Kai Engert
e84b7d0e55
Bug 1211568 - Upgrade Firefox 44 to NSS 3.21, landing NSS_3_21_Beta2, r=mt
2015-10-05 22:42:28 +02:00
Jed Davis
cc6ff30c31
Bug 1207401 - Send B2G sandbox logging to both stderr and logcat. r=kang
2015-10-05 09:21:39 -07:00
Bob Owen
147e296bee
Bug 1207972: Move to using USER_INTERACTIVE and JOB_INTERACTIVE by default for the Windows content sandbox. r=tabraldes
2015-10-05 11:10:46 +01:00
Nicholas Nethercote
04bb4d91f7
Bug 1209351 (part 5) - Optimize nsTHashTable::RemoveEntry() usage in security/. r=keeler.
2015-09-24 20:44:31 -07:00
Phil Ringnalda
a36b1ea1b0
Merge m-i to m-c, a=merge
2015-10-03 15:37:39 -07:00
ffxbld
06e0cf1ad6
No bug, Automated HPKP preload list update from host bld-linux64-spot-410 - a=hpkp-update
2015-10-03 03:44:51 -07:00
ffxbld
d42f228554
No bug, Automated HSTS preload list update from host bld-linux64-spot-410 - a=hsts-update
2015-10-03 03:44:49 -07:00
David Keeler
eb164c5104
bug 1205767 - prevent memory leak when generating an EC key with <keygen> r=ttaubert
2015-09-17 14:57:24 -07:00
Tooru Fujisawa
daf2796b2c
Bug 1207499 - Part 8: Remove use of expression closure from security/. r=keeler
2015-09-23 18:42:19 +09:00
Kaspar Brand
1866a32496
Bug 278689 - Multiple Certificates with the same subject are not shown in the digital signature select cert combo (only one is shown) r=dkeeler
2015-09-05 07:52:00 +02:00
David Keeler
cfcc5a4b84
bug 1187994 - remove unused file CryptoUtil.h r=jcj
...
This probably should have been removed as part of bug 891066.
2015-07-27 09:56:14 -07:00
David Keeler
976462db72
bug 1203312 - split tlsserver certificates into ocsp_certs and bad_certs r=mgoodwin
...
The B2G emulators apparently take ~5 minutes to read 50 certificates into
memory, which causes intermittent test timeouts. This is an attempt to
reduce the number of certificates needed to be read at any given time.
2015-09-22 17:03:15 -07:00
David Keeler
50b152df26
bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin
2015-08-24 15:53:07 -07:00
ffxbld
2d9e157f43
No bug, Automated HPKP preload list update from host bld-linux64-spot-363 - a=hpkp-update
2015-09-26 03:40:59 -07:00
ffxbld
cea20a8620
No bug, Automated HSTS preload list update from host bld-linux64-spot-363 - a=hsts-update
2015-09-26 03:40:57 -07:00
Jonathan Hao
93ab59d33b
Bug 1178518 - Add an AppTrustedRoot for signed packaged app. r=keeler
2015-09-07 15:28:21 +08:00
ffxbld
22ee258c38
No bug, Automated HPKP preload list update from host bld-linux64-spot-560 - a=hpkp-update
2015-09-19 03:46:51 -07:00
ffxbld
a0b0095eca
No bug, Automated HSTS preload list update from host bld-linux64-spot-560 - a=hsts-update
2015-09-19 03:46:49 -07:00
Wes Kocher
167c4373ef
Backed out changeset a08287c70962 (bug 1203312) for b2g xpcshell failures
2015-09-18 12:53:24 -07:00
David Keeler
c849a56985
bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin
2015-08-24 15:53:07 -07:00
Kate McKinley
81dc3ad952
Bug 1196039 - Telemetry for certificate lifetime. r=rbarnes,vladan
2015-09-17 10:04:52 -07:00
Nicholas Nethercote
6855b78fbf
Bug 1201135 - Rename pldhash.{h,cpp} to PLDHashTable.{h,cpp}. r=mccr8.
2015-09-15 20:49:53 -07:00
Ehsan Akhgari
fb321df132
Bug 1205302 - Disallow intercepting OCSP requests; r=jdm
2015-09-16 19:15:32 -04:00
Nicholas Nethercote
ac3ae5e6c1
Bug 1121760 (part 6) - Move all remaining PL_DHash*() functions into PLDHashTable. r=poiru.
2015-09-14 14:23:47 -07:00
Nicholas Nethercote
5c91fcd1e6
Bug 1121760 (part 3) - Remove PL_DHashTableRemove(). r=poiru.
2015-09-14 14:23:24 -07:00
Nicholas Nethercote
538c6626e9
Bug 1121760 (part 2) - Remove PL_DHashTableAdd(). r=poiru.
2015-09-14 14:23:12 -07:00
Nicholas Nethercote
ba83ffc5ec
Bug 1121760 (part 1) - Remove PL_DHashTableSearch(). r=poiru.
2015-05-21 00:34:25 -07:00
Shu-yu Guo
45211869c8
Bug 1202902 - Mass replace toplevel 'let' with 'var' in preparation for global lexical scope. (rs=jorendorff)
2015-09-15 11:19:45 -07:00
Cykesiopka
8eefbf1b80
Bug 443811 - Use long date format for cert date output. r=keeler
2015-09-13 23:33:00 +02:00
Richard Barnes
ef0d9ed24f
Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler
2015-09-11 14:52:30 -04:00
ffxbld
4bc06df906
No bug, Automated HPKP preload list update from host bld-linux64-spot-542 - a=hpkp-update
2015-09-12 03:39:46 -07:00
ffxbld
34db847572
No bug, Automated HSTS preload list update from host bld-linux64-spot-542 - a=hsts-update
2015-09-12 03:39:44 -07:00
Steven Michaud
65c33408b6
Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir, tighten earlier patch. r=areinald
2015-09-10 15:32:42 -05:00
Mark Goodwin
25d06c35c0
Bug 1016555 - Disable OCSP checking for certificates covered by OneCRL r=keeler
...
1) Added some comments to firefox.js to explain the relationship between
extensions.blocklist.interval and security.onecrl.maximum_staleness_in_seconds
2) Modified default values in firefox.js and mobile.js to set maximum staleness
to 1.25x blocklist interval
3) modified the tests_ev_certs.js xpcshell test to cope with larger maximum
staleness values to address test failures
2015-09-10 11:10:07 +01:00
Bob Owen
89cecb0a22
Bug 1200336: Apply fix for Chromium issue 482784 for sandbox bug when built with VS2015. r=tabraldes
2015-09-10 08:25:20 +01:00
Jed Davis
2b175a829d
Bug 1199481 - Complain more when entering sandboxing code as root. r=kang
2015-08-28 13:37:00 +02:00
Jed Davis
4e4ab4e9b2
Bug 1199413 - Fix MOZ_DISABLE_GMP_SANDBOX so it disables all the sandboxing. r=kang
...
Bonus fix: don't start the chroot helper unless we're going to use
it. For this to matter, you'd need a system with unprivileged user
namespaces but no seccomp-bpf (or fake it with env vars) *and* to set
media.gmp.insecure.allow, so this is more to set a good example for
future changes to this code than for functional reasons.
2015-08-28 12:18:00 +02:00
Nicholas Nethercote
0c46c656b9
Bug 1202526 (part 5) - Use PLDHashTable::RemoveEntry() in nsSecureBrowserUIImpl. r=dkeeler.
...
This avoids repeating the hash table search in order to remove the entry.
2015-09-07 19:20:16 -07:00
Jacek Caban
a1d8a2b9b2
Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith
2015-09-09 14:16:59 +02:00
Bob Owen
e2abf5a65b
Bug 1197943: Turn off MITIGATION_STRICT_HANDLE_CHECKS for NPAPI process sandbox for causing hangs. r=aklotz
2015-09-09 08:45:25 +01:00
Bob Owen
6649fdb686
Bug 1201438: Add non-sandboxed Windows content processes as target peers for handle duplication. r=bbondy
2015-09-08 11:18:12 +01:00
ffxbld
dc1dd8c399
No bug, Automated HPKP preload list update from host bld-linux64-spot-1098 - a=hpkp-update
2015-09-05 03:41:54 -07:00
ffxbld
3b3a1dd6a4
No bug, Automated HSTS preload list update from host bld-linux64-spot-1098 - a=hsts-update
2015-09-05 03:41:52 -07:00
Steven Michaud
821cabecb6
Bug 1190032 - Sandbox failure in nsPluginHost::GetPluginTempDir. r=areinald
2015-09-03 19:28:30 -05:00
David Keeler
b41a1cba8f
bug 1196853 - convert test_cert_signatures.js to generate certificates at build time r=jcj
...
Also add additional testcases that weren't in the original test (tampered
signatures had been tested, but tampered certificates hadn't been covered).
2015-08-19 15:59:49 -07:00
ffxbld
3d8ce77307
No bug, Automated HPKP preload list update from host bld-linux64-spot-305 - a=hpkp-update
2015-09-03 13:59:53 -07:00
ffxbld
25c72e5172
No bug, Automated HSTS preload list update from host bld-linux64-spot-305 - a=hsts-update
2015-09-03 13:59:50 -07:00
Masatoshi Kimura
90ba467266
Bug 1201024 - Disable unrestricted RC4 fallback and add RC4-only servers to the fallback whitelist. r=cykesiopka
2015-09-03 21:50:52 +09:00
Nick Thomas
2b6fac45c5
Bug 1197607, Automated hsts & hpkp updates are failing on mozilla-central, mozilla-aurora, mozilla-esr38, r=cykesiopka
2015-09-03 22:07:42 +12:00
Masatoshi Kimura
b62a73df84
Bug 1195789 - Update fallback whitelist. r=cykesiopka
2015-09-02 00:44:04 +09:00
