3 PSK-resumption for AES-256-GCM and ChaCha20/Poly1305. r=keeler 2016-06-22 21:55:13 +09:00
Mark Goodwin d3dde26071 Bug 1280224 - Initial values for the content signature root pref are ignored. r=keeler
MozReview-Commit-ID: 9y8wsVcz0hz
2016-06-21 15:24:52 +01:00
David Keeler 540b8f3d01 bug 1278041 - skip TLS Feature checks so HPKP can be set r=mgoodwin
This is safe because TLS Feature checks have already been done when connecting
to the site in the first place.

MozReview-Commit-ID: HfbcrAv4bCJ

--HG--
extra : rebase_source : d1f22c1a4e2c8535e10bd071c937a1aac7b8e2fd
2016-06-20 16:36:36 -07:00
Kai Engert c6ce2eb18b Bug 1277255, land NSS_3_25_RC1, r=me 2016-06-20 19:17:28 +02:00
Carsten "Tomcat" Book ecdef8e6f4 merge mozilla-inbound to mozilla-central a=merge 2016-06-17 00:32:10 +01:00
Thomas Zimmermann 97a43c0b93 Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.

MozReview-Commit-ID: oKwdjzDjij
2016-06-16 08:43:51 +01:00
Thomas Zimmermann 7d6335ca2d Bug 1276927: Fix B2G sandboxing code to build with Android NDK, r=fabrice
This patch fixes an incorrect C++ namespace of STL datastructures.

MozReview-Commit-ID: FYx38sTzF4I
2016-06-16 08:43:51 +01:00
Onno Ekker f1de083a08 Bug 1279953 - Ambiguous string usage for "not encrypted page". r=dolske
--HG--
extra : rebase_source : e6ea020d8b98e9bef2e895e5312edc47d839cc2c
2016-06-13 22:14:04 +02:00
Sebastian Hengst 809cc61389 Backed out changeset a4f95658a29b (bug 1276927) 2016-06-15 12:24:14 +02:00
Sebastian Hengst bb691db120 Backed out changeset b6c190b08824 (bug 1276927) 2016-06-15 12:23:52 +02:00
Thomas Zimmermann 565a7b74dc Bug 1276927: Define HAVE_ANDROID_OS before including 'android_filesystem_config.h', r=fabrice
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.

MozReview-Commit-ID: oKwdjzDjij
2016-06-15 10:59:49 +01:00
Thomas Zimmermann 652691d85a Bug 1276927: Fix B2G sandboxing code to build with Android NDK, r=fabrice
This patch fixes an incorrect C++ namespace of STL datastructures.

MozReview-Commit-ID: FYx38sTzF4I
2016-06-15 10:59:48 +01:00
Franziskus Kiefer a394235094 Bug 1277255, land NSS_3_25_RC0, r=kaie 2016-06-13 17:31:45 +02:00
Julian Hector 14d815c27e Bug 1275920 - Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld
--HG--
extra : rebase_source : 4808d641597e40e124be0bae1e10ad37570355c9
2016-05-27 19:29:21 +02:00
Gian-Carlo Pascutto d543e16807 Bug 1273859 - Add sys_pwrite64 to seccomp whitelist for content process. r=jld
MozReview-Commit-ID: FsJ8ER9B9EY

--HG--
extra : rebase_source : a76bb584e8804a3f73abf2c821fa2d9d25997a17
2016-05-18 14:39:20 +02:00
David Keeler febcbb464f bug 1278605 - ensure that nsICertOverrideService can be implemented in JS r=Cykesiopka
MozReview-Commit-ID: KSVeraWuRPZ

--HG--
extra : rebase_source : 15f7abb08b57c8525e44f39c5e10c9cc5299dc47
2016-06-07 11:27:33 -07:00
Masatoshi Kimura dfb8d11072 Bug 1268728 - Remove ability to enable RC4. r=keeler 2016-06-07 22:17:43 +09:00
Bob Owen 5714578c95 Bug 1278528: Don't try to initialize the sandbox TargetServices when we are not sandboxed. r=jimm
MozReview-Commit-ID: EpXy9LYXwQL
2016-06-07 14:03:51 +01:00
Julian Hector d5bb492be4 Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld 2016-05-26 16:20:44 +02:00
Julian Hector 1f2003d5b1 Bug 1274873 - Part 1: Change search order for free signal r=jld 2016-05-26 16:19:28 +02:00
Carsten "Tomcat" Book efa443d4d3 Backed out changeset ae5286493f15 (bug 1274873) for frequent timeouts in browser_ManifestObtainer_obtain.js
--HG--
extra : rebase_source : 5aa2340db1e93f26feb5c3173b8af4aacdb60b31
2016-06-07 12:07:16 +02:00
Carsten "Tomcat" Book 1d324ed30a Backed out changeset 62646bfa1f95 (bug 1274873)
--HG--
extra : rebase_source : 644a5678b4f8e32e9809583cf7eb88fb0a518f31
2016-06-07 12:06:51 +02:00
Julian Hector fd5c167bdc Bug 1276470 - Add sys_statfs to seccomp whitelist. r=jld 2016-05-28 20:33:49 +02:00
Julian Hector 1b857c2f98 Bug 1274873 - Part 2: Move signal handler set up to SandboxEarlyInit() r=jld 2016-05-26 16:20:44 +02:00
Julian Hector 1c0ad8ce67 Bug 1274873 - Part 1: Change search order for free signal r=jld 2016-05-26 16:19:28 +02:00
Haik Aftandilian 99f34a0cfe Bug 1272764 - Remove OS X 10.6-10.8-Specific Sandboxing Code (fix indentation); r=bobowen 2016-06-06 13:15:00 +02:00
Haik Aftandilian ad91978a78 Bug 1272764 - Remove OS X 10.6-10.8-Specific Sandboxing Code; r=bobowen 2016-06-06 13:15:00 +02:00
David Keeler 5e35bedf79 bug 1266563 - regenerate CA telemetry hash table r=jcj
MozReview-Commit-ID: 1NXDU2ejfzl

--HG--
extra : rebase_source : 86abe8c3009542557da524f3697414b7cee9fcb3
2016-06-03 16:12:38 -07:00
Gabor Krizsanits 6c0e1dc69f Bug 1146873 - Handling sandbox policy setup failures. r=bobowen 2016-06-06 15:13:33 +02:00
Carsten "Tomcat" Book 4aea0165dc merge mozilla-inbound to mozilla-central a=merge 2016-06-06 11:55:56 +02:00
ffxbld 989a828304 No bug, Automated HPKP preload list update from host bld-linux64-spot-384 - a=hpkp-update 2016-06-04 05:09:33 -07:00
ffxbld 237f18948d No bug, Automated HSTS preload list update from host bld-linux64-spot-384 - a=hsts-update 2016-06-04 05:09:30 -07:00
Haik Aftandilian c0be03a3bd Bug 1272772 - Inline system.sb and remove unneeded rules (removes unneeded rules); r=gcp 2016-06-01 15:40:00 +02:00
Haik Aftandilian 5b9493970f Bug 1272772 - Inline system.sb and remove unneeded rules (removes unused macros); r=gcp 2016-06-01 15:40:00 +02:00
Haik Aftandilian 3cb7c0e726 Bug 1272772 - Inline system.sb and remove unneeded rules (inline system.sb rules); r=gcp 2016-06-01 15:40:00 +02:00
Masatoshi Kimura ee23c0a77c Bug 975832 - Enable AES-256 variants of the AES-128 GCM cipher suites we have already enabled. r=keeler 2016-06-04 08:19:29 +09:00
David Keeler baead5135e bug 1277240 - don't import trust anchors in SaveIntermediateCerts r=Cykesiopka
MozReview-Commit-ID: KHwA2LJSeUS

--HG--
extra : rebase_source : e1f7a469d2dc8608adf4b0172f99d9adb192bbb5
2016-06-02 13:17:14 -07:00
Julian Hector d0f949dad4 Bug 1275786 - Add sys_listen to seccomp whitelist. r=jld
--HG--
extra : rebase_source : 7028482ca148f63e53e1fe915d0be507b5116c84
2016-05-27 16:00:50 +02:00
Julian Hector cb6d29b0b7 Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld
--HG--
extra : rebase_source : 90d403a3b21547ff7f280b2bff7746f4b8e32fe3
2016-05-27 15:58:51 +02:00
Julian Hector 5eb8b17162 Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld
--HG--
extra : rebase_source : e4761ce8c466987f54ddd41603fa626923fe0865
2016-05-27 15:56:35 +02:00
Kai Engert c50d0b99ce Bug 1277255, land NSS_3_25_BETA1, r=franziskus 2016-06-02 22:33:04 +02:00
Cykesiopka 4e54963733 Bug 1275197 - Ensure nsNSSU2FToken.cpp GetSymKeyByNickname() does not cause leaks. r=keeler
Prior to these changes, GetSymKeyByNickname() could theoretically leak. This
should not happen in practice, so the changes here just ensure that the code
doesn't cause leaks.

MozReview-Commit-ID: LWtqLmsBPV2

--HG--
extra : transplant_source : rWE%CD%D8%A7%87%3C%95%03%B5%03E%3E%06E%C7O%0D%F6
2016-06-01 22:43:37 -07:00
Jonas Sicking c706b7f059 Bug 1275714 - Changes in preparation for FlyWeb landing. Add ability to pin using a cert fingerprint, in addition to using a cert. r=dkeeler
--HG--
extra : amend_source : 41336f6eeaf5e26b91e177dd60a91ad9ed3a064c
2016-06-01 17:02:34 -04:00
Haik Aftandilian 7c418a5f4a Bug 1276420 - Widevine plugin crashing on OS X due to -stdlib=libc++ and sandboxing interaction; r=gcp 2016-06-01 12:26:04 -07:00
J.C. Jones 8524776280 Bug 1275479 - Create nsIU2FToken base interface (Part 2). r=keeler
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.

MozReview-Commit-ID: GQuu6NolF4D

--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
2016-05-27 13:44:20 -07:00
Chris Peterson 6b776e8000 Bug 1277014 - Fix -Wstring-conversion warnings in security/manager/ssl/. r=keeler
security/manager/ssl/nsNSSComponent.cpp:1694:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [31]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1333:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1341:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1349:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1357:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
2016-05-31 21:51:50 -07:00
Carsten "Tomcat" Book 76fd727737 Merge mozilla-central to mozilla-inbound 2016-05-30 15:30:55 +02:00
Carsten "Tomcat" Book 463212f69f merge mozilla-inbound to mozilla-central a=merge 2016-05-30 15:29:19 +02:00
Julian Seward 8562142079 Bug 1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 SHA1_End. r=dkeeler.
--HG--
extra : rebase_source : d8e517c891212c0b7794e7db433f6ed626c4cac5
2016-05-30 15:25:52 +02:00
ffxbld dca36f5e32 No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update 2016-05-28 05:20:15 -07:00
ffxbld 3eac728432 No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update 2016-05-28 05:20:13 -07:00
Wes Kocher 9749648a79 Merge inbound to m-c a=merge 2016-05-27 14:14:36 -07:00
Ryan VanderMeulen 687dcb9a8f Backed out changesets d3bde9a513bb and 9fd1d6aeed21 (bug 1272764) for causing startup crashing on OSX 10.9. a=me 2016-05-27 14:50:50 -04:00
Chris Peterson 11ef78ae89 Bug 1275016 - Rename Endian.h to EndianUtils.h to avoid #include confusion with Android's endian.h stdlib header. r=froydnj
--HG--
rename : mfbt/Endian.h => mfbt/EndianUtils.h
2016-05-22 13:31:11 -07:00
David Keeler 8ba29d1473 bug 1265113 - implement platform support for enterprise roots r=Cykesiopka,mhowell,rbarnes
MozReview-Commit-ID: JKxwCjoH0Oa

--HG--
extra : rebase_source : 9eaf3f1c5371e7b4b4df304bc6ce132ade5775da
2016-04-13 15:36:22 -07:00
Haik Aftandilian 0c9bf9e670 Bug 1272764 - Indentation and whitespace cleanups. r=bobowen
--HG--
extra : rebase_source : d3ac9c55cbe4924702fad32dabbc97ac921cce07
2016-05-26 00:08:00 -04:00
Haik Aftandilian 4c4557e85c Bug 1272764 - Remove OS X 10.6-10.8-specific sandboxing code. r=bobowen
--HG--
extra : rebase_source : 94630f8208b4ee1e3664e61425c083a05157e64d
2016-05-26 00:07:00 -04:00
Alexandre Lissy c6be1d0d13 Bug 1274826 - Bypass building SandboxHooks on Gonk r=jld
MozReview-Commit-ID: 3TVdcY7aXvW

--HG--
extra : rebase_source : b734c54ad4e7b8fff384f399b84014410b4cf719
2016-05-26 01:02:25 +02:00
Carsten "Tomcat" Book b6b164ec6d Merge mozilla-central to mozilla-inbound 2016-05-25 15:20:00 +02:00
Carsten "Tomcat" Book c715836c7f merge mozilla-inbound to mozilla-central a=merge 2016-05-25 15:04:00 +02:00
Carsten "Tomcat" Book 3cab03a461 Merge mozilla-central to fx-team 2016-05-24 15:15:55 +02:00
Carsten "Tomcat" Book cb4337c62c merge mozilla-inbound to mozilla-central a=merge
--HG--
rename : dom/presentation/tests/mochitest/file_presentation_non_receiver_oop.html => dom/presentation/tests/mochitest/file_presentation_non_receiver.html
rename : dom/presentation/tests/mochitest/file_presentation_non_receiver_inner_iframe_oop.html => dom/presentation/tests/mochitest/file_presentation_non_receiver_inner_iframe.html
rename : dom/presentation/tests/mochitest/file_presentation_receiver_inner_iframe_oop.html => dom/presentation/tests/mochitest/file_presentation_receiver_inner_iframe.html
2016-05-24 14:52:23 +02:00
ffxbld d8a85e51ac No bug, Automated HPKP preload list update from host bld-linux64-spot-425 - a=hpkp-update 2016-05-21 05:05:21 -07:00
ffxbld 0ffea88a0a No bug, Automated HSTS preload list update from host bld-linux64-spot-425 - a=hsts-update 2016-05-21 05:05:19 -07:00
Bob Owen ecee115838 Bug 1250125: Make a 0 security.sandbox.content.level turn off the content process sandbox. r=TimAbraldes
This also fixes a bug where we weren't setting parts of the policy correctly for levels 3 to 9.

MozReview-Commit-ID: IXsg2nGOqoa

--HG--
extra : rebase_source : 65c76a581dcd498c7d7d5b01e4f4e140acdb244f
2016-05-25 09:06:23 +01:00
Masatoshi Kimura 3e0685deec Bug 1274953 - Bump the lowest valid TLS insecure fallback limit to 3 (TLS 1.2). r=keeler 2016-05-24 19:08:13 +09:00
Masatoshi Kimura 877c4b8482 Bug 1275252 - Deal with some TLS 1.3 intolerance. r=keeler 2016-05-25 19:36:57 +09:00
Mathieu Leplatre 695a9942a4 Bug 1266235 - Use blocklist prefix in preference names. r=MattN
MozReview-Commit-ID: 5aeoiSEMwYw

--HG--
extra : rebase_source : ff4e77c88de58923afe75be2046dcdb98e40ad2f
2016-05-19 12:51:13 +02:00
Sergei Chernov d46c2e938b Bug 1241574 - Certificate Transparency - base definitions and serialization to/from TLS wire format. r=keeler, r=Cykesiopka
MozReview-Commit-ID: KmJOr2crof7

--HG--
extra : transplant_source : %97%2A%03p%7CP%09%CA%60J%D22%91%3C%C1%C9%B8%C6%89%D8
2016-04-11 16:17:25 +03:00
Johnathan Nightingale c40db9a65c bug 466011 - clarify comments in cert override service IDL r=kaie DONTBUILD NPOTB
--HG--
extra : rebase_source : 6c67c12f768c4f5e9df84a7ab982d08095ba29ae
2016-05-27 13:11:32 -07:00
David Keeler e87f6f88e2 bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r=mcmanus
MozReview-Commit-ID: 6i7HxTdLcID

--HG--
extra : rebase_source : 3c1b4c0ed798c166cbc2bcad71de90543af176c1
2016-05-23 13:58:56 -07:00
Gian-Carlo Pascutto e8fd20fdcf Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
MozReview-Commit-ID: 6Un4yNzxGgg

--HG--
extra : rebase_source : fc8762b9802fab071cb194513a5ad390ae7984f3
2016-05-18 18:37:44 +02:00
Carsten "Tomcat" Book 805f86c2b5 Merge mozilla-central to mozilla-inbound 2016-05-24 15:13:51 +02:00
Carsten "Tomcat" Book be11014a2b Backed out changeset 767f65379fdf (bug 1098428) for causing linux crashes on a CLOSED TREE 2016-05-24 13:03:00 +02:00
Gian-Carlo Pascutto 42b1907a65 Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
MozReview-Commit-ID: GtIPsRqq5hr

--HG--
extra : rebase_source : 6b918e5119f15536c9437c27cfee413577268b78
2016-05-18 18:37:44 +02:00
Cykesiopka 0b04616a47 Bug 1271496 - Stop using Scoped.h in non-exported PSM code. r=keeler
Scoped.h is deprecated in favour of the standardised UniquePtr.

This patch removes use of Scoped.h everywhere in PSM except ScopedNSSTypes.h,
which is exported. Other consumers of ScopedNSSTypes.h can move off Scoped.h
at their own pace.

This patch also changes parameters and return types of various functions to make
ownership more explicit.

MozReview-Commit-ID: BFbtCDjENzy

--HG--
extra : transplant_source : %0B%C7%9F%40%FA9%A4%F2%5E%0D%92%1C%A6%A49%94%C3%7E%1Cz
2016-05-23 19:50:26 -07:00
Cykesiopka 378731742d Bug 883718 - Followup: Remove nsIBufEntropyCollector.idl. r=trivial
This file is no longer used post
https://hg.mozilla.org/mozilla-central/rev/8dd88e2a1976, but was not removed.
2016-05-24 00:51:00 +02:00
Nicholas Nethercote 99a82c0ac7 Bug 1273711 - Avoid OOM aborts in nsSecretDecoderRing::encode(). r=cykesiopka.
This patch removes an infallible duplication of the base64-encoded string,
which can be large.

--HG--
extra : rebase_source : c8e709d7afcb53e23fdea919fade857a7fd3fea4
2016-05-19 08:55:48 +10:00
Julian Hector 5894681e14 Bug 1274553 - Properly handle stat() requests in permissive mode. r=jld
MozReview-Commit-ID: IeFwQ2Gv21z

--HG--
extra : rebase_source : 0198c5df41f728f85bea149a10dfe0b7c0fae43f
2016-05-20 14:42:50 +02:00
Cykesiopka 5a7878cf2c Bug 1222754 - Replace nsSecureBrowserUIImpl::mOnStateLocationChangeReentranceDetection and nsAutoAtomic. r=keeler
mOnStateLocationChangeReentranceDetection and nsAutoAtomic form an unnecessarily
threadsafe reentrance prevention mechanism that can be replaced by
mozilla::ReentrancyGuard.

MozReview-Commit-ID: KWDdFD5TpCk

--HG--
extra : rebase_source : c3e0a9ad32ff169c6afb00dd10099835b6196682
2016-05-19 22:00:44 -07:00
Cykesiopka 1d22abcec2 Bug 1271953 - Remove nss_addEscape(). r=mgoodwin
The function basically duplicates existing Mozilla string class functionality.

MozReview-Commit-ID: 9IFEXuT9cW1

--HG--
extra : rebase_source : 0d0c4492a63f7a168b6092fdb2e1bf8ec09d5308
2016-05-16 09:04:09 -07:00
Cykesiopka 2677d5c111 Bug 1273749 - Address misc issues with nsNSSCertValidity. r=keeler
Prior to the changes here, nsNSSCertValidity had the following issues:
 - Did not check for NSS shut down.
 - Provided an irrelevant zero argument constructor.
 - Did not explicitly delete the unwanted copy constructor and assignment
   operators.
 - Misc style issues.
 - Did not have a dedicated test.

MozReview-Commit-ID: JUPtk1OjsNg

--HG--
extra : rebase_source : 2f6475c842b8c1c2570a7a5e4e9f87f0bb12deae
2016-05-19 17:35:09 -07:00
Cykesiopka ff87cc2acc Bug 1251133 - Remove DSA telemetry. r=jcj
Firefox no longer supports DSA cipher suites, so this telemetry is dead code.

MozReview-Commit-ID: G3ipd0TADM

--HG--
extra : rebase_source : 6cd2b10727107c048010d39b24e328f5539a7220
2016-05-19 18:42:16 -07:00
Wes Kocher 4f7146f46c Backed out changeset 1b8f35a4774e (bug 1273677) for valgring leaks CLOSED TREE 2016-05-20 18:13:12 -07:00
David Keeler a53c0feecf bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r=mcmanus
MozReview-Commit-ID: 6i7HxTdLcID

--HG--
extra : rebase_source : 5a64db198fe582e6057bb58f8f51be3e9a63192b
2016-05-17 15:17:33 -07:00
Cykesiopka 6b12fc8650 Bug 1271501 - Use mozilla::BitwiseCast instead of reinterpret_cast in PSM. r=keeler
mozilla::BitwiseCast does the same thing, but provides static asserts that
mitigate some of the risk of using reinterpret_cast.

MozReview-Commit-ID: ENQ8QC6Nl9o

--HG--
extra : rebase_source : c1725c8363c0f7f9877601de5ab5f152ef4d0439
2016-05-18 21:20:56 -07:00
Cykesiopka 179b27667b Bug 1271501 - Downgrade unnecessarily strong reinterpret_casts in PSM. r=keeler
These reinterpret_casts can be static_casts or const_casts instead.

MozReview-Commit-ID: 1KQDWHO9CGS

--HG--
extra : rebase_source : a629d91577bdcb6d7fd94416e61ad46ca43f945d
2016-05-18 18:58:41 -07:00
Cykesiopka 5e0c49ff77 Bug 1271501 - Remove unnecessary uses of reinterpret_cast in PSM. r=keeler
These uses of reinterpret_cast are either pointless, or can be removed via
refactoring.

MozReview-Commit-ID: Aw2rlJfrT6J

--HG--
extra : rebase_source : 243d6c38eedc086c59d47c93d4a57cb6a922910a
2016-05-18 18:58:40 -07:00
Martin Thomson 103d3aba59 Bug 1250568 - Adding TLS 1.3 to nsISSLStatus, r=keeler
MozReview-Commit-ID: 4mLdtsdFoKN

--HG--
extra : rebase_source : 8526499c8765a14efeec22950372c738d8dc8b95
2016-04-04 16:21:19 -03:00
Martin Thomson ec792f4dff Bug 1250568 - Adding ECDHE_PSK suites, r=keeler
MozReview-Commit-ID: 1MGB7ewpDuZ

--HG--
extra : rebase_source : 5afd535d6f853db31dd98f70dbc189d01a0246fa
2016-04-04 16:21:19 -03:00
Martin Thomson 9b8f068092 Bug 1250568 - Add support for TLS1.3 in prefs and telemetry, r=keeler
MozReview-Commit-ID: AH8SO3fRUp4

--HG--
extra : rebase_source : f7b367bc4577c2fea2741c60793f7cde6cba0aef
2016-04-19 14:29:36 +10:00
Ralph Giles 0946db2658 Bug 1271794 - Use SSE2 instructions on win32. r=glandium
We've decided supporting the small number of x86 machines
without SSE2 instructions is no longer worth the cost in
developer time nor the performance impact for other users.

https://groups.google.com/d/msg/mozilla.dev.platform/dZC39mj5V-s/Xt_UqZXkAAAJ

Set -arch:SSE2 by default on x86 if an arch hasn't already
been supplied. This ensures we'll continue to build with
the right instruction set if the compiler changes its default
in the future, while still allowing custom builds to set
a lower minimum.

Also updates the filter to strip all arch switches on win64
when building the sandbox. The 64-bit compiler doesn't
support -arch:SSE2 either.

MozReview-Commit-ID: JzTRGPn9vzI
2016-05-18 11:06:30 -07:00
Phil Ringnalda 2657cac015 Backed out 3 changesets (bug 1271794, bug 1271829) on suspicion of making Windows builds less likely to... build
CLOSED TREE

Backed out changeset d0ab0d508a24 (bug 1271829)
Backed out changeset 9f4983dfd881 (bug 1271829)
Backed out changeset 28b45df659b7 (bug 1271794)
2016-05-18 00:04:29 -04:00
Cykesiopka 18c21f386e Bug 1271495 - Replace uses of ScopedPK11Context with UniquePK11Context. r=keeler,mcmanus
ScopedPK11Context is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

MozReview-Commit-ID: HE8UY1hOuph

--HG--
extra : transplant_source : 4%BF%81M%09Q-%2A%E6%04%86i%18%1B%3CL%90%88%04%C7
2016-05-13 05:53:57 -07:00
Ralph Giles 90a00904df Bug 1271794 - Use SSE2 instructions on win32. r=glandium
We've decided supporting the small number of x86 machines
without SSE2 instructions is no longer worth the cost in
developer time nor the performance impact for other users.

https://groups.google.com/d/msg/mozilla.dev.platform/dZC39mj5V-s/Xt_UqZXkAAAJ

Set -arch:SSE2 by default on x86 if an arch hasn't already
been supplied. This ensures we'll continue to build with
the right instruction set if the compiler changes its default
in the future, while still allowing custom builds to set
a lower minimum.

Also updates the filter to strip all arch switches on win64
when building the sandbox. The 64-bit compiler doesn't
support -arch:SSE2 either.

MozReview-Commit-ID: JzTRGPn9vzI
2016-05-17 11:35:51 -07:00
Kate McKinley 567ebcf321 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb, r=mayhemer, r=jld, r=smaug, r=dkeeler, r=jmaher, p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
2016-07-26 13:03:00 -04:00
Kai Engert f586b10fe0 Bug 1258375, land final release tag of nss 3.24. Changes version numbers.
This backs out bug 1270836, as it wasn't landed according to NSS procedures. It will be re-landed once we go to a NSS 3.25 beta version.
2016-05-17 11:00:15 +02:00
Bob Owen e809e9f918 Bug 1035125 Part 9: Link Chromium sandbox into firefox.exe instead of having a separate DLL. r=aklotz,glandium
MozReview-Commit-ID: 1vgDPjpcwz3

--HG--
extra : rebase_source : 40966d98ca6c37f30884639d648907b4760ae240
2016-05-15 16:41:40 +01:00
Bob Owen c43bf02cda Bug 1035125 Part 8: Pass sandboxing pointers through XRE_InitChildProcess instead of linking to more functions in xul. r=aklotz,glandium
MozReview-Commit-ID: 5AiktOArpfU

--HG--
extra : rebase_source : 1ba3be949e2bfeb3b67687ab05d43342852ab764
2016-05-15 16:35:22 +01:00
Bob Owen 209b6e6e18 Bug 1035125 Part 7: Remove unused functions in security/sandbox/chromium/base/time/time.h to avoid nspr dependency. r=aklotz
MozReview-Commit-ID: 4TwVMQGTXUU

--HG--
extra : rebase_source : 0757390f3ff6fc71242ae09d95e1934d3e80fa26
2016-05-15 16:23:57 +01:00
Bob Owen 43b53afacf Bug 1035125 Part 6: Take Chromium commit 3181ba39ee787e1b40f4aea4be23f4f666ad0945 to add Windows 10 version to enumeration. r=aklotz
MozReview-Commit-ID: 8sR9F72JJ1k

--HG--
extra : rebase_source : bc911fbaa12c8186e2c9539e21fe776282280304
2016-05-15 16:23:57 +01:00
Bob Owen 71b3258726 Bug 1035125 Part 4: Back out changeset 8ae39d920f5c and associated subsequent changes. r=glandium
The original changeset that is being backed out had comment:
Bug 1023941 - Part 2: Static-link the CRT into plugin-container.exe.

MozReview-Commit-ID: 1iPJghgd0t2

--HG--
extra : rebase_source : cbed4e43f51af8ea0c3adbfc150ed029fe0d0f57
2016-05-15 16:23:57 +01:00
Chris Peterson 353ee65255 Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium 2016-05-11 00:00:01 -07:00
Hasse 692b996c80 bug 428421 - fix ordering of FIPS description strings r=keeler
In bug 317630, in the call to PK11_ConfigurePKCS11, the order of the strings
provided was switched such that the FIPS token description appeared before the
FIPS slot description, when in fact the reverse should happen.
2016-05-12 15:45:30 -07:00
David Keeler c17f3a2733 bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj
MozReview-Commit-ID: 88JhIU1pUji

--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
2016-05-05 16:11:11 -07:00
Cykesiopka ebd2e17c94 Bug 1265207 - Enable ESLint "var-only-at-top-level" rule for PSM tests. r=jjones
|let| is generally preferred over |var| in PSM JS.

MozReview-Commit-ID: 7SJWQSKFxI4

--HG--
extra : rebase_source : 387c6259ffa2cb0585ff366edc568ccc39bfd902
2016-05-09 18:04:14 -07:00
David Keeler 3a4d7b486c bug 883718 - remove nsIEntropyCollector and implementation r=mgoodwin,mrbkap
The rationale behind nsIEntropyCollector was to supplement NSS' source of
entropy with randomness from mouse move events. This obviously doesn't work on
platforms without a mouse (e.g. mobile platforms). Furthermore, as NSS seeds its
random number generator with robust randomness from the operating system, this
is unnecessary anyway. The primary concern is that initialization of the random
number generator must happen after forking, which is exactly what we do with the
child process in e10s mode.

MozReview-Commit-ID: GYQDElSCZy0

--HG--
extra : rebase_source : 6273a78203121c4d4ddf3ed97451f393ceef4b88
2016-05-10 16:24:44 -07:00
Cykesiopka 8f7bebaa5c Bug 160122 - Stop using PR_smprintf in PSM. r=keeler
The (more) modern Mozilla string classes can be used instead, which at the very
least provide built in automatic memory management and performance improvements.

MozReview-Commit-ID: 4l2Er5rkeI0

--HG--
extra : transplant_source : %A1%16%AB%02m%CA%25HfW%40%96Mq%0D%F0%91%9C%99%29
2016-05-10 23:38:55 -07:00
Chuck Lee 6ad8527ba5 Bug 1082346 - 02. Test case. r=keeler r=Cykesiopka
MozReview-Commit-ID: 3O8gBQ06Q96

--HG--
extra : rebase_source : b7425f43de7bb2f7200416f2bed35eb6b51866aa
2016-05-10 23:08:04 +08:00
Chuck Lee d568bac51d Bug 1082346 - 01. Convert PKCS12 password endian using copyAndSwapToBigEndian. r=keeler
MozReview-Commit-ID: 83fRWTRzoMd

--HG--
extra : rebase_source : 7eb145e8d84a4778b46f989d1766db3c9e39bb4b
2016-05-07 15:58:12 +08:00
Randell Jesup 73a32768d1 Bug 1271402: name and cleanup DataStorage thread when running XPCshell r=froyd,dkeeler
MozReview-Commit-ID: 2brXgEcp91J
2016-05-11 00:11:40 -04:00
Cykesiopka 391584fd9d Bug 1270005 - Replace uses of ScopedPK11SlotInfo with UniquePK11SlotInfo in PSM. r=keeler
ScopedPK11SlotInfo is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes PK11SlotInfo parameters of various functions to make ownership more
explicit, and replaces some manual management of PK11SlotInfo pointers.

MozReview-Commit-ID: JtNH2lJsjwx

--HG--
extra : rebase_source : 9d764e0dd3a1f2df14c16f8f14a3c5392770c9a1
2016-05-09 18:02:40 -07:00
Andi-Bogdan Postelnicu 03b633450d Bug 1270836 - prevent null pointer dereference on |data|. r=emaldona+298309
MozReview-Commit-ID: 45LFxknL9Jy

--HG--
extra : rebase_source : 268874b34c4dd4466eb75376e2860b6940833399
2016-05-10 09:47:28 +03:00
Carsten "Tomcat" Book 56fe0e8f2c merge mozilla-inbound to mozilla-central a=merge 2016-05-09 11:17:59 +02:00
ffxbld f91f69689f No bug, Automated HPKP preload list update from host bld-linux64-spot-1062 - a=hpkp-update 2016-05-07 05:00:36 -07:00
ffxbld c67ee9ebbd No bug, Automated HSTS preload list update from host bld-linux64-spot-1062 - a=hsts-update 2016-05-07 05:00:34 -07:00
Cykesiopka 128f004a1f Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes CERTCertList parameters of various functions to make ownership more
explicit.

MozReview-Commit-ID: EXqxTK6inqy

--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
2016-05-05 14:56:36 -07:00
David Keeler 4c6c57ed83 bug 1269812 - e10s-ify test_bug383369.html and test_unsecureRedirect.html r=Cykesiopka,mrbkap
MozReview-Commit-ID: E6z91sfEjan

--HG--
extra : rebase_source : 0561b67cb63262c46289134a250fb2c59d6af17d
2016-05-03 11:00:50 -07:00
Kyle Huey 941ab1f522 Bug 1268313: Part 7 - Move NS_NewRunnableMethod and friends to mozilla::NewRunnableMethod. r=froydnj 2016-05-05 01:45:00 -07:00
Cykesiopka 5598e0ec78 Bug 1268365 - Check argument validity more in nsASN1Tree.cpp. r=jcj
MozReview-Commit-ID: 6DqyT1veMR7

--HG--
extra : rebase_source : ca4d914285e651fe4fec1cd032e3106c8fc3a5b3
2016-05-03 21:31:13 -07:00
Haik Aftandilian 01b38f360c Bug 1267453 - Amazon Widevine rejects HDCP on MacBook Pro with or without an external display. r=gcp
--HG--
extra : amend_source : 6a8094ddea6ac6c50e8ec8c11e0656eaddafc20e
2016-05-02 19:33:08 +02:00
Carsten "Tomcat" Book 87bdb8ed2d merge fx-team to mozilla-central a=merge 2016-05-02 11:19:50 +02:00
ffxbld e526d34125 No bug, Automated HPKP preload list update from host bld-linux64-spot-576 - a=hpkp-update 2016-04-30 04:56:03 -07:00
ffxbld 484795c7ec No bug, Automated HSTS preload list update from host bld-linux64-spot-576 - a=hsts-update 2016-04-30 04:56:01 -07:00
Kai Engert 4673d27617 Bug 1258375, NSS_3_24_RC0, r=nss-confcall 2016-04-29 18:02:50 +02:00
Carsten "Tomcat" Book ba3fe0975c Backed out changeset 85ce8cb0639a (bug 1268313)
--HG--
extra : rebase_source : 56d1cf41a2dc4959b67f834e07192a5c772176a8
2016-04-29 14:21:16 +02:00
Gian-Carlo Pascutto 6491a25e6f Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld
MozReview-Commit-ID: DvaHjOa5GOv

--HG--
extra : rebase_source : 1105ebd32973f8608c4c8b21dc72ba9313661735
2016-04-28 20:04:06 +02:00
Nicholas Nethercote 2511b2c327 Bug 1267550 (part 2) - Rename MOZ_WARN_UNUSED_RESULT as MOZ_MUST_USE. r=froydnj.
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.

MozReview-Commit-ID: 1VS4Dney4WX

--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf
2016-04-27 14:16:50 +10:00
Wes Kocher 56fe7c4bcb Merge m-c to fx-team a=merge
MozReview-Commit-ID: 3H9BxQQQnNI
2016-04-29 16:05:30 -07:00