wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
246,325 Commits 1 Branch 166 Tags 1.2 GiB
82fde54b7c
Commit Graph

3215 Commits

Author SHA1 Message Date
André Reinald
17de8bc267 Bug 1150765 - Add sandbox rules to allow hardware rendering of OpenGL on Mac. r=smichaud 2015-04-21 11:17:16 +02:00
Patrick McManus
2128024376 bug 1153212 - Alt-Svc Fixes r=dkeeler r=hurley 2015-04-13 17:11:59 -04:00
Kai Engert
6736041d5a Bug 1144055, Upgrade Firefox 39 to use NSS 3.19, NSS_3_19_BETA4 to pick up bug 1155279 2015-04-20 21:46:19 +02:00
Phil Ringnalda
f9dd538484 Merge m-i to m-c, a=merge 2015-04-18 16:36:32 -07:00
ffxbld
f956e116af No bug, Automated HPKP preload list update from host bld-linux64-spot-222 - a=hpkp-update 2015-04-18 03:29:47 -07:00
ffxbld
344fd7aa41 No bug, Automated HSTS preload list update from host bld-linux64-spot-222 - a=hsts-update 2015-04-18 03:29:45 -07:00
David Keeler
aef2b30e4e bug 1150114 - allow PrintableString to match UTF8String in name constraints checking r=briansmith 2015-04-08 16:17:39 -07:00
Kai Engert
b891161b8d Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA2, r=nss-confcall 2015-04-17 13:49:43 +02:00
Neil Deakin
0e272ede50 Bug 1153248, re-enable a bunch of tests that now work with e10s, r=billm 2015-04-16 15:38:12 -04:00
David Keeler
87964c3250 bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes 2015-04-07 17:29:05 -07:00
Kai Engert
ef9f840356 Bug 1144055 - Upgrade Firefox 39 to use NSS 3.19, land NSS_3_19_BETA3, r=nss-confcall 2015-04-17 18:43:30 +02:00
David Keeler
ef38913727 bug 1147497 - Add API for querying site pin status. Disallow overrides for sites that have pins. r=mmc r=smaug r=cykesiopka r=past 2015-03-25 11:04:49 -07:00
Brian Smith
83c90debbf Bug 1154399 - Part 4: Simplify certificate parsing in OCSP responses. r=keeler 2015-04-14 05:33:03 -10:00
Brian Smith
0cc9d436df Bug 1154399 - Part 3: Simplify OptionalExtensions. r=keeler 
We used to avoid using Nested and NestedOf because they were based on
bind and it was difficult to maintain our std::bind polyfill. Now that
we use lambdas, it is easy to use Nested and NestedOf, so we should do
so wherever it makes the code clearer.
 2015-04-14 05:32:46 -10:00
Brian Smith
dc0d3cf78e Bug 1154399 - Part 2: Simplify and un-inline OptionalVersion. r=keeler 
Also fixes the wrong comment. The syntax for version in OCSP and X.509
certs is identical.
 2015-04-14 05:32:29 -10:00
Brian Smith
10450b2670 Bug 1154399 - Part 1: De-templatize and un-inline IntegralValue. r=keeler 2015-04-14 05:06:41 -10:00
Nathan Froyd
8b2c8c2c8e Bug 1137437 - move security/apps/ cert header generation to moz.build; r=mshal,keeler 
Moving the cert header generation to GENERATED_FILES means that we can
delete all the manually-written out rules; we can also delete the
export:: rule because the build system automatically builds
GENERATED_FILES during the export phase.  For ease of converion, we opt
to create an empty trusted-app-public.der cert for manifest-signing-root.inc;
partners are free to overwrite that cert with their own.
 2015-02-27 12:50:49 -05:00
Mike Hommey
4cff7b2866 Bug 1153114 - Remove anonymous namespace around pkix gtests. r=bsmith 
This avoids -Wunused-variable fatal warnings with GCC 5.0
 2015-04-15 09:21:23 +09:00
Landry Breuil
e18d614081 Bug 1153090 followup - consistently use sizeof(hash) r=dkeeler 2015-04-14 22:19:18 +02:00
Landry Breuil
701acba976 Bug 1153090 - Unaligned access in cert block list (r=keeler) 2015-04-14 21:19:52 +02:00
Jan Beich
b9b92e7e47 Bug 1154188 - Unbreak build on non-SPS platforms after bug 1153737 r=bsmith 2015-04-14 14:30:09 +02:00
Brian Smith
e3b9248715 Bug 1153738: Make ScopedPtr a minimal proper subset of std::unique_ptr, r=keeler 
Remove all features of ScopedPtr that aren't in std::unique_ptr, and
remove all currently-unused features of ScopedPtr. In particular,
replace |operator=(T*)| with |reset(T* p = nullptr)| and make
|operator bool| explicit.
 2015-04-13 00:28:11 -10:00
Brian Smith
2bbc1d7a0d Bug 1153737: Avoid unnecessary uses of mozilla::pkix::ScopedPtr, r=keeler 2015-04-12 19:57:48 -10:00
Carsten "Tomcat" Book
aa93bc5d24 merge mozilla-inbound to mozilla-central a=merge 2015-04-13 12:00:00 +02:00
ffxbld
7009fe93d0 No bug, Automated HPKP preload list update from host bld-linux64-spot-009 - a=hpkp-update 2015-04-11 03:29:55 -07:00
ffxbld
2d0f3a5b62 No bug, Automated HSTS preload list update from host bld-linux64-spot-009 - a=hsts-update 2015-04-11 03:29:53 -07:00
Jed Davis
cbeb84fc46 Bug 1151607 - Step 2: Apply net/ipc namespace separation and chroot to media plugins. r=kang 
This needs more unit tests for the various pieces of what's going on
here (LinuxCapabilities, SandboxChroot, UnshareUserNamespace()) but
that's nontrivial due to needing a single-threaded process -- and
currently they can't be run on Mozilla's CI anyway due to needing user
namespaces, and local testing can just try using GMP and manually
inspecting the child process.  So that will be a followup.
 2015-04-10 18:05:19 -07:00
Jed Davis
8df433f25a Bug 1151607 - Step 1.5: Avoid unlikely false positives in Linux SandboxInfo feature detection. r=kang 
Using the equivalent of release assertions in the patch after this one
is easier to justify if I can't come up with vaguely legitimate reasons
why they might fail; this detects the ones I thought of.
 2015-04-10 18:05:19 -07:00
Jed Davis
9eccf736fa Bug 1151607 - Step 1: Add Linux sandboxing hook for when child processes are still single-threaded. r=kang r=bent 
This means that B2G plugin-container must (dynamically) link against
libmozsandbox in order to call into it before initializing Binder.
(Desktop Linux plugin-container already contains the sandbox code.)
 2015-04-10 18:05:19 -07:00
Jed Davis
c72a4ce469 Bug 1151607 - Step 0: sort includes to make the following patches cleaner. r=kang 2015-04-10 18:05:19 -07:00
Mark Goodwin
2098eab23a Bug 1132689 - Feb 2015 batch of EV root CA Changes. r=keeler 2015-03-30 08:57:00 +02:00
David Keeler
37831e0f6b bug 1147085 - remove nsINSSCertCache (replace it with nsIX509CertDB.getCerts()) r=Cykesiopka 2015-04-03 14:01:05 -07:00
Patrick McManus
6198e1cd11 Bug 1152895 - remove dead code in nsSSLIOLayerSetOptions r=dkeeler 2015-04-09 13:40:04 -04:00
Cykesiopka
5e201eeccf Bug 1147725 - Disable test_ocsp_fetch_method.js and test_ocsp_url.js on slow B2G Emulator debug builds. r=keeler 2015-04-06 14:05:00 +02:00
Bob Owen
7de09aedba Bug 1149483: Change content sandbox level 1 to a working low integrity sandbox. r=tabraldes, r=billm 2015-04-05 14:01:38 +01:00
Phil Ringnalda
b8dda1ad61 Merge m-i to m-c, a=merge 2015-04-04 09:59:17 -07:00
ffxbld
379f73fa6f No bug, Automated HPKP preload list update from host bld-linux64-spot-220 - a=hpkp-update 2015-04-04 03:27:46 -07:00
ffxbld
ba6db8801a No bug, Automated HSTS preload list update from host bld-linux64-spot-220 - a=hsts-update 2015-04-04 03:27:44 -07:00
Steven Michaud
1ad55d8bd8 Bug 1110911 - Move Mac sandboxing code into plugin-container. r=cpearce,areinald,jld 2015-04-03 11:51:41 -05:00
Cykesiopka
22020e9387 Bug 1149805 - Switch head_psm.js to Assert.jsm methods and add expected result strings. r=keeler 2015-04-02 05:50:00 -04:00
Cykesiopka
d801ab7708 Bug 488480 - Correct documentation about the function hasMatchingOverride() in nsICertOverrideService.idl. Original patch by Johnathan Nightingale. r=keeler 
IGNORE IDL
 2015-04-02 05:45:00 -04:00
Nathan Froyd
4181765caf Bug 1143651 - don't use CallQueryInterface when the compiler can do the cast for us; r=ehsan 2015-03-12 13:20:29 -04:00
Cykesiopka
73218c827d Bug 1147726: Disable test_keysize_ev.js on slow B2G Emulator debug builds. r=dkeeler 2015-03-31 11:53:00 +02:00
Brian Smith
3509081d96 Bug 1146057: Remove support for GCC 4.6, r=keeler 
Since Gecko now requires GCC 4.7 or later, we no longer need to
work around the lack of support for "override" and "final" in
earlier versions of GCC.
 2015-03-30 20:18:46 -10:00
Bob Owen
734bb8f7d2 Bug 1119878 Part 2: Change IPC code to hold ProcessID instead of ProcessHandle. r=billm, r=dvander, r=aklotz, r=cpearce 2015-04-01 09:40:35 +01:00
Bob Owen
329efcd3f4 Bug 1119878 Part 1: Change SandboxTarget to hold sandbox target services to provide functions. r=aklotz, r=glandium, r=cpearce 2015-04-01 09:40:35 +01:00
Mike Hommey
ee117642af Bug 1134920 - Use moz_xmalloc/moz_xrealloc/free instead of nsMemory::Alloc/Realloc/Free. r=nfroyd 2015-04-01 13:51:45 +09:00
Mark Goodwin
6326b2717b Bug 1138848 - Tests for modified OneCRL (r=keeler, unfocused) 
* * *
* * *
give blocklist debug info to NSPR_LOG
 2015-03-31 15:10:19 -07:00
Mark Goodwin
13b7190f95 Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused) 2015-03-31 15:10:09 -07:00
David Keeler
9d664df14d bug 844351 - remove nsISSLErrorListener r=cykesiopka 2015-03-24 16:00:10 -07:00
Cykesiopka
5559a48f81 Bug 1147247 - Use PRErrorCodeSuccess constant instead of literal 0 to represent success in PSM xpcshell tests. r=dkeeler 2015-03-27 23:16:00 +01:00
David Cooper
a0b647c33e Bug 667471 - Pretty print names of ECDSA with SHA-2 algorithms in Certificate Viewer. r=dkeeler 2015-03-27 23:13:00 +01:00
Mike Hommey
95e047925a Bug 1138293 - Use malloc/free/realloc/calloc instead of moz_malloc/moz_free/moz_realloc/moz_calloc. r=njn 
The distinction between moz_malloc/moz_free and malloc/free is not
interesting. We are inconsistent in our use of one or the other, and
I wouldn't be surprised if we are mixing them anyways.
 2015-03-31 12:32:49 +09:00
Brian Smith
923d2ca048 Bug 1136278, Part 2: Refactor test SubjectPublicKeyInfo generation, r=keeler 2015-02-26 13:10:13 -08:00
Brian Smith
1717dc45d9 Bug 1136278, Part 1: Refactor algorithm identifiers in tests, r=keeler 
This will make it easier to expand the tests to additional
signature algorithms and additional public key types.
 2015-02-26 16:11:41 -08:00
Andrew McCreight
db3e30ab59 Bug 1147572 - Remove implementation language field from DOM class info. r=jst 2015-03-30 10:45:39 -07:00
Jan-Ivar Bruaroey
7704eddbd0 Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, florian, billm, jesup 2015-03-03 09:51:05 -05:00
Andrew McCreight
210c51b7d3 Bug 1148070 - Change nsIClassInfo::getHelperForLanguage() to getScriptableHelper(). r=bholley 2015-03-29 07:52:54 -07:00
Randell Jesup
489c2b15d5 Backed out 6 changesets (bug 1046245) on a CLOSED TREE 2015-03-29 01:42:32 -04:00
Jan-Ivar Bruaroey
749fb18624 Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Phil Ringnalda
13670b07d8 Back out 6 changesets (bug 1046245) for thinking that MSVC would have anything to do with a __PRETTY_FUNCTION__ 
CLOSED TREE

Backed out changeset 9e3ecca831d8 (bug 1046245)
Backed out changeset 87dc145f4da8 (bug 1046245)
Backed out changeset 01606cf19a77 (bug 1046245)
Backed out changeset 2ed2b15fe940 (bug 1046245)
Backed out changeset 2b99b193828a (bug 1046245)
Backed out changeset d1ac67faccbb (bug 1046245)
 2015-03-28 19:57:17 -07:00
Jan-Ivar Bruaroey
d2a2c59e6d Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Ryan VanderMeulen
0ec3fab670 Backed out 6 changesets (bug 1046245) for bustage on a CLOSED TREE. 
Backed out changeset 222c2f9e3bc9 (bug 1046245)
Backed out changeset 4251eef464a2 (bug 1046245)
Backed out changeset 592f4cc23197 (bug 1046245)
Backed out changeset 5bfb9a1c0550 (bug 1046245)
Backed out changeset e966a5df87b6 (bug 1046245)
Backed out changeset 609f3ca64004 (bug 1046245)
 2015-03-28 16:24:25 -04:00
Jan-Ivar Bruaroey
fbcac25eea Bug 1046245 - enumerateDevices w/non-blocking e10s, nsICryptoHMAC, clear cookies, lambdas. r=keeler, r=florian, r=billm, r=jesup 2015-03-03 09:51:05 -05:00
Phil Ringnalda
8684378100 Merge m-i to m-c, a=merge 2015-03-28 11:44:16 -07:00
ffxbld
d19b8895fe No bug, Automated HPKP preload list update from host bld-linux64-spot-1005 - a=hpkp-update 2015-03-28 03:27:37 -07:00
ffxbld
59b007131d No bug, Automated HSTS preload list update from host bld-linux64-spot-1005 - a=hsts-update 2015-03-28 03:27:36 -07:00
Andrea Marchesini
94545cbb2e Bug 1148527 - Indentation fix after bug 1145631, r=ehsan 2015-03-27 18:52:19 +00:00
Kai Engert
8146acbbd7 Bug 1144055 - Upgrade Firefox 39 to use NSS 3.18.1, land NSS_3_18_1_BETA1, r=nss-confcall 2015-03-26 20:39:25 +01:00
Tanvi Vyas
895410f582 Bug 947079 - Hack to prevent getting a mixed content icon on a fully secure page. r=keeler 2015-03-26 11:54:53 -07:00
Bob Owen
116d5cd06c Bug 1147446: Chromium patch to fix memory leak in Windows sandbox sharedmem_ipc_server.cc. r=aklotz 2015-03-26 08:06:04 +00:00
Cykesiopka
8aafafce75 Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler relanding on a CLOSED TREE 2015-03-25 17:29:05 -07:00
Wes Kocher
4957e87be7 Backed out changeset 3a38c3d97f44 (bug 996872) on the theory that it somehow broke lots of tests, forcing a prolonged CLOSED TREE 2015-03-25 14:40:44 -07:00
Cykesiopka
437d423a75 Bug 996872 - Reduce calls to getXPCOMStatusFromNSS() in PSM xpcshell tests. r=keeler 2015-03-25 11:40:46 -07:00
Wes Kocher
c8ed5e5a96 Merge m-c to inbound a=merge CLOSED TREE 2015-03-23 16:51:22 -07:00
Edwin Flores
58f6b3e8f4 Bug 1146192 - Whitelist sched_yield syscall in GMP sandbox on Linux DONTBUILD CLOSED TREE - r=jld 2015-03-24 10:56:49 +13:00
Edwin Flores
fb0360251e Bug 1146192 - Backed out changeset d2918bcf0d90 for missing bug number - r=me 2015-03-24 10:53:10 +13:00
Jed Davis
28d8dc9133 Bug 1144514 - Whitelist pread64 in content seccomp-bpf policy. r=kang 2015-03-19 11:57:00 -04:00
Phil Ringnalda
a12ccf5a58 Merge m-c to m-i 2015-03-21 12:50:09 -07:00
Phil Ringnalda
01cabc14b3 Merge m-i to m-c, a=merge 2015-03-21 12:31:07 -07:00
ffxbld
079c550f1a No bug, Automated HPKP preload list update from host bld-linux64-spot-1002 - a=hpkp-update 2015-03-21 03:30:42 -07:00
ffxbld
16171d412a No bug, Automated HSTS preload list update from host bld-linux64-spot-1002 - a=hsts-update 2015-03-21 03:30:40 -07:00
Ehsan Akhgari
5cccea6f0f Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj 
This patch was automatically generated using the following script:

function convert() {
echo "Converting $1 to $2..."
find . \
       ! -wholename "*/.git*" \
       ! -wholename "obj-ff-dbg*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.c" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_OVERRIDE override
convert MOZ_FINAL final
 2015-03-21 12:28:04 -04:00
Edwin Flores
84832ca0ea Bug 1XXXXXX - Whitelist sched_yield syscall in GMP sandbox on Linux - r=jld 2015-03-24 09:55:36 +13:00
David Keeler
ebeac632b8 bug 1143085 - allow subject alternative name extensions to be empty for compatibility r=briansmith a=kwierso 2015-03-16 14:00:33 -07:00
Jed Davis
f24f05cd65 Bug 1144580 - Whitelist pselect6 in content seccomp-bpf policy. r=kang 2015-03-18 15:30:00 +01:00
Masatoshi Kimura
a6c8ea5e74 Bug 1133187 - Update fallback whitelist. r=keeler 2015-03-18 15:36:00 +01:00
Jed Davis
a630e74065 Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang 
See bug, and comment at top of SandboxInfo.cpp, for rationale.

Bonus fix: reword comment about nested namespace limit; the exact limit
is 33 (not counting the root) but doesn't particularly matter.
 2015-03-17 22:50:00 +01:00
Cykesiopka
36f968ef2c Bug 1131227 - Make the about:certerror Unknown Issuer string mention missing intermediates and unimported roots. r=keeler 2015-03-17 14:33:00 +01:00
Masatoshi Kimura
3228a63525 Bug 1143082 - Fix a message in the mixed content UI. r=dolske 2015-03-17 20:34:58 +09:00
Jed Davis
769b91bcaa Bug 1141885 - Make readlink() fail instead of allowing it, for B2G content processes. r=kang 2015-03-13 13:47:56 -07:00
André Reinald
18a6151b7a Bug 1083344 - Tighten rules for Mac OS content process sandbox on 10.9 and 10.10. r=smichaud 
Allow read to whole filesystem until chrome:// and file:// URLs are brokered through another process.
Except $HOME/Library in which we allow only access to profile add-ons subdir.
Add level 2, which allows read only from $HOME and /tmp (while still restricting $HOME/Library.
Change default back to 1.
 2015-03-12 17:42:50 +01:00
ffxbld
aa6c1f9563 No bug, Automated HPKP preload list update from host bld-linux64-spot-532 - a=hpkp-update 2015-03-14 03:26:00 -07:00
ffxbld
2d6d643ff7 No bug, Automated HSTS preload list update from host bld-linux64-spot-532 - a=hsts-update 2015-03-14 03:25:58 -07:00
Nathan Froyd
7ff6a1d668 Bug 1142503 - don't use QueryInterface when the compiler can do the cast for us; r=ehsan 
Calling QueryInterface with a statically known IID should typically not
be necessary.  In those cases where it's not, the compiler can do the
cast for us, though we have to supply the reference-counting that
QueryInterface would do.

In passing, several redundant null-checks for the result of |new T| have
been deleted.
 2015-03-12 09:43:50 -04:00
Jed Davis
ef8ceefe3b Bug 1142263 - Specify all syscall parameters when doing CLONE_NEWUSER detection; f=bwc r=kang 2015-03-13 13:01:28 +01:00
Jed Davis
ecafb9056b Bug 906996 - Remove unlink from B2G content process syscall whitelist. r=kang 2015-03-11 12:39:00 +01:00
David Keeler
a625ddb861 bug 1102443 - fix leak in key pinning logging by removing an unnecessary function call r=cykesiopka 
Also took the opportunity to fix the logging message, since it didn't accurately
describe the information that was being printed.
 2015-03-12 14:31:26 -07:00
Jonathan Griffin
8873726f67 Bug 1116187 - Disable failing mochitest-chrome tests for B2G, r=gbrown 2015-02-06 16:30:37 -08:00
David Keeler
221fab118c bug 1138332 - re-allow overrides for certificates signed by non-CA certificates r=mmc 2015-03-11 11:11:22 -07:00
Cykesiopka
114fecc9e0 Bug 1141815 - Remove nsIDOMCryptoDialogs interface and associated implementation; r=keeler 2015-03-12 10:24:05 +01:00
David Keeler
370b8ec6e9 bug 1138716 - update PSM data structures that depend on root CA changes r=mmc 2015-03-23 10:36:55 -07:00
Kai Engert
2b4a80bef2 Bug 1137470, remove the documentation patch file, because it's no longer reverted locally, DONTBUILD 2015-03-20 13:38:13 +01:00
Kai Engert
c010c6d176 Bug 1137470, Upgrade Firefox 38 to use NSS 3.18, land NSS_3_18_RTM, r=nss-confcall 2015-03-20 13:32:58 +01:00
Cykesiopka
c49307df63 Bug 1121117 - Add fuzz time to workaround non-monotonicity of Date(). r=keeler 2015-03-19 19:57:00 +01:00
Bob Owen
cfe22c2153 Bug 1145432: Add the policy for the client side of the crash server pipe to the GMP Windows sandbox. r=aklotz 2015-03-20 07:53:37 +00:00
Ehsan Akhgari
f6623fb38f Bug 1140767 - Build more files in security/manager in unified mode; r=dkeeler 2015-03-10 22:52:22 -04:00
Bob Owen
7928769058 Bug 1141169: Add moz.build BUG_COMPONENT metadata for security/sandbox/ r=jld 2015-03-10 08:03:12 +00:00
Bob Owen
181d4e83ed Bug 1137166: Change the Content moreStrict sandbox pref to an integer to indicate the level of sandboxing. r=tabraldes 2015-03-10 08:03:12 +00:00
Mike Hommey
d84d9950a3 Bug 868814 - Fold mozalloc library into mozglue. r=njn 2015-03-10 10:01:52 +09:00
Masatoshi Kimura
328ca1d0ed Bug 1106470 - Drop SSLv3 support entirely from PSM. r=keeler 2015-03-10 01:22:59 +09:00
Jed Davis
c10b4af965 Bug 1137007 - Detect namespace and SECCOMP_FILTER_FLAG_TSYNC support in SandboxInfo. r=kang, r=Unfocused 
Currently, only user namespace support is detected.  This is targeted at
desktop, where (1) user namespace creation is effectively a prerequisite
for unsharing any other namespace, and (2) any kernel with user
namespace support almost certainly has all the others.

Bonus fix: remove extra copy of sandbox flag key names in about:support;
if JS property iteration order ever ceases to follow creation order, the
table rows could be permuted, but this doesn't really matter.
 2015-03-06 13:59:00 -05:00
David Keeler
7654ba85e7 Bug 1136616 - Allow underscores in reference DNS-IDs in mozilla::pkix name matching. r=briansmith 2015-03-03 13:34:45 -08:00
Phil Ringnalda
7b93f80e01 Merge m-c to m-i 2015-03-07 19:39:49 -08:00
Phil Ringnalda
10df2b12f7 Merge m-i to m-c, a=merge 2015-03-07 19:11:54 -08:00
ffxbld
44834abc34 No bug, Automated HPKP preload list update from host bld-linux64-spot-157 - a=hpkp-update 2015-03-07 03:27:15 -08:00
ffxbld
b853573eec No bug, Automated HSTS preload list update from host bld-linux64-spot-157 - a=hsts-update 2015-03-07 03:27:13 -08:00
David Keeler
adeeb2474b bug 1129771 - disable IPv6 in PSM xpcshell TLS connection tests due to failures on OS X 10.10 r=cykesiopka a=ryanvm on a CLOSED TREE 
In the process of investigating the intermittent failures listed in
bug 1129771, I discovered that the code would frequently get stuck connecting
to [::1] (where no server was listening) and wouldn't fall back to trying
127.0.0.1 (where the test server was listening). This change prevents the code
attempting to connect to [::1]. There probably is an underlying bug here, but
it appears to be in OS X itself and I have neither the time nor expertise to
investigate further.
 2015-03-04 13:41:11 -08:00
Cykesiopka
fa772c674c Bug 1139177 - RSA public key size checking cleanups. r=keeler 2015-03-05 16:41:00 +01:00
Jed Davis
6eeafa355c Bug 1140111 - Whitelist readlinkat along with readlink. r=kang 2015-03-07 10:44:23 -05:00
Kai Engert
a17697f395 Bug 1137470, landing NSS_3_18_RC0 minus bug 1132496, r=nss-confcall 2015-03-07 14:49:00 +01:00
David Keeler
86e8ca7e0b bug 1137538 - remove nsIIdentityInfo and nsNSSSocketInfo::GetPreviousCert r=mayhemer 2015-02-27 11:33:36 -08:00
Masatoshi Kimura
2ef16da796 Bug 1138882 - Add a pref to enable unrestricted RC4 fallback. r=keeler 2015-03-05 22:51:31 +09:00
Cykesiopka
3381f76539 Bug 1121117 - Add some logging to test_ocsp_timeout.js to ease debugging. r=dkeeler 2015-03-03 14:25:00 +01:00
Wes Kocher
a64b305a76 Merge b2g-inbound to m-c a=merge CLOSED TREE 2015-03-03 17:02:21 -08:00
Chuck Lee
ac72d5e34a Bug 1012549 - 0004. Support read private key in keystore. r=dkeeler r=qdot 2015-02-28 21:54:24 +08:00
David Keeler
38d128c98a bug 1085506 - gather telemetry for TLS handshake certificate verification errors r=rbarnes 2015-02-27 11:14:29 -08:00
Mark Goodwin
69758f0c42 Bug 1130757 - tests for bug 1130757. r=dkeeler 2015-03-02 08:19:00 +01:00
Mark Goodwin
957e3792cf Bug 1130757 - Move OneCRL check to NSSCertDBTrustDomain::GetCertTrust. r=dkeeler 2015-02-26 04:38:00 +01:00
Cykesiopka
0333f769fa Bug 1130418 - Remove broken e-mail cert trust editing UI. r=emk 2015-03-02 19:54:00 +01:00
Cykesiopka
9ab87a604b Bug 1130413 - Remove unused nsITokenPasswordDialogs::GetPassword() function. r=jjones 2015-02-26 13:05:00 +01:00
Wes Kocher
964b89fd2c Merge inbound to m-c a=merge 2015-03-02 12:12:47 -08:00
ffxbld
370ac08ffb No bug, Automated HPKP preload list update from host bld-linux64-spot-044 - a=hpkp-update 2015-02-28 03:27:43 -08:00
ffxbld
74498b8502 No bug, Automated HSTS preload list update from host bld-linux64-spot-044 - a=hsts-update 2015-02-28 03:27:41 -08:00
Kai Engert
e878c9bac2 Bug 1137470 - Upgrade Firefox to NSS 3.18, landing NSS_3_18_BETA7, r=nss-confcall 2015-02-26 23:29:08 +01:00
David Keeler
1f3f600cd6 bug 1049740 - implement telemetry to measure compatibility impact of 2048-bit-minimum RSA keys r=briansmith 2015-02-24 15:48:05 -08:00
Boris Zbarsky
897168be1d Bug 1136388. Change nsIDocumentLoaderFactory and nsIURIContentListener to take MIME types as an XPCOM string, not a char*. r=smaug 2015-02-25 10:26:51 -05:00
Jed Davis
fff8d00bd3 Bug 1134942 - Whitelist fstatat and unlinkat for B2G content processes. r=gdestuynder 2015-02-20 12:16:00 +01:00
Brian Smith
d85291b22f Bug 1077864, Part 3: update nsserrors.properties so error message gets localized. 2015-02-23 16:04:23 -08:00
Brian Smith
48b59204aa Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler 2015-02-14 16:59:02 -08:00
Brian Smith
b20439c68e Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler 2015-02-14 15:59:38 -08:00
Brian Smith
5d73953c07 Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler 2015-02-22 16:59:03 -08:00
Brian Smith
0fd7ea7c26 Bug 1135407: Factor out duplicate logic in tests, r=keeler 2015-02-21 14:12:38 -08:00
Ehsan Akhgari
d59e287524 Bug 1135745 - Disable the reserved-id-macro macro in security/pkix; r=briansmith 2015-02-23 13:40:09 -05:00
Ryan VanderMeulen
1c4d542a01 Merge inbound to m-c. a=merge 2015-02-21 16:40:27 -05:00
ffxbld
a26a51b898 No bug, Automated HPKP preload list update from host bld-linux64-spot-148 - a=hpkp-update 2015-02-21 03:32:26 -08:00
ffxbld
13ecb9fd8b No bug, Automated HSTS preload list update from host bld-linux64-spot-148 - a=hsts-update 2015-02-21 03:32:24 -08:00
André Reinald
b2b221690e Bug 1083344 - Tighten rules for Mac OS content process sandbox - "rules part". r=smichaud 2015-02-21 13:06:34 +01:00
André Reinald
02ebd8a364 Bug 1083344 - Tighten rules for Mac OS content process sandbox - "core part". r=smichaud 2015-02-18 14:10:27 +01:00
Brian Smith
729b7869c0 Bug 1133618 - Move test SHA1 function to pkixtestutil.cpp. r=mmc 2015-02-16 16:37:03 -08:00