Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-07 20:17:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
450,266 Commits 615 Branches 98 Tags 5.9 GiB
1fbe21a49c
Commit Graph

9926 Commits

Author SHA1 Message Date
Cykesiopka
c10edfff85 Bug 1224481 - Comment out CA certs removed in NSS 3.21 in PreloadedHPKPins.json to keep periodic Static HPKP updates working. r=dkeeler 
--HG--
extra : transplant_source : %EAM%5D1%93%28H%BA%82%C0%0F%BB%3D%9E%40%8B%BCx%EB%03
 2015-11-13 07:28:28 -08:00
Cykesiopka
fedad480ea Bug 1222903 - Reject EV status for EV EE certs that are valid for longer than 27 months as well. r=keeler 2015-11-13 07:42:00 +01:00
David Keeler
eae048cea6 bug 1222179 - remove unnecessary observation topics in nsNSSComponent r=Cykesiopka 
nsNSSComponent would (unnecessarily) observe "profile-change-net-teardown" and
"profile-change-net-restore". Now it no longer does.
 2015-11-12 16:21:33 -08:00
Kai Engert
826cd3d4e3 Bug 1211568, land NSS_3_21_RTM r=martin.thomson, and adjust Makefiles r=mh 2015-11-13 18:03:01 +01:00
Mark Goodwin
a954826958 Bug 901698 - Some tests for OCSP-must-staple; r=keeler 2015-11-13 16:49:09 +00:00
Mark Goodwin
31adb1a5c5 Bug 901698 - Implement OCSP-must-staple; r=keeler 2015-11-13 16:49:08 +00:00
David Keeler
a1cf24355b bug 1223466 - update extended validation information to deal with root removals in NSS 3.21 r=mgoodwin 
These entries were removed:

from bug 1204962:

CN=TC TrustCenter Universal CA III,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE
SHA-256: 309B4A87F6CA56C93169AAA99C6D988854D7892BD5437E2D07B29CBEDA55D35D
SHA-1: 9656CD7B57969895D0E141466806FBB8C6110687

from bug 1204997:

CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
SHA-256: 793CBF4559B9FDE38AB22DF16869F69881AE14C4B0139AC788A78A1AFCCA02FB
SHA-1: D3C063F219ED073E34AD5D750B327629FFD59AF2

from bug 1208461:

CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
SHA-256: 85FB2F91DD12275A0145B636534F84024AD68B69B8EE88684FF711375805B348
SHA-1: 58119F0E128287EA50FDD987456F4F78DCFAD6D4
 2015-11-10 10:13:18 -08:00
Wes Kocher
ea2623adb5 Merge m-c to inbound, a=merge 
--HG--
extra : commitid : 93SodIi80b2
 2015-11-11 17:12:26 -08:00
Masatoshi Kimura
fa64c65e7c Bug 1219088 - Clear the session cache when a weak crypto override is revoked. r=keeler 2015-11-11 23:13:34 +09:00
Masatoshi Kimura
4b8e5ced0f Bug 1223131 - Don't remove a host from the whitelist if the version fallback was needed. r=keeler 2015-11-12 07:18:37 +09:00
Ehsan Akhgari
eac2db7101 Bug 1215723 - Part 5: Add an automated test; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
eb4d13fb3b Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
78ee50aca4 Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
9aa975d49d Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
3810eb599b Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler 
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
 2015-11-02 12:33:00 -05:00
David Keeler
29b3d15dde bug 1220223 - don't load PKCS11 modules in safe mode r=mgoodwin r=bsmedberg 2015-10-30 10:37:22 -07:00
Wes Kocher
4c7afc9339 Backed out 5 changesets (bug 1215723) for android S4 bustage 
Backed out changeset 2a945ce1cd40 (bug 1215723)
Backed out changeset dd7f58b60ddc (bug 1215723)
Backed out changeset 62dbb95bd79a (bug 1215723)
Backed out changeset b31ac98bb3c8 (bug 1215723)
Backed out changeset 228cdfaa82c1 (bug 1215723)

--HG--
extra : commitid : 70ygtTBi2V5
 2015-11-06 15:19:35 -08:00
Ehsan Akhgari
334376c936 Bug 1215723 - Part 5: Add an automated test; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
498c385ee1 Bug 1215723 - Part 4: Make isSecureHost and isSecureURI usable from the content process; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
06479e6793 Bug 1215723 - Part 3: Propagate updates to DataStorage from the parent process to the content processes; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
999f1ba408 Bug 1215723 - Part 2: Initialize DataStorage items in the content process from the data in the parent; r=keeler 2015-10-30 15:30:00 -04:00
Ehsan Akhgari
6e561438d9 Bug 1215723 - Part 1: Make DataStorage a singleton for each file name; r=keeler 
This is needed so that we'd be able to identify a DataStorage instance
based on its file name.
 2015-11-02 12:33:00 -05:00
David Keeler
7380482a28 bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj 2015-10-26 16:02:19 -07:00
Wes Kocher
37b7f2920b Backed out changeset ae1885cf1fd6 (bug 1218596) for windows build bustage CLOSED TREE 
--HG--
extra : commitid : 6GZJDFkoL81
 2015-11-05 17:48:53 -08:00
Mike Hommey
762aba02cd Bug 1221453 - Use ObjDirPaths for GENERATED_INCLUDES and merge with LOCAL_INCLUDES. r=gps 2015-11-06 09:59:21 +09:00
David Keeler
9d11e85ed9 bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj 2015-10-26 16:02:19 -07:00
Chris Manchester
8ffd9ff2ed Bug 1218999 - Back out changeset 5f32b2bcfa43 (bug 1188468) in favor of a more efficient solution. r=glandium 
Bug 118468 landed an option for FileAvoidWrite to always write to an output
file, whether or not the contents would be changed. This was to address a
problem caused by not updating mtimes when building GENERATED_FILES, but
undoes the purpose of FileAvoidWrite and isn't really necessary.
This is addressed in a subsequent commit by unconditionally updating
mtimes when processing GENERATED_FILES.

--HG--
extra : commitid : AfOhgUstokq
 2015-11-03 10:23:04 -08:00
Cykesiopka
34ca9c027f Bug 1110935 - Part 3 - Remove now unnecessary temp variables. r=keeler 2015-11-02 22:11:00 +01:00
Cykesiopka
f625d9c9b9 Bug 1110935 - Part 2 - Remove ReentrantMonitor and ReentrantMonitorAutoEnter uses. r=keeler 2015-11-02 22:10:00 +01:00
Cykesiopka
9e34144349 Bug 1110935 - Part 1 - Assert we're on the main thread on public methods. r=keeler 2015-11-02 22:09:00 +01:00
Phil Ringnalda
7c5e9caf26 Back out changeset bda43f333e1a (bug 1211568) for "Could not find EV root in NSS storage" assertion failures 
CLOSED TREE
 2015-11-10 08:18:47 -08:00
Kai Engert
a24d95bb6d Bug 1211568, land NSS_3_21_RTM r=martin.thomson, and adjust Makefiles r=mh 2015-11-10 16:24:15 +01:00
Jed Davis
8be1ae39c7 Bug 1207790 - Fix sandbox build for older Linux distributions. r=gdestuynder 2015-10-30 15:13:00 +01:00
Birunthan Mohanathas
9985829ecc Bug 1219392 - Capitalize mozilla::unused to avoid conflicts. r=froydnj 2015-11-02 07:53:26 +02:00
Cykesiopka
581125e850 Bug 1186817 - Replace nsBaseHashtable::EnumerateRead() calls in security/ with iterators. r=keeler 
--HG--
extra : histedit_source : ec44c79c05d3fb73cd720a9d5315ff781af812f1
 2015-10-30 07:50:09 -07:00
David Keeler
1443993537 bug 1218515 - flip pinning-test.badssl.com into production mode r=jcj DONTBUILD NPOTB 
pinning-test.badssl.com is a test domain for preloaded HPKP (HTTP Public Key
Pinning - see RFC 7469). By specifying a pinset corresponding to no known keys,
this domain should fail with a key pinning error by default. Also, the
includeSubdomains option is set, so any subdomains should fail as well.
Since Gecko incorporates preloaded pinsets from Chromium, this pinset is already
defined. This patch merely switches it from test mode to production mode (well,
to be more accurate, this patch sets up the input for the automated script that
will make the code change that will put the pinset into production mode).
 2015-10-26 14:39:25 -07:00
Birunthan Mohanathas
44936aabb2 Bug 1217320 - Remove more XPIDL signature comments in .cpp files. r=froydnj 
Comment-only, DONTBUILD.
 2015-10-27 06:54:25 +02:00
David Keeler
3b82e8f390 bug 1217602 - remove nsIPKIParamBlock r=Cykesiopka 
nsIPKIParamBlock was unnecessary.
 2015-10-22 13:11:40 -07:00
Ryan VanderMeulen
44509e6e7e Merge m-c to inbound. 
--HG--
extra : rebase_source : b7fe225cdd43cb770c7d7a1e8d2be6a52678aa7a
 2015-10-24 15:03:15 -04:00
ffxbld
53f7cca550 No bug, Automated HPKP preload list update from host bld-linux64-spot-508 - a=hpkp-update 2015-10-24 03:47:13 -07:00
ffxbld
dfb1f8693f No bug, Automated HSTS preload list update from host bld-linux64-spot-508 - a=hsts-update 2015-10-24 03:47:11 -07:00
Cykesiopka
4ec261d0e7 Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=keeler 2015-10-23 05:13:00 -04:00
Jonathan Hao
3d02a2da65 Bug 1216469 - Bypass verification for signed packages from trust origins. r=valentin 2015-10-22 17:09:44 +08:00
David Keeler
23a0cee1a8 bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin 
nsPSMUITracker was problematic. Apparently it was originally intended to prevent
NSS shutdown while NSS-related UI operations were going on (such as choosing a
client certificate). However, when nsNSSComponent would receive the event that
told it to shutdown NSS, it would attempt to call
mShutdownObjectList->evaporateAllNSSResources(), which would call
mActivityState.restrictActivityToCurrentThread(), which failed if such a UI
operation was in progress. This actually prevented the important part of
evaporateAllNSSResources, which is the releasing of all NSS objects in use by
PSM objects. Importantly, nsNSSComponent didn't check for or handle this failure
and proceeded to call NSS_Shutdown(), leaving PSM in an inconsistent state where
it thought it was okay to keep using the NSS objects it had when in fact it
wasn't.
In any case, nsPSMUITracker isn't really necessary as long as we have the
nsNSSShutDownPreventionLock mechanism, which mostly works and is what we should
use instead (or not at all, if no such lock is needed for the operation being
performed (for example, if no NSS functions are being called)).
 2015-10-16 14:31:57 -07:00
Jed Davis
e31f20875c Bug 1215734 - Expand GeckoMediaPlugin sandbox policy for Clang 3.7 ASan. r=kang 2015-10-22 11:19:37 -07:00
Andrew McCreight
0cb71c483c Bug 1157515 - CipherSuiteChangeObserver should clean itself up. r=keeler 2015-10-22 09:21:51 -07:00
Martin Thomson
9507291e59 Bug 1211568 - Update NSS to 3.21 Beta 3, r=kaie 
--HG--
extra : commitid : 2fCIZ27Gd2I
extra : rebase_source : 57ff0dcc9361618ea53aac7ebea83460cba1c390
 2015-10-23 11:39:23 -07:00
Masatoshi Kimura
6ad41c8aee Bug 1215796 - Remove the static fallback whitelist. r=keeler 2015-10-22 21:37:40 +09:00
Masatoshi Kimura
5feda64143 Bug 1214981 - Disable output stream buffering. r=keeler 2015-10-21 15:23:00 -04:00
Wes Kocher
ceefa2939a Merge b2ginbound to central, a=merge 2015-10-21 16:37:24 -07:00