wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
256,406 Commits 1 Branch 166 Tags 1.2 GiB
761e2d0120
Commit Graph

3367 Commits

Author SHA1 Message Date
Bob Owen
4eddb939fd Bug 1123759: Set low integrity on NPAPI processes for Windows sandboxing policy level >= 2. r=bbondy, r=bsmedberg 2015-05-22 17:05:45 +01:00
David Keeler
91a9bcaf77 bug 1166976 - generate some PSM xpcshell test certificates at build time r=Cykesiopka,mgoodwin,froydnj 2015-05-20 16:35:16 -07:00
Ryan VanderMeulen
c6c4e6486b Bug 1166031 - Update NSS to NSS_3_19_1_RTM. a=sledru 2015-05-28 14:14:52 -04:00
Nicholas Nethercote
0e7edc78fc Bug 1168007 (part 7) - Use PLDHashTable2 in nsCertTree. r=froydnj. 
It's possible that Clear() will be called on a table that hasn't had anything
inserted in it, but that's ok.
 2015-05-18 21:14:51 -07:00
Nicholas Nethercote
385887714d Bug 1168007 (part 6) - Use PLDHashTable2 in nsSecureBrowserUIImpl. r=froydnj. 2015-05-18 21:02:48 -07:00
Cykesiopka
5aa3c9df74 Bug 1168695 - Add result strings to PSM xpcshell HPKP tests. r=keeler 2015-05-28 02:26:00 +02:00
Cykesiopka
f21804994b Bug 1167254 - Convert test_bug234856.html mochitest to an xpcshell test. r=keeler 2015-05-28 02:22:00 +02:00
Makoto Kato
edc1420150 Bug 1166323 - Remove IME sequence number. r=masayuki,nchen 2015-05-28 13:51:40 +09:00
Birunthan Mohanathas
b71747de61 Bug 1164714 - Fix unified compilation bustage on Windows. r=me 
CLOSED TREE
 2015-05-27 19:37:09 -07:00
Birunthan Mohanathas
2e77719e3d Bug 1164714 - Move netwerk/base/nsISiteSecurityService.idl into security/manager/ssl. r=keeler,mcmanus 2015-05-26 10:31:30 -07:00
Birunthan Mohanathas
37d96edab0 Bug 1164714 - Move and flatten security/manager/boot/{public,src}/ into security/manager/ssl/. r=keeler 2015-05-26 10:31:25 -07:00
Birunthan Mohanathas
a7011ffde2 Bug 1164714 - Flatten security/manager/ssl/src/ directory. r=keeler 2015-05-26 10:31:23 -07:00
Birunthan Mohanathas
2befc8e59a Bug 1164714 - Flatten security/manager/ssl/public/ directory. r=keeler 2015-05-26 10:30:46 -07:00
Mike Hommey
2c863b9fe4 Bug 991983 - Define SOURCES as SourcePath. r=gps 2015-05-28 07:34:15 +09:00
Kaspar Brand
d8d1910516 Bug 1168048 - Avoid potential null-pointer dereferencing in nsNSSCertificateDB r=keeler 2015-05-27 14:12:26 -07:00
Cykesiopka
6cc0362091 Bug 1167866 - Add result strings to PSM test_cert* xpcshell tests. r=keeler 2015-05-23 19:57:32 -07:00
Phil Ringnalda
199f7ab4ef Merge m-i to m-c, a=merge 2015-05-23 13:31:21 -07:00
ffxbld
d0c500bd71 No bug, Automated HPKP preload list update from host bld-linux64-spot-023 - a=hpkp-update 2015-05-23 03:32:23 -07:00
ffxbld
4a12cdd4e2 No bug, Automated HSTS preload list update from host bld-linux64-spot-023 - a=hsts-update 2015-05-23 03:32:21 -07:00
Makoto Kato
d62075c412 Bug 958421 - XUL dialog for certificate is security/manager/pki/resouces is unnecessary on Firefox Android. r=snorp 2015-05-22 14:28:04 +09:00
Nathan Froyd
f61c010661 Bug 1160485 - remove implicit conversion from RefPtr<T> to TemporaryRef<T>; r=ehsan 
Having this implicit conversion means that we can silently do extra
refcounting when it's completely unnecessary.  It's also an obstacle to
making RefPtr more nsRefPtr-like, so let's get rid of it.
 2015-05-01 09:14:16 -04:00
Tim Taubert
66b896c92f Bug 1060112 - Don't treat OCSP responses omitting the requested certificate status as "unknown certificate" responses blocking the connection r=keeler 2015-05-21 13:39:34 -04:00
Eric Rahm
ccf1ec07c6 Bug 1165515 - Part 1: Convert PR_LOG to MOZ_LOG. r=froydnj 2015-05-21 13:22:04 -07:00
Nicholas Nethercote
5990994dda Bug 1166586 (part 2) - Convert some easy PL_DHashTable{Init,Finish} cases. r=froydnj. 
This patch converts easy cases, i.e. where the PL_DHashTableInit() call occurs
in a constructor and the PL_DHashTableFinish() call occurs in a destructor.
 2015-05-04 22:59:24 -07:00
Ryan VanderMeulen
995bebec24 Backed out changeset 38ff380719e4 (bug 1166031) for test_WebCrypto_DH.html failures. 2015-05-20 22:05:15 -04:00
Ryan VanderMeulen
224bdbec3e Bug 1166031 - Update NSS to NSS_3_19_1_BETA1. r=mt 2015-05-20 21:06:06 -04:00
David Keeler
0f00f328f3 Bug 1166031 - Update PSM xpcshell small RSA key test to reflect new error. r=Cykesiopka 
Previously NSS would accept smaller RSA key sizes than PSM would in TLS handshakes. Now that the limit is the same, NSS handles the handshake termination with a different error code before PSM can make its own policy decision.
 2015-05-21 12:57:03 -07:00
Ryan VanderMeulen
b1647b5e41 Bug 1166031 - Update NSS to NSS_3_19_1_BETA1. r=mt 2015-05-20 21:06:06 -04:00
Cykesiopka
06e1f43ea2 Bug 1166078 - Clean up and add expected result strings to test_hmac.js. r=keeler 2015-05-18 15:22:54 -07:00
Birunthan Mohanathas
9f65019493 Bug 1164714 - Flatten security/manager/pki/src/ directory. r=keeler 2015-05-19 10:47:42 -07:00
Birunthan Mohanathas
e9750de36b Bug 1164714 - Flatten security/manager/pki/public/ directory. r=keeler 2015-05-19 10:47:38 -07:00
Eric Rahm
c5e63515bf Bug 1165518 - Part 2: Replace prlog.h with Logging.h. rs=froydnj 2015-05-19 11:15:34 -07:00
David Keeler
af988c6fc0 bug 1165911 - do more safety checks when gathering successful TLS connection telemetry r=Cykesiopka 2015-05-18 10:37:38 -07:00
Nicholas Nethercote
35fffb1333 Back out a1f7ae44c7bb (bug 1164373) for causing intermittent test failures. 2015-05-18 19:00:54 -07:00
Carsten "Tomcat" Book
e5535efc49 merge mozilla-inbound to mozilla-central a=merge 2015-05-18 13:43:01 +02:00
cedric
b48a2260ab Bug 1152842 - Remove legacy Download Manager support from test_bug383369.html. r=paolo 2015-05-11 17:43:15 -07:00
Richard Barnes
84216a7c40 Backed out changeset fe10feec1ede because of OCSP test failures 2015-05-16 16:38:34 -04:00
Richard Barnes
6384ecbf90 Bug 1010068 - Disable OCSP for DV certificates in Firefox for Android r=keeler 2015-05-15 16:17:47 -04:00
Phil Ringnalda
01393a8965 Merge m-c to m-i 2015-05-16 09:49:14 -07:00
Phil Ringnalda
66b8e8f803 Merge m-i to m-c, a=merge 2015-05-16 08:50:37 -07:00
ffxbld
fb722a1b1e No bug, Automated HPKP preload list update from host bld-linux64-spot-152 - a=hpkp-update 2015-05-16 03:30:30 -07:00
ffxbld
4aece5ec95 No bug, Automated HSTS preload list update from host bld-linux64-spot-152 - a=hsts-update 2015-05-16 03:30:28 -07:00
Neil Rashbrook
441960eebc Bug 1155963 Only allow NS_LITERAL_CSTRING to be used on compile-time literals r=froydnj,ehsan 2015-05-16 09:07:10 +01:00
Nicholas Nethercote
0addd071a9 Back out all four patches from bug 1161377. r=me. 
Due to Android startup regressions (bug 1163066) and plugin crashes (bug
1165155).
 2015-05-14 21:48:43 -07:00
Wes Kocher
484229a7ff Backed out changeset 17cfad44e12b (bug 1155963) for breaking b2g builds 2015-05-14 16:35:18 -07:00
Jed Davis
22bcabd0af Bug 1162965 - Use /dev/shm instead of /tmp for sandbox chroot if possible. r=kang 2015-05-14 16:19:08 -07:00
Neil Rashbrook
5b5c002aaf Bug 1155963 Only allow NS_LITERAL_CSTRING to be used on compile-time literals r=froydnj,ehsan 2015-05-15 00:00:33 +01:00
Cykesiopka
d7bf2e4a0b Bug 1164409 - Reduce PSM xpcshell script code duplication. r=keeler 2015-05-15 02:28:00 -04:00
David Keeler
77060a5e28 bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes 2015-04-06 16:10:28 -07:00
Nicholas Nethercote
8d5e9cca79 Bug 1164373 - Remove two static constructors involving PR_NewLogModule(). r=froydnj. 2015-05-13 18:02:56 -07:00
Nicholas Nethercote
37a9035e51 Bug 1161377 (part 3, attempt 2) - Convert some easy PL_DHashTable{Init,Finish} cases. r=froydnj. 2015-05-12 17:33:26 -07:00
David Major
68b0dee7c5 Bug 1149718: Fix wow_helper lib path for VS2015. r=glandium 2015-05-12 18:20:28 -04:00
David Keeler
8924191348 bug 1102436 - remove PublicKeyPinningService::CheckChainAgainstAllNames r=Cykesiopka 2015-05-07 11:06:07 -07:00
Cykesiopka
8f0e75f3c3 Bug 1163358 - Add "psm" tag to PSM xpcshell and mochitest manifests. r=dkeeler 2015-05-09 18:21:00 +02:00
Mike Hommey
ec07b959e5 Bug 1043692 - Add a DIST_INSTALL variable to moz.build, and replace NO_DIST_INSTALL with it. r=gps 2015-05-12 07:55:21 +09:00
Bob Owen
6bab3a7af4 Bug 1146874 Part 1: Check that Windows sandboxed process starts correctly. r=tabraldes 2015-05-11 08:24:39 +01:00
Nicholas Nethercote
bdb7128dd1 Backout c375efe78e07 (bug 1161377 part 3) for (probably) increasing the static constructor count and regressing Fennec start-up time. r=me. 2015-05-10 22:16:18 -07:00
Phil Ringnalda
cd38d9b5e8 Merge m-c to m-c, a=merge 2015-05-09 14:16:58 -07:00
ffxbld
ab2219f9d0 No bug, Automated HPKP preload list update from host bld-linux64-spot-270 - a=hpkp-update 2015-05-09 03:31:59 -07:00
ffxbld
b463f10047 No bug, Automated HSTS preload list update from host bld-linux64-spot-270 - a=hsts-update 2015-05-09 03:31:58 -07:00
Wes Kocher
fa0da51ac6 Merge fx-team to m-c a=merge 2015-05-08 10:29:41 -07:00
Eric Rahm
c0f39382bd Bug 1162691 - Part 2: Wrap expensive calls in PR_LOG_TEST. r=froydnj 
Check that logging is enabled before performing potentially expensive
operations.
 2015-05-08 14:36:34 -07:00
Eric Rahm
3c0f5bf63e Bug 1162691 - Part 1: Remove instances of #ifdef PR_LOGGING in security. r=froydnj 
PR_LOGGING is now always defined, we can remove #ifdefs checking for it.
 2015-05-08 14:36:33 -07:00
Daniel Veditz
3bab854bdd Bug 1038072 - signature verification for JAR files unpacked into a directory. r=keeler 2015-05-05 20:21:00 +02:00
Bob Owen
46c30cdbd5 Bug 1158773: Use the same initial and delayed integrity level for Windows content sandbox level 0. r=tabraldes 2015-05-06 10:11:56 +01:00
L. David Baron
ffb6e08be2 Back out changeset a02ea85607a2 (bug 1038072) for widespread test failures (at least Linux, Android, and Mulet), on a CLOSED TREE. 2015-05-06 09:58:55 +02:00
Daniel Veditz
d2b1ef4d0e Bug 1038072 - signature verification for JAR files unpacked into a directory. r=keeler 2015-05-05 20:21:00 +02:00
Nicholas Nethercote
02e9b810da Bug 1161377 (part 3) - Convert some easy PL_DHashTable{Init,Finish} cases. r=froydnj. 
This patch converts easy cases, i.e. where the PL_DHashTableInit() call occurs
in a constructor and the PL_DHashTableFinish() call occurs in a destructor.
 2015-05-04 22:59:24 -07:00
Mark Goodwin
de6b7028f1 Bug 1128607 - Test the freshness check for OneCRL (r=keeler) 2015-05-07 18:54:07 +01:00
Mark Goodwin
9e5913dddb Bug 1128607 - Add freshness check for OneCRL (r=keeler) 2015-05-07 18:54:05 +01:00
Patrick McManus
726e9673d3 bug 1153212 - 2/2 Necko explicitly track origin vs routed host and give psm only origin r=dkeeler r=hurley IGNORE IDL 
Allow necko to simultaneously track the dual concept of routed host
and origin (authenticated host). The origin is given to the socket
provider and the routed host is inserted at DNS lookup time as if it
were a SRV or CNAME.
 2015-04-09 11:31:59 -04:00
Patrick McManus
a2982caa07 bug 1153212 - 1/2 revert 90d6a38931fa to make room for better fix r=backout 2015-05-07 13:16:26 -04:00
Kai Engert
8ea2fcf08e Bug 1144055, Upgrade Firefox to use NSS 3.19, landing NSS_3_19_RTM 2015-05-04 21:34:38 +02:00
Cykesiopka
fa466bc83d Bug 1153446 - Replace instances of double spacing with single spacing in nsserrors.properties. r=dkeeler 2015-05-01 02:40:00 +02:00
Phil Ringnalda
48398662cf Merge m-i to m-c, a=merge 2015-05-02 10:02:17 -07:00
ffxbld
904d847525 No bug, Automated HPKP preload list update from host bld-linux64-spot-137 - a=hpkp-update 2015-05-02 03:30:49 -07:00
ffxbld
9a9af4a556 No bug, Automated HSTS preload list update from host bld-linux64-spot-137 - a=hsts-update 2015-05-02 03:30:48 -07:00
Mike Hommey
b673a97a25 Bug 1134923 - Remove NS_Alloc/NS_Realloc/NS_Free. r=nfroyd 
They are kept around for the sake of the standalone glue, which is used
for e.g. webapprt, which doesn't have direct access to jemalloc, and thus
still needs a wrapper to go through the xpcom function list and get to
jemalloc from there.
 2015-05-01 09:40:30 +09:00
Nicholas Nethercote
29a54c9b3b Bug 1159972 - Remove the fallible version of PL_DHashTableInit(). r=froydnj. 
It's no longer needed now that entry storage isn't allocated there. (The other
possible causes of failures in that function are less interesting and simply
crashing is a reasonable thing to do for them.)

This also makes PL_DNewHashTable() infallible, so I removed some
now-unnecessary checks of its result.
 2015-04-29 16:38:29 -07:00
Bob Owen
0693a1dc83 Bug 1150515: Set the subsystem to WINDOWS,5.02 for wow_helper so that it runs on WinXP 64-bit. r=glandium 2015-04-30 09:48:03 +01:00
Masatoshi Kimura
931590121a Bug 1145844 - Update fallback whitelist. r=keeler 2015-04-29 13:48:53 +09:00
Andrew Bartlett
0b2e75f4be Bug 734229 - Partially address by refusing to re-negotiate on NTLM. r=mayhemer, r=keeler 
Now only one NTLM Negotiate packet will be sent per connection, rather
than again after a failed authentication.  The problem situation is
triggered due to failed Negotiate authentication, and is probably more
complex.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
 2014-11-28 11:34:06 +13:00
David Major
c92c020b89 Bug 1157835: Remove the MSVC_ENABLE_PGO flag from the build system. r=glandium 2015-04-27 19:59:27 -04:00
Carsten "Tomcat" Book
3923c05342 merge fx-team to mozilla-central a=merge 2015-04-27 12:34:03 +02:00
Carsten "Tomcat" Book
18a440fd0e merge mozilla-inbound to mozilla-central a=merge 2015-04-27 12:00:14 +02:00
ffxbld
bbd9aed0be No bug, Automated HPKP preload list update from host bld-linux64-spot-039 - a=hpkp-update 2015-04-25 03:32:33 -07:00
ffxbld
9fd30e6020 No bug, Automated HSTS preload list update from host bld-linux64-spot-039 - a=hsts-update 2015-04-25 03:32:31 -07:00
Jed Davis
8f10995d7b Bug 1154184 - Don't use Linux sandbox gtest dir if not building tests. r=gps 2015-04-24 17:36:08 -07:00
Dave Townsend
80ce794097 Bug 1038068: Check add-on signatures and refuse to install unsigned or broken add-ons (preffed off for now). r=dveditz 2015-03-31 11:32:40 -07:00
Carsten "Tomcat" Book
1a74144837 merge mozilla-inbound to mozilla-central a=merge 2015-04-24 14:37:13 +02:00
Richard Barnes
20b75325f3 Bug 1121982 - Update PSM to use NSS name constraints 2015-04-23 20:26:29 -04:00
Fabrice Desré
854266d52c Bug 1144600 - Don't crash when submitting <keygen> on b2g r=dkeeler 2015-04-23 13:35:49 -07:00
Blake Kaplan
1047b7458f Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler 2015-04-22 12:55:23 -07:00
Steven Michaud
2bb57bcd7a Bug 1153809 - Loosen Mac content process sandbox rules for NVidia and Intel HD 3000 graphics hardware. r=areinald 2015-04-22 14:56:09 -05:00
David Keeler
f9b93560f0 bug 1157873 - remove certificates from CNNIC whitelist that aren't in the Pilot Certificate Transparency log r=rbarnes 
Also remove certificates where notBefore is on or after 1 April 2015.
 2015-04-21 16:07:33 -07:00
Nathan Toone
1b81ed134e Bug 1124076 followup - fix the build when PR_LOGGING is not defined. r=mrbkap 2015-04-23 13:24:57 -07:00
David Keeler
7783f33c8b bug 1081128 - test_pinning.js takes ~300 seconds on b2g debug emulator - request a longer timeout for it r=Cykesiopka 2015-04-22 11:06:36 -07:00
Kai Engert
d7a44b34ec Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, r=nss-confcall 2015-04-23 21:16:20 +02:00
Francois Marier
29cbc60a12 Bug 1147212 - Add support for goog-unwanted-shavar. r=gcp,r=matej,r=smaug 2015-04-22 21:01:37 +12:00
Carsten "Tomcat" Book
407c282220 Backed out changeset 7f3cf84c11a9 (bug 1124076) for bustage on a CLOSED TREE 2015-04-22 13:44:23 +02:00
Blake Kaplan
87c47ee4e8 Bug 1124076 - Properly detect certs when loaded and prompt to import them. r=sworkman/dkeeler 2015-04-21 14:56:00 +02:00
Ehsan Akhgari
d278570d19 Bug 1153348 - Add an analysis to prohibit operator bools which aren't marked as either explicit or MOZ_IMPLICIT; r=jrmuizel 
This is the counterpart to the existing analysis to catch
constructors which aren't marked as either explicit or
MOZ_IMPLICIT.
 2015-04-21 21:40:49 -04:00
André Reinald
12017521df Bug 1150765 - Add sandbox rules to allow hardware rendering of OpenGL on Mac. r=smichaud 2015-04-21 11:17:16 +02:00
Patrick McManus
d428323d51 bug 1153212 - Alt-Svc Fixes r=dkeeler r=hurley 2015-04-13 17:11:59 -04:00
Kai Engert
ce1263979f Bug 1144055, Upgrade Firefox 39 to use NSS 3.19, NSS_3_19_BETA4 to pick up bug 1155279 2015-04-20 21:46:19 +02:00
Phil Ringnalda
842c8df579 Merge m-i to m-c, a=merge 2015-04-18 16:36:32 -07:00
ffxbld
a3972bfdfc No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update 2015-04-18 03:29:47 -07:00
ffxbld
09e813d086 No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update 2015-04-18 03:29:45 -07:00
David Keeler
3ba6c83d36 bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith 2015-04-08 16:17:39 -07:00
Kai Engert
85b84c3c46 Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA2, r=nss-confcall 2015-04-17 13:49:43 +02:00
Neil Deakin
dd30a1f3eb Bug 1153248, re-enable a bunch of tests that now work with e10s, r=billm 2015-04-16 15:38:12 -04:00
David Keeler
5f4152c364 bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes 2015-04-07 17:29:05 -07:00
Kai Engert
b5518439bf Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA3, r=nss-confcall 2015-04-17 18:43:30 +02:00
David Keeler
34e15cf320 bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past 2015-03-25 11:04:49 -07:00
Brian Smith
0d03a12ce8 Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler 2015-04-14 05:33:03 -10:00
Brian Smith
d853e2e6d1 Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler 
We used to avoid using Nested and NestedOf because they were based on
bind and it was difficult to maintain our std::bind polyfill. Now that
we use lambdas, it is easy to use Nested and NestedOf, so we should do
so wherever it makes the code clearer.
 2015-04-14 05:32:46 -10:00
Brian Smith
a710d38eed Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler 
Also fixes the wrong comment. The syntax for version in OCSP and X.509
certs is identical.
 2015-04-14 05:32:29 -10:00
Brian Smith
debda06173 Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler 2015-04-14 05:06:41 -10:00
Nathan Froyd
a9747433e3 Bug 1137437 - move security/apps/ cert header generation to moz.build; r=mshal,keeler 
Moving the cert header generation to GENERATED_FILES means that we can
delete all the manually-written out rules; we can also delete the
export:: rule because the build system automatically builds
GENERATED_FILES during the export phase.  For ease of converion, we opt
to create an empty trusted-app-public.der cert for manifest-signing-root.inc;
partners are free to overwrite that cert with their own.
 2015-02-27 12:50:49 -05:00
Mike Hommey
bb5d54f699 Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith 
This avoids -Wunused-variable fatal warnings with GCC 5.0
 2015-04-15 09:21:23 +09:00
Landry Breuil
13c5620ed7 Bug 1153090 followup - consistently use sizeof(hash) r=dkeeler 2015-04-14 22:19:18 +02:00
Landry Breuil
3022662159 Bug 1153090 - Unaligned access in cert block list (r=keeler) 2015-04-14 21:19:52 +02:00
Jan Beich
15f244431a Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith 2015-04-14 14:30:09 +02:00
Brian Smith
168218d0b3 Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler 
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.
 2015-04-13 00:28:11 -10:00
Brian Smith
27c206b435 Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler 2015-04-12 19:57:48 -10:00
Carsten "Tomcat" Book
94670e1674 merge mozilla-inbound to mozilla-central a=merge 2015-04-13 12:00:00 +02:00
ffxbld
a5ae47a99d No bug, Automated HPKP preload list update from host bld-linux64-spot-009 - a=hpkp-update 2015-04-11 03:29:55 -07:00
ffxbld
f89f580ff8 No bug, Automated HSTS preload list update from host bld-linux64-spot-009 - a=hsts-update 2015-04-11 03:29:53 -07:00
Jed Davis
bd4374a0cc Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang 
This needs more unit tests for the various pieces of what's going on
here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but
that's nontrivial due to needing a single-threaded process -- and
currently they can't be run on Mozilla's CI anyway due to needing user
namespaces, and local testing can just try using GMP and manually
inspecting the child process.  So that will be a followup.
 2015-04-10 18:05:19 -07:00
Jed Davis
a25b210578 Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang 
Using the equivalent of release assertions in the patch after this one
is easier to justify if I can't come up with vaguely legitimate reasons
why they might fail; this detects the ones I thought of.
 2015-04-10 18:05:19 -07:00
Jed Davis
4bcdc2879f Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent 
This means that B2G plugin-container must (dynamically) link against
libmozsandbox in order to call into it before initializing Binder.
(Desktop Linux plugin-container already contains the sandbox code.)
 2015-04-10 18:05:19 -07:00
Jed Davis
08099f9875 Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang 2015-04-10 18:05:19 -07:00
Mark Goodwin
6fcd7d356b Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler 2015-03-30 08:57:00 +02:00
David Keeler
b819bfd2cb bug 1147085 - remove nsINSSCertCache (replace it with nsIX509CertDB.getCerts()) r=Cykesiopka 2015-04-03 14:01:05 -07:00
Patrick McManus
f1ecabdf6a Bug 1152895 - remove dead code in nsSSLIOLayerSetOptions r=dkeeler 2015-04-09 13:40:04 -04:00
Cykesiopka
70bff0b01f Bug 1147725 - Disable test_ocsp_fetch_method.js and test_ocsp_url.js on slow B2G Emulator debug builds. r=keeler 2015-04-06 14:05:00 +02:00
Bob Owen
72b3de6331 Bug 1149483: Change content sandbox level 1 to a working low integrity sandbox. r=tabraldes, r=billm 2015-04-05 14:01:38 +01:00
Phil Ringnalda
4c814af933 Merge m-i to m-c, a=merge 2015-04-04 09:59:17 -07:00
ffxbld
8c99f061fc No bug, Automated HPKP preload list update from host bld-linux64-spot-220 - a=hpkp-update 2015-04-04 03:27:46 -07:00
ffxbld
f4241dc1de No bug, Automated HSTS preload list update from host bld-linux64-spot-220 - a=hsts-update 2015-04-04 03:27:44 -07:00
Steven Michaud
aa2d63ddad Bug 1110911 - Move Mac sandboxing code into plugin-container. r=cpearce,areinald,jld 2015-04-03 11:51:41 -05:00
Cykesiopka
442b83c70d Bug 1149805 - Switch head_psm.js to Assert.jsm methods and add expected result strings. r=keeler 2015-04-02 05:50:00 -04:00
Cykesiopka
c4456e9497 Bug 488480 - Correct documentation about the function hasMatchingOverride() in nsICertOverrideService.idl. Original patch by Johnathan Nightingale. r=keeler 
IGNORE IDL
 2015-04-02 05:45:00 -04:00
Nathan Froyd
65f6c06592 Bug 1143651 - don't use CallQueryInterface when the compiler can do the cast for us; r=ehsan 2015-03-12 13:20:29 -04:00
Cykesiopka
f3a36bd993 Bug 1147726: Disable test_keysize_ev.js on slow B2G Emulator debug builds. r=dkeeler 2015-03-31 11:53:00 +02:00
Brian Smith
922814a6c1 Bug 1146057: Remove support for GCC 4.6, r=keeler 
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.
 2015-03-30 20:18:46 -10:00
Bob Owen
666e96adb9 Bug 1119878 Part 2: Change IPC code to hold ProcessID instead of ProcessHandle. r=billm, r=dvander, r=aklotz, r=cpearce 2015-04-01 09:40:35 +01:00
Bob Owen
8e1e75d04b Bug 1119878 Part 1: Change SandboxTarget to hold sandbox target services to provide functions. r=aklotz, r=glandium, r=cpearce 2015-04-01 09:40:35 +01:00
Mike Hommey
ccd2a9b975 Bug 1134920 - Use moz_xmalloc/moz_xrealloc/free instead of nsMemory::Alloc/Realloc/Free. r=nfroyd 2015-04-01 13:51:45 +09:00
Mark Goodwin
bead98d47f Bug 1138848 - Tests for modified OneCRL (r=keeler, unfocused) 
* * *
* * *
give blocklist debug info to NSPR_LOG
 2015-03-31 15:10:19 -07:00
Mark Goodwin
695994d59d Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused) 2015-03-31 15:10:09 -07:00
David Keeler
a66b3817f5 bug 844351 - remove nsISSLErrorListener r=cykesiopka 2015-03-24 16:00:10 -07:00
Cykesiopka
192d5ad67e Bug 1147247 - Use PRErrorCodeSuccess constant instead of literal 0 to represent success in PSM xpcshell tests. r=dkeeler 2015-03-27 23:16:00 +01:00
David Cooper
a267ad8c56 Bug 667471 - Pretty print names of ECDSA with SHA-2 algorithms in Certificate Viewer. r=dkeeler 2015-03-27 23:13:00 +01:00
Mike Hommey
4da5ed0b71 Bug 1138293 - Use malloc/free/realloc/calloc instead of moz_malloc/moz_free/moz_realloc/moz_calloc. r=njn 
The distinction between moz_malloc/moz_free and malloc/free is not
interesting. We are inconsistent in our use of one or the other, and
I wouldn't be surprised if we are mixing them anyways.
 2015-03-31 12:32:49 +09:00
Brian Smith
b43440444d Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler 2015-02-26 13:10:13 -08:00
Brian Smith
e23ee1cce5 Bug 1136278, Part 1: Refactor algorithm identifiers in tests, r=keeler 
This will make it easier to expand the tests to additional
signature algorithms and additional public key types.
 2015-02-26 16:11:41 -08:00
Andrew McCreight
78ef3a55a4 Bug 1147572 - Remove implementation language field from DOM class info. r=jst 2015-03-30 10:45:39 -07:00
Jan-Ivar Bruaroey
ab8a60ff50 Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, florian, billm, jesup 2015-03-03 09:51:05 -05:00
Andrew McCreight
4b767927e9 Bug 1148070 - Change nsIClassInfo::getHelperForLanguage() to getScriptableHelper(). r=bholley 2015-03-29 07:52:54 -07:00
Randell Jesup
19225aa9cf Backed out 6 changesets (bug 1046245) on a CLOSED TREE 2015-03-29 01:42:32 -04:00
Jan-Ivar Bruaroey
eee0d4f6d2 Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Phil Ringnalda
f45c1bd02b Back out 6 changesets (bug 1046245) for thinking that MSVC would have anything to do with a __PRETTY_FUNCTION__ 
CLOSED TREE

Backed out changeset 9e3ecca831d8 (bug 1046245)
Backed out changeset 87dc145f4da8 (bug 1046245)
Backed out changeset 01606cf19a77 (bug 1046245)
Backed out changeset 2ed2b15fe940 (bug 1046245)
Backed out changeset 2b99b193828a (bug 1046245)
Backed out changeset d1ac67faccbb (bug 1046245)
 2015-03-28 19:57:17 -07:00
Jan-Ivar Bruaroey
6e995cbffd Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Ryan VanderMeulen
4da777479a Backed out 6 changesets (bug 1046245) for bustage on a CLOSED TREE. 
Backed out changeset 222c2f9e3bc9 (bug 1046245)
Backed out changeset 4251eef464a2 (bug 1046245)
Backed out changeset 592f4cc23197 (bug 1046245)
Backed out changeset 5bfb9a1c0550 (bug 1046245)
Backed out changeset e966a5df87b6 (bug 1046245)
Backed out changeset 609f3ca64004 (bug 1046245)
 2015-03-28 16:24:25 -04:00
Jan-Ivar Bruaroey
5f0e601fcd Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Phil Ringnalda
870ac05194 Merge m-i to m-c, a=merge 2015-03-28 11:44:16 -07:00
ffxbld
28fbf92074 No bug, Automated HPKP preload list update from host bld-linux64-spot-1005 - a=hpkp-update 2015-03-28 03:27:37 -07:00
ffxbld
be5331225c No bug, Automated HSTS preload list update from host bld-linux64-spot-1005 - a=hsts-update 2015-03-28 03:27:36 -07:00
Andrea Marchesini
b212600c95 Bug 1148527 - Indentation fix after bug 1145631, r=ehsan 2015-03-27 18:52:19 +00:00
Kai Engert
045c1c7065 Bug 1144055 - Upgrade Firefox 39 to use NSS 3.18.1, land NSS_3_18_1_BETA1, r=nss-confcall 2015-03-26 20:39:25 +01:00
Tanvi Vyas
24698cb937 Bug 947079 - Hack to prevent getting a mixed content icon on a fully secure page. r=keeler 2015-03-26 11:54:53 -07:00
Bob Owen
1eda62eb8d Bug 1147446: Chromium patch to fix memory leak in Windows sandbox sharedmem_ipc_server.cc. r=aklotz 2015-03-26 08:06:04 +00:00
Cykesiopka
3d56eac828 Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler relanding on a CLOSED TREE 2015-03-25 17:29:05 -07:00
Wes Kocher
7895e32a5e Backed out changeset 3a38c3d97f44 (bug 996872) on the theory that it somehow broke lots of tests, forcing a prolonged CLOSED TREE 2015-03-25 14:40:44 -07:00
Cykesiopka
bd57240c9d Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler 2015-03-25 11:40:46 -07:00
Wes Kocher
0d9c0798af Merge m-c to inbound a=merge CLOSED TREE 2015-03-23 16:51:22 -07:00
Edwin Flores
31eadf18b7 Bug 1146192 - Whitelist sched_yield syscall in GMP sandbox on Linux DONTBUILD CLOSED TREE - r=jld 2015-03-24 10:56:49 +13:00
Edwin Flores
13fe1731fe Bug 1146192 - Backed out changeset d2918bcf0d90 for missing bug number - r=me 2015-03-24 10:53:10 +13:00
Jed Davis
0f3b12d8c5 Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang 2015-03-19 11:57:00 -04:00
Phil Ringnalda
b39967c514 Merge m-c to m-i 2015-03-21 12:50:09 -07:00
Phil Ringnalda
c847599e4d Merge m-i to m-c, a=merge 2015-03-21 12:31:07 -07:00
ffxbld
1f8ea0c488 No bug, Automated HPKP preload list update from host bld-linux64-spot-1002 - a=hpkp-update 2015-03-21 03:30:42 -07:00
ffxbld
703ee2d45b No bug, Automated HSTS preload list update from host bld-linux64-spot-1002 - a=hsts-update 2015-03-21 03:30:40 -07:00
Ehsan Akhgari
33bb32f549 Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj 
This patch was automatically generated using the following script:

function convert() {
echo "Converting $1 to $2..."
find . \
       ! -wholename "*/.git*" \
       ! -wholename "obj-ff-dbg*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.c" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_OVERRIDE override
convert MOZ_FINAL final
 2015-03-21 12:28:04 -04:00
Edwin Flores
7a76516d84 Bug 1XXXXXX - Whitelist sched_yield syscall in GMP sandbox on Linux - r=jld 2015-03-24 09:55:36 +13:00
David Keeler
d2ce6abf90 bug 1143085 - allow subject alternative name extensions to be empty for compatibility r=briansmith a=kwierso 2015-03-16 14:00:33 -07:00
Jed Davis
15de7894cc Bug 1144580 - Whitelist pselect6 in content seccomp-bpf policy. r=kang 2015-03-18 15:30:00 +01:00
Masatoshi Kimura
1999ec07b4 Bug 1133187 - Update fallback whitelist. r=keeler 2015-03-18 15:36:00 +01:00
Jed Davis
d2a1fdfdb7 Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang 
See bug, and comment at top of SandboxInfo.cpp, for rationale.

Bonus fix: reword comment about nested namespace limit; the exact limit
is 33 (not counting the root) but doesn't particularly matter.
 2015-03-17 22:50:00 +01:00
Cykesiopka
11f5f6058d Bug 1131227 - Make the about:certerror Unknown Issuer string mention missing intermediates and unimported roots. r=keeler 2015-03-17 14:33:00 +01:00
Masatoshi Kimura
b23f9dc54f Bug 1143082 - Fix a message in the mixed content UI. r=dolske 2015-03-17 20:34:58 +09:00
Jed Davis
d0d9f194e4 Bug 1141885 - Make readlink() fail instead of allowing it, for B2G content processes. r=kang 2015-03-13 13:47:56 -07:00
André Reinald
f3598cf103 Bug 1083344 - Tighten rules for Mac OS content process sandbox on 10.9 and 10.10. r=smichaud 
Allow read to whole filesystem until chrome:// and file:// URLs are brokered through another process.
Except $HOME/Library in which we allow only access to profile add-ons subdir.
Add level 2, which allows read only from $HOME and /tmp (while still restricting $HOME/Library.
Change default back to 1.
 2015-03-12 17:42:50 +01:00
ffxbld
4837382e9e No bug, Automated HPKP preload list update from host bld-linux64-spot-532 - a=hpkp-update 2015-03-14 03:26:00 -07:00
ffxbld
7ad0e5a9f3 No bug, Automated HSTS preload list update from host bld-linux64-spot-532 - a=hsts-update 2015-03-14 03:25:58 -07:00
Nathan Froyd
8ddefeed54 Bug 1142503 - don't use QueryInterface when the compiler can do the cast for us; r=ehsan 
Calling QueryInterface with a statically known IID should typically not
be necessary.  In those cases where it's not, the compiler can do the
cast for us, though we have to supply the reference-counting that
QueryInterface would do.

In passing, several redundant null-checks for the result of |new T| have
been deleted.
 2015-03-12 09:43:50 -04:00
Jed Davis
da39e0a7e8 Bug 1142263 - Specify all syscall parameters when doing CLONE_NEWUSER detection; f=bwc r=kang 2015-03-13 13:01:28 +01:00
Jed Davis
64382897a9 Bug 906996 - Remove unlink from B2G content process syscall whitelist. r=kang 2015-03-11 12:39:00 +01:00
David Keeler
793bd87d86 bug 1102443 - fix leak in key pinning logging by removing an unnecessary function call r=cykesiopka 
Also took the opportunity to fix the logging message, since it didn't accurately
describe the information that was being printed.
 2015-03-12 14:31:26 -07:00