eea8fcf5e8
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-12-15 11:20:42 -08:00
cce9ab656b
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-12-15 11:20:38 -08:00
e5088d2dbb
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-15 11:02:59 -08:00
b18ce43492
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-15 11:02:55 -08:00
b73dac9611
Merge autoland to mozilla-central. r=merge a=merge on a CLOSED TREE
2017-12-15 03:43:08 +02:00
4c5305936a
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-12-14 11:19:41 -08:00
96bf1438a5
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-12-14 11:19:38 -08:00
7fccec6502
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-12-14 10:39:44 -08:00
5d995473be
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-12-14 10:39:40 -08:00
95159e1851
bug 1424392 - remove unnecessary nsINSSComponent usage in nsNSSCallbacks r=mgoodwin
...
PK11PasswordPromptRunnable::RunOnTargetThread instantiates nsINSSComponent and
calls GetPIPNSSBundleString/PIPBundleFormatStringFromName to get some localized
strings. Since that runs on the main thread, we can call the helpers in
nsNSSCertHelper instead.
MozReview-Commit-ID: GsHoGDKBKdB
--HG--
extra : rebase_source : 7c18498ad0d01ab01f6e7d8c3d2ccdb1d6e20734
2017-12-08 14:07:04 -08:00
1134c27c23
Merge mozilla-central to autoland. r=merge a=merge CLOSED TREE
2017-12-14 00:15:40 +02:00
c958fc3b7b
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-12-13 12:01:21 -08:00
1377bf03a3
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-12-13 12:01:17 -08:00
354a4163c6
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-13 11:24:25 -08:00
2db6eb28d0
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-13 11:24:21 -08:00
bf2d3984cb
Bug 1424942 - Remove fallback code for old macOS releases in the sandbox policy; r=haik
...
MozReview-Commit-ID: LCU4TWNMs8T
--HG--
extra : rebase_source : b01ba6c163da653717c9201cba70b89540676330
2017-12-12 14:58:46 -06:00
4551f2e31e
Merge inbound to mozilla-central r=merge a=merge
2017-12-12 23:58:36 +02:00
01c7631757
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-12-12 12:10:25 -08:00
561b61d3ff
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-12-12 12:10:21 -08:00
fc20a5a0ab
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-12 11:23:12 -08:00
4338c47957
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-12 11:23:09 -08:00
7a8fc93f68
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-12-11 12:07:39 -08:00
00d93b43c8
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-12-11 12:07:35 -08:00
cba1cda89a
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-11 11:37:07 -08:00
2077079b20
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-11 11:37:03 -08:00
b32bea6044
Bug 1424809 - Get rid of NS_NewPostDataStream, r=valentin
2017-12-12 06:01:17 -06:00
07e7f9f727
Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt
...
MozReview-Commit-ID: 6ED7EPZvOMR
--HG--
extra : rebase_source : d8ddd2bb3551cf25c0f18151c4340e1f48d659ca
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
2017-10-18 20:52:45 +08:00
7b5a586bff
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-12-10 12:02:11 -08:00
20053f4730
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-12-10 12:02:07 -08:00
4d1e04053a
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-10 11:22:34 -08:00
31d8adf7f1
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-10 11:22:30 -08:00
5ba2665757
Merge inbound to mozilla-central r=merge a=merge
2017-12-09 22:21:17 +02:00
317996d0b6
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-12-09 12:01:49 -08:00
0aba3da0bd
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-12-09 12:01:45 -08:00
b6ea2cfac7
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-12-09 11:07:05 -08:00
90b3db49cd
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-12-09 11:07:01 -08:00
096b0974bc
Merge autoland to mozilla-central r=merge a=merge
2017-12-08 23:56:46 +02:00
8f7724e963
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-12-08 12:00:55 -08:00
ab5cafe292
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-12-08 12:00:51 -08:00
4d2f167f48
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-12-08 11:11:49 -08:00
2582928f13
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-12-08 11:11:46 -08:00
6058ba50a3
Bug 1423798 - Remove headers included for backwards compat in nsString.h. r=njn on a CLOSED TREE
...
Remove the headers included for "backwards compatibility" and just include them
where required.
--HG--
extra : source : e2beba7e6875120ebbbcadf24bcbcb5b86411a94
extra : amend_source : 11f07a27431cd468511f0bd45afe36150c6e342c
2017-12-06 19:36:57 -08:00
f488657fbd
Backed out changeset e2beba7e6875 (bug 1423798) for failing Browser Chrome tests browser_temporary_permissions_expiry.js on Windows 7 debug. r=backout on a CLOSED TREE
2017-12-09 07:23:35 +02:00
0fcc1a37e6
Merge mozilla-central to mozilla-inbound. r=merge a=merge CLOSED TREE
2017-12-09 00:57:59 +02:00
74880b3483
Bug 1423798 - Remove headers included for backwards compat in nsString.h. r=njn
...
Remove the headers included for "backwards compatibility" and just include them
where required.
--HG--
extra : rebase_source : 03e703a81ed4b80f4f116ff36d8787464ce5acba
2017-12-06 19:36:57 -08:00
2f09c0a994
Merge mozilla-central to inbound. r=merge a=merge CLOSED TREE
2017-12-08 00:26:07 +02:00
0bed6b5d6d
Merge inbound to mozilla-central r=merge a=merge
2017-12-08 00:12:14 +02:00
8e05423bf3
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-12-07 12:05:58 -08:00
62f9cfe3ca
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-12-07 12:05:54 -08:00
10287820a9
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-07 11:18:38 -08:00
e88025e01c
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-07 11:18:34 -08:00
89531e8dc3
Backed out 9 changesets (bug 1412456) for crashing talos g2 and unexpected network connections in browser-chrome's browser_searchEngine_behaviors.js r=backout a=backout on a CLOSED TREE
...
Backed out changeset 0c01a98f4fd5 (bug 1412456)
Backed out changeset 27077db47231 (bug 1412456)
Backed out changeset f35ec2a884f8 (bug 1412456)
Backed out changeset 602b30ac3c69 (bug 1412456)
Backed out changeset b1ff1050c589 (bug 1412456)
Backed out changeset f100d953f9eb (bug 1412456)
Backed out changeset d85af60fe259 (bug 1412456)
Backed out changeset 736f38486832 (bug 1412456)
Backed out changeset 13a637602dc2 (bug 1412456)
2017-12-07 12:20:21 +02:00
8ba04e79f9
Bug 1422053: Create Windows sandbox sLaunchErrors hashtable on the main thread. r=aklotz
2017-12-07 09:07:43 +00:00
9f4d083047
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-07 12:55:24 -08:00
cd83addd77
Bug 1395187: Use STARTF_FORCEOFFFEEDBACK flag when starting Windows child processes to prevent app starting cursor. r=jimm
2017-12-07 10:24:38 +00:00
bef7c122df
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-06 21:17:05 -08:00
eb65c24c7b
Backed out 8 changesets (bug 1412456) for ESlint failure on browser_urlbarKeepStateAcrossTabSwitches.js:13:49 r=backout on a CLOSED TREE
...
Backed out changeset 0e88de036c55 (bug 1412456)
Backed out changeset 49b93f807db0 (bug 1412456)
Backed out changeset 039e980b7dc6 (bug 1412456)
Backed out changeset c7698410ddbd (bug 1412456)
Backed out changeset e56a1ba26b7c (bug 1412456)
Backed out changeset 0c4506e124ac (bug 1412456)
Backed out changeset a7aec2ce903b (bug 1412456)
Backed out changeset 3e9fb71f1e8e (bug 1412456)
2017-12-07 07:09:33 +02:00
e19c11cd2a
Bug 1423296: Don't use MITIGATION_IMAGE_LOAD_NO_LOW_LABEL when running from a network drive. r=jimm
2017-12-08 19:00:54 +00:00
be77cf4a01
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-06 20:46:58 -08:00
777fa218a9
Backed out changeset 4928928a5e46 (bug 1417680) for leaks detected by valgrind r=backout on a CLOSED TREE
...
--HG--
extra : amend_source : 48d7d6291b7f1e68cc554caa3374cda326d17681
2017-12-07 02:14:25 +02:00
094791c2d0
bug 1417680 - explore the feasibility of not shutting down NSS by no-op-ing the guts of the shutdown infrastructure r=jcj r=franziskus
...
Adapted from https://wiki.mozilla.org/SecurityEngineering/NSS_Startup_and_Shutdown_in_Gecko :
Properly implementing the coordinated shutdown of NSS has, to date, proved
intractable. For architectural reasons and due to the significant complexity
involved, the NSS resource tracking and shutdown infrastructure has been an
ongoing source of crashes and hangs in Firefox. To that end, we have been
exploring the possibility of not shutting down NSS at all. For this to work, we
have had to address a number of potential concerns.
Certificate and key database corruption: In theory, if Firefox were to exit
without coordinating with NSS, data stored in the certificate and key databases
(backed by BerkeleyDB) could be lost. To mitigate this, we have migrated to
using the sqlite-backed implementation. The databases are now journaled, and
short of a bug in sqlite, we do not anticipate data loss due to database
corruption.
PKCS#11 devices: In theory, if Firefox were to exit without coordinating with
NSS and thus any attached PKCS#11 devices, data could be lost on these devices.
However, it is our understanding that these devices must be robust against
unexpected physical removal. Uncoordinated shutdown should present no worse a
risk to user data.
FIPS 140-2 mode: While Mozilla does not ship a version of Firefox that supports
FIPS mode out of the box, Red Hat does. It is our understanding that clearing
key material is a requirement of FIPS and that not shutting down NSS may pose a
problem for this requirement. Red Hat's FIPS 140-2 Security Policy[0] specifies
that the application (i.e. Firefox) using the module (i.e. NSS) is responsible
for zeroization of key material. More specifically, it says "All plaintext
secret and private keys must be zeroized when the Module is shut down (with a
FC_Finalize call), reinitialized (with a FC_InitToken call), or when the session
is closed (with a FC_CloseSession or FC_CloseAllSessions call)." Thus, if
Firefox never shuts down NSS, this requirement is trivially met.
Leak detection: By not shutting down NSS, technically we leak some allocated
memory until shutdown. This could cause problems if our test infrastructure
detected and reported these leaks. However, it appears not to (which itself is
somewhat concerning). In any case, we will have to deal with this if and when we
can detect these leaks.
Given that these concerns all have at least a preliminary answer, we will move
forward with attempting to not shut down NSS in Firefox. This may expose
unexpected issues that may lead to a reassessment of the situation, so this will
be on a trial basis only in Nightly.
[0] https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3070.pdf
MozReview-Commit-ID: LjgEl1UZqkC
--HG--
extra : rebase_source : 99bf715f7f6566ec92ca763eefdbd8d2f69d2ba2
extra : amend_source : d4177cc87f54fccbd49312feef7e29b77bf01432
2017-11-10 15:03:23 -08:00
ada131e8c5
Merge autoland to mozilla-central r=merge a=merge
2017-12-06 23:57:33 +02:00
638c4fcef4
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-06 12:06:18 -08:00
d4149255ed
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-06 12:06:14 -08:00
283abf5e1b
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-12-06 11:12:09 -08:00
7711ad2f7d
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-12-06 11:12:06 -08:00
0b2047cb81
Bug 320231 - Update localization notes for length-limited PKCS#11 strings in pipnss.properties r=Pike
...
MozReview-Commit-ID: 11iUjRi8eUX
--HG--
extra : rebase_source : 029f6e8a06a0d2903297d1726352c584f69ce69d
2017-12-06 12:11:59 +01:00
1d42ce1f7b
Bug 1412646 - Initialize some uninitialized fields in security/manager/ r=keeler
...
MozReview-Commit-ID: HGj8xw5Uq6j
--HG--
extra : rebase_source : 8c9bd7b966bfdead6244c71642a843e8b9e507ff
2017-10-31 11:04:40 +01:00
1f7fdd5826
Merge mozilla-central to inbound. r=merge a=merge on a CLOSED TREE
2017-12-06 01:49:19 +02:00
4df7f01104
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-12-05 12:00:21 -08:00
276f13a7ec
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-12-05 12:00:17 -08:00
fdadcd5373
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-05 11:21:42 -08:00
1516337050
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-05 11:21:38 -08:00
2e08acdf88
Merge inbound to mozilla-central r=merge a=merge
2017-12-05 11:58:51 +02:00
7c657fc158
Merge autoland to mozilla-central r=merge a=merge
2017-12-05 11:57:21 +02:00
795d7ec557
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2017-12-04 15:45:48 -08:00
8294b83561
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2017-12-04 15:45:44 -08:00
2dd6a8b4ce
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-04 11:15:44 -08:00
28bd5a677f
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-04 11:15:40 -08:00
5fa824ebb0
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-12-03 11:42:48 -08:00
423369169d
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-12-03 11:42:45 -08:00
fd3700d56b
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-03 11:03:49 -08:00
c321b37eee
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-03 11:03:45 -08:00
477ac066b5
Bug 1422156 - Update tlsFlags to change 0x40 to be compat mode rather than 7e02 handshake. r=keeler
...
Reviewers: keeler
Reviewed By: keeler
Subscribers: mcmanus
Bug #: 1422156
Differential Revision: https://phabricator.services.mozilla.com/D306
2017-12-02 17:18:33 -08:00
8752d4637d
Bug 1198481 - Fixed typo 'id_pk_serverAuth' to 'id_kp_serverAuth'. r=keeler
2017-12-02 18:03:18 +05:30
e6fe3285be
bug 1421816 - (2/2) add option to sign_app.py to include COSE signatures r=franziskus
...
MozReview-Commit-ID: H7ZLCsH9HrJ
--HG--
extra : rebase_source : 143ac8bdac4cf000809ada4560382bb9ed582b55
extra : histedit_source : fbb72d143a54fa1cd79af560d515068dcc4610ab
2017-11-29 13:37:42 -08:00
1aeab12df2
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-12-02 11:45:05 -08:00
932f702aac
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-12-02 11:45:01 -08:00
8466d82737
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-12-02 11:01:49 -08:00
2955ac7f1c
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-12-02 11:01:45 -08:00
36f5d05cd8
bug 1397837 - remove vestigial references to "code signing" from PSM r=Cykesiopka,snorp
...
As of bug 1257362, the platform does not verify code signing certificates in
general, so anything involving the code signing trust of certificates can go.
MozReview-Commit-ID: 9g9kM62xfYZ
--HG--
extra : rebase_source : 5bec64e5f451c8433aff0de82a91f7bd54c24608
2017-12-01 16:16:20 -08:00
a92c339a33
bug 1424085 - add owning handles so cert references don't leak in IsCertificateDistrustImminent r=jcj
...
nsIX509Cert::GetCert() returns a CERTCertificate whose reference count has
already been increased. Before this patch, when IsCertificateDistrustImminent
called CertDNIsInList(rootCert->GetCert(), RootSymantecDNs) and
CertDNIsInList(aCert->GetCert(), RootAppleAndGoogleDNs), the reference count on
those certificates would never get a corresponding decrement, so we would keep
those certificates alive until shut down. A reasonable and consistent solution
is to introduce a UniqueCERTCertificate handle in each case to own the
reference.
The status of this fix can be verified by setting MOZ_LOG="pipnss:4", running
Firefox, connecting to any host, and then shutting down. If an NSS resource
reference has been leaked, "[Main Thread]: E/pipnss NSS SHUTDOWN FAILURE" will
be in the console output. Otherwise,
"[Main Thread]: D/pipnss NSS shutdown =====>> OK <<=====" will be in the console
output.
This patch also removes nsIX509CertList::DeleteCert because it would also leak a
reference. Luckily, nothing was using it.
This patch also clarifies the implementation of nsIX509CertList::AddCert by
making the ownership transfers explicit.
MozReview-Commit-ID: 2qHo3DmhTPz
--HG--
extra : rebase_source : 42cd42d082431b4637733d8f94fcd560bdea8a44
2017-12-07 15:08:43 -08:00
7e9b75f531
Bug 1409895 - Deny getcwd in the Linux content process sandbox. r=gcp
...
getcwd won't do anything useful once we start chroot()ing to remove
filesystem access; with this patch it will at least fail the same way
regardless of whether user namespaces are available or if other factors
prevent complete FS isolation.
Bonus fix: improve the comments for this group of syscalls.
MozReview-Commit-ID: KueZzly2mlO
--HG--
extra : rebase_source : a6b5dbebbc4d2477909d46085499f2648091b94c
2017-11-20 10:47:54 -07:00
a9961096c0
Bug 1394734 - Simplify various corner cases r=glandium
...
MozReview-Commit-ID: 4s4JdXZPvmv
--HG--
extra : rebase_source : c8f663c99442d41db5f81ac5fe1aa1f47fd5ed82
2017-12-07 22:10:19 +01:00
4591d82b23
Bug 1394734 - Replace CONFIG['CLANG*'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: HbF5oT5HW6f
--HG--
extra : rebase_source : eca479b6ae4bff7f600d1cdb39e11ac2057e4e79
2017-12-07 22:09:38 +01:00
5de63ef061
Bug 1394734 - Replace CONFIG['MSVC'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: 5orfnoude7h
--HG--
extra : rebase_source : 1ed9a6b56e1d27221a07624767a7fb0e6147117f
2017-12-08 13:46:13 +01:00
9bfe27d903
Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandium
...
MozReview-Commit-ID: 7duJk2gSd4m
--HG--
extra : rebase_source : 7312fe276e561e8c034a5f6749774ae812727f9c
2017-12-07 22:09:15 +01:00
79d933ec34
Backed out 22 changesets (bug 1399787) for shutdown leaks on windows 7 debug tc-M without e10s r=backout on a CLOSED TREE
...
Backed out changeset 463d676df5da (bug 1399787)
Backed out changeset fc9776a2605d (bug 1399787)
Backed out changeset 2e91a90dfbc3 (bug 1399787)
Backed out changeset e82ab72f71ee (bug 1399787)
Backed out changeset d7fef200e8b9 (bug 1399787)
Backed out changeset a7d70f7f3335 (bug 1399787)
Backed out changeset 2800f9d20d96 (bug 1399787)
Backed out changeset 9dfa404abf9d (bug 1399787)
Backed out changeset 09b3c172a01e (bug 1399787)
Backed out changeset f9fd3e750636 (bug 1399787)
Backed out changeset 01284c55bf8a (bug 1399787)
Backed out changeset c2ab1b454283 (bug 1399787)
Backed out changeset e7bfa51404c5 (bug 1399787)
Backed out changeset 3fd2a734f887 (bug 1399787)
Backed out changeset ef21f295db3f (bug 1399787)
Backed out changeset c186893ce0fc (bug 1399787)
Backed out changeset 323da3bddaaa (bug 1399787)
Backed out changeset 3b89f189edff (bug 1399787)
Backed out changeset a47bd86c35ee (bug 1399787)
Backed out changeset 558526301a4c (bug 1399787)
Backed out changeset baa99fb50ba9 (bug 1399787)
Backed out changeset 6d82ed0ba805 (bug 1399787)
2017-12-08 13:09:56 +02:00
5b9ee89503
Merge mozilla-central to autoland a=merge r=merge on a CLOSED TREE
2017-12-08 12:06:24 +02:00
d70af3d034
Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt
...
MozReview-Commit-ID: 6ED7EPZvOMR
--HG--
extra : rebase_source : 60e6d103573436d923f8b2b00c70cb2a4a7986df
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
2017-10-18 20:52:45 +08:00
5161a86c36
Bug 1401062 - Delete the old namespace/chroot code and reorganize sandbox init. r=gcp
...
This is mostly deletion, except for SandboxEarlyInit. The unshare()
parts are going away, and the "unexpected threads" workaround can go away
along with them, but the signal broadcast setup still needs to happen
early so we can prevent blocking the signal.
So, SandboxEarlyInit's contract changes slightly from "call before
any other threads exist" to "before any threads that might block all
signals", and everything that can be deferred to immedately before
sandbox startup is. As a result, some getenv()s change to PR_GetEnv
because there can be threads, and there is now an NSPR dependency.
(This may mean that mozglue can no longer interpose symbols in NSPR,
because libmozsandbox is preloaded, but I don't think we're doing that.)
MozReview-Commit-ID: 7e9u0qBNOqn
--HG--
extra : rebase_source : 1a8442f7e0e26231ecf01b19078433d1b5b2763c
2017-08-31 20:38:25 -06:00
5bedf1df18
Merge autoland to mozilla-central r=merge a=merge
2017-11-30 23:51:58 +02:00
6eac8dccfc
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-11-30 11:03:17 -08:00
39509ef8f2
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-11-30 11:03:13 -08:00
9175066393
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-11-30 10:49:34 -08:00
83f995c0a0
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-11-30 10:49:30 -08:00
8b1f82ef39
No bug, Automated HPKP preload list update from host bld-linux64-spot-320 - a=hpkp-update
2017-11-29 11:07:42 -08:00
d471604f22
No bug, Automated HSTS preload list update from host bld-linux64-spot-320 - a=hsts-update
2017-11-29 11:07:38 -08:00
2b8c0a2be5
No bug, Automated HPKP preload list update from host bld-linux64-spot-341 - a=hpkp-update
2017-11-29 10:13:03 -08:00
73f3ea227b
No bug, Automated HSTS preload list update from host bld-linux64-spot-341 - a=hsts-update
2017-11-29 10:12:59 -08:00
b3d418aa6c
Merge autoland to mozilla-central r=merge a=merge
2017-11-29 12:09:11 +02:00
f54d52a50d
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-28 11:45:43 -08:00
61c54f501b
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-28 11:45:40 -08:00
d7a19d2216
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-28 10:46:06 -08:00
812cb244f0
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-28 10:46:03 -08:00
13b5a0e017
bug 1421413 - add a preference to control which add-on signature algorithms are valid r=jcj
...
MozReview-Commit-ID: EwkpY9ADAtw
--HG--
extra : rebase_source : 7fce75b0ff7b42057840df0450d97ce840a69c89
2017-11-28 14:24:11 -08:00
52d69a63ca
Bug 1421372 - simplify the macOS content sandbox rules by splitting the file process rules out; r=haik
...
MozReview-Commit-ID: GJukCOAyE10
--HG--
extra : rebase_source : 7bfdd02482d45e72a785ec2abe2260577238406d
2017-11-28 14:06:06 -05:00
a04e49663b
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-27 11:34:28 -08:00
f5bdc50a83
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-27 11:34:24 -08:00
5fd51d8f5b
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-27 11:04:50 -08:00
6c2b138c87
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-27 11:04:46 -08:00
899f55bc70
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-26 11:29:24 -08:00
b7e36e0dad
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-26 11:29:20 -08:00
a1b8503be3
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-26 10:57:54 -08:00
ad8f2d950c
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-26 10:57:51 -08:00
fde154d757
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-25 11:31:33 -08:00
b75d3913b0
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-25 11:31:30 -08:00
24ce5b57e7
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-25 10:49:45 -08:00
80fa133054
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-25 10:49:41 -08:00
327405164b
Merge inbound to mozilla-central r=merge a=merge
2017-11-25 00:04:02 +02:00
b8d5e9b625
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-24 11:37:55 -08:00
1f4c6721e4
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-24 11:37:51 -08:00
75089cd8b7
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-24 11:00:34 -08:00
a29abc7f7d
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-24 11:00:30 -08:00
5083a36782
Bug 1420060 - FIPS can no longer be toggled in Firefox with the builtin NSS, r=ttaubert
...
MozReview-Commit-ID: 5lgEBiFozSG
Differential Revision: https://phabricator.services.mozilla.com/D282
--HG--
extra : rebase_source : 795b81b79f5c407cbfed3c0607c479d9880f0deb
2017-11-24 09:01:49 +01:00
34900c8a57
Bug 1420060 - land NSS ceb8b9290b35 UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: KprUV50uNDs
--HG--
extra : rebase_source : d67b83423351ac6581889cc95ec979a6f12adc07
2017-11-24 09:00:26 +01:00
21905d169e
Merge mozilla-central to mozilla-inbound. r=merge a=merge CLOSED TREE
2017-11-24 00:38:13 +02:00
da0a72a9d7
Merge inbound to mozilla-central r=merge a=merge
2017-11-24 00:28:29 +02:00
7ede3e4787
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-23 11:37:49 -08:00
eb15ed90ea
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-23 11:37:46 -08:00
4018e652ff
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-23 10:42:06 -08:00
ce8ed40893
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-23 10:42:02 -08:00
a5d613086a
Merge mozilla-inbound to mozilla-central r=merge a=merge
2017-11-23 11:42:46 +02:00
7b10164f9f
Bug 1403840 - add cose rust lib with a test, r=keeler,ttaubert
...
Summary:
This adds the COSE rust library from https://github.com/franziskuskiefer/cose-rust with its C API from https://github.com/franziskuskiefer/cose-c-api to gecko with a basic test.
The COSE library will be used for verifying add-on signatures in future.
Reviewers: keeler, ttaubert
Reviewed By: keeler
Bug #: 1403840
Differential Revision: https://phabricator.services.mozilla.com/D232
--HG--
extra : rebase_source : 433ca6894d88ccda333bfac53507eba4e84924fb
2017-11-22 16:37:15 +01:00
a0b20fcb81
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-22 23:42:02 +02:00
82254ca1cf
Merge inbound to mozilla-central r=merge a=merge
2017-11-22 23:29:44 +02:00
ad970571e9
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-22 11:38:06 -08:00
013da9f3f3
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-22 11:38:02 -08:00
2795ad9547
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-11-22 10:46:15 -08:00
36b4732f5f
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-11-22 10:46:12 -08:00
96f9c8ac5c
Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841 . r=ttaubert
...
EnsureNSSInitializedChromeOrContent() sends sync event to main thread from non-main thread even if it's already initialized. This can make fix at https://searchfox.org/mozilla-central/rev/919dce54f43356c22d6ff6b81c07ef412b1bf933/netwerk/protocol/http/nsHttpHandler.cpp#2105 inefficient and can lead to a deadlock.
--HG--
extra : rebase_source : 18333d17e1d959accd667c8ce25a20ea51c15266
2017-11-22 12:46:08 -05:00
80fbb39861
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
...
MozReview-Commit-ID: CfPBvffjEhq
--HG--
extra : rebase_source : 51c522746b48f0819b926607ceebf7d070df4ffd
2017-10-10 15:25:39 +02:00
5fbf717e5b
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-21 11:48:53 -08:00
d05982f0f1
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-21 11:48:49 -08:00
511b2cf5e6
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-21 11:14:55 -08:00
cf7bf94e79
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-21 11:14:52 -08:00
cde731d2d0
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-20 11:37:26 -08:00
d7e570ab96
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-20 11:37:22 -08:00
21d7bcc344
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-20 10:57:37 -08:00
2fb6a219c1
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-20 10:57:34 -08:00
b3f0c3ded3
Merge mozilla-central to autoland. r=merge a=merge on a CLOSED TREE
2017-11-20 00:17:43 +02:00
c21102410d
No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update
2017-11-19 11:40:51 -08:00
502a538775
No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update
2017-11-19 11:40:47 -08:00
3fc5579f87
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-11-19 10:55:01 -08:00
6b1e59b641
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-11-19 10:54:58 -08:00
79f64eb568
Merge inbound to mozilla-central r=merge a=merge
2017-11-18 22:48:47 +02:00
22b9cb8f84
No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update
2017-11-18 11:41:00 -08:00
2d07f0f683
No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update
2017-11-18 11:40:56 -08:00
973e21879e
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-18 11:05:10 -08:00
aa9e3a35ac
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-18 11:05:07 -08:00
b0ee34bea3
Bug 1416466 - Wait for the next event tick before resolving Promise for onload event in tests in security/manager/ssl/tests/mochitest/browser/. r=mossop
2017-11-18 22:57:18 +09:00
34be833347
Bug 1416016 - Add ../config to the sandbox whitelist for older Mesa. r=jld
...
MozReview-Commit-ID: KahivmVJR1l
--HG--
extra : rebase_source : 7d77f0ee77813a1214cfa5bc618b57c3208443c3
2017-11-17 15:23:28 +01:00
c979b7a21f
Bug 1416808 - Add "$XDG_DATA_(HOME|DIRS)"/fonts to the sandbox whitelist. r=jld
...
MozReview-Commit-ID: DwwltKQg8x4
--HG--
extra : rebase_source : e92b60e320bb26e66bfb38039f141ec83a34fff7
2017-11-17 15:45:11 +01:00
696ac83de9
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-18 02:55:06 +02:00
1d5be20b0d
Merge autoland to mozilla-central r=merge a=merge
2017-11-18 00:00:22 +02:00
4f3980082f
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-17 11:41:51 -08:00
794ea08b42
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-17 11:41:47 -08:00
4da78d1a66
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-17 11:02:48 -08:00
8591b856f3
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-17 11:02:45 -08:00
5a64c2aeb7
Bug 1417959: Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm
2017-11-16 18:10:00 +00:00
cdac966d1b
bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
...
MozReview-Commit-ID: 2qoJz5gDPyY
--HG--
extra : rebase_source : 89ccda87138ac02004d290f621e9d53dcddc08ff
2017-11-15 15:24:58 -08:00
68dd6026ab
bug 1418135 - asynchronously determine the chain to display in the details pane of the certificate viewer r=mgoodwin
...
The current certificate viewer uses "getChain" to determine what chain to show
in the details pane. This is problematic for a number of reasons including a)
it's synchronous (and potentially slow) and b) getChain may return something
almost entirely quite unlike any actual trusted path (see bug 1004580 comment
0).
This won't fix the whole problem (whatever's opening the certificate viewer
should really be passing in the chain itself), but that's hard, so this would at
least change the determination to be asynchronous and at least won't result in
something completely bogus.
MozReview-Commit-ID: J9uqRgxL52j
--HG--
extra : rebase_source : 0cb0a02564f7d962a57af90a9d1177ff41f064fe
2017-11-16 15:48:47 -08:00
cdb95907ba
Merge mozilla-central to autoland r=merge a=merge on a CLOSED TREE
2017-11-16 00:41:40 +02:00
d0a4ab96a0
Merge inbound to mozilla-central r=merge a=merge
2017-11-16 00:24:15 +02:00
6c10f7d914
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-15 11:31:52 -08:00
393e147523
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-15 11:31:48 -08:00
dd02544d02
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-15 10:54:33 -08:00
bab5f228d3
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-15 10:54:29 -08:00
304ec4c15e
Bug 1417420 - Add the path used by FontAgent to the sandbox rules on macOS. r=haik
2017-11-15 17:59:44 +00:00
ab21773795
bug 1417277 - remove support for MOZPSM_NSSDBDIR_OVERRIDE r=jcj
...
MOZPSM_NSSDBDIR_OVERRIDE was added in bug 462919 for integration with xulrunner
applications. Upcoming changes we're aiming to make with how PSM handles NSS and
the certificate/key databases (e.g. making the sqlite-backed implementation
mandatory) mean we have to take this feature into account. xulrunner isn't
supported any longer. Searching the web for "MOZPSM_NSSDBDIR_OVERRIDE" yields
two kinds of results: mozilla-central source code and a man page for nss-gui,
which it seems is the only project that ever made use of
MOZPSM_NSSDBDIR_OVERRIDE (and hasn't been updated since 2013, from what I can
tell). I think it's fair to conclude that this isn't a widely-used (let alone
known) feature. To make development easier, we should remove it.
MozReview-Commit-ID: 56vcTYSzDPq
--HG--
extra : rebase_source : 683a65bcd79182c04524562bc26ed5925f5d902b
2017-11-14 16:38:34 -08:00
7af6788dd0
No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update
2017-11-14 11:51:23 -08:00
1d90c326d7
No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update
2017-11-14 11:51:19 -08:00
e943551045
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-14 10:58:36 -08:00
cc72aaf33e
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-14 10:58:32 -08:00
ba94a5128c
Bug 1371293 - Fix instances of missing 'use strict;' in html files as found after ESLint 4 upgrade. r=mossop
...
MozReview-Commit-ID: 2q3nqLaXA3E
--HG--
extra : rebase_source : 971ee6ae4dd565ead6f4aa16e06638445ecc5da0
2017-10-31 16:40:37 +00:00
3039b5c625
Backed out 1 changesets (bug 1417677) for failing security/manager/ssl/tests/unit/test_broken_fips.js r=backout on a CLOSED TREE
...
Backed out changeset 614a09e35ff0 (bug 1417677)
2017-11-17 12:49:16 +02:00
fdbe147ffb
Merge mozilla-central to autoland. r=merge a=merge CLOSED TREE
2017-11-17 12:09:31 +02:00
82c2e0ec18
bug 1413336 - (7/7) regenerate all the certificates! r=Cykesiopka
...
Also regenerate the test_signed_app.js testcases.
MozReview-Commit-ID: 483uNQT0wuG
--HG--
extra : rebase_source : 4dfddf89d151dceb970a1a9139a5c90e6b578f8c
2017-11-08 12:57:03 -08:00
cfc4721f33
bug 1413336 - (6/7) replace setComponentByName with direct property setters r=Cykesiopka
...
MozReview-Commit-ID: EIIzP04YHo9
--HG--
extra : rebase_source : bf04301265175f59a3db429667322caffeeeb767
2017-11-14 13:35:10 -08:00
d64022f084
bug 1413336 - (5/7) ensure text files generated by pycert et. al. have trailing newlines r=Cykesiopka
...
MozReview-Commit-ID: KduWJRzTxBp
--HG--
extra : rebase_source : 74c5baf9747a85d71bc93d7459a8b519b40f6dd4
2017-10-25 16:59:18 -07:00
d6bd3927e3
bug 1413336 - (4/7) make certificate serial number generation not depend on pyasn1 object string representation r=Cykesiopka
...
MozReview-Commit-ID: 69GjudEKwQM
--HG--
extra : rebase_source : 707413a77478e17a398fbb3c75eb27b64486b313
2017-11-08 14:12:03 -08:00
4a5bf460ad
bug 1413336 - (3/7) fix pycert.py and pykey.py with respect to pyasn1/pyasn1-modules updates r=Cykesiopka
...
MozReview-Commit-ID: CsxOF7LdEHB
--HG--
extra : rebase_source : 09b901b640779a9fe33de9d8c160b6918e6f12f7
2017-11-08 13:23:17 -08:00
dcb596244e
bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
...
MozReview-Commit-ID: 2qoJz5gDPyY
--HG--
extra : rebase_source : c84d7975fa30c753af7481d04e2db8c19daff180
2017-11-15 15:24:58 -08:00
2d6eb184f1
bug 1368868 - give up on ocsp stapling strictness because we can't have nice things r=jcj
...
MozReview-Commit-ID: nbX0c251oC
--HG--
extra : rebase_source : 2adda43c5ea137c17474e4b9303107f4ba3815ff
2017-11-08 15:50:26 -08:00
d49916e353
bug 1415991 - remove support for signed unpacked addons r=jcj,rhelmer
...
Unfortunately we have a number of add-on installation tests that rely on
unpacked addons verifying as signed. The test infrastructure achieves this by
monkey-patching nsIX509CertDB.verifySignedDirectoryAsync to always succeed.
These tests are, in general, not actually testing the successful verification of
signed unpacked add-ons but rather other aspects of add-on installation,
updating, etc.. Some of these tests are certainly no longer relevant now that
legacy add-ons aren't supported, but we don't have the time to go through all of
them at the moment (this blocks updating add-on signature verification to use
COSE signatures, which we need to ship in 59 or we're probably not shipping at
all).
MozReview-Commit-ID: 3TVPK703mUy
--HG--
extra : rebase_source : 5bf0b72a4d7c8ade702334345fdc3bf6a8761b15
2017-11-09 11:19:23 -08:00
e520b4f458
Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE
2017-11-14 00:59:27 +02:00
6f5e1e666f
No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update
2017-11-13 11:38:59 -08:00
4d11774312
No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update
2017-11-13 11:38:56 -08:00
96d2701aef
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-13 10:56:59 -08:00
02130351db
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-13 10:56:56 -08:00
8802fbf292
No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update
2017-11-12 11:35:21 -08:00
014fe21cbb
No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update
2017-11-12 11:35:17 -08:00
54eff2095e
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-12 11:06:31 -08:00
f5ee17bd6f
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-12 11:06:28 -08:00
14b2379843
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-11 11:46:19 -08:00
844ee0c1d3
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-11 11:46:15 -08:00
a99e2a57b4
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-11 11:07:18 -08:00
0411746801
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-11 11:07:14 -08:00
873f611a48
Bug 1401786 - Move the Linux sandboxing parts of GeckoChildProcessHost into security/sandbox. r=gcp
...
MozReview-Commit-ID: JknJhF5umZc
--HG--
extra : rebase_source : 2fa246e9a8b350becc21ed5bfd69820d3a321064
2017-10-06 17:15:46 -06:00
af821e1fe3
Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
...
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.
MozReview-Commit-ID: 4CsOf89vlRB
--HG--
extra : rebase_source : b9130f522e860e6a582933799a9bac07b771139b
2017-06-01 10:38:22 -04:00
b16410f51c
Merge inbound to m-c. a=merge
2017-11-10 16:13:15 -05:00
018987af9e
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-10 11:40:26 -08:00
fef8559955
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-10 11:40:22 -08:00
5f8a70cc67
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-11-10 11:07:01 -08:00
dc41b393b4
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-11-10 11:06:58 -08:00
7e070192d7
Merge inbound to mozilla-central r=merge a=merge
2017-11-10 11:55:43 +02:00
ed9d8c71ea
merge mozilla-central to autoland. r=merge a=merge on a CLOSED TREE
2017-11-10 02:46:00 +02:00
80565ab2ca
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-09 12:27:53 -08:00
5e3d80e936
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-09 12:27:50 -08:00
b730c6b38d
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-09 11:48:10 -08:00
7e80b102d5
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-09 11:48:06 -08:00
96773b2710
merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE
2017-11-10 02:47:06 +02:00
e1c8aba28f
Merge mozilla-central to mozilla-inbound r=merge a=merge on a CLOSED TREE
2017-11-09 22:17:00 +02:00
0c8c69a89a
bug 1235287 - set a longer ocsp request timeout in test_ocsp_stapling_expired.js to avoid intermittent failures on android r=jcj
...
MozReview-Commit-ID: 3CJqnQ4EGXn
--HG--
extra : rebase_source : 3bdeac9d603d2f7d723e82fcfc75971ff9c44df0
2017-11-09 09:40:28 -08:00
bcce449ae5
Bug 1408186 - Remove nsIDOMHTMLSelectElement and nsIDOMHTMLOptionsCollection; r=bz
...
MozReview-Commit-ID: Gh3JwLUtmz9
--HG--
extra : rebase_source : 6cdee487246406cafe0e5a9afe4a44f62d131c8b
2017-10-12 16:32:25 -07:00
a353221537
merge mozilla-inbound to mozilla-central. r=merge a=merge
2017-11-09 00:00:16 +02:00
f9ad119371
No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update
2017-11-08 11:49:18 -08:00
d3a0bf4332
No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update
2017-11-08 11:49:15 -08:00
5a7c2c5964
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-11-08 10:47:08 -08:00
ac31e8cfe6
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-11-08 10:47:05 -08:00
218e1676cb
Merge inbound to mozilla-central r=merge a=merge
2017-11-08 12:51:09 +02:00
cd430d0c58
Bug 1415250 Part 1: Block prntm64.dll and guard32.dll in sandboxed child processes. r=jimm
2017-11-08 08:06:14 +00:00
327d4f6ae1
Bug 1401594 - land NSS NSS_3_34_BETA3 UPGRADE_NSS_RELEASE CLOSED TREE, r=me
...
MozReview-Commit-ID: HCa9qQq2zPP
2017-11-08 15:26:20 +01:00
714a126090
Bug 1401594 - land NSS NSS_3_34_BETA2 UPGRADE_NSS_RELEASE, r=me
...
MozReview-Commit-ID: IZcYFTH0x9o
--HG--
extra : rebase_source : 224952488b3e4beef03d707aa43c17a095df02f9
2017-11-08 11:44:14 +01:00
0c57f53d9c
Merge autoland to mozilla-central r=merge a=merge
2017-11-07 23:55:23 +02:00
c9735e7bb6
No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update
2017-11-07 11:43:05 -08:00
d45b8e51c2
No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update
2017-11-07 11:43:01 -08:00
d5e7732988
No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update
2017-11-07 10:43:47 -08:00
5a48a94698
No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update
2017-11-07 10:43:43 -08:00
195dbda63e
Bug 1414735 - Upgrade Firefox to NSS 3.35, r=franziskus UPGRADE_NSS_RELEASE
...
MozReview-Commit-ID: 6hDnHCWVeWz
--HG--
extra : rebase_source : 4bf98010c7afefe9bc0f2da240bb676bd82496b6
2017-11-07 12:24:58 +11:00
ffxbld
Narcis Beleuzu
David Keeler
Csoregi Natalia
Alex Gaynor
Margareta Eliza Balazs
Andrea Marchesini
cku
Andreea Pavel
Gurzau Raul
Eric Rahm
shindli
Bob Owen
Bill McCloskey
Dorel Luca
Francesco Lodolo (:flod)
Tristan Bourvon
EKR
manikishan
Jed Davis
Sylvestre Ledru
Cosmin Sabou
Brindusan Cristian
Ciure Andrei
Franziskus Kiefer
Tiberius Oros
Michal Novotny
Gabriele Svelto
Bogdan Tara
Tooru Fujisawa
Gian-Carlo Pascutto
Noemi Erli
Jonathan Kew
Mark Banner
Ryan VanderMeulen
Sebastian Hengst
Kyle Machulis
Martin Thomson