Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-16 06:45:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
431,119 Commits 615 Branches 98 Tags 5.8 GiB
2751f97bb3
Commit Graph

9710 Commits

Author SHA1 Message Date
ffxbld
d0e7b73b16 No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update 2015-04-25 03:32:31 -07:00
Jed Davis
89c80effa2 Bug 1154184 - Don't use Linux sandbox gtest dir if not building tests. r=gps 2015-04-24 17:36:08 -07:00
Dave Townsend
7b5d12ad46 Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz 
--HG--
extra : source : 3b48e1a81a170634dce964cd462c752d09680805
 2015-03-31 11:32:40 -07:00
Carsten "Tomcat" Book
cdf101ec43 merge mozilla-inbound to mozilla-central a=merge 2015-04-24 14:37:13 +02:00
Richard Barnes
ee333796b2 Bug 1121982 - Update PSM to use NSS name constraints 2015-04-23 20:26:29 -04:00
Fabrice Desré
471d07992f Bug 1144600 - Don't crash when submitting <keygen> on b2g r=dkeeler 2015-04-23 13:35:49 -07:00
Blake Kaplan
24f35dfe49 Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler 
--HG--
extra : rebase_source : 11fb8b1c1a3044b82668136f4cfec4c758d9270c
 2015-04-22 12:55:23 -07:00
Steven Michaud
acb448f5f9 Bug 1153809 - Loosen Mac content process sandbox rules for NVidia and Intel HD 3000 graphics hardware. r=areinald 2015-04-22 14:56:09 -05:00
David Keeler
a4f79b207d bug 1157873 - remove certificates from CNNIC whitelist that aren't in the Pilot Certificate Transparency log r=rbarnes 
Also remove certificates where notBefore is on or after 1 April 2015.
 2015-04-21 16:07:33 -07:00
Nathan Toone
0343243a12 Bug 1124076 followup - fix the build when PR_LOGGING is not defined. r=mrbkap 2015-04-23 13:24:57 -07:00
David Keeler
6c532d910b bug 1081128 - test_pinning.js takes ~300 seconds on b2g debug emulator - request a longer timeout for it r=Cykesiopka 
--HG--
extra : amend_source : 9ba64939a0f277c9407f47731186cfea4da64774
 2015-04-22 11:06:36 -07:00
Kai Engert
9470ab9873 Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, r=nss-confcall 2015-04-23 21:16:20 +02:00
Francois Marier
17b87281f2 Bug 1147212 - Add support for goog-unwanted-shavar. r=gcp,r=matej,r=smaug 
--HG--
rename : toolkit/components/url-classifier/tests/mochitest/evilWorker.js => toolkit/components/url-classifier/tests/mochitest/unwantedWorker.js
extra : rebase_source : efe09564160fb2fcb1adb5f6599183f053268c40
 2015-04-22 21:01:37 +12:00
Carsten "Tomcat" Book
ed2915b75f Backed out changeset 7f3cf84c11a9 (bug 1124076) for bustage on a CLOSED TREE 2015-04-22 13:44:23 +02:00
Blake Kaplan
3a94be560c Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler 
--HG--
extra : rebase_source : 00240091ae66180390a76a9613a4215cf591401d
 2015-04-21 14:56:00 +02:00
Ehsan Akhgari
399276d5fc Bug 1153348 - Add an analysis to prohibit operator bools which aren't marked as either explicit or MOZ_IMPLICIT; r=jrmuizel 
This is the counterpart to the existing analysis to catch
constructors which aren't marked as either explicit or
MOZ_IMPLICIT.
 2015-04-21 21:40:49 -04:00
André Reinald
ec1aede15a Bug 1150765 - Add sandbox rules to allow hardware rendering of OpenGL on Mac. r=smichaud 
--HG--
extra : rebase_source : 1fa38a01840f24b63f27254d434c9e0bc3382309
 2015-04-21 11:17:16 +02:00
Patrick McManus
04795f03be bug 1153212 - Alt-Svc Fixes r=dkeeler r=hurley 2015-04-13 17:11:59 -04:00
Kai Engert
803079473a Bug 1144055, Upgrade Firefox 39 to use NSS 3.19, NSS_3_19_BETA4 to pick up bug 1155279 2015-04-20 21:46:19 +02:00
Phil Ringnalda
7d4e804ec6 Merge m-i to m-c, a=merge 2015-04-18 16:36:32 -07:00
ffxbld
a178fd47b7 No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update 2015-04-18 03:29:47 -07:00
ffxbld
aa4085d52f No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update 2015-04-18 03:29:45 -07:00
David Keeler
e69f0f4b4b bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith 2015-04-08 16:17:39 -07:00
Kai Engert
c2568b80a0 Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA2, r=nss-confcall 2015-04-17 13:49:43 +02:00
Neil Deakin
af1ece91c4 Bug 1153248, re-enable a bunch of tests that now work with e10s, r=billm 2015-04-16 15:38:12 -04:00
David Keeler
5ff51a7744 bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes 2015-04-07 17:29:05 -07:00
Kai Engert
d15620fcea Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA3, r=nss-confcall 2015-04-17 18:43:30 +02:00
David Keeler
81764496cd bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past 2015-03-25 11:04:49 -07:00
Brian Smith
95bd8011e6 Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler 
--HG--
extra : rebase_source : caf903d29b0adc22fcc7e87e4fa0019cfa48007e
 2015-04-14 05:33:03 -10:00
Brian Smith
f124561818 Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler 
We used to avoid using Nested and NestedOf because they were based on
bind and it was difficult to maintain our std::bind polyfill. Now that
we use lambdas, it is easy to use Nested and NestedOf, so we should do
so wherever it makes the code clearer.

--HG--
extra : rebase_source : 1157d16320b3b211e3ce612b75782e8bd9c55f30
 2015-04-14 05:32:46 -10:00
Brian Smith
d09798e9f5 Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler 
Also fixes the wrong comment. The syntax for version in OCSP and X.509
certs is identical.

--HG--
extra : rebase_source : 744a2998ce8c55a61fbbc1966bc22e4903fa2484
 2015-04-14 05:32:29 -10:00
Brian Smith
0cac719ba9 Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler 
--HG--
extra : rebase_source : 899eaed19b13edc9c257f0ab212d447bb54e607d
 2015-04-14 05:06:41 -10:00
Nathan Froyd
5389bbbf54 Bug 1137437 - move security/apps/ cert header generation to moz.build; r=mshal,keeler 
Moving the cert header generation to GENERATED_FILES means that we can
delete all the manually-written out rules; we can also delete the
export:: rule because the build system automatically builds
GENERATED_FILES during the export phase.  For ease of converion, we opt
to create an empty trusted-app-public.der cert for manifest-signing-root.inc;
partners are free to overwrite that cert with their own.
 2015-02-27 12:50:49 -05:00
Mike Hommey
67e9dfaaf8 Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith 
This avoids -Wunused-variable fatal warnings with GCC 5.0
 2015-04-15 09:21:23 +09:00
Landry Breuil
c755113bc5 Bug 1153090 followup - consistently use sizeof(hash) r=dkeeler 2015-04-14 22:19:18 +02:00
Landry Breuil
88aa8d67cc Bug 1153090 - Unaligned access in cert block list (r=keeler) 2015-04-14 21:19:52 +02:00
Jan Beich
5ab8ccdeac Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith 2015-04-14 14:30:09 +02:00
Brian Smith
566d65be48 Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler 
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.

--HG--
rename : security/pkix/include/pkix/ScopedPtr.h => security/pkix/lib/ScopedPtr.h
extra : rebase_source : 206bfb32aa5a04a4719f28b4aca59fe2f0abbec3
 2015-04-13 00:28:11 -10:00
Brian Smith
b1035c0992 Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler 
--HG--
extra : rebase_source : ea7083439f22cb40d6c97f872ef9866144516745
 2015-04-12 19:57:48 -10:00
Carsten "Tomcat" Book
ede9c4f220 merge mozilla-inbound to mozilla-central a=merge 2015-04-13 12:00:00 +02:00
ffxbld
bd0890186b No bug, Automated HPKP preload list update from host bld-linux64-spot-009 - a=hpkp-update 2015-04-11 03:29:55 -07:00
ffxbld
83c81d6e76 No bug, Automated HSTS preload list update from host bld-linux64-spot-009 - a=hsts-update 2015-04-11 03:29:53 -07:00
Jed Davis
ba1cc023b7 Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang 
This needs more unit tests for the various pieces of what's going on
here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but
that's nontrivial due to needing a single-threaded process -- and
currently they can't be run on Mozilla's CI anyway due to needing user
namespaces, and local testing can just try using GMP and manually
inspecting the child process.  So that will be a followup.
 2015-04-10 18:05:19 -07:00
Jed Davis
6bf3d102d8 Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang 
Using the equivalent of release assertions in the patch after this one
is easier to justify if I can't come up with vaguely legitimate reasons
why they might fail; this detects the ones I thought of.
 2015-04-10 18:05:19 -07:00
Jed Davis
32cb9ee32d Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent 
This means that B2G plugin-container must (dynamically) link against
libmozsandbox in order to call into it before initializing Binder.
(Desktop Linux plugin-container already contains the sandbox code.)
 2015-04-10 18:05:19 -07:00
Jed Davis
cf24e12150 Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang 2015-04-10 18:05:19 -07:00
Mark Goodwin
2c5369d16e Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler 
--HG--
extra : rebase_source : 43a28d1b97c569280979c8a2d95494e4d2f9a67c
extra : amend_source : 056721a65cc7d0738d9ab2a92071f8f7eaf48262
 2015-03-30 08:57:00 +02:00
David Keeler
01409dbd35 bug 1147085 - remove nsINSSCertCache (replace it with nsIX509CertDB.getCerts()) r=Cykesiopka 2015-04-03 14:01:05 -07:00
Patrick McManus
bdc70031c6 Bug 1152895 - remove dead code in nsSSLIOLayerSetOptions r=dkeeler 2015-04-09 13:40:04 -04:00
Cykesiopka
3487ae0262 Bug 1147725 - Disable test_ocsp_fetch_method.js and test_ocsp_url.js on slow B2G Emulator debug builds. r=keeler 
--HG--
extra : rebase_source : 87d4b8284b33498a50542d49b956db84cdae1b62
 2015-04-06 14:05:00 +02:00
Bob Owen
077c2e64f4 Bug 1149483: Change content sandbox level 1 to a working low integrity sandbox. r=tabraldes, r=billm 2015-04-05 14:01:38 +01:00
Phil Ringnalda
fa3a91e936 Merge m-i to m-c, a=merge 2015-04-04 09:59:17 -07:00
ffxbld
3a6df834e2 No bug, Automated HPKP preload list update from host bld-linux64-spot-220 - a=hpkp-update 2015-04-04 03:27:46 -07:00
ffxbld
81b8c93237 No bug, Automated HSTS preload list update from host bld-linux64-spot-220 - a=hsts-update 2015-04-04 03:27:44 -07:00
Steven Michaud
33228918ed Bug 1110911 - Move Mac sandboxing code into plugin-container. r=cpearce,areinald,jld 2015-04-03 11:51:41 -05:00
Cykesiopka
c2f2ce39ec Bug 1149805 - Switch head_psm.js to Assert.jsm methods and add expected result strings. r=keeler 2015-04-02 05:50:00 -04:00
Cykesiopka
6680672cfb Bug 488480 - Correct documentation about the function hasMatchingOverride() in nsICertOverrideService.idl. Original patch by Johnathan Nightingale. r=keeler 
IGNORE IDL

--HG--
extra : rebase_source : 3e2f7be6a165caf413726d13c9ccee26abbd2925
 2015-04-02 05:45:00 -04:00
Nathan Froyd
4c7234747e Bug 1143651 - don't use CallQueryInterface when the compiler can do the cast for us; r=ehsan 2015-03-12 13:20:29 -04:00
Cykesiopka
7eb3221db7 Bug 1147726: Disable test_keysize_ev.js on slow B2G Emulator debug builds. r=dkeeler 2015-03-31 11:53:00 +02:00
Brian Smith
a0437d5b8f Bug 1146057: Remove support for GCC 4.6, r=keeler 
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.

--HG--
extra : rebase_source : 0f104f16be9e7c1ff87bbdd0d4ba6700b1081fb8
 2015-03-30 20:18:46 -10:00
Bob Owen
e4f543bb58 Bug 1119878 Part 2: Change IPC code to hold ProcessID instead of ProcessHandle. r=billm, r=dvander, r=aklotz, r=cpearce 2015-04-01 09:40:35 +01:00
Bob Owen
eef3ca5f6e Bug 1119878 Part 1: Change SandboxTarget to hold sandbox target services to provide functions. r=aklotz, r=glandium, r=cpearce 2015-04-01 09:40:35 +01:00
Mike Hommey
b077d9624d Bug 1134920 - Use moz_xmalloc/moz_xrealloc/free instead of nsMemory::Alloc/Realloc/Free. r=nfroyd 2015-04-01 13:51:45 +09:00
Mark Goodwin
d7b3e00bed Bug 1138848 - Tests for modified OneCRL (r=keeler, unfocused) 
* * *
* * *
give blocklist debug info to NSPR_LOG
 2015-03-31 15:10:19 -07:00
Mark Goodwin
1b0d6fb879 Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused) 2015-03-31 15:10:09 -07:00
David Keeler
5a690c59fa bug 844351 - remove nsISSLErrorListener r=cykesiopka 
--HG--
extra : amend_source : e2adec756356509f0a4601bbeabf7ba7c8d15a8e
 2015-03-24 16:00:10 -07:00
Cykesiopka
ee04a8b86a Bug 1147247 - Use PRErrorCodeSuccess constant instead of literal 0 to represent success in PSM xpcshell tests. r=dkeeler 
--HG--
extra : rebase_source : 75a144cbf0e166f92884275fb6c511c98d7e61bd
 2015-03-27 23:16:00 +01:00
David Cooper
bb6cbdf02b Bug 667471 - Pretty print names of ECDSA with SHA-2 algorithms in Certificate Viewer. r=dkeeler 
--HG--
extra : rebase_source : eb961cbdf8fe1ccf74642d86c03ee6c41c30f2d4
 2015-03-27 23:13:00 +01:00
Mike Hommey
c39e359c7d Bug 1138293 - Use malloc/free/realloc/calloc instead of moz_malloc/moz_free/moz_realloc/moz_calloc. r=njn 
The distinction between moz_malloc/moz_free and malloc/free is not
interesting. We are inconsistent in our use of one or the other, and
I wouldn't be surprised if we are mixing them anyways.
 2015-03-31 12:32:49 +09:00
Brian Smith
36b7acc82a Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler 
--HG--
extra : rebase_source : 7bb0327749fd013ba5de17483d21a9e9f21eb07a
extra : source : 9f3617a5b85a8a2ae9a82c0f0584b413a9b635b4
 2015-02-26 13:10:13 -08:00
Brian Smith
3ab08d7fdb Bug 1136278, Part 1: Refactor algorithm identifiers in tests, r=keeler 
This will make it easier to expand the tests to additional
signature algorithms and additional public key types.

--HG--
extra : rebase_source : 256923fff83d58732b6c995a4096b773fdbb28c1
 2015-02-26 16:11:41 -08:00
Andrew McCreight
2f48802ae0 Bug 1147572 - Remove implementation language field from DOM class info. r=jst 2015-03-30 10:45:39 -07:00
Jan-Ivar Bruaroey
c6676519f2 Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, florian, billm, jesup 2015-03-03 09:51:05 -05:00
Andrew McCreight
46dfeaba0b Bug 1148070 - Change nsIClassInfo::getHelperForLanguage() to getScriptableHelper(). r=bholley 2015-03-29 07:52:54 -07:00
Randell Jesup
2b3486247c Backed out 6 changesets (bug 1046245) on a CLOSED TREE 2015-03-29 01:42:32 -04:00
Jan-Ivar Bruaroey
cdd0b089a5 Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Phil Ringnalda
24b4f38005 Back out 6 changesets (bug 1046245) for thinking that MSVC would have anything to do with a __PRETTY_FUNCTION__ 
CLOSED TREE

Backed out changeset 9e3ecca831d8 (bug 1046245)
Backed out changeset 87dc145f4da8 (bug 1046245)
Backed out changeset 01606cf19a77 (bug 1046245)
Backed out changeset 2ed2b15fe940 (bug 1046245)
Backed out changeset 2b99b193828a (bug 1046245)
Backed out changeset d1ac67faccbb (bug 1046245)
 2015-03-28 19:57:17 -07:00
Jan-Ivar Bruaroey
222e93c87c Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Ryan VanderMeulen
003e8f5278 Backed out 6 changesets (bug 1046245) for bustage on a CLOSED TREE. 
Backed out changeset 222c2f9e3bc9 (bug 1046245)
Backed out changeset 4251eef464a2 (bug 1046245)
Backed out changeset 592f4cc23197 (bug 1046245)
Backed out changeset 5bfb9a1c0550 (bug 1046245)
Backed out changeset e966a5df87b6 (bug 1046245)
Backed out changeset 609f3ca64004 (bug 1046245)
 2015-03-28 16:24:25 -04:00
Jan-Ivar Bruaroey
59e13faed0 Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Phil Ringnalda
e44926f4c1 Merge m-i to m-c, a=merge 2015-03-28 11:44:16 -07:00
ffxbld
ad47b2b11c No bug, Automated HPKP preload list update from host bld-linux64-spot-1005 - a=hpkp-update 2015-03-28 03:27:37 -07:00
ffxbld
7ffd3e55ce No bug, Automated HSTS preload list update from host bld-linux64-spot-1005 - a=hsts-update 2015-03-28 03:27:36 -07:00
Andrea Marchesini
e6f385fb3d Bug 1148527 - Indentation fix after bug 1145631, r=ehsan 2015-03-27 18:52:19 +00:00
Kai Engert
e2f12bfec6 Bug 1144055 - Upgrade Firefox 39 to use NSS 3.18.1, land NSS_3_18_1_BETA1, r=nss-confcall 2015-03-26 20:39:25 +01:00
Tanvi Vyas
0ca524deb8 Bug 947079 - Hack to prevent getting a mixed content icon on a fully secure page. r=keeler 2015-03-26 11:54:53 -07:00
Bob Owen
e7768682a2 Bug 1147446: Chromium patch to fix memory leak in Windows sandbox sharedmem_ipc_server.cc. r=aklotz 2015-03-26 08:06:04 +00:00
Cykesiopka
b44239d022 Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler relanding on a CLOSED TREE 2015-03-25 17:29:05 -07:00
Wes Kocher
9b0a211a65 Backed out changeset 3a38c3d97f44 (bug 996872) on the theory that it somehow broke lots of tests, forcing a prolonged CLOSED TREE 2015-03-25 14:40:44 -07:00
Cykesiopka
958425a841 Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler 2015-03-25 11:40:46 -07:00
Wes Kocher
8794504c9f Merge m-c to inbound a=merge CLOSED TREE 2015-03-23 16:51:22 -07:00
Edwin Flores
fb38caf19c Bug 1146192 - Whitelist sched_yield syscall in GMP sandbox on Linux DONTBUILD CLOSED TREE - r=jld 2015-03-24 10:56:49 +13:00
Edwin Flores
75fa281404 Bug 1146192 - Backed out changeset d2918bcf0d90 for missing bug number - r=me 2015-03-24 10:53:10 +13:00
Jed Davis
1d7005b2a5 Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang 
--HG--
extra : histedit_source : b16050ba3308df92df608cc6fc09069d21df6deb
 2015-03-19 11:57:00 -04:00
Phil Ringnalda
fc8b8ab2ac Merge m-c to m-i 2015-03-21 12:50:09 -07:00
Phil Ringnalda
09f1e96e74 Merge m-i to m-c, a=merge 2015-03-21 12:31:07 -07:00
ffxbld
21922001d8 No bug, Automated HPKP preload list update from host bld-linux64-spot-1002 - a=hpkp-update 2015-03-21 03:30:42 -07:00
ffxbld
9d9da119ca No bug, Automated HSTS preload list update from host bld-linux64-spot-1002 - a=hsts-update 2015-03-21 03:30:40 -07:00
Ehsan Akhgari
883849ee32 Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj 
This patch was automatically generated using the following script:

function convert() {
echo "Converting $1 to $2..."
find . \
       ! -wholename "*/.git*" \
       ! -wholename "obj-ff-dbg*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.c" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_OVERRIDE override
convert MOZ_FINAL final
 2015-03-21 12:28:04 -04:00
Edwin Flores
3b412c43dd Bug 1XXXXXX - Whitelist sched_yield syscall in GMP sandbox on Linux - r=jld 2015-03-24 09:55:36 +13:00
David Keeler
2cf7194567 bug 1143085 - allow subject alternative name extensions to be empty for compatibility r=briansmith a=kwierso 
--HG--
extra : amend_source : 89b8233b57049a3d2886aa08cd85c57e6faa693e
 2015-03-16 14:00:33 -07:00
Jed Davis
09d9f7bb4a Bug 1144580 - Whitelist pselect6 in content seccomp-bpf policy. r=kang 2015-03-18 15:30:00 +01:00
Masatoshi Kimura
3a321cb760 Bug 1133187 - Update fallback whitelist. r=keeler 2015-03-18 15:36:00 +01:00
Jed Davis
f6d18ff6da Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang 
See bug, and comment at top of SandboxInfo.cpp, for rationale.

Bonus fix: reword comment about nested namespace limit; the exact limit
is 33 (not counting the root) but doesn't particularly matter.
 2015-03-17 22:50:00 +01:00
Cykesiopka
ae28024d8c Bug 1131227 - Make the about:certerror Unknown Issuer string mention missing intermediates and unimported roots. r=keeler 2015-03-17 14:33:00 +01:00
Masatoshi Kimura
35c856f796 Bug 1143082 - Fix a message in the mixed content UI. r=dolske 2015-03-17 20:34:58 +09:00
Jed Davis
d56d610ecf Bug 1141885 - Make readlink() fail instead of allowing it, for B2G content processes. r=kang 
--HG--
extra : rebase_source : c9ceababcd741979058361e96161d575a70bd39f
 2015-03-13 13:47:56 -07:00
André Reinald
66ca086aa3 Bug 1083344 - Tighten rules for Mac OS content process sandbox on 10.9 and 10.10. r=smichaud 
Allow read to whole filesystem until chrome:// and file:// URLs are brokered through another process.
Except $HOME/Library in which we allow only access to profile add-ons subdir.
Add level 2, which allows read only from $HOME and /tmp (while still restricting $HOME/Library.
Change default back to 1.
 2015-03-12 17:42:50 +01:00
ffxbld
d9bfa275b9 No bug, Automated HPKP preload list update from host bld-linux64-spot-532 - a=hpkp-update 2015-03-14 03:26:00 -07:00
ffxbld
3d091a2a8c No bug, Automated HSTS preload list update from host bld-linux64-spot-532 - a=hsts-update 2015-03-14 03:25:58 -07:00
Nathan Froyd
b252a27930 Bug 1142503 - don't use QueryInterface when the compiler can do the cast for us; r=ehsan 
Calling QueryInterface with a statically known IID should typically not
be necessary.  In those cases where it's not, the compiler can do the
cast for us, though we have to supply the reference-counting that
QueryInterface would do.

In passing, several redundant null-checks for the result of |new T| have
been deleted.
 2015-03-12 09:43:50 -04:00
Jed Davis
99b4a73239 Bug 1142263 - Specify all syscall parameters when doing CLONE_NEWUSER detection; f=bwc r=kang 2015-03-13 13:01:28 +01:00
Jed Davis
2d14f8d244 Bug 906996 - Remove unlink from B2G content process syscall whitelist. r=kang 2015-03-11 12:39:00 +01:00
David Keeler
12b79456cc bug 1102443 - fix leak in key pinning logging by removing an unnecessary function call r=cykesiopka 
Also took the opportunity to fix the logging message, since it didn't accurately
describe the information that was being printed.

--HG--
extra : amend_source : 40a0c2ba9c07757e5895a822ce3bb8b197674554
 2015-03-12 14:31:26 -07:00
Jonathan Griffin
d1c61bc9b6 Bug 1116187 - Disable failing mochitest-chrome tests for B2G, r=gbrown 2015-02-06 16:30:37 -08:00
David Keeler
6978e35bf5 bug 1138332 - re-allow overrides for certificates signed by non-CA certificates r=mmc 
--HG--
extra : amend_source : 92a2dcf71daa6b31be0dcae628a13b13b0fc443a
 2015-03-11 11:11:22 -07:00
Cykesiopka
5814296e8c Bug 1141815 - Remove nsIDOMCryptoDialogs interface and associated implementation; r=keeler 2015-03-12 10:24:05 +01:00
David Keeler
0bf38c806e bug 1138716 - update PSM data structures that depend on root CA changes r=mmc 2015-03-23 10:36:55 -07:00
Kai Engert
f7aa208f07 Bug 1137470, remove the documentation patch file, because it's no longer reverted locally, DONTBUILD 2015-03-20 13:38:13 +01:00
Kai Engert
b58c1a369b Bug 1137470, Upgrade Firefox 38 to use NSS 3.18, land NSS_3_18_RTM, r=nss-confcall 2015-03-20 13:32:58 +01:00
Cykesiopka
2aa9e4036e Bug 1121117 - Add fuzz time to workaround non-monotonicity of Date(). r=keeler 
--HG--
extra : rebase_source : 464d1e1bf8cb4624f4fda39d3ea6a55430073c6f
 2015-03-19 19:57:00 +01:00
Bob Owen
f2a63bbdff Bug 1145432: Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz 2015-03-20 07:53:37 +00:00
Ehsan Akhgari
0e3211475f Bug 1140767 - Build more files in security/manager in unified mode; r=dkeeler 2015-03-10 22:52:22 -04:00
Bob Owen
4fecdb4ceb Bug 1141169: Add moz.build BUG_COMPONENT metadata for security/sandbox/ r=jld 2015-03-10 08:03:12 +00:00
Bob Owen
b08af57c17 Bug 1137166: Change the Content moreStrict sandbox pref to an integer to indicate the level of sandboxing. r=tabraldes 2015-03-10 08:03:12 +00:00
Mike Hommey
364038011c Bug 868814 - Fold mozalloc library into mozglue. r=njn 
--HG--
rename : memory/mozalloc/moz.build => memory/mozalloc/staticruntime/moz.build
 2015-03-10 10:01:52 +09:00
Masatoshi Kimura
83b1b594b5 Bug 1106470 - Drop SSLv3 support entirely from PSM. r=keeler 2015-03-10 01:22:59 +09:00
Jed Davis
19355a43d5 Bug 1137007 - Detect namespace and SECCOMP_FILTER_FLAG_TSYNC support in SandboxInfo. r=kang, r=Unfocused 
Currently, only user namespace support is detected.  This is targeted at
desktop, where (1) user namespace creation is effectively a prerequisite
for unsharing any other namespace, and (2) any kernel with user
namespace support almost certainly has all the others.

Bonus fix: remove extra copy of sandbox flag key names in about:support;
if JS property iteration order ever ceases to follow creation order, the
table rows could be permuted, but this doesn't really matter.
 2015-03-06 13:59:00 -05:00
David Keeler
cc58dd5d1a Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching. r=briansmith 2015-03-03 13:34:45 -08:00
Phil Ringnalda
8f5c1764fb Merge m-c to m-i 2015-03-07 19:39:49 -08:00
Phil Ringnalda
ecf64b97b2 Merge m-i to m-c, a=merge 2015-03-07 19:11:54 -08:00
ffxbld
b74611a261 No bug, Automated HPKP preload list update from host bld-linux64-spot-157 - a=hpkp-update 2015-03-07 03:27:15 -08:00
ffxbld
1ec58518aa No bug, Automated HSTS preload list update from host bld-linux64-spot-157 - a=hsts-update 2015-03-07 03:27:13 -08:00
David Keeler
44fb9d4eff bug 1129771 - disable IPv6 in PSM xpcshell TLS connection tests due to failures on OS X 10.10 r=cykesiopka a=ryanvm on a CLOSED TREE 
In the process of investigating the intermittent failures listed in
bug 1129771, I discovered that the code would frequently get stuck connecting
to [::1] (where no server was listening) and wouldn't fall back to trying
127.0.0.1 (where the test server was listening). This change prevents the code
attempting to connect to [::1]. There probably is an underlying bug here, but
it appears to be in OS X itself and I have neither the time nor expertise to
investigate further.

--HG--
extra : amend_source : 57b6a28858685d7ca3b6b0c7cbc7ed193280ca7c
 2015-03-04 13:41:11 -08:00
Cykesiopka
171babfad4 Bug 1139177 - RSA public key size checking cleanups. r=keeler 2015-03-05 16:41:00 +01:00
Jed Davis
01e2b0e158 Bug 1140111 - Whitelist readlinkat along with readlink. r=kang 2015-03-07 10:44:23 -05:00
Kai Engert
fc884b360e Bug 1137470, landing NSS_3_18_RC0 minus bug 1132496, r=nss-confcall 2015-03-07 14:49:00 +01:00
David Keeler
cdb738f18d bug 1137538 - remove nsIIdentityInfo and nsNSSSocketInfo::GetPreviousCert r=mayhemer 2015-02-27 11:33:36 -08:00
Masatoshi Kimura
3e7620bf97 Bug 1138882 - Add a pref to enable unrestricted RC4 fallback. r=keeler 2015-03-05 22:51:31 +09:00
Cykesiopka
fa79ef2aea Bug 1121117 - Add some logging to test_ocsp_timeout.js to ease debugging. r=dkeeler 2015-03-03 14:25:00 +01:00
Wes Kocher
0de76a4c17 Merge b2g-inbound to m-c a=merge CLOSED TREE 2015-03-03 17:02:21 -08:00
Chuck Lee
6cb15b84a0 Bug 1012549 - 0004. Support read private key in keystore. r=dkeeler r=qdot 2015-02-28 21:54:24 +08:00
David Keeler
3b4360319c bug 1085506 - gather telemetry for TLS handshake certificate verification errors r=rbarnes 2015-02-27 11:14:29 -08:00
Mark Goodwin
f4a1822554 Bug 1130757 - tests for bug 1130757. r=dkeeler 
--HG--
extra : rebase_source : 7b047f5bddf3544ca82d3b8875925acdbdb02ea5
 2015-03-02 08:19:00 +01:00
Mark Goodwin
3133a37202 Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler 
--HG--
extra : rebase_source : ce8cff0735865c00f33102b82c31af35145bda2c
 2015-02-26 04:38:00 +01:00
Cykesiopka
de906ce3ce Bug 1130418 - Remove broken e-mail cert trust editing UI. r=emk 
--HG--
extra : rebase_source : fb4c89e251e2ce3e4d9cf002a0cda4166a589a2c
 2015-03-02 19:54:00 +01:00
Cykesiopka
4419d0186e Bug 1130413 - Remove unused nsITokenPasswordDialogs::GetPassword() function. r=jjones 
--HG--
extra : rebase_source : 85b9e442d6b5be401fdd389cc251add8a633bb23
 2015-02-26 13:05:00 +01:00
Wes Kocher
b17feb3f40 Merge inbound to m-c a=merge 2015-03-02 12:12:47 -08:00
ffxbld
8084ed7b82 No bug, Automated HPKP preload list update from host bld-linux64-spot-044 - a=hpkp-update 2015-02-28 03:27:43 -08:00
ffxbld
94776e3384 No bug, Automated HSTS preload list update from host bld-linux64-spot-044 - a=hsts-update 2015-02-28 03:27:41 -08:00
Kai Engert
8c48f9f304 Bug 1137470 - Upgrade Firefox to NSS 3.18, landing NSS_3_18_BETA7, r=nss-confcall 2015-02-26 23:29:08 +01:00
David Keeler
d01ea02613 bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith 2015-02-24 15:48:05 -08:00
Boris Zbarsky
a7d78c82c0 Bug 1136388. Change nsIDocumentLoaderFactory and nsIURIContentListener to take MIME types as an XPCOM string, not a char*. r=smaug 2015-02-25 10:26:51 -05:00
Jed Davis
c5b6b444f2 Bug 1134942 - Whitelist fstatat and unlinkat for B2G content processes. r=gdestuynder 2015-02-20 12:16:00 +01:00
Brian Smith
2672d3b5d3 Bug 1077864, Part 3: update nsserrors.properties so error message gets localized. 2015-02-23 16:04:23 -08:00
Brian Smith
06b7804e70 Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler 
--HG--
extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f
 2015-02-14 16:59:02 -08:00
Brian Smith
27cb600f2f Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler 
--HG--
extra : rebase_source : d0c599f7fc29b5fbcb7d8cd97980a3f39d39f515
 2015-02-14 15:59:38 -08:00
Brian Smith
bdb4294871 Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler 
--HG--
extra : rebase_source : 9a2ca8cb370169f675557987a6b1cc0dedb24ff6
 2015-02-22 16:59:03 -08:00
Brian Smith
f2235a16db Bug 1135407: Factor out duplicate logic in tests, r=keeler 
--HG--
extra : rebase_source : d93eef89cb6596cf35e2ebef29030423cf027f0b
 2015-02-21 14:12:38 -08:00
Ehsan Akhgari
baf73d756f Bug 1135745 - Disable the reserved-id-macro macro in security/pkix; r=briansmith 2015-02-23 13:40:09 -05:00
Ryan VanderMeulen
fd0387315e Merge inbound to m-c. a=merge 2015-02-21 16:40:27 -05:00
ffxbld
c2dabe6507 No bug, Automated HPKP preload list update from host bld-linux64-spot-148 - a=hpkp-update 2015-02-21 03:32:26 -08:00
ffxbld
00bf62f9f5 No bug, Automated HSTS preload list update from host bld-linux64-spot-148 - a=hsts-update 2015-02-21 03:32:24 -08:00
André Reinald
256a142a70 Bug 1083344 - Tighten rules for Mac OS content process sandbox - "rules part". r=smichaud 
--HG--
extra : histedit_source : f703a6a8abbf500cb882263426776fdb138b73a3
 2015-02-21 13:06:34 +01:00
André Reinald
70a296a23b Bug 1083344 - Tighten rules for Mac OS content process sandbox - "core part". r=smichaud 
--HG--
extra : histedit_source : 3c904474c57dbf086365cc6b26a55c34b2b449ae
 2015-02-18 14:10:27 +01:00
Brian Smith
ffe59cf419 Bug 1133618 - Move test SHA1 function to pkixtestutil.cpp. r=mmc 
--HG--
extra : histedit_source : ef579a4958356a12974b1f0f69ab2d6070ff8e65
 2015-02-16 16:37:03 -08:00
Brian Smith
bbf8006735 Bug 1130754 - Make PublicKeyAlgorithm an enum class. r=keeler 
--HG--
extra : histedit_source : 14d321bc2cbdf749fd05994571ca439ee62ab973
 2015-02-14 13:25:09 -08:00
Masatoshi Kimura
2bdace7384 Bug 1127339 - Detect SSLv3-only server in PSM. r=keeler 2015-02-21 17:20:22 +09:00
Cykesiopka
31ea56f770 Bug 1097622 - Add test cases for certs that have notBefore times earlier than the UNIX epoch. r=dkeeler 2015-02-17 06:15:00 -05:00
Cykesiopka
47f24e15e4 Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler 2015-02-18 15:56:00 -05:00
Cykesiopka
37b3759ab9 Bug 1097622 - Rename (mE|e)rrorCodeExpired variables to (mE|e)rrorCodeTime. r=dkeeler 2015-02-17 06:12:00 -05:00
Masatoshi Kimura
17cbaa2849 Bug 1133187 - Update fallback whitelist. r=keeler 2015-02-19 04:12:59 +09:00
Masatoshi Kimura
0101cbcbce Bug 1124039 - Allow RC4 only for whitelisted hosts. r=keeler 2015-02-19 04:12:58 +09:00
Masatoshi Kimura
6b89f2db74 Bug 1137179 - Add wildcard support to the static fallback list. r=keeler 2015-02-28 08:53:44 +09:00
Cykesiopka
a64db6ab58 Bug 1136471 - Remove unused nsIIdentityInfo.getValidEVPolicyOid(). r=dkeeler 2015-02-26 13:05:00 -05:00
André Reinald
fc8fe2bd7c Bug 1083344 - Add "allow" sandbox rules to fix mochitests on OSX 10.9 and 10.10. r=smichaud 2015-02-27 16:55:35 +01:00
Chris Peterson
5ef9f4d21f Bug 1133283 - Remove nonstandard expression closures from security/manager/ssl/tests. r=keeler 2015-01-24 23:48:22 -08:00
David Keeler
372a8a591d bug 1123671 - if a non-overridable error is encountered when processing an overridable certificate error, report the non-overridable error r=mmc r=jcj 
Also, SEC_ERROR_UNTRUSTED_ISSUER and SEC_ERROR_UNTRUSTED_CERT are not actually overridable, so don't pretend they are.
 2015-01-23 14:04:44 -08:00
Chuck Lee
ce50eac5c5 Bug 1012549 - 0001. Support import PKCS12 certificate. r=dkeeler r=vchang 2015-02-28 21:54:16 +08:00
Christoph Kerschbaumer
b88b7049eb Bug 1099296 - Attach LoadInfo to remaining callers of ioService and ProtocolHandlers - in security/ (r=keeler) 2015-02-17 10:09:40 -08:00
Carsten "Tomcat" Book
e2399947f4 Merge mozilla-central to mozilla-inbound 2015-02-16 16:14:51 +01:00
Carsten "Tomcat" Book
08fafcb3e2 merge mozilla-inbound to mozilla-central a=merge 2015-02-16 15:59:56 +01:00
ffxbld
99b5f33384 No bug, Automated HPKP preload list update from host bld-linux64-spot-1093 - a=hpkp-update 2015-02-14 03:21:57 -08:00
ffxbld
c9826729b7 No bug, Automated HSTS preload list update from host bld-linux64-spot-1093 - a=hsts-update 2015-02-14 03:21:55 -08:00
Masatoshi Kimura
eb132d66f6 Bug 1131880 - Modify the condition to disallow PR_CONNECT_RESET_ERROR on fallback. r=keeler 2015-02-16 20:03:06 +09:00
Masatoshi Kimura
7e78ba3eec Backout 9507662057de (bug 1130670) and c731517a47e8 (bug 1124039) due to compatibility issues 2015-02-16 19:55:15 +09:00
Mike Hommey
6786219e1f Bug 1120937 - Properly initialize string fields from the PKCS#11 test module. r=keeler 
The string fields need to be padded with spaces, according to what
PK11_MakeString does to find the end of the string.

While here, factor all the string manipulations in the test module and
use some C++ template magic to do the right thing.

This changes the static asserts from (with clang):

pkcs11testmodule.cpp:45:3: error: static_assert failed
      "TestManufacturerID too long - make it shorter"
  static_assert(sizeof(TestManufacturerID) <= sizeof(pInfo->manufacturerID),
  ^             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

to:

pkcs11testmodule.cpp:46:3: error: static_assert failed
      "DestSize >= SrcSize - 1"
  static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1");
  ^             ~~~~~~~~~~~~~~~~~~~~~~~
pkcs11testmodule.cpp:58:3: note: in instantiation of function
      template specialization 'CopyString<32, 63>' requested here
  CopyString(pInfo->manufacturerID, TestManufacturerID);
  ^

which actually gives more information than before: it gives the length of
both buffers.
 2015-02-13 10:29:18 +09:00
Masatoshi Kimura
1b6561194e Bug 1130670 - Remove dead code that tracks strongCipherStatus. r=keeler 2015-02-14 15:16:04 +09:00
Nicholas Nethercote
3a7b0a9f57 Bug 1131901 (part 1) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj. 
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.

--HG--
extra : rebase_source : 526d96ab65e4d7d71197b90d086d19fbdd79b7b5
 2015-02-02 14:48:58 -08:00
Cykesiopka
d92c1180e0 Bug 1130405 - Remove unused pippki strings. r=jcj 2015-02-11 05:08:00 -05:00
Cykesiopka
edf6d8ff32 Bug 1130402 - Make use of currently unused certManager.dtd access key strings. r=jcj 2015-02-07 01:16:00 -05:00
Bob Owen
78f86d5dec Bug 1132021 - Add a new sandbox level for Windows NPAPI to use USER_LIMITED access token level. r=bsmedberg, r=bbondy 2015-02-11 16:25:43 +00:00
Cykesiopka
2c768c2db6 Bug 1131475 - Make sure reference to "unable_to_toggle_fips" bundle key is in the correct case. r=jcj 2015-02-11 05:05:00 -05:00
Andrew McCreight
31ba9aaed9 Bug 1131199, part 2 - Make PLDHashtInitEntry infallible. r=froydnj 
Also, drop the unused table argument.
 2015-02-11 09:46:40 -08:00
Andrew McCreight
6ec7fe58dd Bug 1131199, part 1 - Allocation of CompareCacheHashEntryPtr::entry is infallible. r=froydnj 2015-02-11 09:46:40 -08:00
Brian Smith
7755422e90 Bug 1102195 Part 4: Re-apply - Change a non-conforming usage of a const value type to a non-const value type, which VS2015 rightly rejects, r=bobowen 
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/c827c112df81
 2015-01-07 23:28:51 -08:00
Bob Owen
931cf70b78 Bug 1102195 Part 3: Re-apply logging changes to the Chromium interception code. r=tabraldes 
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/0f763c186855
 2014-11-29 17:12:18 +00:00
Bob Owen
09607f7c35 Bug 1102195 Part 2: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes 
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389
 2014-11-18 15:11:47 +00:00
Bob Owen
a887f0edbd Bug 1102195 Part 1: Update Chromium sandbox code to commit df7cc6c04725630dd4460f29d858a77507343b24. r=aklotz, r=jld 2015-02-11 08:22:02 +00:00
Brian Smith
a89b90ea7f Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler 
--HG--
extra : rebase_source : 85266413568df928cb1eaf1cd59b52ee9d4259e6
extra : histedit_source : 767e3263d28926435c6d2f4610c7d8b01e9ba87d
 2015-02-07 12:14:31 -08:00
Nicholas Nethercote
63e3218e4c Back out changesets 2fcef6b54be7, 2be07829fefc, 66dfe37b8532, df3fcd2be8fd, 0a436bce77a6 (bug 1050035) for causing intermittent crashes and assertion failures. 
--HG--
extra : rebase_source : eb30be83c3143c6c203585a80a18f180025efaba
 2015-02-10 14:39:49 -08:00
Brian Smith
b0f87b9b6c Bug 1122841, Part 2: Centralize checking of public key, r=keeler 
--HG--
extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b
extra : source : d470b5a68bf915cfb12f0e948e1492463092883c
 2015-02-02 16:17:08 -08:00
Brian Smith
dbc534e182 Bug 1122841, Part 1: Add PositiveInteger parser, r=keeler 
--HG--
extra : rebase_source : 50d79951398e44bf2718c0f071962aa00660fec2
 2015-02-06 18:21:20 -08:00
Brian Smith
1bb835dbca Bug 1128413, Part 4: Fix warnings in mozilla-config.h and gcc-stl-wrapper.template.h, r=glandium 
--HG--
extra : rebase_source : 7ba4fb8a0bd11648908e2790e86ce3bb4517aeb7
 2015-02-02 17:35:19 -08:00
Brian Smith
3920fcd650 Bug 1128413, Part 3: Enable more compiler warnings, r=mmc 
--HG--
extra : rebase_source : 2d17605e6b9296b74493526e052b771be18d4260
 2015-02-07 14:38:40 -08:00
Brian Smith
6254cc408e Bug 1128413, Part 2: Don't use double underscores any more 
--HG--
extra : rebase_source : 5f550089aea320231ca2398126fc7f03e5dffc37
 2015-01-31 19:51:46 -08:00
Brian Smith
a4ceeff7d4 Bug 1128413, Part 1: Fix switch-related warnings, r=mmc 
--HG--
extra : rebase_source : 3d70c2a4ae8f9705a8a2c56c2f49e50fe4711ea9
 2015-02-02 14:21:27 -08:00
Masatoshi Kimura
83c11c2359 Bug 1124039 - Enable RC4 only if ClientHelloVersion <= TLS 1.0. r=keeler 2015-02-10 22:29:51 +09:00
Cykesiopka
500d8c1041 Bug 897690 - Remove misleading error message from AppendErrorTextUntrusted. r=dkeeler 
--HG--
extra : rebase_source : b232fa770189e40916ca60a18c6b12c24d2a77dd
 2015-02-09 03:50:00 +01:00
Bob Owen
a6f34cc0d5 Bug 1129369 Part 3: Turn on MITIGATION_STRICT_HANDLE_CHECKS process-level mitigation for the GMP sandbox. r=tabraldes 2015-02-10 09:06:59 +00:00
Bob Owen
70afa43d6f Bug 1129369 Part 2: Turn on BOTTOM_UP_ASLR process-level mitigation for the GMP sandbox. r=tabraldes 2015-02-10 09:06:59 +00:00
Bob Owen
1a190016de Bug 1129369 Part 1: Turn on DEP_NO_ATL_THUNK process-level mitigation for the GMP sandbox. r=tabraldes 2015-02-10 09:06:59 +00:00
Nicholas Nethercote
242708cf72 Bug 1127201 (attempt 2, part 1) - Replace most NS_ABORT_IF_FALSE calls with MOZ_ASSERT. r=Waldo. 
--HG--
extra : rebase_source : 488e401ff87e31a2074c4108c4df0572d9536667
 2015-02-09 14:34:50 -08:00
Masatoshi Kimura
c199c43026 Bug 1126413 - Part 2: UI changes to display security info on broken secure pages. r=dolske 2015-02-10 04:16:23 +09:00
Masatoshi Kimura
8573fc1f7e Bug 1126413 - Part 1: Expose nsISSLStatus for broken secure pages. r=keeler 2015-02-10 04:16:22 +09:00
Phil Ringnalda
c456d08848 Merge m-i to m-c, a=merge 2015-02-07 08:45:54 -08:00
ffxbld
a14db61a3f No bug, Automated HPKP preload list update from host bld-linux64-spot-075 - a=hpkp-update 2015-02-07 03:24:40 -08:00
ffxbld
ae1fda75a2 No bug, Automated HSTS preload list update from host bld-linux64-spot-075 - a=hsts-update 2015-02-07 03:24:38 -08:00
Bob Owen
1a4af9dc4c Bug 1127230: Change the NPAPI sandbox prefs to integers to indicate the level of sandboxing. r=bsmedberg 2015-01-30 17:48:15 +00:00
Masatoshi Kimura
562649fe82 Bug 1128227 - Add a static TLS insecure fallback whitelist. r=keeler 2015-02-07 13:03:23 +09:00
Nicholas Nethercote
d34f0301b8 Bug 1127201 (part 2) - Convert all NS_ABORT_IF_FALSE calls to MOZ_ASSERT. r=Waldo. 
--HG--
extra : rebase_source : 99182e70335d2b5ff95f8c528ae992d37294be3a
 2015-02-04 20:05:36 -08:00
Masatoshi Kimura
21dab1da42 Bug 1128763 - Do insecure fallback after PR_CONNECT_RESET_ERROR for whitelisted sites only. r=keeler 2015-02-05 22:02:32 +09:00
Masatoshi Kimura
6fbc2ae89f Bug 1116891 - Do fallback with RC4 cipher suites after PR_CONNECT_RESET_ERROR. r=bsmith 2015-02-05 22:02:31 +09:00
Masatoshi Kimura
b99b9fe12a Bug 1127285 - Remove unused fallback reasons. r=keeler 2015-02-05 22:02:31 +09:00
Cykesiopka
03f599fcf0 Bug 1128917 - Replace getp12password.xul with a call to nsIPromptService::PromptPassword(). r=keeler 
--HG--
extra : rebase_source : a92f80292395cbc9105cf9564f6f5005da2ff582
 2015-02-05 03:28:00 +01:00
TheKK
3cda0706de Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz 2015-01-23 06:17:00 +01:00
Nicholas Nethercote
b5913e0b3d Bug 1050035 (part 4) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj. 
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.

--HG--
extra : rebase_source : eeba14d732077ef2e412f4caca852de6b6b85f55
 2015-02-02 14:48:58 -08:00
Nicholas Nethercote
9a36fdbde4 Bug 1050035 (part 2) - Remove the fallible version of PL_DHashTableInit(). r=froydnj,mrbkap. 
Because it's no longer needed now that entry storage isn't allocated there.
(The other possible causes of failures are much less interesting and simply
crashing is a reasonable thing to do for them.)

This also makes PL_DNewHashTable() infallible.

--HG--
extra : rebase_source : 848cc9bbdfe434525857183b8370d309f3acbf49
 2015-02-01 20:19:08 -08:00
David Keeler
dcc3953291 bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa 
As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
 2015-01-15 11:01:10 -08:00
Cykesiopka
caa1e7521a Bug 78808 - Enable Cert Manager buttons only when they would have an effect. Original patch by Scott Johnson. r=keeler 2015-01-31 14:20:00 +01:00
Mike Hommey
a35dbaeebf Bug 1126593 - Add a global fallible instance, so that using fallible works directly, everywhere. r=njn 
--HG--
rename : memory/mozalloc/fallible.h => memory/fallible/fallible.h
 2015-02-02 09:56:13 +09:00
Andrew McCreight
d3826daa16 Back out Bug 1127201 (part 2) for various problems. 2015-02-06 15:04:32 -08:00
Cykesiopka
eb24c24fb9 Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler 
--HG--
extra : rebase_source : de63f37cdef477d96c1aef8253feca7013ba3bfd
 2015-02-06 11:18:20 -08:00
Cykesiopka
06973aee53 Bug 968560 - Add missing Not-Yet-Valid cert override tests. r=dkeeler 
--HG--
extra : rebase_source : 15d2774ad604561639306bb91134f6f63967e105
 2015-02-06 11:18:04 -08:00
Phil Ringnalda
c408ae1430 Merge m-c to m-i 2015-01-31 09:13:30 -08:00
Masatoshi Kimura
f34f010bc1 backout 3d4d4a91f29a (bug 1102632) as some web pages can no longer connect without enabling SSLv3 2015-01-31 22:16:48 +09:00
ffxbld
5a3089ce04 No bug, Automated HPKP preload list update from host bld-linux64-spot-015 - a=hpkp-update 2015-01-31 03:38:09 -08:00
ffxbld
f0761aa2b1 No bug, Automated HSTS preload list update from host bld-linux64-spot-015 - a=hsts-update 2015-01-31 03:38:07 -08:00
Wes Kocher
f62801541d Merge fx-team to m-c a=merge CLOSED TREE 2015-01-29 15:27:17 -08:00
Carsten "Tomcat" Book
dcda8a64d4 Merge mozilla-central to fx-team 2015-01-29 16:20:17 +01:00
Masatoshi Kimura
bf88ffa183 Bug 1123020 - Remove options to allow unrestricted renegotiation. r=keeler 2015-01-29 21:04:26 +09:00
Gijs Kruitbosch
36e608ec65 Bug 1126675 - indicate missing issuerName or subjectName as empty string, r=keeler 2015-01-28 15:42:41 +00:00
Bob Owen
183a6391ad Bug 1126402: Add a pref to enable a more strict version of the Windows NPAPI process sandbox. r=bsmedberg, r=bbondy 2015-01-29 08:13:07 +00:00
David Keeler
718bcfa712 backout cd0ec3afca5a (bug 832837) for mochitest bustage 2015-01-30 11:25:24 -08:00
David Keeler
11b9c65608 bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa 
As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
 2015-01-15 11:01:10 -08:00
Kai Engert
a98467ac06 Bug 1107731 - Upgrade Mozilla 36 and 37 to use NSS 3.17.4, mark release candidate as RTM, DONTBUILD 2015-01-28 20:49:21 +01:00
Masatoshi Kimura
4e8a902fda Bug 1114816 - Implement TLS intolerance fallback whitelist. r=keeler 2015-01-29 03:52:42 +09:00
Bob Owen
f82c430a64 Bug 1125865: Only log Windows sandbox violations to console when nsContentUtils is initialized. r=bbondy 2015-01-28 11:21:24 +00:00
Cykesiopka
ad8382e07c Bug 1125478 - Refactor and clean up key size test files. r=keeler 2015-01-27 22:11:00 +01:00
Nicholas Nethercote
3163cfc2c1 Bug 1124973 (part 2) - Introduce PL_DHashTableSearch(), and replace most PL_DHashTableLookup() calls with it. r=froydnj. 
It feels safer to use a function with a new name, rather than just changing the
behaviour of the existing function.

For most of these cases the PL_DHashTableLookup() result was checked with
PL_DHASH_ENTRY_IS_{FREE,BUSY} so the conversion was easy. A few of them
preceded that check with a useless null check, but the intent of these was
still easy to determine.

I'll do the trickier ones in subsequent patches.

--HG--
extra : rebase_source : ab37a7a30be563861ded8631771181aacf054fd4
 2015-01-22 21:06:55 -08:00