Commit Graph

9735 Commits

Author SHA1 Message Date
Bob Owen
77826e3c4a Bug 1171796: Add sandbox rule for child process NSPR log file on Windows. r=bbondy
This also moves the initialization of the sandbox TargetServices to earlier in
plugin-container.cpp content_process_main, because it needs to happen before
xul.dll loads.
2015-07-30 10:04:42 +01:00
David Keeler
b49becac5d bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin 2015-06-17 16:02:08 -07:00
Bobby Holley
97b9240b34 Bug 1188696 - Hoist nsRefPtr.h into MFBT. r=froydnj 2015-07-29 10:44:59 -07:00
Douglas Bagnall
5cea0a9df6 Bug 1046421 - Do not disclose the system hostname via NTLM handler. r=honzab
The hostname here is matched on the AD DC to the userWorkstations
attribute, however this is on a total trust basis in terms of what the
client specifies here.

The impact of this patch is that a user who is restricted by this
attribute to log on to only certain (Windows, in reality)
workstations, may not be able to perform a manual NTLM logon to an
intranet site, unless they set network.generic-ntlm-auth.workstation
to the name of their workstation (actually, any host in that list).

The default value is set to WORKSTATION.

This patch was originally written by Andrew Bartlett, and modified by
Douglas Bagnall following review feedback from Honza Bambas and Tim
Brown.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2015-07-24 13:36:11 +12:00
David Keeler
1b1d908d0f bug 1187029 - convert test_bug480509.html to an xpcshell test r=jcj 2015-07-23 13:31:45 -07:00
Steven Michaud
265ad075b1 Bug 1175881 - about:sync-log can't read files on OS X with e10s on and content process sandbox enabled. r=areinald 2015-07-28 12:09:34 -05:00
David Keeler
3a4c2d822a bug 1179660 - define 'now' as the first second of the current year for pycert r=Cykesiopka
This is to avoid a dependency on the buildid so we don't have to
regenerate all of the test certificate with every ./mach build.
This can cause problems very near midnight on New Year's Eve.
If this happens, kick off a new build and get back to the party.
2015-07-15 16:20:54 -07:00
Xidorn Quan
cec576a922 Bug 1187173 - Disable warning C4623 on security/certverifier. r=briansmith
--HG--
extra : source : 9f3acfedff8cf4a26266bb578dc69727e799c0cf
extra : amend_source : cb1d0a6e8c6d9199429159cb9a20484f5aa95b8d
2015-07-24 13:38:12 +10:00
Jed Davis
315c4ad9c2 Bug 1186709 - Remove MOZ_IMPLICIT from security/sandbox/chromium. r=bobowen 2015-07-23 08:28:00 -04:00
Jed Davis
39f6ab2a28 Bug 1157864 - Record chromium patch applied in previous commit. r=me 2015-07-22 15:48:49 -07:00
Felix Janda
acfe5cf4cf Bug 1157864 - chromium sandbox: Fix compilation for systems without <sys/cdefs.h>. r=jld 2015-02-05 22:41:38 +01:00
Masatoshi Kimura
0e28f550d3 Bug 1181562 - Update fallback whitelist. r=keeler 2015-07-22 20:35:26 +09:00
Nicholas Nethercote
1ac7d5d5b1 Bug 1182959 (part 5) - Use nsTHashtable::Iterator in nsCertOverrideService. r=honzab.
--HG--
extra : rebase_source : c36d0f9e4a2242a934e2848b6f977f33d6ac76cc
2015-07-20 17:12:03 -07:00
Nicholas Nethercote
746d9d6e0a Bug 1182959 (part 4) - Remove BlocklistSaveInfo. r=honzab.
--HG--
extra : rebase_source : c46e23885d97ef05504db32e0fd8cae05b55232a
2015-07-20 17:12:03 -07:00
Nicholas Nethercote
6ceff73a0f Bug 1182959 (part 3) - Use nsTHashtable::Iterator in CertBlockList. r=honzab.
--HG--
extra : rebase_source : 4df2d9845e7a04c11bc6076ea7844fba7b5ca3a9
2015-07-20 17:12:03 -07:00
Nicholas Nethercote
e0bd2455c1 Bug 1182959 (part 2) - Use nsTHashtable::Iterator in CertBlockList. r=honzab.
--HG--
extra : rebase_source : f2b69832a8f789919db84706591e96bcf4bd0a1d
2015-07-20 17:12:03 -07:00
Nicholas Nethercote
489123be0f Bug 1182959 (part 1) - Use nsTHashtable::Iterator in CertBlockList. r=honzab.
--HG--
extra : rebase_source : cdef0d25cd3dcc63313ab391c0c7fe37d048eb1a
2015-07-20 17:12:03 -07:00
Jed Davis
fc9b22c883 Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=gdestuynder r=glandium
This gives us a logging macro that's safe to use in async signal context
(cf. bug 1046210, where we needed this and didn't have it).

This patch also changes one of the format strings to work with
SafeSPrintf's format string dialect; upstream would probably take a
patch to handle those letters, but this is easier.
2015-07-09 12:09:00 +02:00
Jed Davis
06bdcaaa33 Bug 1181704 - Import chromium SafeSPrintf. r=bobowen
This also imports the unit tests but doesn't arrange to run them.
Including the tests in our xul-gtest is possible but not trivial: there
are logging dependencies, and they use a different #include path for
gtest.h (which we'd need to patch).

Upstream revision: df7cc6c04725630dd4460f29d858a77507343b24.
2015-07-09 12:04:00 +02:00
David Keeler
b0d4abd2b1 bug 1178988 - GenerateOCSPResponse: load certs/keys in two phases r=Cykesiopka
This was initially done to work around a readdir-related bug in the B2G ICS
emulator, but then it turned out that test_ocsp_url.js still fails in ways that
are unreproducible outside of mozilla-inbound on that platform, so it was
disabled (r=sworkman). It's still a good idea, though, to avoid any potential
future issues with readdir not being reentrant.
2015-07-15 14:12:02 -07:00
David Keeler
fd5e8893a4 bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka
Also enable loading of certificates and private keys into GenerateOCSPResponse
2015-06-04 17:03:48 -07:00
David Keeler
3999edd791 bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin 2015-06-30 14:35:42 -07:00
Ryan VanderMeulen
1c6931cc67 Merge m-c to inbound. a=merge 2015-07-19 22:38:28 -04:00
Benjamin Peterson
2751f97bb3 no bug - fix typo and grammar in comment r=me DONTBUILD 2015-07-19 18:07:43 -07:00
ffxbld
3267aeb6a8 No bug, Automated HPKP preload list update from host bld-linux64-spot-135 - a=hpkp-update 2015-07-18 03:35:51 -07:00
ffxbld
f12b366895 No bug, Automated HSTS preload list update from host bld-linux64-spot-135 - a=hsts-update 2015-07-18 03:35:49 -07:00
Mark Goodwin
4ba2d72200 Bug 1183822 - Add an OCSP test for signers with SHA-1 certificates (r=keeler) 2015-07-17 17:07:50 +01:00
Mark Goodwin
fce204e0e0 Bug 1183822 - fix OCSP verification failures (r=keeler)
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
2015-07-17 17:07:48 +01:00
Mark Goodwin
30d8779d49 Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka) 2015-07-17 17:07:47 +01:00
Wes Kocher
b9baa34b08 Backed out 3 changesets (bug 1178988) for ocsp orange CLOSED TREE
Backed out changeset 7fb6a9114916 (bug 1178988)
Backed out changeset 2700ec4adc3e (bug 1178988)
Backed out changeset 07b9c2331ac1 (bug 1178988)
2015-07-17 17:49:46 -07:00
Mark Goodwin
806731fbb7 Backed out changeset ec1b5a7d05e9 (bug 1183065) 2015-07-17 10:37:00 +01:00
Mark Goodwin
c7285efe5a Backed out changeset fb6cbb4ada54 (bug 1183822) 2015-07-17 10:36:58 +01:00
Mark Goodwin
e2ee16093c Backed out changeset f324dcfaab40 (bug 1183822) 2015-07-17 10:36:56 +01:00
Mark Goodwin
e57ac71ec4 Bug 1183822 - Add an OCSP test for signers with SHA-1 certificates (r=keeler) 2015-07-17 10:04:17 +01:00
Mark Goodwin
0bfd3046ed Bug 1183822 - fix OCSP verification failures (r=keeler)
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
2015-07-17 10:03:56 +01:00
Mark Goodwin
810c972b95 Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka) 2015-07-17 10:03:21 +01:00
David Keeler
da7508611c bug 1178988 - work around PR_ReadDir bug on B2G ICS emulator by loading certs/keys in two phases r=Cykesiopka 2015-07-15 14:12:02 -07:00
David Keeler
9e28b0964f bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka
Also enable loading of certificates and private keys into GenerateOCSPResponse
2015-06-04 17:03:48 -07:00
David Keeler
9b96df5045 bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin 2015-06-30 14:35:42 -07:00
Cykesiopka
7bb4919849 Bug 1179678 - Add result strings to misc PSM xpcshell tests. r=keeler 2015-07-14 23:19:00 +02:00
Wes Kocher
c00da5ced5 Backed out 2 changesets (bug 1181704) for static build bustage CLOSED TREE
Backed out changeset fbf7aca43c3a (bug 1181704)
Backed out changeset 8864c0587ced (bug 1181704)
2015-07-13 16:51:17 -07:00
Jed Davis
60984b0ab1 Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=kang r=glandium
This gives us a logging macro that's safe to use in async signal context
(cf. bug 1046210, where we needed this and didn't have it).

This patch also changes one of the format strings to work with
SafeSPrintf's format string dialect; upstream would probably take a
patch to handle those letters, but this is easier.
2015-07-13 16:17:58 -07:00
Jed Davis
c5ffe92d42 Bug 1181704 - Import chromium SafeSPrintf. r=bobowen
This does not include the upstream unit tests.  Including the tests
in our xul-gtest is possible but not trivial: there are logging
dependencies, and they use a different #include path for gtest.h (which
we'd need to patch).

Upstream revision: df7cc6c04725630dd4460f29d858a77507343b24.
2015-07-13 16:17:58 -07:00
Birunthan Mohanathas
a8939590de Bug 1182996 - Fix and add missing namespace comments. rs=ehsan
The bulk of this commit was generated by running:

  run-clang-tidy.py \
    -checks='-*,llvm-namespace-comment' \
    -header-filter=^/.../mozilla-central/.* \
    -fix
2015-07-13 08:25:42 -07:00
Carsten "Tomcat" Book
4a67c881e4 merge mozilla-inbound to mozilla-central a=merge 2015-07-13 11:51:14 +02:00
ffxbld
e2ec40e62a No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update 2015-07-11 03:33:38 -07:00
ffxbld
f596fa8330 No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update 2015-07-11 03:33:36 -07:00
David Keeler
72c6934fcc bug 1181376 - convert test_bug480619.html to an xpcshell test r=mgoodwin
--HG--
rename : security/manager/ssl/tests/mochitest/bugs/test_bug480619.html => security/manager/ssl/tests/unit/test_logoutAndTeardown.js
2015-07-07 16:09:56 -07:00
Geoff Brown
52d4e225a0 Bug 1026290 - Update mochitest-chrome manifests for android; r=jgriffin 2015-07-10 14:41:59 -06:00
Mark Goodwin
98a776cea1 Bug 1159155 - Add telemetry probe for SHA-1 usage - some tests (r=keeler) 2015-07-09 07:22:32 +01:00