wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
282,795 Commits 1 Branch 166 Tags 1.2 GiB
5e22931312
Commit Graph

3648 Commits

Author SHA1 Message Date
Wes Kocher
516e0cdbdd Merge b2ginbound to central, a=merge 2015-10-21 16:37:24 -07:00
Wes Kocher
090abdc172 Merge inbound to m-c a=merge 2015-10-21 16:28:43 -07:00
J. Ryan Stinnett
dbeb16c503 Bug 1203159 - Clean up various tests after DevTools resource move. r=me 2015-10-21 14:18:29 -05:00
Jonathan Hao
9dadf6f4d5 Bug 1178448 - Use imported CA in developer mode. r=keeler,valentin 2015-10-08 17:08:45 +08:00
Masatoshi Kimura
feaeaef06b Bug 1215795 - Fix documentation in nsIWeakCryptoOverride.idl. r=keeler IGNORE IDL 2015-10-20 20:29:56 +09:00
Carsten "Tomcat" Book
00b24aca4f Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures 2015-10-20 12:40:18 +02:00
Kai Engert
20b6f96b4b Bug 1215200, NSPR_4_10_10_RTM and NSS 3_20_1_RTM, bump version requirements, r=keeler 2015-10-20 12:34:15 +02:00
Cykesiopka
41072e613f Bug 1215779 - Remove broken (non-EC) DSA keygen code. r=keeler 2015-10-19 22:54:00 +02:00
Cykesiopka
149314ced9 Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=dkeeler 2015-10-17 09:04:43 -07:00
Bob Owen
c6470dda80 Bug 1187031: Move back to using USER_LOCKDOWN for the GMP sandbox policy on Windows. r=aklotz 
This also removes turning off optimization for the Load function. That was an
attempt to fix the side-by-side loading. It may also have helped with ensuring
that the memsets were not optimized, but that has been fixed by Bug 1208892.
 2015-10-21 08:46:57 +01:00
Nathan Froyd
9c5965b035 Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat 
The bulk of this commit was generated with a script, executed at the top
level of a typical source code checkout.  The only non-machine-generated
part was modifying MFBT's moz.build to reflect the new naming.

CLOSED TREE makes big refactorings like this a piece of cake.

 # The main substitution.
find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
    xargs perl -p -i -e '
 s/nsRefPtr\.h/RefPtr\.h/g; # handle includes
 s/nsRefPtr ?</RefPtr</g;   # handle declarations and variables
'

 # Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h.
perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h

 # Handle nsRefPtr.h itself, a couple places that define constructors
 # from nsRefPtr, and code generators specially.  We do this here, rather
 # than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename
 # things like nsRefPtrHashtable.
perl -p -i -e 's/nsRefPtr/RefPtr/g' \
     mfbt/nsRefPtr.h \
     xpcom/glue/nsCOMPtr.h \
     xpcom/base/OwningNonNull.h \
     ipc/ipdl/ipdl/lower.py \
     ipc/ipdl/ipdl/builtin.py \
     dom/bindings/Codegen.py \
     python/lldbutils/lldbutils/utils.py

 # In our indiscriminate substitution above, we renamed
 # nsRefPtrGetterAddRefs, the class behind getter_AddRefs.  Fix that up.
find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \
    xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g'

if [ -d .git ]; then
    git mv mfbt/nsRefPtr.h mfbt/RefPtr.h
else
    hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h
fi
 2015-10-18 01:24:48 -04:00
Nathan Froyd
e504437747 Bug 1207245 - part 3 - switch all uses of mozilla::RefPtr<T> to nsRefPtr<T>; r=ehsan 
This commit was generated using the following script, executed at the
top level of a typical source code checkout.

 # Don't modify select files in mfbt/ because it's not worth trying to
 # tease out the dependencies currently.
 #
 # Don't modify anything in media/gmp-clearkey/0.1/ because those files
 # use their own RefPtr, defined in their own RefCounted.h.
find . -name '*.cpp' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \
    grep -v 'mfbt/RefPtr.h' | \
    grep -v 'mfbt/nsRefPtr.h' | \
    grep -v 'mfbt/RefCounted.h' | \
    grep -v 'media/gmp-clearkey/0.1/' | \
    xargs perl -p -i -e '
 s/mozilla::RefPtr/nsRefPtr/g; # handle declarations in headers
 s/\bRefPtr</nsRefPtr</g; # handle local variables in functions
 s#mozilla/RefPtr.h#mozilla/nsRefPtr.h#; # handle #includes
 s#mfbt/RefPtr.h#mfbt/nsRefPtr.h#;       # handle strange #includes
'

 # |using mozilla::RefPtr;| is OK; |using nsRefPtr;| is invalid syntax.
find . -name '*.cpp' -o -name '*.mm' | xargs sed -i -e '/using nsRefPtr/d'

 # RefPtr.h used |byRef| for dealing with COM-style outparams.
 # nsRefPtr.h uses |getter_AddRefs|.
 # Fixup that mismatch.
find . -name '*.cpp' -o -name '*.h'| \
    xargs perl -p -i -e 's/byRef/getter_AddRefs/g'
 2015-10-18 00:40:10 -04:00
Phil Ringnalda
1d97342df5 Merge f-t to m-c, a=merge 2015-10-17 11:19:46 -07:00
Phil Ringnalda
54b2dc5b81 Merge m-i to m-c, a=merge 2015-10-17 10:16:55 -07:00
ffxbld
a19e38ff29 No bug, Automated HPKP preload list update from host bld-linux64-spot-1092 - a=hpkp-update 2015-10-17 04:10:53 -07:00
ffxbld
f5848220b0 No bug, Automated HSTS preload list update from host bld-linux64-spot-1092 - a=hsts-update 2015-10-17 04:10:51 -07:00
Masatoshi Kimura
6509ac65d1 Bug 1207137 - Set a security state flag when weak crypto override is needed. r=keeler 2015-10-17 09:38:30 +09:00
Kai Engert
865f1aa90c Bug 1215200, NSPR_4_10_10_RC1 and NSS_3_20_1_RC0, r=dkeeler 2015-10-16 15:29:23 +02:00
David Keeler
506cd1968f bug 1215270 - remove some unused functions from nsNSSShutDown.h r=Cykesiopka 
nsNSSShutDownList::isUIActive() and areSSLSocketsActive() should probably have
been removed as part of bug 807757.
 2015-10-15 13:22:13 -07:00
Nigel Babu
922a2790a5 Backed out changeset b46b688e6295 (bug 1215200) for build bustage ON A CLOSED TREE 2015-10-16 11:52:10 +05:30
Kai Engert
bc14fd83b9 Bug 1215200, Upgrade to NSPR 4.10.10 and NSS 3.20.1, landing release candidate tags, r=dkeeler 2015-10-16 08:04:16 +02:00
Masatoshi Kimura
2308c75659 Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler 2015-10-15 05:48:27 +09:00
Carsten "Tomcat" Book
bf40254b76 Backed out changeset 66e3972e9150 (bug 1168635) 2015-10-14 16:28:41 +02:00
Masatoshi Kimura
c96c2617a7 Bug 1168635 - Add an XPCOM interface to allow RC4. r=keeler 2015-10-14 21:12:35 +09:00
David Keeler
367b8482e8 bug 1209695 - fold mochitest test_bug413909.html into xpcshell test_cert_overrides.js r=mgoodwin 
test_bug413909.html doesn't need to be a mochitest. Furthermore,
test_cert_overrides.js tests a lot of the same functionality.
This just moves the unique parts from the old test to a new home
in the xpcshell test (to be specific, some IDN handling and that
"port" -1 is the same as port 443).
 2015-09-29 13:24:19 -07:00
Carsten "Tomcat" Book
1d088dfba7 Merge m-c to mozilla-inbound 2015-10-12 11:58:46 +02:00
Carsten "Tomcat" Book
5d6145c365 merge mozilla-inbound to mozilla-central a=merge 2015-10-12 11:57:06 +02:00
ffxbld
d3b976614d No bug, Automated HPKP preload list update from host bld-linux64-spot-138 - a=hpkp-update 2015-10-10 03:46:02 -07:00
ffxbld
5175e7348e No bug, Automated HSTS preload list update from host bld-linux64-spot-138 - a=hsts-update 2015-10-10 03:46:00 -07:00
Hiroyuki Ikezoe
a757de6641 Bug 1167627 - Part 6: Use mozinfo in security/. r=dkeeler 2015-10-11 21:49:00 +02:00
Ehsan Akhgari
c16570c28d Bug 1213151 - Part 2: Use SpecialPowers.cleanUpSTSData() in a few tests; r=jdm 2015-10-09 10:56:19 -04:00
Jed Davis
c4b5dfb005 Bug 1201935 - Allow reading from TmpD in OS X content processes. r=smichaud 2015-10-07 13:41:00 +02:00
Cykesiopka
c5c4162b83 Bug 1205962 - Address some pylint complaints about pycert.py and pykey.py, r=keeler 
Also adds more uses of enumerate() to simplify code.
 2015-10-05 23:24:14 -07:00
Jed Davis
14f7b5c225 Bug 930258 - Part 3: a file broker policy for the B2G emulator. r=kang 2015-10-07 22:13:08 -07:00
Jed Davis
5fa4dce03c Bug 930258 - Part 2: seccomp-bpf integration. r=kang 2015-10-07 22:13:08 -07:00
Jed Davis
db019f1bf5 Bug 930258 - Part 1: The file broker, and unit tests for it. r=kang f=froydnj 2015-10-07 22:13:08 -07:00
David Keeler
d77b7d5ba3 bug 975763 - move test_certificate_overrides.html to test_cert_override_bits_mismatches.js r=mgoodwin 
test_certificate_overrides.html didn't need to be a mochitest.
 2015-09-29 12:39:54 -07:00
Carsten "Tomcat" Book
9f1c0bf17d Backed out 2 changesets (bug 1202902) to recking bug 1202902 to be able to reopen inbound on a CLOSED TREE 
Backed out changeset 647025383676 (bug 1202902)
Backed out changeset d70c7fe532c6 (bug 1202902)
 2015-10-07 14:03:21 +02:00
Carsten "Tomcat" Book
9eaa0d1abc Backed out 1 changesets (bug 1202902) for causing merge conflicts to mozilla-central 
Backed out changeset cfc1820361f5 (bug 1202902)
 2015-10-07 12:13:45 +02:00
Shu-yu Guo
53a85861c1 Bug 1202902 - Scripted fix the world. 2015-10-06 14:00:31 -07:00
Ben Kelly
39ac893e51 Bug 1210941 P10 Use LOAD_BYPASS_SERVICE_WORKER in nsNSSCallbacks. r=ehsan 2015-10-06 06:37:07 -07:00
Kate McKinley
7014f86655 Bug 1191414 - gather telemetry on usage of <keygen>. r=keeler,r=vladan 2015-09-22 09:52:58 -07:00
Wes Kocher
fa4394c0b9 Backed out changeset c288fb0952fb (bug 1211568) for build bustage CLOSED TREE 2015-10-05 15:56:08 -07:00
Kai Engert
36d5d94c83 Bug 1211568 - Upgrade Firefox 44 to NSS 3.21, landing NSS_3_21_Beta2, r=mt 2015-10-05 22:42:28 +02:00
Jed Davis
fb0049dedc Bug 1207401 - Send B2G sandbox logging to both stderr and logcat. r=kang 2015-10-05 09:21:39 -07:00
Bob Owen
149742a926 Bug 1207972: Move to using USER_INTERACTIVE and JOB_INTERACTIVE by default for the Windows content sandbox. r=tabraldes 2015-10-05 11:10:46 +01:00
Nicholas Nethercote
434138fa6d Bug 1209351 (part 5) - Optimize nsTHashTable::RemoveEntry() usage in security/. r=keeler. 2015-09-24 20:44:31 -07:00
Phil Ringnalda
da0936bb5f Merge m-i to m-c, a=merge 2015-10-03 15:37:39 -07:00
ffxbld
dc83241385 No bug, Automated HPKP preload list update from host bld-linux64-spot-410 - a=hpkp-update 2015-10-03 03:44:51 -07:00
ffxbld
d939f15e9a No bug, Automated HSTS preload list update from host bld-linux64-spot-410 - a=hsts-update 2015-10-03 03:44:49 -07:00
David Keeler
c7fac22d4c bug 1205767 - prevent memory leak when generating an EC key with <keygen> r=ttaubert 2015-09-17 14:57:24 -07:00
Tooru Fujisawa
6ed8e81abc Bug 1207499 - Part 8: Remove use of expression closure from security/. r=keeler 2015-09-23 18:42:19 +09:00
Kaspar Brand
84007f05ef Bug 278689 - Multiple Certificates with the same subject are not shown in the digital signature select cert combo (only one is shown) r=dkeeler 2015-09-05 07:52:00 +02:00
David Keeler
6b687ec14b bug 1187994 - remove unused file CryptoUtil.h r=jcj 
This probably should have been removed as part of bug 891066.
 2015-07-27 09:56:14 -07:00
David Keeler
9b8ef98274 bug 1203312 - split tlsserver certificates into ocsp_certs and bad_certs r=mgoodwin 
The B2G emulators apparently take ~5 minutes to read 50 certificates into
memory, which causes intermittent test timeouts. This is an attempt to
reduce the number of certificates needed to be read at any given time.
 2015-09-22 17:03:15 -07:00
David Keeler
9ef70f3b6f bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-24 15:53:07 -07:00
ffxbld
31dcb7460f No bug, Automated HPKP preload list update from host bld-linux64-spot-363 - a=hpkp-update 2015-09-26 03:40:59 -07:00
ffxbld
d0d75fd31d No bug, Automated HSTS preload list update from host bld-linux64-spot-363 - a=hsts-update 2015-09-26 03:40:57 -07:00
Jonathan Hao
2f6735a7c4 Bug 1178518 - Add an AppTrustedRoot for signed packaged app. r=keeler 2015-09-07 15:28:21 +08:00
ffxbld
eb2bb96364 No bug, Automated HPKP preload list update from host bld-linux64-spot-560 - a=hpkp-update 2015-09-19 03:46:51 -07:00
ffxbld
14311b7985 No bug, Automated HSTS preload list update from host bld-linux64-spot-560 - a=hsts-update 2015-09-19 03:46:49 -07:00
Wes Kocher
0d0a8a55a8 Backed out changeset a08287c70962 (bug 1203312) for b2g xpcshell failures 2015-09-18 12:53:24 -07:00
David Keeler
e2328c01f5 bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-24 15:53:07 -07:00
Kate McKinley
b1eba1c35b Bug 1196039 - Telemetry for certificate lifetime. r=rbarnes,vladan 2015-09-17 10:04:52 -07:00
Nicholas Nethercote
248f611da3 Bug 1201135 - Rename pldhash.{h,cpp} to PLDHashTable.{h,cpp}. r=mccr8. 2015-09-15 20:49:53 -07:00
Ehsan Akhgari
63b25b683a Bug 1205302 - Disallow intercepting OCSP requests; r=jdm 2015-09-16 19:15:32 -04:00
Nicholas Nethercote
f71059bd78 Bug 1121760 (part 6) - Move all remaining PL_DHash*() functions into PLDHashTable. r=poiru. 2015-09-14 14:23:47 -07:00
Nicholas Nethercote
4dafae0e81 Bug 1121760 (part 3) - Remove PL_DHashTableRemove(). r=poiru. 2015-09-14 14:23:24 -07:00
Nicholas Nethercote
6f753fbb80 Bug 1121760 (part 2) - Remove PL_DHashTableAdd(). r=poiru. 2015-09-14 14:23:12 -07:00
Nicholas Nethercote
e600d6de49 Bug 1121760 (part 1) - Remove PL_DHashTableSearch(). r=poiru. 2015-05-21 00:34:25 -07:00
Shu-yu Guo
d8faa01cea Bug 1202902 - Mass replace toplevel 'let' with 'var' in preparation for global lexical scope. (rs=jorendorff) 2015-09-15 11:19:45 -07:00
Cykesiopka
819da2f9d0 Bug 443811 - Use long date format for cert date output. r=keeler 2015-09-13 23:33:00 +02:00
Richard Barnes
8824811399 Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler 2015-09-11 14:52:30 -04:00
ffxbld
9a77a9ac48 No bug, Automated HPKP preload list update from host bld-linux64-spot-542 - a=hpkp-update 2015-09-12 03:39:46 -07:00
ffxbld
c1f042338f No bug, Automated HSTS preload list update from host bld-linux64-spot-542 - a=hsts-update 2015-09-12 03:39:44 -07:00
Steven Michaud
30cedd6943 Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir, tighten earlier patch. r=areinald 2015-09-10 15:32:42 -05:00
Mark Goodwin
73033140cf Bug 1016555 - Disable OCSP checking for certificates covered by OneCRL r=keeler 
1) Added some comments to firefox.js to explain the relationship between
extensions.blocklist.interval and security.onecrl.maximum_staleness_in_seconds
2) Modified default values in firefox.js and mobile.js to set maximum staleness
to 1.25x blocklist interval
3) modified the tests_ev_certs.js xpcshell test to cope with larger maximum
staleness values to address test failures
 2015-09-10 11:10:07 +01:00
Bob Owen
968f7dcb98 Bug 1200336: Apply fix for Chromium issue 482784 for sandbox bug when built with VS2015. r=tabraldes 2015-09-10 08:25:20 +01:00
Jed Davis
73e5925f9f Bug 1199481 - Complain more when entering sandboxing code as root. r=kang 2015-08-28 13:37:00 +02:00
Jed Davis
f1c44b5199 Bug 1199413 - Fix MOZ_DISABLE_GMP_SANDBOX so it disables all the sandboxing. r=kang 
Bonus fix: don't start the chroot helper unless we're going to use
it.  For this to matter, you'd need a system with unprivileged user
namespaces but no seccomp-bpf (or fake it with env vars) *and* to set
media.gmp.insecure.allow, so this is more to set a good example for
future changes to this code than for functional reasons.
 2015-08-28 12:18:00 +02:00
Nicholas Nethercote
58f8fe3be0 Bug 1202526 (part 5) - Use PLDHashTable::RemoveEntry() in nsSecureBrowserUIImpl. r=dkeeler. 
This avoids repeating the hash table search in order to remove the entry.
 2015-09-07 19:20:16 -07:00
Jacek Caban
64c1d0fa2c Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith 2015-09-09 14:16:59 +02:00
Bob Owen
9be572c24f Bug 1197943: Turn off MITIGATION_STRICT_HANDLE_CHECKS for NPAPI process sandbox for causing hangs. r=aklotz 2015-09-09 08:45:25 +01:00
Bob Owen
ba023432b7 Bug 1201438: Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy 2015-09-08 11:18:12 +01:00
ffxbld
864437b73f No bug, Automated HPKP preload list update from host bld-linux64-spot-1098 - a=hpkp-update 2015-09-05 03:41:54 -07:00
ffxbld
e3bf6d0091 No bug, Automated HSTS preload list update from host bld-linux64-spot-1098 - a=hsts-update 2015-09-05 03:41:52 -07:00
Steven Michaud
60cbef9756 Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir. r=areinald 2015-09-03 19:28:30 -05:00
David Keeler
3f8710ffab bug 1196853 - convert test_cert_signatures.js to generate certificates at build time r=jcj 
Also add additional testcases that weren't in the original test (tampered
signatures had been tested, but tampered certificates hadn't been covered).
 2015-08-19 15:59:49 -07:00
ffxbld
f258dabcf6 No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update 2015-09-03 13:59:53 -07:00
ffxbld
341ad958a2 No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update 2015-09-03 13:59:50 -07:00
Masatoshi Kimura
f260637c16 Bug 1201024 - Disable unrestricted RC4 fallback and add RC4-only servers to the fallback whitelist. r=cykesiopka 2015-09-03 21:50:52 +09:00
Nick Thomas
92f8a729b5 Bug 1197607, Automated hsts & hpkp updates are failing on mozilla-central, mozilla-aurora, mozilla-esr38, r=cykesiopka 2015-09-03 22:07:42 +12:00
Masatoshi Kimura
a426c031e5 Bug 1195789 - Update fallback whitelist. r=cykesiopka 2015-09-02 00:44:04 +09:00
Nicholas Nethercote
10d95cca57 Bug 1198334 (part 1) - Replace the opt-in FAIL_ON_WARNINGS with the opt-out ALLOW_COMPILER_WARNINGS. r=glandium. 
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
 2015-08-27 20:44:53 -07:00
Ryan VanderMeulen
6108c33859 Backed out changeset 982be1bbebdf (bug 1199624) for Windows bustage. 2015-08-30 17:09:09 -04:00
Jacek Caban
9bcc1d3f00 Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith 2015-08-29 07:59:00 -04:00
Cykesiopka
49c1e300ef Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. r=keeler 2015-08-24 22:53:42 -07:00
Makoto Kato
ecd6727eab Bug 1196403 - Apply crbug/522201 to support Windows 10 build 10525. r=bobowen 2015-08-25 19:21:08 +09:00
Xidorn Quan
4ccdd6c2ca Bug 1188468 - Allow script to force updating a generated file even if the file is actually not changed. r=gps 2015-08-25 10:07:43 +10:00
David Keeler
532e32633c bug 1194013 - convert test_name_constraints.js to generate certificates at build time r=Cykesiopka,mgoodwin 2015-08-11 16:40:38 -07:00
Ryan VanderMeulen
a7890c1d6f Merge inbound to m-c. a=merge 2015-08-23 17:18:36 -04:00
Fabrice Desré
21c4e1bceb Bug 1196988 - Remove THA support. r=gwagner 2015-08-21 10:00:54 -07:00
Jonathan Griffin
411013ed53 Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester 2015-08-18 11:26:14 -07:00
Kai Engert
e2dccd155b Bug 1194135, set NSS version to final 3.20 tag, no code change, DONTBUILD 2015-08-19 18:41:53 +02:00
Wes Kocher
878dfeff75 Backed out changeset 688775a8227f (bug 1136892) for mass bustage prompting a CLOSED TREE 2015-08-18 11:58:05 -07:00
Christoph Kerschbaumer
eaa13b8628 Bug 1195606 - Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking) 2015-08-18 09:54:09 -07:00
Mark Goodwin
ad85d9ff0a Bug 1153444 - Fix up Key Pinning Telemetry (r=keeler) 2015-08-21 15:14:08 +01:00
Mike Hommey
dbd56c6b19 Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith 2015-08-21 15:27:22 +09:00
Mike Hommey
7993f5c59b Backout changesets af1b36497559 and 1d52ab626597 (bug 1189891) for pkix bustage 2015-08-21 15:05:38 +09:00
Mike Hommey
cedfc6a289 Bug 1189891 - Avoid including <cstring> from pkix/Input.h. r=bsmith 2015-08-21 14:29:19 +09:00
Ben Hearsum
18aa36116c bug 1116409: switch update server to sha2 cert; update in-tree pinning. r=rstrong,snorp,mfinkle,dkeeler 2015-08-20 17:50:51 -04:00
Cykesiopka
35e8cd70ba Bug 1195615 - Log a web console warning when a HPKP header is ignored due to a non-built in root cert. r=keeler 2015-08-20 14:33:29 -07:00
Jonathan Griffin
070361dd89 Bug 1136892 - Create an xpcshell-addons tag for running addon-specific xpcshell tests, r=chmanchester 2015-08-18 11:26:14 -07:00
Arnaud Bienner
d99c4429a7 Bug 1190086 - Use new String::Contains(char) method more widely r=froydnj 2015-08-14 00:49:15 +02:00
David Keeler
4e8ed8ea72 bug 1190603 - rename prime256v1 to secp256r1 in test_keysize.js to reduce confusion r=Cykesiopka 
OpenSSL refers to the curve in question as 'prime256v1', but rfc 5480,
mozilla::pkix, and the test framework refer to it as secp256r1, so we
should be consistent.
 2015-08-05 13:39:11 -07:00
David Keeler
0277e3473a bug 1190603 - convert test_keysize.js to generate certificates at build time r=Cykesiopka 2015-08-03 17:02:58 -07:00
Aryeh Gregor
ade09cc060 Bug 1193298 - Part 2: Use .get() to convert from RefPtr to raw pointer. r=froydnj 2015-08-11 06:45:00 -04:00
Jed Davis
f1b06fa82d Bug 1004011 - Support SECCOMP_FILTER_FLAG_TSYNC if available. r=kang 2015-08-11 16:30:00 -04:00
Tanvi Vyas
2579bcdd22 Bug 1182551 - Updating nsSecureBrowserUIImpl so that insecure pages with mixed content iframes don't get marked as broken. r=keeler 2015-08-13 17:13:48 -07:00
Kai Engert
e836e00cc1 Bug 1194135, Update Mozilla to NSS 3.20, r=mt 2015-08-13 11:31:23 +02:00
Nathan Froyd
73b79d2955 Bug 1193021 - clean up reference-counting in security/; r=keeler 2015-07-01 13:10:53 -04:00
David Keeler
47e3233d86 bug 1190532 - change default key specification from implicit to explicit in pycert.py r=Cykesiopka 
Previously using an empty string would result in pycert.py returning the
default shared RSA key. This resulted in empty keyspec files being added
to the tree, which was confusing. This should end the confusion by making
the key specification process explicit rather than implicit.
 2015-08-06 11:35:40 -07:00
David Keeler
eca74d5823 bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin 2015-07-30 10:20:52 -07:00
Kai Engert
0337cdec67 Bug 1190794, land final NSS_3_19_3_RTM tag, no code change, DONTBUILD 2015-08-07 20:19:06 +02:00
Makoto Kato
181db2c563 Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler 2015-08-07 13:41:49 +09:00
Cykesiopka
580d488671 Bug 1164609 - Remove EV treatment for expired Buypass Class 3 CA 1 root certificate. r=keeler 2015-08-07 00:21:00 +02:00
Carsten "Tomcat" Book
ba06f030c1 Backed out changeset 9618f92995ab (bug 1166323) for linux x64 test bustage on a CLOSED TREE 2015-08-07 07:24:40 +02:00
Makoto Kato
8d6953bc01 Bug 1166323 - Fix unexpcetd changed on previous landed. r=dkeeler 2015-08-07 13:41:49 +09:00
Carsten "Tomcat" Book
cd95acc091 Backed out 2 changesets (bug 1016555, bug 1189427) for making Android 4.3 API11+ debug X3 perma fail in test_ev_certs.js 
Backed out changeset ebd4e3880403 (bug 1189427)
Backed out changeset 331e489c7534 (bug 1016555)
 2015-08-06 11:51:27 +02:00
Cykesiopka
eb30e6e4e1 Bug 1124649 - Part 1 - Add specific error messages for various types of STS and PKP header failures. r=keeler,hurley 2015-08-05 07:51:00 +02:00
David Keeler
42db57ddd0 bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin 2015-07-30 10:20:52 -07:00
Birunthan Mohanathas
9b6236a10a Bug 1191100 - Remove XPIDL signature comments in .cpp files. r=ehsan 
Comment-only so DONTBUILD.
 2015-08-04 16:17:36 -07:00
Kai Engert
eff4fc7c12 Bug 1190794, Update to NSS 3.19.3 to pick up ca-certificates v 2.5, landing NSS_3_19_3_RC0, r=kwilson 2015-08-04 22:37:05 +02:00
David Keeler
9db6074701 bug 1188100 - fold PSM's test_client_cert.js into necko's test_tls_server.js r=mcmanus 2015-07-29 14:27:54 -07:00
Carsten "Tomcat" Book
49f2789e77 Merge mozilla-central to mozilla-inbound 2015-08-03 15:45:57 +02:00
Carsten "Tomcat" Book
e016c33f6e merge mozilla-inbound to mozilla-central a=merge 2015-08-03 13:56:39 +02:00
Makoto Kato
e92450872e Bug 830801 - Part 2. Remove NOMINMAX define from moz.build. r=mshal 2015-08-03 10:07:09 +09:00
ffxbld
250a2cff29 No bug, Automated HPKP preload list update from host bld-linux64-spot-317 - a=hpkp-update 2015-08-01 03:34:19 -07:00
ffxbld
4d748c510a No bug, Automated HSTS preload list update from host bld-linux64-spot-317 - a=hsts-update 2015-08-01 03:34:17 -07:00
ffxbld
a7aba8d86a No bug, Automated HPKP preload list update from host bld-linux64-spot-010 - a=hpkp-update 2015-07-30 13:51:28 -07:00
ffxbld
b8f6c15369 No bug, Automated HSTS preload list update from host bld-linux64-spot-010 - a=hsts-update 2015-07-30 13:51:26 -07:00
Cykesiopka
e365bb83c0 Bug 1189166 - Cleanup some PSM test generation files post Bug 1181823. r=dkeeler 2015-07-29 23:56:33 -07:00
Bob Owen
f9cb6a4fda Bug 1171796: Add sandbox rule for child process NSPR log file on Windows. r=bbondy 
This also moves the initialization of the sandbox TargetServices to earlier in
plugin-container.cpp content_process_main, because it needs to happen before
xul.dll loads.
 2015-07-30 10:04:42 +01:00
David Keeler
77182daa23 bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r=Cykesiopka r=mgoodwin 2015-06-17 16:02:08 -07:00
Bobby Holley
106e778c81 Bug 1188696 - Hoist nsRefPtr.h into MFBT. r=froydnj 2015-07-29 10:44:59 -07:00
Douglas Bagnall
5c0b4667d0 Bug 1046421 - Do not disclose the system hostname via NTLM handler. r=honzab 
The hostname here is matched on the AD DC to the userWorkstations
attribute, however this is on a total trust basis in terms of what the
client specifies here.

The impact of this patch is that a user who is restricted by this
attribute to log on to only certain (Windows, in reality)
workstations, may not be able to perform a manual NTLM logon to an
intranet site, unless they set network.generic-ntlm-auth.workstation
to the name of their workstation (actually, any host in that list).

The default value is set to WORKSTATION.

This patch was originally written by Andrew Bartlett, and modified by
Douglas Bagnall following review feedback from Honza Bambas and Tim
Brown.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2015-07-24 13:36:11 +12:00
David Keeler
7c2fefeaff bug 1187029 - convert test_bug480509.html to an xpcshell test r=jcj 2015-07-23 13:31:45 -07:00
Steven Michaud
48cca4b17d Bug 1175881 - about:sync-log can't read files on OS X with e10s on and content process sandbox enabled. r=areinald 2015-07-28 12:09:34 -05:00
David Keeler
93e401cbb4 bug 1179660 - define 'now' as the first second of the current year for pycert r=Cykesiopka 
This is to avoid a dependency on the buildid so we don't have to
regenerate all of the test certificate with every ./mach build.
This can cause problems very near midnight on New Year's Eve.
If this happens, kick off a new build and get back to the party.
 2015-07-15 16:20:54 -07:00
Xidorn Quan
3c16d312d0 Bug 1187173 - Disable warning C4623 on security/certverifier. r=briansmith 2015-07-24 13:38:12 +10:00
Jed Davis
e59798bc11 Bug 1186709 - Remove MOZ_IMPLICIT from security/sandbox/chromium. r=bobowen 2015-07-23 08:28:00 -04:00
Jed Davis
dc4e9622a9 Bug 1157864 - Record chromium patch applied in previous commit. r=me 2015-07-22 15:48:49 -07:00
Felix Janda
cb817362ed Bug 1157864 - chromium sandbox: Fix compilation for systems without <sys/cdefs.h>. r=jld 2015-02-05 22:41:38 +01:00
Masatoshi Kimura
ae243a88cc Bug 1181562 - Update fallback whitelist. r=keeler 2015-07-22 20:35:26 +09:00
Nicholas Nethercote
4afee01f75 Bug 1182959 (part 5) - Use nsTHashtable::Iterator in nsCertOverrideService. r=honzab. 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
25f6039e81 Bug 1182959 (part 4) - Remove BlocklistSaveInfo. r=honzab. 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
459d99f3cd Bug 1182959 (part 3) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
7ab28d7df4 Bug 1182959 (part 2) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 2015-07-20 17:12:03 -07:00
Nicholas Nethercote
8964637d70 Bug 1182959 (part 1) - Use nsTHashtable::Iterator in CertBlockList. r=honzab. 2015-07-20 17:12:03 -07:00
Jed Davis
4f7c3a8066 Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=gdestuynder r=glandium 
This gives us a logging macro that's safe to use in async signal context
(cf. bug 1046210, where we needed this and didn't have it).

This patch also changes one of the format strings to work with
SafeSPrintf's format string dialect; upstream would probably take a
patch to handle those letters, but this is easier.
 2015-07-09 12:09:00 +02:00
Jed Davis
bad4183e1d Bug 1181704 - Import chromium SafeSPrintf. r=bobowen 
This also imports the unit tests but doesn't arrange to run them.
Including the tests in our xul-gtest is possible but not trivial: there
are logging dependencies, and they use a different #include path for
gtest.h (which we'd need to patch).

Upstream revision: df7cc6c04725630dd4460f29d858a77507343b24.
 2015-07-09 12:04:00 +02:00
David Keeler
7ac0d92807 bug 1178988 - GenerateOCSPResponse: load certs/keys in two phases r=Cykesiopka 
This was initially done to work around a readdir-related bug in the B2G ICS
emulator, but then it turned out that test_ocsp_url.js still fails in ways that
are unreproducible outside of mozilla-inbound on that platform, so it was
disabled (r=sworkman). It's still a good idea, though, to avoid any potential
future issues with readdir not being reentrant.
 2015-07-15 14:12:02 -07:00
David Keeler
359bd103d4 bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka 
Also enable loading of certificates and private keys into GenerateOCSPResponse
 2015-06-04 17:03:48 -07:00
David Keeler
893b8954ec bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin 2015-06-30 14:35:42 -07:00
Ryan VanderMeulen
2a13b2456b Merge m-c to inbound. a=merge 2015-07-19 22:38:28 -04:00
Benjamin Peterson
0dd708e3a8 no bug - fix typo and grammar in comment r=me DONTBUILD 2015-07-19 18:07:43 -07:00
ffxbld
c56f7fab6d No bug, Automated HPKP preload list update from host bld-linux64-spot-135 - a=hpkp-update 2015-07-18 03:35:51 -07:00
ffxbld
a53fa199eb No bug, Automated HSTS preload list update from host bld-linux64-spot-135 - a=hsts-update 2015-07-18 03:35:49 -07:00
Mark Goodwin
8b0c418e25 Bug 1183822 - Add an OCSP test for signers with SHA-1 certificates (r=keeler) 2015-07-17 17:07:50 +01:00
Mark Goodwin
2e80867ccc Bug 1183822 - fix OCSP verification failures (r=keeler) 
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
 2015-07-17 17:07:48 +01:00
Mark Goodwin
46b7226fea Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka) 2015-07-17 17:07:47 +01:00
Wes Kocher
6216b9587e Backed out 3 changesets (bug 1178988) for ocsp orange CLOSED TREE 
Backed out changeset 7fb6a9114916 (bug 1178988)
Backed out changeset 2700ec4adc3e (bug 1178988)
Backed out changeset 07b9c2331ac1 (bug 1178988)
 2015-07-17 17:49:46 -07:00
Mark Goodwin
10d4e93718 Backed out changeset ec1b5a7d05e9 (bug 1183065) 2015-07-17 10:37:00 +01:00
Mark Goodwin
adead3a8a3 Backed out changeset fb6cbb4ada54 (bug 1183822) 2015-07-17 10:36:58 +01:00
Mark Goodwin
57cd103b84 Backed out changeset f324dcfaab40 (bug 1183822) 2015-07-17 10:36:56 +01:00
Mark Goodwin
8605e4aed2 Bug 1183822 - Add an OCSP test for signers with SHA-1 certificates (r=keeler) 2015-07-17 10:04:17 +01:00
Mark Goodwin
80b97ddffc Bug 1183822 - fix OCSP verification failures (r=keeler) 
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible
signature digest algorithms. Calls to most other TrustDomain methods are passed
through to the owning NSSCertDBTrustDomain.
 2015-07-17 10:03:56 +01:00
Mark Goodwin
00edef09b4 Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka) 2015-07-17 10:03:21 +01:00
David Keeler
b27333093c bug 1178988 - work around PR_ReadDir bug on B2G ICS emulator by loading certs/keys in two phases r=Cykesiopka 2015-07-15 14:12:02 -07:00
David Keeler
e54426e7bc bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka 
Also enable loading of certificates and private keys into GenerateOCSPResponse
 2015-06-04 17:03:48 -07:00
David Keeler
998a66c12a bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin 2015-06-30 14:35:42 -07:00
Cykesiopka
a0279ce7ca Bug 1179678 - Add result strings to misc PSM xpcshell tests. r=keeler 2015-07-14 23:19:00 +02:00
Wes Kocher
3ce60d2f05 Backed out 2 changesets (bug 1181704) for static build bustage CLOSED TREE 
Backed out changeset fbf7aca43c3a (bug 1181704)
Backed out changeset 8864c0587ced (bug 1181704)
 2015-07-13 16:51:17 -07:00
Jed Davis
2f2012818b Bug 1181704 - Use chromium SafeSPrintf for sandbox logging. r=kang r=glandium 
This gives us a logging macro that's safe to use in async signal context
(cf. bug 1046210, where we needed this and didn't have it).

This patch also changes one of the format strings to work with
SafeSPrintf's format string dialect; upstream would probably take a
patch to handle those letters, but this is easier.
 2015-07-13 16:17:58 -07:00
Jed Davis
db8c6b5327 Bug 1181704 - Import chromium SafeSPrintf. r=bobowen 
This does not include the upstream unit tests.  Including the tests
in our xul-gtest is possible but not trivial: there are logging
dependencies, and they use a different #include path for gtest.h (which
we'd need to patch).

Upstream revision: df7cc6c04725630dd4460f29d858a77507343b24.
 2015-07-13 16:17:58 -07:00
Birunthan Mohanathas
e52329c788 Bug 1182996 - Fix and add missing namespace comments. rs=ehsan 
The bulk of this commit was generated by running:

  run-clang-tidy.py \
    -checks='-*,llvm-namespace-comment' \
    -header-filter=^/.../mozilla-central/.* \
    -fix
 2015-07-13 08:25:42 -07:00
Carsten "Tomcat" Book
108daa6a0d merge mozilla-inbound to mozilla-central a=merge 2015-07-13 11:51:14 +02:00
ffxbld
6a03db2cc6 No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update 2015-07-11 03:33:38 -07:00
ffxbld
5802404a13 No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update 2015-07-11 03:33:36 -07:00
David Keeler
2c108fdd54 bug 1181376 - convert test_bug480619.html to an xpcshell test r=mgoodwin 2015-07-07 16:09:56 -07:00
Geoff Brown
495b7cbfe1 Bug 1026290 - Update mochitest-chrome manifests for android; r=jgriffin 2015-07-10 14:41:59 -06:00
Mark Goodwin
2845785c4e Bug 1159155 - Add telemetry probe for SHA-1 usage - some tests (r=keeler) 2015-07-09 07:22:32 +01:00
Mark Goodwin
fc2d7be9e8 Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler) 2015-07-09 07:22:29 +01:00
Phil Ringnalda
e96bb3a6ed Back out 2 changesets (bug 1178988) for b2g emulator opt xpcshell failure in test_ocsp_url.js 
CLOSED TREE

Backed out changeset 2c5d5eb434b9 (bug 1178988)
Backed out changeset 936d991c4cbc (bug 1178988)
 2015-07-08 22:49:12 -07:00
David Keeler
9e073d55c1 bug 1178988 - convert test_ocsp_url to generate certificates at build time r=Cykesiopka 
Also enable loading of certificates and private keys into GenerateOCSPResponse
 2015-06-04 17:03:48 -07:00
David Keeler
4f197a5c27 bug 1178988 - refactor key-specific parts of pycert.py into pykey.py r=Cykesiopka,mgoodwin 2015-06-30 14:35:42 -07:00
Carsten "Tomcat" Book
1fcc543445 Merge mozilla-central to fx-team 2015-07-08 12:04:53 +02:00
Steven Englehardt
2d95563bab Bug 1153010 - Disambiguate error messages for mixed content and weak/broken cipher. r=keeler,tanvi,dolske 2015-07-08 09:04:11 +02:00
Nicholas Nethercote
24ab7bcdca Bug 1179071 - Merge RemovingIterator into Iterator. r=froydnj. 
The original motivation for the Iterator/RemovingIterator split was that
PLDHashTable Checker class would treat them differently. But that didn't end up
happening (see bug 1131308). So this patch merges them. This is a small code
size win now but it will become bigger when I add iterators to nsTHashTable and
nsBaseHashtable.

The only complication is that PLDHashTable::Iter() is now non-const, which is
a problem if you use it in a const method. So I added PLDHashTable::ConstIter()
which is used in just two places. It's a bit of a hack -- effectively a
const_cast -- but I don't think it's too bad.
 2015-07-06 22:02:26 -07:00
Dragana Damjanovic
c7fc0a288e Bug 905127 - Part 2 - remove unnecessary nsNetUtil.h includes r=jduell 2015-07-06 07:55:00 +02:00