ee04a8b86a
Bug 1147247 - Use PRErrorCodeSuccess constant instead of literal 0 to represent success in PSM xpcshell tests. r=dkeeler
...
--HG--
extra : rebase_source : 75a144cbf0e166f92884275fb6c511c98d7e61bd
2015-03-27 23:16:00 +01:00
bb6cbdf02b
Bug 667471 - Pretty print names of ECDSA with SHA-2 algorithms in Certificate Viewer. r=dkeeler
...
--HG--
extra : rebase_source : eb961cbdf8fe1ccf74642d86c03ee6c41c30f2d4
2015-03-27 23:13:00 +01:00
c39e359c7d
Bug 1138293 - Use malloc/free/realloc/calloc instead of moz_malloc/moz_free/moz_realloc/moz_calloc. r=njn
...
The distinction between moz_malloc/moz_free and malloc/free is not
interesting. We are inconsistent in our use of one or the other, and
I wouldn't be surprised if we are mixing them anyways.
2015-03-31 12:32:49 +09:00
36b7acc82a
Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler
...
--HG--
extra : rebase_source : 7bb0327749fd013ba5de17483d21a9e9f21eb07a
extra : source : 9f3617a5b85a8a2ae9a82c0f0584b413a9b635b4
2015-02-26 13:10:13 -08:00
3ab08d7fdb
Bug 1136278, Part 1: Refactor algorithm identifiers in tests, r=keeler
...
This will make it easier to expand the tests to additional
signature algorithms and additional public key types.
--HG--
extra : rebase_source : 256923fff83d58732b6c995a4096b773fdbb28c1
2015-02-26 16:11:41 -08:00
2f48802ae0
Bug 1147572 - Remove implementation language field from DOM class info. r=jst
2015-03-30 10:45:39 -07:00
c6676519f2
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, florian, billm, jesup
2015-03-03 09:51:05 -05:00
46dfeaba0b
Bug 1148070 - Change nsIClassInfo::getHelperForLanguage() to getScriptableHelper(). r=bholley
2015-03-29 07:52:54 -07:00
2b3486247c
Backed out 6 changesets (bug 1046245) on a CLOSED TREE
2015-03-29 01:42:32 -04:00
cdd0b089a5
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
24b4f38005
Back out 6 changesets (bug 1046245) for thinking that MSVC would have anything to do with a __PRETTY_FUNCTION__
...
CLOSED TREE
Backed out changeset 9e3ecca831d8 (bug 1046245)
Backed out changeset 87dc145f4da8 (bug 1046245)
Backed out changeset 01606cf19a77 (bug 1046245)
Backed out changeset 2ed2b15fe940 (bug 1046245)
Backed out changeset 2b99b193828a (bug 1046245)
Backed out changeset d1ac67faccbb (bug 1046245)
2015-03-28 19:57:17 -07:00
222e93c87c
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
003e8f5278
Backed out 6 changesets (bug 1046245) for bustage on a CLOSED TREE.
...
Backed out changeset 222c2f9e3bc9 (bug 1046245)
Backed out changeset 4251eef464a2 (bug 1046245)
Backed out changeset 592f4cc23197 (bug 1046245)
Backed out changeset 5bfb9a1c0550 (bug 1046245)
Backed out changeset e966a5df87b6 (bug 1046245)
Backed out changeset 609f3ca64004 (bug 1046245)
2015-03-28 16:24:25 -04:00
59e13faed0
Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup
2015-03-03 09:51:05 -05:00
e44926f4c1
Merge m-i to m-c, a=merge
2015-03-28 11:44:16 -07:00
ad47b2b11c
No bug, Automated HPKP preload list update from host bld-linux64-spot-1005 - a=hpkp-update
2015-03-28 03:27:37 -07:00
7ffd3e55ce
No bug, Automated HSTS preload list update from host bld-linux64-spot-1005 - a=hsts-update
2015-03-28 03:27:36 -07:00
e6f385fb3d
Bug 1148527 - Indentation fix after bug 1145631, r=ehsan
2015-03-27 18:52:19 +00:00
e2f12bfec6
Bug 1144055 - Upgrade Firefox 39 to use NSS 3.18.1, land NSS_3_18_1_BETA1, r=nss-confcall
2015-03-26 20:39:25 +01:00
0ca524deb8
Bug 947079 - Hack to prevent getting a mixed content icon on a fully secure page. r=keeler
2015-03-26 11:54:53 -07:00
e7768682a2
Bug 1147446: Chromium patch to fix memory leak in Windows sandbox sharedmem_ipc_server.cc. r=aklotz
2015-03-26 08:06:04 +00:00
b44239d022
Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler relanding on a CLOSED TREE
2015-03-25 17:29:05 -07:00
9b0a211a65
Backed out changeset 3a38c3d97f44 (bug 996872) on the theory that it somehow broke lots of tests, forcing a prolonged CLOSED TREE
2015-03-25 14:40:44 -07:00
958425a841
Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler
2015-03-25 11:40:46 -07:00
8794504c9f
Merge m-c to inbound a=merge CLOSED TREE
2015-03-23 16:51:22 -07:00
fb38caf19c
Bug 1146192 - Whitelist sched_yield syscall in GMP sandbox on Linux DONTBUILD CLOSED TREE - r=jld
2015-03-24 10:56:49 +13:00
75fa281404
Bug 1146192 - Backed out changeset d2918bcf0d90 for missing bug number - r=me
2015-03-24 10:53:10 +13:00
1d7005b2a5
Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang
...
--HG--
extra : histedit_source : b16050ba3308df92df608cc6fc09069d21df6deb
2015-03-19 11:57:00 -04:00
fc8b8ab2ac
Merge m-c to m-i
2015-03-21 12:50:09 -07:00
09f1e96e74
Merge m-i to m-c, a=merge
2015-03-21 12:31:07 -07:00
21922001d8
No bug, Automated HPKP preload list update from host bld-linux64-spot-1002 - a=hpkp-update
2015-03-21 03:30:42 -07:00
9d9da119ca
No bug, Automated HSTS preload list update from host bld-linux64-spot-1002 - a=hsts-update
2015-03-21 03:30:40 -07:00
883849ee32
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj
...
This patch was automatically generated using the following script:
function convert() {
echo "Converting $1 to $2..."
find . \
! -wholename "*/.git*" \
! -wholename "obj-ff-dbg*" \
-type f \
\( -iname "*.cpp" \
-o -iname "*.h" \
-o -iname "*.c" \
-o -iname "*.cc" \
-o -iname "*.idl" \
-o -iname "*.ipdl" \
-o -iname "*.ipdlh" \
-o -iname "*.mm" \) | \
xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}
convert MOZ_OVERRIDE override
convert MOZ_FINAL final
2015-03-21 12:28:04 -04:00
3b412c43dd
Bug 1XXXXXX - Whitelist sched_yield syscall in GMP sandbox on Linux - r=jld
2015-03-24 09:55:36 +13:00
2cf7194567
bug 1143085 - allow subject alternative name extensions to be empty for compatibility r=briansmith a=kwierso
...
--HG--
extra : amend_source : 89b8233b57049a3d2886aa08cd85c57e6faa693e
2015-03-16 14:00:33 -07:00
09d9f7bb4a
Bug 1144580 - Whitelist pselect6 in content seccomp-bpf policy. r=kang
2015-03-18 15:30:00 +01:00
3a321cb760
Bug 1133187 - Update fallback whitelist. r=keeler
2015-03-18 15:36:00 +01:00
f6d18ff6da
Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang
...
See bug, and comment at top of SandboxInfo.cpp, for rationale.
Bonus fix: reword comment about nested namespace limit; the exact limit
is 33 (not counting the root) but doesn't particularly matter.
2015-03-17 22:50:00 +01:00
ae28024d8c
Bug 1131227 - Make the about:certerror Unknown Issuer string mention missing intermediates and unimported roots. r=keeler
2015-03-17 14:33:00 +01:00
35c856f796
Bug 1143082 - Fix a message in the mixed content UI. r=dolske
2015-03-17 20:34:58 +09:00
d56d610ecf
Bug 1141885 - Make readlink() fail instead of allowing it, for B2G content processes. r=kang
...
--HG--
extra : rebase_source : c9ceababcd741979058361e96161d575a70bd39f
2015-03-13 13:47:56 -07:00
66ca086aa3
Bug 1083344 - Tighten rules for Mac OS content process sandbox on 10.9 and 10.10. r=smichaud
...
Allow read to whole filesystem until chrome:// and file:// URLs are brokered through another process.
Except $HOME/Library in which we allow only access to profile add-ons subdir.
Add level 2, which allows read only from $HOME and /tmp (while still restricting $HOME/Library.
Change default back to 1.
2015-03-12 17:42:50 +01:00
d9bfa275b9
No bug, Automated HPKP preload list update from host bld-linux64-spot-532 - a=hpkp-update
2015-03-14 03:26:00 -07:00
3d091a2a8c
No bug, Automated HSTS preload list update from host bld-linux64-spot-532 - a=hsts-update
2015-03-14 03:25:58 -07:00
b252a27930
Bug 1142503 - don't use QueryInterface when the compiler can do the cast for us; r=ehsan
...
Calling QueryInterface with a statically known IID should typically not
be necessary. In those cases where it's not, the compiler can do the
cast for us, though we have to supply the reference-counting that
QueryInterface would do.
In passing, several redundant null-checks for the result of |new T| have
been deleted.
2015-03-12 09:43:50 -04:00
99b4a73239
Bug 1142263 - Specify all syscall parameters when doing CLONE_NEWUSER detection; f=bwc r=kang
2015-03-13 13:01:28 +01:00
2d14f8d244
Bug 906996 - Remove unlink from B2G content process syscall whitelist. r=kang
2015-03-11 12:39:00 +01:00
12b79456cc
bug 1102443 - fix leak in key pinning logging by removing an unnecessary function call r=cykesiopka
...
Also took the opportunity to fix the logging message, since it didn't accurately
describe the information that was being printed.
--HG--
extra : amend_source : 40a0c2ba9c07757e5895a822ce3bb8b197674554
2015-03-12 14:31:26 -07:00
d1c61bc9b6
Bug 1116187 - Disable failing mochitest-chrome tests for B2G, r=gbrown
2015-02-06 16:30:37 -08:00
6978e35bf5
bug 1138332 - re-allow overrides for certificates signed by non-CA certificates r=mmc
...
--HG--
extra : amend_source : 92a2dcf71daa6b31be0dcae628a13b13b0fc443a
2015-03-11 11:11:22 -07:00
5814296e8c
Bug 1141815 - Remove nsIDOMCryptoDialogs interface and associated implementation; r=keeler
2015-03-12 10:24:05 +01:00
0bf38c806e
bug 1138716 - update PSM data structures that depend on root CA changes r=mmc
2015-03-23 10:36:55 -07:00
f7aa208f07
Bug 1137470, remove the documentation patch file, because it's no longer reverted locally, DONTBUILD
2015-03-20 13:38:13 +01:00
b58c1a369b
Bug 1137470, Upgrade Firefox 38 to use NSS 3.18, land NSS_3_18_RTM, r=nss-confcall
2015-03-20 13:32:58 +01:00
2aa9e4036e
Bug 1121117 - Add fuzz time to workaround non-monotonicity of Date(). r=keeler
...
--HG--
extra : rebase_source : 464d1e1bf8cb4624f4fda39d3ea6a55430073c6f
2015-03-19 19:57:00 +01:00
f2a63bbdff
Bug 1145432: Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz
2015-03-20 07:53:37 +00:00
0e3211475f
Bug 1140767 - Build more files in security/manager in unified mode; r=dkeeler
2015-03-10 22:52:22 -04:00
4fecdb4ceb
Bug 1141169: Add moz.build BUG_COMPONENT metadata for security/sandbox/ r=jld
2015-03-10 08:03:12 +00:00
b08af57c17
Bug 1137166: Change the Content moreStrict sandbox pref to an integer to indicate the level of sandboxing. r=tabraldes
2015-03-10 08:03:12 +00:00
364038011c
Bug 868814 - Fold mozalloc library into mozglue. r=njn
...
--HG--
rename : memory/mozalloc/moz.build => memory/mozalloc/staticruntime/moz.build
2015-03-10 10:01:52 +09:00
83b1b594b5
Bug 1106470 - Drop SSLv3 support entirely from PSM. r=keeler
2015-03-10 01:22:59 +09:00
19355a43d5
Bug 1137007 - Detect namespace and SECCOMP_FILTER_FLAG_TSYNC support in SandboxInfo. r=kang, r=Unfocused
...
Currently, only user namespace support is detected. This is targeted at
desktop, where (1) user namespace creation is effectively a prerequisite
for unsharing any other namespace, and (2) any kernel with user
namespace support almost certainly has all the others.
Bonus fix: remove extra copy of sandbox flag key names in about:support;
if JS property iteration order ever ceases to follow creation order, the
table rows could be permuted, but this doesn't really matter.
2015-03-06 13:59:00 -05:00
cc58dd5d1a
Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching. r=briansmith
2015-03-03 13:34:45 -08:00
8f5c1764fb
Merge m-c to m-i
2015-03-07 19:39:49 -08:00
ecf64b97b2
Merge m-i to m-c, a=merge
2015-03-07 19:11:54 -08:00
b74611a261
No bug, Automated HPKP preload list update from host bld-linux64-spot-157 - a=hpkp-update
2015-03-07 03:27:15 -08:00
1ec58518aa
No bug, Automated HSTS preload list update from host bld-linux64-spot-157 - a=hsts-update
2015-03-07 03:27:13 -08:00
44fb9d4eff
bug 1129771 - disable IPv6 in PSM xpcshell TLS connection tests due to failures on OS X 10.10 r=cykesiopka a=ryanvm on a CLOSED TREE
...
In the process of investigating the intermittent failures listed in
bug 1129771, I discovered that the code would frequently get stuck connecting
to [::1] (where no server was listening) and wouldn't fall back to trying
127.0.0.1 (where the test server was listening). This change prevents the code
attempting to connect to [::1]. There probably is an underlying bug here, but
it appears to be in OS X itself and I have neither the time nor expertise to
investigate further.
--HG--
extra : amend_source : 57b6a28858685d7ca3b6b0c7cbc7ed193280ca7c
2015-03-04 13:41:11 -08:00
171babfad4
Bug 1139177 - RSA public key size checking cleanups. r=keeler
2015-03-05 16:41:00 +01:00
01e2b0e158
Bug 1140111 - Whitelist readlinkat along with readlink. r=kang
2015-03-07 10:44:23 -05:00
fc884b360e
Bug 1137470, landing NSS_3_18_RC0 minus bug 1132496, r=nss-confcall
2015-03-07 14:49:00 +01:00
cdb738f18d
bug 1137538 - remove nsIIdentityInfo and nsNSSSocketInfo::GetPreviousCert r=mayhemer
2015-02-27 11:33:36 -08:00
3e7620bf97
Bug 1138882 - Add a pref to enable unrestricted RC4 fallback. r=keeler
2015-03-05 22:51:31 +09:00
fa79ef2aea
Bug 1121117 - Add some logging to test_ocsp_timeout.js to ease debugging. r=dkeeler
2015-03-03 14:25:00 +01:00
0de76a4c17
Merge b2g-inbound to m-c a=merge CLOSED TREE
2015-03-03 17:02:21 -08:00
6cb15b84a0
Bug 1012549 - 0004. Support read private key in keystore. r=dkeeler r=qdot
2015-02-28 21:54:24 +08:00
3b4360319c
bug 1085506 - gather telemetry for TLS handshake certificate verification errors r=rbarnes
2015-02-27 11:14:29 -08:00
f4a1822554
Bug 1130757 - tests for bug 1130757. r=dkeeler
...
--HG--
extra : rebase_source : 7b047f5bddf3544ca82d3b8875925acdbdb02ea5
2015-03-02 08:19:00 +01:00
3133a37202
Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler
...
--HG--
extra : rebase_source : ce8cff0735865c00f33102b82c31af35145bda2c
2015-02-26 04:38:00 +01:00
de906ce3ce
Bug 1130418 - Remove broken e-mail cert trust editing UI. r=emk
...
--HG--
extra : rebase_source : fb4c89e251e2ce3e4d9cf002a0cda4166a589a2c
2015-03-02 19:54:00 +01:00
4419d0186e
Bug 1130413 - Remove unused nsITokenPasswordDialogs::GetPassword() function. r=jjones
...
--HG--
extra : rebase_source : 85b9e442d6b5be401fdd389cc251add8a633bb23
2015-02-26 13:05:00 +01:00
b17feb3f40
Merge inbound to m-c a=merge
2015-03-02 12:12:47 -08:00
8084ed7b82
No bug, Automated HPKP preload list update from host bld-linux64-spot-044 - a=hpkp-update
2015-02-28 03:27:43 -08:00
94776e3384
No bug, Automated HSTS preload list update from host bld-linux64-spot-044 - a=hsts-update
2015-02-28 03:27:41 -08:00
8c48f9f304
Bug 1137470 - Upgrade Firefox to NSS 3.18, landing NSS_3_18_BETA7, r=nss-confcall
2015-02-26 23:29:08 +01:00
d01ea02613
bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith
2015-02-24 15:48:05 -08:00
a7d78c82c0
Bug 1136388. Change nsIDocumentLoaderFactory and nsIURIContentListener to take MIME types as an XPCOM string, not a char*. r=smaug
2015-02-25 10:26:51 -05:00
c5b6b444f2
Bug 1134942 - Whitelist fstatat and unlinkat for B2G content processes. r=gdestuynder
2015-02-20 12:16:00 +01:00
2672d3b5d3
Bug 1077864, Part 3: update nsserrors.properties so error message gets localized.
2015-02-23 16:04:23 -08:00
06b7804e70
Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler
...
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
2015-02-14 16:59:02 -08:00
27cb600f2f
Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler
...
--HG--
extra : rebase_source : d0c599f7fc29b5fbcb7d8cd97980a3f39d39f515
2015-02-14 15:59:38 -08:00
bdb4294871
Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler
...
--HG--
extra : rebase_source : 9a2ca8cb370169f675557987a6b1cc0dedb24ff6
2015-02-22 16:59:03 -08:00
f2235a16db
Bug 1135407: Factor out duplicate logic in tests, r=keeler
...
--HG--
extra : rebase_source : d93eef89cb6596cf35e2ebef29030423cf027f0b
2015-02-21 14:12:38 -08:00
baf73d756f
Bug 1135745 - Disable the reserved-id-macro macro in security/pkix; r=briansmith
2015-02-23 13:40:09 -05:00
fd0387315e
Merge inbound to m-c. a=merge
2015-02-21 16:40:27 -05:00
c2dabe6507
No bug, Automated HPKP preload list update from host bld-linux64-spot-148 - a=hpkp-update
2015-02-21 03:32:26 -08:00
00bf62f9f5
No bug, Automated HSTS preload list update from host bld-linux64-spot-148 - a=hsts-update
2015-02-21 03:32:24 -08:00
256a142a70
Bug 1083344 - Tighten rules for Mac OS content process sandbox - "rules part". r=smichaud
...
--HG--
extra : histedit_source : f703a6a8abbf500cb882263426776fdb138b73a3
2015-02-21 13:06:34 +01:00
70a296a23b
Bug 1083344 - Tighten rules for Mac OS content process sandbox - "core part". r=smichaud
...
--HG--
extra : histedit_source : 3c904474c57dbf086365cc6b26a55c34b2b449ae
2015-02-18 14:10:27 +01:00
ffe59cf419
Bug 1133618 - Move test SHA1 function to pkixtestutil.cpp. r=mmc
...
--HG--
extra : histedit_source : ef579a4958356a12974b1f0f69ab2d6070ff8e65
2015-02-16 16:37:03 -08:00
Cykesiopka
David Cooper
Mike Hommey
Brian Smith
Andrew McCreight
Jan-Ivar Bruaroey
Randell Jesup
Phil Ringnalda
Ryan VanderMeulen
ffxbld
Andrea Marchesini
Kai Engert
Tanvi Vyas
Bob Owen
Wes Kocher
Edwin Flores
Jed Davis
Ehsan Akhgari
David Keeler
Masatoshi Kimura
André Reinald
Nathan Froyd
Jonathan Griffin
Chuck Lee
Mark Goodwin
Boris Zbarsky