Commit Graph

9891 Commits

Author SHA1 Message Date
David Keeler
1443993537 bug 1218515 - flip pinning-test.badssl.com into production mode r=jcj DONTBUILD NPOTB
pinning-test.badssl.com is a test domain for preloaded HPKP (HTTP Public Key
Pinning - see RFC 7469). By specifying a pinset corresponding to no known keys,
this domain should fail with a key pinning error by default. Also, the
includeSubdomains option is set, so any subdomains should fail as well.
Since Gecko incorporates preloaded pinsets from Chromium, this pinset is already
defined. This patch merely switches it from test mode to production mode (well,
to be more accurate, this patch sets up the input for the automated script that
will make the code change that will put the pinset into production mode).
2015-10-26 14:39:25 -07:00
Birunthan Mohanathas
44936aabb2 Bug 1217320 - Remove more XPIDL signature comments in .cpp files. r=froydnj
Comment-only, DONTBUILD.
2015-10-27 06:54:25 +02:00
David Keeler
3b82e8f390 bug 1217602 - remove nsIPKIParamBlock r=Cykesiopka
nsIPKIParamBlock was unnecessary.
2015-10-22 13:11:40 -07:00
Ryan VanderMeulen
44509e6e7e Merge m-c to inbound.
--HG--
extra : rebase_source : b7fe225cdd43cb770c7d7a1e8d2be6a52678aa7a
2015-10-24 15:03:15 -04:00
ffxbld
53f7cca550 No bug, Automated HPKP preload list update from host bld-linux64-spot-508 - a=hpkp-update 2015-10-24 03:47:13 -07:00
ffxbld
dfb1f8693f No bug, Automated HSTS preload list update from host bld-linux64-spot-508 - a=hsts-update 2015-10-24 03:47:11 -07:00
Cykesiopka
4ec261d0e7 Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=keeler 2015-10-23 05:13:00 -04:00
Jonathan Hao
3d02a2da65 Bug 1216469 - Bypass verification for signed packages from trust origins. r=valentin 2015-10-22 17:09:44 +08:00
David Keeler
23a0cee1a8 bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin
nsPSMUITracker was problematic. Apparently it was originally intended to prevent
NSS shutdown while NSS-related UI operations were going on (such as choosing a
client certificate). However, when nsNSSComponent would receive the event that
told it to shutdown NSS, it would attempt to call
mShutdownObjectList->evaporateAllNSSResources(), which would call
mActivityState.restrictActivityToCurrentThread(), which failed if such a UI
operation was in progress. This actually prevented the important part of
evaporateAllNSSResources, which is the releasing of all NSS objects in use by
PSM objects. Importantly, nsNSSComponent didn't check for or handle this failure
and proceeded to call NSS_Shutdown(), leaving PSM in an inconsistent state where
it thought it was okay to keep using the NSS objects it had when in fact it
wasn't.
In any case, nsPSMUITracker isn't really necessary as long as we have the
nsNSSShutDownPreventionLock mechanism, which mostly works and is what we should
use instead (or not at all, if no such lock is needed for the operation being
performed (for example, if no NSS functions are being called)).
2015-10-16 14:31:57 -07:00
Jed Davis
e31f20875c Bug 1215734 - Expand GeckoMediaPlugin sandbox policy for Clang 3.7 ASan. r=kang 2015-10-22 11:19:37 -07:00
Andrew McCreight
0cb71c483c Bug 1157515 - CipherSuiteChangeObserver should clean itself up. r=keeler 2015-10-22 09:21:51 -07:00
Martin Thomson
9507291e59 Bug 1211568 - Update NSS to 3.21 Beta 3, r=kaie
--HG--
extra : commitid : 2fCIZ27Gd2I
extra : rebase_source : 57ff0dcc9361618ea53aac7ebea83460cba1c390
2015-10-23 11:39:23 -07:00
Masatoshi Kimura
6ad41c8aee Bug 1215796 - Remove the static fallback whitelist. r=keeler 2015-10-22 21:37:40 +09:00
Masatoshi Kimura
5feda64143 Bug 1214981 - Disable output stream buffering. r=keeler 2015-10-21 15:23:00 -04:00
Wes Kocher
ceefa2939a Merge b2ginbound to central, a=merge 2015-10-21 16:37:24 -07:00
Wes Kocher
b8596f28a2 Merge inbound to m-c a=merge 2015-10-21 16:28:43 -07:00
J. Ryan Stinnett
7eceb8f4c5 Bug 1203159 - Clean up various tests after DevTools resource move. r=me 2015-10-21 14:18:29 -05:00
Jonathan Hao
e4b1f62b85 Bug 1178448 - Use imported CA in developer mode. r=keeler,valentin 2015-10-08 17:08:45 +08:00
Masatoshi Kimura
886c72f81f Bug 1215795 - Fix documentation in nsIWeakCryptoOverride.idl. r=keeler IGNORE IDL 2015-10-20 20:29:56 +09:00
Carsten "Tomcat" Book
ea5d701c66 Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures 2015-10-20 12:40:18 +02:00
Kai Engert
a922dcab99 Bug 1215200, NSPR_4_10_10_RTM and NSS 3_20_1_RTM, bump version requirements, r=keeler 2015-10-20 12:34:15 +02:00
Cykesiopka
f21d36e95a Bug 1215779 - Remove broken (non-EC) DSA keygen code. r=keeler 2015-10-19 22:54:00 +02:00
Cykesiopka
fa99ba4063 Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=dkeeler
--HG--
extra : rebase_source : 14756428ea3f8bc41d746a2e71a5d4914e96f33c
2015-10-17 09:04:43 -07:00
Bob Owen
2233e7518a Bug 1187031: Move back to using USER_LOCKDOWN for the GMP sandbox policy on Windows. r=aklotz
This also removes turning off optimization for the Load function. That was an
attempt to fix the side-by-side loading. It may also have helped with ensuring
that the memsets were not optimized, but that has been fixed by Bug 1208892.
2015-10-21 08:46:57 +01:00
Nathan Froyd
01583602a9 Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat
The bulk of this commit was generated with a script, executed at the top
level of a typical source code checkout.  The only non-machine-generated
part was modifying MFBT's moz.build to reflect the new naming.

CLOSED TREE makes big refactorings like this a piece of cake.

 # The main substitution.
find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
    xargs perl -p -i -e '
 s/nsRefPtr\.h/RefPtr\.h/g; # handle includes
 s/nsRefPtr ?</RefPtr</g;   # handle declarations and variables
'

 # Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h.
perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h

 # Handle nsRefPtr.h itself, a couple places that define constructors
 # from nsRefPtr, and code generators specially.  We do this here, rather
 # than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename
 # things like nsRefPtrHashtable.
perl -p -i -e 's/nsRefPtr/RefPtr/g' \
     mfbt/nsRefPtr.h \
     xpcom/glue/nsCOMPtr.h \
     xpcom/base/OwningNonNull.h \
     ipc/ipdl/ipdl/lower.py \
     ipc/ipdl/ipdl/builtin.py \
     dom/bindings/Codegen.py \
     python/lldbutils/lldbutils/utils.py

 # In our indiscriminate substitution above, we renamed
 # nsRefPtrGetterAddRefs, the class behind getter_AddRefs.  Fix that up.
find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \
    xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g'

if [ -d .git ]; then
    git mv mfbt/nsRefPtr.h mfbt/RefPtr.h
else
    hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h
fi

--HG--
rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
2015-10-18 01:24:48 -04:00
Nathan Froyd
583afa0965 Bug 1207245 - part 3 - switch all uses of mozilla::RefPtr<T> to nsRefPtr<T>; r=ehsan
This commit was generated using the following script, executed at the
top level of a typical source code checkout.

 # Don't modify select files in mfbt/ because it's not worth trying to
 # tease out the dependencies currently.
 #
 # Don't modify anything in media/gmp-clearkey/0.1/ because those files
 # use their own RefPtr, defined in their own RefCounted.h.
find . -name '*.cpp' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
    grep -v 'mfbt/RefPtr.h' | \
    grep -v 'mfbt/nsRefPtr.h' | \
    grep -v 'mfbt/RefCounted.h' | \
    grep -v 'media/gmp-clearkey/0.1/' | \
    xargs perl -p -i -e '
 s/mozilla::RefPtr/nsRefPtr/g; # handle declarations in headers
 s/\bRefPtr</nsRefPtr</g; # handle local variables in functions
 s#mozilla/RefPtr.h#mozilla/nsRefPtr.h#; # handle #includes
 s#mfbt/RefPtr.h#mfbt/nsRefPtr.h#;       # handle strange #includes
'

 # |using mozilla::RefPtr;| is OK; |using nsRefPtr;| is invalid syntax.
find . -name '*.cpp' -o -name '*.mm' | xargs sed -i -e '/using nsRefPtr/d'

 # RefPtr.h used |byRef| for dealing with COM-style outparams.
 # nsRefPtr.h uses |getter_AddRefs|.
 # Fixup that mismatch.
find . -name '*.cpp' -o -name '*.h'| \
    xargs perl -p -i -e 's/byRef/getter_AddRefs/g'
2015-10-18 00:40:10 -04:00
Phil Ringnalda
9ea53214d8 Merge f-t to m-c, a=merge 2015-10-17 11:19:46 -07:00
Phil Ringnalda
df1ce0b4c5 Merge m-i to m-c, a=merge 2015-10-17 10:16:55 -07:00
ffxbld
39d37ae7b8 No bug, Automated HPKP preload list update from host bld-linux64-spot-1092 - a=hpkp-update 2015-10-17 04:10:53 -07:00
ffxbld
7b8e76fcc8 No bug, Automated HSTS preload list update from host bld-linux64-spot-1092 - a=hsts-update 2015-10-17 04:10:51 -07:00
Masatoshi Kimura
82af783064 Bug 1207137 - Set a security state flag when weak crypto override is needed. r=keeler 2015-10-17 09:38:30 +09:00
Kai Engert
3556fa0bdc Bug 1215200, NSPR_4_10_10_RC1 and NSS_3_20_1_RC0, r=dkeeler 2015-10-16 15:29:23 +02:00
David Keeler
3c1a47a734 bug 1215270 - remove some unused functions from nsNSSShutDown.h r=Cykesiopka
nsNSSShutDownList::isUIActive() and areSSLSocketsActive() should probably have
been removed as part of bug 807757.
2015-10-15 13:22:13 -07:00
Nigel Babu
d45a6e832d Backed out changeset b46b688e6295 (bug 1215200) for build bustage ON A CLOSED TREE 2015-10-16 11:52:10 +05:30
Kai Engert
8826499e8a Bug 1215200, Upgrade to NSPR 4.10.10 and NSS 3.20.1, landing release candidate tags, r=dkeeler 2015-10-16 08:04:16 +02:00
Masatoshi Kimura
f4c563b057 Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler
--HG--
rename : netwerk/test/unit/test_tls_server.js => security/manager/ssl/tests/unit/test_weak_crypto.js
2015-10-15 05:48:27 +09:00
Carsten "Tomcat" Book
17a3104f22 Backed out changeset 66e3972e9150 (bug 1168635) 2015-10-14 16:28:41 +02:00
Masatoshi Kimura
00d864d313 Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler
--HG--
rename : netwerk/test/unit/test_tls_server.js => security/manager/ssl/tests/unit/test_weak_crypto.js
2015-10-14 21:12:35 +09:00
David Keeler
49f91fb31f bug 1209695 - fold mochitest test_bug413909.html into xpcshell test_cert_overrides.js r=mgoodwin
test_bug413909.html doesn't need to be a mochitest. Furthermore,
test_cert_overrides.js tests a lot of the same functionality.
This just moves the unique parts from the old test to a new home
in the xpcshell test (to be specific, some IDN handling and that
"port" -1 is the same as port 443).
2015-09-29 13:24:19 -07:00
Carsten "Tomcat" Book
a5c0ea6d4f Merge m-c to mozilla-inbound 2015-10-12 11:58:46 +02:00
Carsten "Tomcat" Book
2b1a321946 merge mozilla-inbound to mozilla-central a=merge 2015-10-12 11:57:06 +02:00
ffxbld
214a24da25 No bug, Automated HPKP preload list update from host bld-linux64-spot-138 - a=hpkp-update 2015-10-10 03:46:02 -07:00
ffxbld
8aa9ed515a No bug, Automated HSTS preload list update from host bld-linux64-spot-138 - a=hsts-update 2015-10-10 03:46:00 -07:00
Hiroyuki Ikezoe
3363f1775d Bug 1167627 - Part 6: Use mozinfo in security/. r=dkeeler 2015-10-11 21:49:00 +02:00
Ehsan Akhgari
e6a62c4d9d Bug 1213151 - Part 2: Use SpecialPowers.cleanUpSTSData() in a few tests; r=jdm 2015-10-09 10:56:19 -04:00
Jed Davis
faf361396a Bug 1201935 - Allow reading from TmpD in OS X content processes. r=smichaud
--HG--
extra : rebase_source : 68565c447e3731e9c562514e8355044cfd8c28b9
2015-10-07 13:41:00 +02:00
Cykesiopka
2be3b53afa Bug 1205962 - Address some pylint complaints about pycert.py and pykey.py, r=keeler
Also adds more uses of enumerate() to simplify code.

--HG--
extra : amend_source : 758eee481fa2d93f984f090aaa443b3b5756fb1f
2015-10-05 23:24:14 -07:00
Jed Davis
1ae9d0519b Bug 930258 - Part 3: a file broker policy for the B2G emulator. r=kang 2015-10-07 22:13:08 -07:00
Jed Davis
562c4e7b57 Bug 930258 - Part 2: seccomp-bpf integration. r=kang 2015-10-07 22:13:08 -07:00
Jed Davis
bd859174ac Bug 930258 - Part 1: The file broker, and unit tests for it. r=kang f=froydnj 2015-10-07 22:13:08 -07:00