Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-21 01:05:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
407,733 Commits 615 Branches 98 Tags 5.9 GiB
6b5ad1ac1f
Commit Graph

9346 Commits

Author SHA1 Message Date
Carsten "Tomcat" Book
cf57e57455 merge mozilla-inbound to mozilla-central a=merge 2014-12-08 12:48:58 +01:00
ffxbld
15713eb9bb No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update 2014-12-06 03:20:43 -08:00
ffxbld
6e96f60fd3 No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update 2014-12-06 03:20:41 -08:00
Cykesiopka
83c04b6586 Bug 1085074 - Part 3 - Update inadequately sized Delegated Signer cert. r=briansmith 2014-12-07 20:42:00 +01:00
Cykesiopka
ee0a49c7ee Bug 1085074 - Part 2 - Use explicit bit sizes for key size cert file names. r=briansmith 2014-12-07 20:41:00 +01:00
Cykesiopka
b42aa85de9 Bug 1085074 - Part 1 - Use adequate/OK and inadequate/notOK to refer to sizes for key size tests. r=briansmith 2014-12-07 20:23:00 +01:00
David Keeler
d9a62a4cc2 bug 1020237 - follow-up to fix build bustage r=bustage on a CLOSED TREE 2014-12-05 10:12:58 -08:00
David Keeler
d97c7ea664 bug 1020237 - prefer root certificates to non-root certificates in NSSCertDBTrustDomain::FindIssuer r=briansmith 2014-12-04 13:37:01 -08:00
Brian Smith
fc17106cf0 Bug 970542, Part 9: Better document name constraints as reference IDs, r=keeler 
--HG--
extra : rebase_source : 60413188771454081226d58d03156c15ce795ca7
 2014-10-26 11:26:26 -07:00
Brian Smith
65284e98f6 Bug 970542, Part 8: IPAddress name constraint tests, r=keeler 
--HG--
extra : rebase_source : e8cc0158248d4621da19dfef56089957af417f73
 2014-10-26 16:57:00 -07:00
Brian Smith
5fac205908 Bug 970542, Part 7: More CN-ID name constraint tests, r=keeler 
--HG--
extra : rebase_source : 7a3d1d31cdc08ea1b989428cfc85f60a00528c72
 2014-12-03 21:35:29 -08:00
Brian Smith
ac1c16b716 Bug 970542, Part 6: DNSName name constraint tests, r=keeler 
--HG--
extra : rebase_source : ec31862fc25cfcba1454ae862a26e7a27513e9b6
 2014-10-19 23:53:45 -07:00
Brian Smith
7dd909b9e5 Bug 970542, Part 5: New name constraint implementation, r=keeler, r=mmc 
--HG--
extra : rebase_source : 849161ac892b05e5ff2d5552c632fc647d309085
 2014-10-18 15:38:42 -07:00
Brian Smith
2e28de4900 Bug 970542, Part 4: DirectoryName name constraint matching, r=keeler 
--HG--
extra : rebase_source : 01770088851823ae1005227dcd43d82d015f4b0e
 2014-10-18 14:51:37 -07:00
Brian Smith
39a86a3659 Bug 970542, Part 3: IPAddress name constraint matching, r=keeler 
--HG--
extra : rebase_source : f47ef9ead3323704595b91873811d1ead2403839
 2014-10-17 13:02:26 -07:00
Brian Smith
8b38009a34 Bug 970542, Part 2: DNSName name constraint matching, r=keeler 
--HG--
extra : rebase_source : 50b1a7d5d9da97cc64e09d5e6cdc41b8200c3551
 2014-10-20 22:20:58 -07:00
Brian Smith
8d8b1cf373 Bug 970542, Part 1: Refactor name matching within CN AVAs to reduce duplicate logic, r=keeler 
--HG--
extra : rebase_source : f129b24c58377f34ac7d80ee7d5e8775635843ff
 2014-10-16 16:44:27 -07:00
Steven Michaud
08c8931f01 Bug 1083284 - New sandbox rules for Adobe's code fragment. r=areinald 2014-12-08 12:10:14 -06:00
Bob Owen
e4d5592832 Bug 1105729: Pre VS2010 SP1 define our own verion of _xgetbv. r=tabraldes 2014-11-28 18:58:33 +00:00
Cykesiopka
8f08848fe0 Bug 1009158 - Fix and re-enable PSM xpcshell tests that would previously time out on Android due to LD_LIBRARY_PATH issues. r=keeler 2014-12-03 09:15:00 +01:00
Masatoshi Kimura
629560ff5f Bug 1102632 - Stop triggering non-secure fallback for SSL_ERROR_UNSUPPORTED_VERSION. r=keeler 2014-12-02 20:33:24 +09:00
Kai Engert
c82a68a468 Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.17.3, changing version numbers, only. 2014-12-01 14:34:08 +01:00
Jan Beich
296c205c71 Bug 1105851 - Unbreak non-unified non-SPS build after 1054498. r=jcj 2014-11-30 21:27:45 +01:00
Bob Owen
986cd576ef Bug 1094667: Use the USER_NON_ADMIN access token by default for the Windows content sandbox. r=tabraldes 2014-11-29 17:12:18 +00:00
Bob Owen
ba7a2fa911 Bug 928044 Part 3: Add logging changes back into the Chromium interception code. r=tabraldes 2014-11-29 17:12:18 +00:00
Bob Owen
b539721eb8 Bug 928044 Part 2: Enable the content sandbox by default on Windows with an open policy. r=tabraldes,glandium,jimm 
--HG--
rename : security/sandbox/win/src/warnonlysandbox/wosCallbacks.h => security/sandbox/win/src/logging/loggingCallbacks.h
rename : security/sandbox/win/src/warnonlysandbox/wosTypes.h => security/sandbox/win/src/logging/loggingTypes.h
rename : security/sandbox/win/src/warnonlysandbox/warnOnlySandbox.cpp => security/sandbox/win/src/logging/sandboxLogging.cpp
rename : security/sandbox/win/src/warnonlysandbox/warnOnlySandbox.h => security/sandbox/win/src/logging/sandboxLogging.h
 2014-11-29 17:12:18 +00:00
Bob Owen
888a5871f3 Bug 928044 Part 1: Remove Chromium interception logging changes. r=tabraldes 2014-11-29 17:12:17 +00:00
ffxbld
40b044ec36 No bug, Automated HPKP preload list update from host b-linux64-ix-0005 - a=hpkp-update 2014-11-29 03:19:59 -08:00
ffxbld
08ee5c96d7 No bug, Automated HSTS preload list update from host b-linux64-ix-0005 - a=hsts-update 2014-11-29 03:19:56 -08:00
Kai Engert
ea326643ff Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18, land beta 4 which backs out bug 1073330 2014-11-28 07:56:26 +01:00
Carsten "Tomcat" Book
4155be994b Backed out changeset 761071f57ab6 (bug 1024809) for emulator ics bustage 2014-11-27 16:30:41 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
ce5a887c60 Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler,Unfocused 2014-11-27 04:12:00 +01:00
Masatoshi Kimura
d7c9eae1c7 Bug 1092998 - Followup to address review comments. r=keeler 2014-11-27 21:39:33 +09:00
Bob Owen
c0ebc7a31b Bug 1027902: Use an intial integrity level of low for the GMP sandbox on Windows. r=tabraldes 2014-11-27 08:44:45 +00:00
Blake Kaplan
e4c077f303 Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-26 14:28:28 -08:00
Masatoshi Kimura
8277eea9e9 Bug 1092998 - Deal with "cipher mismatch intolerant" servers. r=keeler 2014-11-27 07:19:11 +09:00
Rob Stradling
8313a4cfa7 bug 1104109 - follow-up to fix new EV OID description strings (they need to match if the OIDs are the same) r=keeler 2014-11-26 11:28:17 -08:00
Bob Owen
2a1adf9b3e Bug 1041775 Part 3: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes 
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389
 2014-11-18 15:11:47 +00:00
Bob Owen
44cdc5f024 Bug 1041775 Part 2: Re-apply warn only sandbox changes to Chromium code after merge. r=tabraldes 
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
https://hg.mozilla.org/mozilla-central/rev/8d0aca89e1b2
 2014-11-18 15:09:55 +00:00
Bob Owen
ba0931eb1d Bug 1041775 Part 1: Update Chromium sandbox code to commit 9522fad406dd161400daa518075828e47bd47f60. r=jld,aklotz,glandium 
--HG--
rename : security/sandbox/chromium/sandbox/linux/sandbox_export.h => security/sandbox/chromium/sandbox/sandbox_export.h
 2014-11-18 13:48:21 +00:00
Cykesiopka
d7fafcac42 Bug 1103336 - Fix and re-enable PSM xpcshell tests that don't use add_tls_server_setup() on Android. r=dkeeler 2014-11-22 00:08:00 +01:00
J.C. Jones
fa8441a0a9 Bug 1104109 - December 2014 batch of EV root CA Changes. r=keeler 2014-11-24 16:36:00 +01:00
Richard Barnes
3134cd4342 Bug 968817 - Only accept certs for server TLS which use EKU (and which assert the TLS Server Authentication EKU) r=keeler 2014-11-24 20:33:50 -05:00
Jed Davis
1b16fc180f Bug 1101170 - Move Linux sandbox code into plugin-container on desktop. r=kang r=glandium 
Specifically:
* SandboxCrash() uses internal Gecko interfaces, so stays in libxul.
* SandboxInfo moves to libxul from libmozsandbox, which no longer exists.
* Where libxul calls Set*Sandbox(), it uses weak symbols.
* Everything remains as it was on mobile.
 2014-11-24 15:22:13 -08:00
Jed Davis
2fdd7150c1 Bug 1101170 - Move sandbox status info into a separate module. r=kang r=glandium 
This changes the interface so that the code which determines the flags
can live in one place, but checking the flags doesn't need to call into
another library.

Also removes the no-op wrappers for Set*Sandbox when disabled at build
time; nothing used them, one of them was unusable due to having the wrong
type, and all they really accomplish is allowing sloppiness with ifdefs
(which could hide actual mistakes).
 2014-11-24 15:22:13 -08:00
Richard Barnes
a5cf3d5e45 Bug 1088255 - Collect telemetry on CAs that appear in valid cert chains r=keeler 2014-11-07 16:26:46 -05:00
Carsten "Tomcat" Book
972242692b merge mozilla-inbound to mozilla-central a=merge 2014-11-24 13:30:23 +01:00
ffxbld
5e4279519a No bug, Automated HPKP preload list update from host bld-linux64-spot-132 - a=hpkp-update 2014-11-22 03:19:44 -08:00
ffxbld
8733524dee No bug, Automated HSTS preload list update from host bld-linux64-spot-132 - a=hsts-update 2014-11-22 03:19:41 -08:00
Kai Engert
6aea7c3edf Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18 - NSS_3_18_BETA3, r=wtc 2014-11-20 20:29:15 +01:00
Carsten "Tomcat" Book
9401e46090 Backed out changeset 1aebb84c8af1 (bug 1041775) for Windows 8 PGO Build Bustage on a CLOSED TREE 
--HG--
rename : security/sandbox/chromium/sandbox/sandbox_export.h => security/sandbox/chromium/sandbox/linux/sandbox_export.h
 2014-11-20 16:11:56 +01:00
Carsten "Tomcat" Book
345b36dfd5 Backed out changeset ec63befb3ad7 (bug 1041775) 2014-11-20 16:11:12 +01:00
Carsten "Tomcat" Book
0100273df4 Backed out changeset ebe866ff8a44 (bug 1041775) 2014-11-20 16:11:06 +01:00
David Keeler
3cd3e496aa bug 1079436 - fix validThrough as returned by VerifyEncodedOCSPResponse r=briansmith 
validThrough should now be the time through which, if passed in as the given
time to validate an OCSP response at, VerifyEncodedOCSPResponse will still
consider it trustworthy. After that time, it will be expired. This makes it
so the OCSP cache compares validity period responses consistently with
mozilla::pkix.
 2014-11-21 10:43:43 -08:00
Bob Owen
e5b2da099b Bug 1041775 Part 3: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes 
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389
 2014-11-18 15:11:47 +00:00
Bob Owen
9559e348ee Bug 1041775 Part 2: Re-apply warn only sandbox changes to Chromium code after merge. r=tabraldes 
Originally landed as changsets:
https://hg.mozilla.org/mozilla-central/rev/e7eef85c1b0a
https://hg.mozilla.org/mozilla-central/rev/8d0aca89e1b2
 2014-11-18 15:09:55 +00:00
Bob Owen
af79dfc438 Bug 1041775 Part 1: Update Chromium sandbox code to commit 9522fad406dd161400daa518075828e47bd47f60. r=jld,aklotz 
--HG--
rename : security/sandbox/chromium/sandbox/linux/sandbox_export.h => security/sandbox/chromium/sandbox/sandbox_export.h
 2014-11-18 13:48:21 +00:00
David Keeler
ab80d0c717 bug 1091232 - update PSM data structures that are affected by root CA changes r=mmc 2014-11-18 16:41:18 -08:00
Cykesiopka
7531911bed Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler 2014-11-17 21:12:00 +01:00
Monica Chew
419fa97eb6 Bug 1092606: Filter out duplicate pinsets as well as domains (r=keeler) 2014-11-17 12:54:42 -08:00
Kai Engert
63ef926a61 Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18 - NSS_3_18_BETA2 2014-11-17 14:57:45 +01:00
Cykesiopka
ff26474af6 Bug 1084606 - Allow overrides for MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE. r=dkeeler 2014-11-11 00:59:00 +01:00
Gregory Szorc
17920b30c8 Merge inbound to m-c; a=merge 
--HG--
extra : amend_source : 2e89bf359e356566aee6b04bb864979539e1c90d
 2014-11-15 13:57:08 -08:00
ffxbld
4bccbd33d3 No bug, Automated HPKP preload list update from host b-linux64-ix-0011 - a=hpkp-update 2014-11-15 03:21:19 -08:00
ffxbld
1ffd463d9d No bug, Automated HSTS preload list update from host b-linux64-ix-0011 - a=hsts-update 2014-11-15 03:21:16 -08:00
David Keeler
ceaa910cc6 bug 940994 - follow-up to fix some issues that were missed in review r=mmc 2014-11-14 16:46:23 -08:00
Monica Chew
f991b325aa Bug 1098288: Enable pinning on spideroak (r=keeler) 2014-11-14 11:17:40 -08:00
Masatoshi Kimura
6887042777 Bug 1094495 - Disable C4480 in security/pkix. r=keeler 2014-11-12 07:41:42 +09:00
Cykesiopka
36057e75f9 Bug 1057035 - Fix terminology used in the certificate exception dialog. r=keeler 2014-10-27 21:06:00 -04:00
Masatoshi Kimura
6a185fd3d7 Bug 1093595 - Change strings to add a description about weak encryption. r=dolske 2014-11-11 07:29:44 +09:00
Masatoshi Kimura
9a7fd683bc Bug 1093595 - Treat SSL3 and RC4 as broken. r=keeler 2014-11-11 07:29:44 +09:00
Carsten "Tomcat" Book
2f5bf545b6 merge mozilla-inbound to mozilla-central a=merge 2014-11-10 14:24:51 +01:00
ffxbld
c53adb3b3f No bug, Automated HPKP preload list update from host bld-linux64-spot-144 - a=hpkp-update 2014-11-08 03:20:20 -08:00
ffxbld
52c804c4de No bug, Automated HSTS preload list update from host bld-linux64-spot-144 - a=hsts-update 2014-11-08 03:20:17 -08:00
Monica Chew
a89f219bef Bug 1030135: Promote pin for services.mozilla.com to production mode (r=keeler) 2014-11-07 12:00:50 -08:00
Shashank Sabniveesu
cfb6b6200c Bug 940994 - Adding '.p7b' to 'known file types' list of 'Certificate Manager'. r=keeler 2014-10-07 14:30:00 +02:00
Chris Peterson
ba22404db5 Bug 1095926 - Fix -Wcomment warning in OCSP test and mark some OCSP tests as FAIL_ON_WARNINGS. r=briansmith 2014-10-11 20:13:45 -07:00
Michael Ratcliffe
926bf1ca5d Bug 1090913 - Make mochitests fail when it has 0 passes and 0 fails r=jmaher 2014-11-05 16:00:52 +00:00
Jed Davis
59573e5f85 Bug 1077057 - Expose Linux sandboxing information to JS via nsSystemInfo. r=kang r=froydnj 
This adds "hasSeccompBPF" for seccomp-bpf support; other "has" keys
will be added in the future (e.g., user namespaces).

This also adds "canSandboxContent" and "canSandboxMedia", which are
absent if the corresponding type of sandboxing isn't enabled at build
type (or is disabled with environment variables), and otherwise present
as a boolean indicating whether that type of sandboxing is supported.
Currently this is always the same as hasSeccompBPF, but that could change
in the future.

Some changes have been made to the "mozilla/Sandbox.h" interface to
support this; the idea is that the MOZ_DISABLE_*_SANDBOX environment
variables should be equivalent to disabling MOZ_*_SANDBOX at build time.
 2014-11-06 13:11:00 +01:00
David Keeler
fc748d0372 bug 1039642 - follow-up to fix non-unified build bustage (missing include and namespace) r=bustage a=metered 2014-11-06 14:23:21 -08:00
David Keeler
1218b5626e bug 1039642 - clean up the implementation of nsPkcs11 for style and safety r=jcj r=mmc a=metered 2014-11-05 14:05:46 -08:00
David Keeler
25ee944cea bug 1039642 - test that smart card events are no longer emitted after removing a PKCS#11 module r=jcj r=mmc a=metered 
--HG--
rename : security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js => security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
 2014-11-05 13:54:21 -08:00
David Keeler
2a4f463dac bug 1039642 - stop PKCS#11 module threads before deleting them r=jcj r=mmc a=metered 2014-11-05 13:53:28 -08:00
Jed Davis
e6ede214a5 Bug 1093893 - Fix B2G sandbox for ICS Bionic pthread_kill(). r=kang 2014-11-06 11:04:14 -08:00
Chris Peterson
312462d737 Bug 1092710 - Fix -Wunused-const-variable warning-as-error in non-unified security/certverifier. r=keeler 
--HG--
extra : rebase_source : c13f7e565c8459263191f9bb16d4221b6f163443
 2014-11-01 12:14:41 -07:00
Dragana Damjanovic
78d081c21d Bug 1087213 - Implenent bind function in nsNSSIOLayer. r=honza 2014-10-22 02:06:00 +02:00
Monica Chew
d68cf9f6e1 Bug 1004781: Remove unnecessary cert for facebook (r=keeler) 2014-11-04 10:54:26 -08:00
Monica Chew
eeb4a7f756 Bug 1092606: Don't import Chromium pinsets for domains that are already in our list (r=keeler,jcj) 2014-11-04 10:53:52 -08:00
David Keeler
98fef4165e bug 1079658 - follow-up bustage fix (unnecessary multi-line C++-style comment) r=bustage on a CLOSED TREE 2014-11-03 13:48:48 -08:00
David Keeler
cd0d5fbdc0 bug 1079658 - check for the id-pkix-ocsp-nocheck extension when decoding certificates r=briansmith 2014-11-03 11:35:15 -08:00
Bob Owen
5cc944a89b Bug 1076903: Add a Chromium LICENSE file to security/sandbox/win/src. r=gerv 2014-11-03 15:34:26 +00:00
Chris Peterson
4a7b70b334 Bug 1092028 - Fix -Wunused-const-variable warning-as-error in security/pkix/test/gtest. r=bsmith 2014-10-30 23:17:27 -07:00
ffxbld
cd1c581c5d No bug, Automated HPKP preload list update from host b-linux64-ix-0009 - a=hpkp-update 2014-11-01 03:19:47 -07:00
ffxbld
5c654c7c4c No bug, Automated HSTS preload list update from host b-linux64-ix-0009 - a=hsts-update 2014-11-01 03:19:44 -07:00
Garrett Robinson
6f9b6ed2cf Bug 846489 - Part 1 - Expose error code on TransportSecurityInfo. r=keeler 2014-10-30 12:50:00 +01:00
Carsten "Tomcat" Book
b82ba6feba Backed out changeset 5fb2f4662098 (bug 846498) for wrong bug number in commit message 2014-10-31 10:03:53 +01:00
Masatoshi Kimura
bcda188339 Bug 1088915 - Stop offering RC4 in the first handshakes. r=keeler 2014-10-22 01:11:29 +09:00
Masatoshi Kimura
2b45a125ae Bug 947149 - Remove useless and even misleading word and dead code. r=keeler, dolske 2014-10-30 15:22:00 +01:00
Garrett Robinson
d7c1f641cc Bug 846498 - Expose error code on TransportSecurityInfo. r=keeler 2014-10-30 12:50:00 +01:00
Brian Smith
2d31127cff Reland Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler 
--HG--
extra : rebase_source : 3a5e3bc2e113035e9c88b571bac68f3dbe2c8f04
 2014-10-28 15:28:38 -07:00
Brian Smith
774861532b Bug 1089104: Add support for TeletexString-encoded CN-IDs to CheckCertHostname, r=keeler 
--HG--
extra : rebase_source : 320794deae857a574f509b7277ea64576abd37b3
 2014-10-29 17:19:45 -07:00
Brian Smith
228f03d6d1 Bug 1089393: Fix hex excape sequences ('\0x' -> '\x') in pkixnames_tests.cpp, r=mmc 
--HG--
extra : rebase_source : a0136045ce9b957976f8eb2ef8ad6c9eae0a8ad7
 2014-10-26 11:29:42 -07:00
Monica Chew
3e0f2fd921 Bug 1004781: Actually remove the pinset (r=keeler) 2014-10-30 16:21:09 -07:00
Monica Chew
1e19be7e65 Bug 1004781: Remove our pinset for facebook since it's in chromium now (r=keeler) 2014-10-30 16:14:19 -07:00
David Keeler
07d210cc76 bug 1085509 - follow-up to include forgotten Telemetry.h header (non-unified build bustage) r=bustage 2014-10-30 13:12:01 -07:00
David Keeler
2fa7ba1743 bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj 2014-10-29 16:25:16 -07:00
David Keeler
13b42021f6 bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc 2014-10-24 10:46:30 -07:00
André Reinald
436338cb49 Bug 1076385 - Sandbox the content process on Mac. r=smichaud 2014-10-30 13:33:17 -05:00
Carsten "Tomcat" Book
421fb1a714 Backed out changeset b4665be856d7 (bug 1089305) for frequent b2g/android xpcshell test failures 2014-10-30 15:26:02 +01:00
Cykesiopka
9c4c923488 Bug 1089305 - Switch EV tests to SQL DB and partially clean up scripts. r=keeler 2014-10-29 11:09:00 +01:00
Martin Thomson
2656d11288 Bug 1088950 - Adding some testing. r=dkeeler 2014-10-27 17:48:00 +01:00
Martin Thomson
2aa2c784b9 Bug 1088950 - Fix handling of inappropriate_fallback alert. r=keeler 2014-10-27 17:47:00 +01:00
Mike Hommey
47c853314f Bug 1077148 part 4 - Add and use new moz.build templates for Gecko programs and libraries. r=gps 
There are, sadly, many combinations of linkage in use throughout the tree.
The main differentiator, though, is between program/libraries related to
Gecko or not. Kind of. Some need mozglue, some don't. Some need dependent
linkage, some standalone.

Anyways, these new templates remove the need to manually define the
right dependencies against xpcomglue, nspr, mozalloc and mozglue
in most cases.

Places that build programs and were resetting MOZ_GLUE_PROGRAM_LDFLAGS
or that build libraries and were resetting MOZ_GLUE_LDFLAGS can now
just not use those Gecko-specific templates.
 2014-10-30 13:06:12 +09:00
Brian Smith
c7e81fdad6 Back out cset 9b72d139e817 (Bug 1063281, Part 9) due to compatibility regressions on a CLOSED TREE, a=ryanvm 
--HG--
extra : rebase_source : cd9b43c3f66df3c5de337f2013fe61fae798b3ba
 2014-10-28 12:30:53 -07:00
Carsten "Tomcat" Book
98dda84064 Backed out changeset 50650e0f0edf (bug 1085509) for causing perma failure in win7 xperf 2014-10-28 14:10:38 +01:00
Carsten "Tomcat" Book
b4bfea0bd6 Backed out changeset b591ad43d53e (bug 1085509) 2014-10-28 14:09:44 +01:00
David Keeler
90283cf32b bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj 2014-10-27 09:32:33 -07:00
David Keeler
84883c42e4 bug 1085509 - fix nsCertOverrideService so its initialization doesn't depend on NSS r=mmc 2014-10-24 10:46:30 -07:00
Phil Ringnalda
97c5c90a44 Merge m-i to m-c, a=merge 2014-10-26 09:12:36 -07:00
ffxbld
a92f2bc083 No bug, Automated HPKP preload list update from host bld-linux64-spot-115 - a=hpkp-update 2014-10-25 03:19:28 -07:00
ffxbld
3d5dc9dcf8 No bug, Automated HSTS preload list update from host bld-linux64-spot-115 - a=hsts-update 2014-10-25 03:19:26 -07:00
Monica Chew
e8c341b1fd Bug 1083539: Fix dropped return value check (r=keeler) 2014-10-23 17:07:45 -07:00
Tom Schuster
0130a12af3 Bug 886752 - Show TLS/SSL version in page info dialog. r=dao 2014-10-24 13:53:35 +02:00
Tom Schuster
cba793218d Bug 886752 - Add TLS version to SSLStatus and additional cleanup. r=keeler 2014-10-24 13:53:34 +02:00
Kai Engert
9c8e9bee73 Bug 1088969 - Upgrade Mozilla 36 to use NSS 3.18, landing beta 1, r=wtc 2014-10-25 00:34:34 +02:00
Jed Davis
5ec3c350dd Bug 1081242 - Make ASAN's error reporting work while sandboxed on Linux. r=kang 2014-10-21 11:18:00 +02:00
Brian Smith
cfc481b264 Bug 1085497: Add Input::size_type, r=mmc 
--HG--
extra : rebase_source : 098eae9234be99e683c0d44b35e1ec7058a086dd
 2014-10-16 18:23:27 -07:00
Brian Smith
e93675a04e Bug 1063281, Part 9: Switch Gecko from NSS to CheckCertHostname, r=keeler 
--HG--
extra : rebase_source : 340eb682ba1f9dbd51652438433e7d0196494e1f
 2014-09-21 17:43:29 -07:00
Brian Smith
6926e8bc53 Bug 1063281, Part 8: Rewrite PresentedDNSIDMatchesReferenceDNSID, r=keeler 
--HG--
extra : rebase_source : a74e8d89a3ddfe5f6af70f32d31f1dc06600d90a
 2014-10-15 19:21:35 -07:00
Brian Smith
d7d68e721d Bug 1063281, Part 7: Implement IsValidPresentedDNSID, r=keeler 
--HG--
extra : rebase_source : 32d85980d8d486bb806e169a8241256ad57fa9d1
 2014-10-16 15:59:34 -07:00
Brian Smith
8d32c13ab3 Bug 1083539: Factor out common SEQUENCE unwrapping logic into reusable functions, r=mmc 
--HG--
extra : rebase_source : 93d669d3cbe178339fe59c1d9345c773b4e238d4
 2014-10-14 02:07:08 -07:00
Brian Smith
bda4ef165a Bug 1063281, Part 6: Implement CheckCertHostname, r=keeler 
--HG--
extra : rebase_source : c28fe67d319f64b2efa326fd8649ef529c487c05
 2014-10-15 16:10:32 -07:00
Brian Smith
72d294039c Bug 1063281, Part 5: Implement DNS ID matching, r=keeler 
--HG--
extra : rebase_source : 5221245ce8da065d64a7ff17bdfde0e617562447
 2014-09-30 19:40:15 -07:00
Brian Smith
149817ebfc Bug 1063281, Part 4: Implement ParseIPv6Address, r=keeler 
--HG--
extra : rebase_source : 9a75a81a840591aaf73acd5be4d7ca504b6432e5
 2014-09-06 01:10:24 -07:00
Brian Smith
0e87ec98c7 Bug 1063281, Part 3: Implement ParseIPv4Address, r=keeler 
--HG--
extra : rebase_source : fbafcb7573be8fa83036a8fadbfa74938ab7a4a6
 2014-09-05 23:20:18 -07:00
Brian Smith
4a2c8b5274 Bug 1063281, Part 2: Implement IsValidDNSName, r=keeler 
--HG--
extra : rebase_source : 202898df26c7321f543ab7aeb222cdc6db67fe0d
 2014-09-30 14:41:39 -07:00
Brian Smith
3b8c2fc2a8 Bug 1063281, Part 1: Expose moilla::pkix::BackCert::GetSubjectAltName, r=keeler 
--HG--
extra : rebase_source : c89ae439a21f11fce66a785e8732ca8793d51936
 2014-08-17 17:24:20 -07:00
David Keeler
c78d7b0266 backout f69fa3c13d1f (bug 1085509) for causing test_cert_overrides.js to fail 2014-10-23 11:50:17 -07:00
David Keeler
39a7d91875 bug 1085509 - add telemetry for how many permanent certificate overrides users have r=mmc r=jcj 2014-10-23 10:10:57 -07:00
ffxbld
918c518e8b No bug, Automated HPKP preload list update from host bld-linux64-spot-1094 - a=hpkp-update 2014-10-22 14:02:48 -07:00
ffxbld
7c18fd1d5d No bug, Automated HSTS preload list update from host bld-linux64-spot-1094 - a=hsts-update 2014-10-22 14:02:46 -07:00
David Keeler
46c48f2321 bug 1083085 - update where getHSTSPreloadList.js and genHPKPStaticPins.js think Chromium's lists are r=mmc DONTBUILD NPOTB 2014-10-21 15:20:02 -07:00
Martin Thomson
e4182ac689 Bug 1083058 - Adding pref to control TLS version fallback, r=keeler 
From af667978f8915e6ebfaf02f8967b3d320d409a24 Mon Sep 17 00:00:00 2001
---
 netwerk/base/public/security-prefs.js              |  1 +
 security/manager/ssl/src/nsNSSIOLayer.cpp          | 21 +++++-
 security/manager/ssl/src/nsNSSIOLayer.h            |  2 +
 .../manager/ssl/tests/gtest/TLSIntoleranceTest.cpp | 76 +++++++++++++++++++---
 4 files changed, 90 insertions(+), 10 deletions(-)
 2014-10-02 16:36:48 -07:00
Jed Davis
82a97e04c9 Bug 1078838 - Restrict clone(2) flags for sandboxed content processes. r=kang 
--HG--
extra : amend_source : f80a3a672f5496f76d8649f0c8ab905044ea81ac
 2014-10-20 12:29:25 -07:00
Carsten "Tomcat" Book
db53227352 merge mozilla-inbound to mozilla-central a=merge 2014-10-20 14:34:56 +02:00
ffxbld
0c786b120d No bug, Automated HPKP preload list update from host bld-linux64-spot-069 - a=hpkp-update 2014-10-18 03:18:53 -07:00
ffxbld
a20f696cba No bug, Automated HSTS preload list update from host bld-linux64-spot-069 - a=hsts-update 2014-10-18 03:18:51 -07:00
Jim Mathies
5dcb538c28 Bug 1083325 - Gracefully deal with null ssl status when serializing/deserializing TransportSecurityInfo. r=dkeeler 2014-10-16 14:11:19 -05:00
Cykesiopka
1c4af4e6a1 Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith 2014-10-18 15:18:00 +02:00
Cykesiopka
c30bd575d3 Bug 622859 - Tests for bug 622859. r=briansmith,keeler 2014-10-16 05:22:00 +02:00
Tanvi Vyas
12cc245a41 Bug 418354 - update test for bug 455367. Insecure image loads should be considered mixed display content regardless of whether image data was actually returned. r=honzab 2014-10-18 13:21:23 -07:00
David Keeler
8c488b9625 bug 1042889 - test certificate overrides for untrusted x509v1 certificates used as CAs r=mmc 2014-10-15 10:42:13 -07:00
David Keeler
36e798be2b bug 1042889 - allow overrides for untrusted x509v1 certificates used as CAs r=mmc 2014-10-15 10:39:57 -07:00
David Keeler
0a4f56b330 bug 1042889 - use a separate error for untrusted x509v1 certificates used as CAs r=briansmith 2014-10-15 10:38:51 -07:00
Bob Owen
64a69cb8af Bug 1080567: Don't report registry NAME_NOT_FOUND errors for the Windows warn only sandbox. r=tabraldes 2014-10-13 15:12:28 +01:00
Martin Thomson
e10ee742fd Bug 1076983 - Disabling SSL 3.0 with pref 2014-10-14 17:17:35 -07:00
Jon Morton
1700296f02 Bug 979835: Port BoxObject and its subclasses to WebIDL. r=khuey sr=bz 
--HG--
rename : layout/xul/nsIPopupBoxObject.idl => dom/webidl/PopupBoxObject.webidl
rename : layout/xul/tree/nsITreeBoxObject.idl => dom/webidl/TreeBoxObject.webidl
rename : layout/xul/nsBoxObject.cpp => layout/xul/BoxObject.cpp
rename : layout/xul/nsBoxObject.h => layout/xul/BoxObject.h
rename : layout/xul/nsListBoxObject.cpp => layout/xul/ListBoxObject.cpp
rename : layout/xul/nsMenuBoxObject.cpp => layout/xul/MenuBoxObject.cpp
rename : layout/xul/nsPopupBoxObject.cpp => layout/xul/PopupBoxObject.cpp
 2014-10-14 13:15:21 -07:00
Jed Davis
56cddbd763 Bug 1080077 - For sandbox failures with no crash reporter, log the C stack. r=kang 
This is mostly for ASAN builds, which --disable-crash-reporter, but also
fixes a related papercut: debug builds don't use the crash reporter
unless overridden with an environment variable.

Note: this is Linux-only, so NS_StackWalk is always part of the build;
see also bug 1063455.
 2014-10-13 18:48:17 -07:00
Mike Hommey
951b27b2b0 Bug 1080994 - Build libclearkey without a dependency on mozalloc or mozglue. r=dkeeler,r=cpearce 2014-10-14 07:13:25 +09:00
Sylvestre Ledru
20095be902 Bug 1081935 - Missing UUID bump. r=gavin a=me 2014-10-13 17:27:42 +02:00
Ryan VanderMeulen
ad3210dd8e Merge inbound to m-c. a=merge 2014-10-11 16:16:00 -04:00
ffxbld
aa2c9e3dc4 No bug, Automated HPKP preload list update from host bld-linux64-spot-412 - a=hpkp-update 2014-10-11 03:18:06 -07:00
ffxbld
662e6c9a21 No bug, Automated HSTS preload list update from host bld-linux64-spot-412 - a=hsts-update 2014-10-11 03:18:03 -07:00
Stephen Pohl
0b58cd9573 Bug 1077282: Cleanup uses of GreD vs GreBinD, introcuded by v2 signature changes on OSX. Based on initial patch by rstrong. r=bsmedberg 2014-10-10 15:06:57 -04:00
Kai Engert
2251b66f13 Bug 1075686, Update Mozilla 35 to use NSS 3.17.2, RTM 2014-10-10 19:16:08 +02:00
Patrick McManus
9c3bce6805 bug 1003448 - HTTP/2 Alternate Service and Opportunistic Security [1/2 PSM] r=keeler 2014-08-20 16:30:16 -04:00
Brian Smith
0cacd2ed70 Bug 1078108: Use a longer OCSP response validity period in tests, r=keeler 2014-10-05 17:18:11 -07:00
Carsten "Tomcat" Book
da90427b6c Backed out changeset b885a82dc02a (bug 1078108) for breaking B2g ICS Builds 2014-10-10 09:01:45 +02:00
Brian Smith
2565f9b33d Bug 1078108: Use a longer OCSP response validity period in tests, r=keeler 
--HG--
extra : rebase_source : 3115275b2b1c5337cbea0fd43a2221fcd54dadc1
extra : source : bb5694e268255b6549ccaaaddca74fbb83d4bda1
 2014-10-05 17:18:11 -07:00
Brian Smith
201e27f5f3 Bug 1077926: Make test certificate generation faster by reusing key, r=keeler 
--HG--
extra : rebase_source : 8734920020e0889ea6cac1e878b182326bbf81d6
 2014-10-07 18:30:47 -07:00
Wan-Teh Chang
de5513f839 Bug 1075686: Update Mozilla 35 to use NSS 3.17.2 Beta 2. 
This fixes bug 1049435.
 2014-10-09 10:58:30 -07:00
David Keeler
a052b67f71 bug 1058812 - (3/3) mozilla::pkix: test handling unsupported signature algorithms r=briansmith 2014-10-08 09:48:15 -07:00
David Keeler
af214d36f8 bug 1058812 - (2/3) mozilla::pkix: use ByteStrings to identify signature algorithm parameters in tests r=briansmith 2014-10-08 09:33:59 -07:00
David Keeler
42cd9ec5ca bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith 2014-10-07 09:35:42 -07:00
Eric Rahm
7fffd05532 Bug 806819 - Part 4: Add files that were excluded from unified builds back in. r=ehsan 2014-10-08 13:19:14 -07:00
Eric Rahm
8d715a7fe4 Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan 2014-10-08 13:17:32 -07:00
David Keeler
71bd008415 backout 9815045d0c5a (bug 1058812 1/3) for mochitest orange on a CLOSED TREE 2014-10-08 12:10:46 -07:00
David Keeler
6e65e0bca0 backout 9692998f547e (bug 1058812 2/3) for mochitest orange on a CLOSED TREE 2014-10-08 12:10:10 -07:00
David Keeler
4279bb931d backout 0097b4ffaf33 (bug 1058812 3/3) for mochitest orange on a CLOSED TREE 2014-10-08 12:09:26 -07:00
David Keeler
3718659874 bug 1058812 - (3/3) mozilla::pkix: test handling unsupported signature algorithms r=briansmith 2014-10-08 09:48:15 -07:00
David Keeler
7ad555939c bug 1058812 - (2/3) mozilla::pkix: use ByteStrings to identify signature algorithm parameters in tests r=briansmith 2014-10-08 09:33:59 -07:00
David Keeler
5606be5b15 bug 1058812 - (1/3) mozilla::pkix: add SignatureAlgorithm::unsupported_algorithm to better handle e.g. roots signed with RSA/MD5 r=briansmith 2014-10-07 09:35:42 -07:00
Brian Smith
7c87c719cd Bug 1077887: Work around old GCC "enum class" bug, r=mmc 
--HG--
extra : rebase_source : 983e8d8bcfded10d1d1dca793d610996b40b444d
 2014-10-04 18:45:31 -07:00
Brian Smith
121791c43f Bug 1077859: Make ENCODING_FAILED safe to use in static initializers, r=mmc 
--HG--
extra : rebase_source : f0483e775c6fefc256fc9527b1b1118086cc121f
 2014-10-03 15:52:38 -07:00
Andrew Halberstadt
d292ee73f1 Bug 1066735 - Remove root b2g and android specific xpcshell manifests, r=chmanchester 2014-10-07 18:18:28 -04:00
David Keeler
4ae95106e2 bug 1077891 - update getHSTSPreloadList.js to reflect changes to nsISiteSecurityService r=mmc DONTBUILD NPOTB 2014-10-06 11:28:15 -07:00
Ehsan Akhgari
15ca5186a6 Fix one bad implicit constructor in pkix, no bug, blanket-rs=bsmith 2014-10-07 09:46:59 -04:00
Carsten "Tomcat" Book
811400331c Backed out changeset 76000f9f12da (bug 1077859) for causing frequent Mac OSX XPCshell test failures 2014-10-07 12:53:42 +02:00
Carsten "Tomcat" Book
f3c6c6a49b Backed out changeset 16fe1b9eb9e6 (bug 1077887) 2014-10-07 12:53:03 +02:00
Carsten "Tomcat" Book
2dbcab7289 Backed out changeset 124b04c01c71 (bug 1077926) 2014-10-07 12:52:49 +02:00
Brian Smith
655ade7a8b Bug 1077926: Make test certificate generation faster by reusing key, r=keeler 
--HG--
extra : rebase_source : 360fe925397688c1d0a2386c4974def6b571f0d4
 2014-10-05 00:29:43 -07:00
Brian Smith
1fc729071e Bug 1077887: Work around old GCC "enum class" bug, r=mmc 
--HG--
extra : rebase_source : ce707672dfc0587760c09701fd6adbe26c874916
 2014-10-04 18:45:31 -07:00
Brian Smith
9e344e0256 Bug 1077859: Make ENCODING_FAILED safe to use in static initializers, r=mmc 
--HG--
extra : rebase_source : 78e1410ab6c94bd6b20a78208a2421db338aed94
 2014-10-03 15:52:38 -07:00
Wes Kocher
445e1466e9 Backed out 5 changesets (bug 806819) for WinXP test failures on a CLOSED TREE 
Backed out changeset 009ae35b0c67 (bug 806819)
Backed out changeset 5a57f87f5061 (bug 806819)
Backed out changeset f06cd735b5b3 (bug 806819)
Backed out changeset e25a2a8d4af4 (bug 806819)
Backed out changeset 70a167982c3f (bug 806819)
 2014-10-06 16:32:50 -07:00
Eric Rahm
53a247fb00 Bug 806819 - Part 4: Add files that were excluded from unified builds back in. r=ehsan 
--HG--
extra : rebase_source : 49a3f57d94fc94702f1604175c4e206091b67197
 2014-10-06 13:11:24 -07:00
Eric Rahm
80d2b8bba6 Bug 806819 - Part 3: Remove redundant FORCE_PR_LOG entries. r=ehsan 
--HG--
extra : rebase_source : c96eea1c12ea8c19314393f0e8b4b57a4316a61d
 2014-10-06 13:08:20 -07:00
Nicholas Nethercote
94adb30f77 Bug 1062709 (part 2, attempt 2) - Clean up stack printing and fixing. r=dbaron. 
--HG--
extra : rebase_source : 626fd23a14ec90cfc9807c3d555169ec6463d19d
 2014-09-01 22:56:05 -07:00
Nicholas Nethercote
2eb56008e2 Bug 1062709 (part 1, attempt 2) - Add a frame number argument to NS_WalkStackCallback. r=dbaron. 
--HG--
extra : rebase_source : 4f7060a9ae0bed180899651c50e8ea8857e72d63
 2014-09-10 21:47:01 -07:00
Neil Rashbrook
4ee6d12382 Bug 1075976 Clean up XPCOM string usage r=keeler 2014-10-05 22:09:39 +01:00
Phil Ringnalda
9764e19e06 Merge m-i to m-c, a=merge 2014-10-05 09:34:55 -07:00
Phil Ringnalda
145d867409 Backed out 2 changesets (bug 1003448) since their dependency was backed out 
CLOSED TREE

Backed out changeset 61f98b1d29f9 (bug 1003448)
Backed out changeset 8e947d1636f1 (bug 1003448)
 2014-10-04 20:10:19 -07:00
ffxbld
58b5016fa7 No bug, Automated HPKP preload list update from host bld-linux64-spot-197 - a=hpkp-update 2014-10-04 03:19:30 -07:00
ffxbld
9583d80353 No bug, Automated HSTS preload list update from host bld-linux64-spot-197 - a=hsts-update 2014-10-04 03:19:28 -07:00
Ed Morley
2d0f9579b5 Backed out changeset a0b82c954206 (bug 1062709) for Windows mochitest 5 hangs 2014-10-03 15:06:16 +01:00
Ed Morley
9e223d8a19 Backed out changeset 7a1b7d7eba12 (bug 1062709) 2014-10-03 15:05:26 +01:00
Ryan VanderMeulen
4e2581f465 Backed out 3 changesets (bug 1076129, bug 1003448) for frequent xpcshell crashes on a CLOSED TREE. 
Backed out changeset 3034162ee435 (bug 1003448)
Backed out changeset 086fe4b0ba14 (bug 1003448)
Backed out changeset 1babd65ebec7 (bug 1076129)
 2014-10-02 15:53:21 -04:00
Patrick McManus
39d073c8d5 bug 1003448 - HTTP/2 Alternate Service and Opportunistic Security [1/2 PSM] r=keeler 2014-08-20 16:30:16 -04:00
Ryan VanderMeulen
b20021a33c Merge m-c to inbound. a=merge 2014-10-02 13:14:06 -04:00
Martin Thomson
1e1716e492 Bug 1072382 - Remove version intolerance marker on inappropriate_fallback alert, r=keeler 2014-10-02 10:03:30 -07:00
Nicholas Nethercote
5a257b83f9 Bug 1062709 (part 2) - Clean up stack printing and fixing. r=dbaron. 
--HG--
extra : rebase_source : 18158d4474cb8826813a3866eba57b710e14db99
 2014-09-01 22:56:05 -07:00
Nicholas Nethercote
c9c64de53c Bug 1062709 (part 1) - Add a frame number argument to NS_WalkStackCallback. r=dbaron. 
--HG--
extra : rebase_source : 0f9b2d6310433ed56f5552706fcf2a96571aee25
 2014-09-10 21:47:01 -07:00
David Keeler
2f89ed3295 bug 1045739 - (part 2/2) mozilla::pkix: test that revocation checking doesn't occur for expired certificates r=mmc 2014-10-01 10:20:31 -07:00
Brian Smith
864c184e30 bug 1045739 - (1/2) mozilla::pkix: stop checking revocation for expired certificates r=keeler 2014-08-14 12:02:55 -07:00
Kai Engert
5fe316221d Bug 1075686, pick up NSS 3.17.2 beta 1 to fix bug 1057161 2014-10-01 19:30:41 +02:00
Carsten "Tomcat" Book
b37ac43e39 merge fx-team to mozilla-central a=merge 2014-09-30 15:10:47 +02:00
Cykesiopka
3ac8cb4ccb Bug 1073865 - Add missing SSL_ERROR l10n strings v1. r=dkeeler 2014-09-27 14:02:00 +02:00
Camilo Viecco
886005b84a Bug 787133 - (hpkp) Part 2/2. Tests r=keeler 2014-09-29 20:31:08 -07:00
Stephen Pohl
579061de7c Mac v2 signing - Bug 1060562 - Update xpcshell-tests for the new v2 bundle structure on OSX. r=jmaher 2014-09-29 11:51:29 -07:00
ffxbld
a310d15a38 No bug, Automated HPKP preload list update from host bld-linux64-spot-046 - a=hpkp-update 2014-09-27 03:16:58 -07:00
ffxbld
bca9d93656 No bug, Automated HSTS preload list update from host bld-linux64-spot-046 - a=hsts-update 2014-09-27 03:16:56 -07:00
David Keeler
fd860abf57 bug 1071308 - (2/2) remove libpkix-style chain validation callback from CertVerifier r=cviecco 2014-09-25 11:18:56 -07:00
David Keeler
863d5f9477 bug 1071308 - (1/2) rename pinning_enforcement_level to PinningMode for brevity r=cviecco 2014-09-25 11:08:36 -07:00
Camilo Viecco
c2c7007b5f Bug 787133 - (hpkp) Part 1/2. Header Parsing and interface within PSM. r=keeler, r=mcmanus 2014-09-03 10:24:12 -07:00
Bob Owen
27ae4de9b6 Bug 1068000 - Add client side chrome.* pipe rule for Windows content sandbox. r=tabraldes 2014-09-16 15:44:25 +01:00
Wes Kocher
bc0c8885af Merge m-c to inbound a=merge 2014-09-23 16:48:23 -07:00
Wes Kocher
47e158094b Merge inbound to m-c a=merge 2014-09-23 15:30:38 -07:00
Kai Engert
761fee2128 Bug 1064636, upgrade to NSS 3.17.1 release, r=rrelyea, a=lmandel 2014-09-23 21:28:23 +02:00
Ehsan Akhgari
6b1b9962f5 Fix more bad implicit constructors in security, blanket-rs=bsmith, no bug 2014-09-23 09:13:26 -04:00
Jed Davis
9fd62691c6 Bug 1069700 - Fix recursive crash when non-content children violate sandbox policy. r=kang 2014-09-18 18:17:00 -04:00
Richard Barnes
f07a938b7c Bug 1045973 - sec_error_extension_value_invalid: mozilla::pkix does not accept certificates with x509v3 extensions in x509v1 or x509v2 certificates r=keeler 2014-09-23 16:48:54 -04:00
David Keeler
06b4f5bba9 bug 1060929 - mozilla::pkix: allow explicit encodings of default-valued BOOLEANs for compatibility r=briansmith 2014-09-22 09:26:10 -07:00
Vlatko Markovic
8818f4947f Bug 1059216 - Verification of Trusted Hosted Apps manifest signature, part 1. r=dkeeler,rlb 2014-09-22 07:58:59 -07:00
Robin Thunell
2915e7de92 Bug 1059208 - Add scripts for signing manifest files of Trusted Hosted Apps r=dkeeler 2014-09-22 07:58:59 -07:00
Carsten "Tomcat" Book
79a0a7362d merge b2g-inbound to mozilla-central a=merge 2014-09-22 13:06:09 +02:00
Carsten "Tomcat" Book
2ae977b21b merge mozilla-inbound to mozilla-central a=merge 2014-09-22 12:58:26 +02:00
ffxbld
976d004bf3 No bug, Automated HPKP preload list update from host b-linux64-ix-0007 - a=hpkp-update 2014-09-20 03:17:29 -07:00
ffxbld
c78690b02d No bug, Automated HSTS preload list update from host b-linux64-ix-0007 - a=hsts-update 2014-09-20 03:17:26 -07:00
Vlatko Markovic
e160a6a6da Bug 1059204 - Prepare verification code for reuse. r=rlb 2014-09-19 20:13:47 -07:00
Arthur Edelstein
cb0c9e468d Bug 967977 - Add pref to disable session identifiers (session tickets and session IDs). r=dkeeler 2014-09-08 15:32:00 -04:00
Brian Smith
c5500b85df Bug 1065264: Use MOZILLA_PKIX_MAP_LIST to define mozilla::pkix::Result, r=keeler 
--HG--
extra : rebase_source : a91f7ab118f802fed6441edf00a245fe90c8e506
 2014-09-10 00:17:24 -07:00
Brian Smith
ddb8aedc17 Bug 1065173: Move more NSS dependencies to pkixtestnss.cpp, r=keeler 
--HG--
extra : rebase_source : 205fa72506e175c0fe418c5428675e754a86c820
 2014-09-08 20:41:53 -07:00
Brian Smith
d4a0b9e59c Bug 1063031: Remove mozilla::pkix::test::NSSTest, r=keeler 
--HG--
rename : security/pkix/test/gtest/nssgtest.cpp => security/pkix/test/gtest/pkixgtest.cpp
extra : rebase_source : 205faf2054134b3a7aecd55d53f73d19f2f86103
 2014-08-31 20:42:28 -07:00
Jed Davis
5043e01249 Bug 1068410 - Convert remote crash dump to use pipe instead of socketpair in the child. r=kang r=ted 2014-10-03 14:55:03 -07:00
Patrick McManus
235b069e72 bug 1003448 - HTTP/2 Alternate Service and Opportunistic Security [1/2 PSM] r=keeler 2014-08-20 16:30:16 -04:00
Martin Thomson
36ef87e623 Bug 1075991 - Tracking cause of inappropriate TLS version fallback, r=keeler 2014-10-03 11:01:24 -07:00
Martin Thomson
e3fc75fe11 Bug 1075991 - Remember version intolerance reason code, r=keeler 2014-10-03 11:01:24 -07:00
Monica Chew
af2478ad59 Bug 1030135: Set is_moz if the pinset name contains mozilla, set bucket id for pinsets containing the string mozilla (r=keeler) 2014-10-02 16:45:13 -07:00
J.C. Jones
e75e48ed45 Bug 1054498 - Report pinning violations by CA r=keeler 2014-10-17 10:33:50 -07:00
Carsten "Tomcat" Book
e5ad1e7db2 Backed out changeset 3afdc3253979 (bug 622859) for breaking m1 tests 2014-10-17 13:14:29 +02:00
Carsten "Tomcat" Book
d893b9cc90 Backed out changeset f5fa8ea86d3b (bug 622859) 2014-10-17 13:13:01 +02:00
Jed Davis
67e50f1aa1 Bug 1080165 - Allow setpriority() to fail without crashing in media plugins on Linux. r=kang 2014-10-16 12:42:00 +02:00
Cykesiopka
ef48a9fa7c Bug 622859 - Tests for bug 622859. r=briansmith,keeler 2014-10-16 05:22:00 +02:00
Cykesiopka
01941f880c Bug 622859 - Reject EV certificates with key sizes below RSA 2048. r=briansmith 2014-10-16 05:13:00 +02:00
Bob Owen
b9708b293b Bug 1083701: When pre-Vista, for testing purposes allow stdout/err to be inherited by sandboxed process when an env var is set. r=tabraldes 2014-10-17 09:42:09 +01:00
David Keeler
d44051d068 bug 1055238 - add nsNSSCertListFakeTransport so nsIX509CertList can survive the child process r=rbarnes 2014-09-16 15:49:37 -07:00
David Keeler
76d5bfab7d bug 1055238 - clean up nsNSSCertificateFakeTransport.{cpp,h} for style nits r=rbarnes 2014-09-16 13:24:13 -07:00
Camilo Viecco
4782afddb6 Bug 787133 - (hpkp) testing of internal storage and idl r=keeler. 
--HG--
extra : rebase_source : c4f83f38a3b8f293a1ca61f2f0a6f90df6ff7840
 2014-09-12 14:59:37 -07:00
Camilo Viecco
d790eb8f88 Bug 787133 - (hpkp) Internal storage of hpkp data. r=keeler. 
--HG--
extra : rebase_source : 1ef88ab5ebcf9634bd1de76ec1c9543eb87d265b
 2014-09-12 14:59:37 -07:00
David Keeler
db0e8cfdbd bug 1066190 - ensure that pinning checks are done for otherwise overridable errors r=mmc 2014-09-12 13:20:43 -07:00
Camilo Viecco
9a1ec24aef Bug 1067565 - Built-in pins expires decades later. r=keeler 2014-09-15 17:17:12 -07:00
Trevor Saunders
4728b78382 bug 1062567 - prevent gcc lto builds from dropping SyscallAsm on the floor r=froydnj 2014-09-15 19:46:14 -04:00
Wes Kocher
6e187f49f8 Merge m-c to inbound a=merge 2014-09-15 16:41:45 -07:00
ffxbld
bed71c1658 No bug, Automated HPKP preload list update from host bld-linux64-spot-318 - a=hpkp-update 2014-09-15 14:35:39 -07:00
ffxbld
cc3388a150 No bug, Automated HSTS preload list update from host bld-linux64-spot-318 - a=hsts-update 2014-09-15 14:35:37 -07:00
David Keeler
dce41c469b bug 973048 - follow-up to add another missed #include r=bustage on a CLOSED TREE 2014-09-15 13:50:18 -07:00
David Keeler
c6dc096f07 bug 973048 - follow-up to add #include for ScopedPtr r=bustage on a CLOSED TREE 2014-09-15 13:02:47 -07:00
David Keeler
4113b4b466 bug 973048 - replace nsNSSCleaner with Scoped types r=rbarnes 2014-09-15 12:31:43 -07:00
Carsten "Tomcat" Book
d557d05d44 merge m-i to m-c a=merge 2014-09-12 15:07:38 +02:00
ffxbld
7d604b16de No bug, Automated HPKP preload list update from host bld-linux64-spot-021 - a=hpkp-update 2014-09-11 20:51:37 -07:00
ffxbld
44fa5fca8f No bug, Automated HSTS preload list update from host bld-linux64-spot-021 - a=hsts-update 2014-09-11 20:51:35 -07:00
Giovanni Sferro
ccbb9be8bc Bug 1050518 - Remove nsICertificatePrincipal. r=keeler 2014-09-10 20:31:00 -04:00
Bob Owen
61056aa4db Bug 1018988 - Set up a low integrity temp directory when using the Windows content sandbox. r=mrbkap r=tabraldes r=froydnj 2014-09-10 12:36:17 +01:00
Bob Owen
33eaabbf1f Bug 1063455 - Define MOZ_STACKWALKING when NS_StackWalk is available and replace other instances of the same #if logic. r=mshal, r=froydnj 2014-09-08 18:25:20 +01:00
Brian Smith
c857f8e0f4 Bug 1063013, Part 4: Move MapResultToName and MAP_LIST out of pkixnss.h/pkixnss.cpp, r=keeler 
--HG--
rename : security/pkix/lib/pkixnss.cpp => security/pkix/lib/pkixresult.cpp
extra : rebase_source : 2fec0a279f7ef6acdd7ac8bf749190eef33df70d
 2014-08-31 19:42:36 -07:00
Brian Smith
030872a85c Bug 1063013, Part 3: Move dependencies on pkixnss to pkixtestnss, r=keeler 
--HG--
rename : security/pkix/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestnss.cpp
extra : rebase_source : b22bd341a5c72ba87efcf23a4e048bba8adf1544
 2014-08-31 19:16:26 -07:00
Brian Smith
18c10a4998 Bug 1063013, Part 2: Remove unnecessary pkixnss dependency from pkixocsp_CreateEncodedOCSPRequest, r=keeler 
--HG--
rename : security/pkix/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestnss.cpp
extra : rebase_source : e91ec652edc54255cd29871c91550c3ee49438c5
 2014-08-31 19:04:15 -07:00
Brian Smith
06a6c4e0be Bug 1063013, Part 1: Remove pkixnss dependency from pkixtestutil.cpp, r=keeler 
--HG--
rename : security/pkix/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestnss.cpp
extra : rebase_source : e55c2e0c73a59b84629d071a64d8597ec5cc56ae
 2014-09-04 17:21:28 -07:00
Brian Smith
8dbcf66d66 Bug 1063006: Centralize direct use of NSS for crypto in the mozilla::pkix test suite, r=keeler 
--HG--
rename : security/pkix/test/lib/pkixtestutil.cpp => security/pkix/test/lib/pkixtestnss.cpp
extra : rebase_source : 93515d39abf91168fa86268f9b26f8c62d0d411e
 2014-08-31 17:47:09 -07:00
Brian Smith
ba3ad3aa0e Bug 1059924, Part 2: Test that the high tag number form is rejected, r=keeler 
--HG--
extra : rebase_source : 66793ce13ed8635cd47051fc2c93651d6936614e
 2014-08-21 15:48:40 -07:00
Jed Davis
af04cea2d8 Bug 1059038 - Move mozilla::unused from xpcom/glue to mfbt. r=Waldo 
--HG--
rename : xpcom/glue/unused.cpp => mfbt/unused.cpp
rename : xpcom/glue/unused.h => mfbt/unused.h
 2014-08-29 10:11:00 +02:00
Ehsan Akhgari
bd73520e3c Bug 1064356 - Fix more bad implicit constructors in security; r=bsmith 2014-09-08 20:47:36 -04:00
David Keeler
d577ecb4c1 bug 1004781 - follow-up to add "DigiCert ECC Secure Server CA" to Facebook's pinset r=mmc 2014-09-08 09:33:03 -07:00
Carsten "Tomcat" Book
75dcdffdac merge mozilla-inbound to mozilla-central a=merge 2014-09-08 15:22:16 +02:00
ffxbld
fb37ddfbb4 No bug, Automated HPKP preload list update from host b-linux64-ix-0009 - a=hpkp-update 2014-09-06 03:17:54 -07:00
ffxbld
335a88aab5 No bug, Automated HSTS preload list update from host b-linux64-ix-0009 - a=hsts-update 2014-09-06 03:17:51 -07:00
Wes Kocher
ca62a34614 Merge inbound to m-c a=merge 2014-09-05 19:04:52 -07:00
Monica Chew
573218568c Bug 1030135: Enable pinning on services.mozilla.com in test mode (r=keeler,a=kwierso) 2014-09-05 12:04:26 -07:00
Bob Owen
a9431992d5 Bug 1018966 - Part 2: Make warn only sandbox changes to the Chromium code. r=tabraldes 2014-09-03 10:31:53 +01:00
David Keeler
702384684c bug 1046221 - make nsCryptoHMAC and nsCryptoHash actually check for NSS shutdown r=rbarnes 2014-09-05 11:04:22 -07:00
Monica Chew
2c36fac925 Bug 1030135: Enable pinning on services.mozilla.com in test mode (r=keeler) 2014-09-05 12:04:26 -07:00
Bob Owen
f19448274c Bug 1018966 - Part 1: Add the main warn only sandbox machinery - with no Chromium code changes. r=bsmedberg 
This change also includes the content sandboxing code on Windows Nightly by defining MOZ_CONTENT_SANDBOX=1.
Whether the content sandbox is disabled, in warn only mode, or enabled is controlled by a new pref: browser.tabs.remote.sandbox=(off/warn/on)
 2014-06-11 15:32:37 +01:00
Brian Smith
a37dba0312 Bug 1061483 follow-up: remove now-unused deleteCharArray function, r=me, a=bustage 
--HG--
extra : rebase_source : 63d509bd7b95681227d27a733260bc33b1a22338
 2014-09-04 15:53:07 -07:00
Brian Smith
418571330e Bug 1061483: Remove dependency on NSPR's PR_smprintf, r=cviecco 
--HG--
extra : rebase_source : 64e2f862456e8e1434814631b0a7b461d83de37a
 2014-08-31 22:03:22 -07:00
Brian Smith
4170cfe622 Bug 1061021, Part 17: Use now-unused PLArenaPool infrastructure, r=keeler 
--HG--
extra : rebase_source : b6f241d33cefd3b14c585e806e9c920ec6844fce
 2014-08-30 23:30:20 -07:00
Brian Smith
6e2797899e Bug 1061021, Part 16: Stop using PLArenaPool in pkixocsp_CreateEncodedOCSPRequest, r=keeler 
--HG--
extra : rebase_source : 551d0c0e45d770c2218fb77874737fe23909d6c9
 2014-08-30 23:27:15 -07:00
Brian Smith
26f076840d Bug 1061021, Part 15: Stop using PLArenaPool in CreateEncodedOCSPResponse, r=keeler 
--HG--
extra : rebase_source : 00c3f77cd1e7e0d81b0acac84631b81e4cac59bd
 2014-09-01 19:23:01 -07:00
Brian Smith
1966d956d1 Bug 1061021, Part 14: Stop using PLArenaPool in CreateEncodedCertificate, r=keeler 
--HG--
extra : rebase_source : 46c292a31fbc4bb7242c93d0d47479600f379323
 2014-08-30 23:09:18 -07:00
Brian Smith
c7a8deb8a0 Bug 1061021, Part 13: Remove Output class, r=keeler 
--HG--
extra : rebase_source : 9d768451f2f1d6ad0db3cb75401494d6409fd818
 2014-08-30 20:47:58 -07:00
Brian Smith
5419f381e4 Bug 1061021, Part 12: Stop using PLArenaPool for ResponseData encoding, r=keeler 
--HG--
extra : rebase_source : 745ae45d9dd0509973d8e5c50a8cc2dfae82295f
 2014-08-30 20:42:19 -07:00
Brian Smith
c697d86d9d Bug 1061021, Part 11: Stop using PLArenaPool for TBSCertificate and SignedData encoding, r=keeler 
--HG--
extra : rebase_source : 09b06f79b57247dd89919ede12baabcb09dbeb19
 2014-08-30 19:55:52 -07:00