Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-15 06:15:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
567,516 Commits 615 Branches 98 Tags 5.8 GiB
0a208387ad
Commit Graph

12569 Commits

Author SHA1 Message Date
Sebastian Hengst
68106833b3 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: xcHQOq7Rbv
 2017-11-02 22:59:04 +01:00
Sebastian Hengst
8da0763166 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 60XtziNG2CK
 2017-11-02 22:57:14 +01:00
ffxbld
299b665375 No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update 2017-11-02 11:32:01 -07:00
ffxbld
06f236c2b4 No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update 2017-11-02 11:31:57 -07:00
Franziskus Kiefer
1db8f13af3 Bug 1401594 - land NSS NSS_3_34_BETA1 UPGRADE_NSS_RELEASE, r=me 
MozReview-Commit-ID: 8ckNdJ29KWZ

--HG--
extra : rebase_source : 9766af247842aabce5e46c4a8d1d03c3f70d21f7
 2017-11-01 15:38:36 +01:00
David Keeler
6922b82c52 bug 1357815 - 4/4: go a bit overboard on testcases for SHA-256 support in add-on signatures r=jcj 
MozReview-Commit-ID: K4WYTYPXpi1

--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha1_and_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1-256.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha1_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha256_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_manifest.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-256.zip
extra : rebase_source : f56c5c9309590bd37d933e8e8fbff8535296b874
 2017-10-27 11:20:33 -07:00
David Keeler
6034b39937 bug 1357815 - 3/4: support SHA256 in PKCS#7 signatures on add-ons r=dveditz,jcj 
As a result of this patch, the hash algorithm used in add-on signature
verification will come from the PKCS#7 signature. If SHA-256 is present, it will
be used. SHA-1 is used as a fallback. Otherwise, the signature is invalid.

This means that, for example, if the PKCS#7 signature only has SHA-1 but there
are SHA-256 hashes in the signature file and/or manifest file, only the SHA-1
hashes in the signature file and manifest file will be used, if they are present
(and verification will fail if they are not present). Similarly, if the PKCS#7
signature has SHA-256, there must be SHA-256 hashes in the signature file and
manifest file (even if SHA-1 is also present in the PKCS#7 signature).

MozReview-Commit-ID: K3OQEpIrnUW

--HG--
extra : rebase_source : 704a2a18e166bfaf3e3d944d13918054bd012000
 2017-10-24 15:27:53 -07:00
David Keeler
7617737c9f bug 1357815 - 2/4: refactor away unnecessary parts of certificate verification in add-on signature verification r=jcj 
MozReview-Commit-ID: 4JKWIZ0wnuO

--HG--
extra : rebase_source : 7f032046b3a81c2b3f2135451af07a1e38e94664
 2017-10-24 13:32:02 -07:00
David Keeler
543678ab80 bug 1357815 - 1/4: move VerifyCMSDetachedSignatureIncludingCertificate to where it's used r=jcj 
MozReview-Commit-ID: JsBPGhDxQoS

--HG--
extra : rebase_source : 88a1c0b73762f28c53ffd645f2eba260743a4062
 2017-10-24 13:18:14 -07:00
Ryan VanderMeulen
f44bfd0fc0 Merge m-c to autoland. a=merge 2017-11-01 21:55:56 -04:00
ffxbld
269dcb47f7 No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-11-01 18:38:41 -07:00
ffxbld
249a4851fb No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-11-01 18:38:37 -07:00
ffxbld
f2bc4e722f No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update 2017-10-31 12:14:57 -07:00
ffxbld
f4901979dd No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update 2017-10-31 12:14:53 -07:00
J.C. Jones
f04a229953 Bug 1412994 - Ensure SegmentCertificateChain returns results in PSM order r=keeler 
SegmentCertificateChain, when provided a cert chain from nsISSLStatus, delivers
the EE as the Root, the Root as the EE, and the intermediates in reverse order.

Basically, now that Bug 1406856 landed, it's clear this was backward in its
thinking, so reverse it for the common case.

MozReview-Commit-ID: Ahtv9U9A9oS

--HG--
extra : rebase_source : 75c8688c5041652fd966babe91cb8c6287e19ad0
 2017-10-30 16:49:41 -07:00
Sebastian Hengst
6979ea37b4 merge mozilla-central to autoland. r=merge a=merge 2017-10-30 23:58:16 +01:00
Sebastian Hengst
f07fc93141 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 4PW6ESqLL73
 2017-10-30 23:52:23 +01:00
ffxbld
da6d577b00 No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update 2017-10-30 11:46:17 -07:00
ffxbld
0eee83e64e No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update 2017-10-30 11:46:14 -07:00
Bob Owen
e67fce9b1f Bug 1412827: Add Symantec DLLs ffm64 and ffm to the sandboxed child blocklist. r=jimm 
This patch also adds k7pswsen.dll unconditionally as it is still appearing
in many crash reports despite the block working in a test VM.
 2017-10-30 16:28:26 +00:00
Jed Davis
6557099666 Bug 1411115 - Allow F_SETLK fcntl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: ARc7EpfN73o

--HG--
extra : rebase_source : 21c35a65a7c45387e2bd7fd7aba5f82ecf7c9ab3
 2017-10-27 18:05:53 -06:00
Jed Davis
ee247f0d5f Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp 
MozReview-Commit-ID: 4Q0XMWcxaAc

--HG--
extra : rebase_source : e6065c91ddb271b71b5577ca0d6c39349565724c
 2017-10-27 19:32:37 -06:00
Jed Davis
27d4543313 Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 3svUgLLTZKL

--HG--
extra : rebase_source : 2f51310f19cff45313cafd2bdcc60f2999b729b3
 2017-10-25 12:43:13 -06:00
Sebastian Hengst
d67d120cc4 Backed out 4 changesets (bug 1386404) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE 
Backed out changeset 36556e1a5ac7 (bug 1386404)
Backed out changeset b136f90dc49f (bug 1386404)
Backed out changeset 4600c2d575f9 (bug 1386404)
Backed out changeset c2c40e4d9815 (bug 1386404)
 2017-10-30 19:10:01 +01:00
Gian-Carlo Pascutto
3d94d8e8e1 Bug 1386404 - Only do the tmp remapping if needed. r=jld 
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.

It's also a bit faster.

MozReview-Commit-ID: CWtngVNhA0t

--HG--
extra : rebase_source : 304481a18c371c3253448971f48064bcbd681a81
 2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
577b3a7731 Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld 
MozReview-Commit-ID: 2h9hw6opYof

--HG--
extra : rebase_source : f3121d7afff22e3f72c66e3a5553e731a83a2e1c
 2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
6a66615d8d Bug 1386404 - Enable access to the entire chrome dir from content. r=jld 
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.

MozReview-Commit-ID: 8uJcWiC2rli

--HG--
extra : rebase_source : 3542ea305aabaca0500d66f8e86f5c12170d793e
 2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
802f1b9395 Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik 
MozReview-Commit-ID: 6Hijq0to9MG

--HG--
extra : rebase_source : c7a3559e4cbdfd1885d13a489c4eeb311ca973fa
 2017-10-12 11:18:25 +02:00
Sebastian Hengst
794abc6fba merge mozilla-central to autoland. r=merge a=merge 2017-10-29 23:01:08 +01:00
ffxbld
8af3c26b61 No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update 2017-10-29 11:34:19 -07:00
ffxbld
c61725847a No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update 2017-10-29 11:34:15 -07:00
Sebastian Hengst
d6f574cf1b merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: DMG276CdAzv
 2017-10-28 23:57:08 +02:00
ffxbld
8d7205d5c7 No bug, Automated HPKP preload list update from host bld-linux64-spot-023 - a=hpkp-update 2017-10-28 11:38:28 -07:00
ffxbld
b03d306da6 No bug, Automated HSTS preload list update from host bld-linux64-spot-023 - a=hsts-update 2017-10-28 11:38:24 -07:00
ffxbld
e009038b12 No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update 2017-10-28 11:23:31 -07:00
ffxbld
261757d83a No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update 2017-10-28 11:23:28 -07:00
Sebastian Hengst
2f6f3e1167 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JSVOeP0nq5J
 2017-10-27 23:28:23 +02:00
ffxbld
a5b2d14190 No bug, Automated HPKP preload list update from host bld-linux64-spot-022 - a=hpkp-update 2017-10-27 11:38:58 -07:00
ffxbld
28eb630b74 No bug, Automated HSTS preload list update from host bld-linux64-spot-022 - a=hsts-update 2017-10-27 11:38:54 -07:00
Attila Craciun
21363323fd Backed out 2 changesets (bug 1409900) for failing browser chrome on Linux opt at browser/base/content/test/general/browser_bug590206.js r=backout a=backout. 
Backed out changeset 83296a355dd4 (bug 1409900)
Backed out changeset 072007f83431 (bug 1409900)
 2017-10-27 16:15:47 +03:00
Sebastian Hengst
5c15da1f08 merge mozilla-inbound to mozilla-central. r=merge a=merge 
--HG--
rename : testing/talos/tests/__init__.py => testing/talos/talos/unittests/__init__.py
rename : testing/talos/tests/browser_output.ts.txt => testing/talos/talos/unittests/browser_output.ts.txt
rename : testing/talos/tests/browser_output.tsvg.txt => testing/talos/talos/unittests/browser_output.tsvg.txt
rename : testing/talos/tests/profile.tgz => testing/talos/talos/unittests/profile.tgz
rename : testing/talos/tests/ps-Acj.out => testing/talos/talos/unittests/ps-Acj.out
rename : testing/talos/tests/test_talosconfig_browser_config.json => testing/talos/talos/unittests/test_talosconfig_browser_config.json
rename : testing/talos/tests/test_talosconfig_test_config.json => testing/talos/talos/unittests/test_talosconfig_test_config.json
rename : testing/talos/tests/xrestop_output.txt => testing/talos/talos/unittests/xrestop_output.txt
 2017-10-27 12:45:34 +03:00
J.C. Jones
d4d890633b Bug 1411683 - Add foreach and segment utility methods to nsNSSCertList r=keeler 
This adds two methods to nsNSSCertList: ForEachCertificateInChain, and
SegmentCertificateChain. The ForEach method calls a supplied function for each
certificate in the chain, one by one.

That method is then used by the Segment method, which (assuming the chain is
ordered) splits it into Root, End Entity, and everything in-between as a list of
Intermediates.

This patch does _not_ try to add these methods to the IDL, as it's not
straightforward to me on how to handle the nsCOMPtr or std::function arguments.

These methods will be first used by Bug 1409259.

(Update to fix gtest bustage on Linux)

MozReview-Commit-ID: 8qjwF3juLTr

--HG--
extra : rebase_source : 3dee871a4622b8ad84cca247dc9a9f3ceb3b4bd9
 2017-10-25 13:37:50 -05:00
J.C. Jones
eac42bd3b1 Bug 1411683 - Add "requirements.txt" for pycert.py r=keeler 
There are specific versions needed for security/manager/ssl/tests/unit/pycert.py,
so let's give PIP some installation help:

0.1.7 for pyasn1 and 0.0.5 for pyasn1_modules

(recent versions break pycert/pykey/pycms)

MozReview-Commit-ID: Fk98UPd8bJo

--HG--
extra : rebase_source : 79436d4e99cda1dca438015835fdfa83a78c4dc7
 2017-10-25 16:03:58 -05:00
Mark Goodwin
032fc16f72 Bug 1406856 - Re-plumb nsISSLStatus.idl to carry with it the whole nsIX509CertList r=jcj,keeler 
MozReview-Commit-ID: 2YDmCzqdm26

--HG--
extra : rebase_source : 5b1f345698948b193addfa9326b5a29f9572a411
 2017-10-26 17:52:11 +01:00
Sebastian Hengst
e434e03817 Backed out changeset 51eaba841505 (bug 1406856) for failing eslint at security/manager/ssl/tests/unit/head_psm.js:732:53 | Multiple spaces found before '='. r=backout 
--HG--
extra : amend_source : 46ecb5c0f3f8c682aa0eaf27e14527b516710903
 2017-10-28 12:49:09 +02:00
Mark Goodwin
63bf63249d Bug 1406856 - Re-plumb nsISSLStatus.idl to carry with it the whole nsIX509CertList r=keeler 
MozReview-Commit-ID: 2YDmCzqdm26

--HG--
extra : rebase_source : 7de06b44adbcfc3891555b4176663d20d4f96a1a
 2017-10-26 17:52:11 +01:00
Jed Davis
76b1bdf7de Bug 1408497 - Disallow inotify in sandboxed content processes. r=gcp 
MozReview-Commit-ID: nKyIvMNQAt

--HG--
extra : rebase_source : 5347e8da745d6f4a0cd4e81e76fe6b94d94eac30
 2017-10-25 13:35:47 -06:00
Jed Davis
5f10d1f416 Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp 
MozReview-Commit-ID: 4Q0XMWcxaAc

--HG--
extra : rebase_source : 6bd36df3155fc5cdda67720e313028a68e2f0901
 2017-10-25 13:08:26 -06:00
Jed Davis
fce1017953 Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 3svUgLLTZKL

--HG--
extra : rebase_source : 54623b48c65a1319905cab5aa520928681ec0023
 2017-10-25 12:43:13 -06:00
Jed Davis
160e1dcfe0 Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp 
MozReview-Commit-ID: JX81xpNBMIm

--HG--
extra : rebase_source : c7334f3e0b61b4fb4e0305cc6fc5d3173d08c032
 2017-10-25 16:38:20 -06:00