Commit Graph

10417 Commits

Author SHA1 Message Date
Julian Hector
cb6d29b0b7 Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld
--HG--
extra : rebase_source : 90d403a3b21547ff7f280b2bff7746f4b8e32fe3
2016-05-27 15:58:51 +02:00
Julian Hector
5eb8b17162 Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld
--HG--
extra : rebase_source : e4761ce8c466987f54ddd41603fa626923fe0865
2016-05-27 15:56:35 +02:00
Kai Engert
c50d0b99ce Bug 1277255, land NSS_3_25_BETA1, r=franziskus 2016-06-02 22:33:04 +02:00
Cykesiopka
4e54963733 Bug 1275197 - Ensure nsNSSU2FToken.cpp GetSymKeyByNickname() does not cause leaks. r=keeler
Prior to these changes, GetSymKeyByNickname() could theoretically leak. This
should not happen in practice, so the changes here just ensure that the code
doesn't cause leaks.

MozReview-Commit-ID: LWtqLmsBPV2

--HG--
extra : transplant_source : rWE%CD%D8%A7%87%3C%95%03%B5%03E%3E%06E%C7O%0D%F6
2016-06-01 22:43:37 -07:00
Jonas Sicking
c706b7f059 Bug 1275714 - Changes in preparation for FlyWeb landing. Add ability to pin using a cert fingerprint, in addition to using a cert. r=dkeeler
--HG--
extra : amend_source : 41336f6eeaf5e26b91e177dd60a91ad9ed3a064c
2016-06-01 17:02:34 -04:00
Haik Aftandilian
7c418a5f4a Bug 1276420 - Widevine plugin crashing on OS X due to -stdlib=libc++ and sandboxing interaction; r=gcp 2016-06-01 12:26:04 -07:00
J.C. Jones
8524776280 Bug 1275479 - Create nsIU2FToken base interface (Part 2). r=keeler
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.

MozReview-Commit-ID: GQuu6NolF4D

--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
2016-05-27 13:44:20 -07:00
Chris Peterson
6b776e8000 Bug 1277014 - Fix -Wstring-conversion warnings in security/manager/ssl/. r=keeler
security/manager/ssl/nsNSSComponent.cpp:1694:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [31]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1333:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1341:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1349:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1357:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
2016-05-31 21:51:50 -07:00
Carsten "Tomcat" Book
76fd727737 Merge mozilla-central to mozilla-inbound 2016-05-30 15:30:55 +02:00
Carsten "Tomcat" Book
463212f69f merge mozilla-inbound to mozilla-central a=merge 2016-05-30 15:29:19 +02:00
Julian Seward
8562142079 Bug 1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 SHA1_End. r=dkeeler.
--HG--
extra : rebase_source : d8e517c891212c0b7794e7db433f6ed626c4cac5
2016-05-30 15:25:52 +02:00
ffxbld
dca36f5e32 No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update 2016-05-28 05:20:15 -07:00
ffxbld
3eac728432 No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update 2016-05-28 05:20:13 -07:00
Wes Kocher
9749648a79 Merge inbound to m-c a=merge 2016-05-27 14:14:36 -07:00
Ryan VanderMeulen
687dcb9a8f Backed out changesets d3bde9a513bb and 9fd1d6aeed21 (bug 1272764) for causing startup crashing on OSX 10.9. a=me 2016-05-27 14:50:50 -04:00
Chris Peterson
11ef78ae89 Bug 1275016 - Rename Endian.h to EndianUtils.h to avoid #include confusion with Android's endian.h stdlib header. r=froydnj
--HG--
rename : mfbt/Endian.h => mfbt/EndianUtils.h
2016-05-22 13:31:11 -07:00
David Keeler
8ba29d1473 bug 1265113 - implement platform support for enterprise roots r=Cykesiopka,mhowell,rbarnes
MozReview-Commit-ID: JKxwCjoH0Oa

--HG--
extra : rebase_source : 9eaf3f1c5371e7b4b4df304bc6ce132ade5775da
2016-04-13 15:36:22 -07:00
Haik Aftandilian
0c9bf9e670 Bug 1272764 - Indentation and whitespace cleanups. r=bobowen
--HG--
extra : rebase_source : d3ac9c55cbe4924702fad32dabbc97ac921cce07
2016-05-26 00:08:00 -04:00
Haik Aftandilian
4c4557e85c Bug 1272764 - Remove OS X 10.6-10.8-specific sandboxing code. r=bobowen
--HG--
extra : rebase_source : 94630f8208b4ee1e3664e61425c083a05157e64d
2016-05-26 00:07:00 -04:00
Alexandre Lissy
c6be1d0d13 Bug 1274826 - Bypass building SandboxHooks on Gonk r=jld
MozReview-Commit-ID: 3TVdcY7aXvW

--HG--
extra : rebase_source : b734c54ad4e7b8fff384f399b84014410b4cf719
2016-05-26 01:02:25 +02:00
Carsten "Tomcat" Book
b6b164ec6d Merge mozilla-central to mozilla-inbound 2016-05-25 15:20:00 +02:00
Carsten "Tomcat" Book
c715836c7f merge mozilla-inbound to mozilla-central a=merge 2016-05-25 15:04:00 +02:00
Carsten "Tomcat" Book
3cab03a461 Merge mozilla-central to fx-team 2016-05-24 15:15:55 +02:00
Carsten "Tomcat" Book
cb4337c62c merge mozilla-inbound to mozilla-central a=merge
--HG--
rename : dom/presentation/tests/mochitest/file_presentation_non_receiver_oop.html => dom/presentation/tests/mochitest/file_presentation_non_receiver.html
rename : dom/presentation/tests/mochitest/file_presentation_non_receiver_inner_iframe_oop.html => dom/presentation/tests/mochitest/file_presentation_non_receiver_inner_iframe.html
rename : dom/presentation/tests/mochitest/file_presentation_receiver_inner_iframe_oop.html => dom/presentation/tests/mochitest/file_presentation_receiver_inner_iframe.html
2016-05-24 14:52:23 +02:00
ffxbld
d8a85e51ac No bug, Automated HPKP preload list update from host bld-linux64-spot-425 - a=hpkp-update 2016-05-21 05:05:21 -07:00
ffxbld
0ffea88a0a No bug, Automated HSTS preload list update from host bld-linux64-spot-425 - a=hsts-update 2016-05-21 05:05:19 -07:00
Bob Owen
ecee115838 Bug 1250125: Make a 0 security.sandbox.content.level turn off the content process sandbox. r=TimAbraldes
This also fixes a bug where we weren't setting parts of the policy correctly for levels 3 to 9.

MozReview-Commit-ID: IXsg2nGOqoa

--HG--
extra : rebase_source : 65c76a581dcd498c7d7d5b01e4f4e140acdb244f
2016-05-25 09:06:23 +01:00
Masatoshi Kimura
3e0685deec Bug 1274953 - Bump the lowest valid TLS insecure fallback limit to 3 (TLS 1.2). r=keeler 2016-05-24 19:08:13 +09:00
Masatoshi Kimura
877c4b8482 Bug 1275252 - Deal with some TLS 1.3 intolerance. r=keeler 2016-05-25 19:36:57 +09:00
Mathieu Leplatre
695a9942a4 Bug 1266235 - Use blocklist prefix in preference names. r=MattN
MozReview-Commit-ID: 5aeoiSEMwYw

--HG--
extra : rebase_source : ff4e77c88de58923afe75be2046dcdb98e40ad2f
2016-05-19 12:51:13 +02:00
Sergei Chernov
d46c2e938b Bug 1241574 - Certificate Transparency - base definitions and serialization to/from TLS wire format. r=keeler, r=Cykesiopka
MozReview-Commit-ID: KmJOr2crof7

--HG--
extra : transplant_source : %97%2A%03p%7CP%09%CA%60J%D22%91%3C%C1%C9%B8%C6%89%D8
2016-04-11 16:17:25 +03:00
Johnathan Nightingale
c40db9a65c bug 466011 - clarify comments in cert override service IDL r=kaie DONTBUILD NPOTB
--HG--
extra : rebase_source : 6c67c12f768c4f5e9df84a7ab982d08095ba29ae
2016-05-27 13:11:32 -07:00
David Keeler
e87f6f88e2 bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r=mcmanus
MozReview-Commit-ID: 6i7HxTdLcID

--HG--
extra : rebase_source : 3c1b4c0ed798c166cbc2bcad71de90543af176c1
2016-05-23 13:58:56 -07:00
Gian-Carlo Pascutto
e8fd20fdcf Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
MozReview-Commit-ID: 6Un4yNzxGgg

--HG--
extra : rebase_source : fc8762b9802fab071cb194513a5ad390ae7984f3
2016-05-18 18:37:44 +02:00
Carsten "Tomcat" Book
805f86c2b5 Merge mozilla-central to mozilla-inbound 2016-05-24 15:13:51 +02:00
Carsten "Tomcat" Book
be11014a2b Backed out changeset 767f65379fdf (bug 1098428) for causing linux crashes on a CLOSED TREE 2016-05-24 13:03:00 +02:00
Gian-Carlo Pascutto
42b1907a65 Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
MozReview-Commit-ID: GtIPsRqq5hr

--HG--
extra : rebase_source : 6b918e5119f15536c9437c27cfee413577268b78
2016-05-18 18:37:44 +02:00
Cykesiopka
0b04616a47 Bug 1271496 - Stop using Scoped.h in non-exported PSM code. r=keeler
Scoped.h is deprecated in favour of the standardised UniquePtr.

This patch removes use of Scoped.h everywhere in PSM except ScopedNSSTypes.h,
which is exported. Other consumers of ScopedNSSTypes.h can move off Scoped.h
at their own pace.

This patch also changes parameters and return types of various functions to make
ownership more explicit.

MozReview-Commit-ID: BFbtCDjENzy

--HG--
extra : transplant_source : %0B%C7%9F%40%FA9%A4%F2%5E%0D%92%1C%A6%A49%94%C3%7E%1Cz
2016-05-23 19:50:26 -07:00
Cykesiopka
378731742d Bug 883718 - Followup: Remove nsIBufEntropyCollector.idl. r=trivial
This file is no longer used post
https://hg.mozilla.org/mozilla-central/rev/8dd88e2a1976, but was not removed.
2016-05-24 00:51:00 +02:00
Nicholas Nethercote
99a82c0ac7 Bug 1273711 - Avoid OOM aborts in nsSecretDecoderRing::encode(). r=cykesiopka.
This patch removes an infallible duplication of the base64-encoded string,
which can be large.

--HG--
extra : rebase_source : c8e709d7afcb53e23fdea919fade857a7fd3fea4
2016-05-19 08:55:48 +10:00
Julian Hector
5894681e14 Bug 1274553 - Properly handle stat() requests in permissive mode. r=jld
MozReview-Commit-ID: IeFwQ2Gv21z

--HG--
extra : rebase_source : 0198c5df41f728f85bea149a10dfe0b7c0fae43f
2016-05-20 14:42:50 +02:00
Cykesiopka
5a7878cf2c Bug 1222754 - Replace nsSecureBrowserUIImpl::mOnStateLocationChangeReentranceDetection and nsAutoAtomic. r=keeler
mOnStateLocationChangeReentranceDetection and nsAutoAtomic form an unnecessarily
threadsafe reentrance prevention mechanism that can be replaced by
mozilla::ReentrancyGuard.

MozReview-Commit-ID: KWDdFD5TpCk

--HG--
extra : rebase_source : c3e0a9ad32ff169c6afb00dd10099835b6196682
2016-05-19 22:00:44 -07:00
Cykesiopka
1d22abcec2 Bug 1271953 - Remove nss_addEscape(). r=mgoodwin
The function basically duplicates existing Mozilla string class functionality.

MozReview-Commit-ID: 9IFEXuT9cW1

--HG--
extra : rebase_source : 0d0c4492a63f7a168b6092fdb2e1bf8ec09d5308
2016-05-16 09:04:09 -07:00
Cykesiopka
2677d5c111 Bug 1273749 - Address misc issues with nsNSSCertValidity. r=keeler
Prior to the changes here, nsNSSCertValidity had the following issues:
 - Did not check for NSS shut down.
 - Provided an irrelevant zero argument constructor.
 - Did not explicitly delete the unwanted copy constructor and assignment
   operators.
 - Misc style issues.
 - Did not have a dedicated test.

MozReview-Commit-ID: JUPtk1OjsNg

--HG--
extra : rebase_source : 2f6475c842b8c1c2570a7a5e4e9f87f0bb12deae
2016-05-19 17:35:09 -07:00
Cykesiopka
ff87cc2acc Bug 1251133 - Remove DSA telemetry. r=jcj
Firefox no longer supports DSA cipher suites, so this telemetry is dead code.

MozReview-Commit-ID: G3ipd0TADM

--HG--
extra : rebase_source : 6cd2b10727107c048010d39b24e328f5539a7220
2016-05-19 18:42:16 -07:00
Wes Kocher
4f7146f46c Backed out changeset 1b8f35a4774e (bug 1273677) for valgring leaks CLOSED TREE 2016-05-20 18:13:12 -07:00
David Keeler
a53c0feecf bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r=mcmanus
MozReview-Commit-ID: 6i7HxTdLcID

--HG--
extra : rebase_source : 5a64db198fe582e6057bb58f8f51be3e9a63192b
2016-05-17 15:17:33 -07:00
Cykesiopka
6b12fc8650 Bug 1271501 - Use mozilla::BitwiseCast instead of reinterpret_cast in PSM. r=keeler
mozilla::BitwiseCast does the same thing, but provides static asserts that
mitigate some of the risk of using reinterpret_cast.

MozReview-Commit-ID: ENQ8QC6Nl9o

--HG--
extra : rebase_source : c1725c8363c0f7f9877601de5ab5f152ef4d0439
2016-05-18 21:20:56 -07:00
Cykesiopka
179b27667b Bug 1271501 - Downgrade unnecessarily strong reinterpret_casts in PSM. r=keeler
These reinterpret_casts can be static_casts or const_casts instead.

MozReview-Commit-ID: 1KQDWHO9CGS

--HG--
extra : rebase_source : a629d91577bdcb6d7fd94416e61ad46ca43f945d
2016-05-18 18:58:41 -07:00
Cykesiopka
5e0c49ff77 Bug 1271501 - Remove unnecessary uses of reinterpret_cast in PSM. r=keeler
These uses of reinterpret_cast are either pointless, or can be removed via
refactoring.

MozReview-Commit-ID: Aw2rlJfrT6J

--HG--
extra : rebase_source : 243d6c38eedc086c59d47c93d4a57cb6a922910a
2016-05-18 18:58:40 -07:00
Martin Thomson
103d3aba59 Bug 1250568 - Adding TLS 1.3 to nsISSLStatus, r=keeler
MozReview-Commit-ID: 4mLdtsdFoKN

--HG--
extra : rebase_source : 8526499c8765a14efeec22950372c738d8dc8b95
2016-04-04 16:21:19 -03:00
Martin Thomson
ec792f4dff Bug 1250568 - Adding ECDHE_PSK suites, r=keeler
MozReview-Commit-ID: 1MGB7ewpDuZ

--HG--
extra : rebase_source : 5afd535d6f853db31dd98f70dbc189d01a0246fa
2016-04-04 16:21:19 -03:00
Martin Thomson
9b8f068092 Bug 1250568 - Add support for TLS1.3 in prefs and telemetry, r=keeler
MozReview-Commit-ID: AH8SO3fRUp4

--HG--
extra : rebase_source : f7b367bc4577c2fea2741c60793f7cde6cba0aef
2016-04-19 14:29:36 +10:00
Ralph Giles
0946db2658 Bug 1271794 - Use SSE2 instructions on win32. r=glandium
We've decided supporting the small number of x86 machines
without SSE2 instructions is no longer worth the cost in
developer time nor the performance impact for other users.

https://groups.google.com/d/msg/mozilla.dev.platform/dZC39mj5V-s/Xt_UqZXkAAAJ

Set -arch:SSE2 by default on x86 if an arch hasn't already
been supplied. This ensures we'll continue to build with
the right instruction set if the compiler changes its default
in the future, while still allowing custom builds to set
a lower minimum.

Also updates the filter to strip all arch switches on win64
when building the sandbox. The 64-bit compiler doesn't
support -arch:SSE2 either.

MozReview-Commit-ID: JzTRGPn9vzI
2016-05-18 11:06:30 -07:00
Phil Ringnalda
2657cac015 Backed out 3 changesets (bug 1271794, bug 1271829) on suspicion of making Windows builds less likely to... build
CLOSED TREE

Backed out changeset d0ab0d508a24 (bug 1271829)
Backed out changeset 9f4983dfd881 (bug 1271829)
Backed out changeset 28b45df659b7 (bug 1271794)
2016-05-18 00:04:29 -04:00
Cykesiopka
18c21f386e Bug 1271495 - Replace uses of ScopedPK11Context with UniquePK11Context. r=keeler,mcmanus
ScopedPK11Context is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

MozReview-Commit-ID: HE8UY1hOuph

--HG--
extra : transplant_source : 4%BF%81M%09Q-%2A%E6%04%86i%18%1B%3CL%90%88%04%C7
2016-05-13 05:53:57 -07:00
Ralph Giles
90a00904df Bug 1271794 - Use SSE2 instructions on win32. r=glandium
We've decided supporting the small number of x86 machines
without SSE2 instructions is no longer worth the cost in
developer time nor the performance impact for other users.

https://groups.google.com/d/msg/mozilla.dev.platform/dZC39mj5V-s/Xt_UqZXkAAAJ

Set -arch:SSE2 by default on x86 if an arch hasn't already
been supplied. This ensures we'll continue to build with
the right instruction set if the compiler changes its default
in the future, while still allowing custom builds to set
a lower minimum.

Also updates the filter to strip all arch switches on win64
when building the sandbox. The 64-bit compiler doesn't
support -arch:SSE2 either.

MozReview-Commit-ID: JzTRGPn9vzI
2016-05-17 11:35:51 -07:00
Kai Engert
f586b10fe0 Bug 1258375, land final release tag of nss 3.24. Changes version numbers.
This backs out bug 1270836, as it wasn't landed according to NSS procedures. It will be re-landed once we go to a NSS 3.25 beta version.
2016-05-17 11:00:15 +02:00
Bob Owen
e809e9f918 Bug 1035125 Part 9: Link Chromium sandbox into firefox.exe instead of having a separate DLL. r=aklotz,glandium
MozReview-Commit-ID: 1vgDPjpcwz3

--HG--
extra : rebase_source : 40966d98ca6c37f30884639d648907b4760ae240
2016-05-15 16:41:40 +01:00
Bob Owen
c43bf02cda Bug 1035125 Part 8: Pass sandboxing pointers through XRE_InitChildProcess instead of linking to more functions in xul. r=aklotz,glandium
MozReview-Commit-ID: 5AiktOArpfU

--HG--
extra : rebase_source : 1ba3be949e2bfeb3b67687ab05d43342852ab764
2016-05-15 16:35:22 +01:00
Bob Owen
209b6e6e18 Bug 1035125 Part 7: Remove unused functions in security/sandbox/chromium/base/time/time.h to avoid nspr dependency. r=aklotz
MozReview-Commit-ID: 4TwVMQGTXUU

--HG--
extra : rebase_source : 0757390f3ff6fc71242ae09d95e1934d3e80fa26
2016-05-15 16:23:57 +01:00
Bob Owen
43b53afacf Bug 1035125 Part 6: Take Chromium commit 3181ba39ee787e1b40f4aea4be23f4f666ad0945 to add Windows 10 version to enumeration. r=aklotz
MozReview-Commit-ID: 8sR9F72JJ1k

--HG--
extra : rebase_source : bc911fbaa12c8186e2c9539e21fe776282280304
2016-05-15 16:23:57 +01:00
Bob Owen
71b3258726 Bug 1035125 Part 4: Back out changeset 8ae39d920f5c and associated subsequent changes. r=glandium
The original changeset that is being backed out had comment:
Bug 1023941 - Part 2: Static-link the CRT into plugin-container.exe.

MozReview-Commit-ID: 1iPJghgd0t2

--HG--
extra : rebase_source : cbed4e43f51af8ea0c3adbfc150ed029fe0d0f57
2016-05-15 16:23:57 +01:00
Chris Peterson
353ee65255 Bug 1272513 - Part 1: Suppress -Wshadow warnings-as-errors in some directories. r=glandium 2016-05-11 00:00:01 -07:00
Hasse
692b996c80 bug 428421 - fix ordering of FIPS description strings r=keeler
In bug 317630, in the call to PK11_ConfigurePKCS11, the order of the strings
provided was switched such that the FIPS token description appeared before the
FIPS slot description, when in fact the reverse should happen.
2016-05-12 15:45:30 -07:00
David Keeler
c17f3a2733 bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj
MozReview-Commit-ID: 88JhIU1pUji

--HG--
rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76
2016-05-05 16:11:11 -07:00
Cykesiopka
ebd2e17c94 Bug 1265207 - Enable ESLint "var-only-at-top-level" rule for PSM tests. r=jjones
|let| is generally preferred over |var| in PSM JS.

MozReview-Commit-ID: 7SJWQSKFxI4

--HG--
extra : rebase_source : 387c6259ffa2cb0585ff366edc568ccc39bfd902
2016-05-09 18:04:14 -07:00
David Keeler
3a4d7b486c bug 883718 - remove nsIEntropyCollector and implementation r=mgoodwin,mrbkap
The rationale behind nsIEntropyCollector was to supplement NSS' source of
entropy with randomness from mouse move events. This obviously doesn't work on
platforms without a mouse (e.g. mobile platforms). Furthermore, as NSS seeds its
random number generator with robust randomness from the operating system, this
is unnecessary anyway. The primary concern is that initialization of the random
number generator must happen after forking, which is exactly what we do with the
child process in e10s mode.

MozReview-Commit-ID: GYQDElSCZy0

--HG--
extra : rebase_source : 6273a78203121c4d4ddf3ed97451f393ceef4b88
2016-05-10 16:24:44 -07:00
Cykesiopka
8f7bebaa5c Bug 160122 - Stop using PR_smprintf in PSM. r=keeler
The (more) modern Mozilla string classes can be used instead, which at the very
least provide built in automatic memory management and performance improvements.

MozReview-Commit-ID: 4l2Er5rkeI0

--HG--
extra : transplant_source : %A1%16%AB%02m%CA%25HfW%40%96Mq%0D%F0%91%9C%99%29
2016-05-10 23:38:55 -07:00
Chuck Lee
6ad8527ba5 Bug 1082346 - 02. Test case. r=keeler r=Cykesiopka
MozReview-Commit-ID: 3O8gBQ06Q96

--HG--
extra : rebase_source : b7425f43de7bb2f7200416f2bed35eb6b51866aa
2016-05-10 23:08:04 +08:00
Chuck Lee
d568bac51d Bug 1082346 - 01. Convert PKCS12 password endian using copyAndSwapToBigEndian. r=keeler
MozReview-Commit-ID: 83fRWTRzoMd

--HG--
extra : rebase_source : 7eb145e8d84a4778b46f989d1766db3c9e39bb4b
2016-05-07 15:58:12 +08:00
Randell Jesup
73a32768d1 Bug 1271402: name and cleanup DataStorage thread when running XPCshell r=froyd,dkeeler
MozReview-Commit-ID: 2brXgEcp91J
2016-05-11 00:11:40 -04:00
Cykesiopka
391584fd9d Bug 1270005 - Replace uses of ScopedPK11SlotInfo with UniquePK11SlotInfo in PSM. r=keeler
ScopedPK11SlotInfo is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes PK11SlotInfo parameters of various functions to make ownership more
explicit, and replaces some manual management of PK11SlotInfo pointers.

MozReview-Commit-ID: JtNH2lJsjwx

--HG--
extra : rebase_source : 9d764e0dd3a1f2df14c16f8f14a3c5392770c9a1
2016-05-09 18:02:40 -07:00
Andi-Bogdan Postelnicu
03b633450d Bug 1270836 - prevent null pointer dereference on |data|. r=emaldona+298309
MozReview-Commit-ID: 45LFxknL9Jy

--HG--
extra : rebase_source : 268874b34c4dd4466eb75376e2860b6940833399
2016-05-10 09:47:28 +03:00
Carsten "Tomcat" Book
56fe0e8f2c merge mozilla-inbound to mozilla-central a=merge 2016-05-09 11:17:59 +02:00
ffxbld
f91f69689f No bug, Automated HPKP preload list update from host bld-linux64-spot-1062 - a=hpkp-update 2016-05-07 05:00:36 -07:00
ffxbld
c67ee9ebbd No bug, Automated HSTS preload list update from host bld-linux64-spot-1062 - a=hsts-update 2016-05-07 05:00:34 -07:00
Cykesiopka
128f004a1f Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.

Also changes CERTCertList parameters of various functions to make ownership more
explicit.

MozReview-Commit-ID: EXqxTK6inqy

--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
2016-05-05 14:56:36 -07:00
David Keeler
4c6c57ed83 bug 1269812 - e10s-ify test_bug383369.html and test_unsecureRedirect.html r=Cykesiopka,mrbkap
MozReview-Commit-ID: E6z91sfEjan

--HG--
extra : rebase_source : 0561b67cb63262c46289134a250fb2c59d6af17d
2016-05-03 11:00:50 -07:00
Kyle Huey
941ab1f522 Bug 1268313: Part 7 - Move NS_NewRunnableMethod and friends to mozilla::NewRunnableMethod. r=froydnj 2016-05-05 01:45:00 -07:00
Cykesiopka
5598e0ec78 Bug 1268365 - Check argument validity more in nsASN1Tree.cpp. r=jcj
MozReview-Commit-ID: 6DqyT1veMR7

--HG--
extra : rebase_source : ca4d914285e651fe4fec1cd032e3106c8fc3a5b3
2016-05-03 21:31:13 -07:00
Haik Aftandilian
01b38f360c Bug 1267453 - Amazon Widevine rejects HDCP on MacBook Pro with or without an external display. r=gcp
--HG--
extra : amend_source : 6a8094ddea6ac6c50e8ec8c11e0656eaddafc20e
2016-05-02 19:33:08 +02:00
Carsten "Tomcat" Book
87bdb8ed2d merge fx-team to mozilla-central a=merge 2016-05-02 11:19:50 +02:00
ffxbld
e526d34125 No bug, Automated HPKP preload list update from host bld-linux64-spot-576 - a=hpkp-update 2016-04-30 04:56:03 -07:00
ffxbld
484795c7ec No bug, Automated HSTS preload list update from host bld-linux64-spot-576 - a=hsts-update 2016-04-30 04:56:01 -07:00
Kai Engert
4673d27617 Bug 1258375, NSS_3_24_RC0, r=nss-confcall 2016-04-29 18:02:50 +02:00
Carsten "Tomcat" Book
ba3fe0975c Backed out changeset 85ce8cb0639a (bug 1268313)
--HG--
extra : rebase_source : 56d1cf41a2dc4959b67f834e07192a5c772176a8
2016-04-29 14:21:16 +02:00
Gian-Carlo Pascutto
6491a25e6f Bug 1268579 - Add inotify_rm_watch to the seccomp-bpf whitelist. r=jld
MozReview-Commit-ID: DvaHjOa5GOv

--HG--
extra : rebase_source : 1105ebd32973f8608c4c8b21dc72ba9313661735
2016-04-28 20:04:06 +02:00
Nicholas Nethercote
2511b2c327 Bug 1267550 (part 2) - Rename MOZ_WARN_UNUSED_RESULT as MOZ_MUST_USE. r=froydnj.
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.

MozReview-Commit-ID: 1VS4Dney4WX

--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf
2016-04-27 14:16:50 +10:00
Wes Kocher
56fe7c4bcb Merge m-c to fx-team a=merge
MozReview-Commit-ID: 3H9BxQQQnNI
2016-04-29 16:05:30 -07:00
Jared Wein
e889366796 Bug 1268159 - Use GreD in addition to XCurProcD for browser_misused_characters_in_strings.js to cover more string files. r=gijs
MozReview-Commit-ID: IlC170W0nlG
* * *
[mq]: temp

MozReview-Commit-ID: GF0k4zvONPD
2016-04-29 09:28:48 -04:00
Cykesiopka
fc68a083a3 Bug 1265164 - Always use nsCOMPtrs with getNSSDialogs(). r=keeler
MozReview-Commit-ID: 430uuWHIZjC

--HG--
extra : rebase_source : 3192e40558ac36a3a8bf6ff3c1399be1196f8dcb
2016-04-27 18:16:48 -07:00
Julian Hector
3871240519 Bug 1176099 - Add hooks for sigprocmask/pthread_sigmask. r=jld r=glandium 2016-04-21 13:17:50 +00:00
Kai Engert
b565a3d437 Bug 1258375, land NSS_3_24_BETA7, second attempt, r=franziskus 2016-04-27 14:51:59 +02:00
Carsten "Tomcat" Book
05d6ba16fa merge mozilla-inbound to mozilla-central a=merge 2016-04-27 11:57:21 +02:00
Daniel Veditz
19be5bed6c Bug 1267318 ignore cert expiration for mozilla-signed packages, r=dkeeler
MozReview-Commit-ID: Lw6jGmK8gkS
2016-04-26 11:54:08 -07:00
Julian Hector
1942e09c83 Bug 1266298 - Add sys_fchmod to seccomp whitelist r=jld
MozReview-Commit-ID: 4kFgfxhCMFl

--HG--
extra : transplant_source : h%D1%90%ACfP%DC%5C%CB%CC%84%CE%B7%40%17%14%B1%10%FC%AA
2016-04-21 15:59:53 +02:00
Kyle Huey
48a594a09e Bug 1268313: Part 7 - Move NS_NewRunnableMethod and friends to mozilla::NewRunnableMethod. r=froydnj 2016-04-28 14:08:25 -07:00
Julian Hector
4c291ae709 Bug 1176099 - Fix missing NULL check r=luke
MozReview-Commit-ID: ICNQNqJZzA8
2016-04-28 20:41:14 +02:00
David Keeler
1fdc1bdd0a bug 1267463 - add a more nuanced subject common name fallback option for prerelease channels r=Cykesiopka,jcj
MozReview-Commit-ID: 1vHXrPAHTRm

--HG--
extra : rebase_source : dddd8ae973d1d793890bbfc44d9fe84ef4a47ee2
2016-04-25 15:55:18 -07:00
Kyle Huey
c73656947b Bug 1265927: Move nsRunnable to mozilla::Runnable, CancelableRunnable to mozilla::CancelableRunnable. r=froydnj 2016-04-25 17:23:21 -07:00
Cykesiopka
33825b4eb1 Bug 1257031 - Return more informative error code when encountering invalid integers rather than SEC_ERROR_BAD_DER. r=keeler
Also adds some missing l10n entries to nsserrors.properties (but not for errors
that are specific to TLS 1.3, since TLS 1.3 is not yet finalised).

MozReview-Commit-ID: A42fmTDTe8W

--HG--
extra : transplant_source : x%F7s%DB%05%B4%81%9Dm%FDC%A1f%B3%0D%7DR%C1%BA%B1
2016-04-21 16:41:22 -07:00
Phil Ringnalda
d4f9b788bc Merge m-c to m-i 2016-04-23 20:05:49 -07:00
Phil Ringnalda
af470d6828 Bug 1267012 - Disable test_signed_dir.js for having a timebomb that makes it fail after one year, a=orange 2016-04-23 18:10:46 -07:00
ffxbld
41b0888167 No bug, Automated HPKP preload list update from host bld-linux64-spot-508 - a=hpkp-update 2016-04-23 05:00:27 -07:00
ffxbld
0b254f9255 No bug, Automated HSTS preload list update from host bld-linux64-spot-508 - a=hsts-update 2016-04-23 05:00:25 -07:00
David Keeler
1e53398a23 bug 1182742 - allow users to override small key size errors r=rbarnes
Key size enforcement for TLS certificates happens at two levels: PSM and NSS.
PSM enforces a minimum of 1024 bits. NSS enforces a minimum of 1023 bits by
default. The NSS error is not overridable, but the PSM error is. This change
allows users to connect to devices with small RSA keys (as little as 512 bits)
using the certificate error override functionality.

MozReview-Commit-ID: 2TZ8c4I3hXC

--HG--
extra : rebase_source : a9c550f15261c711e789a670c90c129c65802ff0
2016-04-11 13:45:47 -07:00
David Keeler
13d02ebbb6 bug 1264761 - improve handling of x509 versions in certificate manager r=Cykesiopka
MozReview-Commit-ID: B7EPx63ttlt

--HG--
extra : rebase_source : a39e04a7b2393130888ecfe02b09b495c9e068af
2016-04-18 11:07:24 -07:00
Cykesiopka
372fe1a598 Bug 1260643 - Convert most uses of ScopedCERTCertificate in PSM to UniqueCERTCertificate. r=keeler
MozReview-Commit-ID: JnjoUd7d2M0

--HG--
extra : transplant_source : %99x%B6%F5%09%97%E6%60%B6%3C%3C%C2%D5vt%27%0C-%96%1B
2016-04-20 01:14:22 -07:00
Mark Goodwin
fccc28a54a Bug 1265085 - Replace verification source with a SAN in the content signature verifier interface. r=Cykesiopka,r=fkiefer
This change replaces the hardcoded 'sourceis' in nsIContentSignatureVerifier and
ContentSignatureVerifier.cpp with a string parameter which allows the caller
to specify which hostname the signing certificate must be valid for. This allows
us to create and use new signing certificates without having to wait for new
sources to ride the trains.

MozReview-Commit-ID: KGpOVOuJrk3
2016-04-18 14:55:56 +01:00
Jacek Caban
a9c53bd3c0 Bug 1263622 - Fixed nsNSSComponent.cpp compilation on mingw. r=dkeeler,ted 2016-04-23 10:55:50 +02:00
Sebastian Hengst
926ff145c8 Backed out changeset 178243415be6 (bug 1258375) for crash [@ HandshakeCallback] on Android e.g. in dom/base/test/test_bug704320_http_http.html. r=backout on a CLOSED TREE 2016-04-26 18:00:11 +02:00
Kai Engert
2751db2b05 Bug 1258375, lang NSS_3_24_BETA7, r=franziskus 2016-04-26 16:42:37 +02:00
Wes Kocher
01ea27062a Backed out changeset bb60c7a0b0c5 (bug 1264761) for build failures in nsNSSCertHelper CLOSED TREE
MozReview-Commit-ID: KwFHe6X2WCE
2016-04-19 16:09:49 -07:00
David Keeler
9ae62ef7c9 bug 1264761 - improve handling of x509 versions in certificate manager r=Cykesiopka
MozReview-Commit-ID: B7EPx63ttlt

--HG--
extra : rebase_source : 0234079b42b1a3e46b4a6a790049b8f0769fc79a
2016-04-18 11:07:24 -07:00
Carsten "Tomcat" Book
fbeb4ca1bd Merge mozilla-central to mozilla-inbound 2016-04-18 08:51:38 +02:00
ffxbld
9fa9277647 No bug, Automated HPKP preload list update from host bld-linux64-spot-312 - a=hpkp-update 2016-04-16 04:49:09 -07:00
ffxbld
1d4acf2cee No bug, Automated HSTS preload list update from host bld-linux64-spot-312 - a=hsts-update 2016-04-16 04:49:07 -07:00
Cykesiopka
59774a5b4e Bug 1262645 - Address misc issues with nsGetUserCertChoice(). r=keeler
The follow issues are fixed:
  - Returning a failure result when failing to get a pref value instead of more
    gracefully falling back to a default.
  - Using an enum instead of a more strongly typed enum class.
  - Using a pref branch instead of the preferred Preferences.h API.
  - Manual memory management.
  - Unnecessary use of pointers.

MozReview-Commit-ID: FKw5kBhnwxL

--HG--
extra : transplant_source : %21K%E2%83/%A5%AB%DB3%F4%FB%2CUD%9E%B6l%1C%3A%22
2016-04-15 16:51:41 -07:00
Carsten "Tomcat" Book
eae4a312af Bug 1261751 - Problems with OS X Sandboxed TempDir and Rules. r=bobowen r=gcp
--HG--
extra : amend_source : 2011128c7e5406d7865da2b24f81facf7889cb0e
2016-04-16 09:00:29 +02:00
Jonas Sicking
d310d4dcee Fix unified-build bustage from bug 1264706. r=bustage 2016-04-15 15:21:38 -07:00
Jonas Sicking
32e5673b7a Fix linting bustage for bug 1264706. r=bustage 2016-04-15 15:12:39 -07:00
Jonas Sicking
9c521f30da Bug 1264706: Move nsILocalCertService, and implementation, to security/manager/ssl in order to alloow use w use elsewhere in gecko. r=dkeeler
--HG--
rename : devtools/shared/security/LocalCertService.cpp => security/manager/ssl/LocalCertService.cpp
rename : devtools/shared/security/LocalCertService.h => security/manager/ssl/LocalCertService.h
rename : devtools/shared/security/nsILocalCertService.idl => security/manager/ssl/nsILocalCertService.idl
rename : devtools/shared/security/tests/unit/test_cert.js => security/manager/ssl/tests/unit/test_local_cert.js
2016-04-15 14:52:13 -07:00
Julian Hector
d9a01beca2 Bug 1259283 - Add sys_fchown to seccomp whitelist. r=jld 2016-04-13 12:41:19 +00:00
J.C. Jones
63f7ce5155 Bug 1244960 - Complete FIDO u2f NSSToken (Part 1). r=keeler, r=baku
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
  onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
  with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.

Updates per keeler review comments:

- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review

April 11-12:

- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest

April 15:
- Rebase to latest

MozReview-Commit-ID: 6T8jNmwFvHJ

--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
2016-04-15 09:29:12 -07:00
Tim Taubert
501a3b98fe Bug 1235634 - Construct nsNSSShutdownList::singleton lazily on first use r=keeler 2016-04-13 11:06:44 +02:00
Mark Goodwin
23e56a0fd2 Bug 1252882 - Add a Content Signature Service r=keeler,r=franziskus,r=Cykesiopka
MozReview-Commit-ID: 2nS6vN3iDKe
2016-04-13 13:26:01 +01:00
Mark Goodwin
bc46a6a645 Bug 1252882 - Content-Signature Service - some tests r=keeler,r=fkiefer
MozReview-Commit-ID: AQGAABvRbNZ
2016-04-08 14:27:52 +01:00
Thomas Zimmermann
e1b5ef463a Bug 1264226: Don't use '_COARSE' Posix clocks if not defined, r=jld
Not all systems (i.e., Gonk) support CLOCK_MONOTONIC_COARSE and
CLOCK_REALTIME_COARSE. With this patch, we don't refer to them if
they are not supported.
2016-04-14 10:12:39 +02:00
Cykesiopka
c510e4037b Bug 1029173 - Clean up nsDataSignatureVerifier. r=keeler
This patch does the following:
 - Implements nsNSSShutDownObject.
 - Replaces more raw pointers with smart pointers.
 - Fixes other misc issues.

MozReview-Commit-ID: HulWdonEbP8

--HG--
extra : transplant_source : %DC%27%14%AE%28%A2F%80%1F%2C%83L%D3h%A2%C7k%F0%1C%2B
2016-04-12 18:09:06 -07:00
Kai Engert
70551ded71 Bug 1258375, NSS_3_24_BETA6 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium 2016-04-12 14:40:44 +02:00
Chris Pearce
cb3b390405 Bug 1245789 - Whitelist functions needed by Widevine CDM in GMP child processes. r=jed
MozReview-Commit-ID: C6bpItv1qpi
2016-04-12 16:12:21 +12:00
Chris Pearce
114ad957d2 Bug 1245789 - Load Widevine CDM with sandbox level USER_RESTRICTED instead of USER_LOCKDOWN. r=bobowen
Otherwise Widevine CDM won't load on Windows. Other GMPs are still loaded at USER_LOCKDOWN.

MozReview-Commit-ID: aCTG1tQuwt
2016-04-12 16:12:20 +12:00
David Keeler
b2887661d5 bug 1263221 - improve how PSM handles the visibility of __CERT_AddTempCertToPerm r=chmanchester,mgoodwin
MozReview-Commit-ID: GXiXANNa6Op

--HG--
extra : rebase_source : ffb96a89aabd933f200e39d528d6f5f41e035d7e
2016-04-08 10:30:32 -07:00
Kai Engert
f8da0365fd Backout revision 36f75c2863a1, bug 1258375 2016-04-11 17:00:39 +02:00
Kai Engert
b471460db8 Bug 1258375, NSS_3_24_BETA5 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium 2016-04-11 16:40:36 +02:00
Cykesiopka
b883b2533f Bug 1259909 - Obviate char PORT_Free() calls in PSM. r=keeler
Also converts the longer |UniquePtr<char, void(&)(void*)> foo(..., PORT_Free)|
to the shorter and equivalent |UniquePORTString foo(...)|.

MozReview-Commit-ID: LlrTNUYBP4V

--HG--
extra : transplant_source : afU%FB%0EC%3E%E0pm%A3-%0E%C8%83%CF%0A%B1%9E%ED
2016-04-09 01:03:59 -07:00
Ryan VanderMeulen
bb5308d31a Merge m-c to inbound. a=merge 2016-04-09 10:08:57 -04:00
ffxbld
e7db699836 No bug, Automated HPKP preload list update from host bld-linux64-spot-428 - a=hpkp-update 2016-04-09 04:47:02 -07:00
ffxbld
eae40b0bb0 No bug, Automated HSTS preload list update from host bld-linux64-spot-428 - a=hsts-update 2016-04-09 04:47:00 -07:00
Wes Kocher
dfc7e5253f Merge m-c to inbound, a=merge
MozReview-Commit-ID: 9YZdlIARozU
2016-04-08 16:47:03 -07:00
Wes Kocher
b6d0503738 Merge fx-team to central, a=merge
MozReview-Commit-ID: yuSA0kqs0F
2016-04-08 15:26:49 -07:00
Dave Townsend
bf59524a62 Bug 1257246: Update security/manager for eslint 2. r=cykesiopka
MozReview-Commit-ID: C04uJOhTbjw

--HG--
extra : rebase_source : 39fb9a3ce183b05e0b924563e055431828bab50d
extra : histedit_source : aacec3a02d251d0ec8e13e78900a6f53bc205ec3
2016-04-05 11:32:28 -07:00
David Keeler
7dd242bb39 bug 1261936 - stop using the subject common name in certificate verification error messages r=Cykesiopka
MozReview-Commit-ID: G08cV5GmNDh

--HG--
extra : rebase_source : c79b34d893e7acddc8ee02a6c354dcaa1de07d61
2016-04-04 16:25:24 -07:00
Julian Hector
2d64db058c Bug 1259273 - Add sys_unlink to seccomp-bpf whitelist. r=jld 2016-04-06 19:48:23 +00:00
Tim Taubert
63c7f51d31 Bug 842818 - Make Crypto::GetRandomValues() work off the main thread r=baku,keeler,mt 2015-09-22 10:50:36 +02:00
Cykesiopka
54da7e65e7 Bug 1252384 - Remove nsICertTree.isHostPortOverride(). r=dkeeler
It is unused since the changes in Bug 825583 landed.

MozReview-Commit-ID: 2u2eu0aDqeH

--HG--
extra : transplant_source : f%5Ev%00%B6%8B%3E%5E%26%C3%10%25%D9%16%C1%98yhf%D2
2016-04-06 07:02:17 -07:00
Bob Owen
907939a278 Bug 1256992 Part 2: Move SandboxBroker Initialization earlier and add telemetry and extra null checks. r=aklotz
MozReview-Commit-ID: Fu05wLn27UG
2016-04-07 08:28:14 +01:00
Wes Kocher
06944947a0 Backed out changeset 069c82269f81 (bug 1258375) for Windows xperf failures
MozReview-Commit-ID: DwhDorbB2PO
2016-04-06 16:51:48 -07:00
Kai Engert
02dd23b86a Bug 1258375, NSS_3_24_BETA4 and required adjustments to PSM and packaging, r=martin.thomson, r=glandium 2016-04-06 21:43:36 +02:00