Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-19 08:15:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
549,224 Commits 615 Branches 98 Tags 5.9 GiB
055bfa76de
Commit Graph

11991 Commits

Author SHA1 Message Date
Kate McKinley
a809b5b8d6 Bug 1374453 - turn HSTS priming on in Beta r=ckerschb 
MozReview-Commit-ID: JHc47g8cDmb

--HG--
extra : rebase_source : cb67f51ac7fef74f43cc05d02bac4ef13c3ded15
 2017-06-19 14:46:48 -07:00
Kate McKinley
9108666ee6 Bug 1374443 - Decrease HSTS priming timeout to 2s r=ckerschb 
MozReview-Commit-ID: 7brYAUXwHvE

--HG--
extra : rebase_source : 4ef6f27cc855b828ac742f2990dc12668bd910aa
 2017-06-19 14:35:27 -07:00
Paolo Amadini
10ee6a5c4e Bug 1362970 - Part 2 - Script-generated patch to convert .then(null, ...) to .catch(...). r=florian 
Changes to Promise tests designed to test .then(null) have been reverted, and the browser/extensions directory was excluded because the projects it contains have a separate process for accepting changes.

MozReview-Commit-ID: 1buqgX1EP4P

--HG--
extra : rebase_source : 3a9ea310d3e4a8642aabbc10636c04bfe2e77070
 2017-06-19 11:32:37 +01:00
Carsten "Tomcat" Book
de892834ed Merge mozilla-central to mozilla-inbound 2017-06-20 11:31:34 +02:00
Alex Gaynor
bb1ea70f5f Bug 1357758 - Replace the file-read blacklist in the macOS sandbox policy with a whitelist of the allowed paths; r=haik 
This makes the policy easier to audit, harder to regress, and easier to further prune the content processes's permissions.

MozReview-Commit-ID: 6VqEoGsWSGH

--HG--
extra : rebase_source : 58a9d35dd6e58624779294b49df5cc7e34cb4320
 2017-04-18 15:57:54 -04:00
Wes Kocher
bfc45b98b9 Merge m-c to inbound, a=merge 
MozReview-Commit-ID: 9XdoB5MuVz6
 2017-07-05 17:17:41 -07:00
Bob Owen
1eb1c9091d Bug 1378061: Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs. r=jimm 2017-07-05 21:00:55 +01:00
Kai Engert
10b5520799 Bug 1380706, PSM should depend on mozStorage, as a workaround for a sqlite3_config race, r=keeler 2017-07-14 15:31:30 +02:00
Carsten "Tomcat" Book
ea1b86680c Backed out changeset 9846de3bd954 (bug 1372405) 
--HG--
extra : rebase_source : 5d4a48e8ec394c329994689d938d2a6e9b2752b0
 2017-06-20 08:27:02 +02:00
Bill McCloskey
4592152411 Bug 1372405 - Provide names for all runnables in the tree (r=froydnj) 
MozReview-Commit-ID: DKR6ROiHRS7
 2017-06-19 22:25:47 -07:00
Bevis Tseng
d1637b9c5a Bug 1372453 - Part 2: Name the caller of ProxyReleaseEvent. r=billm 
MozReview-Commit-ID: LYhSWnZkq0i
 2017-06-14 09:27:17 +08:00
ffxbld
7cc377ce3f No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-06-18 08:24:54 -07:00
ffxbld
a6c7ba400c No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-06-18 08:24:51 -07:00
ffxbld
b95a1a9583 No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2017-06-17 08:38:30 -07:00
ffxbld
091d02c281 No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2017-06-17 08:38:27 -07:00
ffxbld
b2d072aa58 No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-06-16 08:37:44 -07:00
ffxbld
870c286510 No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-06-16 08:37:41 -07:00
David Keeler
0b2a439e7e bug 1373068 - fix the ctypes declaration of SSL_ClearSessionCache in head_psm.js r=Cykesiopka 
SSL_ClearSessionCache is `void SSL_ClearSessionCache()`. In head_psm.js it was
being declared as `SECStatus SSL_ClearSessionCache()` and the "return value" was
being checked, which was incorrect. This apparently wasn't causing failures on
any of our test runs, but with tsan enabled the check would fail.

MozReview-Commit-ID: 6KosOVPu8K4

--HG--
extra : rebase_source : 73addb80a5ab5263a182207a0f4277daf8ae32a5
 2017-06-14 15:10:28 -07:00
Andrew Halberstadt
c9beaa56b4 Bug 1373294 - Fix E305 (two blank lines after method or class) in files enabled by flake8 linter, r=jmaher 
This is needed before we can upgrade to flake8 3.3.0, as that version starts flagging these errors.

These files were modified by running:
autopep8 --select E305 --in-place -r <dir>

on the affected directories. I did it one dir at a time and verified the result after each.

MozReview-Commit-ID: FmlsfiKIbtr

--HG--
extra : rebase_source : 9df32258cadff5d27a0e72113c57f782756c0b18
 2017-06-15 12:10:59 -04:00
ffxbld
c365df1999 No bug, Automated HPKP preload list update from host bld-linux64-spot-382 - a=hpkp-update 2017-06-15 08:38:35 -07:00
ffxbld
fc60e8619a No bug, Automated HSTS preload list update from host bld-linux64-spot-382 - a=hsts-update 2017-06-15 08:38:32 -07:00
ffxbld
c49a70b53f No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-06-14 08:33:27 -07:00
ffxbld
b98ce20b57 No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update 2017-06-14 08:33:24 -07:00
Wes Kocher
ebf35623cd Merge mozilla-central to autoland a=merge 
UPGRADE_NSS_RELEASE
 2017-06-13 18:57:32 -07:00
Wes Kocher
1af6d5cf57 Merge inbound to central, a=merge 
UPGRADE_NSS_RELEASE
MozReview-Commit-ID: CBIFPwA5aNp

--HG--
extra : amend_source : 035a5be59d0046a643d0f836a95195e8c4ade4a6
 2017-06-13 18:27:10 -07:00
ffxbld
13bca384b3 No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-06-13 08:37:54 -07:00
ffxbld
cdd7ceaa16 No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-06-13 08:37:50 -07:00
ffxbld
687bfe6a46 No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update 2017-06-12 08:25:15 -07:00
ffxbld
1d51d00cbc No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update 2017-06-12 08:25:12 -07:00
ffxbld
d840ebd585 No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update 2017-06-11 08:31:38 -07:00
ffxbld
19a63c3db3 No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update 2017-06-11 08:31:35 -07:00
ffxbld
fee636af73 No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update 2017-06-10 08:28:28 -07:00
ffxbld
494c299b4c No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update 2017-06-10 08:28:25 -07:00
Wes Kocher
038efa62a3 Merge m-c to autoland, a=merge 
MozReview-Commit-ID: HYPYecdsMhL
 2017-06-09 16:00:04 -07:00
Wes Kocher
a4cc130bcc Merge autoland to central, a=merge 
MozReview-Commit-ID: Jpywgkn7waG
 2017-06-09 13:28:20 -07:00
ffxbld
cb712cd137 No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update 2017-06-09 08:28:37 -07:00
ffxbld
005b20e0a4 No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update 2017-06-09 08:28:34 -07:00
Carsten "Tomcat" Book
d5a13ba05e merge mozilla-inbound to mozilla-central a=merge 2017-06-09 12:58:49 +02:00
Alex Gaynor
0403c42ccf Bug 1371701 - Fixed sandboxing tests to reflect that we're enabling file content process for all channels r=bobowen 
MozReview-Commit-ID: ICXZjEU2n6L

--HG--
extra : rebase_source : f28d5d61f6a0cdfecb2804239c407c730c4fd2ba
 2017-06-09 11:24:07 -04:00
Wes Kocher
1be06aea28 Merge m-c to autoland, a=merge 
UPGRADE_NSS_RELEASE

MozReview-Commit-ID: ItWcUAUYyaj

--HG--
extra : amend_source : fc43f23f0e12d5f88d72be9526a953d8015e6975
 2017-06-08 18:44:32 -07:00
Wes Kocher
39dd8b763b Merge inbound to central, a=merge 
UPGRADE_NSS_RELEASE

MozReview-Commit-ID: 4of9LS9sA2I

--HG--
extra : amend_source : c399503fa642c04d256ee0ce53b099601259f90a
 2017-06-08 18:10:10 -07:00
ffxbld
9b5314f2d1 No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-06-08 09:27:12 -07:00
ffxbld
ecdb9dfade No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update 2017-06-08 09:27:09 -07:00
Carsten "Tomcat" Book
247a47fac9 Merge mozilla-central to mozilla-inbound 2017-06-08 15:16:36 +02:00
Jed Davis
da2db41a9c Bug 1362601 - Don't crash on sandbox violation if known-problem injected libs are present. r=gcp 
MozReview-Commit-ID: HCbavpMUxYm

--HG--
extra : rebase_source : ec0cc9dcbf07831209b438504311b45f5b8990a8
 2017-06-07 16:33:11 -06:00
Franziskus Kiefer
02d51071b4 Bug 1345368 - land NSS NSS_3_31_RTM UPGRADE_NSS_RELEASE, r=me 2017-06-08 12:57:33 +02:00
David Keeler
e426fddb4a bug 1369911 - gather telemetry on the prevalence of 3rd party PKCS#11 modules r=bsmedberg,Cykesiopka data-review=bsmedberg 
MozReview-Commit-ID: Dw99Jm64QNU

--HG--
extra : rebase_source : 9e9f6c5342f992c9040e85b0eab129d7751e9887
 2017-06-02 16:44:06 -07:00
Ryan VanderMeulen
9b7a73b65a Merge m-c to autoland. a=merge 
UPGRADE_NSPR_RELEASE UPGRADE_NSS_RELEASE

--HG--
extra : amend_source : a59e53ba2f8db608f613f21ad6da2b5be8814aa4
 2017-06-07 22:55:56 -04:00
Ryan VanderMeulen
e886d1846a Merge inbound to m-c. a=merge 
UPGRADE_NSPR_RELEASE UPGRADE_NSS_RELEASE

--HG--
extra : amend_source : a7800e9214d5a8325af0d1f5e5dcc77273f4ce95
 2017-06-07 22:52:40 -04:00
ffxbld
086a61dfbf No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-06-07 08:36:43 -07:00
ffxbld
9286331337 No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-06-07 08:36:40 -07:00
ffxbld
cd09b99007 No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-06-06 08:39:25 -07:00
ffxbld
12a027af8e No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update 2017-06-06 08:39:22 -07:00
Rajesh Kathiriya
6d3eb2c851 Bug 1370232 - Enabled the ESLint no-unneeded-ternary rule across mozilla-central. r=standard8 
MozReview-Commit-ID: AH9ArRkjh78

--HG--
extra : rebase_source : bdd4c4f8a4779ea373479a9cba772c036e00e816
 2017-06-13 00:23:54 +05:30
Franziskus Kiefer
bcc2da0b6a Bug 1345368 - adapt to new NSS certdata.py, r=ted 
UPGRADE_NSS_RELEASE

--HG--
extra : rebase_source : e995f611f59a8f10af70781a1ee50e6c89f4a8d9
 2017-06-06 09:59:42 +02:00
Franziskus Kiefer
9a70331f36 Bug 1345368 - Disable test_broken_fips on all platforms other than mac, r=keeler 
--HG--
extra : rebase_source : 67201c5646f3d1c8abe5122051cddaee148c418a
 2017-06-07 09:16:45 +02:00
Franziskus Kiefer
747a09639e Bug 1345368 - land NSS NSS_3_31_BETA2 UPGRADE_NSS_RELEASE, r=me 
--HG--
extra : rebase_source : 3999b2f4d1c47a92c19c39cafd6d9c4c45a85383
 2017-06-07 09:21:08 +02:00
Mark Banner
c93c2a1504 Bug 1370240 - Enable the ESLint no-control-regex rule across mozilla-central. r=mossop 
MozReview-Commit-ID: IN7YMk7yhAO

--HG--
extra : rebase_source : be0a9cae6eae14d4f097eced2e231a96c89c9c47
 2017-06-05 15:43:09 +01:00
ffxbld
61528d699c No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-06-05 08:39:51 -07:00
ffxbld
b6a127253e No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-06-05 08:39:48 -07:00
Cykesiopka
ab8411f21d Bug 1368107 - Make SSLErrorMessageType an enum class. r=keeler 
Enum classes are safer and nicer.

MozReview-Commit-ID: FDT3Gb1t9w1

--HG--
extra : rebase_source : 92d67db5f7ea4a64e3101b0e3a93e9fccbfa132e
 2017-06-03 13:36:41 +08:00
Cykesiopka
0ac2ac7fa3 Bug 1368107 - Make some TransportSecurityInfo nsresult functions return void. r=keeler 
These functions in practice are all infallible and are unchecked by callers, so
there's no point in having them return nsresult.

MozReview-Commit-ID: BOypKLUZZBi

--HG--
extra : rebase_source : 95c8e9ca6d74d04f2836aea2bcdb1c751d3e9308
 2017-06-03 13:36:16 +08:00
Cykesiopka
875885fbf4 Bug 1368107 - Remove fallible version of TransportSecurityInfo::GetPort(). r=keeler 
The function is infallible in pratice, and so is unnecessary when there's an
actual infallible version.

MozReview-Commit-ID: FTuVyqwjZ8O

--HG--
extra : rebase_source : 88f511d730bb02b5e28a86cb366ae1c915e0a8b1
 2017-06-03 13:36:04 +08:00
Cykesiopka
0adca03a5d Bug 1368107 - Remove TransportSecurityInfo::GetHostNameRaw(). r=keeler 
GetHostNameRaw() returns a char* string, which is less safe and ergonomic
compared to the Mozilla string classes. GetHostName() can be used instead.

MozReview-Commit-ID: GYvTnISNN35

--HG--
extra : rebase_source : da257f5fba2c26cd92d932c3d1d363458b84a65b
 2017-06-03 13:35:51 +08:00
ffxbld
507743376d No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-06-04 08:18:02 -07:00
ffxbld
a38378d203 No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-06-04 08:17:59 -07:00
Sebastian Hengst
2a8940299d merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: LKdCEt8LelR
 2017-06-03 20:12:42 +02:00
ffxbld
a13364b7c5 No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-06-03 08:34:04 -07:00
ffxbld
ba2cb002c0 No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update 2017-06-03 08:34:01 -07:00
Wes Kocher
0d038d6513 Merge autoland to m-c a=merge 
MozReview-Commit-ID: Fjt5XIDd0p6
 2017-06-02 17:21:39 -07:00
ffxbld
7b88c78694 No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-06-02 08:23:24 -07:00
ffxbld
be07550ffc No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-06-02 08:23:21 -07:00
Jed Davis
b129f08d7f Bug 1322784 - Gently fail utime(), to deal with GConf/ORBit. r=gcp 
MozReview-Commit-ID: B4LmSGR6OEz

--HG--
extra : rebase_source : 613409994c0ba50c34c57537343484f1dc85b7aa
 2017-05-30 23:13:37 -06:00
Tom Ritter
9d75725eb8 Bug 1350362 Fix NSS Build System for MinGW r=ted 
MozReview-Commit-ID: 4QROlna5Cvg

--HG--
extra : rebase_source : a13c7080a6ee445bf3d10248305a6eb88405c173
 2017-05-12 11:39:00 -05:00
ffxbld
5c64ad5e40 No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-06-01 08:22:16 -07:00
ffxbld
9dbe8dec8a No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update 2017-06-01 08:22:13 -07:00
Wes Kocher
d4af1fa9e1 Merge m-c to inbound, a=merge 
MozReview-Commit-ID: E2oiCGaL6uX
 2017-06-08 18:42:21 -07:00
Bob Owen
a3df44ccee Bug 1323188: Don't use restricting SIDs in the sandbox access tokens when running from a network drive. r=jimm 2017-06-07 20:20:02 +01:00
Alex Gaynor
d27dc0ba0b Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm 
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.

MozReview-Commit-ID: 9QNTCkdbTfm

--HG--
extra : rebase_source : cd5a853c46a5cd334504b339bef8df30a3cabe51
 2017-05-12 17:04:42 -04:00
Sebastian Hengst
fd03aa5bc8 Backed out changeset 4e283b54baa6 (bug 1358223) for build bustage on Android at dom/ipc/ContentChild.cpp:21. r=backout 2017-05-31 21:34:13 +02:00
Alex Gaynor
39f34ea898 Bug 1358223 - Part 1 - On Windows and macOS hardcode the minimum content sandbox level at 1. r=bobowen,haik,jimm 
If the "security.sandbox.content.level" preference is set to a value less than
1, all consumers will automatically treat it as if it were level 1. On Linux and
Nightly builds, setting the sandbox level to 0 is still allowed, for now.

MozReview-Commit-ID: 9QNTCkdbTfm

--HG--
extra : rebase_source : 1a26ffc5b9f80e6df4c37c23f506e907ba44053a
 2017-05-12 17:04:42 -04:00
Alex Gaynor
1532472698 Bug 1368771 - Added a test which verifies that on macOS /Volumes isn't readable at sandbox level 3 r=haik 
r?haik

MozReview-Commit-ID: HPW4luz5n0M

--HG--
extra : rebase_source : c224b56de4b705758e2ab7820af02a4ef41d4040
 2017-05-30 13:52:57 -04:00
Ryan VanderMeulen
af691573d4 Merge m-c to autoland. a=merge 2017-05-30 12:59:41 -04:00
ffxbld
7c3223ec90 No bug, Automated HPKP preload list update from host bld-linux64-spot-383 - a=hpkp-update 2017-05-30 08:16:50 -07:00
ffxbld
c522116a60 No bug, Automated HSTS preload list update from host bld-linux64-spot-383 - a=hsts-update 2017-05-30 08:16:47 -07:00
Carsten "Tomcat" Book
b318c7dca7 merge mozilla-inbound to mozilla-central + UPGRADE_NSS_RELEASE a=merge 
--HG--
rename : toolkit/components/extensions/test/xpcshell/xpcshell.ini => toolkit/components/extensions/test/xpcshell/xpcshell-common.ini
extra : amend_source : 458fd54fe8070ca3034ac441267ff7025adb5251
 2017-05-30 11:37:46 +02:00
ffxbld
544308c147 No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update 2017-05-29 08:18:00 -07:00
ffxbld
d3a21a063c No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update 2017-05-29 08:17:57 -07:00
Franziskus Kiefer
afc9fc15dc Bug 1345368 - land NSS 29290a4a9bd0 UPGRADE_NSS_RELEASE, r=me 2017-05-29 09:27:40 +02:00
ffxbld
3724e0f28c No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2017-05-28 08:15:02 -07:00
ffxbld
c81b68804b No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2017-05-28 08:14:59 -07:00
ffxbld
596d188f6d No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update 2017-05-27 08:17:01 -07:00
ffxbld
a7c347e651 No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update 2017-05-27 08:16:58 -07:00
ffxbld
5a51fa544c No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-05-26 08:16:49 -07:00
ffxbld
4fcea03f05 No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-05-26 08:16:46 -07:00
Cykesiopka
02bee25903 Bug 1366584 - Add initial [must_use] properties to PSM IDL files. r=keeler 
The [must_use] property on XPIDL methods and attributes is useful for making
sure errors are properly handled.

As a first step, this patch adds the property to PSM methods and attributes that
are already correctly checked everywhere.

MozReview-Commit-ID: KyGxwUK3x0X

--HG--
extra : rebase_source : 45bd3f8d305fe221cc1bba73a520f11829dc5a42
 2017-05-25 21:56:04 +08:00
David Keeler
3e029fa5c8 bug 1359514 - remove EV treatment for "Swisscom Root EV CA 2" r=kmckinley 
The "Swisscom Root EV CA 2" root is no longer in use and will be removed from
the built-in root CA list. However, we have to remove its EV treatment first.

MozReview-Commit-ID: 2TZRt5px7bl

--HG--
extra : rebase_source : 68902555ffe62a973cfaac3af531e96aa288a339
 2017-05-25 13:55:15 -07:00
Ryan VanderMeulen
d3f265330e Merge m-c to autoland. a=merge 2017-05-25 16:44:01 -04:00
Ryan VanderMeulen
b8ba243c22 Merge autoland to m-c. a=merge 2017-05-25 16:31:52 -04:00
ffxbld
3d5d49ce51 No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update 2017-05-25 08:19:09 -07:00
ffxbld
56535cde6c No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update 2017-05-25 08:19:07 -07:00
David Keeler
98d942eac1 bug 1366100 - disable OCSP fetching for DV certificates in nightly r=jaws,jcj 
After this change, the platform will only fetch OCSP responses for EV
certificates (in nightly).

MozReview-Commit-ID: 3d9kzCYmnsa

--HG--
extra : rebase_source : e0cbbf6615e1ba813461dd13350f40ae7e0fbc07
 2017-05-23 17:07:51 -07:00
Jed Davis
f6b03fa260 Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp 
MozReview-Commit-ID: 2DeklSGsjUV

--HG--
extra : rebase_source : 8a202c23dc9a3ddede49b08ce1e0792dfb40bdbf
 2017-04-11 20:55:34 -06:00
Jed Davis
675bae8c8d Bug 1364533 - Allow madvise huge page hints. r=gcp 
MozReview-Commit-ID: 7sNWS2sFJCx

--HG--
extra : rebase_source : c1730d2ac5d352dcaec1889d4f20dd9bc0a838a8
 2017-05-12 20:04:07 -06:00
ffxbld
af8ecb9a1e No bug, Automated HPKP preload list update from host bld-linux64-spot-376 - a=hpkp-update 2017-05-24 08:09:01 -07:00
ffxbld
08e4cade1c No bug, Automated HSTS preload list update from host bld-linux64-spot-376 - a=hsts-update 2017-05-24 08:08:58 -07:00
Ryan VanderMeulen
e096678430 Merge m-c to autoland. a=merge UPGRADE_NSS_RELEASE 
--HG--
rename : dom/security/test/sri/iframe_style_crossdomain.html => dom/security/test/sri/iframe_style_crossdomain_legacy.html
rename : mobile/android/themes/core/content.css => mobile/android/themes/geckoview/content.css
rename : mobile/android/themes/core/images/accessiblecaret-normal-hdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-normal-hdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-normal-xhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-normal-xhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-normal-xxhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-normal-xxhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-left-hdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-left-hdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-left-xhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-left-xhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-left-xxhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-left-xxhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-right-hdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-right-hdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-right-xhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-right-xhdpi.png
rename : mobile/android/themes/core/images/accessiblecaret-tilt-right-xxhdpi.png => mobile/android/themes/geckoview/images/accessiblecaret-tilt-right-xxhdpi.png
rename : mobile/android/themes/core/images/dropmarker-right.svg => mobile/android/themes/geckoview/images/dropmarker-right.svg
rename : mobile/android/themes/core/images/dropmarker.svg => mobile/android/themes/geckoview/images/dropmarker.svg
rename : mobile/android/themes/core/images/cast-active.svg => mobile/android/themes/geckoview/images/videocontrols-cast-active.svg
rename : mobile/android/themes/core/images/cast-ready.svg => mobile/android/themes/geckoview/images/videocontrols-cast-ready.svg
rename : mobile/android/themes/core/images/exitfullscreen.svg => mobile/android/themes/geckoview/images/videocontrols-exitfullscreen.svg
rename : mobile/android/themes/core/images/fullscreen.svg => mobile/android/themes/geckoview/images/videocontrols-fullscreen.svg
rename : mobile/android/themes/core/images/mute.svg => mobile/android/themes/geckoview/images/videocontrols-mute.svg
rename : mobile/android/themes/core/images/pause.svg => mobile/android/themes/geckoview/images/videocontrols-pause.svg
rename : mobile/android/themes/core/images/play.svg => mobile/android/themes/geckoview/images/videocontrols-play.svg
rename : mobile/android/themes/core/images/scrubber.svg => mobile/android/themes/geckoview/images/videocontrols-scrubber.svg
rename : mobile/android/themes/core/images/unmute.svg => mobile/android/themes/geckoview/images/videocontrols-unmute.svg
rename : mobile/android/themes/core/scrollbar-apz.css => mobile/android/themes/geckoview/scrollbar-apz.css
rename : mobile/android/themes/core/touchcontrols.css => mobile/android/themes/geckoview/videocontrols.css
extra : rebase_source : a5b4c2c75991990af25c4686ff96c199834ff317
 2017-05-23 13:41:47 -04:00
ffxbld
0fea6cd28c No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2017-05-23 08:08:00 -07:00
ffxbld
0704600a36 No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2017-05-23 08:07:57 -07:00
Franziskus Kiefer
073576f302 Backed out changeset bf6ee973f04e because of Android bustage UPGRADE_NSS_RELEASE 
--HG--
extra : amend_source : 6502b79382c14536c060c03b428172cb6edc9d3f
 2017-05-23 13:22:21 +02:00
Franziskus Kiefer
66f094103a Bug 1345368 - land NSS 0c3800b6eaba UPGRADE_NSS_RELEASE, r=me 2017-05-23 12:36:33 +02:00
David Keeler
3ddfb3c1ce bug 1364159 - potentially avoid calling CERT_CreateSubjectCertList in NSSCertDBTrustDomain::FindIssuer r=Cykesiopka,jcj 
CERT_CreateSubjectCertList is not an inexpensive function call, since it
enumerates the certificate database (i.e. reads from disk a lot). If we're
verifying for a TLS handshake, however, we should already have in memory a
certificate chain sent by the peer (there are some cases where we won't, such as
session resumption (see bug 731478)). If we can, we should use those
certificates before falling back to calling CERT_CreateSubjectCertList.

MozReview-Commit-ID: ASjVGsELb1O

--HG--
extra : rebase_source : 1efc635d4a98079c87f77ef3794e4b2f20eec59f
 2017-05-11 16:41:12 -07:00
Dan Banner
ea09f270ab Bug 1368041 - Enable no-array-constructor across mozilla-central r=standard8 
MozReview-Commit-ID: EXJNufdKKhJ

--HG--
extra : rebase_source : 66d17c7981c4b0987c482ce092b25990b42c07fb
 2017-05-27 15:17:29 +01:00
Cykesiopka
73288e2bbf Bug 1174555 - Improve state string parsing test coverage. r=keeler 
MozReview-Commit-ID: Fv66f1gu4kT

--HG--
extra : rebase_source : f02a317fd958909d42bad9cd206f5a74f36d8689
 2017-05-21 10:43:44 +08:00
Cykesiopka
114202795c Bug 1174555 - Clean up some SiteSecurityService state file related tests. r=keeler 
MozReview-Commit-ID: 6qXV04CUElu

--HG--
extra : rebase_source : ba47e0cfe9317703895df02277568e59cc56591c
 2017-05-21 10:43:32 +08:00
Cykesiopka
c1efdc2244 Bug 1174555 - Stop using PR_sscanf() in nsSiteSecurityService.cpp. r=keeler 
While the uses of PR_sscanf() in PSM are safe, the function in general is
vulnerable to format string attacks, and so should be avoided.

This change removes the only uses of the function in PSM and moves to the more
obviously safe mozilla::Tokenizer.

MozReview-Commit-ID: J4BP6JTE1zI

--HG--
extra : rebase_source : e77e8b1ba70bef6f0ff794b7d066bbbdebe8f58e
 2017-05-21 10:43:18 +08:00
tiago
95d9608ba4 Bug 1367198 - Remove duplicate ESLint rule definitions from various .eslintrc.js files. r=standard8 
MozReview-Commit-ID: AUz5l7XPfwY

--HG--
extra : rebase_source : 2cb4758cdf51765fc61fbc6795fcd7bc85ef67bf
 2017-05-24 13:55:24 -03:00
Jed Davis
039a1c2b5c Bug 1321134 - Allow access to dconf shared-memory flags. r=gcp,glandium 
DConf uses small memory-mapped files for the writer to signal readers
to invalidate cached data; the file is created by the first reader and
readers will write to it to force storage allocation.

If we don't allow opening the file, DConf will still work, but it will
reread the database on every pref access, and it prints messages on
stderr claiming it won't work.  So we should avoid that.

MozReview-Commit-ID: 9xoBIhtu5cu

--HG--
extra : rebase_source : 582b3bc30f2181b6564eefa34082a561f9cc0c28
 2017-05-30 07:10:15 -06:00
Alex Gaynor
e43d5d424f Bug 1370540 - Extend the level 3 content sandbox filesystem read blacklist to include /Network and /Users; r=haik 
MozReview-Commit-ID: 6RfS5aYRghK

--HG--
extra : rebase_source : c8d084d42dc2b37e4a0642e1a72bdd514a68d465
 2017-06-06 10:48:06 -04:00
Franziskus Kiefer
ff206e6461 Bug 1370890 - land NSS a1a6eb781dd4 UPGRADE_NSS_RELEASE, r=me 
--HG--
extra : rebase_source : b38b2c15012f240a5d34f91446ca20be38f61962
 2017-06-13 14:26:51 +02:00
Bob Owen
caa7e3c377 Bug 1368600: Add telemetry with the error code for when a Windows sandboxed child process fails to start. r=jimm, data-review=francois 2017-06-13 08:54:41 +01:00
Randell Jesup
b0a3a49ce8 Bug 1361703: enable NR_epoll_create/create1 in linux sandbox r=jld 
Enables creating new libevent epoll queues on Linux
 2017-06-13 01:54:20 -04:00
Wes Kocher
19965a9bcf Merge m-c to autoland, a=merge 
MozReview-Commit-ID: 3oLjBFfMQdZ
 2017-06-02 17:29:12 -07:00
Daniel Holbert
ec576781c3 Bug 1369806: Fix up pkix test to correctly pass zero to CreateEncodedBasicConstraints (which takes a pointer-to-long, rather than a long). r=keeler 
MozReview-Commit-ID: Ki8AHuW5zyP

--HG--
extra : rebase_source : b2c8ba7ad4414c8059f23e9d775fdee7000a4c18
 2017-06-02 13:21:53 -07:00
Daniel Holbert
ca4b542080 Bug 1369864: Suppress clang -Wno-zero-as-null-pointer-constant build warning, in pkix/test/gtest. r=keeler 
The gtest headers trigger many instances of this warning, due to their usage of
NULL instead of nullptr.

MozReview-Commit-ID: Dhv7mPHpZ7I

--HG--
extra : rebase_source : a272472e5cf9a946df3fb1b0ffe919bb0d52f093
 2017-06-02 13:05:30 -07:00
Daniel Holbert
2a87f6e3c3 Bug 1369837: Add a void cast to silence clang Wcomma build warning, in sandbox's snapshot of chromium header. r=bobowen 
The build warning is for "possible misuse of comma operator".

The comma operator is a bit of a footgun becasue its first operand's result
just gets dropped on the floor (in this case, the result of the DCHECK
expression).  It appears that Chromium's use of the comma operator here is
intentional, though -- so we might as well accept clang's suggestion and "cast
expression to void to silence warning".

This is also filed upstream as:
 https://bugs.chromium.org/p/chromium/issues/detail?id=729123

MozReview-Commit-ID: Al2xsYEo3p0

--HG--
extra : rebase_source : 68d01b50ff1f07b68ddc0eeb7280ac412ac92932
 2017-06-02 12:45:01 -07:00
Daniel Holbert
f2024755c3 Bug 1369871: Add "const" keyword to a long* param in a pkix test function. r=keeler 
The only reason this param is a pointer is so that it can be optional. It's not
an outparam -- the function does not (and does not intend to) modify it -- so
it should be declared as 'const' to make that clearer & to allow clients to
pass in pointers to const values.

MozReview-Commit-ID: HbF96YNfnSt

--HG--
extra : rebase_source : 674abeb4c68f6c3fcdbc38edaf19e739ef09a3f6
 2017-06-02 13:45:41 -07:00
Rajesh Kathiriya
fafb858b26 Bug 1370225 - Enabled the ESLint comma-style rule across mozilla-central. r=standard8 
MozReview-Commit-ID: 9OhLgBpYS4L

--HG--
extra : rebase_source : 5155e715934e7acd2ffadb4856eb91f481cbf56c
 2017-06-15 18:24:17 +01:00
Bob Owen
e6bdfd5594 Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm 
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.

MozReview-Commit-ID: Jn6pCkLoGNM

--HG--
extra : source : 431267ab28deabef6ed7c791d8dff79e3fe590c1
 2017-05-22 20:41:28 +01:00
Bob Owen
035cf9bdc2 Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm 
MozReview-Commit-ID: L8wcVhdLvFe

--HG--
extra : source : c3fb60fbc32660719c1b8b06dc785abd4559d6c0
 2017-05-22 20:41:27 +01:00
Wes Kocher
848c9aa744 Backed out 3 changesets (bug 1339105) for plugin process leaks a=backout 
Backed out changeset 431267ab28de (bug 1339105)
Backed out changeset 445875fbf13b (bug 1339105)
Backed out changeset c3fb60fbc326 (bug 1339105)

MozReview-Commit-ID: 4HYUQbHHnox
 2017-05-22 15:14:23 -07:00
Bob Owen
16a4871cdf Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm 
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
 2017-05-22 20:41:28 +01:00
Bob Owen
edf3a239b1 Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm 
MozReview-Commit-ID: L8wcVhdLvFe
 2017-05-22 20:41:27 +01:00
Sebastian Hengst
89e33081c6 Backed out changeset 50bf4c923818 (bug 1339105) for Windows bustage: calling protected constructor of class 'nsAString' at sandboxBroker.cpp(208,11). r=backout on a CLOSED TREE 2017-05-22 16:16:16 +02:00
Sebastian Hengst
2a69fd246c Backed out changeset 367734cc9370 (bug 1339105) 2017-05-22 16:14:27 +02:00
Bob Owen
62c455086d Bug 1339105 Part 3: Move NPAPI windows process sandbox file rules into SandboxBroker. r=jimm 
This also removes a rule that was added for sandboxing the Java plugin,
which we never did and we now only allow Flash anyway.
 2017-05-22 14:29:06 +01:00
Bob Owen
f24abd4ac3 Bug 1339105 Part 1: Implement Windows Level 3 content process sandbox policy. r=jimm 
MozReview-Commit-ID: L8wcVhdLvFe
 2017-05-22 14:29:06 +01:00
Mark Banner
0ce286101c Bug 1359011 - Make the mozilla/recommended eslint configuration the default for the whole tree. r=mossop 
MozReview-Commit-ID: HtUW43tCli1

--HG--
extra : rebase_source : 6496bc47860d9c1ab522a78e73b41550700021cb
 2017-04-25 20:12:21 +01:00
Ryan VanderMeulen
c1ebf1a679 Merge autoland to m-c. a=merge 2017-05-19 11:37:57 -04:00
ffxbld
d8e6abb218 No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update 2017-05-19 08:36:17 -07:00
ffxbld
446dd7af72 No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update 2017-05-19 08:36:14 -07:00
Wes Kocher
90573b0612 Merge m-c to autoland, a=merge 
MozReview-Commit-ID: FYdNNRDmEla
 2017-05-18 17:21:30 -07:00
Cykesiopka
73916bae28 Bug 1362735 - Clean up nsIPKCS11 implementation. r=keeler 
The changes here:
1. Make it easier to discover where nsIPKCS11 is implemented / make it easier to
   discover what the file implements.
2. Reduce global scope pollution.
3. Make nsCrypto.h no longer unnecessarily exported.
4. Remove NS_CRYPTO_CONTRACTID from nsDOMCID.h, since the define isn't used
   anywhere.
5. Move the definition of NS_PKCS11_CONTRACTID from nsDOMCID.h into PSM code,
   since this contract ID is firmly in PSM territory now.

MozReview-Commit-ID: 2PdFM0mlL4R

--HG--
rename : security/manager/ssl/nsCrypto.cpp => security/manager/ssl/PKCS11.cpp
rename : security/manager/ssl/nsCrypto.h => security/manager/ssl/PKCS11.h
extra : rebase_source : 46667edef5a1d8c910d96dec1125c05bc3477bee
 2017-05-19 00:57:46 +08:00
ffxbld
f2272dd703 No bug, Automated HPKP preload list update from host bld-linux64-spot-361 - a=hpkp-update 2017-05-18 08:02:44 -07:00
ffxbld
6a62795f0e No bug, Automated HSTS preload list update from host bld-linux64-spot-361 - a=hsts-update 2017-05-18 08:02:41 -07:00
Wes Kocher
0a5ec26ac6 Merge inbound to central, a=merge 
UPGRADE_NSS_RELEASE

MozReview-Commit-ID: 9BuuGYyJ3RJ

--HG--
extra : amend_source : 57de84460e0ace13892ff1623451b9b9be8eaeeb
 2017-05-17 14:48:30 -07:00
ffxbld
399a95bd59 No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2017-05-17 08:11:58 -07:00
ffxbld
4d10d237bc No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2017-05-17 08:11:55 -07:00
Franziskus Kiefer
3d4912c914 Bug 1345368 - land NSS 57e38a8407b3, r=me 
UPGRADE_NSS_RELEASE

--HG--
extra : rebase_source : 64f2e33d0ca49b6870882d204e899442af785ba4
extra : amend_source : 7277b5d0c15a2d51726d216f57bfed7958b45c8a
 2017-05-16 17:12:24 +02:00
ffxbld
b2cb7e672d No bug, Automated HPKP preload list update from host bld-linux64-spot-380 - a=hpkp-update 2017-05-16 08:13:54 -07:00
ffxbld
19e0f277b1 No bug, Automated HSTS preload list update from host bld-linux64-spot-380 - a=hsts-update 2017-05-16 08:13:51 -07:00
Wes Kocher
476feed09f Merge m-c to inbound, a=merge 
MozReview-Commit-ID: 6IorAN8i9Ot
 2017-05-15 16:34:36 -07:00
Christoph Kerschbaumer
e4f38c8d7c Bug 1362993 - Rewrite gBrowser.addTab() to use BrowserTestUtils.addTab(). r=florian 2017-05-15 21:49:50 +02:00
ffxbld
ae24a3c83d No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update 2017-05-15 08:12:24 -07:00
ffxbld
72bbccaa89 No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update 2017-05-15 08:12:21 -07:00
Sebastian Hengst
54ede0dc6f merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 8kOFbYIPLER
 2017-05-14 18:00:48 +02:00
ffxbld
e565da0035 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-05-14 08:03:09 -07:00
ffxbld
f899cc0d30 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-05-14 08:03:06 -07:00
ffxbld
06b337ab22 No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2017-05-13 08:04:42 -07:00
ffxbld
418e3e6f07 No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2017-05-13 08:04:39 -07:00
Sebastian Hengst
97a63d02ee merge mozilla-central to autoland. r=merge a=infra-fix on a CLOSED TREE 
--HG--
extra : amend_source : df33eddb7158f7ecf8d1677755d46f948c7bfa04
 2017-05-14 00:39:30 +02:00
Alex Gaynor
33b7e1fa87 Bug 1363179 - do not allow content processes to read from /Volumes on macOS r=haik 
MozReview-Commit-ID: 8osJVQD3myh

--HG--
extra : rebase_source : 8cda32ca1bca80b796458d36099244a45af2f185
 2017-05-12 16:18:57 -04:00
ffxbld
278ecdca02 No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update 2017-05-12 08:14:12 -07:00
ffxbld
cb3007aeba No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update 2017-05-12 08:14:09 -07:00
Cameron McCormack
203bdaed3b Bug 1361235 - Part 2: Re-enable some tests. r=emilio 
MozReview-Commit-ID: 76FaOwHjIMB

--HG--
extra : rebase_source : e2e36bd8a6b86761fe616d7c30d8df7b661a4e09
 2017-05-11 19:19:52 +08:00
Ryan VanderMeulen
ff1d6f6f88 Merge m-c to autoland. a=merge 2017-05-11 11:30:47 -04:00
ffxbld
41c4f9d9b5 No bug, Automated HPKP preload list update from host bld-linux64-spot-376 - a=hpkp-update 2017-05-11 08:11:46 -07:00
ffxbld
e3cb6315c8 No bug, Automated HSTS preload list update from host bld-linux64-spot-376 - a=hsts-update 2017-05-11 08:11:43 -07:00
Mark Banner
2bf9485071 Bug 1362947 - Upgrade eslint-plugin-html to 2.0.3 to pick up --fix support. r=jaws 
MozReview-Commit-ID: 5fVG7akPnGM

--HG--
extra : rebase_source : e462e84bf8f2ffd893d1fd6b5ea14bbc093168dd
 2017-05-08 10:29:47 +01:00
Sebastian Hengst
95a418ca5b Backed out changeset e0f9c56c15f0 (bug 1362947) for linting failures, e.g. at accessible/tests/mochitest/jsat/doc_content_text.html:15. r=backout 2017-05-11 10:15:55 +02:00
Mark Banner
256aeb441c Bug 1362947 - Upgrade eslint-plugin-html to 2.0.3 to pick up --fix support. r=jaws 
MozReview-Commit-ID: 5fVG7akPnGM

--HG--
extra : rebase_source : f1b9eeb1b2048b551ee8c0a596e6395d0031cc4d
 2017-05-08 10:29:47 +01:00
Alex Gaynor
9a4c947617 Bug 1363729 - Fixed a small formatting regression in tests. r=haik 
MozReview-Commit-ID: 7I6tKS6yoM7

--HG--
extra : rebase_source : 03a652024d30a57ad270338bc6e222281d0e7c78
 2017-05-10 10:05:25 -04:00
Cykesiopka
7b21c27198 Bug 1308143 - Clean up ExtendedValidation.cpp. r=keeler 
In general, the changes here attempt to:
1. Fix up the style to match modern PSM style.
2. Shorten unnecessarily long code.
3. Reduce global scope pollution.

MozReview-Commit-ID: GFyqFgV0RLD

--HG--
extra : source : 8cb5ee464e42ff07324922abeffef00c7cb1fb1b
 2017-05-09 00:53:21 +08:00
Wes Kocher
91617240e6 Merge m-c to autoland, a=merge 2017-05-09 14:59:18 -07:00
ffxbld
195bf8782f No bug, Automated HPKP preload list update from host bld-linux64-spot-381 - a=hpkp-update 2017-05-09 08:04:36 -07:00
ffxbld
b72e6cc191 No bug, Automated HSTS preload list update from host bld-linux64-spot-381 - a=hsts-update 2017-05-09 08:04:33 -07:00
Hemant Singh Patwal
fd32e8da4a Bug 1359614 - Move the security/manager/.eslintrc.js to security/.eslintrc.js and fix the ESLint issues raised. r=standard8 
MozReview-Commit-ID: AlfInBsIPnF

--HG--
rename : security/manager/.eslintrc.js => security/.eslintrc.js
extra : rebase_source : 4dfdd45a4f1e4d3e45e2ef353dd0bb343a3d1adb
 2017-05-09 19:48:02 +05:30
Wes Kocher
75c2b7a481 Merge m-c to autoland, a=merge 
MozReview-Commit-ID: 3BrkDVl7521
 2017-05-08 16:24:51 -07:00
Wes Kocher
cbfdaf8fb2 Merge inbound to central, a=merge CLOSED TREE 
MozReview-Commit-ID: 5kxOZZxjMEl
 2017-05-08 16:07:25 -07:00
ffxbld
e784eb5820 No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-05-08 07:59:23 -07:00
ffxbld
ba31bb05d4 No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update 2017-05-08 07:59:20 -07:00
Paolo Amadini
eddc9033bf Bug 1254558 - Remove about:config preferences only used by the legacy nsIDownloadManager code. r=mak 
MozReview-Commit-ID: 7XSnNdirh8s

--HG--
extra : rebase_source : 9b475be16843af7c3dd2244ef43cd34b1c8e5ea3
 2017-05-05 11:51:09 +01:00
Iris Hsiao
9d78a18f36 merge autoland to mozilla-central a=merge 2017-05-08 11:10:13 +08:00
ffxbld
8b70b0a503 No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update 2017-05-07 08:02:02 -07:00
ffxbld
100845ade3 No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update 2017-05-07 08:01:59 -07:00
Wes Kocher
efab9f9365 Merge inbound to m-c a=merge 
MozReview-Commit-ID: KSYtdX2VPce
 2017-05-05 14:03:31 -07:00
Wes Kocher
70383223c7 Merge autoland to central, a=merge 
MozReview-Commit-ID: 8Byspu8RLyg
 2017-05-05 13:22:33 -07:00
Haik Aftandilian
8c95154f41 Bug 1361304 - Remove /private/var read access from Mac level 3 content sandbox; r=Alex_Gaynor 
Removes read access to /private/var and its subdirectories from
the content process under the level 3 Mac sandbox. Still permits
reading of file metadata within the majority of /private/var.

Adds tests to validate the level 3 Mac content sandbox prevents
reading from /private.

MozReview-Commit-ID: FO5dz0F7dl4

--HG--
extra : rebase_source : 226f8de6d4d88f188c272a3e119ed7b8bac292df
 2017-05-05 10:48:52 -07:00
ffxbld
274d2a7dd5 No bug, Automated HPKP preload list update from host bld-linux64-spot-386 - a=hpkp-update 2017-05-05 08:05:06 -07:00
ffxbld
744bf45b07 No bug, Automated HSTS preload list update from host bld-linux64-spot-386 - a=hsts-update 2017-05-05 08:05:04 -07:00
Franziskus Kiefer
66955a7251 Bug 1345368 - land NSS 236a06d9c3c4, r=me 
--HG--
extra : rebase_source : b097dd39571750acd76656e275e6899c95d52269
 2017-05-05 16:07:08 +02:00
Carsten "Tomcat" Book
fdc689ba16 merge mozilla-inbound to mozilla-central a=merge 2017-05-05 15:17:26 +02:00
Carsten "Tomcat" Book
71adb3de58 merge autoland to mozilla-central a=merge 2017-05-05 15:13:36 +02:00
ffxbld
1a46d31be5 No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-05-04 08:04:48 -07:00
ffxbld
c76af0c30b No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-05-04 08:04:45 -07:00
L. David Baron
c364774efb Bug 1353458 - Make test_cert_blocklist more flexible about order of lines in revocations.txt. r=keeler 
This allows patches to land that will change the hashtable enumeration
order, which in turn changes the ordering of the lines in
revocations.txt.

MozReview-Commit-ID: Fyuahnpky6g

--HG--
extra : rebase_source : 1e918481db566213205e330f33d6b00bdc3b4f11
 2017-05-04 15:17:50 -07:00
Alex Gaynor
445480436b Bug 1361733 - In debug builds, do not allow content sandbox to write to all of /private/var r=haik 
This permission was needed for the memory bloat logging, which is used for
leaktest, including logging intentionally crashing processes. Now we restrict
ourselves to only allowing writes to the location needed for this logging,
rather than all of /private/var.

MozReview-Commit-ID: 5AbJEZlDHNV

--HG--
extra : rebase_source : 26936b8d8bca53f2c37a195b5e7c69c151ec18d2
 2017-05-02 11:07:10 -04:00
Patrick McManus
b6d4239e55 Bug 1363029 - mark nsICryptoHash builtinclass r=keeler 
MozReview-Commit-ID: 5fEuGtASoZ1

--HG--
extra : rebase_source : 944354d8dee60504836cc754fe60541f09ff3937
 2017-05-08 10:07:31 -04:00
Carsten "Tomcat" Book
6ae9b7bb71 Merge mozilla-central to autoland 
--HG--
rename : browser/base/content/gcli_sec_bad.svg => devtools/client/themes/images/gcli_sec_bad.svg
rename : browser/base/content/gcli_sec_good.svg => devtools/client/themes/images/gcli_sec_good.svg
rename : browser/base/content/gcli_sec_moderate.svg => devtools/client/themes/images/gcli_sec_moderate.svg
 2017-05-05 15:27:55 +02:00
Cykesiopka
a05d6a925c Bug 1361750 - Disable various MSVC 2017 warnings in PSM to unbreak --enable-warnings-as-errors builds. r=keeler 
MSVC 2017 headers aren't warning free at the -Wall level.
Since PSM enables -Wall in some moz.build files, this breaks
--enable-warnings-as-errors builds.
As a temporary measure, disable enough warnings to get working builds.

MozReview-Commit-ID: G0oUsAYYct2

--HG--
extra : rebase_source : dc37783c89e66a54510c9940f9eaa5a4340ef43e
 2017-05-05 00:41:33 +08:00
Cykesiopka
d1803f67e9 Bug 1358183 - Remove some unused PSM IDL constants and functions. r=keeler 
MozReview-Commit-ID: C8EGosXvTQL

--HG--
extra : rebase_source : 9c141f6750d7658409fc2820f17940abe067fb4a
 2017-05-04 00:06:43 +08:00
Wes Kocher
323540c8ac Merge autoland to m-c a=merge 
MozReview-Commit-ID: 30wEaH7LuuE
 2017-05-03 13:17:05 -07:00
ffxbld
1e6ecc6322 No bug, Automated HPKP preload list update from host bld-linux64-spot-364 - a=hpkp-update 2017-05-03 08:06:32 -07:00
ffxbld
5f67a395c5 No bug, Automated HSTS preload list update from host bld-linux64-spot-364 - a=hsts-update 2017-05-03 08:06:29 -07:00
Wes Kocher
e141e24ffb Merge m-c to autoland, a=merge 
MozReview-Commit-ID: 1peTFbNMVnU
 2017-05-02 17:38:11 -07:00
ffxbld
abe68d5dad No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update 2017-05-02 08:06:54 -07:00
ffxbld
e46e6eacbf No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update 2017-05-02 08:06:51 -07:00
Ting-Yu Lin
918033ba12 Bug 1321754 Part 2 - Update reftest and crashtest expectations for stylo. r=heycam 
MozReview-Commit-ID: AunZ2DE209M

--HG--
extra : rebase_source : 4a091cd55581039c8d81f4db9bfbe2af8c0d0863
 2017-04-28 14:53:16 +08:00
Haik Aftandilian
cbffb758e8 Bug 1360356 - [Mac] Remove "/Library/Caches/TemporaryItems" rule from level 3 Content Sandbox; r=Alex_Gaynor 
Remove reading of "~/Library/Caches/TemporaryItems" from level 3 and update
sandboxing filesystem test to check ~/Library/Caches/TemporaryItems readability.

MozReview-Commit-ID: 6EMzH7brSnp

--HG--
extra : rebase_source : f97b5625da2abda73decc969fc581c2bf858183f
 2017-04-28 11:48:43 -07:00
ffxbld
ae8c2e2354 No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update 2017-05-01 07:56:05 -07:00
ffxbld
a2f0c5af03 No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update 2017-05-01 07:56:03 -07:00
ffxbld
3dc6ceb427 No bug, Automated HPKP preload list update from host bld-linux64-spot-388 - a=hpkp-update 2017-04-30 07:50:30 -07:00
ffxbld
0d823cefd8 No bug, Automated HSTS preload list update from host bld-linux64-spot-388 - a=hsts-update 2017-04-30 07:50:27 -07:00
ffxbld
38fdbbcaa4 No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update 2017-04-29 07:55:26 -07:00
ffxbld
ca0521550a No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update 2017-04-29 07:55:24 -07:00
Wes Kocher
f831128354 Merge autoland to central, a=merge 
MozReview-Commit-ID: B7tVdcR40eh
 2017-04-28 15:43:18 -07:00
David Keeler
1ef3597000 bug 1360623 - add hash algorithm constants to pykey for easier consumer use r=jcj 
For signing, pykey.py delegates to 3rd party libraries. One of these libraries
expects hash algorithms to be specified in the form "SHA-256" whereas the other
expects "sha256". Consumers of pykey shouldn't need to be aware of this detail.
This patch introduces constants HASH_SHA1, HASH_SHA256, etc. and changes pykey
to determine which string literals to use itself.

MozReview-Commit-ID: 27laM2uXMwJ

--HG--
extra : rebase_source : 9b74f486f7535671fd26c59e3e9cc3b4459f15e0
 2017-04-28 11:06:28 -07:00
ffxbld
784ec1af14 No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update 2017-04-28 07:52:40 -07:00
ffxbld
ce8bde832b No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update 2017-04-28 07:52:37 -07:00
David Keeler
f900f10f03 bug 1361201 - decrease OCSP soft timeout to 1 second on prerelease builds r=jcj 
MozReview-Commit-ID: ENYyG8ZeXYe

--HG--
extra : rebase_source : 5c30b914a39a2dce89190c7d5db703952408aae3
 2017-05-01 17:05:31 -07:00
David Keeler
3caa6189aa bug 1349312 - part 2/2: add pyct.py and generate test certificate transparency information r=Cykesiopka,jcj 
MozReview-Commit-ID: 9Htv04PfRzb

This introduces pyct.py with the capability of generating Signed Certificate
Timestamps for our test certificates. Also introduces a simple testcase that
should validate correctly under current CT requirements as well as one that does
not validate due to an insufficient number of SCTs.

(Note that "validate" in this case does not refer to the overall TLS handshake
result, because CT is not currently required. It more or less refers to the
value of certificateTransparencyStatus of the SSLStatus of the connection's
securityInfo - see nsISSLStatus.idl.)

--HG--
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.key => security/manager/ssl/tests/unit/test_ct/default-ee.key
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec => security/manager/ssl/tests/unit/test_ct/default-ee.key.keyspec
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.pem => security/manager/ssl/tests/unit/test_ct/default-ee.pem
rename : security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec => security/manager/ssl/tests/unit/test_ct/default-ee.pem.certspec
rename : security/manager/ssl/tests/unit/bad_certs/test-ca.pem => security/manager/ssl/tests/unit/test_ct/test-ca.pem
rename : security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec => security/manager/ssl/tests/unit/test_ct/test-ca.pem.certspec
extra : rebase_source : 66c5a5e16eeb47c97972248d61a4f1cbadf59a49
 2017-04-17 14:55:35 -07:00
David Keeler
c138b8d0b6 bug 1349312 - part 1/2: patch CT implementation to include debug-only test logs r=Cykesiopka,jcj 
MozReview-Commit-ID: Gay4bliuiDc

This modifies getCTKnownLogs.py to inject 3 debug-only Certificate Transparency
log keys and 2 organizations ("Mozilla Test Org 1" and "2") for use with
integration tests. Also updates CTKnownLogs.h as generated by the python script.

The debug logs use the "default", "secp256r1", and "alternate" keys that are
already present in our testing infrastructure (see pykey.py).

--HG--
extra : rebase_source : 3d4fc736f840cd080fab6b8c6c5b53cc9361abf2
 2017-04-19 14:02:26 -07:00
David Keeler
455ab646d3 bug 1337950 - work around failing to load a FIPS PKCS#11 module DB in NSS initialization r=Cykesiopka,jcj 
Firefox essentially does not support running NSS in FIPS mode any longer. This
has always been the case on Android from what I can tell and it has been the
case on OS X since at least version 34 (see bug 1047584). It became the case on
Windows as of version 53 (see bug 1295937). Unfortunately, before this patch,
if a user attempted to run an affected version of Firefox using a profile
directory containing an NSS database collection that had FIPS enabled, NSS
initialization would fail and fall back to running in no DB mode, which had the
side-effect of making any saved passwords and certificates unavailable. This
patch attempts to detect and work around this failure mode by moving the
PKCS#11 module DB (which is where the FIPS bit is set) to a backup location and
basically running with a fresh, non-FIPS module DB. This allows Firefox to
initialize NSS with the preexisting key and certificate databases available.

MozReview-Commit-ID: 1E4u1ngZyRv

--HG--
rename : security/manager/ssl/tests/unit/test_sdr_preexisting.js => security/manager/ssl/tests/unit/test_broken_fips.js
rename : security/manager/ssl/tests/unit/test_sdr_preexisting/key3.db => security/manager/ssl/tests/unit/test_broken_fips/key3.db
extra : rebase_source : 887f457e998d6e57c6536573fbe3cb10547fe154
 2017-04-20 10:31:22 -07:00
Wes Kocher
be34ade6b6 Merge autoland to central, a=merge 
MozReview-Commit-ID: 2pgVZdnDKno
 2017-04-27 12:44:03 -07:00
ffxbld
068e6f2925 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-04-27 07:52:27 -07:00
ffxbld
7d28817077 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-04-27 07:52:24 -07:00
Jed Davis
3c4e538953 Bug 1361238 - Re-allow accept4, used by accessibility. r=gcp 
MozReview-Commit-ID: 3M3T3bkx4nP

--HG--
extra : rebase_source : b67332889615ae34cc67737da361f21ae545aeb4
 2017-05-01 21:51:11 -06:00
Jed Davis
7d9acbdace Bug 1358647 - Disallow bind/listen/accept for Linux content processes. r=gcp 
MozReview-Commit-ID: Cz9MKxOJnsS

--HG--
extra : rebase_source : d3ab7ff9020066d5fe9ac3121c88c85b9fde6224
 2017-04-25 19:29:32 -06:00
Wes Kocher
226702fd85 Merge m-c to autoland a=merge 
MozReview-Commit-ID: LOGgOErcV9L
 2017-04-26 17:43:38 -07:00
ffxbld
ce5ccb6a8c No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update 2017-04-26 08:02:08 -07:00
ffxbld
728d6a0b30 No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update 2017-04-26 08:02:05 -07:00
ffxbld
876c7dd305 No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-04-25 07:57:31 -07:00
ffxbld
1d0cdb27cb No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-04-25 07:57:28 -07:00
David Keeler
fe73f5843c bug 1356499 - put NCSCCS pins into production mode r=mgoodwin 
As requested by James Burton<jb@0.me.uk> and vouched for (via email) by
Lucas Garron <lgarron@google.com>.

MozReview-Commit-ID: HD9laXzJpRg

--HG--
extra : rebase_source : 7c632c6772509a3c4c03cf971ee0f62ad5225275
 2017-04-25 14:33:07 -07:00
David Keeler
f821131b3b bug 1361893 - remove two unnecessary mutexes and a cast from SSLServerCertVerification.cpp r=kmckinley 
gSSLVerificationPK11Mutex isn't used at all - it can be removed
gSSLVerificationTelemetryMutex is unnecessary because telemetry has its own lock:

https://dxr.mozilla.org/mozilla-central/rev/a748acbebbde373a88868dc02910fb2bc5e6a023/toolkit/components/telemetry/TelemetryHistogram.cpp#1135
https://dxr.mozilla.org/mozilla-central/rev/a748acbebbde373a88868dc02910fb2bc5e6a023/toolkit/components/telemetry/TelemetryHistogram.cpp#1984

The nsNSSSocketInfo* cast in SSLServerCertVerificationResult::Run() is
unnecessary because mInfoObject is a RefPtr<nsNSSSocketInfo>.

MozReview-Commit-ID: DG7qWGg2amQ

--HG--
extra : rebase_source : 0a475d7aba75ba4debecc7cec2ed14319082d9ab
 2017-05-03 16:44:17 -07:00
Wes Kocher
33c2277e1f Merge m-c to inbound, a=merge 
MozReview-Commit-ID: 7rfXDtMWy2C
 2017-07-12 18:26:46 -07:00
Carsten "Tomcat" Book
dc83b98670 Merge mozilla-central to mozilla-inbound 2017-07-12 11:17:55 +02:00
David Parks
7aff7962d7 Bug 1377249 - Allow Flash to create Secure Socket connections. r=bobowen 2017-07-11 19:26:24 -07:00
Wes Kocher
05a47acee9 Merge m-c to inbound a=merge 
MozReview-Commit-ID: 3NCtyMc525N
 2017-04-24 16:14:52 -07:00
Wes Kocher
94ff05c50d Merge autoland to central, a=merge 
MozReview-Commit-ID: EaYU8ma2C4H
 2017-04-24 15:45:27 -07:00
ffxbld
baf47b352e No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update 2017-04-24 07:53:50 -07:00
ffxbld
e2320972af No bug, Automated HSTS preload list update from host bld-linux64-spot-309 - a=hsts-update 2017-04-24 07:53:47 -07:00
ffxbld
313e5199bf No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update 2017-04-23 07:58:17 -07:00
ffxbld
16b68f30f8 No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update 2017-04-23 07:58:14 -07:00
David Parks
532fe74f04 Bug 1347710 - Enable sandbox protections for the Windows GPU process. r=bobowen 
The sandbox works with levels.  The GPU sandbox level defaults to 1 in all builds.  It is controlled by security.sandbox.gpu.level.
 2017-04-24 09:46:09 -07:00
ffxbld
cfbd9ba5ea No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2017-04-21 07:57:04 -07:00
ffxbld
7e0a6b7086 No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2017-04-21 07:57:01 -07:00
Carsten "Tomcat" Book
975e251aff merge mozilla-inbound to mozilla-central a=merge 2017-04-21 10:57:02 +02:00
Wes Kocher
4f3c2d9829 Merge m-c to autoland, a=merge 
MozReview-Commit-ID: DPzfAm14Tdx
 2017-04-20 15:52:28 -07:00
Nathan Froyd
35bd9439ac Bug 1357741 - make nsCertOverrideService's locking more efficient; r=keeler 
nsCertOverrideService uses a ReentrantMonitor to protect its inner
state.  However, there's no way for nsCertOverrideService's methods to
be re-entered when calling outside code.  The use of ReentrantMonitor
appears to be compensating for an unclear division of locking
responsibilities, by enabling every method to simply lock the
ReentrantMonitor upon entrance without care for who might have locked it
beforehand.

Using Mutex is cheaper than ReentrantMonitor, and also forces us to
make explicit who's required to do locking, and who needs to do work
with the lock held.
 2017-04-20 10:02:19 -04:00