wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
241,843 Commits 1 Branch 166 Tags 1.2 GiB
384c2b1544
Commit Graph

3137 Commits

Author SHA1 Message Date
Mark Goodwin
957e3792cf Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler 2015-02-26 04:38:00 +01:00
Cykesiopka
0333f769fa Bug 1130418 - Remove broken e-mail cert trust editing UI. r=emk 2015-03-02 19:54:00 +01:00
Cykesiopka
9ab87a604b Bug 1130413 - Remove unused nsITokenPasswordDialogs::GetPassword() function. r=jjones 2015-02-26 13:05:00 +01:00
Wes Kocher
964b89fd2c Merge inbound to m-c a=merge 2015-03-02 12:12:47 -08:00
ffxbld
370ac08ffb No bug, Automated HPKP preload list update from host bld-linux64-spot-044 - a=hpkp-update 2015-02-28 03:27:43 -08:00
ffxbld
74498b8502 No bug, Automated HSTS preload list update from host bld-linux64-spot-044 - a=hsts-update 2015-02-28 03:27:41 -08:00
Kai Engert
e878c9bac2 Bug 1137470 - Upgrade Firefox to NSS 3.18, landing NSS_3_18_BETA7, r=nss-confcall 2015-02-26 23:29:08 +01:00
David Keeler
1f3f600cd6 bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith 2015-02-24 15:48:05 -08:00
Boris Zbarsky
897168be1d Bug 1136388. Change nsIDocumentLoaderFactory and nsIURIContentListener to take MIME types as an XPCOM string, not a char*. r=smaug 2015-02-25 10:26:51 -05:00
Jed Davis
fff8d00bd3 Bug 1134942 - Whitelist fstatat and unlinkat for B2G content processes. r=gdestuynder 2015-02-20 12:16:00 +01:00
Brian Smith
d85291b22f Bug 1077864, Part 3: update nsserrors.properties so error message gets localized. 2015-02-23 16:04:23 -08:00
Brian Smith
48b59204aa Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler 2015-02-14 16:59:02 -08:00
Brian Smith
b20439c68e Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler 2015-02-14 15:59:38 -08:00
Brian Smith
5d73953c07 Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler 2015-02-22 16:59:03 -08:00
Brian Smith
0fd7ea7c26 Bug 1135407: Factor out duplicate logic in tests, r=keeler 2015-02-21 14:12:38 -08:00
Ehsan Akhgari
d59e287524 Bug 1135745 - Disable the reserved-id-macro macro in security/pkix; r=briansmith 2015-02-23 13:40:09 -05:00
Ryan VanderMeulen
1c4d542a01 Merge inbound to m-c. a=merge 2015-02-21 16:40:27 -05:00
ffxbld
a26a51b898 No bug, Automated HPKP preload list update from host bld-linux64-spot-148 - a=hpkp-update 2015-02-21 03:32:26 -08:00
ffxbld
13ecb9fd8b No bug, Automated HSTS preload list update from host bld-linux64-spot-148 - a=hsts-update 2015-02-21 03:32:24 -08:00
André Reinald
b2b221690e Bug 1083344 - Tighten rules for Mac OS content process sandbox - "rules part". r=smichaud 2015-02-21 13:06:34 +01:00
André Reinald
02ebd8a364 Bug 1083344 - Tighten rules for Mac OS content process sandbox - "core part". r=smichaud 2015-02-18 14:10:27 +01:00
Brian Smith
729b7869c0 Bug 1133618 - Move test SHA1 function to pkixtestutil.cpp. r=mmc 2015-02-16 16:37:03 -08:00
Brian Smith
15a55b5a35 Bug 1130754 - Make PublicKeyAlgorithm an enum class. r=keeler 2015-02-14 13:25:09 -08:00
Masatoshi Kimura
43f23d98e1 Bug 1127339 - Detect SSLv3-only server in PSM. r=keeler 2015-02-21 17:20:22 +09:00
Cykesiopka
d22c9d9a28 Bug 1097622 - Add test cases for certs that have notBefore times earlier than the UNIX epoch. r=dkeeler 2015-02-17 06:15:00 -05:00
Cykesiopka
1d7d83f71b Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler 2015-02-18 15:56:00 -05:00
Cykesiopka
64a8ea21dd Bug 1097622 - Rename (mE|e)rrorCodeExpired variables to (mE|e)rrorCodeTime. r=dkeeler 2015-02-17 06:12:00 -05:00
Masatoshi Kimura
e7ae123b62 Bug 1133187 - Update fallback whitelist. r=keeler 2015-02-19 04:12:59 +09:00
Masatoshi Kimura
692596c616 Bug 1124039 - Allow RC4 only for whitelisted hosts. r=keeler 2015-02-19 04:12:58 +09:00
Masatoshi Kimura
b3a87502f8 Bug 1137179 - Add wildcard support to the static fallback list. r=keeler 2015-02-28 08:53:44 +09:00
Cykesiopka
d7e0cccff0 Bug 1136471 - Remove unused nsIIdentityInfo.getValidEVPolicyOid(). r=dkeeler 2015-02-26 13:05:00 -05:00
André Reinald
1e5dfc79ad Bug 1083344 - Add "allow" sandbox rules to fix mochitests on OSX 10.9 and 10.10. r=smichaud 2015-02-27 16:55:35 +01:00
Chris Peterson
a3979244a6 Bug 1133283 - Remove nonstandard expression closures from security/manager/ssl/tests. r=keeler 2015-01-24 23:48:22 -08:00
David Keeler
172cad9792 bug 1123671 - if a non-overridable error is encountered when processing an overridable certificate error, report the non-overridable error r=mmc r=jcj 
Also, SEC_ERROR_UNTRUSTED_ISSUER and SEC_ERROR_UNTRUSTED_CERT are not actually overridable, so don't pretend they are.
 2015-01-23 14:04:44 -08:00
Chuck Lee
1900ef43e3 Bug 1012549 - 0001. Support import PKCS12 certificate. r=dkeeler r=vchang 2015-02-28 21:54:16 +08:00
Christoph Kerschbaumer
7a287ddcea Bug 1099296 - Attach LoadInfo to remaining callers of ioService and ProtocolHandlers - in security/ (r=keeler) 2015-02-17 10:09:40 -08:00
Carsten "Tomcat" Book
5bd5760509 Merge mozilla-central to mozilla-inbound 2015-02-16 16:14:51 +01:00
Carsten "Tomcat" Book
b894747db5 merge mozilla-inbound to mozilla-central a=merge 2015-02-16 15:59:56 +01:00
ffxbld
a634b8144f No bug, Automated HPKP preload list update from host bld-linux64-spot-1093 - a=hpkp-update 2015-02-14 03:21:57 -08:00
ffxbld
5200600637 No bug, Automated HSTS preload list update from host bld-linux64-spot-1093 - a=hsts-update 2015-02-14 03:21:55 -08:00
Masatoshi Kimura
f9bfa5cc7b Bug 1131880 - Modify the condition to disallow PR_CONNECT_RESET_ERROR on fallback. r=keeler 2015-02-16 20:03:06 +09:00
Masatoshi Kimura
4556fb4a20 Backout 9507662057de (bug 1130670) and c731517a47e8 (bug 1124039) due to compatibility issues 2015-02-16 19:55:15 +09:00
Mike Hommey
d36e105b4e Bug 1120937 - Properly initialize string fields from the PKCS#11 test module. r=keeler 
The string fields need to be padded with spaces, according to what
PK11_MakeString does to find the end of the string.

While here, factor all the string manipulations in the test module and
use some C++ template magic to do the right thing.

This changes the static asserts from (with clang):

pkcs11testmodule.cpp:45:3: error: static_assert failed
      "TestManufacturerID too long - make it shorter"
  static_assert(sizeof(TestManufacturerID) <= sizeof(pInfo->manufacturerID),
  ^             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

to:

pkcs11testmodule.cpp:46:3: error: static_assert failed
      "DestSize >= SrcSize - 1"
  static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1");
  ^             ~~~~~~~~~~~~~~~~~~~~~~~
pkcs11testmodule.cpp:58:3: note: in instantiation of function
      template specialization 'CopyString<32, 63>' requested here
  CopyString(pInfo->manufacturerID, TestManufacturerID);
  ^

which actually gives more information than before: it gives the length of
both buffers.
 2015-02-13 10:29:18 +09:00
Masatoshi Kimura
e7fe7f16e3 Bug 1130670 - Remove dead code that tracks strongCipherStatus. r=keeler 2015-02-14 15:16:04 +09:00
Nicholas Nethercote
09156539d5 Bug 1131901 (part 1) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj. 
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.
 2015-02-02 14:48:58 -08:00
Cykesiopka
a8c28fda0e Bug 1130405 - Remove unused pippki strings. r=jcj 2015-02-11 05:08:00 -05:00
Cykesiopka
54328342f6 Bug 1130402 - Make use of currently unused certManager.dtd access key strings. r=jcj 2015-02-07 01:16:00 -05:00
Bob Owen
c8281d0595 Bug 1132021 - Add a new sandbox level for Windows NPAPI to use USER_LIMITED access token level. r=bsmedberg, r=bbondy 2015-02-11 16:25:43 +00:00
Cykesiopka
f0e176336b Bug 1131475 - Make sure reference to "unable_to_toggle_fips" bundle key is in the correct case. r=jcj 2015-02-11 05:05:00 -05:00
Andrew McCreight
c946357872 Bug 1131199, part 2 - Make PLDHashtInitEntry infallible. r=froydnj 
Also, drop the unused table argument.
 2015-02-11 09:46:40 -08:00
Andrew McCreight
55eaced49c Bug 1131199, part 1 - Allocation of CompareCacheHashEntryPtr::entry is infallible. r=froydnj 2015-02-11 09:46:40 -08:00
Brian Smith
3c0ef770cd Bug 1102195 Part 4: Re-apply - Change a non-conforming usage of a const value type to a non-const value type, which VS2015 rightly rejects, r=bobowen 
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/c827c112df81
 2015-01-07 23:28:51 -08:00
Bob Owen
994dae2ea2 Bug 1102195 Part 3: Re-apply logging changes to the Chromium interception code. r=tabraldes 
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/0f763c186855
 2014-11-29 17:12:18 +00:00
Bob Owen
99b44e5820 Bug 1102195 Part 2: Re-apply pre-vista stdout/err process inheritance change to Chromium code after merge. r=tabraldes 
Originally landed as changset:
https://hg.mozilla.org/mozilla-central/rev/f94a07671389
 2014-11-18 15:11:47 +00:00
Bob Owen
91cddb9feb Bug 1102195 Part 1: Update Chromium sandbox code to commit df7cc6c04725630dd4460f29d858a77507343b24. r=aklotz, r=jld 2015-02-11 08:22:02 +00:00
Brian Smith
859c0d622a Bug 1130754: Avoid recalculating tbsCertificate digest, r=keeler 2015-02-07 12:14:31 -08:00
Nicholas Nethercote
a3bfc736ba Back out changesets 2fcef6b54be7, 2be07829fefc, 66dfe37b8532, df3fcd2be8fd, 0a436bce77a6 (bug 1050035) for causing intermittent crashes and assertion failures. 2015-02-10 14:39:49 -08:00
Brian Smith
70541ae471 Bug 1122841, Part 2: Centralize checking of public key, r=keeler 2015-02-02 16:17:08 -08:00
Brian Smith
6f49fad120 Bug 1122841, Part 1: Add PositiveInteger parser, r=keeler 2015-02-06 18:21:20 -08:00
Brian Smith
21d66c0293 Bug 1128413, Part 4: Fix warnings in mozilla-config.h and gcc-stl-wrapper.template.h, r=glandium 2015-02-02 17:35:19 -08:00
Brian Smith
5c3f56a357 Bug 1128413, Part 3: Enable more compiler warnings, r=mmc 2015-02-07 14:38:40 -08:00
Brian Smith
1aa8a904ff Bug 1128413, Part 2: Don't use double underscores any more 2015-01-31 19:51:46 -08:00
Brian Smith
0e83193293 Bug 1128413, Part 1: Fix switch-related warnings, r=mmc 2015-02-02 14:21:27 -08:00
Masatoshi Kimura
3b7544e51a Bug 1124039 - Enable RC4 only if ClientHelloVersion <= TLS 1.0. r=keeler 2015-02-10 22:29:51 +09:00
Cykesiopka
646544ea00 Bug 897690 - Remove misleading error message from AppendErrorTextUntrusted. r=dkeeler 2015-02-09 03:50:00 +01:00
Bob Owen
d7507fde77 Bug 1129369 Part 3: Turn on MITIGATION_STRICT_HANDLE_CHECKS process-level mitigation for the GMP sandbox. r=tabraldes 2015-02-10 09:06:59 +00:00
Bob Owen
5a5232342f Bug 1129369 Part 2: Turn on BOTTOM_UP_ASLR process-level mitigation for the GMP sandbox. r=tabraldes 2015-02-10 09:06:59 +00:00
Bob Owen
9aff5c26a7 Bug 1129369 Part 1: Turn on DEP_NO_ATL_THUNK process-level mitigation for the GMP sandbox. r=tabraldes 2015-02-10 09:06:59 +00:00
Nicholas Nethercote
ee41df7dc2 Bug 1127201 (attempt 2, part 1) - Replace most NS_ABORT_IF_FALSE calls with MOZ_ASSERT. r=Waldo. 2015-02-09 14:34:50 -08:00
Masatoshi Kimura
0e792b8d54 Bug 1126413 - Part 2: UI changes to display security info on broken secure pages. r=dolske 2015-02-10 04:16:23 +09:00
Masatoshi Kimura
0240561b0a Bug 1126413 - Part 1: Expose nsISSLStatus for broken secure pages. r=keeler 2015-02-10 04:16:22 +09:00
Phil Ringnalda
a7795990b2 Merge m-i to m-c, a=merge 2015-02-07 08:45:54 -08:00
ffxbld
0568e7e728 No bug, Automated HPKP preload list update from host bld-linux64-spot-075 - a=hpkp-update 2015-02-07 03:24:40 -08:00
ffxbld
7680059999 No bug, Automated HSTS preload list update from host bld-linux64-spot-075 - a=hsts-update 2015-02-07 03:24:38 -08:00
Bob Owen
bb1da6346b Bug 1127230: Change the NPAPI sandbox prefs to integers to indicate the level of sandboxing. r=bsmedberg 2015-01-30 17:48:15 +00:00
Masatoshi Kimura
b6814beac2 Bug 1128227 - Add a static TLS insecure fallback whitelist. r=keeler 2015-02-07 13:03:23 +09:00
Nicholas Nethercote
0a02b5d31c Bug 1127201 (part 2) - Convert all NS_ABORT_IF_FALSE calls to MOZ_ASSERT. r=Waldo. 2015-02-04 20:05:36 -08:00
Masatoshi Kimura
5febeecdfb Bug 1128763 - Do insecure fallback after PR_CONNECT_RESET_ERROR for whitelisted sites only. r=keeler 2015-02-05 22:02:32 +09:00
Masatoshi Kimura
a082706cfe Bug 1116891 - Do fallback with RC4 cipher suites after PR_CONNECT_RESET_ERROR. r=bsmith 2015-02-05 22:02:31 +09:00
Masatoshi Kimura
aed319520c Bug 1127285 - Remove unused fallback reasons. r=keeler 2015-02-05 22:02:31 +09:00
Cykesiopka
ca5babd898 Bug 1128917 - Replace getp12password.xul with a call to nsIPromptService::PromptPassword(). r=keeler 2015-02-05 03:28:00 +01:00
TheKK
cd4a17333c Bug 1092398 - "remove unused CertVerifier enums (missing_cert_download_config and crl_download_config)". r=honzab.moz 2015-01-23 06:17:00 +01:00
Nicholas Nethercote
a40419dc43 Bug 1050035 (part 4) - Make PL_DHashTableAdd() infallible by default, and add a fallible alternative. r=froydnj. 
I kept all the existing PL_DHashTableAdd() calls fallible, in order to be
conservative, except for the ones in nsAtomTable.cpp which already were
followed immediately by an abort on failure.
 2015-02-02 14:48:58 -08:00
Nicholas Nethercote
a5bbfabc46 Bug 1050035 (part 2) - Remove the fallible version of PL_DHashTableInit(). r=froydnj,mrbkap. 
Because it's no longer needed now that entry storage isn't allocated there.
(The other possible causes of failures are much less interesting and simply
crashing is a reasonable thing to do for them.)

This also makes PL_DNewHashTable() infallible.
 2015-02-01 20:19:08 -08:00
David Keeler
cab7fd2d3e bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa 
As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
 2015-01-15 11:01:10 -08:00
Cykesiopka
b120add5d7 Bug 78808 - Enable Cert Manager buttons only when they would have an effect. Original patch by Scott Johnson. r=keeler 2015-01-31 14:20:00 +01:00
Mike Hommey
50e6916b40 Bug 1126593 - Add a global fallible instance, so that using fallible works directly, everywhere. r=njn 2015-02-02 09:56:13 +09:00
Andrew McCreight
1ee96e7527 Back out Bug 1127201 (part 2) for various problems. 2015-02-06 15:04:32 -08:00
Cykesiopka
6af3b3a232 Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler 2015-02-06 11:18:20 -08:00
Cykesiopka
b6900ab73a Bug 968560 - Add missing Not-Yet-Valid cert override tests. r=dkeeler 2015-02-06 11:18:04 -08:00
Phil Ringnalda
56b992da90 Merge m-c to m-i 2015-01-31 09:13:30 -08:00
Masatoshi Kimura
96a8248e48 backout 3d4d4a91f29a (bug 1102632) as some web pages can no longer connect without enabling SSLv3 2015-01-31 22:16:48 +09:00
ffxbld
a691b83b24 No bug, Automated HPKP preload list update from host bld-linux64-spot-015 - a=hpkp-update 2015-01-31 03:38:09 -08:00
ffxbld
f5b851b52b No bug, Automated HSTS preload list update from host bld-linux64-spot-015 - a=hsts-update 2015-01-31 03:38:07 -08:00
Wes Kocher
50b90fbd84 Merge fx-team to m-c a=merge CLOSED TREE 2015-01-29 15:27:17 -08:00
Carsten "Tomcat" Book
511c9ee8cd Merge mozilla-central to fx-team 2015-01-29 16:20:17 +01:00
Masatoshi Kimura
90c7a6b8f8 Bug 1123020 - Remove options to allow unrestricted renegotiation. r=keeler 2015-01-29 21:04:26 +09:00
Gijs Kruitbosch
dbac71f391 Bug 1126675 - indicate missing issuerName or subjectName as empty string, r=keeler 2015-01-28 15:42:41 +00:00
Bob Owen
543404566a Bug 1126402: Add a pref to enable a more strict version of the Windows NPAPI process sandbox. r=bsmedberg, r=bbondy 2015-01-29 08:13:07 +00:00
David Keeler
289800a028 backout cd0ec3afca5a (bug 832837) for mochitest bustage 2015-01-30 11:25:24 -08:00
David Keeler
5108f641ee bug 832837 - move insecure form submission warning from nsSecureBrowserUIImpl to the HTML form implementation r=mrbkap r=phlsa 
As a result, we can remove nsSecurityWarningDialogs completely, which this patch also does.
 2015-01-15 11:01:10 -08:00
Kai Engert
353b42937b Bug 1107731 - Upgrade Mozilla 36 and 37 to use NSS 3.17.4, mark release candidate as RTM, DONTBUILD 2015-01-28 20:49:21 +01:00
Masatoshi Kimura
65d35ee16e Bug 1114816 - Implement TLS intolerance fallback whitelist. r=keeler 2015-01-29 03:52:42 +09:00
Bob Owen
b6517f78ca Bug 1125865: Only log Windows sandbox violations to console when nsContentUtils is initialized. r=bbondy 2015-01-28 11:21:24 +00:00
Cykesiopka
ecefbade12 Bug 1125478 - Refactor and clean up key size test files. r=keeler 2015-01-27 22:11:00 +01:00
Nicholas Nethercote
d761b24aaf Bug 1124973 (part 2) - Introduce PL_DHashTableSearch(), and replace most PL_DHashTableLookup() calls with it. r=froydnj. 
It feels safer to use a function with a new name, rather than just changing the
behaviour of the existing function.

For most of these cases the PL_DHashTableLookup() result was checked with
PL_DHASH_ENTRY_IS_{FREE,BUSY} so the conversion was easy. A few of them
preceded that check with a useless null check, but the intent of these was
still easy to determine.

I'll do the trickier ones in subsequent patches.
 2015-01-22 21:06:55 -08:00
David Keeler
d043f815ec bug 1125503 - when canonicalizing hostnames, check string length before calling Last() r=mmc 2015-01-26 12:47:50 -08:00
Ehsan Akhgari
9f466f4b06 Bug 1126128 - Mark TestTrustDomain::VerifySignedData as override; r=bsmith 2015-01-27 08:33:24 -05:00
Cykesiopka
5167ffd003 Bug 691148 - Remove unused strings from pipnss.properties. r=keeler 2015-01-26 21:30:00 +01:00
Chris Peterson
bd3e661f2d Bug 1125592 - Fix -Wmaybe-uninitialized warning in security/manager/ssl/src/nsNSSASN1Object.cpp. r=dkeeler 2015-01-23 22:58:43 -08:00
Ehsan Akhgari
6e4bdea85d Backed out changeset 45921e3d9773 (bug 1117034) because of build bustage on a CLOSED TREE 2015-01-26 21:52:40 -05:00
Ehsan Akhgari
bd30de9162 Bug 1117034 - Mark some overridden functions in the tree as override 2015-01-26 21:14:12 -05:00
David Keeler
1dd73ac36f bug 1125261 - mozilla::pkix: handle comparing single, relative labels with wildcards r=briansmith 
e.g. handle comparing "localhost" with "*.example.com"
 2015-01-23 15:56:53 -08:00
Daniel Holbert
3dbcd679e4 Bug 1125673: Mark method 'FindIssuer' as 'override' in pkixocsp_VerifyEncodedOCSPResponse.cpp, to fix clang warning. r=briansmith 2015-01-26 10:40:07 -08:00
Bob Owen
3890296a7b Bug 1094370: Use the USER_LOCKDOWN access token for GMP processes. r=aklotz 2015-01-26 10:14:39 +00:00
Phil Ringnalda
0df0968ebe Merge m-i to m-c, a=merge 2015-01-24 08:27:17 -08:00
ffxbld
2a36acca4c No bug, Automated HPKP preload list update from host bld-linux64-spot-127 - a=hpkp-update 2015-01-24 03:27:50 -08:00
ffxbld
5346825c50 No bug, Automated HSTS preload list update from host bld-linux64-spot-127 - a=hsts-update 2015-01-24 03:27:48 -08:00
Bob Owen
b53016c9db Bug 1123245 Part 2: Use the USER_NON_ADMIN access token level for Windows NPAPI processes. r=tabraldes 2015-01-23 08:32:21 +00:00
Bob Owen
27e023746a Bug 1123245 Part 1: Enable an open sandbox on Windows NPAPI processes. r=josh, r=tabraldes 2015-01-23 08:32:20 +00:00
Cykesiopka
e1b3097b36 Bug 1077790 - Tests. r=keeler 2015-01-22 13:50:06 -08:00
Cykesiopka
0be7e63254 Bug 1077790 - Make mozilla::pkix::CheckPublicKeySize() accept specific elliptic curves only. r=briansmith 2015-01-21 17:20:16 -08:00
Brian Smith
13bb23a7be Bug 1114703: Remove mozilla::pkix's polyfill for std::bind, r=mmc 2015-01-21 04:00:40 -08:00
Kai Engert
e6116c88b4 Bug 1107731, Upgrade to NSS 3.17.4, landing release candidate NSS_3_17_4_RC0, r=wtc 2015-01-22 23:51:22 +01:00
David Keeler
d57bb36810 bug 1114882 - allow nsICryptoHash to be used in a content process r=mayhemer 2015-01-16 11:59:25 -08:00
Bob Owen
e96a041ac4 Bug 1102213: Move security/sandbox/win/ into security/sandbox/chromium/sandbox/ r=ted 2015-01-22 08:37:31 +00:00
Bob Owen
607c57bf24 Bug 1102215: Move security/sandbox/chromium/base/shim/ to new directory security/sandbox/chromium-shim/ r=ted 2015-01-22 08:37:30 +00:00
Bob Owen
c71f4fd518 Bug 1102211: Move security/sandbox/build/ into security/sandbox/chromium/ r=ted 2015-01-22 08:37:30 +00:00
Carsten "Tomcat" Book
ce0419c259 Backed out changeset 4ccaf5ae9ced (bug 1102211) for bustage on a CLOSED TREE 2015-01-22 10:25:39 +01:00
Carsten "Tomcat" Book
d02aa8b76b Backed out changeset 43f1f9eef449 (bug 1102215) 2015-01-22 10:25:03 +01:00
Carsten "Tomcat" Book
0b1a8634f9 Backed out changeset c607c8d4dacf (bug 1102213) 2015-01-22 10:24:57 +01:00
Bob Owen
49df8137d0 Bug 1102213: Move security/sandbox/win/ into security/sandbox/chromium/sandbox/ r=ted 2015-01-22 08:37:31 +00:00
Bob Owen
4aea2f84d8 Bug 1102215: Move security/sandbox/chromium/base/shim/ to new directory security/sandbox/chromium-shim/ r=ted 2015-01-22 08:37:30 +00:00
Bob Owen
a3c78c39e8 Bug 1102211: Move security/sandbox/build/ into security/sandbox/chromium/ r=ted 2015-01-22 08:37:30 +00:00
Wes Kocher
f2fccc7054 Backed out changeset 7811ebf7e321 (bug 1114882) for Android S4 orange on a CLOSED TREE 2015-01-21 17:24:36 -08:00
Raymond Etornam Agbeame(:retornam)
c744e27855 Bug 1109235 - remove nsIStreamCipher and implementation r=keeler 2015-01-22 16:02:30 -08:00
David Keeler
b115436002 bug 1114882 - allow nsICryptoHash to be used in a content process r=mayhemer 2015-01-16 11:59:25 -08:00
Bob Owen
fa71b20ec9 Bug 1121479 Part 4: Turn on DLL_SEARCH_ORDER process-level mitigation for the GMP sandbox. r=tabraldes 2015-01-21 07:59:56 +00:00
Bob Owen
79301c4edb Bug 1121479 Part 3: Turn on HEAP_TERMINATE process-level mitigation for the GMP sandbox. r=tabraldes 2015-01-21 07:59:56 +00:00
Bob Owen
f4f2ca86d4 Bug 1121479 Part 2: Turn on SEHOP process-level mitigation for the GMP sandbox. r=tabraldes 2015-01-21 07:59:56 +00:00
Bob Owen
a4b184f2ac Bug 1121479 Part 1: Turn on DEP process-level mitigation for the GMP sandbox. r=tabraldes 2015-01-21 07:59:56 +00:00
Ryan VanderMeulen
95704eeebb Merge m-c to inbound. a=merge 2015-01-20 22:15:04 -05:00
Ryan VanderMeulen
ab5614b717 Merge inbound to m-c. a=merge 2015-01-20 22:12:46 -05:00
ffxbld
f16b272dc6 No bug, Automated HPKP preload list update from host bld-linux64-spot-1001 - a=hpkp-update 2015-01-20 15:17:19 -08:00
ffxbld
57179e1be6 No bug, Automated HSTS preload list update from host bld-linux64-spot-1001 - a=hsts-update 2015-01-20 15:17:17 -08:00
Nicholas Nethercote
9a918a72c0 Bug 1123151 (part 2) - Add PLDHashTable::IsInitialized(). r=froydnj. 
This encapsulates most of the uses of PLDHashTable::ops.
 2015-01-19 16:11:34 -08:00
Nicholas Nethercote
fa52a2c4c9 Bug 1123151 (part 1) - Set PLDHashTable::ops consistently. r=froydnj. 
Currently the setting of PLDHashTable::ops is very haphazard.

- PLDHashTable has no constructor, so it's not auto-nulled, so lots of places
  null it themselves.

- In the fallible PLDHashTable::Init() function, if the entry storage
  allocation fails we'll be left with a table that has |ops| set -- indicating
  it's been initialized -- but has null entry storage. I'm not certain this can
  cause problems but it feels unsafe, and some (but not all) callers of Init()
  null it on failure.

- PLDHashTable does not null |ops| in Finish(), so some (but not all) callers
  do this themselves.

This patch makes things simpler.

- It adds a constructor that zeroes |ops|.

- It modifies Init() so that it only sets |ops| once success is ensured.

- It zeroes |ops| in Finish().

- Finally, it removes all the now-unnecessary |ops| nulling done by the users
  of PLDHashTable.
 2015-01-19 16:01:24 -08:00
Brian Smith
c58facd0e1 Bug 1119072, Part 6: Change a non-conforming usage of a const value type to a non-const value type, which VS2015 rightly rejects, r=bobowencode 2015-01-07 23:28:51 -08:00
Brian Smith
a62a73d75d Bug 1119072, Part 3(b): Silence warning about deprecated use of hash_set and hash_map in security/sandbox, r=jld 2015-01-12 19:58:43 -08:00
Benjamin Peterson
87991d196d No bug - fix typo r=me DONTBUILD 2015-01-19 14:13:24 -05:00
David Keeler
0b57449e27 bug 1123374 - fix CertBlocklist initialization when revocations.txt does not exist r=mgoodwin 2015-01-20 10:18:29 -08:00
Brian Smith
63a8a1ba7c Bug 1122835, Part 2: Simplify BitStringWithNoUnusedBits, r=keeler 2014-12-27 22:39:47 -08:00
Brian Smith
43459cb373 Bug 1122835: Add missing return value checks for Input::SkipToEnd, r=keeler 2014-12-27 23:12:46 -08:00
Masatoshi Kimura
0846c8ac1d Bug 1120393 - unittest to ensure nsITransportSecurityInfo.errorCode is correctly serialized. r=keeler 2015-01-16 21:48:38 +09:00
Masatoshi Kimura
3ec67da41d Bug 1120393 - Serialize/deserialize nsITransportSecurity.errorCode. r=keeler 2015-01-16 21:48:38 +09:00
Kai Engert
b9f70543b6 Bug 1107731 - Upgrade Mozilla 37 to use NSS 3.18. Landing BETA6. r=wtc 2015-01-16 11:40:18 +01:00
Birunthan Mohanathas
a2efd69daa Bug 1060696 - Remove NS_INIT_ISUPPORTS. r=froydnj 2015-01-16 07:34:46 +02:00
Nicholas Nethercote
14f46aac14 Bug 1121304 (part 2, attempt 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj. 2015-01-14 14:35:56 -08:00
Phil Ringnalda
cb85f01b15 Backed out 2 changesets (bug 1121304) for consistent b2g hangs in webgl-color-test.html?frame=1&__&preserve&premult&_____ 
Backed out changeset 20651ac19549 (bug 1121304)
Backed out changeset 758afec77c95 (bug 1121304)
 2015-01-14 22:02:23 -08:00
Nicholas Nethercote
60d7115c86 Bug 1121304 (part 2) - Remove PLDHashTableOps::{alloc,free}Table. r=froydnj. 2015-01-14 14:35:56 -08:00
Nicholas Nethercote
c4c1173204 Bug 1120476 (part 4) - Remove PLDHashTableOps::finalize. r=froydnj. 2015-01-13 19:02:35 -08:00
Nicholas Nethercote
7c92773a6f Bug 1120476 (part 3) - Remove PLDHashTable::data. r=froydnj. 2015-01-13 16:42:13 -08:00
Brian Smith
127c85bb17 Bug 1115910: Remove now-unneeded nullptr polyfill for old versions of GCC, r=keeler 2015-01-13 01:03:08 -08:00
Brian Smith
cbc3400b66 Bug 1115906, Part 3: Make formatting of struct/class/enum class more consistent, r=keeler 2015-01-13 16:53:34 -08:00
Brian Smith
a55759cd92 Bug 1115906, Part 2: Annotate classes and member functions with override and final, r=keeler 2015-01-13 16:54:10 -08:00
Brian Smith
8c8b82fc94 Bug 1115906, Part 1: Add workarounds for missing final/override support in GCC before version 4.7, r=keeler 2015-01-07 14:53:11 -08:00
Masatoshi Kimura
59d69bb40c Bug 1120664 - Rename mozilla::pkix::Result::ERROR_INVALID_TIME to avoid collision with a macro defined in windows.h. r=bsmith 2015-01-15 07:24:18 +09:00
Mike Hommey
09eca4aa01 Bug 1120937 - Properly initialize the session field from C_OpenSession in the PKCS#11 test module. r=dkeeler 2015-01-14 15:18:50 +09:00
Brian Smith
67371dfe02 Bug 1118122: Reland Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj 2015-01-12 23:12:01 -08:00
Cykesiopka
8a1c12356d Bug 1120098 - Re-enable test_ocsp_timeout.js on Windows. r=dkeeler 2015-01-10 08:41:00 +01:00
Steve Singer
b596b7d1fe Bug 1120125 - Fix compile error on big endian platforms. r=keeler 2015-01-10 14:31:00 +01:00
Masatoshi Kimura
40a556102e Bug 1120062 - Part 1: Remove most Nullptr.h includes. r=waldo 2015-01-11 11:34:52 +09:00
Chris Peterson
90751d5a6c Bug 1118076 - Remove MOZ_THIS_IN_INITIALIZER_LIST. r=Waldo 2015-01-06 21:39:46 -08:00
David Keeler
b03e9b919f bug 1065909 - canonicalize hostnames in nsSiteSecurityService and PublicKeyPinningService r=mmc 2015-01-09 09:46:05 -08:00
Brad Lassey
44918c55c0 bug 1118554 - fix gcc4.9 warnings on Android, <cstdlib> instead of <stdlib.h> r=gcp 
--HG--
extra : rebase_source : cbb04c5973878e350e890c4df2ce271d32b7587e
 2015-01-08 10:19:39 -05:00
Jacek Caban
65ae88b327 Bug 1119179 - Avoid gmtime_r duplication if it's provided by mingw. r=bsmith 2015-01-09 11:41:15 +01:00
Mark Goodwin ext:(%2C%20Harsh%20Pathak%20%3Chpathak%40mozilla.com%3E)
02a6ae6ff4 Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 06:08:00 +01:00
Ehsan Akhgari
bd52bd3f4e Bug 1118486 - Part 1: Use = delete instead of MOZ_DELETE directly; r=Waldo 
Most of this patch (with the exception of dom/bindings/Codegen.py) was
generated by the following bash script:

#!/bin/bash

function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
       ! -wholename "*security/nss*" \
       ! -wholename "*/.hg*" \
       ! -wholename "*/.git*" \
       ! -wholename "obj-*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_DELETE '= delete'
 2015-01-08 23:19:05 -05:00
David Keeler
98173efa0b bug 1101194 - follow-up to fix bustage in TestCertDB r=bustage on a CLOSED TREE 
Turns out there was a code path that resulted in attempting to acquire a lock
on the DataStorage mutex when one had already been acquired, resulting in
deadlock. This fixes it.
 2015-01-08 10:56:07 -08:00
Kai Engert
96f69d81c3 Bug 1107731, upgrade Mozilla 37 to use NSS 3.18 (this is beta 5), r=wtc 2015-01-08 19:40:05 +01:00
David Keeler
fd61efce36 bug 1101194 - add telemetry for DataStorage table size r=mgoodwin 2015-01-07 13:23:07 -08:00
Cykesiopka
a7c74a8344 Bug 989485 - Split test_cert_eku.js into multiple files to avoid time outs. r=keeler 2015-01-08 01:15:00 -05:00
Brian Smith
8d07fa93f4 Bug 1118599 - Remove now-unneeded MOZILLA_PKIX_ENUM_CLASS workaround for GCC enum class bugs. r=mmc 2015-01-06 18:28:09 -08:00
Michael Pruett
c1d94593ae Bug 1118024 - Use new PL_DHashTable{Add,Lookup,Remove} functions. r=nfroyd 2015-01-05 20:27:28 -06:00
Mike Hommey
16878fb907 Bug 1110760 - Build and Package Chromium Sandbox wow_helper. r=gps 2015-01-08 10:44:41 +09:00
Mike Hommey
30b698ea5e Bug 1110760 - Increase the chances of the wow_helper target code symbols being in the assumed order. r=aklotz 2015-01-08 10:44:41 +09:00
Bob Owen
72563da8c8 Bug 1110760 - Import Chromium Sandbox wow_helper code. r=aklotz 2015-01-08 10:44:40 +09:00
David Keeler
b5e27bf11e bug 1114741 - have nsRandomGenerator guard against NSS shutdown r=jcj 
nsRandomGenerator uses NSS resources but does not prevent against NSS shutting
down while doing so. To fix this, nsRandomGenerator must implement
nsNSSShutDownObject.
 2015-01-05 16:11:26 -08:00
Brad Lassey
606224b269 bug 1118554 - make android's stdcxx work r=glandium 2015-01-06 23:34:31 -05:00
Brian Smith
d6400cda68 Bug 1073867, Part 5: Make DSS test faster, r=mmc 
--HG--
extra : rebase_source : 5d3ae5b6c777382d69134d5c38fca0c52c93c3a2
extra : histedit_source : 15209d1249d2eb638143409404cbbe15f0a2715b
 2014-12-24 17:56:10 -08:00
Nicholas Nethercote
ebdc21ca1f Bug 1117611 - Fix shadowed variable in SandboxBroker::SetSecurityLevelForContentProcess(). r=bobowen. 
--HG--
extra : rebase_source : 29f25cc34bd5f66bac2454c30613344fb63a92b5
 2015-01-05 15:54:22 -08:00
Ehsan Akhgari
ae3cd2efdb Bug 1116559 - Remove the code to handle shutdown-cleanse from the cert override service code; r=keeler 
shutdown-cleanse has not been a thing for quite a while.
 2015-01-05 21:01:27 -05:00
Andrew Bartlett
c89715476a Bug 423758 - Add NTLMv2 to internal NTLM handler. r=keeler 
NTLMv2 is the default.

This adds a new preference:
network.ntlm.force-generic-ntlm-v1

This is to allow use of NTLMv1 in case issues are found in the NTLMv2
handler, or when contacting a server or backing DC that does not
support NTLMv2 for any reason.

To support this, we also:
 - Revert "Bug 1030426 - network.negotiate-auth.allow-insecure-ntlm-v1-https allows sending NTLMv1 credentials in plain to HTTP proxies, r=mcmanus"

 - Revert "Bug 1023748 - Allow NTLMv1 over SSL/TLS by default, r=jduell"

 - Remove LM code from internal NTLM handler

   The LM response should essentially never be sent, the last practical
   use case was CIFS connections to Windows 9X, I have never seen a web
   server that could only do LM

   It is removed before the NTLMv2 work is done so as to avoid having 3
   possible states here (LM, NTLM, NTLMv2) to control via preferences.

Developed with Garming Sam <garming@catalyst.net.nz>
 2014-12-22 15:55:00 -05:00
Brian Smith
ec056abef6 Bug 1117003 - Backout cset ca3c73188295 (Bug 1115903, Part 2), r=ehsan 2015-01-02 12:26:14 -08:00
Phil Ringnalda
6c4fc4e249 Merge m-i to m-c, a=merge 2015-01-03 20:02:33 -08:00
ffxbld
2ec8f6a06a No bug, Automated HPKP preload list update from host bld-linux64-spot-100 - a=hpkp-update 2015-01-03 03:20:27 -08:00
ffxbld
f18bb21ede No bug, Automated HSTS preload list update from host bld-linux64-spot-100 - a=hsts-update 2015-01-03 03:20:25 -08:00
Brian Smith
274cc4b148 Bug 1115903, Part 2: Delete most defaulted assignment operators and some defaulted copy constructors, r=jcj 
--HG--
extra : rebase_source : 6c8575de36355521baf69bba89eba530cd4e8b09
 2014-12-26 23:49:47 -08:00
Brian Smith
8d9ac2ee41 Bug 1115903, Remove VS2010 workarounds, r=mmc 
--HG--
extra : rebase_source : 742973c0f2d547371fbeca72e384053c70b5ba0f
 2014-12-26 21:39:54 -08:00
Brian Smith
f7ef5af115 Bug 1115761, Part 4: Add "fall through" comment, r=jcj 
--HG--
extra : rebase_source : 1e40d7d7d85c1a02eb6195ecee1038ea40a6a9ab
 2014-12-26 15:07:56 -08:00