Commit Graph

10454 Commits

Author SHA1 Message Date
Haik Aftandilian
4350d1fefd Bug 1288774 - Remove the OSX rule added in bug 1190032 for nsPluginHost::GetPluginTempDir. r=jimm 2016-07-25 14:43:00 -04:00
Julian Hector
6c0d578d0e Bug 1287008 - Add sys_fadvise64_64 to seccomp whitelist. r=gcp 2016-07-27 15:45:02 +02:00
Carsten "Tomcat" Book
7293066753 merge mozilla-inbound to mozilla-central a=merge 2016-07-27 16:35:44 +02:00
Cykesiopka
13116b6d68 Bug 1289151 - Remove obsolete nsIWalletService related code. r=jcj
It appears the wallet code was not included during the initial 2007 import of
code from CVS to Mercurial, so anything referencing wallet has been dead code
ever since.

MozReview-Commit-ID: BRTd1M0DsT0

--HG--
extra : transplant_source : %BC%FC%05%AE%B5%8C%DC%21J%DC%B4%B17M%19%AA%F3%B9%05L
2016-07-27 01:53:20 +08:00
Cykesiopka
4a43c75897 Bug 1287290 - Use ScopedAutoSECItem in PSM more. r=dkeeler
ScopedAutoSECItem is useful for:
1. Removing manual memory management.
2. Getting rid of this pattern:
   > UniqueSECItem item(SECITEM_AllocItem(nullptr, nullptr, 0));
   While this pattern works, ScopedAutoSECItem is slightly superior in that it
   doesn't unnecessarily cause a SECItem to be allocated from the heap.

MozReview-Commit-ID: 8DPD9gtzeru

--HG--
extra : transplant_source : %10l%27C%12%3E%08%85q%06%1A%FC%FB%DE%F9%A3%99%0AN%A1
2016-07-25 15:06:34 +08:00
Wes Kocher
cef61ca9ed Merge m-c to autoland, a=merge 2016-07-26 16:54:33 -07:00
Fabrice Desré
c23a54d9ec Bug 1289381 - Don't fail to build sandboxing with --disable-crashreporter r=gcp 2016-07-26 04:35:43 -07:00
Carsten "Tomcat" Book
25aa8617fc Backed out changeset 1825b8fa636a (bug 1246540) for bustage
--HG--
extra : rebase_source : 45defacae713b2c2f75813fea6f2f289ebc481cd
2016-07-26 12:52:15 +02:00
Andi-Bogdan Postelnicu
d19b17ffc3 Bug 1289366 - added return statement for CharToByte when assertion fails. r=keeler
MozReview-Commit-ID: LDAamOxHdli

--HG--
extra : rebase_source : 7a180b058c3d756074b4cb2f56356c41eaf9919d
2016-07-26 12:48:49 +03:00
Bob Owen
22830b7f8f Bug 1287984: Add rule to allow content process to duplicate handles to other non-broker processes. r=jimm
MozReview-Commit-ID: A79P9G9t7Ax

--HG--
extra : transplant_source : %C2%0A-%FB%7E%AF%99%95%C7%AF%A6%21%BC%18%D4a%9C%24z%8C
2016-07-20 14:41:18 +01:00
Julian Hector
3236586a67 Bug 1285769 - Add sys_get_mempolicy to seccomp whitelist. r=gcp 2016-07-25 19:37:58 +02:00
Julian Hector
1ab18ae903 Bug 1285770 - Add sys_fallocate to seccomp whitelist. r=gcp 2016-07-23 17:13:52 +02:00
Haik Aftandilian
8f7ffc84b7 Bug 1274540 - Record sandboxing status in crash reports; r=gcp
Adds content sandbox metadata to parent and child crash reports:
Includes the value of pref security.sandbox.content.level,
whether or not the system is capable of sandboxing, if the
sandbox was successfully turned on, and (on Linux systems)
the sandbox capabilities flags.

New crash report keys:
"ContentSandboxLevel" in parent and content
"ContentSandboxCapable" in parent
"ContentSandboxEnabled" in content
"ContentSandboxCapabilities" in content on Linux
2016-07-25 13:21:00 +02:00
Kate McKinley
01cbd73591 Bug 1246540 - HSTS Priming Proof of Concept. r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-25 12:37:00 +02:00
Cykesiopka
8297eb8984 Bug 1281665 - Change nsIClientAuthDialogs.chooseCertificate() to use hostname instead of CN. r=keeler
chooseCertificate() currently uses a concatenation of the Common Name of the
server cert and the port of the server to allow the user to identify the server
requesting client authentication. Unfortunately, this approach is flawed, since
it doesn't take into account things like SAN entries, which might be very
different from the CN.

Using the hostname instead avoids this problem.

MozReview-Commit-ID: 6XjGCknWNi9

--HG--
extra : transplant_source : k%10N%7B%E8%A4%9B%C9%9A%23Q%D1%99%D2%A3%C0.%2B%7F%A5
2016-07-26 20:16:58 +08:00
Iris Hsiao
caea40742f Backed out changeset 8dc198cd46ff (bug 1246540) for Mochitest failures 2016-07-27 13:14:07 +08:00
Kate McKinley
c6650db185 Bug 1246540 HSTS Priming Proof of Concept
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-26 13:03:00 +08:00
Iris Hsiao
a7c8429fc4 Backed out changeset d7e39be85498 (bug 1246540) for Mochitest failures 2016-07-27 11:15:52 +08:00
Franziskus Kiefer
249fa77287 Bug 1263793 - update SAN, r=mgoodwin,ulfr
MozReview-Commit-ID: HtMKl2gP1xi

--HG--
extra : rebase_source : 5173dda521679b2ce6c8caabb3b54cce4f658640
2016-07-25 09:44:19 +02:00
Carsten "Tomcat" Book
0a5622c093 Backed out changeset 640247e978ba (bug 1246540) for bustage 2016-07-24 15:59:31 +02:00
Kate McKinley
547500d5a7 Bug 1246540 - HSTS Priming Proof of Concept. r=honzab
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.

Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.

nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.

(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
2016-07-22 18:35:00 +02:00
Wei-Cheng Pan
fd87664d8e Bug 1264566 - Part 2: Refactor all usage of FileDescriptor. r=valentin
Callers should use a UniquePtr to hold the platform handle.

MozReview-Commit-ID: 6BWnyAf4b3a

--HG--
extra : transplant_source : %26%CA%0D%28%08%9BT%97Z%A1%3Dq%CD%21%A1_%EFE%83%0E
extra : histedit_source : 77f8ed3d0fdec6cce0c95469130ade0fb547bb91
2016-05-27 16:12:51 +08:00
David Keeler
f3ec60ef5f backout changeset 1a1d7ef3cb0e (bug 1279479) for causing WebRTC compatibility issues
The WebRTC implementation inherits cipher suite preferences from PSM and then
enables a few mandatory ones and disables a number of undesirable ones. If PSM
makes a change to a cipher suite preference that isn't in WebRTC's whitelist or
blacklist, compatibility issues can arise. See bug 1288246 for an example.

--HG--
rename : security/manager/ssl/tests/unit/test_fallback_cipher.js => security/manager/ssl/tests/unit/test_weak_crypto.js
2016-07-22 10:31:34 -07:00
Carsten "Tomcat" Book
336105a0de merge mozilla-inbound to mozilla-central a=merge 2016-07-22 11:58:02 +02:00
Wes Kocher
f11c79a662 Merge m-c to inbound, a=merge CLOSED TREE 2016-07-21 15:59:28 -07:00
Carsten "Tomcat" Book
bc1b31b01b Merge mozilla-central to autoland 2016-07-21 16:27:58 +02:00
Gian-Carlo Pascutto
0b8cfd1d36 Bug 1284240 - Use boolean rather than flag for Sandboxing Telemetry. r=gfritzsche
MozReview-Commit-ID: EsXFAbEyxYs

--HG--
extra : rebase_source : 95bbfa30597490fb1b972056651b75f5a129daad
2016-07-21 09:39:09 +02:00
Franziskus Kiefer
dd5231632f Bug 1263793 - Using content signature verifier for verifying remote newtab, r=keeler,mayhemer
MozReview-Commit-ID: ABXYYseKImq

--HG--
extra : rebase_source : 79614e5215e738dff9683ad447245bd830c887bf
2016-05-19 10:59:48 +02:00
Chris Peterson
b175c9fdd5 Bug 1277106 - Part 2: Expand MOZ_UTF16() strings to u"" string literals. r=Waldo 2016-07-20 22:03:25 -07:00
Julian Hector
ea69125244 Bug 1285768 - Let getppid() return 0 to simulate pid namespaces. r=gcp 2016-07-10 22:06:57 +02:00
Carsten "Tomcat" Book
021bec0a4e Merge mozilla-central to mozilla-inbound 2016-07-20 11:35:42 +02:00
Carsten "Tomcat" Book
8428cd56e3 merge mozilla-inbound to mozilla-central a=merge 2016-07-20 11:20:15 +02:00
Julian Hector
f6b06d33a3 Bug 1286852 - Add sys_munlock to seccomp whitelist. r=gcp
MozReview-Commit-ID: AJEA73cJFo2
2016-07-15 17:57:28 +02:00
Franziskus Kiefer
212ec6e50e Bug 1283376 - Land NSS_3_26_RC0, r=ttaubert
--HG--
extra : rebase_source : 5bebe302e503bd0b3fe07c99932794859747839a
extra : amend_source : ef2f99cf7a40a87f577cbd1f6aac0ac872d4306d
2016-07-20 09:39:08 +02:00
Julian Hector
0caf755557 Bug 1285902 - Add sys_msgget to seccomp whitelist. r=gcp 2016-07-15 17:34:29 +02:00
David Keeler
a77caa9d20 bug 1274677 - Enable Certplus and OpenTrust root certificates for EV in PSM r=Cykesiopka
MozReview-Commit-ID: 4rZ0NIEyKF6

--HG--
extra : rebase_source : 089184f70e3a6949da5211f464c51fb113db997a
2016-07-15 14:51:08 -07:00
Masatoshi Kimura
c37817e366 Bug 1250582 - Remove SSL_FALLBACK_LIMIT_REACHED telemetry. r=keeler
Bug 1084025 added this telemetry to measure the impact of bumping the fallback limit.
But we already bumped the fallback limit to TLS 1.2 long before. We will not need this kind of telemetry until we bump the fallback limit to TLS 1.3 that will not happen in the near future. So let's just remove wasting resource for now.

MozReview-Commit-ID: 22o8FirlYql

--HG--
extra : rebase_source : c04b6a7aa7bf8970b22c24dcb1d8f0184330cb43
2016-07-16 14:16:06 +09:00
David Keeler
56d2f86c86 bug 1284946 - remove usages-related APIs from nsIX509Cert r=Cykesiopka,Felipe,jcj
nsIX509Cert provided the APIs getUsagesArray, requestUsagesArrayAsync, and
getUsagesString. These APIs were problematic in that the synchronous ones would
cause certificate verification to block the main thread and the asynchronous one
was needlessly indirect in its definition (it made use of two additional
special-case xpidl types) and needlessly complex in its implementation (it
required nsNSSComponent to manually manage a background thread without the aid
of recent improvements in that area (e.g. CryptoTask)). Furthermore, these APIs
would return string descriptions of the usages the certificate in question had
been verified for rather than using more concrete identifiers or values. This
paradigm is usable but imprecise. The new nsIX509CertDB API
asyncVerifyCertAtTime is much more expressive, enforces off-main-thread
computation, and makes use of CryptoTask for a simple implementation. Using this
API, previous uses of the old nsIX509Cert APIs can be replaced. As an additional
benefit, this removes a ton of obsolete C++ code.

MozReview-Commit-ID: KXVTcjAKehu

--HG--
extra : rebase_source : 50c51f73b2b61ed0ad4dc9702cc5df470ce998bc
2016-07-06 14:45:36 -07:00
David Keeler
16124386f7 bug 1284946 - fix dialog parameter passing in browser_certViewer.js r=Cykesiopka
The changes in bug 1217602 missed that browser_certViewer.js should have been
updated to use a nsIDialogParamBlock instead of a (mock) nsIPKIParamBlock.
"Luckily" the test harness completely ignored the errors resulting from this
oversight.

MozReview-Commit-ID: JlA62L5PPW8

--HG--
extra : rebase_source : ec06cd026f3aec8cc7a7c032cd1c9a9c5a8e9536
2016-07-07 11:14:17 -07:00
Wes Kocher
e2d9911273 Backed out changeset 21d8bb5af7b4 (bug 1263793) for leaks in various jobs CLOSED TREE 2016-07-20 11:16:37 -07:00
Franziskus Kiefer
9b9c643025 Bug 1263793 - Using content signature verifier for verifying remote newtab, r=keeler,mayhemer
MozReview-Commit-ID: CHUPgBr8WaC

--HG--
extra : rebase_source : 969bd058a157c7307b7a4d3c2a4c5d62e82b7489
2016-05-19 10:59:48 +02:00
Thomas Zimmermann
4bee1b2945 Bug 1288077: Forward declare arrays by including 'nsTArrayForwardDeclare.h', r=froydnj
MozReview-Commit-ID: 4RBeHDyhQgr
2016-07-20 17:29:36 +02:00
Tom Tromey
5538d692d3 Bug 1286877 - do not set c-basic-offset for python-mode; r=gps
This removes the unnecessary setting of c-basic-offset from all
python-mode files.

This was automatically generated using

    perl -pi -e 's/; *c-basic-offset: *[0-9]+//'

... on the affected files.

The bulk of these files are moz.build files but there a few others as
well.

MozReview-Commit-ID: 2pPf3DEiZqx

--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
2016-07-14 10:16:42 -06:00
Julian Hector
b23e6a33e4 Bug 1286119 - Allow sys_mremap when jemalloc is disabled. r=gcp
MozReview-Commit-ID: FRVorDIIUVR
2016-07-12 18:24:54 +02:00
Julian Hector
6dbdc2284b Bug 1286185 - Add sys_fadvise64 to seccomp whitelist. r=gcp
MozReview-Commit-ID: CkX1txdLAMg
2016-07-20 06:36:00 +02:00
Jed Davis
622813449c Bug 1286324 - Make fork() non-fatal in Linux content sandbox. r=jhector
fork() will now fail with EPERM instead of crashing; see code comment
and bug for more info.  Tested with GTK3 Oxygen theme and SCIM, which
both seem to work.  Also verified that GMP child processes still crash
on fork().

--HG--
extra : rebase_source : 267c4cb892b691502a9d7760bca4d23fee3fe449
2016-07-14 15:00:00 -04:00
Julian Hector
54f8b7b221 Bug 1286413 - Add CASES_FOR_fchown and use it. r=gcp
--HG--
extra : rebase_source : b16522c25182223094fe2ed9ae18d5894bf6f9f1
2016-07-13 01:18:02 +02:00
Carsten "Tomcat" Book
cd4a2ce973 Backed out changeset 535e23baec4a (bug 1286119) for landing with wrong bugnumber
--HG--
extra : rebase_source : dede3bd9767b450934308a4c3de215a8837be93a
2016-07-14 13:51:16 +02:00
Julian Hector
c58d37220b Bug 1286527 - Add sys_semop to seccomp whitelist. r=gcp 2016-07-13 15:03:30 +02:00
Julian Hector
a6c28f48e6 Bug 1286119 - Add CASES_FOR_fchown and use it. r=gcp 2016-07-13 01:18:02 +02:00