Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-11 04:15:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
570,328 Commits 615 Branches 98 Tags 6 GiB
959009f1a8
Commit Graph

12698 Commits

Author SHA1 Message Date
ffxbld
f03e7e263d No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update 2017-11-05 11:26:03 -08:00
ffxbld
9b91644ce1 No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-05 10:47:13 -08:00
ffxbld
0e84a5f304 No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-05 10:47:09 -08:00
ffxbld
a9ac7e1e95 No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-11-04 11:27:47 -07:00
ffxbld
0c16c4d46a No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-11-04 11:27:43 -07:00
Sebastian Hengst
3af6639030 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 6lOkhi71eQ3
 2017-11-04 10:53:33 +01:00
ffxbld
066b6713fd No bug, Automated HPKP preload list update from host bld-linux64-spot-030 - a=hpkp-update 2017-11-03 11:33:33 -07:00
ffxbld
422df817cd No bug, Automated HSTS preload list update from host bld-linux64-spot-030 - a=hsts-update 2017-11-03 11:33:29 -07:00
Sebastian Hengst
68106833b3 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: xcHQOq7Rbv
 2017-11-02 22:59:04 +01:00
Sebastian Hengst
8da0763166 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 60XtziNG2CK
 2017-11-02 22:57:14 +01:00
ffxbld
299b665375 No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update 2017-11-02 11:32:01 -07:00
ffxbld
06f236c2b4 No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update 2017-11-02 11:31:57 -07:00
Franziskus Kiefer
1db8f13af3 Bug 1401594 - land NSS NSS_3_34_BETA1 UPGRADE_NSS_RELEASE, r=me 
MozReview-Commit-ID: 8ckNdJ29KWZ

--HG--
extra : rebase_source : 9766af247842aabce5e46c4a8d1d03c3f70d21f7
 2017-11-01 15:38:36 +01:00
J.C. Jones
bc2d08ffc7 Bug 1414198 - Include <functional> in nsNSSCertificate.h r=keeler 
We've a report of a compilation error on a different system because
std::function was undefined.

MozReview-Commit-ID: 2MboMUdLzHj

--HG--
extra : rebase_source : be6d73506402a1838b96ce55e69b44dcb00949f1
 2017-11-03 17:11:04 -07:00
David Keeler
6922b82c52 bug 1357815 - 4/4: go a bit overboard on testcases for SHA-256 support in add-on signatures r=jcj 
MozReview-Commit-ID: K4WYTYPXpi1

--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha1_and_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1-256.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha1_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha256_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_manifest.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-256.zip
extra : rebase_source : f56c5c9309590bd37d933e8e8fbff8535296b874
 2017-10-27 11:20:33 -07:00
Jed Davis
0b91cda795 Bug 1413312 - Fix media plugin sandbox policy for sched_get_priority_{min,max}. r=gcp 
MozReview-Commit-ID: Bz4EWU13HAJ

--HG--
extra : rebase_source : 848880e083827a6f40e6ba289a5357ff6b4fa5f6
 2017-10-31 18:12:43 -06:00
Jed Davis
de1cbf125f Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp 
MozReview-Commit-ID: DY0qdGYGNdL

--HG--
extra : rebase_source : 02448ea28e8c1ea0d25776455d9ebb30d829b482
 2017-10-30 19:45:39 -06:00
Jed Davis
a2451f13e5 Bug 1412480 - Statically check for overly large syscall arguments. r=gcp 
See the previous patch for an explanation of the mistake that this is
meant to catch.

Note that, even for arguments that really are 64-bit on 32-bit platforms
(typically off_t), it's generally not safe to pass them directly to
syscall(): some architectures, like ARM, use ABIs that require such
arguments to be passed in aligned register pairs, and they'll be aligned
differently for syscall() vs. the actual system call due to the leading
system call number argument.  The syscall(2) man page discusses this
and documents that such arguments should be split into high/low halves,
passed separately, and manually padded.

Therefore, this patch rejects any argument types larger than a word.

MozReview-Commit-ID: FVhpri4zcWk

--HG--
extra : rebase_source : 0329fe68be2a4e16fb71736627f0190e005c9972
 2017-10-27 19:51:26 -06:00
Jed Davis
6d4b2907e1 Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp 
The values in arch_seccomp_data::args are uint64_t even on 32-bit
platforms, and syscall takes varargs, so the arguments need to be
explicitly cast to the word size in order to be passed correctly.

MozReview-Commit-ID: 5ldv6WbL2Z3

--HG--
extra : rebase_source : c6ef37d8b367ad6025e510e58e6ab4d2f96cfc9e
 2017-10-27 20:51:25 -06:00
David Keeler
6034b39937 bug 1357815 - 3/4: support SHA256 in PKCS#7 signatures on add-ons r=dveditz,jcj 
As a result of this patch, the hash algorithm used in add-on signature
verification will come from the PKCS#7 signature. If SHA-256 is present, it will
be used. SHA-1 is used as a fallback. Otherwise, the signature is invalid.

This means that, for example, if the PKCS#7 signature only has SHA-1 but there
are SHA-256 hashes in the signature file and/or manifest file, only the SHA-1
hashes in the signature file and manifest file will be used, if they are present
(and verification will fail if they are not present). Similarly, if the PKCS#7
signature has SHA-256, there must be SHA-256 hashes in the signature file and
manifest file (even if SHA-1 is also present in the PKCS#7 signature).

MozReview-Commit-ID: K3OQEpIrnUW

--HG--
extra : rebase_source : 704a2a18e166bfaf3e3d944d13918054bd012000
 2017-10-24 15:27:53 -07:00
David Keeler
7617737c9f bug 1357815 - 2/4: refactor away unnecessary parts of certificate verification in add-on signature verification r=jcj 
MozReview-Commit-ID: 4JKWIZ0wnuO

--HG--
extra : rebase_source : 7f032046b3a81c2b3f2135451af07a1e38e94664
 2017-10-24 13:32:02 -07:00
David Keeler
543678ab80 bug 1357815 - 1/4: move VerifyCMSDetachedSignatureIncludingCertificate to where it's used r=jcj 
MozReview-Commit-ID: JsBPGhDxQoS

--HG--
extra : rebase_source : 88a1c0b73762f28c53ffd645f2eba260743a4062
 2017-10-24 13:18:14 -07:00
Ryan VanderMeulen
f44bfd0fc0 Merge m-c to autoland. a=merge 2017-11-01 21:55:56 -04:00
ffxbld
269dcb47f7 No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-11-01 18:38:41 -07:00
ffxbld
249a4851fb No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-11-01 18:38:37 -07:00
ffxbld
f2bc4e722f No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update 2017-10-31 12:14:57 -07:00
ffxbld
f4901979dd No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update 2017-10-31 12:14:53 -07:00
J.C. Jones
f04a229953 Bug 1412994 - Ensure SegmentCertificateChain returns results in PSM order r=keeler 
SegmentCertificateChain, when provided a cert chain from nsISSLStatus, delivers
the EE as the Root, the Root as the EE, and the intermediates in reverse order.

Basically, now that Bug 1406856 landed, it's clear this was backward in its
thinking, so reverse it for the common case.

MozReview-Commit-ID: Ahtv9U9A9oS

--HG--
extra : rebase_source : 75c8688c5041652fd966babe91cb8c6287e19ad0
 2017-10-30 16:49:41 -07:00
Sebastian Hengst
6979ea37b4 merge mozilla-central to autoland. r=merge a=merge 2017-10-30 23:58:16 +01:00
Sebastian Hengst
f07fc93141 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 4PW6ESqLL73
 2017-10-30 23:52:23 +01:00
ffxbld
da6d577b00 No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update 2017-10-30 11:46:17 -07:00
ffxbld
0eee83e64e No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update 2017-10-30 11:46:14 -07:00
Bob Owen
e67fce9b1f Bug 1412827: Add Symantec DLLs ffm64 and ffm to the sandboxed child blocklist. r=jimm 
This patch also adds k7pswsen.dll unconditionally as it is still appearing
in many crash reports despite the block working in a test VM.
 2017-10-30 16:28:26 +00:00
Jed Davis
6557099666 Bug 1411115 - Allow F_SETLK fcntl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: ARc7EpfN73o

--HG--
extra : rebase_source : 21c35a65a7c45387e2bd7fd7aba5f82ecf7c9ab3
 2017-10-27 18:05:53 -06:00
Jed Davis
ee247f0d5f Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp 
MozReview-Commit-ID: 4Q0XMWcxaAc

--HG--
extra : rebase_source : e6065c91ddb271b71b5577ca0d6c39349565724c
 2017-10-27 19:32:37 -06:00
Jed Davis
27d4543313 Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 3svUgLLTZKL

--HG--
extra : rebase_source : 2f51310f19cff45313cafd2bdcc60f2999b729b3
 2017-10-25 12:43:13 -06:00
Sebastian Hengst
d67d120cc4 Backed out 4 changesets (bug 1386404) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE 
Backed out changeset 36556e1a5ac7 (bug 1386404)
Backed out changeset b136f90dc49f (bug 1386404)
Backed out changeset 4600c2d575f9 (bug 1386404)
Backed out changeset c2c40e4d9815 (bug 1386404)
 2017-10-30 19:10:01 +01:00
Gian-Carlo Pascutto
3d94d8e8e1 Bug 1386404 - Only do the tmp remapping if needed. r=jld 
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.

It's also a bit faster.

MozReview-Commit-ID: CWtngVNhA0t

--HG--
extra : rebase_source : 304481a18c371c3253448971f48064bcbd681a81
 2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
577b3a7731 Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld 
MozReview-Commit-ID: 2h9hw6opYof

--HG--
extra : rebase_source : f3121d7afff22e3f72c66e3a5553e731a83a2e1c
 2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
6a66615d8d Bug 1386404 - Enable access to the entire chrome dir from content. r=jld 
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.

MozReview-Commit-ID: 8uJcWiC2rli

--HG--
extra : rebase_source : 3542ea305aabaca0500d66f8e86f5c12170d793e
 2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
802f1b9395 Bug 1386404 - Enable content-process specific tmpdir on Linux. r=haik 
MozReview-Commit-ID: 6Hijq0to9MG

--HG--
extra : rebase_source : c7a3559e4cbdfd1885d13a489c4eeb311ca973fa
 2017-10-12 11:18:25 +02:00
Franziskus Kiefer
0ab6bdd2fa Bug 1413937 - add sha384 and sha512 to pycert and pykey, r=keeler 
MozReview-Commit-ID: ArjNHLC1MFC

Differential Revision: https://phabricator.services.mozilla.com/D185

--HG--
extra : rebase_source : 781abe2faa33aa4f55902db1b191159f9c88254d
 2017-11-09 16:55:12 +01:00
Sebastian Hengst
794abc6fba merge mozilla-central to autoland. r=merge a=merge 2017-10-29 23:01:08 +01:00
ffxbld
8af3c26b61 No bug, Automated HPKP preload list update from host bld-linux64-spot-033 - a=hpkp-update 2017-10-29 11:34:19 -07:00
ffxbld
c61725847a No bug, Automated HSTS preload list update from host bld-linux64-spot-033 - a=hsts-update 2017-10-29 11:34:15 -07:00
Sebastian Hengst
d6f574cf1b merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: DMG276CdAzv
 2017-10-28 23:57:08 +02:00
ffxbld
8d7205d5c7 No bug, Automated HPKP preload list update from host bld-linux64-spot-023 - a=hpkp-update 2017-10-28 11:38:28 -07:00
ffxbld
b03d306da6 No bug, Automated HSTS preload list update from host bld-linux64-spot-023 - a=hsts-update 2017-10-28 11:38:24 -07:00
ffxbld
e009038b12 No bug, Automated HPKP preload list update from host bld-linux64-spot-037 - a=hpkp-update 2017-10-28 11:23:31 -07:00
ffxbld
261757d83a No bug, Automated HSTS preload list update from host bld-linux64-spot-037 - a=hsts-update 2017-10-28 11:23:28 -07:00
Sebastian Hengst
2f6f3e1167 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JSVOeP0nq5J
 2017-10-27 23:28:23 +02:00
ffxbld
a5b2d14190 No bug, Automated HPKP preload list update from host bld-linux64-spot-022 - a=hpkp-update 2017-10-27 11:38:58 -07:00
ffxbld
28eb630b74 No bug, Automated HSTS preload list update from host bld-linux64-spot-022 - a=hsts-update 2017-10-27 11:38:54 -07:00
Attila Craciun
21363323fd Backed out 2 changesets (bug 1409900) for failing browser chrome on Linux opt at browser/base/content/test/general/browser_bug590206.js r=backout a=backout. 
Backed out changeset 83296a355dd4 (bug 1409900)
Backed out changeset 072007f83431 (bug 1409900)
 2017-10-27 16:15:47 +03:00
Sebastian Hengst
5c15da1f08 merge mozilla-inbound to mozilla-central. r=merge a=merge 
--HG--
rename : testing/talos/tests/__init__.py => testing/talos/talos/unittests/__init__.py
rename : testing/talos/tests/browser_output.ts.txt => testing/talos/talos/unittests/browser_output.ts.txt
rename : testing/talos/tests/browser_output.tsvg.txt => testing/talos/talos/unittests/browser_output.tsvg.txt
rename : testing/talos/tests/profile.tgz => testing/talos/talos/unittests/profile.tgz
rename : testing/talos/tests/ps-Acj.out => testing/talos/talos/unittests/ps-Acj.out
rename : testing/talos/tests/test_talosconfig_browser_config.json => testing/talos/talos/unittests/test_talosconfig_browser_config.json
rename : testing/talos/tests/test_talosconfig_test_config.json => testing/talos/talos/unittests/test_talosconfig_test_config.json
rename : testing/talos/tests/xrestop_output.txt => testing/talos/talos/unittests/xrestop_output.txt
 2017-10-27 12:45:34 +03:00
J.C. Jones
d4d890633b Bug 1411683 - Add foreach and segment utility methods to nsNSSCertList r=keeler 
This adds two methods to nsNSSCertList: ForEachCertificateInChain, and
SegmentCertificateChain. The ForEach method calls a supplied function for each
certificate in the chain, one by one.

That method is then used by the Segment method, which (assuming the chain is
ordered) splits it into Root, End Entity, and everything in-between as a list of
Intermediates.

This patch does _not_ try to add these methods to the IDL, as it's not
straightforward to me on how to handle the nsCOMPtr or std::function arguments.

These methods will be first used by Bug 1409259.

(Update to fix gtest bustage on Linux)

MozReview-Commit-ID: 8qjwF3juLTr

--HG--
extra : rebase_source : 3dee871a4622b8ad84cca247dc9a9f3ceb3b4bd9
 2017-10-25 13:37:50 -05:00
J.C. Jones
eac42bd3b1 Bug 1411683 - Add "requirements.txt" for pycert.py r=keeler 
There are specific versions needed for security/manager/ssl/tests/unit/pycert.py,
so let's give PIP some installation help:

0.1.7 for pyasn1 and 0.0.5 for pyasn1_modules

(recent versions break pycert/pykey/pycms)

MozReview-Commit-ID: Fk98UPd8bJo

--HG--
extra : rebase_source : 79436d4e99cda1dca438015835fdfa83a78c4dc7
 2017-10-25 16:03:58 -05:00
Mark Goodwin
032fc16f72 Bug 1406856 - Re-plumb nsISSLStatus.idl to carry with it the whole nsIX509CertList r=jcj,keeler 
MozReview-Commit-ID: 2YDmCzqdm26

--HG--
extra : rebase_source : 5b1f345698948b193addfa9326b5a29f9572a411
 2017-10-26 17:52:11 +01:00
Sebastian Hengst
e434e03817 Backed out changeset 51eaba841505 (bug 1406856) for failing eslint at security/manager/ssl/tests/unit/head_psm.js:732:53 | Multiple spaces found before '='. r=backout 
--HG--
extra : amend_source : 46ecb5c0f3f8c682aa0eaf27e14527b516710903
 2017-10-28 12:49:09 +02:00
Mark Goodwin
63bf63249d Bug 1406856 - Re-plumb nsISSLStatus.idl to carry with it the whole nsIX509CertList r=keeler 
MozReview-Commit-ID: 2YDmCzqdm26

--HG--
extra : rebase_source : 7de06b44adbcfc3891555b4176663d20d4f96a1a
 2017-10-26 17:52:11 +01:00
Jed Davis
76b1bdf7de Bug 1408497 - Disallow inotify in sandboxed content processes. r=gcp 
MozReview-Commit-ID: nKyIvMNQAt

--HG--
extra : rebase_source : 5347e8da745d6f4a0cd4e81e76fe6b94d94eac30
 2017-10-25 13:35:47 -06:00
Jed Davis
5f10d1f416 Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp 
MozReview-Commit-ID: 4Q0XMWcxaAc

--HG--
extra : rebase_source : 6bd36df3155fc5cdda67720e313028a68e2f0901
 2017-10-25 13:08:26 -06:00
Jed Davis
fce1017953 Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp 
MozReview-Commit-ID: 3svUgLLTZKL

--HG--
extra : rebase_source : 54623b48c65a1319905cab5aa520928681ec0023
 2017-10-25 12:43:13 -06:00
Jed Davis
160e1dcfe0 Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp 
MozReview-Commit-ID: JX81xpNBMIm

--HG--
extra : rebase_source : c7334f3e0b61b4fb4e0305cc6fc5d3173d08c032
 2017-10-25 16:38:20 -06:00
Jed Davis
b8aa6b6de9 Bug 1410241 - Don't call destructors on objects we use in the SIGSYS handler. r=gcp 
MozReview-Commit-ID: LAgORUSvDh9

--HG--
extra : rebase_source : b39836ebb7405202c60b075b30b48966ac644e71
 2017-10-25 17:58:22 -06:00
Jed Davis
aa4363afaa Bug 1410280 - Re-allow PR_GET_NAME for sandboxed content processes. r=gcp 
This prctl is used by PulseAudio; once bug 1394163 is resolved, allowing
it can be made conditional on the media.cubeb.sandbox pref.

MozReview-Commit-ID: 6jAM65V32vK

--HG--
extra : rebase_source : abb039aff7cefc0aa3b95f4574fdf1e3fb0d93a6
 2017-10-25 11:04:34 -06:00
Sebastian Hengst
d10e26c913 merge mozilla-central to mozilla-inbound. r=merge a=merge 2017-10-27 00:00:25 +02:00
ffxbld
7c460507ae No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update 2017-10-26 11:33:02 -07:00
ffxbld
13bc938b90 No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update 2017-10-26 11:32:58 -07:00
Phil Ringnalda
a173b09db6 Backed out changeset ccc0e72f2152 (bug 1403260) for hanging Mac browser-chrome in printing tests 
MozReview-Commit-ID: IZNT5Jh8nzB
 2017-10-25 23:00:17 -07:00
Haik Aftandilian
362316451f Bug 1403260 - [Mac] Remove access to print server from content process sandbox r=mconley 
MozReview-Commit-ID: Ia21je8TTIg

--HG--
extra : rebase_source : 656e9e3ac8d1fb741d46881458bb0b7fb402d688
 2017-10-22 23:02:58 -07:00
Sebastian Hengst
23c958dc39 Backed out 2 changesets (bug 1411683) for build bustage in security/manager/ssl/tests/gtest/CertListTest.cpp. r=backout on a CLOSED TREE 
Backed out changeset 9d579c7e46b9 (bug 1411683)
Backed out changeset 21a17ab8b0fc (bug 1411683)
 2017-10-27 23:53:55 +02:00
Sebastian Hengst
841ee307e6 merge mozilla-central to autoland. r=merge a=merge 2017-10-27 23:32:15 +02:00
J.C. Jones
de44bcbd15 Bug 1411683 - Add foreach and segment utility methods to nsNSSCertList r=keeler 
This adds two methods to nsNSSCertList: ForEachCertificateInChain, and
SegmentCertificateChain. The ForEach method calls a supplied function for each
certificate in the chain, one by one.

That method is then used by the Segment method, which (assuming the chain is
ordered) splits it into Root, End Entity, and everything in-between as a list of
Intermediates.

This patch does _not_ try to add these methods to the IDL, as it's not
straightforward to me on how to handle the nsCOMPtr or std::function arguments.

These methods will be first used by Bug 1409259.

MozReview-Commit-ID: 8qjwF3juLTr

--HG--
extra : rebase_source : 39e2e8530ac23c6b96eb73f406bca32a59bcccf5
 2017-10-25 13:37:50 -05:00
J.C. Jones
6594c2801b Bug 1411683 - Add "requirements.txt" for pycert.py r=keeler 
There are specific versions needed for security/manager/ssl/tests/unit/pycert.py,
so let's give PIP some installation help:

0.1.7 for pyasn1 and 0.0.5 for pyasn1_modules

(recent versions break pycert/pykey/pycms)

MozReview-Commit-ID: Fk98UPd8bJo

--HG--
extra : rebase_source : 79436d4e99cda1dca438015835fdfa83a78c4dc7
 2017-10-25 16:03:58 -05:00
Sebastian Hengst
443416f881 Merge mozilla-central to autoland. r=merge a=merge 2017-10-26 00:39:55 +02:00
ffxbld
f9617fb9bd No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-10-25 11:22:54 -07:00
ffxbld
769ad2d454 No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-10-25 11:22:50 -07:00
Chris Manchester
c86173526a Bug 1403346 - Replace all uses of ALLOW_COMPILER_WARNINGS with a template, remove ALLOW_COMPILER_WARNINGS. r=glandium 
MozReview-Commit-ID: 1G2o4fy74cf
 2017-10-25 15:12:09 -07:00
David Keeler
83ca10065e bug 1180826 - add support for sha256 digests in add-on signature manifests r=dveditz,jcj 
MozReview-Commit-ID: HTlm6esgPUx

--HG--
extra : rebase_source : 50f082dea0b2afb1e9099fb94364863a4d85543b
 2017-10-09 13:53:23 -07:00
Andrea Marchesini
ec610d5b7e Bug 1409329 - NS_NewBufferedOutputStream should take the ownership of the outputStream, r=smaug 2017-10-24 14:38:23 +02:00
Sebastian Hengst
af53b8aad8 merge mozilla-central to autoland. r=merge a=merge 2017-10-23 23:52:54 +02:00
Sebastian Hengst
0021c0caf6 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 4FPQxtXkXoF
 2017-10-23 23:48:36 +02:00
ffxbld
9224f75aad No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update 2017-10-23 11:21:33 -07:00
ffxbld
8322ac2945 No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update 2017-10-23 11:21:30 -07:00
ffxbld
6a17c316ba No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-10-22 11:23:23 -07:00
ffxbld
eabd4bce16 No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-10-22 11:23:19 -07:00
ffxbld
3f2fe4b3fa No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update 2017-10-22 11:10:23 -07:00
ffxbld
cc6a84456b No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update 2017-10-22 11:10:20 -07:00
Sebastian Hengst
fc5faa6d80 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: DmqQMMkwBYJ
 2017-10-22 11:33:04 +02:00
ffxbld
198fe54503 No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update 2017-10-21 11:24:10 -07:00
ffxbld
3aeaefef0b No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update 2017-10-21 11:24:06 -07:00
ffxbld
7f7b3b43f6 No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update 2017-10-20 22:50:42 -07:00
ffxbld
a84b3aab6c No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update 2017-10-20 22:50:38 -07:00
Sebastian Hengst
7e9a8a9bc9 merge mozilla-central to autoland. r=merge a=merge 2017-10-21 11:00:23 +02:00
David Keeler
3961574fa2 bug 1381154 - remove smartcard monitoring threads r=jcj,mgoodwin 
Modified from bug 1248818 comment 11:
Before this patch, if a user had a smart card (PKCS#11 device) with removable
slots, Firefox would launch a thread for each module and loop, calling
SECMOD_WaitForAnyTokenEvent to be alerted to any insertions/removals. At
shutdown, we would call SECMOD_CancelWait, which would cancel any waiting
threads. However, since that involved calling 3rd party code, we really had no
idea if these modules were behaving correctly (and, indeed, they often weren't,
judging by the shutdown crashes we were getting).
The real solution is to stop relying on PKCS#11, but since that's unlikely in
the near future, the next best thing would be to load these modules in a child
process. That way, misbehaving modules don't cause Firefox to hang/crash/etc.
That's a lot of engineering work, though, so what this patch does is avoids the
issue by never calling SECMOD_WaitForAnyTokenEvent (and thus we never have to
call SECMOD_CancelWait, etc.). Instead, every time Firefox performs an operation
that may be affected by a newly added or removed smart card, it first has NSS
refresh its view of any removable slots. This is similar to how we ensure the
loadable roots module has been loaded (see bug 1372656).

MozReview-Commit-ID: JpmLdV7Vvor

--HG--
extra : rebase_source : d3503d19fa9297106d661a017a38c30969fa39b4
 2017-09-28 14:27:21 -07:00
Masatoshi Kimura
dbd92543c6 Bug 1313150 - Remove |weak| parameter from nsIMutableArray methods. r=froydnj 
MozReview-Commit-ID: 7JoD4VYzZp3

--HG--
extra : rebase_source : 5db437f1c34608aa223916874d62b48c59baeae8
 2017-10-21 23:53:02 +09:00
Tom Ritter
387fbfc8b6 Bug 1406736 Match MinGW's macro so we declare gmtime_r under MinGW too r=froydnj 
MozReview-Commit-ID: 2U2ToeyVUUt

--HG--
extra : rebase_source : a4ebd43f4529cc6b815f5bb849021a994dda959f
 2017-10-09 00:18:19 -05:00
Sebastian Hengst
2592ce224a merge mozilla-central to autoland. r=merge a=merge 2017-10-20 11:45:03 +02:00
Sebastian Hengst
bc6dddb88b merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: BY4c5BIOF81
 2017-10-20 11:37:54 +02:00
ffxbld
dec4e39e21 No bug, Automated HPKP preload list update from host bld-linux64-spot-326 - a=hpkp-update 2017-10-19 22:45:36 -07:00
ffxbld
e46be631b4 No bug, Automated HSTS preload list update from host bld-linux64-spot-326 - a=hsts-update 2017-10-19 22:45:32 -07:00
ffxbld
1c4da216e0 No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-10-19 10:44:01 -07:00
ffxbld
e93bac77bf No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-10-19 10:43:57 -07:00
Sebastian Hengst
bf793df477 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: HasKw28SN45
 2017-10-19 11:26:22 +02:00
ffxbld
161b9f45ac No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-18 23:02:08 -07:00
ffxbld
9e31463fe9 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-18 23:02:04 -07:00
Ryan VanderMeulen
cb612851ed Merge inbound to m-c. a=merge 2017-10-18 21:01:34 -04:00
Sebastian Hengst
3e8ed7e2b5 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: D8YSuNsBw9o
 2017-10-19 00:04:37 +02:00
ffxbld
d0448c9700 No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-10-18 10:44:21 -07:00
ffxbld
e71bbf3687 No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-10-18 10:44:17 -07:00
Sebastian Hengst
73dd633569 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JvxL3r663v
 2017-10-18 11:42:41 +02:00
ffxbld
ef0a21cfb7 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-17 22:48:33 -07:00
ffxbld
618a00c142 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-17 22:48:30 -07:00
Nicholas Nethercote
78030c0e7b Bug 1409598 - Change nsIXPCScriptable::className and nsIClassInfo::{contractID,classDescription} from string to AUTF8String. r=froydnj. 
This lets us replace moz_xstrdup() of string literals with AssignLiteral(),
among other improvements.

--HG--
extra : rebase_source : 9994d8ccb4f196cf63564b0dac2ae6c4370defb4
 2017-10-18 13:17:26 +11:00
ffxbld
dca019c94b No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update 2017-10-17 10:44:24 -07:00
ffxbld
64dcdb175e No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update 2017-10-17 10:44:21 -07:00
Sebastian Hengst
32f7c8fec3 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 1h3kZyrtqSt
 2017-10-17 11:45:16 +02:00
Sebastian Hengst
af89102d41 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JRsSap6SwOZ
 2017-10-17 11:42:24 +02:00
ffxbld
0498069c9a No bug, Automated HPKP preload list update from host bld-linux64-spot-315 - a=hpkp-update 2017-10-16 23:06:00 -07:00
ffxbld
962f3aa143 No bug, Automated HSTS preload list update from host bld-linux64-spot-315 - a=hsts-update 2017-10-16 23:05:56 -07:00
ffxbld
e5bbda30b9 No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-10-15 22:50:12 -07:00
ffxbld
28ef948b68 No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update 2017-10-15 22:50:09 -07:00
ffxbld
40b456626e No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-10-15 10:33:36 -07:00
ffxbld
93cacab1f5 No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-10-15 10:33:33 -07:00
ffxbld
39f4a652d1 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-14 22:59:04 -07:00
ffxbld
0c0219f6c4 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-14 22:59:01 -07:00
ffxbld
01970ed92d No bug, Automated HPKP preload list update from host bld-linux64-spot-327 - a=hpkp-update 2017-10-14 10:38:55 -07:00
ffxbld
957ff16de8 No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update 2017-10-14 10:38:51 -07:00
ffxbld
b864294e1e No bug, Automated HPKP preload list update from host bld-linux64-spot-329 - a=hpkp-update 2017-10-13 23:34:33 -07:00
ffxbld
36c79a8634 No bug, Automated HSTS preload list update from host bld-linux64-spot-329 - a=hsts-update 2017-10-13 23:34:30 -07:00
Sebastian Hengst
24583b9443 merge mozilla-central to autoland. r=merge a=merge 2017-10-20 01:08:09 +02:00
ffxbld
471e3a93c9 No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2017-10-13 10:47:02 -07:00
ffxbld
c478ef3218 No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2017-10-13 10:46:59 -07:00
ffxbld
138ee08992 No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update 2017-10-13 00:02:05 -07:00
ffxbld
15e460fc58 No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update 2017-10-13 00:02:01 -07:00
Sebastian Hengst
5c00b8540d merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: AlcL6XYDkf
 2017-10-12 23:58:31 +02:00
ffxbld
ef0d419a79 No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update 2017-10-12 10:52:26 -07:00
ffxbld
ee7b9d0f42 No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update 2017-10-12 10:52:23 -07:00
Sebastian Hengst
e22c8fc5ef merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JX8NRn7MQY4
 2017-10-12 11:34:05 +02:00
ffxbld
32465a09d0 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-11 23:23:04 -07:00
ffxbld
5459aabb52 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-11 23:23:00 -07:00
Matthew Gregan
28e8f43756 Bug 1408821 - Allow FIONBIO ioctl from the content sandbox. r=jld 
--HG--
extra : rebase_source : c6a1b525bc7d9207583200fd5d5059a8155b889f
 2017-10-16 14:54:46 +13:00
ffxbld
90fa230f6d No bug, Automated HPKP preload list update from host bld-linux64-spot-327 - a=hpkp-update 2017-10-11 11:05:07 -07:00
ffxbld
5793b91bb2 No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update 2017-10-11 11:05:03 -07:00
Tim Taubert
6ecc0e0e1a Bug 1401594 - land NSS 4bf658832d89 UPGRADE_NSS_RELEASE, r=me 2017-10-12 15:34:02 +02:00
ffxbld
e8c853cf32 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-10 22:59:38 -07:00
ffxbld
426bb81282 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-10 22:59:34 -07:00
Sebastian Hengst
01cd7f3d0f merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: GbmY183Epi2
 2017-10-10 23:56:11 +02:00
ffxbld
c8b9469182 No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-10-10 10:45:25 -07:00