Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-11 04:15:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
570,095 Commits 615 Branches 98 Tags 6 GiB
973e21879e
Commit Graph

12684 Commits

Author SHA1 Message Date
Jed Davis
160e1dcfe0 Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp 
MozReview-Commit-ID: JX81xpNBMIm

--HG--
extra : rebase_source : c7334f3e0b61b4fb4e0305cc6fc5d3173d08c032
 2017-10-25 16:38:20 -06:00
Jed Davis
b8aa6b6de9 Bug 1410241 - Don't call destructors on objects we use in the SIGSYS handler. r=gcp 
MozReview-Commit-ID: LAgORUSvDh9

--HG--
extra : rebase_source : b39836ebb7405202c60b075b30b48966ac644e71
 2017-10-25 17:58:22 -06:00
Jed Davis
aa4363afaa Bug 1410280 - Re-allow PR_GET_NAME for sandboxed content processes. r=gcp 
This prctl is used by PulseAudio; once bug 1394163 is resolved, allowing
it can be made conditional on the media.cubeb.sandbox pref.

MozReview-Commit-ID: 6jAM65V32vK

--HG--
extra : rebase_source : abb039aff7cefc0aa3b95f4574fdf1e3fb0d93a6
 2017-10-25 11:04:34 -06:00
Sebastian Hengst
d10e26c913 merge mozilla-central to mozilla-inbound. r=merge a=merge 2017-10-27 00:00:25 +02:00
ffxbld
7c460507ae No bug, Automated HPKP preload list update from host bld-linux64-spot-038 - a=hpkp-update 2017-10-26 11:33:02 -07:00
ffxbld
13bc938b90 No bug, Automated HSTS preload list update from host bld-linux64-spot-038 - a=hsts-update 2017-10-26 11:32:58 -07:00
Phil Ringnalda
a173b09db6 Backed out changeset ccc0e72f2152 (bug 1403260) for hanging Mac browser-chrome in printing tests 
MozReview-Commit-ID: IZNT5Jh8nzB
 2017-10-25 23:00:17 -07:00
Haik Aftandilian
362316451f Bug 1403260 - [Mac] Remove access to print server from content process sandbox r=mconley 
MozReview-Commit-ID: Ia21je8TTIg

--HG--
extra : rebase_source : 656e9e3ac8d1fb741d46881458bb0b7fb402d688
 2017-10-22 23:02:58 -07:00
Sebastian Hengst
23c958dc39 Backed out 2 changesets (bug 1411683) for build bustage in security/manager/ssl/tests/gtest/CertListTest.cpp. r=backout on a CLOSED TREE 
Backed out changeset 9d579c7e46b9 (bug 1411683)
Backed out changeset 21a17ab8b0fc (bug 1411683)
 2017-10-27 23:53:55 +02:00
Sebastian Hengst
841ee307e6 merge mozilla-central to autoland. r=merge a=merge 2017-10-27 23:32:15 +02:00
J.C. Jones
de44bcbd15 Bug 1411683 - Add foreach and segment utility methods to nsNSSCertList r=keeler 
This adds two methods to nsNSSCertList: ForEachCertificateInChain, and
SegmentCertificateChain. The ForEach method calls a supplied function for each
certificate in the chain, one by one.

That method is then used by the Segment method, which (assuming the chain is
ordered) splits it into Root, End Entity, and everything in-between as a list of
Intermediates.

This patch does _not_ try to add these methods to the IDL, as it's not
straightforward to me on how to handle the nsCOMPtr or std::function arguments.

These methods will be first used by Bug 1409259.

MozReview-Commit-ID: 8qjwF3juLTr

--HG--
extra : rebase_source : 39e2e8530ac23c6b96eb73f406bca32a59bcccf5
 2017-10-25 13:37:50 -05:00
J.C. Jones
6594c2801b Bug 1411683 - Add "requirements.txt" for pycert.py r=keeler 
There are specific versions needed for security/manager/ssl/tests/unit/pycert.py,
so let's give PIP some installation help:

0.1.7 for pyasn1 and 0.0.5 for pyasn1_modules

(recent versions break pycert/pykey/pycms)

MozReview-Commit-ID: Fk98UPd8bJo

--HG--
extra : rebase_source : 79436d4e99cda1dca438015835fdfa83a78c4dc7
 2017-10-25 16:03:58 -05:00
Sebastian Hengst
443416f881 Merge mozilla-central to autoland. r=merge a=merge 2017-10-26 00:39:55 +02:00
ffxbld
f9617fb9bd No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-10-25 11:22:54 -07:00
ffxbld
769ad2d454 No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-10-25 11:22:50 -07:00
Chris Manchester
c86173526a Bug 1403346 - Replace all uses of ALLOW_COMPILER_WARNINGS with a template, remove ALLOW_COMPILER_WARNINGS. r=glandium 
MozReview-Commit-ID: 1G2o4fy74cf
 2017-10-25 15:12:09 -07:00
David Keeler
83ca10065e bug 1180826 - add support for sha256 digests in add-on signature manifests r=dveditz,jcj 
MozReview-Commit-ID: HTlm6esgPUx

--HG--
extra : rebase_source : 50f082dea0b2afb1e9099fb94364863a4d85543b
 2017-10-09 13:53:23 -07:00
Andrea Marchesini
ec610d5b7e Bug 1409329 - NS_NewBufferedOutputStream should take the ownership of the outputStream, r=smaug 2017-10-24 14:38:23 +02:00
Sebastian Hengst
af53b8aad8 merge mozilla-central to autoland. r=merge a=merge 2017-10-23 23:52:54 +02:00
Sebastian Hengst
0021c0caf6 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 4FPQxtXkXoF
 2017-10-23 23:48:36 +02:00
ffxbld
9224f75aad No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update 2017-10-23 11:21:33 -07:00
ffxbld
8322ac2945 No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update 2017-10-23 11:21:30 -07:00
ffxbld
6a17c316ba No bug, Automated HPKP preload list update from host bld-linux64-spot-036 - a=hpkp-update 2017-10-22 11:23:23 -07:00
ffxbld
eabd4bce16 No bug, Automated HSTS preload list update from host bld-linux64-spot-036 - a=hsts-update 2017-10-22 11:23:19 -07:00
ffxbld
3f2fe4b3fa No bug, Automated HPKP preload list update from host bld-linux64-spot-031 - a=hpkp-update 2017-10-22 11:10:23 -07:00
ffxbld
cc6a84456b No bug, Automated HSTS preload list update from host bld-linux64-spot-031 - a=hsts-update 2017-10-22 11:10:20 -07:00
Sebastian Hengst
fc5faa6d80 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: DmqQMMkwBYJ
 2017-10-22 11:33:04 +02:00
ffxbld
198fe54503 No bug, Automated HPKP preload list update from host bld-linux64-spot-035 - a=hpkp-update 2017-10-21 11:24:10 -07:00
ffxbld
3aeaefef0b No bug, Automated HSTS preload list update from host bld-linux64-spot-035 - a=hsts-update 2017-10-21 11:24:06 -07:00
ffxbld
7f7b3b43f6 No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update 2017-10-20 22:50:42 -07:00
ffxbld
a84b3aab6c No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update 2017-10-20 22:50:38 -07:00
Sebastian Hengst
7e9a8a9bc9 merge mozilla-central to autoland. r=merge a=merge 2017-10-21 11:00:23 +02:00
David Keeler
3961574fa2 bug 1381154 - remove smartcard monitoring threads r=jcj,mgoodwin 
Modified from bug 1248818 comment 11:
Before this patch, if a user had a smart card (PKCS#11 device) with removable
slots, Firefox would launch a thread for each module and loop, calling
SECMOD_WaitForAnyTokenEvent to be alerted to any insertions/removals. At
shutdown, we would call SECMOD_CancelWait, which would cancel any waiting
threads. However, since that involved calling 3rd party code, we really had no
idea if these modules were behaving correctly (and, indeed, they often weren't,
judging by the shutdown crashes we were getting).
The real solution is to stop relying on PKCS#11, but since that's unlikely in
the near future, the next best thing would be to load these modules in a child
process. That way, misbehaving modules don't cause Firefox to hang/crash/etc.
That's a lot of engineering work, though, so what this patch does is avoids the
issue by never calling SECMOD_WaitForAnyTokenEvent (and thus we never have to
call SECMOD_CancelWait, etc.). Instead, every time Firefox performs an operation
that may be affected by a newly added or removed smart card, it first has NSS
refresh its view of any removable slots. This is similar to how we ensure the
loadable roots module has been loaded (see bug 1372656).

MozReview-Commit-ID: JpmLdV7Vvor

--HG--
extra : rebase_source : d3503d19fa9297106d661a017a38c30969fa39b4
 2017-09-28 14:27:21 -07:00
Masatoshi Kimura
dbd92543c6 Bug 1313150 - Remove |weak| parameter from nsIMutableArray methods. r=froydnj 
MozReview-Commit-ID: 7JoD4VYzZp3

--HG--
extra : rebase_source : 5db437f1c34608aa223916874d62b48c59baeae8
 2017-10-21 23:53:02 +09:00
Tom Ritter
387fbfc8b6 Bug 1406736 Match MinGW's macro so we declare gmtime_r under MinGW too r=froydnj 
MozReview-Commit-ID: 2U2ToeyVUUt

--HG--
extra : rebase_source : a4ebd43f4529cc6b815f5bb849021a994dda959f
 2017-10-09 00:18:19 -05:00
Sebastian Hengst
2592ce224a merge mozilla-central to autoland. r=merge a=merge 2017-10-20 11:45:03 +02:00
Sebastian Hengst
bc6dddb88b merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: BY4c5BIOF81
 2017-10-20 11:37:54 +02:00
ffxbld
dec4e39e21 No bug, Automated HPKP preload list update from host bld-linux64-spot-326 - a=hpkp-update 2017-10-19 22:45:36 -07:00
ffxbld
e46be631b4 No bug, Automated HSTS preload list update from host bld-linux64-spot-326 - a=hsts-update 2017-10-19 22:45:32 -07:00
ffxbld
1c4da216e0 No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-10-19 10:44:01 -07:00
ffxbld
e93bac77bf No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-10-19 10:43:57 -07:00
Sebastian Hengst
bf793df477 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: HasKw28SN45
 2017-10-19 11:26:22 +02:00
ffxbld
161b9f45ac No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-18 23:02:08 -07:00
ffxbld
9e31463fe9 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-18 23:02:04 -07:00
Ryan VanderMeulen
cb612851ed Merge inbound to m-c. a=merge 2017-10-18 21:01:34 -04:00
Sebastian Hengst
3e8ed7e2b5 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: D8YSuNsBw9o
 2017-10-19 00:04:37 +02:00
ffxbld
d0448c9700 No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-10-18 10:44:21 -07:00
ffxbld
e71bbf3687 No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-10-18 10:44:17 -07:00
Sebastian Hengst
73dd633569 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JvxL3r663v
 2017-10-18 11:42:41 +02:00
ffxbld
ef0a21cfb7 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-17 22:48:33 -07:00
ffxbld
618a00c142 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-17 22:48:30 -07:00
Nicholas Nethercote
78030c0e7b Bug 1409598 - Change nsIXPCScriptable::className and nsIClassInfo::{contractID,classDescription} from string to AUTF8String. r=froydnj. 
This lets us replace moz_xstrdup() of string literals with AssignLiteral(),
among other improvements.

--HG--
extra : rebase_source : 9994d8ccb4f196cf63564b0dac2ae6c4370defb4
 2017-10-18 13:17:26 +11:00
ffxbld
dca019c94b No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update 2017-10-17 10:44:24 -07:00
ffxbld
64dcdb175e No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update 2017-10-17 10:44:21 -07:00
Sebastian Hengst
32f7c8fec3 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 1h3kZyrtqSt
 2017-10-17 11:45:16 +02:00
Sebastian Hengst
af89102d41 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JRsSap6SwOZ
 2017-10-17 11:42:24 +02:00
ffxbld
0498069c9a No bug, Automated HPKP preload list update from host bld-linux64-spot-315 - a=hpkp-update 2017-10-16 23:06:00 -07:00
ffxbld
962f3aa143 No bug, Automated HSTS preload list update from host bld-linux64-spot-315 - a=hsts-update 2017-10-16 23:05:56 -07:00
ffxbld
e5bbda30b9 No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-10-15 22:50:12 -07:00
ffxbld
28ef948b68 No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update 2017-10-15 22:50:09 -07:00
ffxbld
40b456626e No bug, Automated HPKP preload list update from host bld-linux64-spot-301 - a=hpkp-update 2017-10-15 10:33:36 -07:00
ffxbld
93cacab1f5 No bug, Automated HSTS preload list update from host bld-linux64-spot-301 - a=hsts-update 2017-10-15 10:33:33 -07:00
ffxbld
39f4a652d1 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-14 22:59:04 -07:00
ffxbld
0c0219f6c4 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-14 22:59:01 -07:00
ffxbld
01970ed92d No bug, Automated HPKP preload list update from host bld-linux64-spot-327 - a=hpkp-update 2017-10-14 10:38:55 -07:00
ffxbld
957ff16de8 No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update 2017-10-14 10:38:51 -07:00
ffxbld
b864294e1e No bug, Automated HPKP preload list update from host bld-linux64-spot-329 - a=hpkp-update 2017-10-13 23:34:33 -07:00
ffxbld
36c79a8634 No bug, Automated HSTS preload list update from host bld-linux64-spot-329 - a=hsts-update 2017-10-13 23:34:30 -07:00
Sebastian Hengst
24583b9443 merge mozilla-central to autoland. r=merge a=merge 2017-10-20 01:08:09 +02:00
ffxbld
471e3a93c9 No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2017-10-13 10:47:02 -07:00
ffxbld
c478ef3218 No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2017-10-13 10:46:59 -07:00
ffxbld
138ee08992 No bug, Automated HPKP preload list update from host bld-linux64-spot-032 - a=hpkp-update 2017-10-13 00:02:05 -07:00
ffxbld
15e460fc58 No bug, Automated HSTS preload list update from host bld-linux64-spot-032 - a=hsts-update 2017-10-13 00:02:01 -07:00
Sebastian Hengst
5c00b8540d merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: AlcL6XYDkf
 2017-10-12 23:58:31 +02:00
ffxbld
ef0d419a79 No bug, Automated HPKP preload list update from host bld-linux64-spot-306 - a=hpkp-update 2017-10-12 10:52:26 -07:00
ffxbld
ee7b9d0f42 No bug, Automated HSTS preload list update from host bld-linux64-spot-306 - a=hsts-update 2017-10-12 10:52:23 -07:00
Sebastian Hengst
e22c8fc5ef merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: JX8NRn7MQY4
 2017-10-12 11:34:05 +02:00
ffxbld
32465a09d0 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-11 23:23:04 -07:00
ffxbld
5459aabb52 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-11 23:23:00 -07:00
Matthew Gregan
28e8f43756 Bug 1408821 - Allow FIONBIO ioctl from the content sandbox. r=jld 
--HG--
extra : rebase_source : c6a1b525bc7d9207583200fd5d5059a8155b889f
 2017-10-16 14:54:46 +13:00
ffxbld
90fa230f6d No bug, Automated HPKP preload list update from host bld-linux64-spot-327 - a=hpkp-update 2017-10-11 11:05:07 -07:00
ffxbld
5793b91bb2 No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update 2017-10-11 11:05:03 -07:00
Tim Taubert
6ecc0e0e1a Bug 1401594 - land NSS 4bf658832d89 UPGRADE_NSS_RELEASE, r=me 2017-10-12 15:34:02 +02:00
ffxbld
e8c853cf32 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-10 22:59:38 -07:00
ffxbld
426bb81282 No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-10 22:59:34 -07:00
Sebastian Hengst
01cd7f3d0f merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: GbmY183Epi2
 2017-10-10 23:56:11 +02:00
ffxbld
c8b9469182 No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-10-10 10:45:25 -07:00
ffxbld
4d59676f4f No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-10-10 10:45:22 -07:00
ffxbld
678b6b5093 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-09 22:53:39 -07:00
ffxbld
c5ca0896eb No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-09 22:53:35 -07:00
Sebastian Hengst
c2d6023454 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 36L7JL73CzG
 2017-10-09 23:52:04 +02:00
Sebastian Hengst
c623cb074c merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 63rZAVDkxDT
 2017-10-09 23:46:29 +02:00
ffxbld
b53e29293c No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-10-09 10:45:59 -07:00
ffxbld
50ebdd5c44 No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-10-09 10:45:55 -07:00
Sebastian Hengst
f7efb5fc2c Merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE 2017-10-12 12:03:15 +02:00
Jim Mathies
17a6cb2cbf Bug 1407766 - Remove symantec dlls from the content process dll blocklist due to process startup issues associated with symantec av products. r=bobowen 
MozReview-Commit-ID: JMOIptO2y7F
 2017-10-11 18:00:18 -05:00
Sebastian Hengst
aa78440a09 merge mozilla-inbound to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: EE6DcCgHufi
 2017-10-09 11:19:20 +02:00
ffxbld
6c0975fc33 No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-10-08 22:51:19 -07:00
ffxbld
f804ab0aa0 No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-10-08 22:51:15 -07:00
ffxbld
7e3b55bb22 No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-10-07 23:08:04 -07:00
ffxbld
d51cd0971c No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-10-07 23:08:00 -07:00
ffxbld
aa721cc82a No bug, Automated HPKP preload list update from host bld-linux64-spot-308 - a=hpkp-update 2017-10-07 10:39:48 -07:00
ffxbld
c48db0de1a No bug, Automated HSTS preload list update from host bld-linux64-spot-308 - a=hsts-update 2017-10-07 10:39:44 -07:00
Nicholas Nethercote
8a68e6fb83 Bug 1403868 (part 4) - Reduce tools/profiler/public/*.h to almost nothing in non-MOZ_GECKO_PROFILER builds. r=mstange. 
Currently the Gecko Profiler defines a moderate amount of stuff when
MOZ_GECKO_PROFILER is undefined. It also #includes various headers, including
JS ones. This is making it difficult to separate Gecko's media stack for
inclusion in Servo.

This patch greatly simplifies how things are exposed. The starting point is:

- GeckoProfiler.h can be #included unconditionally;

- everything else from the profiler must be guarded by MOZ_GECKO_PROFILER.

In practice this introduces way too many #ifdefs, so the patch loosens it by
adding no-op macros for a number of the most common operations.

The net result is that #ifdefs and macros are used a bit more, but almost
nothing is exposed in non-MOZ_GECKO_PROFILER builds (including
ProfilerMarkerPayload.h and GeckoProfiler.h), and understanding what is exposed
is much simpler than before.

Note also that in BHR, ThreadStackHelper is now entirely absent in
non-MOZ_GECKO_PROFILER builds.
 2017-10-04 09:11:18 +11:00
David Keeler
5f608d08d6 bug 1404824 - reconcile inconsistent TLS version range settings by erring on the conservative side r=mayhemer 
Before this patch, if a user set their TLS version range preferences to only
allow TLS 1.3, any connections made with the BE_CONSERVATIVE flag or via the
telemetry studies flags would fail because we would attempt to set an
inconsistent TLS version range (the minimum was greater than the maximum). This
fixes that by setting the minimum to the flag-configured maximum. This
intentionally overrides the user's preferences because it is in the context of
browser-critical services (i.e. update servers) or telemetry studies.

MozReview-Commit-ID: 1kKE5nOVQz8

--HG--
extra : rebase_source : 047aa03f401d75aba3f6c5f4c572d2cc451a329e
 2017-10-03 14:51:57 -07:00
David Keeler
c24fb615fa bug 1404824 - fix error-handling case of plaintext-layer popping in nsNSSSocketInfo r=mayhemer 
The PRFileDesc* returned by PR_PopIOLayer must be used rather than a preexisting
pointer to the layer in question.

MozReview-Commit-ID: 8PsCA5npaj6

--HG--
extra : rebase_source : 7488d70ffd428b103ae51d1ebcf15745acd9bf12
 2017-10-03 14:29:31 -07:00
Bob Owen
ff9470afb1 Bug 1406068: Expand the list of DLLs that are suspected of causing a crash in ImageBridgeChild::InitForContent. r=jimm 
I think that trying to slice this up by feature is just going to lead to complications down the line,
so to keep it simple I've moved this to the launch code for all sandboxed children, not just when the
Alternate Desktop is enabled.
This also, similar to chromium, only adds them to the blocklist if they are loaded in the parent.
 2017-10-10 10:42:22 +01:00
Kris Maglione
4a767c7e6e Bug 1404198: Part 2j - Switch to NS_NewTimer* everywhere else. r=njn 
MozReview-Commit-ID: LmGIgfmNSmk

--HG--
extra : rebase_source : bf34e852beb0c8f6eafd09184c2e0cda95f95f83
 2017-09-24 19:57:48 -07:00
Wouter Verhelst
900dd77859 Bug 1404421 - Add an empty slot to the test PKCS#11 module r=keeler 
It is helpful to have a slot which never has a token, so that the
absense of a token can be asserted in unit tests.

Add a third token that is always empty, and update a number of unit
tests to check for it.

MozReview-Commit-ID: 4apvRRhZJus

--HG--
extra : rebase_source : cd3bb819bcf66c769f36a428ed26ea8fa6c68a26
 2017-10-01 12:10:20 +02:00
Jed Davis
3709f8d1e4 Bug 1406233 - Include sys/sysmacros.h for major()/minor() macros in Linux sandbox broker. r=gcp 
MozReview-Commit-ID: G1D4yxLAAqg

--HG--
extra : rebase_source : 2b13a20e324a3160ce393f7eb7913d78cc274419
 2017-10-05 18:10:49 -06:00
Jed Davis
860bc842e2 Bug 1405891 - Block tty-related ioctl()s in sandboxed content processes. r=gcp 
MozReview-Commit-ID: KiBfibjLSfK

--HG--
extra : rebase_source : e0cdbb5026c03d2b5a12fb49161aee392efb4189
 2017-10-05 19:53:31 -06:00
Haik Aftandilian
90adeb05d8 Bug 1404919 - Whitelist Extensis Suitcase Fusion fontvaults and /System/Library/Fonts. r=Alex_Gaynor 
MozReview-Commit-ID: 5UaqiHBKd90

--HG--
extra : rebase_source : 3497f97815d57e9e3fa0cc13482af5d0d81cfd87
 2017-10-12 18:29:42 -07:00
David Keeler
6bbfc835f0 bug 1406396 - work around NSS utils potentially loading spurious root cert modules r=mgoodwin 
NSS command-line utilities may add a built-in root certificate module with the
name "Root Certs" if run on a profile that has a copy of the module file (which
is an unexpected configuration in general for Firefox). This can cause breakage.
To work around this, PSM now simply deletes any module named "Root Certs" at
startup. In an effort to prevent PSM from deleting unrelated modules
coincidentally named "Root Certs", we also prevent the user from using the
Firefox UI to name modules "Root Certs".

MozReview-Commit-ID: ABja3wpShO9

--HG--
extra : rebase_source : cfc62fb3fabf491a72f009601f3ec6973244642e
 2017-10-13 11:27:30 -07:00
David Keeler
2a15781174 Bug 1369561 - Address misc. SnprintfLiteral correctness nits. r=jld, r=froydnj 2017-09-15 14:47:54 -07:00
Nathan Froyd
4438ffeabf Bug 1406486 - provide nsClientAuthRememberEntry/nsCertOverrideEntry with move constructors; r=keeler 
Move constructors are more appropriate for these classes, since the
underlying hashtable code will be moving them around, not copying them.
We can take this opportunity to fix a bug in nsClientAuthRememberEntry:
it wasn't transferring the value of mEntryKey, which would have been
disastrous if the underlying hash table was ever resized.
 2017-10-09 10:39:38 -04:00
Ryan VanderMeulen
0dcd727f08 Merge m-c to autoland. a=merge 2017-10-11 17:55:13 -04:00
Jed Davis
a9b7865141 Bug 1316153 - Remove base::ChildPrivileges from IPC. r=billm,bobowen 
ChildPrivileges is a leftover from the B2G process model; it's now
mostly unused, except for the Windows sandbox using it to carry whether
a content process has file:/// access.

In general, when sandboxing needs to interact with process launch, the
inputs are some subset of: the GeckoProcessType, the subtype if content,
various prefs and even GPU configuration; and the resulting launch
adjustments are platform-specific.  And on some platforms (e.g., OS X)
it's all done after launch.  So a simple enum used cross-platform isn't
a good fit.

MozReview-Commit-ID: K31OHOpJzla

--HG--
extra : rebase_source : 3928b44eb86cd076bcac7897536590555237b76b
 2017-09-08 16:16:50 -06:00
Tom Ritter
701ee70a22 Bug 1406687 Pass return values from fwrite to Unused to silence the warn-unused-result warning r=njn 
MozReview-Commit-ID: 4v6tPF5aMz7

--HG--
extra : rebase_source : fe434db73a8da686391462c12b91648348abcdc9
 2017-10-09 15:01:48 -05:00
Sebastian Hengst
57b7c19650 merge mozilla-central to autoland. r=merge a=merge 2017-10-11 11:51:32 +02:00
Gian-Carlo Pascutto
433feb3f7e Bug 1387837 - Add library paths from /etc/ld.so.conf to broker read access policy. r=jld 
MozReview-Commit-ID: S5vq6suTU4

--HG--
extra : rebase_source : b82f3ff902ca6e4929a8458aa952f409e30356b5
 2017-10-06 12:35:35 +02:00
Nicolas Vigier
21244bc461 Bug 1305396 - Replace memmove with std::copy_backward in a file that doesn't include cstring explicitly. r=keeler 2017-10-16 20:03:54 +02:00
J.C. Jones
d01c97d43a Bug 1392852 - Disable EV treatment for old StartCom root certificates r=keeler 
Per the root program's request, this patch removes EV treatment for three
StartCom roots:

1) CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: C7:66:A9:BE:F2:D4:07:1C:86:3A:31:AA:49:20:E8:13:B2:D1:98:60:8C:B7:B7:CF:E2:11:43:B8:36:DF:09:EA

2) CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: E1:78:90:EE:09:A3:FB:F4:F4:8B:9C:41:4A:17:D6:37:B7:A5:06:47:E9:BC:75:23:22:72:7F:CC:17:42:A9:11

3) CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: C7:BA:65:67:DE:93:A7:98:AE:1F:AA:79:1E:71:2D:37:8F:AE:1F:93:C4:39:7F:EA:44:1B:B7:CB:E6:FD:59:95

MozReview-Commit-ID: COOu1zvoNWG

--HG--
extra : rebase_source : 68ce6ebd850f3a796bb52e71d05b02b8d860c9f7
 2017-10-16 16:14:06 -07:00
J.C. Jones
11a9b47490 Bug 1387261 - Remove EV treatment for WoSign roots r=keeler 
Per the root program's request, this patch removes EV treatment for four WoSign
roots:

Common Name: CA 沃通根证书
SHA-256 Fingerprint: D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54

Common Name: Certification Authority of WoSign
SHA-256 Fingerprint: 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08

Common Name: Certification Authority of WoSign G2
SHA-256 Fingerprint: D4:87:A5:6F:83:B0:74:82:E8:5E:96:33:94:C1:EC:C2:C9:E5:1D:09:03:EE:94:6B:02:C3:01:58:1E:D9:9E:16

Common Name: CA WoSign ECC Root
SHA-256 Fingerprint: 8B:45:DA:1C:06:F7:91:EB:0C:AB:F2:6B:E5:88:F5:FB:23:16:5C:2E:61:4B:F8:85:56:2D:0D:CE:50:B2:9B:02

MozReview-Commit-ID: Bxp9LgvxCsp

--HG--
extra : rebase_source : 065d98cc654d3fb22c17ea185253ce917b48e270
 2017-10-16 16:08:56 -07:00
Haik Aftandilian
9d77bd9d20 Bug 1393805 - Part 5 - Test that the system extensions dev dir is readable from content. r=bobowen 
MozReview-Commit-ID: 7YN7S7R39CU

--HG--
extra : rebase_source : 092f1046a3f6b44c807f7632275615a6bdd674dd
 2017-09-27 16:01:57 -07:00
Haik Aftandilian
1e86039b0d Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp 
MozReview-Commit-ID: 2eTx1eM1fCM

--HG--
extra : rebase_source : c9c40b552b65a36b1ddb94e31ab04d84571e8d87
 2017-10-04 10:50:48 -07:00
Haik Aftandilian
35249752a0 Bug 1393805 - Part 3 - Add Windows whitelisted directory for system extensions development. r=bobowen 
MozReview-Commit-ID: 8K5c3mUlqna

--HG--
extra : rebase_source : 0f5a47e8504a38939a1c34a4bc4073bcdc1545d3
 2017-10-02 15:17:15 -07:00
Haik Aftandilian
c0bfbc91e0 Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r=Alex_Gaynor 
MozReview-Commit-ID: ADkcqFAsKaY

--HG--
extra : rebase_source : 02db543e05109e764228862ef5c760a0132eb4c2
 2017-10-05 16:06:36 -07:00
Mark Banner
4de6bf22b1 Bug 1411368 - Automatically fix no-multi-spaces issues raised when using ESLint 4. r=mossop 
MozReview-Commit-ID: H5YVp3rnzGo

--HG--
extra : rebase_source : 5b45b6c0df834131812d094e975047eaad374e06
 2017-10-26 11:47:01 +01:00
Sebastian Hengst
ee63f2e30a Backed out changeset 0317bcff40bc (bug 1406687) for build bustage at testing/gtest/gtest/src/gtest.cc:3871: 'Unused' was not declared in this scope. r=backout 2017-10-09 18:52:39 +02:00
Tom Ritter
22d2cdf063 Bug 1406687 Pass return values from fwrite to Unused to silence the warn-unused-result warning r=njn 
MozReview-Commit-ID: 4v6tPF5aMz7

--HG--
extra : rebase_source : c54b129c6815096035e262322f40aa0884b1ae56
 2017-10-09 00:26:16 -05:00
Sylvestre Ledru
e0ca72f574 Bug 1406845 - AddMesaSysfsPaths: Resource leak on dir r=gcp 
MozReview-Commit-ID: 3ul84cttRAF

--HG--
extra : rebase_source : 6d5306ef859f2db6101c08fb6aad405ffce30696
 2017-10-09 09:29:29 +02:00
Jed Davis
9bac6e88bd Bug 1328896 - Restrict fcntl() in sandboxed content processes. r=gcp 
MozReview-Commit-ID: BDBTwlT82mf

--HG--
extra : rebase_source : 9036abfb23768e7b17181fbc680692468d66ccd0
 2017-07-24 17:33:07 -06:00
David Keeler
14bdb29dc1 bug 1407081 - rework signed app tests for flexibility with upcoming hash algorithm changes r=Cykesiopka,jcj 
MozReview-Commit-ID: 6HnJPrG7GfK

--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py => security/manager/ssl/tests/unit/sign_app.py
rename : dom/manifest/test/blue-150.png => security/manager/ssl/tests/unit/test_signed_apps/app/data/image.png
rename : security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip => security/manager/ssl/tests/unit/test_signed_apps/signed_app.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip => security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip => security/manager/ssl/tests/unit/test_signed_apps/unsigned_app.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der => security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.der
extra : rebase_source : eacc6ec67b282c93e86254693f48c8bdf6f55816
 2017-10-10 16:55:09 -07:00
David Keeler
65f33e8410 bug 1257362 - remove the code-signing usage from certverifier as nothing uses it r=Cykesiopka 
MozReview-Commit-ID: 6nWy8k6fMvw

--HG--
extra : rebase_source : fa9f78d39b89bfd3416a7a869bf6436d19ac74bc
 2017-10-02 16:24:38 -07:00
Wes Kocher
6dc323cfe9 Merge m-c to autoland, a=merge 
MozReview-Commit-ID: Dxbv9TjDlDY
 2017-10-04 16:47:41 -07:00
Wes Kocher
d8985b6e57 Merge inbound to central, a=merge 
MozReview-Commit-ID: IUFdbLdYFhX
 2017-10-04 16:37:59 -07:00
Wes Kocher
960beae3a6 Merge autoland to central, a=merge 
MozReview-Commit-ID: 5q3B4i0wpSI
 2017-10-04 14:57:59 -07:00
ffxbld
278e956997 No bug, Automated HPKP preload list update from host bld-linux64-spot-324 - a=hpkp-update 2017-10-04 10:43:24 -07:00
ffxbld
9e73581c10 No bug, Automated HSTS preload list update from host bld-linux64-spot-324 - a=hsts-update 2017-10-04 10:43:20 -07:00
Wes Kocher
7b3327cb2e Merge autoland to central, a=merge 
MozReview-Commit-ID: 4jAMhgCDoPO
 2017-10-03 13:25:44 -07:00
ffxbld
6068998290 No bug, Automated HPKP preload list update from host bld-linux64-spot-304 - a=hpkp-update 2017-10-03 10:57:31 -07:00
ffxbld
fb3d97bc0b No bug, Automated HSTS preload list update from host bld-linux64-spot-304 - a=hsts-update 2017-10-03 10:57:27 -07:00
Alex Gaynor
535c9e8dc3 Bug 1380674 - remove the ability to create directories in the content temp directory on macOS; r=haik 
MozReview-Commit-ID: 8SDcDTqp2F5

--HG--
extra : rebase_source : e8094606e5a302db41f7d7fd22656b7e8697d549
 2017-10-03 09:49:44 -04:00
Sebastian Hengst
508993b411 Backed out changeset ee6479d783a6 (bug 1257362) for sometimes failing security/manager/ssl/tests/mochitest/browser/browser_certViewer.js, at least on Linux x64 debug. r=backout on a CLOSED TREE 2017-10-05 00:36:02 +02:00
Sebastian Hengst
6c211079d0 Backed out changeset 8198bc4c7e3c (bug 1393805) 2017-10-05 00:20:11 +02:00
Sebastian Hengst
d60d5571f3 Backed out changeset 45695eda1c1c (bug 1393805) 2017-10-05 00:20:06 +02:00
Sebastian Hengst
072e34c960 Backed out changeset 1ba3220d84fa (bug 1393805) 2017-10-05 00:20:00 +02:00
Sebastian Hengst
e8b4c9dc97 Backed out changeset 4fe99f70e199 (bug 1393805) 2017-10-05 00:19:55 +02:00
David Keeler
fcb5ab8367 bug 1257362 - remove the code-signing usage from certverifier as nothing uses it r=Cykesiopka 
MozReview-Commit-ID: 6nWy8k6fMvw

--HG--
extra : rebase_source : 47a708ecc729c1b25a2a0382001ebd53716cd395
 2017-10-02 16:24:38 -07:00
Kai Engert
2d9f082720 Bug 1401594 - "Upgrade Firefox 58 to use NSS 3.34" r=franziskus 
MozReview-Commit-ID: 2ExI2oh0bPY

--HG--
extra : rebase_source : aa820344a3bbe16bb87186dddd0e8585d54981ae
 2017-09-20 08:17:00 +02:00
Franziskus Kiefer
a4d3f610eb Bug 1401594 - land NSS 6fb9c5396d52 UPGRADE_NSS_RELEASE, r=me 
MozReview-Commit-ID: 8NmVvC1r7uS

--HG--
extra : rebase_source : a14736e0191c18ffd63b3268b5cefd6e33cccc60
 2017-10-04 10:42:25 +02:00
Wes Kocher
83fd890d27 Merge m-c to autoland, a=merge CLOSED TREE 
MozReview-Commit-ID: HeJwJwwTzhQ
 2017-10-02 16:26:42 -07:00
Wes Kocher
382a7d90d6 Merge inbound to central, a=merge 
MozReview-Commit-ID: CvJ9hmTQBcR
 2017-10-02 16:22:37 -07:00
Wes Kocher
55fe1fc9f2 Merge autoland to central, a=merge 
MozReview-Commit-ID: 4ygim4sQ5zd
 2017-10-02 16:02:42 -07:00
ffxbld
fbd250c41f No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-10-02 10:46:46 -07:00
ffxbld
00090bf720 No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-10-02 10:46:43 -07:00
ffxbld
ecafa414e2 No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-10-01 10:58:36 -07:00
ffxbld
4e45118331 No bug, Automated HSTS preload list update from host bld-linux64-spot-307 - a=hsts-update 2017-10-01 10:58:32 -07:00
Sebastian Hengst
55e6971a70 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 3D21HjGG3i4
 2017-10-01 00:59:41 +02:00
ffxbld
97263882e6 No bug, Automated HPKP preload list update from host bld-linux64-spot-326 - a=hpkp-update 2017-09-30 11:03:15 -07:00
ffxbld
7dfb61f787 No bug, Automated HSTS preload list update from host bld-linux64-spot-326 - a=hsts-update 2017-09-30 11:03:11 -07:00
Gian-Carlo Pascutto
4ebb238032 Bug 1384804 - Allow reading /proc/self/status for libnuma. r=jld 
MozReview-Commit-ID: LLwmPVtj0PE

--HG--
extra : rebase_source : 13d3a0cfce2ffc05280ce80d5d84e37b48f242e9
extra : histedit_source : e4e63c8a90c7b7ef16078d6ad9228b685e681c7e
 2017-09-28 16:19:02 +02:00
Wes Kocher
eb9a2ed0f2 Merge inbound to central, a=merge 
MozReview-Commit-ID: IqwKWn7ceHC
 2017-09-29 14:47:25 -07:00
Wes Kocher
1b5b528b2e Merge autoland to central, a=merge 
MozReview-Commit-ID: LJgJXsmBQcx
 2017-09-29 14:45:37 -07:00
ffxbld
f2b181af94 No bug, Automated HPKP preload list update from host bld-linux64-spot-327 - a=hpkp-update 2017-09-29 10:33:54 -07:00
ffxbld
00f17ea93c No bug, Automated HSTS preload list update from host bld-linux64-spot-327 - a=hsts-update 2017-09-29 10:33:50 -07:00
Sebastian Hengst
5253bb7207 merge autoland to mozilla-central. r=merge a=merge 
MozReview-Commit-ID: 2gWLO0vz64b
 2017-09-29 13:30:42 +02:00
Alex Gaynor
d755224ded Bug 1403567 - Remove unused access to AppleGraphicsPolicyClient iokit from content process; r=haik 
MozReview-Commit-ID: 9yTMgo2FNKm

--HG--
extra : rebase_source : 72cc3a295d8823460aae21ebe149ece2df69d087
 2017-09-26 13:05:18 -04:00
Alex Gaynor
d1aef777b6 Bug 1404426 - Simplify the macOS content sandbox policy; r=haik 
This does two things:

1) Move the level 3 rules to always be applicable, and simplifies level 2 accordingly
2) Consistently uses the raw string literal syntax for regexes

MozReview-Commit-ID: 6iwjOvRVMM7

--HG--
extra : rebase_source : 3ac59219ad0793a98bdb203fb3d247561216a560
 2017-09-29 13:13:49 -04:00
David Keeler
d26e95be10 bug 1257403 - don't bother verifying CA or email certificates when importing r=Cykesiopka 
Incidentally, this means we can remove certificateUsageVerifyCA and
certificateUsageStatusResponder from CertVerifier, since we no longer use them.

MozReview-Commit-ID: Bbqn8fShfTm

--HG--
extra : rebase_source : 012cb08dcbe33fe889c9f6824959b1a02cd0bdc7
 2017-09-22 15:42:20 -07:00
Sebastian Hengst
5e8bacff75 merge mozilla-central to mozilla-inbound. r=merge a=merge 2017-09-29 13:32:19 +02:00
Kai Engert
47d3b3ac0b Bug 730495, guarantee that sqlite3_config is called before any other SQLite function, r=asuth, r=froydnj, r=mak 2017-09-29 13:25:06 +02:00
Wes Kocher
134e495909 Merge m-c to autoland, a=merge 
MozReview-Commit-ID: 6RdWW73Lc0A
 2017-09-28 17:16:12 -07:00
Haik Aftandilian
f39cc5cc25 Bug 1401756 - [Mac] Remove unneeded mach-lookups from plugin sandbox rules. r=Alex_Gaynor 
MozReview-Commit-ID: JsgBzNJC4zF

--HG--
extra : rebase_source : deffeff5e6d39318c55bf3d487071139abaf3c92
 2017-09-20 14:05:27 -07:00
Haik Aftandilian
414270b14a Bug 1403669 - [Mac] Per-user and system extensions dir regexes only work for 1-character subdirectory names. r=Alex_Gaynor 
MozReview-Commit-ID: L9vNruzMEez

--HG--
extra : rebase_source : 8530cbf1baef919a5a379564d190fb08674aa28d
 2017-09-27 11:48:39 -07:00
David Parks
29d5db60ba Bug 1403707 - Change content sandbox job level to JOB_LOCKDOWN. r=bobowen 
Changing definition of Windows content sandbox level 4 (the current Nightly default) to increase the job level from JOB_RESTRICTED to JOB_LOCKDOWN.
 2017-09-27 13:36:06 -07:00
Haik Aftandilian
9a88df4221 Bug 1393805 - Part 5 - Test that the system extensions dev dir is readable from content. r=bobowen 
MozReview-Commit-ID: 7YN7S7R39CU

--HG--
extra : rebase_source : 01e3fe0acb051723219d9d5de5b1fd19d9751c34
 2017-09-27 16:01:57 -07:00
Haik Aftandilian
e1dd4bac03 Bug 1393805 - Part 4 - Add Linux whitelisted directory for system extensions development. r=gcp 
MozReview-Commit-ID: 2eTx1eM1fCM

--HG--
extra : rebase_source : 25cff10f2887795ce954b5fbca74df41fefa5c3e
 2017-10-04 10:50:48 -07:00
Haik Aftandilian
213bec3e84 Bug 1393805 - Part 3 - Add Windows whitelisted directory for system extensions development. r=bobowen 
MozReview-Commit-ID: 8K5c3mUlqna

--HG--
extra : rebase_source : 33b71d3ab20c0fdf24bcee39d4395757031213be
 2017-10-02 15:17:15 -07:00
Haik Aftandilian
165980edfa Bug 1393805 - Part 2 - Add Mac whitelisted directory for system extensions development. r=Alex_Gaynor 
MozReview-Commit-ID: ADkcqFAsKaY

--HG--
extra : rebase_source : 492194ea7914d6f09b349f95b3eeea0bd003256a
 2017-09-27 13:27:39 -07:00
Jed Davis
ae5c1fb5c6 Bug 1401666 - Adjust sandbox policy to allow Mesa 12 to use libudev for device identification. r=gcp 
MozReview-Commit-ID: JRRI9nd83TP

--HG--
extra : rebase_source : 3c5e3edd6606f33468120100f2a63533f1757935
 2017-10-03 20:35:28 -06:00
Mike Shal
9e6798ac00 Bug 1402012 - Update buildconfig.py to use PartialConfigEnvironment; r=glandium 
By using the PartialConfigEnvironment, the clients of buildconfig will
depend on config.statusd/ files instead of config.status directly.
Clients can access substs and defines using buildconfig.substs['FOO'] or
buildconfig.defines['BAR'], and then collect file-level dependencies for
make using buildconfig.get_dependencies(). All GENERATED_FILES rules
already make use of this because file_generate.py automatically includes
these dependencies (along with all python modules loaded).

As a result of this commit, re-running configure will no longer cause
the world to be rebuilt. Although config.status is updated, no build
steps use config.status directly and instead depend on values in
config.statusd/, which are written with FileAvoidWrite. Since those
files are not official targets according to the make backend, make won't
try to continually rebuild the backend when those files are out of date.
And since they are FileAvoidWrite, make will only re-run dependent steps
if the actual configure value has changed.

As a result of using JSON to load data from the config.statusd
directory, substs can be unicode (instead of a bare string type).
generate_certdata.py converts the subst manually to a string so the
value can be exported to the environment without issue on Windows.

Additionally, patching the buildconfig.substs dict no longer works, so
the unit-symbolstore.py test was modified to patch the underlying
buildconfig.substs._dict instead.

The other files that needed to be modified make use of all the defines
for the preprocessor. Those that are used during 'mach build' now use
buildconfig.defines['ALLDEFINES'], which maps to a special
FileAvoidWrite file generated for the PartialConfigEnvironment.

MozReview-Commit-ID: 2pJ4s3TVeS8

--HG--
extra : rebase_source : d6bb0208483f9f043e7be1b36907ca13243985f8
 2017-08-24 22:52:01 -04:00
Mark Goodwin
ae55f5a197 Bug 1359428 - Remove preference to select OneCRL update mechanism r=keeler,leplatrem,rhelmer 
MozReview-Commit-ID: A6CwZrIDmTn

--HG--
extra : rebase_source : 41e17d29f982d23f30f48a6f85ad20fc84b018c6
 2017-09-29 10:47:27 +01:00
Sebastian Hengst
5a95ac34b4 merge mozilla-central to autoland. r=merge a=merge 2017-09-29 11:49:46 +02:00
Haik Aftandilian
fa37753064 Bug 1403744 - Part 2 - Test that the per-user extensions dir is readable from content on Windows. r=bobowen 
MozReview-Commit-ID: 7YN7S7R39CU

--HG--
extra : rebase_source : c86998b1738ee1f4d24562105acf63c20811b8a1
 2017-09-29 12:44:22 -07:00
Haik Aftandilian
d54db04ac2 Bug 1403744 - Part 1 - Whitelist the per-user extensions dir XRE_USER_SYS_EXTENSION_DIR on Windows. r=bobowen 
MozReview-Commit-ID: 8K5c3mUlqna

--HG--
extra : rebase_source : 00f91b3e1112766731119c1cbe14a08387202f60
 2017-09-27 16:14:30 -07:00
J.C. Jones
86123e3d8d Bug 1405511 - Re-enable 3DES on nightly builds r=keeler 
In bug 1386754 we disabled 3DES after determining that it had a similar-ish
usage level as RC4. We gathered compatibility reports and telemetry for the last
two months and see that while 3DES usage is fairly low, it is the only
ciphersuite available for a variety of websites, including many government
systems.

3DES, while legacy, is not known to be insecure. Therefore, we're going to call
this experiment complete, use the collected WebCompat issues from Bug 1386908
for future reference, and re-enable 3DES.

MozReview-Commit-ID: 3lY1zHLNO9l

--HG--
extra : rebase_source : ecb51c6dbc6862991083b1f46920d86d7480582f
 2017-10-03 16:25:36 -07:00
Sebastian Hengst
fea24c0daf merge mozilla-central to autoland. r=merge a=merge 
--HG--
extra : rebase_source : 819bdfcc5e3f50cb5a3d8d76ce1f88ceeb0dd5a9
 2017-10-17 23:54:52 +02:00
David Keeler
56adac5efc bug 783994 - use the sqlite-backed certificate and key DBs r=jcj 
MozReview-Commit-ID: 2K8JVGc0mAj

--HG--
rename : security/manager/ssl/tests/unit/test_sdr_preexisting.js => security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
extra : rebase_source : e9d3a7470dfdad3ea43b788e5eda0eb7a93e5cd0
 2017-09-22 14:34:20 -07:00
Margareta Eliza Balazs
fe45ae3748 Merge mozilla-central to mozilla-autoland. r=merge a=merge CLOSED TREE 2017-11-08 00:08:26 +02:00
David Keeler
67fd50d803 bug 1410546 - Disable EV treatment for "Security Communication EV RootCA1" root certificate r=mgoodwin 
MozReview-Commit-ID: 7sERUm9gaQX

--HG--
extra : rebase_source : 9ec46921974dd9fce19fa4a3308804dfdc8c731d
 2017-11-02 13:19:04 -07:00
ffxbld
f54c1723be No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update 2017-09-27 10:38:25 -07:00
ffxbld
3a16ce743e No bug, Automated HSTS preload list update from host bld-linux64-spot-302 - a=hsts-update 2017-09-27 10:38:22 -07:00
Wes Kocher
9d9610f6a3 Merge m-c to autoland, a=merge 
MozReview-Commit-ID: Kjjgw1Pdb3U
 2017-09-26 17:15:46 -07:00
Wes Kocher
22a72df7fe Merge inbound to m-c a=merge 
MozReview-Commit-ID: 6viJ4wRxLa8
 2017-09-26 15:54:51 -07:00
Bob Owen
8cf423ff54 Bug 1403230: Block WRusr.dll in child processes when using Alternate Desktop. r=jimm 2017-09-26 19:23:39 +01:00
ffxbld
3dbb47302e No bug, Automated HPKP preload list update from host bld-linux64-spot-303 - a=hpkp-update 2017-09-26 10:34:42 -07:00
ffxbld
00a87df5f6 No bug, Automated HSTS preload list update from host bld-linux64-spot-303 - a=hsts-update 2017-09-26 10:34:38 -07:00
Wes Kocher
3a1e5b73d3 Merge autoland to central, a=merge 
MozReview-Commit-ID: 9UQPQrkhjsZ
 2017-09-25 16:25:22 -07:00
ffxbld
cf9c6529ef No bug, Automated HPKP preload list update from host bld-linux64-spot-307 - a=hpkp-update 2017-09-25 10:41:00 -07:00