Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-28 04:35:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
575,830 Commits 615 Branches 98 Tags 6 GiB
5049904286
Commit Graph

12921 Commits

Author SHA1 Message Date
ffxbld
eb15ed90ea No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-11-23 11:37:46 -08:00
ffxbld
4018e652ff No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-23 10:42:06 -08:00
ffxbld
ce8ed40893 No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-23 10:42:02 -08:00
Cosmin Sabou
a5d613086a Merge mozilla-inbound to mozilla-central r=merge a=merge 2017-11-23 11:42:46 +02:00
Franziskus Kiefer
7b10164f9f Bug 1403840 - add cose rust lib with a test, r=keeler,ttaubert 
Summary:
This adds the COSE rust library from https://github.com/franziskuskiefer/cose-rust with its C API from https://github.com/franziskuskiefer/cose-c-api to gecko with a basic test.
The COSE library will be used for verifying add-on signatures in future.

Reviewers: keeler, ttaubert

Reviewed By: keeler

Bug #: 1403840

Differential Revision: https://phabricator.services.mozilla.com/D232

--HG--
extra : rebase_source : 433ca6894d88ccda333bfac53507eba4e84924fb
 2017-11-22 16:37:15 +01:00
shindli
a0b20fcb81 Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE 2017-11-22 23:42:02 +02:00
shindli
82254ca1cf Merge inbound to mozilla-central r=merge a=merge 2017-11-22 23:29:44 +02:00
ffxbld
ad970571e9 No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update 2017-11-22 11:38:06 -08:00
ffxbld
013da9f3f3 No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update 2017-11-22 11:38:02 -08:00
ffxbld
2795ad9547 No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update 2017-11-22 10:46:15 -08:00
ffxbld
36b4732f5f No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update 2017-11-22 10:46:12 -08:00
Michal Novotny
96f9c8ac5c Bug 1418752 - Firefox instahang on start after landing patch from bug #1392841. r=ttaubert 
EnsureNSSInitializedChromeOrContent() sends sync event to main thread from non-main thread even if it's already initialized. This can make fix at https://searchfox.org/mozilla-central/rev/919dce54f43356c22d6ff6b81c07ef412b1bf933/netwerk/protocol/http/nsHttpHandler.cpp#2105 inefficient and can lead to a deadlock.

--HG--
extra : rebase_source : 18333d17e1d959accd667c8ce25a20ea51c15266
 2017-11-22 12:46:08 -05:00
Gabriele Svelto
80fbb39861 Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert 
MozReview-Commit-ID: CfPBvffjEhq

--HG--
extra : rebase_source : 51c522746b48f0819b926607ceebf7d070df4ffd
 2017-10-10 15:25:39 +02:00
ffxbld
5fbf717e5b No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update 2017-11-21 11:48:53 -08:00
ffxbld
d05982f0f1 No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update 2017-11-21 11:48:49 -08:00
ffxbld
511b2cf5e6 No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-21 11:14:55 -08:00
ffxbld
cf7bf94e79 No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-21 11:14:52 -08:00
ffxbld
cde731d2d0 No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update 2017-11-20 11:37:26 -08:00
ffxbld
d7e570ab96 No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update 2017-11-20 11:37:22 -08:00
ffxbld
21d7bcc344 No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-20 10:57:37 -08:00
ffxbld
2fb6a219c1 No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-20 10:57:34 -08:00
Bogdan Tara
b3f0c3ded3 Merge mozilla-central to autoland. r=merge a=merge on a CLOSED TREE 2017-11-20 00:17:43 +02:00
ffxbld
c21102410d No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update 2017-11-19 11:40:51 -08:00
ffxbld
502a538775 No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update 2017-11-19 11:40:47 -08:00
ffxbld
3fc5579f87 No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update 2017-11-19 10:55:01 -08:00
ffxbld
6b1e59b641 No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update 2017-11-19 10:54:58 -08:00
Gurzau Raul
79f64eb568 Merge inbound to mozilla-central r=merge a=merge 2017-11-18 22:48:47 +02:00
ffxbld
22b9cb8f84 No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update 2017-11-18 11:41:00 -08:00
ffxbld
2d07f0f683 No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update 2017-11-18 11:40:56 -08:00
ffxbld
973e21879e No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-18 11:05:10 -08:00
ffxbld
aa9e3a35ac No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-18 11:05:07 -08:00
Tooru Fujisawa
b0ee34bea3 Bug 1416466 - Wait for the next event tick before resolving Promise for onload event in tests in security/manager/ssl/tests/mochitest/browser/. r=mossop 2017-11-18 22:57:18 +09:00
Gian-Carlo Pascutto
34be833347 Bug 1416016 - Add ../config to the sandbox whitelist for older Mesa. r=jld 
MozReview-Commit-ID: KahivmVJR1l

--HG--
extra : rebase_source : 7d77f0ee77813a1214cfa5bc618b57c3208443c3
 2017-11-17 15:23:28 +01:00
Gian-Carlo Pascutto
c979b7a21f Bug 1416808 - Add "$XDG_DATA_(HOME|DIRS)"/fonts to the sandbox whitelist. r=jld 
MozReview-Commit-ID: DwwltKQg8x4

--HG--
extra : rebase_source : e92b60e320bb26e66bfb38039f141ec83a34fff7
 2017-11-17 15:45:11 +01:00
Noemi Erli
696ac83de9 Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE 2017-11-18 02:55:06 +02:00
Noemi Erli
1d5be20b0d Merge autoland to mozilla-central r=merge a=merge 2017-11-18 00:00:22 +02:00
ffxbld
4f3980082f No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update 2017-11-17 11:41:51 -08:00
ffxbld
794ea08b42 No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update 2017-11-17 11:41:47 -08:00
ffxbld
4da78d1a66 No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-17 11:02:48 -08:00
ffxbld
8591b856f3 No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-17 11:02:45 -08:00
Bob Owen
5a64c2aeb7 Bug 1417959: Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm 2017-11-16 18:10:00 +00:00
David Keeler
cdac966d1b bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj 
MozReview-Commit-ID: 2qoJz5gDPyY

--HG--
extra : rebase_source : 89ccda87138ac02004d290f621e9d53dcddc08ff
 2017-11-15 15:24:58 -08:00
David Keeler
68dd6026ab bug 1418135 - asynchronously determine the chain to display in the details pane of the certificate viewer r=mgoodwin 
The current certificate viewer uses "getChain" to determine what chain to show
in the details pane. This is problematic for a number of reasons including a)
it's synchronous (and potentially slow) and b) getChain may return something
almost entirely quite unlike any actual trusted path (see bug 1004580 comment
0).

This won't fix the whole problem (whatever's opening the certificate viewer
should really be passing in the chain itself), but that's hard, so this would at
least change the determination to be asynchronous and at least won't result in
something completely bogus.

MozReview-Commit-ID: J9uqRgxL52j

--HG--
extra : rebase_source : 0cb0a02564f7d962a57af90a9d1177ff41f064fe
 2017-11-16 15:48:47 -08:00
Brindusan Cristian
cdb95907ba Merge mozilla-central to autoland r=merge a=merge on a CLOSED TREE 2017-11-16 00:41:40 +02:00
Brindusan Cristian
d0a4ab96a0 Merge inbound to mozilla-central r=merge a=merge 2017-11-16 00:24:15 +02:00
ffxbld
6c10f7d914 No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-11-15 11:31:52 -08:00
ffxbld
393e147523 No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-11-15 11:31:48 -08:00
ffxbld
dd02544d02 No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-15 10:54:33 -08:00
ffxbld
bab5f228d3 No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-15 10:54:29 -08:00
Jonathan Kew
304ec4c15e Bug 1417420 - Add the path used by FontAgent to the sandbox rules on macOS. r=haik 2017-11-15 17:59:44 +00:00
David Keeler
ab21773795 bug 1417277 - remove support for MOZPSM_NSSDBDIR_OVERRIDE r=jcj 
MOZPSM_NSSDBDIR_OVERRIDE was added in bug 462919 for integration with xulrunner
applications. Upcoming changes we're aiming to make with how PSM handles NSS and
the certificate/key databases (e.g. making the sqlite-backed implementation
mandatory) mean we have to take this feature into account. xulrunner isn't
supported any longer. Searching the web for "MOZPSM_NSSDBDIR_OVERRIDE" yields
two kinds of results: mozilla-central source code and a man page for nss-gui,
which it seems is the only project that ever made use of
MOZPSM_NSSDBDIR_OVERRIDE (and hasn't been updated since 2013, from what I can
tell). I think it's fair to conclude that this isn't a widely-used (let alone
known) feature. To make development easier, we should remove it.

MozReview-Commit-ID: 56vcTYSzDPq

--HG--
extra : rebase_source : 683a65bcd79182c04524562bc26ed5925f5d902b
 2017-11-14 16:38:34 -08:00
ffxbld
7af6788dd0 No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update 2017-11-14 11:51:23 -08:00
ffxbld
1d90c326d7 No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update 2017-11-14 11:51:19 -08:00
ffxbld
e943551045 No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-14 10:58:36 -08:00
ffxbld
cc72aaf33e No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-14 10:58:32 -08:00
Mark Banner
ba94a5128c Bug 1371293 - Fix instances of missing 'use strict;' in html files as found after ESLint 4 upgrade. r=mossop 
MozReview-Commit-ID: 2q3nqLaXA3E

--HG--
extra : rebase_source : 971ee6ae4dd565ead6f4aa16e06638445ecc5da0
 2017-10-31 16:40:37 +00:00
Andreea Pavel
3039b5c625 Backed out 1 changesets (bug 1417677) for failing security/manager/ssl/tests/unit/test_broken_fips.js r=backout on a CLOSED TREE 
Backed out changeset 614a09e35ff0 (bug 1417677)
 2017-11-17 12:49:16 +02:00
Ciure Andrei
fdbe147ffb Merge mozilla-central to autoland. r=merge a=merge CLOSED TREE 2017-11-17 12:09:31 +02:00
David Keeler
82c2e0ec18 bug 1413336 - (7/7) regenerate all the certificates! r=Cykesiopka 
Also regenerate the test_signed_app.js testcases.

MozReview-Commit-ID: 483uNQT0wuG

--HG--
extra : rebase_source : 4dfddf89d151dceb970a1a9139a5c90e6b578f8c
 2017-11-08 12:57:03 -08:00
David Keeler
cfc4721f33 bug 1413336 - (6/7) replace setComponentByName with direct property setters r=Cykesiopka 
MozReview-Commit-ID: EIIzP04YHo9

--HG--
extra : rebase_source : bf04301265175f59a3db429667322caffeeeb767
 2017-11-14 13:35:10 -08:00
David Keeler
d64022f084 bug 1413336 - (5/7) ensure text files generated by pycert et. al. have trailing newlines r=Cykesiopka 
MozReview-Commit-ID: KduWJRzTxBp

--HG--
extra : rebase_source : 74c5baf9747a85d71bc93d7459a8b519b40f6dd4
 2017-10-25 16:59:18 -07:00
David Keeler
d6bd3927e3 bug 1413336 - (4/7) make certificate serial number generation not depend on pyasn1 object string representation r=Cykesiopka 
MozReview-Commit-ID: 69GjudEKwQM

--HG--
extra : rebase_source : 707413a77478e17a398fbb3c75eb27b64486b313
 2017-11-08 14:12:03 -08:00
David Keeler
4a5bf460ad bug 1413336 - (3/7) fix pycert.py and pykey.py with respect to pyasn1/pyasn1-modules updates r=Cykesiopka 
MozReview-Commit-ID: CsxOF7LdEHB

--HG--
extra : rebase_source : 09b901b640779a9fe33de9d8c160b6918e6f12f7
 2017-11-08 13:23:17 -08:00
David Keeler
dcb596244e bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj 
MozReview-Commit-ID: 2qoJz5gDPyY

--HG--
extra : rebase_source : c84d7975fa30c753af7481d04e2db8c19daff180
 2017-11-15 15:24:58 -08:00
David Keeler
2d6eb184f1 bug 1368868 - give up on ocsp stapling strictness because we can't have nice things r=jcj 
MozReview-Commit-ID: nbX0c251oC

--HG--
extra : rebase_source : 2adda43c5ea137c17474e4b9303107f4ba3815ff
 2017-11-08 15:50:26 -08:00
David Keeler
d49916e353 bug 1415991 - remove support for signed unpacked addons r=jcj,rhelmer 
Unfortunately we have a number of add-on installation tests that rely on
unpacked addons verifying as signed. The test infrastructure achieves this by
monkey-patching nsIX509CertDB.verifySignedDirectoryAsync to always succeed.
These tests are, in general, not actually testing the successful verification of
signed unpacked add-ons but rather other aspects of add-on installation,
updating, etc.. Some of these tests are certainly no longer relevant now that
legacy add-ons aren't supported, but we don't have the time to go through all of
them at the moment (this blocks updating add-on signature verification to use
COSE signatures, which we need to ship in 59 or we're probably not shipping at
all).

MozReview-Commit-ID: 3TVPK703mUy

--HG--
extra : rebase_source : 5bf0b72a4d7c8ade702334345fdc3bf6a8761b15
 2017-11-09 11:19:23 -08:00
Csoregi Natalia
e520b4f458 Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE 2017-11-14 00:59:27 +02:00
ffxbld
6f5e1e666f No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update 2017-11-13 11:38:59 -08:00
ffxbld
4d11774312 No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update 2017-11-13 11:38:56 -08:00
ffxbld
96d2701aef No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-13 10:56:59 -08:00
ffxbld
02130351db No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-13 10:56:56 -08:00
ffxbld
8802fbf292 No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update 2017-11-12 11:35:21 -08:00
ffxbld
014fe21cbb No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update 2017-11-12 11:35:17 -08:00
ffxbld
54eff2095e No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-12 11:06:31 -08:00
ffxbld
f5ee17bd6f No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-12 11:06:28 -08:00
ffxbld
14b2379843 No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-11-11 11:46:19 -08:00
ffxbld
844ee0c1d3 No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-11-11 11:46:15 -08:00
ffxbld
a99e2a57b4 No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-11 11:07:18 -08:00
ffxbld
0411746801 No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-11 11:07:14 -08:00
Jed Davis
873f611a48 Bug 1401786 - Move the Linux sandboxing parts of GeckoChildProcessHost into security/sandbox. r=gcp 
MozReview-Commit-ID: JknJhF5umZc

--HG--
extra : rebase_source : 2fa246e9a8b350becc21ed5bfd69820d3a321064
 2017-10-06 17:15:46 -06:00
Alex Gaynor
af821e1fe3 Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp 
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.

MozReview-Commit-ID: 4CsOf89vlRB

--HG--
extra : rebase_source : b9130f522e860e6a582933799a9bac07b771139b
 2017-06-01 10:38:22 -04:00
Ryan VanderMeulen
b16410f51c Merge inbound to m-c. a=merge 2017-11-10 16:13:15 -05:00
ffxbld
018987af9e No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update 2017-11-10 11:40:26 -08:00
ffxbld
fef8559955 No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update 2017-11-10 11:40:22 -08:00
ffxbld
5f8a70cc67 No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-10 11:07:01 -08:00
ffxbld
dc41b393b4 No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-10 11:06:58 -08:00
Margareta Eliza Balazs
7e070192d7 Merge inbound to mozilla-central r=merge a=merge 2017-11-10 11:55:43 +02:00
Sebastian Hengst
ed9d8c71ea merge mozilla-central to autoland. r=merge a=merge on a CLOSED TREE 2017-11-10 02:46:00 +02:00
ffxbld
80565ab2ca No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update 2017-11-09 12:27:53 -08:00
ffxbld
5e3d80e936 No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update 2017-11-09 12:27:50 -08:00
ffxbld
b730c6b38d No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update 2017-11-09 11:48:10 -08:00
ffxbld
7e80b102d5 No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update 2017-11-09 11:48:06 -08:00
Sebastian Hengst
96773b2710 merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE 2017-11-10 02:47:06 +02:00
Andreea Pavel
e1c8aba28f Merge mozilla-central to mozilla-inbound r=merge a=merge on a CLOSED TREE 2017-11-09 22:17:00 +02:00
David Keeler
0c8c69a89a bug 1235287 - set a longer ocsp request timeout in test_ocsp_stapling_expired.js to avoid intermittent failures on android r=jcj 
MozReview-Commit-ID: 3CJqnQ4EGXn

--HG--
extra : rebase_source : 3bdeac9d603d2f7d723e82fcfc75971ff9c44df0
 2017-11-09 09:40:28 -08:00
Kyle Machulis
bcce449ae5 Bug 1408186 - Remove nsIDOMHTMLSelectElement and nsIDOMHTMLOptionsCollection; r=bz 
MozReview-Commit-ID: Gh3JwLUtmz9

--HG--
extra : rebase_source : 6cdee487246406cafe0e5a9afe4a44f62d131c8b
 2017-10-12 16:32:25 -07:00
Sebastian Hengst
a353221537 merge mozilla-inbound to mozilla-central. r=merge a=merge 2017-11-09 00:00:16 +02:00
ffxbld
f9ad119371 No bug, Automated HPKP preload list update from host bld-linux64-spot-034 - a=hpkp-update 2017-11-08 11:49:18 -08:00
ffxbld
d3a0bf4332 No bug, Automated HSTS preload list update from host bld-linux64-spot-034 - a=hsts-update 2017-11-08 11:49:15 -08:00
ffxbld
5a7c2c5964 No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update 2017-11-08 10:47:08 -08:00
ffxbld
ac31e8cfe6 No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update 2017-11-08 10:47:05 -08:00
Narcis Beleuzu
218e1676cb Merge inbound to mozilla-central r=merge a=merge 2017-11-08 12:51:09 +02:00
Bob Owen
cd430d0c58 Bug 1415250 Part 1: Block prntm64.dll and guard32.dll in sandboxed child processes. r=jimm 2017-11-08 08:06:14 +00:00
Franziskus Kiefer
327d4f6ae1 Bug 1401594 - land NSS NSS_3_34_BETA3 UPGRADE_NSS_RELEASE CLOSED TREE, r=me 
MozReview-Commit-ID: HCa9qQq2zPP
 2017-11-08 15:26:20 +01:00
Franziskus Kiefer
714a126090 Bug 1401594 - land NSS NSS_3_34_BETA2 UPGRADE_NSS_RELEASE, r=me 
MozReview-Commit-ID: IZcYFTH0x9o

--HG--
extra : rebase_source : 224952488b3e4beef03d707aa43c17a095df02f9
 2017-11-08 11:44:14 +01:00
Margareta Eliza Balazs
0c57f53d9c Merge autoland to mozilla-central r=merge a=merge 2017-11-07 23:55:23 +02:00
ffxbld
c9735e7bb6 No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update 2017-11-07 11:43:05 -08:00
ffxbld
d45b8e51c2 No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update 2017-11-07 11:43:01 -08:00
ffxbld
d5e7732988 No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-11-07 10:43:47 -08:00
ffxbld
5a48a94698 No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-11-07 10:43:43 -08:00
Martin Thomson
195dbda63e Bug 1414735 - Upgrade Firefox to NSS 3.35, r=franziskus UPGRADE_NSS_RELEASE 
MozReview-Commit-ID: 6hDnHCWVeWz

--HG--
extra : rebase_source : 4bf98010c7afefe9bc0f2da240bb676bd82496b6
 2017-11-07 12:24:58 +11:00
Ryan VanderMeulen
a2f1dcd1e0 Merge m-c to autoland. a=merge 2017-11-06 14:51:08 -05:00
ffxbld
fe19e42a3c No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update 2017-11-06 11:36:57 -08:00
ffxbld
5ec06cbae9 No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update 2017-11-06 11:36:53 -08:00
ffxbld
883506c13d No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-06 11:03:31 -08:00
ffxbld
af031d585f No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-06 11:03:27 -08:00
ffxbld
38bf4c4f20 No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update 2017-11-05 11:26:07 -08:00
ffxbld
f03e7e263d No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update 2017-11-05 11:26:03 -08:00
ffxbld
9b91644ce1 No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-05 10:47:13 -08:00
ffxbld
0e84a5f304 No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-05 10:47:09 -08:00
ffxbld
a9ac7e1e95 No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-11-04 11:27:47 -07:00
ffxbld
0c16c4d46a No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-11-04 11:27:43 -07:00
Sebastian Hengst
3af6639030 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 6lOkhi71eQ3
 2017-11-04 10:53:33 +01:00
ffxbld
066b6713fd No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-03 11:33:33 -07:00
ffxbld
422df817cd No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-03 11:33:29 -07:00
Sebastian Hengst
68106833b3 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: xcHQOq7Rbv
 2017-11-02 22:59:04 +01:00
Sebastian Hengst
8da0763166 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 60XtziNG2CK
 2017-11-02 22:57:14 +01:00
ffxbld
299b665375 No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update 2017-11-02 11:32:01 -07:00
ffxbld
06f236c2b4 No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update 2017-11-02 11:31:57 -07:00
Franziskus Kiefer
1db8f13af3 Bug 1401594 - land NSS NSS_3_34_BETA1 UPGRADE_NSS_RELEASE, r=me 
MozReview-Commit-ID: 8ckNdJ29KWZ

--HG--
extra : rebase_source : 9766af247842aabce5e46c4a8d1d03c3f70d21f7
 2017-11-01 15:38:36 +01:00
J.C. Jones
bc2d08ffc7 Bug 1414198 - Include <functional> in nsNSSCertificate.h r=keeler 
We've a report of a compilation error on a different system because
std::function was undefined.

MozReview-Commit-ID: 2MboMUdLzHj

--HG--
extra : rebase_source : be6d73506402a1838b96ce55e69b44dcb00949f1
 2017-11-03 17:11:04 -07:00
David Keeler
6922b82c52 bug 1357815 - 4/4: go a bit overboard on testcases for SHA-256 support in add-on signatures r=jcj 
MozReview-Commit-ID: K4WYTYPXpi1

--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha1_and_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1-256.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha1_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha256_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_manifest.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-256.zip
extra : rebase_source : f56c5c9309590bd37d933e8e8fbff8535296b874
 2017-10-27 11:20:33 -07:00
Jed Davis
0b91cda795 Bug 1413312 - Fix media plugin sandbox policy for sched_get_priority_{min,max}. r=gcp 
MozReview-Commit-ID: Bz4EWU13HAJ

--HG--
extra : rebase_source : 848880e083827a6f40e6ba289a5357ff6b4fa5f6
 2017-10-31 18:12:43 -06:00
Jed Davis
de1cbf125f Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp 
MozReview-Commit-ID: DY0qdGYGNdL

--HG--
extra : rebase_source : 02448ea28e8c1ea0d25776455d9ebb30d829b482
 2017-10-30 19:45:39 -06:00
Jed Davis
a2451f13e5 Bug 1412480 - Statically check for overly large syscall arguments. r=gcp 
See the previous patch for an explanation of the mistake that this is
meant to catch.

Note that, even for arguments that really are 64-bit on 32-bit platforms
(typically off_t), it's generally not safe to pass them directly to
syscall(): some architectures, like ARM, use ABIs that require such
arguments to be passed in aligned register pairs, and they'll be aligned
differently for syscall() vs. the actual system call due to the leading
system call number argument.  The syscall(2) man page discusses this
and documents that such arguments should be split into high/low halves,
passed separately, and manually padded.

Therefore, this patch rejects any argument types larger than a word.

MozReview-Commit-ID: FVhpri4zcWk

--HG--
extra : rebase_source : 0329fe68be2a4e16fb71736627f0190e005c9972
 2017-10-27 19:51:26 -06:00
Jed Davis
6d4b2907e1 Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp 
The values in arch_seccomp_data::args are uint64_t even on 32-bit
platforms, and syscall takes varargs, so the arguments need to be
explicitly cast to the word size in order to be passed correctly.

MozReview-Commit-ID: 5ldv6WbL2Z3

--HG--
extra : rebase_source : c6ef37d8b367ad6025e510e58e6ab4d2f96cfc9e
 2017-10-27 20:51:25 -06:00
David Keeler
6034b39937 bug 1357815 - 3/4: support SHA256 in PKCS#7 signatures on add-ons r=dveditz,jcj 
As a result of this patch, the hash algorithm used in add-on signature
verification will come from the PKCS#7 signature. If SHA-256 is present, it will
be used. SHA-1 is used as a fallback. Otherwise, the signature is invalid.

This means that, for example, if the PKCS#7 signature only has SHA-1 but there
are SHA-256 hashes in the signature file and/or manifest file, only the SHA-1
hashes in the signature file and manifest file will be used, if they are present
(and verification will fail if they are not present). Similarly, if the PKCS#7
signature has SHA-256, there must be SHA-256 hashes in the signature file and
manifest file (even if SHA-1 is also present in the PKCS#7 signature).

MozReview-Commit-ID: K3OQEpIrnUW

--HG--
extra : rebase_source : 704a2a18e166bfaf3e3d944d13918054bd012000
 2017-10-24 15:27:53 -07:00
David Keeler
7617737c9f bug 1357815 - 2/4: refactor away unnecessary parts of certificate verification in add-on signature verification r=jcj 
MozReview-Commit-ID: 4JKWIZ0wnuO

--HG--
extra : rebase_source : 7f032046b3a81c2b3f2135451af07a1e38e94664
 2017-10-24 13:32:02 -07:00
David Keeler
543678ab80 bug 1357815 - 1/4: move VerifyCMSDetachedSignatureIncludingCertificate to where it's used r=jcj 
MozReview-Commit-ID: JsBPGhDxQoS

--HG--
extra : rebase_source : 88a1c0b73762f28c53ffd645f2eba260743a4062
 2017-10-24 13:18:14 -07:00
Ryan VanderMeulen
f44bfd0fc0 Merge m-c to autoland. a=merge 2017-11-01 21:55:56 -04:00
ffxbld
269dcb47f7 No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-11-01 18:38:41 -07:00
ffxbld
249a4851fb No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-11-01 18:38:37 -07:00
ffxbld
f2bc4e722f No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update 2017-10-31 12:14:57 -07:00
ffxbld
f4901979dd No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update 2017-10-31 12:14:53 -07:00
J.C. Jones
f04a229953 Bug 1412994 - Ensure SegmentCertificateChain returns results in PSM order r=keeler 
SegmentCertificateChain, when provided a cert chain from nsISSLStatus, delivers
the EE as the Root, the Root as the EE, and the intermediates in reverse order.

Basically, now that Bug 1406856 landed, it's clear this was backward in its
thinking, so reverse it for the common case.

MozReview-Commit-ID: Ahtv9U9A9oS

--HG--
extra : rebase_source : 75c8688c5041652fd966babe91cb8c6287e19ad0
 2017-10-30 16:49:41 -07:00
Sebastian Hengst
6979ea37b4 merge mozilla-central to autoland. r=merge a=merge 2017-10-30 23:58:16 +01:00
Sebastian Hengst
f07fc93141 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 4PW6ESqLL73
 2017-10-30 23:52:23 +01:00
ffxbld
da6d577b00 No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update 2017-10-30 11:46:17 -07:00
ffxbld
0eee83e64e No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update 2017-10-30 11:46:14 -07:00
Bob Owen
e67fce9b1f Bug 1412827: Add Symantec DLLs ffm64 and ffm to the sandboxed child blocklist. r=jimm 
This patch also adds k7pswsen.dll unconditionally as it is still appearing
in many crash reports despite the block working in a test VM.
 2017-10-30 16:28:26 +00:00
Jed Davis
6557099666 Bug 1411115 - Allow F_SETLK fcntl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: ARc7EpfN73o

--HG--
extra : rebase_source : 21c35a65a7c45387e2bd7fd7aba5f82ecf7c9ab3
 2017-10-27 18:05:53 -06:00
Jed Davis
ee247f0d5f Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp 
MozReview-Commit-ID: 4Q0XMWcxaAc

--HG--
extra : rebase_source : e6065c91ddb271b71b5577ca0d6c39349565724c
 2017-10-27 19:32:37 -06:00
Jed Davis
27d4543313 Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 3svUgLLTZKL

--HG--
extra : rebase_source : 2f51310f19cff45313cafd2bdcc60f2999b729b3
 2017-10-25 12:43:13 -06:00
Sebastian Hengst
d67d120cc4 Backed out 4 changesets (bug 1386404) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE 
Backed out changeset 36556e1a5ac7 (bug 1386404)
Backed out changeset b136f90dc49f (bug 1386404)
Backed out changeset 4600c2d575f9 (bug 1386404)
Backed out changeset c2c40e4d9815 (bug 1386404)
 2017-10-30 19:10:01 +01:00
Gian-Carlo Pascutto
3d94d8e8e1 Bug 1386404 - Only do the tmp remapping if needed. r=jld 
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.

It's also a bit faster.

MozReview-Commit-ID: CWtngVNhA0t

--HG--
extra : rebase_source : 304481a18c371c3253448971f48064bcbd681a81
 2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
577b3a7731 Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld 
MozReview-Commit-ID: 2h9hw6opYof

--HG--
extra : rebase_source : f3121d7afff22e3f72c66e3a5553e731a83a2e1c
 2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
6a66615d8d Bug 1386404 - Enable access to the entire chrome dir from content. r=jld 
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.

MozReview-Commit-ID: 8uJcWiC2rli

--HG--
extra : rebase_source : 3542ea305aabaca0500d66f8e86f5c12170d793e
 2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
802f1b9395 Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik 
MozReview-Commit-ID: 6Hijq0to9MG

--HG--
extra : rebase_source : c7a3559e4cbdfd1885d13a489c4eeb311ca973fa
 2017-10-12 11:18:25 +02:00
Franziskus Kiefer
0ab6bdd2fa Bug 1413937 - add sha384 and sha512 to pycert and pykey, r=keeler 
MozReview-Commit-ID: ArjNHLC1MFC

Differential Revision: https://phabricator.services.mozilla.com/D185

--HG--
extra : rebase_source : 781abe2faa33aa4f55902db1b191159f9c88254d
 2017-11-09 16:55:12 +01:00
Sebastian Hengst
794abc6fba merge mozilla-central to autoland. r=merge a=merge 2017-10-29 23:01:08 +01:00
ffxbld
8af3c26b61 No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update 2017-10-29 11:34:19 -07:00
ffxbld
c61725847a No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update 2017-10-29 11:34:15 -07:00
Sebastian Hengst
d6f574cf1b merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: DMG276CdAzv
 2017-10-28 23:57:08 +02:00
ffxbld
8d7205d5c7 No bug, Automated HPKP preload list update from host bld-linux64-spot-023 - a=hpkp-update 2017-10-28 11:38:28 -07:00
ffxbld
b03d306da6 No bug, Automated HSTS preload list update from host bld-linux64-spot-023 - a=hsts-update 2017-10-28 11:38:24 -07:00
ffxbld
e009038b12 No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update 2017-10-28 11:23:31 -07:00
ffxbld
261757d83a No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update 2017-10-28 11:23:28 -07:00
Sebastian Hengst
2f6f3e1167 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JSVOeP0nq5J
 2017-10-27 23:28:23 +02:00
ffxbld
a5b2d14190 No bug, Automated HPKP preload list update from host bld-linux64-spot-022 - a=hpkp-update 2017-10-27 11:38:58 -07:00
ffxbld
28eb630b74 No bug, Automated HSTS preload list update from host bld-linux64-spot-022 - a=hsts-update 2017-10-27 11:38:54 -07:00
Attila Craciun
21363323fd Backed out 2 changesets (bug 1409900) for failing browser chrome on Linux opt at browser/base/content/test/general/browser_bug590206.js r=backout a=backout. 
Backed out changeset 83296a355dd4 (bug 1409900)
Backed out changeset 072007f83431 (bug 1409900)
 2017-10-27 16:15:47 +03:00
Sebastian Hengst
5c15da1f08 merge mozilla-inbound to mozilla-central. r=merge a=merge 
--HG--
rename : testing/talos/tests/__init__.py => testing/talos/talos/unittests/__init__.py
rename : testing/talos/tests/browser_output.ts.txt => testing/talos/talos/unittests/browser_output.ts.txt
rename : testing/talos/tests/browser_output.tsvg.txt => testing/talos/talos/unittests/browser_output.tsvg.txt
rename : testing/talos/tests/profile.tgz => testing/talos/talos/unittests/profile.tgz
rename : testing/talos/tests/ps-Acj.out => testing/talos/talos/unittests/ps-Acj.out
rename : testing/talos/tests/test_talosconfig_browser_config.json => testing/talos/talos/unittests/test_talosconfig_browser_config.json
rename : testing/talos/tests/test_talosconfig_test_config.json => testing/talos/talos/unittests/test_talosconfig_test_config.json
rename : testing/talos/tests/xrestop_output.txt => testing/talos/talos/unittests/xrestop_output.txt
 2017-10-27 12:45:34 +03:00
J.C. Jones
d4d890633b Bug 1411683 - Add foreach and segment utility methods to nsNSSCertList r=keeler 
This adds two methods to nsNSSCertList: ForEachCertificateInChain, and
SegmentCertificateChain. The ForEach method calls a supplied function for each
certificate in the chain, one by one.

That method is then used by the Segment method, which (assuming the chain is
ordered) splits it into Root, End Entity, and everything in-between as a list of
Intermediates.

This patch does _not_ try to add these methods to the IDL, as it's not
straightforward to me on how to handle the nsCOMPtr or std::function arguments.

These methods will be first used by Bug 1409259.

(Update to fix gtest bustage on Linux)

MozReview-Commit-ID: 8qjwF3juLTr

--HG--
extra : rebase_source : 3dee871a4622b8ad84cca247dc9a9f3ceb3b4bd9
 2017-10-25 13:37:50 -05:00
J.C. Jones
eac42bd3b1 Bug 1411683 - Add "requirements.txt" for pycert.py r=keeler 
There are specific versions needed for security/manager/ssl/tests/unit/pycert.py,
so let's give PIP some installation help:

0.1.7 for pyasn1 and 0.0.5 for pyasn1_modules

(recent versions break pycert/pykey/pycms)

MozReview-Commit-ID: Fk98UPd8bJo

--HG--
extra : rebase_source : 79436d4e99cda1dca438015835fdfa83a78c4dc7
 2017-10-25 16:03:58 -05:00
Mark Goodwin
032fc16f72 Bug 1406856 - Re-plumb nsISSLStatus.idl to carry with it the whole nsIX509CertList r=jcj,keeler 
MozReview-Commit-ID: 2YDmCzqdm26

--HG--
extra : rebase_source : 5b1f345698948b193addfa9326b5a29f9572a411
 2017-10-26 17:52:11 +01:00
Sebastian Hengst
e434e03817 Backed out changeset 51eaba841505 (bug 1406856) for failing eslint at security/manager/ssl/tests/unit/head_psm.js:732:53 | Multiple spaces found before '='. r=backout 
--HG--
extra : amend_source : 46ecb5c0f3f8c682aa0eaf27e14527b516710903
 2017-10-28 12:49:09 +02:00
Mark Goodwin
63bf63249d Bug 1406856 - Re-plumb nsISSLStatus.idl to carry with it the whole nsIX509CertList r=keeler 
MozReview-Commit-ID: 2YDmCzqdm26

--HG--
extra : rebase_source : 7de06b44adbcfc3891555b4176663d20d4f96a1a
 2017-10-26 17:52:11 +01:00
Jed Davis
76b1bdf7de Bug 1408497 - Disallow inotify in sandboxed content processes. r=gcp 
MozReview-Commit-ID: nKyIvMNQAt

--HG--
extra : rebase_source : 5347e8da745d6f4a0cd4e81e76fe6b94d94eac30
 2017-10-25 13:35:47 -06:00
Jed Davis
5f10d1f416 Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp 
MozReview-Commit-ID: 4Q0XMWcxaAc

--HG--
extra : rebase_source : 6bd36df3155fc5cdda67720e313028a68e2f0901
 2017-10-25 13:08:26 -06:00
Jed Davis
fce1017953 Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 3svUgLLTZKL

--HG--
extra : rebase_source : 54623b48c65a1319905cab5aa520928681ec0023
 2017-10-25 12:43:13 -06:00
Jed Davis
160e1dcfe0 Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp 
MozReview-Commit-ID: JX81xpNBMIm

--HG--
extra : rebase_source : c7334f3e0b61b4fb4e0305cc6fc5d3173d08c032
 2017-10-25 16:38:20 -06:00
Jed Davis
b8aa6b6de9 Bug 1410241 - Don't call destructors on objects we use in the SIGSYS handler. r=gcp 
MozReview-Commit-ID: LAgORUSvDh9

--HG--
extra : rebase_source : b39836ebb7405202c60b075b30b48966ac644e71
 2017-10-25 17:58:22 -06:00
Jed Davis
aa4363afaa Bug 1410280 - Re-allow PR_GET_NAME for sandboxed content processes. r=gcp 
This prctl is used by PulseAudio; once bug 1394163 is resolved, allowing
it can be made conditional on the media.cubeb.sandbox pref.

MozReview-Commit-ID: 6jAM65V32vK

--HG--
extra : rebase_source : abb039aff7cefc0aa3b95f4574fdf1e3fb0d93a6
 2017-10-25 11:04:34 -06:00
Sebastian Hengst
d10e26c913 merge mozilla-central to mozilla-inbound. r=merge a=merge 2017-10-27 00:00:25 +02:00
ffxbld
7c460507ae No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update 2017-10-26 11:33:02 -07:00
ffxbld
13bc938b90 No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update 2017-10-26 11:32:58 -07:00
Phil Ringnalda
a173b09db6 Backed out changeset ccc0e72f2152 (bug 1403260) for hanging Mac browser-chrome in printing tests 
MozReview-Commit-ID: IZNT5Jh8nzB
 2017-10-25 23:00:17 -07:00
Haik Aftandilian
362316451f Bug 1403260 - [Mac] Remove access to print server from content process sandbox r=mconley 
MozReview-Commit-ID: Ia21je8TTIg

--HG--
extra : rebase_source : 656e9e3ac8d1fb741d46881458bb0b7fb402d688
 2017-10-22 23:02:58 -07:00
Sebastian Hengst
23c958dc39 Backed out 2 changesets (bug 1411683) for build bustage in security/manager/ssl/tests/gtest/CertListTest.cpp. r=backout on a CLOSED TREE 
Backed out changeset 9d579c7e46b9 (bug 1411683)
Backed out changeset 21a17ab8b0fc (bug 1411683)
 2017-10-27 23:53:55 +02:00
Sebastian Hengst
841ee307e6 merge mozilla-central to autoland. r=merge a=merge 2017-10-27 23:32:15 +02:00
J.C. Jones
de44bcbd15 Bug 1411683 - Add foreach and segment utility methods to nsNSSCertList r=keeler 
This adds two methods to nsNSSCertList: ForEachCertificateInChain, and
SegmentCertificateChain. The ForEach method calls a supplied function for each
certificate in the chain, one by one.

That method is then used by the Segment method, which (assuming the chain is
ordered) splits it into Root, End Entity, and everything in-between as a list of
Intermediates.

This patch does _not_ try to add these methods to the IDL, as it's not
straightforward to me on how to handle the nsCOMPtr or std::function arguments.

These methods will be first used by Bug 1409259.

MozReview-Commit-ID: 8qjwF3juLTr

--HG--
extra : rebase_source : 39e2e8530ac23c6b96eb73f406bca32a59bcccf5
 2017-10-25 13:37:50 -05:00
J.C. Jones
6594c2801b Bug 1411683 - Add "requirements.txt" for pycert.py r=keeler 
There are specific versions needed for security/manager/ssl/tests/unit/pycert.py,
so let's give PIP some installation help:

0.1.7 for pyasn1 and 0.0.5 for pyasn1_modules

(recent versions break pycert/pykey/pycms)

MozReview-Commit-ID: Fk98UPd8bJo

--HG--
extra : rebase_source : 79436d4e99cda1dca438015835fdfa83a78c4dc7
 2017-10-25 16:03:58 -05:00
Sebastian Hengst
443416f881 Merge mozilla-central to autoland. r=merge a=merge 2017-10-26 00:39:55 +02:00
ffxbld
f9617fb9bd No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-10-25 11:22:54 -07:00
ffxbld
769ad2d454 No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-10-25 11:22:50 -07:00
Chris Manchester
c86173526a Bug 1403346 - Replace all uses of ALLOW_COMPILER_WARNINGS with a template, remove ALLOW_COMPILER_WARNINGS. r=glandium 
MozReview-Commit-ID: 1G2o4fy74cf
 2017-10-25 15:12:09 -07:00
David Keeler
83ca10065e bug 1180826 - add support for sha256 digests in add-on signature manifests r=dveditz,jcj 
MozReview-Commit-ID: HTlm6esgPUx

--HG--
extra : rebase_source : 50f082dea0b2afb1e9099fb94364863a4d85543b
 2017-10-09 13:53:23 -07:00
Andrea Marchesini
ec610d5b7e Bug 1409329 - NS_NewBufferedOutputStream should take the ownership of the outputStream, r=smaug 2017-10-24 14:38:23 +02:00
Sebastian Hengst
af53b8aad8 merge mozilla-central to autoland. r=merge a=merge 2017-10-23 23:52:54 +02:00
Sebastian Hengst
0021c0caf6 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 4FPQxtXkXoF
 2017-10-23 23:48:36 +02:00
ffxbld
9224f75aad No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update 2017-10-23 11:21:33 -07:00
ffxbld
8322ac2945 No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update 2017-10-23 11:21:30 -07:00
ffxbld
6a17c316ba No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-10-22 11:23:23 -07:00
ffxbld
eabd4bce16 No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-10-22 11:23:19 -07:00
ffxbld
3f2fe4b3fa No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update 2017-10-22 11:10:23 -07:00
ffxbld
cc6a84456b No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update 2017-10-22 11:10:20 -07:00
Sebastian Hengst
fc5faa6d80 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: DmqQMMkwBYJ
 2017-10-22 11:33:04 +02:00
ffxbld
198fe54503 No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update 2017-10-21 11:24:10 -07:00
ffxbld
3aeaefef0b No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update 2017-10-21 11:24:06 -07:00
ffxbld
7f7b3b43f6 No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update 2017-10-20 22:50:42 -07:00
ffxbld
a84b3aab6c No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update 2017-10-20 22:50:38 -07:00
Sebastian Hengst
7e9a8a9bc9 merge mozilla-central to autoland. r=merge a=merge 2017-10-21 11:00:23 +02:00
David Keeler
3961574fa2 bug 1381154 - remove smartcard monitoring threads r=jcj,mgoodwin 
Modified from bug 1248818 comment 11:
Before this patch, if a user had a smart card (PKCS#11 device) with removable
slots, Firefox would launch a thread for each module and loop, calling
SECMOD_WaitForAnyTokenEvent to be alerted to any insertions/removals. At
shutdown, we would call SECMOD_CancelWait, which would cancel any waiting
threads. However, since that involved calling 3rd party code, we really had no
idea if these modules were behaving correctly (and, indeed, they often weren't,
judging by the shutdown crashes we were getting).
The real solution is to stop relying on PKCS#11, but since that's unlikely in
the near future, the next best thing would be to load these modules in a child
process. That way, misbehaving modules don't cause Firefox to hang/crash/etc.
That's a lot of engineering work, though, so what this patch does is avoids the
issue by never calling SECMOD_WaitForAnyTokenEvent (and thus we never have to
call SECMOD_CancelWait, etc.). Instead, every time Firefox performs an operation
that may be affected by a newly added or removed smart card, it first has NSS
refresh its view of any removable slots. This is similar to how we ensure the
loadable roots module has been loaded (see bug 1372656).

MozReview-Commit-ID: JpmLdV7Vvor

--HG--
extra : rebase_source : d3503d19fa9297106d661a017a38c30969fa39b4
 2017-09-28 14:27:21 -07:00
Masatoshi Kimura
dbd92543c6 Bug 1313150 - Remove |weak| parameter from nsIMutableArray methods. r=froydnj 
MozReview-Commit-ID: 7JoD4VYzZp3

--HG--
extra : rebase_source : 5db437f1c34608aa223916874d62b48c59baeae8
 2017-10-21 23:53:02 +09:00
Tom Ritter
387fbfc8b6 Bug 1406736 Match MinGW's macro so we declare gmtime_r under MinGW too r=froydnj 
MozReview-Commit-ID: 2U2ToeyVUUt

--HG--
extra : rebase_source : a4ebd43f4529cc6b815f5bb849021a994dda959f
 2017-10-09 00:18:19 -05:00
Sebastian Hengst
2592ce224a merge mozilla-central to autoland. r=merge a=merge 2017-10-20 11:45:03 +02:00
Sebastian Hengst
bc6dddb88b merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: BY4c5BIOF81
 2017-10-20 11:37:54 +02:00
ffxbld
dec4e39e21 No bug, Automated HPKP preload list update from host bld-linux64-spot-326 - a=hpkp-update 2017-10-19 22:45:36 -07:00
ffxbld
e46be631b4 No bug, Automated HSTS preload list update from host bld-linux64-spot-326 - a=hsts-update 2017-10-19 22:45:32 -07:00
ffxbld
1c4da216e0 No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-10-19 10:44:01 -07:00
ffxbld
e93bac77bf No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-10-19 10:43:57 -07:00
Sebastian Hengst
bf793df477 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: HasKw28SN45
 2017-10-19 11:26:22 +02:00
ffxbld
161b9f45ac No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-18 23:02:08 -07:00
ffxbld
9e31463fe9 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-18 23:02:04 -07:00
Ryan VanderMeulen
cb612851ed Merge inbound to m-c. a=merge 2017-10-18 21:01:34 -04:00
Sebastian Hengst
3e8ed7e2b5 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: D8YSuNsBw9o
 2017-10-19 00:04:37 +02:00
ffxbld
d0448c9700 No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-10-18 10:44:21 -07:00
ffxbld
e71bbf3687 No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-10-18 10:44:17 -07:00
Sebastian Hengst
73dd633569 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JvxL3r663v
 2017-10-18 11:42:41 +02:00
ffxbld
ef0a21cfb7 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-17 22:48:33 -07:00
ffxbld
618a00c142 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-17 22:48:30 -07:00
Nicholas Nethercote
78030c0e7b Bug 1409598 - Change nsIXPCScriptable::className and nsIClassInfo::{contractID,classDescription} from string to AUTF8String. r=froydnj. 
This lets us replace moz_xstrdup() of string literals with AssignLiteral(),
among other improvements.

--HG--
extra : rebase_source : 9994d8ccb4f196cf63564b0dac2ae6c4370defb4
 2017-10-18 13:17:26 +11:00
ffxbld
dca019c94b No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update 2017-10-17 10:44:24 -07:00
ffxbld
64dcdb175e No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update 2017-10-17 10:44:21 -07:00
Sebastian Hengst
32f7c8fec3 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 1h3kZyrtqSt
 2017-10-17 11:45:16 +02:00
Sebastian Hengst
af89102d41 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JRsSap6SwOZ
 2017-10-17 11:42:24 +02:00
ffxbld
0498069c9a No bug, Automated HPKP preload list update from host bld-linux64-spot-315 - a=hpkp-update 2017-10-16 23:06:00 -07:00
ffxbld
962f3aa143 No bug, Automated HSTS preload list update from host bld-linux64-spot-315 - a=hsts-update 2017-10-16 23:05:56 -07:00
ffxbld
e5bbda30b9 No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-10-15 22:50:12 -07:00
ffxbld
28ef948b68 No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update 2017-10-15 22:50:09 -07:00
ffxbld
40b456626e No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-10-15 10:33:36 -07:00
ffxbld
93cacab1f5 No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-10-15 10:33:33 -07:00
ffxbld
39f4a652d1 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-14 22:59:04 -07:00
ffxbld
0c0219f6c4 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-14 22:59:01 -07:00
ffxbld
01970ed92d No bug, Automated HPKP preload list update from host bld-linux64-spot-327 - a=hpkp-update 2017-10-14 10:38:55 -07:00
ffxbld
957ff16de8 No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update 2017-10-14 10:38:51 -07:00
ffxbld
b864294e1e No bug, Automated HPKP preload list update from host bld-linux64-spot-329 - a=hpkp-update 2017-10-13 23:34:33 -07:00
ffxbld
36c79a8634 No bug, Automated HSTS preload list update from host bld-linux64-spot-329 - a=hsts-update 2017-10-13 23:34:30 -07:00
Sebastian Hengst
24583b9443 merge mozilla-central to autoland. r=merge a=merge 2017-10-20 01:08:09 +02:00
ffxbld
471e3a93c9 No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2017-10-13 10:47:02 -07:00