Gabor Krizsanits
6c0e1dc69f
Bug 1146873 - Handling sandbox policy setup failures. r=bobowen
2016-06-06 15:13:33 +02:00
Carsten "Tomcat" Book
4aea0165dc
merge mozilla-inbound to mozilla-central a=merge
2016-06-06 11:55:56 +02:00
ffxbld
989a828304
No bug, Automated HPKP preload list update from host bld-linux64-spot-384 - a=hpkp-update
2016-06-04 05:09:33 -07:00
ffxbld
237f18948d
No bug, Automated HSTS preload list update from host bld-linux64-spot-384 - a=hsts-update
2016-06-04 05:09:30 -07:00
Haik Aftandilian
c0be03a3bd
Bug 1272772 - Inline system.sb and remove unneeded rules (removes unneeded rules); r=gcp
2016-06-01 15:40:00 +02:00
Haik Aftandilian
5b9493970f
Bug 1272772 - Inline system.sb and remove unneeded rules (removes unused macros); r=gcp
2016-06-01 15:40:00 +02:00
Haik Aftandilian
3cb7c0e726
Bug 1272772 - Inline system.sb and remove unneeded rules (inline system.sb rules); r=gcp
2016-06-01 15:40:00 +02:00
Masatoshi Kimura
ee23c0a77c
Bug 975832 - Enable AES-256 variants of the AES-128 GCM cipher suites we have already enabled. r=keeler
2016-06-04 08:19:29 +09:00
David Keeler
baead5135e
bug 1277240 - don't import trust anchors in SaveIntermediateCerts r=Cykesiopka
...
MozReview-Commit-ID: KHwA2LJSeUS
--HG--
extra : rebase_source : e1f7a469d2dc8608adf4b0172f99d9adb192bbb5
2016-06-02 13:17:14 -07:00
Julian Hector
d0f949dad4
Bug 1275786 - Add sys_listen to seccomp whitelist. r=jld
...
--HG--
extra : rebase_source : 7028482ca148f63e53e1fe915d0be507b5116c84
2016-05-27 16:00:50 +02:00
Julian Hector
cb6d29b0b7
Bug 1275785 - Add sys_bind to seccomp whitelist. r=jld
...
--HG--
extra : rebase_source : 90d403a3b21547ff7f280b2bff7746f4b8e32fe3
2016-05-27 15:58:51 +02:00
Julian Hector
5eb8b17162
Bug 1275781 - Add sys_accept to seccomp whitelist. r=jld
...
--HG--
extra : rebase_source : e4761ce8c466987f54ddd41603fa626923fe0865
2016-05-27 15:56:35 +02:00
Kai Engert
c50d0b99ce
Bug 1277255, land NSS_3_25_BETA1, r=franziskus
2016-06-02 22:33:04 +02:00
Cykesiopka
4e54963733
Bug 1275197 - Ensure nsNSSU2FToken.cpp GetSymKeyByNickname() does not cause leaks. r=keeler
...
Prior to these changes, GetSymKeyByNickname() could theoretically leak. This
should not happen in practice, so the changes here just ensure that the code
doesn't cause leaks.
MozReview-Commit-ID: LWtqLmsBPV2
--HG--
extra : transplant_source : rWE%CD%D8%A7%87%3C%95%03%B5%03E%3E%06E%C7O%0D%F6
2016-06-01 22:43:37 -07:00
Jonas Sicking
c706b7f059
Bug 1275714
- Changes in preparation for FlyWeb landing. Add ability to pin using a cert fingerprint, in addition to using a cert. r=dkeeler
...
--HG--
extra : amend_source : 41336f6eeaf5e26b91e177dd60a91ad9ed3a064c
2016-06-01 17:02:34 -04:00
Haik Aftandilian
7c418a5f4a
Bug 1276420 - Widevine plugin crashing on OS X due to -stdlib=libc++ and sandboxing interaction; r=gcp
2016-06-01 12:26:04 -07:00
J.C. Jones
8524776280
Bug 1275479 - Create nsIU2FToken base interface (Part 2). r=keeler
...
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.
MozReview-Commit-ID: GQuu6NolF4D
--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
2016-05-27 13:44:20 -07:00
Chris Peterson
6b776e8000
Bug 1277014 - Fix -Wstring-conversion warnings in security/manager/ssl/. r=keeler
...
security/manager/ssl/nsNSSComponent.cpp:1694:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [31]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1333:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1341:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1349:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
security/manager/ssl/nsNSSIOLayer.cpp:1357:16 [-Wstring-conversion] implicit conversion turns string literal into bool: 'const char [22]' to 'bool'
2016-05-31 21:51:50 -07:00
Carsten "Tomcat" Book
76fd727737
Merge mozilla-central to mozilla-inbound
2016-05-30 15:30:55 +02:00
Carsten "Tomcat" Book
463212f69f
merge mozilla-inbound to mozilla-central a=merge
2016-05-30 15:29:19 +02:00
Julian Seward
8562142079
Bug 1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 SHA1_End. r=dkeeler.
...
--HG--
extra : rebase_source : d8e517c891212c0b7794e7db433f6ed626c4cac5
2016-05-30 15:25:52 +02:00
ffxbld
dca36f5e32
No bug, Automated HPKP preload list update from host bld-linux64-spot-593 - a=hpkp-update
2016-05-28 05:20:15 -07:00
ffxbld
3eac728432
No bug, Automated HSTS preload list update from host bld-linux64-spot-593 - a=hsts-update
2016-05-28 05:20:13 -07:00
Wes Kocher
9749648a79
Merge inbound to m-c a=merge
2016-05-27 14:14:36 -07:00
Ryan VanderMeulen
687dcb9a8f
Backed out changesets d3bde9a513bb and 9fd1d6aeed21 (bug 1272764) for causing startup crashing on OSX 10.9. a=me
2016-05-27 14:50:50 -04:00
Chris Peterson
11ef78ae89
Bug 1275016 - Rename Endian.h to EndianUtils.h to avoid #include confusion with Android's endian.h stdlib header. r=froydnj
...
--HG--
rename : mfbt/Endian.h => mfbt/EndianUtils.h
2016-05-22 13:31:11 -07:00
David Keeler
8ba29d1473
bug 1265113 - implement platform support for enterprise roots r=Cykesiopka,mhowell,rbarnes
...
MozReview-Commit-ID: JKxwCjoH0Oa
--HG--
extra : rebase_source : 9eaf3f1c5371e7b4b4df304bc6ce132ade5775da
2016-04-13 15:36:22 -07:00
Haik Aftandilian
0c9bf9e670
Bug 1272764 - Indentation and whitespace cleanups. r=bobowen
...
--HG--
extra : rebase_source : d3ac9c55cbe4924702fad32dabbc97ac921cce07
2016-05-26 00:08:00 -04:00
Haik Aftandilian
4c4557e85c
Bug 1272764 - Remove OS X 10.6-10.8-specific sandboxing code. r=bobowen
...
--HG--
extra : rebase_source : 94630f8208b4ee1e3664e61425c083a05157e64d
2016-05-26 00:07:00 -04:00
Alexandre Lissy
c6be1d0d13
Bug 1274826 - Bypass building SandboxHooks on Gonk r=jld
...
MozReview-Commit-ID: 3TVdcY7aXvW
--HG--
extra : rebase_source : b734c54ad4e7b8fff384f399b84014410b4cf719
2016-05-26 01:02:25 +02:00
Carsten "Tomcat" Book
b6b164ec6d
Merge mozilla-central to mozilla-inbound
2016-05-25 15:20:00 +02:00
Carsten "Tomcat" Book
c715836c7f
merge mozilla-inbound to mozilla-central a=merge
2016-05-25 15:04:00 +02:00
Carsten "Tomcat" Book
3cab03a461
Merge mozilla-central to fx-team
2016-05-24 15:15:55 +02:00
Carsten "Tomcat" Book
cb4337c62c
merge mozilla-inbound to mozilla-central a=merge
...
--HG--
rename : dom/presentation/tests/mochitest/file_presentation_non_receiver_oop.html => dom/presentation/tests/mochitest/file_presentation_non_receiver.html
rename : dom/presentation/tests/mochitest/file_presentation_non_receiver_inner_iframe_oop.html => dom/presentation/tests/mochitest/file_presentation_non_receiver_inner_iframe.html
rename : dom/presentation/tests/mochitest/file_presentation_receiver_inner_iframe_oop.html => dom/presentation/tests/mochitest/file_presentation_receiver_inner_iframe.html
2016-05-24 14:52:23 +02:00
ffxbld
d8a85e51ac
No bug, Automated HPKP preload list update from host bld-linux64-spot-425 - a=hpkp-update
2016-05-21 05:05:21 -07:00
ffxbld
0ffea88a0a
No bug, Automated HSTS preload list update from host bld-linux64-spot-425 - a=hsts-update
2016-05-21 05:05:19 -07:00
Bob Owen
ecee115838
Bug 1250125: Make a 0 security.sandbox.content.level turn off the content process sandbox. r=TimAbraldes
...
This also fixes a bug where we weren't setting parts of the policy correctly for levels 3 to 9.
MozReview-Commit-ID: IXsg2nGOqoa
--HG--
extra : rebase_source : 65c76a581dcd498c7d7d5b01e4f4e140acdb244f
2016-05-25 09:06:23 +01:00
Masatoshi Kimura
3e0685deec
Bug 1274953 - Bump the lowest valid TLS insecure fallback limit to 3 (TLS 1.2). r=keeler
2016-05-24 19:08:13 +09:00
Masatoshi Kimura
877c4b8482
Bug 1275252 - Deal with some TLS 1.3 intolerance. r=keeler
2016-05-25 19:36:57 +09:00
Mathieu Leplatre
695a9942a4
Bug 1266235 - Use blocklist prefix in preference names. r=MattN
...
MozReview-Commit-ID: 5aeoiSEMwYw
--HG--
extra : rebase_source : ff4e77c88de58923afe75be2046dcdb98e40ad2f
2016-05-19 12:51:13 +02:00
Sergei Chernov
d46c2e938b
Bug 1241574 - Certificate Transparency - base definitions and serialization to/from TLS wire format. r=keeler, r=Cykesiopka
...
MozReview-Commit-ID: KmJOr2crof7
--HG--
extra : transplant_source : %97%2A%03p%7CP%09%CA%60J%D22%91%3C%C1%C9%B8%C6%89%D8
2016-04-11 16:17:25 +03:00
Johnathan Nightingale
c40db9a65c
bug 466011 - clarify comments in cert override service IDL r=kaie DONTBUILD NPOTB
...
--HG--
extra : rebase_source : 6c67c12f768c4f5e9df84a7ab982d08095ba29ae
2016-05-27 13:11:32 -07:00
David Keeler
e87f6f88e2
bug 1273677 - ensure session cache is properly configured and torn down for TLSServerSocket r=mcmanus
...
MozReview-Commit-ID: 6i7HxTdLcID
--HG--
extra : rebase_source : 3c1b4c0ed798c166cbc2bcad71de90543af176c1
2016-05-23 13:58:56 -07:00
Gian-Carlo Pascutto
e8fd20fdcf
Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
...
MozReview-Commit-ID: 6Un4yNzxGgg
--HG--
extra : rebase_source : fc8762b9802fab071cb194513a5ad390ae7984f3
2016-05-18 18:37:44 +02:00
Carsten "Tomcat" Book
805f86c2b5
Merge mozilla-central to mozilla-inbound
2016-05-24 15:13:51 +02:00
Carsten "Tomcat" Book
be11014a2b
Backed out changeset 767f65379fdf (bug 1098428) for causing linux crashes on a CLOSED TREE
2016-05-24 13:03:00 +02:00
Gian-Carlo Pascutto
42b1907a65
Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
...
MozReview-Commit-ID: GtIPsRqq5hr
--HG--
extra : rebase_source : 6b918e5119f15536c9437c27cfee413577268b78
2016-05-18 18:37:44 +02:00
Cykesiopka
0b04616a47
Bug 1271496 - Stop using Scoped.h in non-exported PSM code. r=keeler
...
Scoped.h is deprecated in favour of the standardised UniquePtr.
This patch removes use of Scoped.h everywhere in PSM except ScopedNSSTypes.h,
which is exported. Other consumers of ScopedNSSTypes.h can move off Scoped.h
at their own pace.
This patch also changes parameters and return types of various functions to make
ownership more explicit.
MozReview-Commit-ID: BFbtCDjENzy
--HG--
extra : transplant_source : %0B%C7%9F%40%FA9%A4%F2%5E%0D%92%1C%A6%A49%94%C3%7E%1Cz
2016-05-23 19:50:26 -07:00
Cykesiopka
378731742d
Bug 883718 - Followup: Remove nsIBufEntropyCollector.idl. r=trivial
...
This file is no longer used post
https://hg.mozilla.org/mozilla-central/rev/8dd88e2a1976 , but was not removed.
2016-05-24 00:51:00 +02:00
Nicholas Nethercote
99a82c0ac7
Bug 1273711 - Avoid OOM aborts in nsSecretDecoderRing::encode(). r=cykesiopka.
...
This patch removes an infallible duplication of the base64-encoded string,
which can be large.
--HG--
extra : rebase_source : c8e709d7afcb53e23fdea919fade857a7fd3fea4
2016-05-19 08:55:48 +10:00