ec1aede15a
Bug 1150765 - Add sandbox rules to allow hardware rendering of OpenGL on Mac. r=smichaud
...
--HG--
extra : rebase_source : 1fa38a01840f24b63f27254d434c9e0bc3382309
2015-04-21 11:17:16 +02:00
04795f03be
bug 1153212 - Alt-Svc Fixes r=dkeeler r=hurley
2015-04-13 17:11:59 -04:00
803079473a
Bug 1144055, Upgrade Firefox 39 to use NSS 3.19, NSS_3_19_BETA4 to pick up bug 1155279
2015-04-20 21:46:19 +02:00
7d4e804ec6
Merge m-i to m-c, a=merge
2015-04-18 16:36:32 -07:00
a178fd47b7
No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update
2015-04-18 03:29:47 -07:00
aa4085d52f
No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update
2015-04-18 03:29:45 -07:00
e69f0f4b4b
bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith
2015-04-08 16:17:39 -07:00
c2568b80a0
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA2, r=nss-confcall
2015-04-17 13:49:43 +02:00
af1ece91c4
Bug 1153248, re-enable a bunch of tests that now work with e10s, r=billm
2015-04-16 15:38:12 -04:00
5ff51a7744
bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes
2015-04-07 17:29:05 -07:00
d15620fcea
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA3, r=nss-confcall
2015-04-17 18:43:30 +02:00
81764496cd
bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past
2015-03-25 11:04:49 -07:00
95bd8011e6
Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler
...
--HG--
extra : rebase_source : caf903d29b0adc22fcc7e87e4fa0019cfa48007e
2015-04-14 05:33:03 -10:00
f124561818
Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler
...
We used to avoid using Nested and NestedOf because they were based on
bind and it was difficult to maintain our std::bind polyfill. Now that
we use lambdas, it is easy to use Nested and NestedOf, so we should do
so wherever it makes the code clearer.
--HG--
extra : rebase_source : 1157d16320b3b211e3ce612b75782e8bd9c55f30
2015-04-14 05:32:46 -10:00
d09798e9f5
Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler
...
Also fixes the wrong comment. The syntax for version in OCSP and X.509
certs is identical.
--HG--
extra : rebase_source : 744a2998ce8c55a61fbbc1966bc22e4903fa2484
2015-04-14 05:32:29 -10:00
0cac719ba9
Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler
...
--HG--
extra : rebase_source : 899eaed19b13edc9c257f0ab212d447bb54e607d
2015-04-14 05:06:41 -10:00
5389bbbf54
Bug 1137437 - move security/apps/ cert header generation to moz.build; r=mshal,keeler
...
Moving the cert header generation to GENERATED_FILES means that we can
delete all the manually-written out rules; we can also delete the
export:: rule because the build system automatically builds
GENERATED_FILES during the export phase. For ease of converion, we opt
to create an empty trusted-app-public.der cert for manifest-signing-root.inc;
partners are free to overwrite that cert with their own.
2015-02-27 12:50:49 -05:00
67e9dfaaf8
Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith
...
This avoids -Wunused-variable fatal warnings with GCC 5.0
2015-04-15 09:21:23 +09:00
c755113bc5
Bug 1153090 followup - consistently use sizeof(hash) r=dkeeler
2015-04-14 22:19:18 +02:00
88aa8d67cc
Bug 1153090 - Unaligned access in cert block list (r=keeler)
2015-04-14 21:19:52 +02:00
5ab8ccdeac
Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith
2015-04-14 14:30:09 +02:00
566d65be48
Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler
...
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.
--HG--
rename : security/pkix/include/pkix/ScopedPtr.h => security/pkix/lib/ScopedPtr.h
extra : rebase_source : 206bfb32aa5a04a4719f28b4aca59fe2f0abbec3
2015-04-13 00:28:11 -10:00
b1035c0992
Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler
...
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
2015-04-12 19:57:48 -10:00
ede9c4f220
merge mozilla-inbound to mozilla-central a=merge
2015-04-13 12:00:00 +02:00
bd0890186b
No bug, Automated HPKP preload list update from host bld-linux64-spot-009 - a=hpkp-update
2015-04-11 03:29:55 -07:00
83c81d6e76
No bug, Automated HSTS preload list update from host bld-linux64-spot-009 - a=hsts-update
2015-04-11 03:29:53 -07:00
ba1cc023b7
Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang
...
This needs more unit tests for the various pieces of what's going on
here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but
that's nontrivial due to needing a single-threaded process -- and
currently they can't be run on Mozilla's CI anyway due to needing user
namespaces, and local testing can just try using GMP and manually
inspecting the child process. So that will be a followup.
2015-04-10 18:05:19 -07:00
6bf3d102d8
Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang
...
Using the equivalent of release assertions in the patch after this one
is easier to justify if I can't come up with vaguely legitimate reasons
why they might fail; this detects the ones I thought of.
2015-04-10 18:05:19 -07:00
32cb9ee32d
Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent
...
This means that B2G plugin-container must (dynamically) link against
libmozsandbox in order to call into it before initializing Binder.
(Desktop Linux plugin-container already contains the sandbox code.)
2015-04-10 18:05:19 -07:00
cf24e12150
Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang
2015-04-10 18:05:19 -07:00
2c5369d16e
Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler
...
--HG--
extra : rebase_source : 43a28d1b97c569280979c8a2d95494e4d2f9a67c
extra : amend_source : 056721a65cc7d0738d9ab2a92071f8f7eaf48262
2015-03-30 08:57:00 +02:00
01409dbd35
bug 1147085 - remove nsINSSCertCache (replace it with nsIX509CertDB.getCerts()) r=Cykesiopka
2015-04-03 14:01:05 -07:00
bdc70031c6
Bug 1152895 - remove dead code in nsSSLIOLayerSetOptions r=dkeeler
2015-04-09 13:40:04 -04:00
3487ae0262
Bug 1147725 - Disable test_ocsp_fetch_method.js and test_ocsp_url.js on slow B2G Emulator debug builds. r=keeler
...
--HG--
extra : rebase_source : 87d4b8284b33498a50542d49b956db84cdae1b62
2015-04-06 14:05:00 +02:00
077c2e64f4
Bug 1149483: Change content sandbox level 1 to a working low integrity sandbox. r=tabraldes, r=billm
2015-04-05 14:01:38 +01:00
fa3a91e936
Merge m-i to m-c, a=merge
2015-04-04 09:59:17 -07:00
3a6df834e2
No bug, Automated HPKP preload list update from host bld-linux64-spot-220 - a=hpkp-update
2015-04-04 03:27:46 -07:00
81b8c93237
No bug, Automated HSTS preload list update from host bld-linux64-spot-220 - a=hsts-update
2015-04-04 03:27:44 -07:00
33228918ed
Bug 1110911 - Move Mac sandboxing code into plugin-container. r=cpearce,areinald,jld
2015-04-03 11:51:41 -05:00
c2f2ce39ec
Bug 1149805 - Switch head_psm.js to Assert.jsm methods and add expected result strings. r=keeler
2015-04-02 05:50:00 -04:00
6680672cfb
Bug 488480 - Correct documentation about the function hasMatchingOverride() in nsICertOverrideService.idl. Original patch by Johnathan Nightingale. r=keeler
...
IGNORE IDL
--HG--
extra : rebase_source : 3e2f7be6a165caf413726d13c9ccee26abbd2925
2015-04-02 05:45:00 -04:00
4c7234747e
Bug 1143651 - don't use CallQueryInterface when the compiler can do the cast for us; r=ehsan
2015-03-12 13:20:29 -04:00
7eb3221db7
Bug 1147726: Disable test_keysize_ev.js on slow B2G Emulator debug builds. r=dkeeler
2015-03-31 11:53:00 +02:00
a0437d5b8f
Bug 1146057: Remove support for GCC 4.6, r=keeler
...
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.
--HG--
extra : rebase_source : 0f104f16be9e7c1ff87bbdd0d4ba6700b1081fb8
2015-03-30 20:18:46 -10:00
e4f543bb58
Bug 1119878 Part 2: Change IPC code to hold ProcessID instead of ProcessHandle. r=billm, r=dvander, r=aklotz, r=cpearce
2015-04-01 09:40:35 +01:00
eef3ca5f6e
Bug 1119878 Part 1: Change SandboxTarget to hold sandbox target services to provide functions. r=aklotz, r=glandium, r=cpearce
2015-04-01 09:40:35 +01:00
b077d9624d
Bug 1134920 - Use moz_xmalloc/moz_xrealloc/free instead of nsMemory::Alloc/Realloc/Free. r=nfroyd
2015-04-01 13:51:45 +09:00
d7b3e00bed
Bug 1138848 - Tests for modified OneCRL (r=keeler, unfocused)
...
* * *
* * *
give blocklist debug info to NSPR_LOG
2015-03-31 15:10:19 -07:00
1b0d6fb879
Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused)
2015-03-31 15:10:09 -07:00
5a690c59fa
bug 844351 - remove nsISSLErrorListener r=cykesiopka
...
--HG--
extra : amend_source : e2adec756356509f0a4601bbeabf7ba7c8d15a8e
2015-03-24 16:00:10 -07:00
André Reinald
Patrick McManus
Kai Engert
Phil Ringnalda
ffxbld
David Keeler
Neil Deakin
Brian Smith
Nathan Froyd
Mike Hommey
Landry Breuil
Jan Beich
Carsten "Tomcat" Book
Jed Davis
Mark Goodwin
Cykesiopka
Bob Owen
Steven Michaud