Commit Graph

2375 Commits

Author SHA1 Message Date
Jed Davis
75747ff40f Bug 1059602 - Make libxul -> libmozsandbox dependency not a weak symbol. r=glandium
MFBT_API is not the right macro for this; it changes the affected
definition/usage to a weak symbol, for reasons explained in the comments
on its definition.

This was causing the linker to drop the dependency from libmozglue
to libmozsandbox, in some cases (--as-needed, with a linker that
doesn't consider weak symbols "needed"), and thus load libxul with
gSandboxCrashFunc relocated to address 0 (the expected behavior of an
unresolved weak symbol), which caused crashes when writing to it on
startup.

--HG--
extra : amend_source : b99fded391ae90b1311f4cabaf40f15e6414f245
2014-08-28 23:23:13 -07:00
Camilo Viecco
cc13f29bb0 Bug 1052099 - August 2014 batch of EV root CA changes. r=keeler
--HG--
extra : rebase_source : 4303f1fb6988ff462edd908295708788a24a64f1
2014-08-27 11:31:20 -07:00
David Keeler
b4aba762b9 bug 1009161 - follow-up: add test_nsCertType.js to xpcshell.ini so it'll actually run r=mmc 2014-08-28 11:38:31 -07:00
David Major
492c4f4f7d Bug 1023941 - Part 2: Static-link the CRT into plugin-container.exe. r=glandium,f=tabraldes
--HG--
rename : security/sandbox/moz.build => security/sandbox/objs.mozbuild
extra : rebase_source : e0b1515a4729ecfe82a67b6439d9a38453f7556a
2014-08-28 14:50:10 +12:00
Trevor Saunders
4c97f6dff8 bug 1058925 - don't convert nullptr to bool in ClientAuthServer.cpp r=keeler 2014-08-27 19:12:22 -04:00
Wan-Teh Chang
a2f4afbe0b Bug 1036735: Update NSS to NSS 3.17.1 Beta 1. Also includes the fixes
for bug 1046718, bug 1050107, bug 1054625, bug 1057465, bug 1057476.
2014-08-27 15:42:41 -07:00
Monica Chew
cbe70c240d Bug 1004781: Enable pinning in test mode for facebook (r=cviecco) 2014-08-27 14:18:25 -07:00
Jed Davis
6315518788 Bug 1041886 - Fix no-opt-only build bustage caused by mozilla::unused. r=glandium
See also bug 1059038.
2014-08-26 19:23:44 -07:00
Jed Davis
6746bb3d35 Bug 1054616 - Clean up logging-related shims for Linux sandboxing. r=kang 2014-08-26 13:54:16 -07:00
Jed Davis
773d03d0d7 Bug 1041886 - Separate Linux sandbox code into its own shared library. r=kang r=glandium
This creates libmozsandbox.so on builds that use sandboxing
(MOZ_CONTENT_SANDBOX or MOZ_GMP_SANDBOX).

The unavoidably libxul-dependent parts, for invoking the crash reporter
and printing the JS context, are separated into glue/SandboxCrash.cpp
and invoked via a callback.
2014-08-26 13:54:09 -07:00
Jed Davis
dcfa9f6e79 Bug 1041886 - Break out Linux sandbox logging into its own header. r=kang 2014-08-26 13:54:03 -07:00
Cykesiopka
730b1ae20e Bug 1052529 - Add missing l10n strings for mozilla::pkix errors. r=keeler 2014-08-26 00:03:00 +02:00
Steven Michaud
a17eb6d1fd Bug 1056936 - Specify full path to plugin-container in sandbox rules. r=rjesup 2014-08-25 15:01:04 -05:00
Birunthan Mohanathas
57751773f4 Bug 1045801 - Rename SafeCast to AssertedCast. r=Waldo 2014-08-25 12:17:32 -07:00
David Keeler
6bf06cece4 bug 1034124 - allow overrides when a CA cert is used as an end-entity cert r=briansmith 2014-08-22 12:07:08 -07:00
David Keeler
a9d997ad48 bug 1009161 - mozilla::pkix: allow the Netscape certificate type extension if more standardized information is present r=briansmith 2014-08-25 09:25:36 -07:00
Ryan VanderMeulen
f1e20fb689 Merge inbound to m-c. a=merge
CLOSED TREE
2014-08-25 11:49:37 -04:00
ffxbld
234fff2b04 No bug, Automated HPKP preload list update from host bld-linux64-spot-317 - a=hpkp-update 2014-08-23 03:29:03 -07:00
ffxbld
b0c0b3d30b No bug, Automated HSTS preload list update from host bld-linux64-spot-317 - a=hsts-update 2014-08-23 03:29:01 -07:00
Wes Kocher
02017e20ed Merge inbound to m-c a=merge 2014-08-22 16:47:32 -07:00
Marco Castelluccio
0dad3f2334 Bug 1042006 - Replace reviewers-dev certificate. r=fabrice
--HG--
extra : rebase_source : 517822e6712853c4e0d5ce664e0d60b980382c3b
2014-08-21 00:12:00 -04:00
David Keeler
8be74b716b bug 1049095 - re-verify joinee certificate with joining hostname when joining connections r=briansmith r=mcmanus r=cviecco r=mmc r=rbarnes 2014-08-21 10:37:23 -07:00
Trevor Saunders
86b7aff8fc bug 1047696 - mark a number of classes MOZ_FINAL to get compilers to devirtualize more r=froydnj 2014-08-05 13:33:55 -04:00
Camilo Viecco
bc4c9ba169 Bug 1047177 - Treat v4 certs as v3 certs. Tests (2/2). r=keeler.
--HG--
extra : rebase_source : 58be8a1ac652636fea80e83fc8eae2b7092c6edd
2014-08-21 14:49:00 -07:00
Camilo Viecco
ae0bde15f8 Bug 1047177 - Treat v4 certs as v3 certs (1/2). r=keeler.
--HG--
extra : rebase_source : 4cfb69672aa54274bb4ee850f23f0bbbe8e9e49f
2014-08-21 14:47:25 -07:00
Masatoshi Kimura
1ee4b71e83 Bug 1055541 - Fix build failure on VS2013 with --enable-warnings-as-errors due to Warning C4996. r=ehsan 2014-08-20 04:09:03 +09:00
Patrick McManus
68e306f335 bug 1050063 - consider tls client hello version in alpn/npn offer list r=hurley r=keeler 2014-08-15 09:39:53 -04:00
Wes Kocher
82c268ae0c Merge m-c to inbound a=merge 2014-08-22 17:05:17 -07:00
Olli Pettay
1f448a88c4 Bug 314095 - Eliminate nsIContent::GetDocument, r=jst
--HG--
extra : rebase_source : dd8f690940825b298a478b65b68a57418a9962ff
2014-08-22 23:11:27 +03:00
David Keeler
db3cc3cf7c bug 1057128 - add --clobber to generate_certs.sh, disabled by default (don't unnecessarily regenerate all certificates) r=rbarnes DONTBUILD because NPOTB 2014-08-22 10:25:46 -07:00
Chris Peterson
ed9323def1 Bug 1052033 - Fix warnings in security/sandbox and mark as FAIL_ON_WARNINGS. r=smichaud 2014-08-09 14:25:24 -07:00
Ryan VanderMeulen
e19d99af2b Merge inbound to m-c. a=merge 2014-08-16 17:42:29 -04:00
ffxbld
b8a6b94d74 No bug, Automated HPKP preload list update from host bld-linux64-spot-329 - a=hpkp-update 2014-08-16 03:15:25 -07:00
ffxbld
af81bc1b87 No bug, Automated HSTS preload list update from host bld-linux64-spot-329 - a=hsts-update 2014-08-16 03:15:23 -07:00
Garrett Robinson
97ee67c6a9 Bug 1029155 - Tests for storing failed certificate chains r=keeler 2014-08-15 11:27:31 -07:00
Garrett Robinson
9b2820621f Bug 1029155 - Store peer certificate chain from failed connections on TransportSecurityInfo r=keeler 2014-08-15 11:27:22 -07:00
Brian Smith
cddd69bfac Bug 1053627, Part 2: Use MOZILLA_PKIX_ARRAY_LENGTH instead of PR_ARRAY_SIZE, r=keeler
--HG--
extra : rebase_source : b9ae99d93921cb2f3a8f4395e9240389752fd2de
2014-08-13 21:01:35 -07:00
Brian Smith
8de872d8fb Bug 1053627, Part 1: use sizeof instead of PR_ARRAY_SIZE for byte arrays, r=keeler
--HG--
extra : rebase_source : a01364ed6b64800142f18d3d350f50ca178ea4bb
2014-08-04 19:21:52 -07:00
Brian Smith
06d48f587c Bug 1053621: Stop using PR_NOT_REACHED in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : b70a3ca2f3dade0439cf902bf4042716e7d1bbd3
2014-08-04 19:19:29 -07:00
Brian Smith
3c6b23c907 Bug 1053620: Replaces uses of PR_Abort with std::abort in mozilla::pkix, r=keeler
--HG--
extra : rebase_source : 2e1f3eec5305e89bfa28fbda856b4e36515a2819
2014-08-04 19:12:34 -07:00
Brian Smith
a88a48f1d9 Bug 1053617: Reduce scope of DER encoding debugging logic to the file it is used in, r=keeler
--HG--
extra : rebase_source : c22f7e96dfdd1997626769ac03c6d189321eec1a
2014-08-04 19:07:26 -07:00
Brian Smith
dff4bec65a Bug 1053616: Remove uses of PR_SetError from mozilla::pkix tests, r=keeler
--HG--
extra : rebase_source : 1fc7ce9ab400c39e3c4afb68940be93cc2a0b848
2014-08-13 17:50:42 -07:00
Cykesiopka
6a3e20c777 Bug 1052257 - Add and use error code specific to inadequate key sizes. r=keeler 2014-08-12 22:24:00 -04:00
Jed Davis
212cc5b860 No bug - Add trailing newlines for non-Android Linux sandbox logging. r=kang
--HG--
extra : rebase_source : c0e936b62289c0e5eecad41fce9afac881fe4667
2014-08-14 15:39:14 -07:00
David Keeler
843f8bbee8 bug 1030963 - remove non-standard window.crypto functions/properties r=jst r=briansmith r=glandium 2014-08-14 09:38:42 -07:00
Brian Smith
216d7d38fa Bug 1048642, Part 3: Remove SECStatus GTest utilities, r=cviecco
--HG--
extra : rebase_source : f77202ad8d271604d7620cc5f704a51338c356ab
2014-08-03 22:45:05 -07:00
Brian Smith
ea4ed53367 Bug 1048642, Part 2: Change GenerateKeyPair return type from SECStatus to Result, r=cviecco
--HG--
extra : rebase_source : 652277e952d224175ea57d4509124ff8180440cb
2014-08-04 10:59:21 -07:00
Brian Smith
d5d44c4e2a Bug 1048642, Part 1: Change TamperOnce return type from SECStatus to Result, r=cviecco
--HG--
extra : rebase_source : 1d2e8014153d8bfc6f9008dd9b6b9e4d5ac5dcb7
2014-08-03 22:49:10 -07:00
Kai Engert
c5e02a5354 Bug 1049006 - Update Mozilla 33 to use NSS 3.17 final and NSPR 4.10.7 final, r=wtc 2014-08-13 21:47:00 +02:00
Jed Davis
66d1734f54 Bug 1043733 - Require sandboxing to load Gecko Media Plugins on Linux. r=jesup r=kang
Also refactors how sandbox support and disabling are handled, and allows
simulating a lack of sandbox support with an env var (for testing
without rebuilding a kernel).
2014-08-12 21:28:27 -07:00