Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-05 08:35:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
406,892 Commits 615 Branches 98 Tags 5.9 GiB
0b84456c40
Commit Graph

9330 Commits

Author SHA1 Message Date
David Keeler
fae1a9756b bug 1114882 - allow nsICryptoHash to be used in a content process r=mayhemer 2015-01-16 11:59:25 -08:00
Bob Owen
8c9dd30f1f Bug 1121479 Part 4: Turn on DLL_SEARCH_ORDER process-level mitigation for the GMP sandbox. r=tabraldes 2015-01-21 07:59:56 +00:00
Bob Owen
86b8e2d513 Bug 1121479 Part 3: Turn on HEAP_TERMINATE process-level mitigation for the GMP sandbox. r=tabraldes 2015-01-21 07:59:56 +00:00
Bob Owen
b7d1421bfb Bug 1121479 Part 2: Turn on SEHOP process-level mitigation for the GMP sandbox. r=tabraldes 2015-01-21 07:59:56 +00:00
Bob Owen
ac6485a47e Bug 1121479 Part 1: Turn on DEP process-level mitigation for the GMP sandbox. r=tabraldes 2015-01-21 07:59:56 +00:00
Ryan VanderMeulen
cfde909e52 Merge m-c to inbound. a=merge 2015-01-20 22:15:04 -05:00
Ryan VanderMeulen
06f5f25641 Merge inbound to m-c. a=merge 2015-01-20 22:12:46 -05:00
ffxbld
e8dfde2d50 No bug, Automated HPKP preload list update from host bld-linux64-spot-1001 - a=hpkp-update 2015-01-20 15:17:19 -08:00
ffxbld
9c7a5b2da8 No bug, Automated HSTS preload list update from host bld-linux64-spot-1001 - a=hsts-update 2015-01-20 15:17:17 -08:00
Nicholas Nethercote
8bd1f6f072 Bug 1123151 (part 2) - Add PLDHashTable::IsInitialized(). r=froydnj. 
This encapsulates most of the uses of PLDHashTable::ops.

--HG--
extra : rebase_source : 7760ce8e46a37e87dcfe590e809a21df01fe510f
 2015-01-19 16:11:34 -08:00
Nicholas Nethercote
bd573c9b9c Bug 1123151 (part 1) - Set PLDHashTable::ops consistently. r=froydnj. 
Currently the setting of PLDHashTable::ops is very haphazard.

- PLDHashTable has no constructor, so it's not auto-nulled, so lots of places
  null it themselves.

- In the fallible PLDHashTable::Init() function, if the entry storage
  allocation fails we'll be left with a table that has |ops| set -- indicating
  it's been initialized -- but has null entry storage. I'm not certain this can
  cause problems but it feels unsafe, and some (but not all) callers of Init()
  null it on failure.

- PLDHashTable does not null |ops| in Finish(), so some (but not all) callers
  do this themselves.

This patch makes things simpler.

- It adds a constructor that zeroes |ops|.

- It modifies Init() so that it only sets |ops| once success is ensured.

- It zeroes |ops| in Finish().

- Finally, it removes all the now-unnecessary |ops| nulling done by the users
  of PLDHashTable.

--HG--
extra : rebase_source : bb34979c218d152562a2f9c7e5215256c111cc5b
 2015-01-19 16:01:24 -08:00
Brian Smith
7f02c207f4 Bug 1119072, Part 6: Change a non-conforming usage of a const value type to a non-const value type, which VS2015 rightly rejects, r=bobowencode 
--HG--
extra : rebase_source : 6c8c669d061eb3a107821b23829cd5d029e3eb2b
 2015-01-07 23:28:51 -08:00
Brian Smith
83bbd634d6 Bug 1119072, Part 3(b): Silence warning about deprecated use of hash_set and hash_map in security/sandbox, r=jld 
--HG--
extra : rebase_source : f3e4acd7c2a63566c526a52b339a8d1c325a14d7
 2015-01-12 19:58:43 -08:00
Benjamin Peterson
e9994b284c No bug - fix typo r=me DONTBUILD 
--HG--
extra : amend_source : e7e16dfcc70b23f175a0470811cbb46c976f9f1c
 2015-01-19 14:13:24 -05:00
David Keeler
bf280b3310 bug 1123374 - fix CertBlocklist initialization when revocations.txt does not exist r=mgoodwin 
--HG--
extra : amend_source : a3ee19306e36386f1f71f27ae5ce215c026360fe
 2015-01-20 10:18:29 -08:00
Brian Smith
29d3c0ed37 Bug 1122835, Part 2: Simplify BitStringWithNoUnusedBits, r=keeler 
--HG--
extra : rebase_source : 2beb4ceb866299454c3e9f5b93ac83a18c8fd1c2
 2014-12-27 22:39:47 -08:00
Brian Smith
f6753ef626 Bug 1122835: Add missing return value checks for Input::SkipToEnd, r=keeler 
--HG--
extra : rebase_source : 9b445e3d73d643364355f18307cf13447a5726e8
 2014-12-27 23:12:46 -08:00
Masatoshi Kimura
cb76e55fd8 Bug 1120393 - unittest to ensure nsITransportSecurityInfo.errorCode is correctly serialized. r=keeler 2015-01-16 21:48:38 +09:00
Masatoshi Kimura
0b9afb21b8 Bug 1120393 - Serialize/deserialize nsITransportSecurity.errorCode. r=keeler 2015-01-16 21:48:38 +09:00
Kai Engert
15ab027331 Bug 1107731 - Upgrade Mozilla 37 to use NSS 3.18. Landing BETA6. r=wtc 2015-01-16 11:40:18 +01:00
Birunthan Mohanathas
2f07a9ef3a Bug 1060696 - Remove NS_INIT_ISUPPORTS. r=froydnj 2015-01-16 07:34:46 +02:00
Nicholas Nethercote
69fe655b04 Bug 1121304 (part 2, attempt 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj. 
--HG--
extra : rebase_source : bc119bd0d3b6944e8c5a000950e0c4052cb70aef
 2015-01-14 14:35:56 -08:00
Phil Ringnalda
e39f0adeca Backed out 2 changesets (bug 1121304) for consistent b2g hangs in webgl-color-test.html?frame=1&__&preserve&premult&_____ 
Backed out changeset 20651ac19549 (bug 1121304)
Backed out changeset 758afec77c95 (bug 1121304)
 2015-01-14 22:02:23 -08:00
Nicholas Nethercote
e9735966fa Bug 1121304 (part 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj. 2015-01-14 14:35:56 -08:00
Nicholas Nethercote
47221bc7f9 Bug 1120476 (part 4) - Remove PLDHashTableOps::finalize. r=froydnj. 
--HG--
extra : rebase_source : b14dda8cdd5cd896d1e32950e38b2a9f7da4d99e
 2015-01-13 19:02:35 -08:00
Nicholas Nethercote
c7538c9776 Bug 1120476 (part 3) - Remove PLDHashTable::data. r=froydnj. 
--HG--
extra : rebase_source : 24d10af3dbce3ada5252503bc80bb1a4e31bc1c9
 2015-01-13 16:42:13 -08:00
Brian Smith
610a109833 Bug 1115910: Remove now-unneeded nullptr polyfill for old versions of GCC, r=keeler 
--HG--
extra : rebase_source : 11e0060fd9b7622f0ec6792b69aa3c2ea9128aa5
 2015-01-13 01:03:08 -08:00
Brian Smith
cc811435fd Bug 1115906, Part 3: Make formatting of struct/class/enum class more consistent, r=keeler 
--HG--
extra : rebase_source : 0ba4b630b93775ff68abc583238ba2525b8d56f5
 2015-01-13 16:53:34 -08:00
Brian Smith
e538f2d921 Bug 1115906, Part 2: Annotate classes and member functions with override and final, r=keeler 
--HG--
extra : rebase_source : 79bb236bef83ed3e884d73e029ac29a5aa999840
extra : source : d14d86bcebd38be80d00a263c3145eb0dbcc53cd
 2015-01-13 16:54:10 -08:00
Brian Smith
825d71887a Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler 
--HG--
rename : security/pkix/include/pkix/nullptr.h => security/pkix/include/pkix/stdkeywords.h
extra : rebase_source : 9cacd9729ac4cfb1e4bf920c8afdffb831b60d36
extra : source : f673d05dfc9a6d830e5e3c01976b41588cc70ead
 2015-01-07 14:53:11 -08:00
Masatoshi Kimura
1c35db3bcc Bug 1120664 - Rename mozilla::pkix::Result::ERROR_INVALID_TIME to avoid collision with a macro defined in windows.h. r=bsmith 2015-01-15 07:24:18 +09:00
Mike Hommey
128c4e6069 Bug 1120937 - Properly initialize the session field from C_OpenSession in the PKCS#11 test module. r=dkeeler 2015-01-14 15:18:50 +09:00
Brian Smith
89a83cfb14 Bug 1118122: Reland Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj 
--HG--
extra : rebase_source : 9fae7948648e355f2ac15275a343ac0806f82f3b
 2015-01-12 23:12:01 -08:00
Cykesiopka
0b1422c813 Bug 1120098 - Re-enable test_ocsp_timeout.js on Windows. r=dkeeler 2015-01-10 08:41:00 +01:00
Steve Singer
ed3b64fce0 Bug 1120125 - Fix compile error on big endian platforms. r=keeler 2015-01-10 14:31:00 +01:00
Masatoshi Kimura
bf312ad056 Bug 1120062 - Part 1: Remove most Nullptr.h includes. r=waldo 2015-01-11 11:34:52 +09:00
Chris Peterson
9e23388ca8 Bug 1118076 - Remove MOZ_THIS_IN_INITIALIZER_LIST. r=Waldo 2015-01-06 21:39:46 -08:00
David Keeler
762d9b52df bug 1065909 - canonicalize hostnames in nsSiteSecurityService and PublicKeyPinningService r=mmc 2015-01-09 09:46:05 -08:00
Brad Lassey
854d7d9706 bug 1118554 - fix gcc4.9 warnings on Android, <cstdlib> instead of <stdlib.h> r=gcp 
--HG--
extra : rebase_source : cbb04c5973878e350e890c4df2ce271d32b7587e
 2015-01-08 10:19:39 -05:00
Jacek Caban
52f5ce5e18 Bug 1119179 - Avoid gmtime_r duplication if it's provided by mingw. r=bsmith 2015-01-09 11:41:15 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
ea0e5ac119 Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 06:08:00 +01:00
Ehsan Akhgari
4354953b4f Bug 1118486 - Part 1: Use = delete instead of MOZ_DELETE directly; r=Waldo 
Most of this patch (with the exception of dom/bindings/Codegen.py) was
generated by the following bash script:

#!/bin/bash

function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
       ! -wholename "*security/nss*" \
       ! -wholename "*/.hg*" \
       ! -wholename "*/.git*" \
       ! -wholename "obj-*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_DELETE '= delete'
 2015-01-08 23:19:05 -05:00
David Keeler
e7d2f9cd12 bug 1101194 - follow-up to fix bustage in TestCertDB r=bustage on a CLOSED TREE 
Turns out there was a code path that resulted in attempting to acquire a lock
on the DataStorage mutex when one had already been acquired, resulting in
deadlock. This fixes it.
 2015-01-08 10:56:07 -08:00
Kai Engert
9d9e763d45 Bug 1107731, upgrade Mozilla 37 to use NSS 3.18 (this is beta 5), r=wtc 2015-01-08 19:40:05 +01:00
David Keeler
d11cf2ca74 bug 1101194 - add telemetry for DataStorage table size r=mgoodwin 2015-01-07 13:23:07 -08:00
Cykesiopka
d98fab56db Bug 989485 - Split test_cert_eku.js into multiple files to avoid time outs. r=keeler 2015-01-08 01:15:00 -05:00
Brian Smith
c1795f4024 Bug 1118599 - Remove now-unneeded MOZILLA_PKIX_ENUM_CLASS workaround for GCC enum class bugs. r=mmc 2015-01-06 18:28:09 -08:00
Michael Pruett
411a94b05a Bug 1118024 - Use new PL_DHashTable{Add,Lookup,Remove} functions. r=nfroyd 2015-01-05 20:27:28 -06:00
Mike Hommey
08e140cb0d Bug 1110760 - Build and Package Chromium Sandbox wow_helper. r=gps 2015-01-08 10:44:41 +09:00
Mike Hommey
d4e8fd3af2 Bug 1110760 - Increase the chances of the wow_helper target code symbols being in the assumed order. r=aklotz 2015-01-08 10:44:41 +09:00
Bob Owen
cc298a9892 Bug 1110760 - Import Chromium Sandbox wow_helper code. r=aklotz 2015-01-08 10:44:40 +09:00
David Keeler
b29b970426 bug 1114741 - have nsRandomGenerator guard against NSS shutdown r=jcj 
nsRandomGenerator uses NSS resources but does not prevent against NSS shutting
down while doing so. To fix this, nsRandomGenerator must implement
nsNSSShutDownObject.
 2015-01-05 16:11:26 -08:00
Brad Lassey
33ab8e9b66 bug 1118554 - make android's stdcxx work r=glandium 2015-01-06 23:34:31 -05:00
Brian Smith
b8ce64b2a8 Bug 1073867, Part 5: Make DSS test faster, r=mmc 
--HG--
extra : rebase_source : 5d3ae5b6c777382d69134d5c38fca0c52c93c3a2
extra : histedit_source : 15209d1249d2eb638143409404cbbe15f0a2715b
 2014-12-24 17:56:10 -08:00
Nicholas Nethercote
f8c3848cd7 Bug 1117611 - Fix shadowed variable in SandboxBroker::SetSecurityLevelForContentProcess(). r=bobowen. 
--HG--
extra : rebase_source : 29f25cc34bd5f66bac2454c30613344fb63a92b5
 2015-01-05 15:54:22 -08:00
Ehsan Akhgari
665cc5846c Bug 1116559 - Remove the code to handle shutdown-cleanse from the cert override service code; r=keeler 
shutdown-cleanse has not been a thing for quite a while.
 2015-01-05 21:01:27 -05:00
Andrew Bartlett
1b02f46484 Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler 
NTLMv2 is the default.

This adds a new preference:
network.ntlm.force-generic-ntlm-v1

This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.

To support this, we also:
 - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"

 - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"

 - Remove LM code from internal NTLM handler

   The LM response should essentially never be sent, the last practical
   use case was CIFS connections to Windows 9X, I have never seen a web
   server that could only do LM

   It is removed before the NTLMv2 work is done so as to avoid having 3
   possible states here (LM, NTLM, NTLMv2) to control via preferences.

Developed with Garming Sam <garming@catalyst.net.nz>
 2014-12-22 15:55:00 -05:00
Brian Smith
566e222bca Bug 1117003 - Backout cset ca3c73188295 (Bug 1115903, Part 2), r=ehsan 2015-01-02 12:26:14 -08:00
Phil Ringnalda
9f997b2894 Merge m-i to m-c, a=merge 2015-01-03 20:02:33 -08:00
ffxbld
cb0e685792 No bug, Automated HPKP preload list update from host bld-linux64-spot-100 - a=hpkp-update 2015-01-03 03:20:27 -08:00
ffxbld
c84a6316bf No bug, Automated HSTS preload list update from host bld-linux64-spot-100 - a=hsts-update 2015-01-03 03:20:25 -08:00
Brian Smith
ff754b5ae0 Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj 
--HG--
extra : rebase_source : 6c8575de36355521baf69bba89eba530cd4e8b09
 2014-12-26 23:49:47 -08:00
Brian Smith
68b341641d Bug 1115903, Remove VS2010 workarounds, r=mmc 
--HG--
extra : rebase_source : 742973c0f2d547371fbeca72e384053c70b5ba0f
 2014-12-26 21:39:54 -08:00
Brian Smith
f52e40c633 Bug 1115761, Part 4: Add "fall through" comment, r=jcj 
--HG--
extra : rebase_source : 1e40d7d7d85c1a02eb6195ecee1038ea40a6a9ab
 2014-12-26 15:07:56 -08:00
Brian Smith
f118650ad8 Bug 1115761, Part 3: Rename NSS-based crypto functions, r=jcj 
--HG--
extra : rebase_source : b11b172fac76c7845d2a97cabf1bad9e04a50367
 2014-12-23 14:51:52 -08:00
Brian Smith
2d40b79203 Bug 1115761, Part 2: Use NotReached more consistently in pkixnss.cpp, r=jcj 
--HG--
extra : rebase_source : 80647fc11d40d822dc042af1d797cb34062a84ab
 2014-12-23 22:35:53 -08:00
Brian Smith
95a228e3fe Bug 1115761, Part 1: Remove obsolete references to NSS stuff in comments, r=jcj 
--HG--
extra : rebase_source : 65af59d9695b424f057b40c54aab6973a39bcc25
 2014-12-26 12:40:45 -08:00
Brian Smith
a5f0730d19 Bug 1035414, Part 2: Always check subject's issuer matches issuer's subject, r=jcj 
--HG--
extra : rebase_source : a75eca6ed909fa4f241b1a736656b7e8c99eb3ea
 2014-12-26 10:13:18 -08:00
Brian Smith
13010b71a5 Bug 1035414, Part 1: Test issuer/subject name matching, r=jcj 
--HG--
extra : rebase_source : 8faab27888502083565db3681f10a310b69b1845
 2014-12-26 11:35:48 -08:00
Brian Smith
aeda384b1a Bug 1073867, Part 4: Test that DSS end-entity certificates are rejected, r=mmc 
--HG--
extra : rebase_source : 7cfdcdf08f2ae8909062b8803de6702ab47ec65a
 2014-12-26 11:40:51 -08:00
Brian Smith
dcacbfd4ce Bug 1073867, Part 3: Reject DSS end-entity certificates, r=mmc 
--HG--
extra : rebase_source : 76546b57aade1a15b394a2e53d8c12d62906dcac
 2014-12-24 00:51:52 -08:00
David Erceg
848f74a40d Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler 2014-12-22 20:26:49 +11:00
Ehsan Akhgari
580310c5b8 Bug 1115076 - Wait for about:privatebrowsing to load in test_sts_privatebrowsing_perwindowpb.html; r=jdm 2014-12-31 09:32:03 -05:00
Ehsan Akhgari
5f97b938f2 Bug 1117043 - Mark virtual overridden functions as MOZ_OVERRIDE in security; r=bsmith 2015-01-02 09:02:04 -05:00
ffxbld
5f30b892c8 No bug, Automated HPKP preload list update from host b-linux64-ix-0002 - a=hpkp-update 2014-12-27 03:21:29 -08:00
ffxbld
3739aa349f No bug, Automated HSTS preload list update from host b-linux64-ix-0002 - a=hsts-update 2014-12-27 03:21:25 -08:00
Kaspar Brand
3fdb27bb49 Bug 1112487 - The signing certificates with key usage only non-repudiation is taken as invalid for signing. r=keeler 2014-12-17 21:31:00 -05:00
Tom Schuster
057c4c5a8e Bug 1110835 - Simplify some code nsSecureBrowserUIImpl around UpdateSecurityState. r=keeler 2014-12-25 21:31:11 +01:00
Masatoshi Kimura
a325bfdb20 Bug 1114295 - Remove the dead pref for TLS_DHE_DSS_WITH_AES_128_CBC_SHA. r=keeler 2014-12-24 22:21:12 +09:00
Tom Schuster
b45a1a0c90 Bug 764496 - Make EV detection work in content processes. r=keeler,kanru 2014-12-24 14:04:24 +01:00
Brian Smith
c5b4fd868c Bug 1115181: Remove pkixnss.h dependency from pkixcert_signature_algorithm_tests, r=keeler 
--HG--
extra : rebase_source : 2a4e11338b06d33ab8ad1536dc05c082db330d68
 2014-12-23 14:51:16 -08:00
Brian Smith
63c92c06cd Bug 1070444: Remove NSS dependencies in pkixbuild_tests.cpp, r=keeler 
--HG--
extra : rebase_source : f07e38d40f1644cce30191f5d8ab29ac06582683
 2014-12-22 01:20:59 -08:00
Brian Smith
899807654a Bug 1114701: Replace function pointers with function references, r=keeler 
--HG--
extra : rebase_source : 350e7f8170f6b1176e46b829026e9ee27b3303e5
 2014-12-23 12:43:25 -08:00
Daniel Holbert
3aec4f3024 Bug 1114671: Use function pointer (instead of reference) in pkix/bind.h, for consistency & to fix -Wignored-qualifiers build warning for 'const'. r=briansmith 2014-12-22 13:04:36 -08:00
Brian Smith
99245555c6 Bug 1107666, Part 2: Further fix for SSL_OCSP_STAPLING telemetry, r=keeler 
--HG--
extra : rebase_source : b2dbbd4eaa8aea019b40eddfc19fb8af20ef3a4c
 2014-12-20 07:03:57 -08:00
Carsten "Tomcat" Book
c3edf3a511 Backed out changeset 8fd0df8e208c (bug 423758) for bustage 2014-12-22 09:05:34 +01:00
J.C. Jones
b47d94a0c8 Bug 968451 - Document the exported functions exposed from mozilla::pkix (pkix/pkix.h). r=keeler 2014-12-19 12:25:00 +01:00
Andrew Bartlett
d741102951 Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler 
NTLMv2 is the default.

This adds a new preference:
network.ntlm.force-generic-ntlm-v1

This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.

To support this, we also:
 - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"

 - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"

 - Remove LM code from internal NTLM handler

   The LM response should essentially never be sent, the last practical
   use case was CIFS connections to Windows 9X, I have never seen a web
   server that could only do LM

   It is removed before the NTLMv2 work is done so as to avoid having 3
   possible states here (LM, NTLM, NTLMv2) to control via preferences.

Developed with Garming Sam <garming@catalyst.net.nz>
 2014-12-18 17:25:00 +01:00
Phil Ringnalda
79b6885780 Merge m-c to m-i 
--HG--
extra : rebase_source : 55a788f13c946c7110ca313969051c34f731637e
 2014-12-20 12:19:27 -08:00
ffxbld
6d9b691066 No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update 2014-12-20 03:20:57 -08:00
ffxbld
02fdacaf29 No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update 2014-12-20 03:20:56 -08:00
Michael Wu
301128304a Bug 1103816 - Add support for gonk-L to android_stub.h, r=glandium 2014-12-16 21:35:09 -05:00
Blake Kaplan
83b87ab7f1 Bug 1113313 - Rename these functions to better reflect what they do. r=billm 
--HG--
extra : rebase_source : ae61b3dd6dd5ce50a131a640060d7be57e562e4d
 2014-12-19 12:07:04 -05:00
Brian Smith
932b9471a2 Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler 
--HG--
extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea
 2014-12-15 20:49:42 -08:00
Brian Smith
510bbfd05d Bug 1073867, Part 1: Remove DSS certificate support from mozilla::pkix, r=keeler 
--HG--
extra : rebase_source : 3bef46a794e53584fd35b7640a6f4c9aaea4acab
 2014-12-04 20:55:15 -08:00
Brian Smith
1543a46c03 Bug 1111399, Part 2: Implement RFC822 (email) name constraints, r=keeler 
--HG--
extra : rebase_source : 5905e247eee4d3562d741e6e9656dc4c40d821e4
 2014-12-20 08:15:35 -08:00
Brian Smith
c61befa56f Bug 1111399, Part 1: Preconditions for RFC822 name constraints, r=keeler 
--HG--
extra : rebase_source : cd20b448a6c77ba27c86cb3d8e6c121f92a2ba93
 2014-12-20 07:35:44 -08:00
Brian Smith
e0efc82826 Bug 1111398: Rename ValidDNSIDMatchType to IDRole, r=keeler 
--HG--
extra : rebase_source : a07e58b82a61db595711c0ab887bec70d4145888
 2014-12-13 22:29:58 -08:00
Brian Smith
beff7d1c02 Bug 1111397, Part 2: Remove test_bug484111.html, r=keeler 
--HG--
extra : rebase_source : 56617ea82e9028295203173d1ea5e6ccfdbf9722
 2014-12-14 21:51:26 -08:00
Brian Smith
87719d0a59 Bug 1111397: Refactor error handling for name matching, r=keeler 
--HG--
extra : rebase_source : 7b1061874d7b6e02a158085c3a6580a7fc718bbe
 2014-12-13 17:05:46 -08:00
Ryan VanderMeulen
90f31ccf52 Merge inbound to m-c. a=merge 
CLOSED TREE
 2014-12-17 20:53:20 -05:00
Brian Smith
123a9716ca Bug 952863, Part 2: Remove dead code for non-ECDHE TLS False Start, r=keeler 
--HG--
extra : rebase_source : 47ee95682f769b8e10aaf55b0f4fccfef1fcdea0
 2014-12-10 10:13:18 -08:00
Nathan Froyd
0c4895658a Bug 1112608 - use GENERATED_INCLUDES in security/manager/{boot,pki}/src/; r=mshal 
The sole use of Makefile.in in the security/manager/{boot,pki}/src/
directories is so we can add $(DIST)/public/nss to INCLUDES.
GENERATED_INCLUDES can be used to handle this case instead, at the cost
of hardcoding the path to $(DIST).  This seems reasonable enough, since
a number of moz.build files already know about dist/ and its location
within the objdir.
 2014-12-17 11:02:19 -05:00
Kai-Zhen Li
b2ba6d9ceb bug 1102277 - Update seccomp filter for newer bionic. r=jld 2014-11-21 01:07:15 +08:00
Brian Smith
72643b84e6 Bug 1111392: Add tests for malformed name constraints where there are no names of the constrained type, r=keeler 
--HG--
extra : rebase_source : 048619553c7725eee1cb73df64faae8c8890c995
 2014-10-30 16:48:31 -07:00
Brian Smith
9725dd6a70 Bug 952863, Part 1: Require ECDHE for TLS False Start, r=keeler 
--HG--
extra : rebase_source : d983e440de5be7c097a3e0f4afe0de805c540919
 2014-12-12 11:39:01 -08:00
Masatoshi Kimura
ab4b12e208 Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus 2014-12-13 20:09:01 +09:00
Brian Smith
7a433f6905 Bug 1084025, Part 3: Clean up some bits, r=keeler, r=emk 
--HG--
extra : rebase_source : 7aa1de4e9c391bf3e3cd5df79c62fff4546a8c67
 2014-12-12 16:42:41 -08:00
Brian Smith
0cd5238974 Bug 1107666: Fix OCSP stapling telemetry (SSL_OCSP_STAPLING), r=keeler 
--HG--
extra : rebase_source : 926f091b2a361d7dce30bee918d6659259f1b3e4
 2014-12-11 23:22:35 -08:00
David Keeler
c3ba2c1217 bug 1108408 - GeneralName types such as otherName where the value is a SEQUENCE should have the CONSTRUCTED bit set r=briansmith 2014-12-08 13:39:19 -08:00
Monica Chew
63de38c180 Bug 1101969: Disable pinning on media.mozilla.com (r=keeler) 2014-12-12 09:10:57 -08:00
Monica Chew
04d69a9f5b Bug 1004781: Enable pinning for facebook in production mode (r=keeler) 2014-12-12 09:10:53 -08:00
Brian Smith
7f05080219 Bug 940787: Stop requiring ALPN/NPN for False Start, r=keeler 
--HG--
extra : rebase_source : f8946e1fc631f2458807a559104a1dca01f444ac
 2014-12-10 10:50:48 -08:00
Brian Smith
cc0b0eeed3 Bug 1109766: Require AES-GCM for TLS False Start, r=keeler 
--HG--
extra : rebase_source : 8370c628863e644131ed1fbe6b8e49b5dc1215dc
 2014-12-10 10:19:00 -08:00
Brian Smith
9c1c9d03e6 Bug 861310: Require TLS 1.2 for TLS False Start, r=keeler 
--HG--
extra : rebase_source : d4bb253a84270c84acdf7ed4f84bc0186231e521
 2014-12-10 10:04:45 -08:00
Cykesiopka
9cae71d8a9 Bug 1109252 - Make remaining PSM test cert generation scripts print out cert information as necessary. r=keeler 2014-12-10 21:32:00 +01:00
Jed Davis
344f6abf7b Bug 1093334 - Delete unnecessary copies of Chromium headers in security/sandbox/linux. r=kang 2014-12-10 17:26:12 -08:00
Jed Davis
c2384cf7c7 Bug 1093334 - Adjust includes of Linux sandboxing headers from Chromium. r=kang 
Also re-sorts some of the includes into something closer to the style guide.
 2014-12-10 17:26:12 -08:00
Jed Davis
30e88baa98 Bug 1093334 - Import more headers from Chromium rev 9522fad406dd161400daa518075828e47bd47f60. r=kang 2014-12-10 17:26:12 -08:00
Jed Davis
30ba635db0 Bug 1102209 - Remove use of CodeGen::JoinInstructions in the Linux sandboxing code. r=kang 
This reorganizes SandboxAssembler to stack up the policy rules and
traverse them in reverse order to build the filter DAG from tail to head
(i.e., starting with "deny all" and prepending allow and return-errno
rules).  Thus, this code will continue to work (perhaps with minor
changes, such as to the NodePtr typedef) with future versions of the
Chromium sandbox code that don't allow mutating the filter program with
the JoinInstructions method.
 2014-12-10 17:26:12 -08:00
Jed Davis
114cf4fb41 Bug 1108759 - Fix B2G no-optimization builds. r=glandium 2014-12-10 16:17:47 -08:00
Cykesiopka
7e1828ba3d Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler 2014-12-09 12:07:00 -05:00
Cykesiopka
6df9a55b46 Bug 978426 - Re-enable test_sts_preloadlist_perwindowpb.js on B2G. r=dkeeler 2014-12-09 11:37:00 +01:00
Brian Smith
346599ec9c Bug 1107791 Remove support for unusual wildcard names in certificates, r=keeler 
--HG--
extra : rebase_source : bd142d2e85059a0d0fd36325242553e94a7d4377
 2014-12-04 17:12:09 -08:00
Brian Smith
bd9d21676a Bug 1107790: Remove support for absolute hostnames in presented DNS IDs and name constraints, r=keeler 
--HG--
extra : rebase_source : cf402f902196e729026d713cd6d62f5c3b889a12
 2014-12-08 16:42:54 -08:00
Brian Smith
81f8d7a489 Bug 1107787: Disable TLS_DHE_DSS_WITH_AES_128_CBC_SHA, r=keeler 
--HG--
extra : rebase_source : 063d859c69adc8deba9d1842f4bd42a9b862bbe5
 2014-12-04 19:50:58 -08:00
Brian Smith
5bd7eba3e4 Bug 1037098: Remove preferences for cipher suites disabled in bug 1036765, r=keeler 
--HG--
extra : rebase_source : b033bea062c8cafecd93830fa54f4cf184fa28df
 2014-12-04 19:47:17 -08:00
Brian Smith
01259ceda5 Bug 1107946: Fixed unused variable warnings in pkixnames_tests.cpp, r=keeler 
--HG--
extra : rebase_source : 23d20e91c8b408363acab7c6d4d67a86d2293dff
 2014-12-05 12:14:49 -08:00
Ryan VanderMeulen
1bdab6fe7b Backed out changesets fb903f13f215, 9c5c712698e4, and 36d257ead3da (bug 1092835) for causing test_csp_allow_https_schemes.html permafail on Android 2.3. 
CLOSED TREE
 2014-12-09 14:00:47 -05:00
Masatoshi Kimura
487b1516b0 Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus 2014-12-10 00:54:06 +09:00
Masatoshi Kimura
5167dadd93 Bug 1093724 - Add a range check to the TLS version prefs loading code. r=keeler 2014-12-09 21:48:29 +09:00
Masatoshi Kimura
b95c85162f Bug 1084025 - Add telemetry to measure failures due to not falling back. r=keeler 2014-12-09 07:19:05 +09:00
Ryan VanderMeulen
529edd40b5 Merge inbound to m-c. a=merge 2014-12-08 15:46:14 -05:00
Jay Wang
56bf9455a1 Bug 1105452 - Need to use new Audio system APIs for audio offload playback. r=roc, r=jld, r=ggrisco 
Resolve the build failure caused by API changes

There are some changes in Audio APIs in Android version
21. Modifying the code to use the new APIs.

Change-Id: I24fdeb20f8f957d05fb6c0c317de0a6f0769c347

Resolve seccomp violation caused by syscall 256

Modify the filter to allow syscall 256 (set_tid_address).

Change-Id: I49461770c4c5e70bf68462d34321381b0b7ead0a
 2014-12-02 17:10:00 -05:00
Carsten "Tomcat" Book
cf57e57455 merge mozilla-inbound to mozilla-central a=merge 2014-12-08 12:48:58 +01:00
ffxbld
15713eb9bb No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update 2014-12-06 03:20:43 -08:00
ffxbld
6e96f60fd3 No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update 2014-12-06 03:20:41 -08:00
Cykesiopka
83c04b6586 Bug 1085074 - Part 3 - Update inadequately sized Delegated Signer cert. r=briansmith 2014-12-07 20:42:00 +01:00
Cykesiopka
ee0a49c7ee Bug 1085074 - Part 2 - Use explicit bit sizes for key size cert file names. r=briansmith 2014-12-07 20:41:00 +01:00
Cykesiopka
b42aa85de9 Bug 1085074 - Part 1 - Use adequate/OK and inadequate/notOK to refer to sizes for key size tests. r=briansmith 2014-12-07 20:23:00 +01:00
David Keeler
d9a62a4cc2 bug 1020237 - follow-up to fix build bustage r=bustage on a CLOSED TREE 2014-12-05 10:12:58 -08:00
David Keeler
d97c7ea664 bug 1020237 - prefer root certificates to non-root certificates in NSSCertDBTrustDomain::FindIssuer r=briansmith 2014-12-04 13:37:01 -08:00
Brian Smith
fc17106cf0 Bug 970542, Part 9: Better document name constraints as reference IDs, r=keeler 
--HG--
extra : rebase_source : 60413188771454081226d58d03156c15ce795ca7
 2014-10-26 11:26:26 -07:00
Brian Smith
65284e98f6 Bug 970542, Part 8: IPAddress name constraint tests, r=keeler 
--HG--
extra : rebase_source : e8cc0158248d4621da19dfef56089957af417f73
 2014-10-26 16:57:00 -07:00
Brian Smith
5fac205908 Bug 970542, Part 7: More CN-ID name constraint tests, r=keeler 
--HG--
extra : rebase_source : 7a3d1d31cdc08ea1b989428cfc85f60a00528c72
 2014-12-03 21:35:29 -08:00
Brian Smith
ac1c16b716 Bug 970542, Part 6: DNSName name constraint tests, r=keeler 
--HG--
extra : rebase_source : ec31862fc25cfcba1454ae862a26e7a27513e9b6
 2014-10-19 23:53:45 -07:00
Brian Smith
7dd909b9e5 Bug 970542, Part 5: New name constraint implementation, r=keeler, r=mmc 
--HG--
extra : rebase_source : 849161ac892b05e5ff2d5552c632fc647d309085
 2014-10-18 15:38:42 -07:00
Brian Smith
2e28de4900 Bug 970542, Part 4: DirectoryName name constraint matching, r=keeler 
--HG--
extra : rebase_source : 01770088851823ae1005227dcd43d82d015f4b0e
 2014-10-18 14:51:37 -07:00
Brian Smith
39a86a3659 Bug 970542, Part 3: IPAddress name constraint matching, r=keeler 
--HG--
extra : rebase_source : f47ef9ead3323704595b91873811d1ead2403839
 2014-10-17 13:02:26 -07:00
Brian Smith
8b38009a34 Bug 970542, Part 2: DNSName name constraint matching, r=keeler 
--HG--
extra : rebase_source : 50b1a7d5d9da97cc64e09d5e6cdc41b8200c3551
 2014-10-20 22:20:58 -07:00