Kate McKinley
a809b5b8d6
Bug 1374453 - turn HSTS priming on in Beta r=ckerschb
...
MozReview-Commit-ID: JHc47g8cDmb
--HG--
extra : rebase_source : cb67f51ac7fef74f43cc05d02bac4ef13c3ded15
2017-06-19 14:46:48 -07:00
Kate McKinley
9108666ee6
Bug 1374443 - Decrease HSTS priming timeout to 2s r=ckerschb
...
MozReview-Commit-ID: 7brYAUXwHvE
--HG--
extra : rebase_source : 4ef6f27cc855b828ac742f2990dc12668bd910aa
2017-06-19 14:35:27 -07:00
Paolo Amadini
10ee6a5c4e
Bug 1362970 - Part 2 - Script-generated patch to convert .then(null, ...) to .catch(...). r=florian
...
Changes to Promise tests designed to test .then(null) have been reverted, and the browser/extensions directory was excluded because the projects it contains have a separate process for accepting changes.
MozReview-Commit-ID: 1buqgX1EP4P
--HG--
extra : rebase_source : 3a9ea310d3e4a8642aabbc10636c04bfe2e77070
2017-06-19 11:32:37 +01:00
Carsten "Tomcat" Book
de892834ed
Merge mozilla-central to mozilla-inbound
2017-06-20 11:31:34 +02:00
Alex Gaynor
bb1ea70f5f
Bug 1357758 - Replace the file-read blacklist in the macOS sandbox policy with a whitelist of the allowed paths; r=haik
...
This makes the policy easier to audit, harder to regress, and easier to further prune the content processes's permissions.
MozReview-Commit-ID: 6VqEoGsWSGH
--HG--
extra : rebase_source : 58a9d35dd6e58624779294b49df5cc7e34cb4320
2017-04-18 15:57:54 -04:00
Wes Kocher
bfc45b98b9
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: 9XdoB5MuVz6
2017-07-05 17:17:41 -07:00
Bob Owen
1eb1c9091d
Bug 1378061: Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs. r=jimm
2017-07-05 21:00:55 +01:00
Kai Engert
10b5520799
Bug 1380706, PSM should depend on mozStorage, as a workaround for a sqlite3_config race, r=keeler
2017-07-14 15:31:30 +02:00
Carsten "Tomcat" Book
ea1b86680c
Backed out changeset 9846de3bd954 (bug 1372405
)
...
--HG--
extra : rebase_source : 5d4a48e8ec394c329994689d938d2a6e9b2752b0
2017-06-20 08:27:02 +02:00
Bill McCloskey
4592152411
Bug 1372405
- Provide names for all runnables in the tree (r=froydnj)
...
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-19 22:25:47 -07:00
Bevis Tseng
d1637b9c5a
Bug 1372453 - Part 2: Name the caller of ProxyReleaseEvent. r=billm
...
MozReview-Commit-ID: LYhSWnZkq0i
2017-06-14 09:27:17 +08:00
ffxbld
7cc377ce3f
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-06-18 08:24:54 -07:00
ffxbld
a6c7ba400c
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-06-18 08:24:51 -07:00
ffxbld
b95a1a9583
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2017-06-17 08:38:30 -07:00
ffxbld
091d02c281
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2017-06-17 08:38:27 -07:00
ffxbld
b2d072aa58
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-06-16 08:37:44 -07:00
ffxbld
870c286510
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-06-16 08:37:41 -07:00
David Keeler
0b2a439e7e
bug 1373068 - fix the ctypes declaration of SSL_ClearSessionCache in head_psm.js r=Cykesiopka
...
SSL_ClearSessionCache is `void SSL_ClearSessionCache()`. In head_psm.js it was
being declared as `SECStatus SSL_ClearSessionCache()` and the "return value" was
being checked, which was incorrect. This apparently wasn't causing failures on
any of our test runs, but with tsan enabled the check would fail.
MozReview-Commit-ID: 6KosOVPu8K4
--HG--
extra : rebase_source : 73addb80a5ab5263a182207a0f4277daf8ae32a5
2017-06-14 15:10:28 -07:00
Andrew Halberstadt
c9beaa56b4
Bug 1373294 - Fix E305 (two blank lines after method or class) in files enabled by flake8 linter, r=jmaher
...
This is needed before we can upgrade to flake8 3.3.0, as that version starts flagging these errors.
These files were modified by running:
autopep8 --select E305 --in-place -r <dir>
on the affected directories. I did it one dir at a time and verified the result after each.
MozReview-Commit-ID: FmlsfiKIbtr
--HG--
extra : rebase_source : 9df32258cadff5d27a0e72113c57f782756c0b18
2017-06-15 12:10:59 -04:00
ffxbld
c365df1999
No bug, Automated HPKP preload list update from host bld-linux64-spot-382 - a=hpkp-update
2017-06-15 08:38:35 -07:00
ffxbld
fc60e8619a
No bug, Automated HSTS preload list update from host bld-linux64-spot-382 - a=hsts-update
2017-06-15 08:38:32 -07:00
ffxbld
c49a70b53f
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-06-14 08:33:27 -07:00
ffxbld
b98ce20b57
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-06-14 08:33:24 -07:00
Wes Kocher
ebf35623cd
Merge mozilla-central to autoland a=merge
...
UPGRADE_NSS_RELEASE
2017-06-13 18:57:32 -07:00
Wes Kocher
1af6d5cf57
Merge inbound to central, a=merge
...
UPGRADE_NSS_RELEASE
MozReview-Commit-ID: CBIFPwA5aNp
--HG--
extra : amend_source : 035a5be59d0046a643d0f836a95195e8c4ade4a6
2017-06-13 18:27:10 -07:00
ffxbld
13bca384b3
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-06-13 08:37:54 -07:00
ffxbld
cdd7ceaa16
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-06-13 08:37:50 -07:00
ffxbld
687bfe6a46
No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update
2017-06-12 08:25:15 -07:00
ffxbld
1d51d00cbc
No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update
2017-06-12 08:25:12 -07:00
ffxbld
d840ebd585
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-06-11 08:31:38 -07:00
ffxbld
19a63c3db3
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-06-11 08:31:35 -07:00
ffxbld
fee636af73
No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update
2017-06-10 08:28:28 -07:00
ffxbld
494c299b4c
No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update
2017-06-10 08:28:25 -07:00
Wes Kocher
038efa62a3
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: HYPYecdsMhL
2017-06-09 16:00:04 -07:00
Wes Kocher
a4cc130bcc
Merge autoland to central, a=merge
...
MozReview-Commit-ID: Jpywgkn7waG
2017-06-09 13:28:20 -07:00
ffxbld
cb712cd137
No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update
2017-06-09 08:28:37 -07:00
ffxbld
005b20e0a4
No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update
2017-06-09 08:28:34 -07:00
Carsten "Tomcat" Book
d5a13ba05e
merge mozilla-inbound to mozilla-central a=merge
2017-06-09 12:58:49 +02:00
Alex Gaynor
0403c42ccf
Bug 1371701 - Fixed sandboxing tests to reflect that we're enabling file content process for all channels r=bobowen
...
MozReview-Commit-ID: ICXZjEU2n6L
--HG--
extra : rebase_source : f28d5d61f6a0cdfecb2804239c407c730c4fd2ba
2017-06-09 11:24:07 -04:00
Wes Kocher
1be06aea28
Merge m-c to autoland, a=merge
...
UPGRADE_NSS_RELEASE
MozReview-Commit-ID: ItWcUAUYyaj
--HG--
extra : amend_source : fc43f23f0e12d5f88d72be9526a953d8015e6975
2017-06-08 18:44:32 -07:00
Wes Kocher
39dd8b763b
Merge inbound to central, a=merge
...
UPGRADE_NSS_RELEASE
MozReview-Commit-ID: 4of9LS9sA2I
--HG--
extra : amend_source : c399503fa642c04d256ee0ce53b099601259f90a
2017-06-08 18:10:10 -07:00
ffxbld
9b5314f2d1
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-06-08 09:27:12 -07:00
ffxbld
ecdb9dfade
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-06-08 09:27:09 -07:00
Carsten "Tomcat" Book
247a47fac9
Merge mozilla-central to mozilla-inbound
2017-06-08 15:16:36 +02:00
Jed Davis
da2db41a9c
Bug 1362601 - Don't crash on sandbox violation if known-problem injected libs are present. r=gcp
...
MozReview-Commit-ID: HCbavpMUxYm
--HG--
extra : rebase_source : ec0cc9dcbf07831209b438504311b45f5b8990a8
2017-06-07 16:33:11 -06:00
Franziskus Kiefer
02d51071b4
Bug 1345368 - land NSS NSS_3_31_RTM UPGRADE_NSS_RELEASE, r=me
2017-06-08 12:57:33 +02:00
David Keeler
e426fddb4a
bug 1369911 - gather telemetry on the prevalence of 3rd party PKCS#11 modules r=bsmedberg,Cykesiopka data-review=bsmedberg
...
MozReview-Commit-ID: Dw99Jm64QNU
--HG--
extra : rebase_source : 9e9f6c5342f992c9040e85b0eab129d7751e9887
2017-06-02 16:44:06 -07:00
Ryan VanderMeulen
9b7a73b65a
Merge m-c to autoland. a=merge
...
UPGRADE_NSPR_RELEASE UPGRADE_NSS_RELEASE
--HG--
extra : amend_source : a59e53ba2f8db608f613f21ad6da2b5be8814aa4
2017-06-07 22:55:56 -04:00
Ryan VanderMeulen
e886d1846a
Merge inbound to m-c. a=merge
...
UPGRADE_NSPR_RELEASE UPGRADE_NSS_RELEASE
--HG--
extra : amend_source : a7800e9214d5a8325af0d1f5e5dcc77273f4ce95
2017-06-07 22:52:40 -04:00
ffxbld
086a61dfbf
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-06-07 08:36:43 -07:00
ffxbld
9286331337
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-06-07 08:36:40 -07:00
ffxbld
cd09b99007
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-06-06 08:39:25 -07:00
ffxbld
12a027af8e
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-06-06 08:39:22 -07:00
Rajesh Kathiriya
6d3eb2c851
Bug 1370232 - Enabled the ESLint no-unneeded-ternary rule across mozilla-central. r=standard8
...
MozReview-Commit-ID: AH9ArRkjh78
--HG--
extra : rebase_source : bdd4c4f8a4779ea373479a9cba772c036e00e816
2017-06-13 00:23:54 +05:30
Franziskus Kiefer
bcc2da0b6a
Bug 1345368 - adapt to new NSS certdata.py, r=ted
...
UPGRADE_NSS_RELEASE
--HG--
extra : rebase_source : e995f611f59a8f10af70781a1ee50e6c89f4a8d9
2017-06-06 09:59:42 +02:00
Franziskus Kiefer
9a70331f36
Bug 1345368 - Disable test_broken_fips on all platforms other than mac, r=keeler
...
--HG--
extra : rebase_source : 67201c5646f3d1c8abe5122051cddaee148c418a
2017-06-07 09:16:45 +02:00
Franziskus Kiefer
747a09639e
Bug 1345368 - land NSS NSS_3_31_BETA2 UPGRADE_NSS_RELEASE, r=me
...
--HG--
extra : rebase_source : 3999b2f4d1c47a92c19c39cafd6d9c4c45a85383
2017-06-07 09:21:08 +02:00
Mark Banner
c93c2a1504
Bug 1370240 - Enable the ESLint no-control-regex rule across mozilla-central. r=mossop
...
MozReview-Commit-ID: IN7YMk7yhAO
--HG--
extra : rebase_source : be0a9cae6eae14d4f097eced2e231a96c89c9c47
2017-06-05 15:43:09 +01:00
ffxbld
61528d699c
No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update
2017-06-05 08:39:51 -07:00
ffxbld
b6a127253e
No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update
2017-06-05 08:39:48 -07:00
Cykesiopka
ab8411f21d
Bug 1368107 - Make SSLErrorMessageType an enum class. r=keeler
...
Enum classes are safer and nicer.
MozReview-Commit-ID: FDT3Gb1t9w1
--HG--
extra : rebase_source : 92d67db5f7ea4a64e3101b0e3a93e9fccbfa132e
2017-06-03 13:36:41 +08:00
Cykesiopka
0ac2ac7fa3
Bug 1368107 - Make some TransportSecurityInfo nsresult functions return void. r=keeler
...
These functions in practice are all infallible and are unchecked by callers, so
there's no point in having them return nsresult.
MozReview-Commit-ID: BOypKLUZZBi
--HG--
extra : rebase_source : 95c8e9ca6d74d04f2836aea2bcdb1c751d3e9308
2017-06-03 13:36:16 +08:00
Cykesiopka
875885fbf4
Bug 1368107 - Remove fallible version of TransportSecurityInfo::GetPort(). r=keeler
...
The function is infallible in pratice, and so is unnecessary when there's an
actual infallible version.
MozReview-Commit-ID: FTuVyqwjZ8O
--HG--
extra : rebase_source : 88f511d730bb02b5e28a86cb366ae1c915e0a8b1
2017-06-03 13:36:04 +08:00
Cykesiopka
0adca03a5d
Bug 1368107 - Remove TransportSecurityInfo::GetHostNameRaw(). r=keeler
...
GetHostNameRaw() returns a char* string, which is less safe and ergonomic
compared to the Mozilla string classes. GetHostName() can be used instead.
MozReview-Commit-ID: GYvTnISNN35
--HG--
extra : rebase_source : da257f5fba2c26cd92d932c3d1d363458b84a65b
2017-06-03 13:35:51 +08:00
ffxbld
507743376d
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-06-04 08:18:02 -07:00
ffxbld
a38378d203
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-06-04 08:17:59 -07:00
Sebastian Hengst
2a8940299d
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: LKdCEt8LelR
2017-06-03 20:12:42 +02:00
ffxbld
a13364b7c5
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-06-03 08:34:04 -07:00
ffxbld
ba2cb002c0
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-06-03 08:34:01 -07:00
Wes Kocher
0d038d6513
Merge autoland to m-c a=merge
...
MozReview-Commit-ID: Fjt5XIDd0p6
2017-06-02 17:21:39 -07:00
ffxbld
7b88c78694
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-06-02 08:23:24 -07:00
ffxbld
be07550ffc
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-06-02 08:23:21 -07:00
Jed Davis
b129f08d7f
Bug 1322784 - Gently fail utime(), to deal with GConf/ORBit. r=gcp
...
MozReview-Commit-ID: B4LmSGR6OEz
--HG--
extra : rebase_source : 613409994c0ba50c34c57537343484f1dc85b7aa
2017-05-30 23:13:37 -06:00
Tom Ritter
9d75725eb8
Bug 1350362 Fix NSS Build System for MinGW r=ted
...
MozReview-Commit-ID: 4QROlna5Cvg
--HG--
extra : rebase_source : a13c7080a6ee445bf3d10248305a6eb88405c173
2017-05-12 11:39:00 -05:00
ffxbld
5c64ad5e40
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-06-01 08:22:16 -07:00
ffxbld
9dbe8dec8a
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-06-01 08:22:13 -07:00
Wes Kocher
d4af1fa9e1
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: E2oiCGaL6uX
2017-06-08 18:42:21 -07:00
Bob Owen
a3df44ccee
Bug 1323188: Don't use restricting SIDs in the sandbox access tokens when running from a network drive. r=jimm
2017-06-07 20:20:02 +01:00
Alex Gaynor
d27dc0ba0b
Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
...
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.
MozReview-Commit-ID: 9QNTCkdbTfm
--HG--
extra : rebase_source : cd5a853c46a5cd334504b339bef8df30a3cabe51
2017-05-12 17:04:42 -04:00
Sebastian Hengst
fd03aa5bc8
Backed out changeset 4e283b54baa6 (bug 1358223) for build bustage on Android at dom/ipc/ContentChild.cpp:21. r=backout
2017-05-31 21:34:13 +02:00
Alex Gaynor
39f34ea898
Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm
...
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.
MozReview-Commit-ID: 9QNTCkdbTfm
--HG--
extra : rebase_source : 1a26ffc5b9f80e6df4c37c23f506e907ba44053a
2017-05-12 17:04:42 -04:00
Alex Gaynor
1532472698
Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 r=haik
...
r?haik
MozReview-Commit-ID: HPW4luz5n0M
--HG--
extra : rebase_source : c224b56de4b705758e2ab7820af02a4ef41d4040
2017-05-30 13:52:57 -04:00
Ryan VanderMeulen
af691573d4
Merge m-c to autoland. a=merge
2017-05-30 12:59:41 -04:00
ffxbld
7c3223ec90
No bug, Automated HPKP preload list update from host bld-linux64-spot-383 - a=hpkp-update
2017-05-30 08:16:50 -07:00
ffxbld
c522116a60
No bug, Automated HSTS preload list update from host bld-linux64-spot-383 - a=hsts-update
2017-05-30 08:16:47 -07:00
Carsten "Tomcat" Book
b318c7dca7
merge mozilla-inbound to mozilla-central + UPGRADE_NSS_RELEASE a=merge
...
--HG--
rename : toolkit/components/extensions/test/xpcshell/xpcshell.ini => toolkit/components/extensions/test/xpcshell/xpcshell-common.ini
extra : amend_source : 458fd54fe8070ca3034ac441267ff7025adb5251
2017-05-30 11:37:46 +02:00
ffxbld
544308c147
No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update
2017-05-29 08:18:00 -07:00
ffxbld
d3a21a063c
No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update
2017-05-29 08:17:57 -07:00
Franziskus Kiefer
afc9fc15dc
Bug 1345368 - land NSS 29290a4a9bd0 UPGRADE_NSS_RELEASE, r=me
2017-05-29 09:27:40 +02:00
ffxbld
3724e0f28c
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2017-05-28 08:15:02 -07:00
ffxbld
c81b68804b
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2017-05-28 08:14:59 -07:00
ffxbld
596d188f6d
No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update
2017-05-27 08:17:01 -07:00
ffxbld
a7c347e651
No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update
2017-05-27 08:16:58 -07:00
ffxbld
5a51fa544c
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-05-26 08:16:49 -07:00
ffxbld
4fcea03f05
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-05-26 08:16:46 -07:00
Cykesiopka
02bee25903
Bug 1366584 - Add initial [must_use] properties to PSM IDL files. r=keeler
...
The [must_use] property on XPIDL methods and attributes is useful for making
sure errors are properly handled.
As a first step, this patch adds the property to PSM methods and attributes that
are already correctly checked everywhere.
MozReview-Commit-ID: KyGxwUK3x0X
--HG--
extra : rebase_source : 45bd3f8d305fe221cc1bba73a520f11829dc5a42
2017-05-25 21:56:04 +08:00
David Keeler
3e029fa5c8
bug 1359514 - remove EV treatment for "Swisscom Root EV CA 2" r=kmckinley
...
The "Swisscom Root EV CA 2" root is no longer in use and will be removed from
the built-in root CA list. However, we have to remove its EV treatment first.
MozReview-Commit-ID: 2TZRt5px7bl
--HG--
extra : rebase_source : 68902555ffe62a973cfaac3af531e96aa288a339
2017-05-25 13:55:15 -07:00
Ryan VanderMeulen
d3f265330e
Merge m-c to autoland. a=merge
2017-05-25 16:44:01 -04:00
Ryan VanderMeulen
b8ba243c22
Merge autoland to m-c. a=merge
2017-05-25 16:31:52 -04:00
ffxbld
3d5d49ce51
No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update
2017-05-25 08:19:09 -07:00
ffxbld
56535cde6c
No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update
2017-05-25 08:19:07 -07:00
David Keeler
98d942eac1
bug 1366100 - disable OCSP fetching for DV certificates in nightly r=jaws,jcj
...
After this change, the platform will only fetch OCSP responses for EV
certificates (in nightly).
MozReview-Commit-ID: 3d9kzCYmnsa
--HG--
extra : rebase_source : e0cbbf6615e1ba813461dd13350f40ae7e0fbc07
2017-05-23 17:07:51 -07:00
Jed Davis
f6b03fa260
Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp
...
MozReview-Commit-ID: 2DeklSGsjUV
--HG--
extra : rebase_source : 8a202c23dc9a3ddede49b08ce1e0792dfb40bdbf
2017-04-11 20:55:34 -06:00
Jed Davis
675bae8c8d
Bug 1364533 - Allow madvise huge page hints. r=gcp
...
MozReview-Commit-ID: 7sNWS2sFJCx
--HG--
extra : rebase_source : c1730d2ac5d352dcaec1889d4f20dd9bc0a838a8
2017-05-12 20:04:07 -06:00
ffxbld
af8ecb9a1e
No bug, Automated HPKP preload list update from host bld-linux64-spot-376 - a=hpkp-update
2017-05-24 08:09:01 -07:00
ffxbld
08e4cade1c
No bug, Automated HSTS preload list update from host bld-linux64-spot-376 - a=hsts-update
2017-05-24 08:08:58 -07:00
Ryan VanderMeulen
e096678430
Merge m-c to autoland. a=merge UPGRADE_NSS_RELEASE
...
--HG--
rename : dom/security/test/sri/iframe_style_crossdomain.html => dom/security/test/sri/iframe_style_crossdomain_legacy.html
rename : mobile/android/themes/core/content.css => mobile/android/themes/geckoview/content.css
rename : mobile/android/themes/core/images/accessiblecaret-normal-hdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-normal-hdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-normal-xhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-normal-xhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-normal-xxhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-normal-xxhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-left-hdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-left-hdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-left-xhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-left-xhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-left-xxhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-left-xxhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-right-hdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-right-hdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-right-xhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-right-xhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-right-xxhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-right-xxhdpi.png
rename : mobile/android/themes/core/images/dropmarker-right.svg => mobile/android/themes/geckoview/images/dropmarker-right.svg
rename : mobile/android/themes/core/images/dropmarker.svg => mobile/android/themes/geckoview/images/dropmarker.svg
rename : mobile/android/themes/core/images/cast-active.svg => mobile/android/themes/geckoview/images/videocontrols-cast-active.svg
rename : mobile/android/themes/core/images/cast-ready.svg => mobile/android/themes/geckoview/images/videocontrols-cast-ready.svg
rename : mobile/android/themes/core/images/exitfullscreen.svg => mobile/android/themes/geckoview/images/videocontrols-exitfullscreen.svg
rename : mobile/android/themes/core/images/fullscreen.svg => mobile/android/themes/geckoview/images/videocontrols-fullscreen.svg
rename : mobile/android/themes/core/images/mute.svg => mobile/android/themes/geckoview/images/videocontrols-mute.svg
rename : mobile/android/themes/core/images/pause.svg => mobile/android/themes/geckoview/images/videocontrols-pause.svg
rename : mobile/android/themes/core/images/play.svg => mobile/android/themes/geckoview/images/videocontrols-play.svg
rename : mobile/android/themes/core/images/scrubber.svg => mobile/android/themes/geckoview/images/videocontrols-scrubber.svg
rename : mobile/android/themes/core/images/unmute.svg => mobile/android/themes/geckoview/images/videocontrols-unmute.svg
rename : mobile/android/themes/core/scrollbar-apz.css => mobile/android/themes/geckoview/scrollbar-apz.css
rename : mobile/android/themes/core/touchcontrols.css => mobile/android/themes/geckoview/videocontrols.css
extra : rebase_source : a5b4c2c75991990af25c4686ff96c199834ff317
2017-05-23 13:41:47 -04:00
ffxbld
0fea6cd28c
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2017-05-23 08:08:00 -07:00
ffxbld
0704600a36
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2017-05-23 08:07:57 -07:00
Franziskus Kiefer
073576f302
Backed out changeset bf6ee973f04e because of Android bustage UPGRADE_NSS_RELEASE
...
--HG--
extra : amend_source : 6502b79382c14536c060c03b428172cb6edc9d3f
2017-05-23 13:22:21 +02:00
Franziskus Kiefer
66f094103a
Bug 1345368 - land NSS 0c3800b6eaba UPGRADE_NSS_RELEASE, r=me
2017-05-23 12:36:33 +02:00
David Keeler
3ddfb3c1ce
bug 1364159 - potentially avoid calling CERT_CreateSubjectCertList in NSSCertDBTrustDomain::FindIssuer r=Cykesiopka,jcj
...
CERT_CreateSubjectCertList is not an inexpensive function call, since it
enumerates the certificate database (i.e. reads from disk a lot). If we're
verifying for a TLS handshake, however, we should already have in memory a
certificate chain sent by the peer (there are some cases where we won't, such as
session resumption (see bug 731478)). If we can, we should use those
certificates before falling back to calling CERT_CreateSubjectCertList.
MozReview-Commit-ID: ASjVGsELb1O
--HG--
extra : rebase_source : 1efc635d4a98079c87f77ef3794e4b2f20eec59f
2017-05-11 16:41:12 -07:00
Dan Banner
ea09f270ab
Bug 1368041
- Enable no-array-constructor across mozilla-central r=standard8
...
MozReview-Commit-ID: EXJNufdKKhJ
--HG--
extra : rebase_source : 66d17c7981c4b0987c482ce092b25990b42c07fb
2017-05-27 15:17:29 +01:00
Cykesiopka
73288e2bbf
Bug 1174555 - Improve state string parsing test coverage. r=keeler
...
MozReview-Commit-ID: Fv66f1gu4kT
--HG--
extra : rebase_source : f02a317fd958909d42bad9cd206f5a74f36d8689
2017-05-21 10:43:44 +08:00
Cykesiopka
114202795c
Bug 1174555 - Clean up some SiteSecurityService state file related tests. r=keeler
...
MozReview-Commit-ID: 6qXV04CUElu
--HG--
extra : rebase_source : ba47e0cfe9317703895df02277568e59cc56591c
2017-05-21 10:43:32 +08:00
Cykesiopka
c1efdc2244
Bug 1174555 - Stop using PR_sscanf() in nsSiteSecurityService.cpp. r=keeler
...
While the uses of PR_sscanf() in PSM are safe, the function in general is
vulnerable to format string attacks, and so should be avoided.
This change removes the only uses of the function in PSM and moves to the more
obviously safe mozilla::Tokenizer.
MozReview-Commit-ID: J4BP6JTE1zI
--HG--
extra : rebase_source : e77e8b1ba70bef6f0ff794b7d066bbbdebe8f58e
2017-05-21 10:43:18 +08:00
tiago
95d9608ba4
Bug 1367198 - Remove duplicate ESLint rule definitions from various .eslintrc.js files. r=standard8
...
MozReview-Commit-ID: AUz5l7XPfwY
--HG--
extra : rebase_source : 2cb4758cdf51765fc61fbc6795fcd7bc85ef67bf
2017-05-24 13:55:24 -03:00
Jed Davis
039a1c2b5c
Bug 1321134 - Allow access to dconf shared-memory flags. r=gcp,glandium
...
DConf uses small memory-mapped files for the writer to signal readers
to invalidate cached data; the file is created by the first reader and
readers will write to it to force storage allocation.
If we don't allow opening the file, DConf will still work, but it will
reread the database on every pref access, and it prints messages on
stderr claiming it won't work. So we should avoid that.
MozReview-Commit-ID: 9xoBIhtu5cu
--HG--
extra : rebase_source : 582b3bc30f2181b6564eefa34082a561f9cc0c28
2017-05-30 07:10:15 -06:00
Alex Gaynor
e43d5d424f
Bug 1370540 - Extend the level 3 content sandbox filesystem read blacklist to include /Network and /Users; r=haik
...
MozReview-Commit-ID: 6RfS5aYRghK
--HG--
extra : rebase_source : c8d084d42dc2b37e4a0642e1a72bdd514a68d465
2017-06-06 10:48:06 -04:00
Franziskus Kiefer
ff206e6461
Bug 1370890 - land NSS a1a6eb781dd4 UPGRADE_NSS_RELEASE, r=me
...
--HG--
extra : rebase_source : b38b2c15012f240a5d34f91446ca20be38f61962
2017-06-13 14:26:51 +02:00
Bob Owen
caa7e3c377
Bug 1368600: Add telemetry with the error code for when a Windows sandboxed child process fails to start. r=jimm, data-review=francois
2017-06-13 08:54:41 +01:00
Randell Jesup
b0a3a49ce8
Bug 1361703: enable NR_epoll_create/create1 in linux sandbox r=jld
...
Enables creating new libevent epoll queues on Linux
2017-06-13 01:54:20 -04:00
Wes Kocher
19965a9bcf
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: 3oLjBFfMQdZ
2017-06-02 17:29:12 -07:00
Daniel Holbert
ec576781c3
Bug 1369806: Fix up pkix test to correctly pass zero to CreateEncodedBasicConstraints (which takes a pointer-to-long, rather than a long). r=keeler
...
MozReview-Commit-ID: Ki8AHuW5zyP
--HG--
extra : rebase_source : b2c8ba7ad4414c8059f23e9d775fdee7000a4c18
2017-06-02 13:21:53 -07:00
Daniel Holbert
ca4b542080
Bug 1369864: Suppress clang -Wno-zero-as-null-pointer-constant build warning, in pkix/test/gtest. r=keeler
...
The gtest headers trigger many instances of this warning, due to their usage of
NULL instead of nullptr.
MozReview-Commit-ID: Dhv7mPHpZ7I
--HG--
extra : rebase_source : a272472e5cf9a946df3fb1b0ffe919bb0d52f093
2017-06-02 13:05:30 -07:00
Daniel Holbert
2a87f6e3c3
Bug 1369837: Add a void cast to silence clang Wcomma build warning, in sandbox's snapshot of chromium header. r=bobowen
...
The build warning is for "possible misuse of comma operator".
The comma operator is a bit of a footgun becasue its first operand's result
just gets dropped on the floor (in this case, the result of the DCHECK
expression). It appears that Chromium's use of the comma operator here is
intentional, though -- so we might as well accept clang's suggestion and "cast
expression to void to silence warning".
This is also filed upstream as:
https://bugs.chromium.org/p/chromium/issues/detail?id=729123
MozReview-Commit-ID: Al2xsYEo3p0
--HG--
extra : rebase_source : 68d01b50ff1f07b68ddc0eeb7280ac412ac92932
2017-06-02 12:45:01 -07:00
Daniel Holbert
f2024755c3
Bug 1369871: Add "const" keyword to a long* param in a pkix test function. r=keeler
...
The only reason this param is a pointer is so that it can be optional. It's not
an outparam -- the function does not (and does not intend to) modify it -- so
it should be declared as 'const' to make that clearer & to allow clients to
pass in pointers to const values.
MozReview-Commit-ID: HbF96YNfnSt
--HG--
extra : rebase_source : 674abeb4c68f6c3fcdbc38edaf19e739ef09a3f6
2017-06-02 13:45:41 -07:00
Rajesh Kathiriya
fafb858b26
Bug 1370225 - Enabled the ESLint comma-style rule across mozilla-central. r=standard8
...
MozReview-Commit-ID: 9OhLgBpYS4L
--HG--
extra : rebase_source : 5155e715934e7acd2ffadb4856eb91f481cbf56c
2017-06-15 18:24:17 +01:00
Bob Owen
e6bdfd5594
Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm
...
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
MozReview-Commit-ID: Jn6pCkLoGNM
--HG--
extra : source : 431267ab28deabef6ed7c791d8dff79e3fe590c1
2017-05-22 20:41:28 +01:00
Bob Owen
035cf9bdc2
Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm
...
MozReview-Commit-ID: L8wcVhdLvFe
--HG--
extra : source : c3fb60fbc32660719c1b8b06dc785abd4559d6c0
2017-05-22 20:41:27 +01:00
Wes Kocher
848c9aa744
Backed out 3 changesets (bug 1339105) for plugin process leaks a=backout
...
Backed out changeset 431267ab28de (bug 1339105)
Backed out changeset 445875fbf13b (bug 1339105)
Backed out changeset c3fb60fbc326 (bug 1339105)
MozReview-Commit-ID: 4HYUQbHHnox
2017-05-22 15:14:23 -07:00
Bob Owen
16a4871cdf
Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm
...
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
2017-05-22 20:41:28 +01:00
Bob Owen
edf3a239b1
Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm
...
MozReview-Commit-ID: L8wcVhdLvFe
2017-05-22 20:41:27 +01:00
Sebastian Hengst
89e33081c6
Backed out changeset 50bf4c923818 (bug 1339105) for Windows bustage: calling protected constructor of class 'nsAString' at sandboxBroker.cpp(208,11). r=backout on a CLOSED TREE
2017-05-22 16:16:16 +02:00
Sebastian Hengst
2a69fd246c
Backed out changeset 367734cc9370 (bug 1339105)
2017-05-22 16:14:27 +02:00
Bob Owen
62c455086d
Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm
...
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
2017-05-22 14:29:06 +01:00
Bob Owen
f24abd4ac3
Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm
...
MozReview-Commit-ID: L8wcVhdLvFe
2017-05-22 14:29:06 +01:00
Mark Banner
0ce286101c
Bug 1359011 - Make the mozilla/recommended eslint configuration the default for the whole tree. r=mossop
...
MozReview-Commit-ID: HtUW43tCli1
--HG--
extra : rebase_source : 6496bc47860d9c1ab522a78e73b41550700021cb
2017-04-25 20:12:21 +01:00
Ryan VanderMeulen
c1ebf1a679
Merge autoland to m-c. a=merge
2017-05-19 11:37:57 -04:00
ffxbld
d8e6abb218
No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update
2017-05-19 08:36:17 -07:00
ffxbld
446dd7af72
No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update
2017-05-19 08:36:14 -07:00
Wes Kocher
90573b0612
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: FYdNNRDmEla
2017-05-18 17:21:30 -07:00
Cykesiopka
73916bae28
Bug 1362735 - Clean up nsIPKCS11 implementation. r=keeler
...
The changes here:
1. Make it easier to discover where nsIPKCS11 is implemented / make it easier to
discover what the file implements.
2. Reduce global scope pollution.
3. Make nsCrypto.h no longer unnecessarily exported.
4. Remove NS_CRYPTO_CONTRACTID from nsDOMCID.h, since the define isn't used
anywhere.
5. Move the definition of NS_PKCS11_CONTRACTID from nsDOMCID.h into PSM code,
since this contract ID is firmly in PSM territory now.
MozReview-Commit-ID: 2PdFM0mlL4R
--HG--
rename : security/manager/ssl/nsCrypto.cpp => security/manager/ssl/PKCS11.cpp
rename : security/manager/ssl/nsCrypto.h => security/manager/ssl/PKCS11.h
extra : rebase_source : 46667edef5a1d8c910d96dec1125c05bc3477bee
2017-05-19 00:57:46 +08:00
ffxbld
f2272dd703
No bug, Automated HPKP preload list update from host bld-linux64-spot-361 - a=hpkp-update
2017-05-18 08:02:44 -07:00
ffxbld
6a62795f0e
No bug, Automated HSTS preload list update from host bld-linux64-spot-361 - a=hsts-update
2017-05-18 08:02:41 -07:00
Wes Kocher
0a5ec26ac6
Merge inbound to central, a=merge
...
UPGRADE_NSS_RELEASE
MozReview-Commit-ID: 9BuuGYyJ3RJ
--HG--
extra : amend_source : 57de84460e0ace13892ff1623451b9b9be8eaeeb
2017-05-17 14:48:30 -07:00
ffxbld
399a95bd59
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2017-05-17 08:11:58 -07:00
ffxbld
4d10d237bc
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2017-05-17 08:11:55 -07:00
Franziskus Kiefer
3d4912c914
Bug 1345368 - land NSS 57e38a8407b3, r=me
...
UPGRADE_NSS_RELEASE
--HG--
extra : rebase_source : 64f2e33d0ca49b6870882d204e899442af785ba4
extra : amend_source : 7277b5d0c15a2d51726d216f57bfed7958b45c8a
2017-05-16 17:12:24 +02:00
ffxbld
b2cb7e672d
No bug, Automated HPKP preload list update from host bld-linux64-spot-380 - a=hpkp-update
2017-05-16 08:13:54 -07:00
ffxbld
19e0f277b1
No bug, Automated HSTS preload list update from host bld-linux64-spot-380 - a=hsts-update
2017-05-16 08:13:51 -07:00
Wes Kocher
476feed09f
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: 6IorAN8i9Ot
2017-05-15 16:34:36 -07:00
Christoph Kerschbaumer
e4f38c8d7c
Bug 1362993 - Rewrite gBrowser.addTab() to use BrowserTestUtils.addTab(). r=florian
2017-05-15 21:49:50 +02:00
ffxbld
ae24a3c83d
No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update
2017-05-15 08:12:24 -07:00
ffxbld
72bbccaa89
No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update
2017-05-15 08:12:21 -07:00
Sebastian Hengst
54ede0dc6f
merge autoland to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 8kOFbYIPLER
2017-05-14 18:00:48 +02:00
ffxbld
e565da0035
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-05-14 08:03:09 -07:00
ffxbld
f899cc0d30
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-05-14 08:03:06 -07:00
ffxbld
06b337ab22
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2017-05-13 08:04:42 -07:00
ffxbld
418e3e6f07
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2017-05-13 08:04:39 -07:00
Sebastian Hengst
97a63d02ee
merge mozilla-central to autoland. r=merge a=infra-fix on a CLOSED TREE
...
--HG--
extra : amend_source : df33eddb7158f7ecf8d1677755d46f948c7bfa04
2017-05-14 00:39:30 +02:00
Alex Gaynor
33b7e1fa87
Bug 1363179 - do not allow content processes to read from /Volumes on macOS r=haik
...
MozReview-Commit-ID: 8osJVQD3myh
--HG--
extra : rebase_source : 8cda32ca1bca80b796458d36099244a45af2f185
2017-05-12 16:18:57 -04:00
ffxbld
278ecdca02
No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update
2017-05-12 08:14:12 -07:00
ffxbld
cb3007aeba
No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update
2017-05-12 08:14:09 -07:00
Cameron McCormack
203bdaed3b
Bug 1361235 - Part 2: Re-enable some tests. r=emilio
...
MozReview-Commit-ID: 76FaOwHjIMB
--HG--
extra : rebase_source : e2e36bd8a6b86761fe616d7c30d8df7b661a4e09
2017-05-11 19:19:52 +08:00
Ryan VanderMeulen
ff1d6f6f88
Merge m-c to autoland. a=merge
2017-05-11 11:30:47 -04:00
ffxbld
41c4f9d9b5
No bug, Automated HPKP preload list update from host bld-linux64-spot-376 - a=hpkp-update
2017-05-11 08:11:46 -07:00
ffxbld
e3cb6315c8
No bug, Automated HSTS preload list update from host bld-linux64-spot-376 - a=hsts-update
2017-05-11 08:11:43 -07:00
Mark Banner
2bf9485071
Bug 1362947 - Upgrade eslint-plugin-html to 2.0.3 to pick up --fix support. r=jaws
...
MozReview-Commit-ID: 5fVG7akPnGM
--HG--
extra : rebase_source : e462e84bf8f2ffd893d1fd6b5ea14bbc093168dd
2017-05-08 10:29:47 +01:00
Sebastian Hengst
95a418ca5b
Backed out changeset e0f9c56c15f0 (bug 1362947) for linting failures, e.g. at accessible/tests/mochitest/jsat/doc_content_text.html:15. r=backout
2017-05-11 10:15:55 +02:00
Mark Banner
256aeb441c
Bug 1362947 - Upgrade eslint-plugin-html to 2.0.3 to pick up --fix support. r=jaws
...
MozReview-Commit-ID: 5fVG7akPnGM
--HG--
extra : rebase_source : f1b9eeb1b2048b551ee8c0a596e6395d0031cc4d
2017-05-08 10:29:47 +01:00
Alex Gaynor
9a4c947617
Bug 1363729 - Fixed a small formatting regression in tests. r=haik
...
MozReview-Commit-ID: 7I6tKS6yoM7
--HG--
extra : rebase_source : 03a652024d30a57ad270338bc6e222281d0e7c78
2017-05-10 10:05:25 -04:00
Cykesiopka
7b21c27198
Bug 1308143 - Clean up ExtendedValidation.cpp. r=keeler
...
In general, the changes here attempt to:
1. Fix up the style to match modern PSM style.
2. Shorten unnecessarily long code.
3. Reduce global scope pollution.
MozReview-Commit-ID: GFyqFgV0RLD
--HG--
extra : source : 8cb5ee464e42ff07324922abeffef00c7cb1fb1b
2017-05-09 00:53:21 +08:00
Wes Kocher
91617240e6
Merge m-c to autoland, a=merge
2017-05-09 14:59:18 -07:00
ffxbld
195bf8782f
No bug, Automated HPKP preload list update from host bld-linux64-spot-381 - a=hpkp-update
2017-05-09 08:04:36 -07:00
ffxbld
b72e6cc191
No bug, Automated HSTS preload list update from host bld-linux64-spot-381 - a=hsts-update
2017-05-09 08:04:33 -07:00
Hemant Singh Patwal
fd32e8da4a
Bug 1359614
- Move the security/manager/.eslintrc.js to security/.eslintrc.js and fix the ESLint issues raised. r=standard8
...
MozReview-Commit-ID: AlfInBsIPnF
--HG--
rename : security/manager/.eslintrc.js => security/.eslintrc.js
extra : rebase_source : 4dfdd45a4f1e4d3e45e2ef353dd0bb343a3d1adb
2017-05-09 19:48:02 +05:30
Wes Kocher
75c2b7a481
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: 3BrkDVl7521
2017-05-08 16:24:51 -07:00
Wes Kocher
cbfdaf8fb2
Merge inbound to central, a=merge CLOSED TREE
...
MozReview-Commit-ID: 5kxOZZxjMEl
2017-05-08 16:07:25 -07:00
ffxbld
e784eb5820
No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update
2017-05-08 07:59:23 -07:00
ffxbld
ba31bb05d4
No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update
2017-05-08 07:59:20 -07:00
Paolo Amadini
eddc9033bf
Bug 1254558 - Remove about:config preferences only used by the legacy nsIDownloadManager code. r=mak
...
MozReview-Commit-ID: 7XSnNdirh8s
--HG--
extra : rebase_source : 9b475be16843af7c3dd2244ef43cd34b1c8e5ea3
2017-05-05 11:51:09 +01:00
Iris Hsiao
9d78a18f36
merge autoland to mozilla-central a=merge
2017-05-08 11:10:13 +08:00
ffxbld
8b70b0a503
No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update
2017-05-07 08:02:02 -07:00
ffxbld
100845ade3
No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update
2017-05-07 08:01:59 -07:00
Wes Kocher
efab9f9365
Merge inbound to m-c a=merge
...
MozReview-Commit-ID: KSYtdX2VPce
2017-05-05 14:03:31 -07:00
Wes Kocher
70383223c7
Merge autoland to central, a=merge
...
MozReview-Commit-ID: 8Byspu8RLyg
2017-05-05 13:22:33 -07:00
Haik Aftandilian
8c95154f41
Bug 1361304 - Remove /private/var read access from Mac level 3 content sandbox; r=Alex_Gaynor
...
Removes read access to /private/var and its subdirectories from
the content process under the level 3 Mac sandbox. Still permits
reading of file metadata within the majority of /private/var.
Adds tests to validate the level 3 Mac content sandbox prevents
reading from /private.
MozReview-Commit-ID: FO5dz0F7dl4
--HG--
extra : rebase_source : 226f8de6d4d88f188c272a3e119ed7b8bac292df
2017-05-05 10:48:52 -07:00
ffxbld
274d2a7dd5
No bug, Automated HPKP preload list update from host bld-linux64-spot-386 - a=hpkp-update
2017-05-05 08:05:06 -07:00
ffxbld
744bf45b07
No bug, Automated HSTS preload list update from host bld-linux64-spot-386 - a=hsts-update
2017-05-05 08:05:04 -07:00
Franziskus Kiefer
66955a7251
Bug 1345368 - land NSS 236a06d9c3c4, r=me
...
--HG--
extra : rebase_source : b097dd39571750acd76656e275e6899c95d52269
2017-05-05 16:07:08 +02:00
Carsten "Tomcat" Book
fdc689ba16
merge mozilla-inbound to mozilla-central a=merge
2017-05-05 15:17:26 +02:00
Carsten "Tomcat" Book
71adb3de58
merge autoland to mozilla-central a=merge
2017-05-05 15:13:36 +02:00
ffxbld
1a46d31be5
No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update
2017-05-04 08:04:48 -07:00
ffxbld
c76af0c30b
No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update
2017-05-04 08:04:45 -07:00
L. David Baron
c364774efb
Bug 1353458 - Make test_cert_blocklist more flexible about order of lines in revocations.txt. r=keeler
...
This allows patches to land that will change the hashtable enumeration
order, which in turn changes the ordering of the lines in
revocations.txt.
MozReview-Commit-ID: Fyuahnpky6g
--HG--
extra : rebase_source : 1e918481db566213205e330f33d6b00bdc3b4f11
2017-05-04 15:17:50 -07:00
Alex Gaynor
445480436b
Bug 1361733 - In debug builds, do not allow content sandbox to write to all of /private/var r=haik
...
This permission was needed for the memory bloat logging, which is used for
leaktest, including logging intentionally crashing processes. Now we restrict
ourselves to only allowing writes to the location needed for this logging,
rather than all of /private/var.
MozReview-Commit-ID: 5AbJEZlDHNV
--HG--
extra : rebase_source : 26936b8d8bca53f2c37a195b5e7c69c151ec18d2
2017-05-02 11:07:10 -04:00
Patrick McManus
b6d4239e55
Bug 1363029 - mark nsICryptoHash builtinclass r=keeler
...
MozReview-Commit-ID: 5fEuGtASoZ1
--HG--
extra : rebase_source : 944354d8dee60504836cc754fe60541f09ff3937
2017-05-08 10:07:31 -04:00
Carsten "Tomcat" Book
6ae9b7bb71
Merge mozilla-central to autoland
...
--HG--
rename : browser/base/content/gcli_sec_bad.svg => devtools/client/themes/images/gcli_sec_bad.svg
rename : browser/base/content/gcli_sec_good.svg => devtools/client/themes/images/gcli_sec_good.svg
rename : browser/base/content/gcli_sec_moderate.svg => devtools/client/themes/images/gcli_sec_moderate.svg
2017-05-05 15:27:55 +02:00
Cykesiopka
a05d6a925c
Bug 1361750 - Disable various MSVC 2017 warnings in PSM to unbreak --enable-warnings-as-errors builds. r=keeler
...
MSVC 2017 headers aren't warning free at the -Wall level.
Since PSM enables -Wall in some moz.build files, this breaks
--enable-warnings-as-errors builds.
As a temporary measure, disable enough warnings to get working builds.
MozReview-Commit-ID: G0oUsAYYct2
--HG--
extra : rebase_source : dc37783c89e66a54510c9940f9eaa5a4340ef43e
2017-05-05 00:41:33 +08:00
Cykesiopka
d1803f67e9
Bug 1358183 - Remove some unused PSM IDL constants and functions. r=keeler
...
MozReview-Commit-ID: C8EGosXvTQL
--HG--
extra : rebase_source : 9c141f6750d7658409fc2820f17940abe067fb4a
2017-05-04 00:06:43 +08:00
Wes Kocher
323540c8ac
Merge autoland to m-c a=merge
...
MozReview-Commit-ID: 30wEaH7LuuE
2017-05-03 13:17:05 -07:00
ffxbld
1e6ecc6322
No bug, Automated HPKP preload list update from host bld-linux64-spot-364 - a=hpkp-update
2017-05-03 08:06:32 -07:00
ffxbld
5f67a395c5
No bug, Automated HSTS preload list update from host bld-linux64-spot-364 - a=hsts-update
2017-05-03 08:06:29 -07:00
Wes Kocher
e141e24ffb
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: 1peTFbNMVnU
2017-05-02 17:38:11 -07:00
ffxbld
abe68d5dad
No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update
2017-05-02 08:06:54 -07:00
ffxbld
e46e6eacbf
No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update
2017-05-02 08:06:51 -07:00
Ting-Yu Lin
918033ba12
Bug 1321754 Part 2 - Update reftest and crashtest expectations for stylo. r=heycam
...
MozReview-Commit-ID: AunZ2DE209M
--HG--
extra : rebase_source : 4a091cd55581039c8d81f4db9bfbe2af8c0d0863
2017-04-28 14:53:16 +08:00
Haik Aftandilian
cbffb758e8
Bug 1360356 - [Mac] Remove "/Library/Caches/TemporaryItems" rule from level 3 Content Sandbox; r=Alex_Gaynor
...
Remove reading of "~/Library/Caches/TemporaryItems" from level 3 and update
sandboxing filesystem test to check ~/Library/Caches/TemporaryItems readability.
MozReview-Commit-ID: 6EMzH7brSnp
--HG--
extra : rebase_source : f97b5625da2abda73decc969fc581c2bf858183f
2017-04-28 11:48:43 -07:00
ffxbld
ae8c2e2354
No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update
2017-05-01 07:56:05 -07:00
ffxbld
a2f0c5af03
No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update
2017-05-01 07:56:03 -07:00
ffxbld
3dc6ceb427
No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update
2017-04-30 07:50:30 -07:00
ffxbld
0d823cefd8
No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update
2017-04-30 07:50:27 -07:00
ffxbld
38fdbbcaa4
No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update
2017-04-29 07:55:26 -07:00
ffxbld
ca0521550a
No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update
2017-04-29 07:55:24 -07:00
Wes Kocher
f831128354
Merge autoland to central, a=merge
...
MozReview-Commit-ID: B7tVdcR40eh
2017-04-28 15:43:18 -07:00
David Keeler
1ef3597000
bug 1360623 - add hash algorithm constants to pykey for easier consumer use r=jcj
...
For signing, pykey.py delegates to 3rd party libraries. One of these libraries
expects hash algorithms to be specified in the form "SHA-256" whereas the other
expects "sha256". Consumers of pykey shouldn't need to be aware of this detail.
This patch introduces constants HASH_SHA1, HASH_SHA256, etc. and changes pykey
to determine which string literals to use itself.
MozReview-Commit-ID: 27laM2uXMwJ
--HG--
extra : rebase_source : 9b74f486f7535671fd26c59e3e9cc3b4459f15e0
2017-04-28 11:06:28 -07:00
ffxbld
784ec1af14
No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update
2017-04-28 07:52:40 -07:00
ffxbld
ce8bde832b
No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update
2017-04-28 07:52:37 -07:00
David Keeler
f900f10f03
bug 1361201 - decrease OCSP soft timeout to 1 second on prerelease builds r=jcj
...
MozReview-Commit-ID: ENYyG8ZeXYe
--HG--
extra : rebase_source : 5c30b914a39a2dce89190c7d5db703952408aae3
2017-05-01 17:05:31 -07:00
David Keeler
3caa6189aa
bug 1349312 - part 2/2: add pyct.py and generate test certificate transparency information r=Cykesiopka,jcj
...
MozReview-Commit-ID: 9Htv04PfRzb
This introduces pyct.py with the capability of generating Signed Certificate
Timestamps for our test certificates. Also introduces a simple testcase that
should validate correctly under current CT requirements as well as one that does
not validate due to an insufficient number of SCTs.
(Note that "validate" in this case does not refer to the overall TLS handshake
result, because CT is not currently required. It more or less refers to the
value of certificateTransparencyStatus of the SSLStatus of the connection's
securityInfo - see nsISSLStatus.idl.)
--HG--
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.key => security/manager/ssl/tests/unit/test_ct/default-ee.key
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec => security/manager/ssl/tests/unit/test_ct/default-ee.key.keyspec
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.pem => security/manager/ssl/tests/unit/test_ct/default-ee.pem
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec => security/manager/ssl/tests/unit/test_ct/default-ee.pem.certspec
rename : security/manager/ssl/tests/unit/bad_certs/test-ca.pem => security/manager/ssl/tests/unit/test_ct/test-ca.pem
rename : security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec => security/manager/ssl/tests/unit/test_ct/test-ca.pem.certspec
extra : rebase_source : 66c5a5e16eeb47c97972248d61a4f1cbadf59a49
2017-04-17 14:55:35 -07:00
David Keeler
c138b8d0b6
bug 1349312 - part 1/2: patch CT implementation to include debug-only test logs r=Cykesiopka,jcj
...
MozReview-Commit-ID: Gay4bliuiDc
This modifies getCTKnownLogs.py to inject 3 debug-only Certificate Transparency
log keys and 2 organizations ("Mozilla Test Org 1" and "2") for use with
integration tests. Also updates CTKnownLogs.h as generated by the python script.
The debug logs use the "default", "secp256r1", and "alternate" keys that are
already present in our testing infrastructure (see pykey.py).
--HG--
extra : rebase_source : 3d4fc736f840cd080fab6b8c6c5b53cc9361abf2
2017-04-19 14:02:26 -07:00
David Keeler
455ab646d3
bug 1337950 - work around failing to load a FIPS PKCS#11 module DB in NSS initialization r=Cykesiopka,jcj
...
Firefox essentially does not support running NSS in FIPS mode any longer. This
has always been the case on Android from what I can tell and it has been the
case on OS X since at least version 34 (see bug 1047584). It became the case on
Windows as of version 53 (see bug 1295937). Unfortunately, before this patch,
if a user attempted to run an affected version of Firefox using a profile
directory containing an NSS database collection that had FIPS enabled, NSS
initialization would fail and fall back to running in no DB mode, which had the
side-effect of making any saved passwords and certificates unavailable. This
patch attempts to detect and work around this failure mode by moving the
PKCS#11 module DB (which is where the FIPS bit is set) to a backup location and
basically running with a fresh, non-FIPS module DB. This allows Firefox to
initialize NSS with the preexisting key and certificate databases available.
MozReview-Commit-ID: 1E4u1ngZyRv
--HG--
rename : security/manager/ssl/tests/unit/test_sdr_preexisting.js => security/manager/ssl/tests/unit/test_broken_fips.js
rename : security/manager/ssl/tests/unit/test_sdr_preexisting/key3.db => security/manager/ssl/tests/unit/test_broken_fips/key3.db
extra : rebase_source : 887f457e998d6e57c6536573fbe3cb10547fe154
2017-04-20 10:31:22 -07:00
Wes Kocher
be34ade6b6
Merge autoland to central, a=merge
...
MozReview-Commit-ID: 2pgVZdnDKno
2017-04-27 12:44:03 -07:00
ffxbld
068e6f2925
No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update
2017-04-27 07:52:27 -07:00
ffxbld
7d28817077
No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update
2017-04-27 07:52:24 -07:00
Jed Davis
3c4e538953
Bug 1361238 - Re-allow accept4, used by accessibility. r=gcp
...
MozReview-Commit-ID: 3M3T3bkx4nP
--HG--
extra : rebase_source : b67332889615ae34cc67737da361f21ae545aeb4
2017-05-01 21:51:11 -06:00
Jed Davis
7d9acbdace
Bug 1358647 - Disallow bind/listen/accept for Linux content processes. r=gcp
...
MozReview-Commit-ID: Cz9MKxOJnsS
--HG--
extra : rebase_source : d3ab7ff9020066d5fe9ac3121c88c85b9fde6224
2017-04-25 19:29:32 -06:00
Wes Kocher
226702fd85
Merge m-c to autoland a=merge
...
MozReview-Commit-ID: LOGgOErcV9L
2017-04-26 17:43:38 -07:00
ffxbld
ce5ccb6a8c
No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update
2017-04-26 08:02:08 -07:00
ffxbld
728d6a0b30
No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update
2017-04-26 08:02:05 -07:00
ffxbld
876c7dd305
No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update
2017-04-25 07:57:31 -07:00
ffxbld
1d0cdb27cb
No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update
2017-04-25 07:57:28 -07:00
David Keeler
fe73f5843c
bug 1356499 - put NCSCCS pins into production mode r=mgoodwin
...
As requested by James Burton<jb@0.me.uk> and vouched for (via email) by
Lucas Garron <lgarron@google.com>.
MozReview-Commit-ID: HD9laXzJpRg
--HG--
extra : rebase_source : 7c632c6772509a3c4c03cf971ee0f62ad5225275
2017-04-25 14:33:07 -07:00
David Keeler
f821131b3b
bug 1361893 - remove two unnecessary mutexes and a cast from SSLServerCertVerification.cpp r=kmckinley
...
gSSLVerificationPK11Mutex isn't used at all - it can be removed
gSSLVerificationTelemetryMutex is unnecessary because telemetry has its own lock:
https://dxr.mozilla.org/mozilla-central/rev/a748acbebbde373a88868dc02910fb2bc5e6a023/toolkit/components/telemetry/TelemetryHistogram.cpp#1135
https://dxr.mozilla.org/mozilla-central/rev/a748acbebbde373a88868dc02910fb2bc5e6a023/toolkit/components/telemetry/TelemetryHistogram.cpp#1984
The nsNSSSocketInfo* cast in SSLServerCertVerificationResult::Run() is
unnecessary because mInfoObject is a RefPtr<nsNSSSocketInfo>.
MozReview-Commit-ID: DG7qWGg2amQ
--HG--
extra : rebase_source : 0a475d7aba75ba4debecc7cec2ed14319082d9ab
2017-05-03 16:44:17 -07:00
Wes Kocher
33c2277e1f
Merge m-c to inbound, a=merge
...
MozReview-Commit-ID: 7rfXDtMWy2C
2017-07-12 18:26:46 -07:00
Carsten "Tomcat" Book
dc83b98670
Merge mozilla-central to mozilla-inbound
2017-07-12 11:17:55 +02:00
David Parks
7aff7962d7
Bug 1377249
- Allow Flash to create Secure Socket connections. r=bobowen
2017-07-11 19:26:24 -07:00
Wes Kocher
05a47acee9
Merge m-c to inbound a=merge
...
MozReview-Commit-ID: 3NCtyMc525N
2017-04-24 16:14:52 -07:00
Wes Kocher
94ff05c50d
Merge autoland to central, a=merge
...
MozReview-Commit-ID: EaYU8ma2C4H
2017-04-24 15:45:27 -07:00
ffxbld
baf47b352e
No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update
2017-04-24 07:53:50 -07:00
ffxbld
e2320972af
No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update
2017-04-24 07:53:47 -07:00
ffxbld
313e5199bf
No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update
2017-04-23 07:58:17 -07:00
ffxbld
16b68f30f8
No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update
2017-04-23 07:58:14 -07:00
David Parks
532fe74f04
Bug 1347710 - Enable sandbox protections for the Windows GPU process. r=bobowen
...
The sandbox works with levels. The GPU sandbox level defaults to 1 in all builds. It is controlled by security.sandbox.gpu.level.
2017-04-24 09:46:09 -07:00
ffxbld
cfbd9ba5ea
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2017-04-21 07:57:04 -07:00
ffxbld
7e0a6b7086
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2017-04-21 07:57:01 -07:00
Carsten "Tomcat" Book
975e251aff
merge mozilla-inbound to mozilla-central a=merge
2017-04-21 10:57:02 +02:00
Wes Kocher
4f3c2d9829
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: DPzfAm14Tdx
2017-04-20 15:52:28 -07:00
Nathan Froyd
35bd9439ac
Bug 1357741 - make nsCertOverrideService's locking more efficient; r=keeler
...
nsCertOverrideService uses a ReentrantMonitor to protect its inner
state. However, there's no way for nsCertOverrideService's methods to
be re-entered when calling outside code. The use of ReentrantMonitor
appears to be compensating for an unclear division of locking
responsibilities, by enabling every method to simply lock the
ReentrantMonitor upon entrance without care for who might have locked it
beforehand.
Using Mutex is cheaper than ReentrantMonitor, and also forces us to
make explicit who's required to do locking, and who needs to do work
with the lock held.
2017-04-20 10:02:19 -04:00