roytam1/UXP
1
0
Fork 0
mirror of https://github.com/roytam1/UXP.git synced 2026-05-26 13:58:49 +00:00
Code Issues Projects Releases Wiki Activity
1,865 Commits 8 Branches 0 Tags
322543bed68cb01da1663d31c71bcdf7f425ad27
Commit Graph

56 Commits

Author SHA1 Message Date
trav90 2bce502df7 Update HSTS preload list 
Tag #447
 2019-02-16 00:15:49 +08:00
wolfbeast 55c45dc7f2 Ensure we got an nsISSLStatus when deserializing in TransportSecurityInfo. 2019-02-16 00:15:09 +08:00
trav90 c576139ef2 Update HSTS preload list 
Tag #447
 2019-02-16 00:14:42 +08:00
wolfbeast bd525435bf Get rid of the incorrect mechanism to remove insecure fallback hosts. 
This fixes #797.
 2019-02-16 00:14:39 +08:00
trav90 4f41aebb67 Update HSTS preload list 
Tag #447
 2019-02-16 00:13:42 +08:00
wolfbeast 8c8145e620 Remove all C++ Telemetry Accumulation calls. 
This creates a number of stubs and leaves some surrounding code that may be irrelevant (eg. recorded time stamps, status variables).
Stub resolution/removal should be a follow-up to this.
 2019-02-16 00:12:32 +08:00
wolfbeast e2e197cada Remove support for TLS session caches in TLSServerSocket. 
This resolves #738
 2019-02-16 00:12:22 +08:00
trav90 450c242d9f Update HSTS preload list 
Tag #447
 2019-02-16 00:12:12 +08:00
wolfbeast 4debc9246e Fix missed in32->int64 in df852120098dc7ba5df4a76126c6297c6d2d1b7b 
Tag #709.
 2019-02-16 00:11:26 +08:00
wolfbeast 8effb3030e Reinstate RC4 and mark 3DES weak. 
Tag #709
 2019-02-16 00:11:24 +08:00
wolfbeast 7f72783c00 Extend {EnabledWeakCiphers} bit field to allow more cipher suites. 
Tag #709.
 2019-02-16 00:11:23 +08:00
wolfbeast d36d4eb674 Update NSS to 3.38 
- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.
 2019-02-16 00:11:10 +08:00
trav90 b266e5e349 Update HSTS preload list 
Tag #447
 2019-02-16 00:10:17 +08:00
yami 4470fb65f3 replace "certErrorCodePrefix2" with "certErrorCodePrefix" 2019-02-16 00:09:37 +08:00
wolfbeast 93c640e3b1 Remove incorrect debug assertion. 
solves #631, solves #664
 2019-02-16 00:09:29 +08:00
trav90 d8992204e1 Update HSTS preload list 
Tag #447
 2019-02-16 00:08:57 +08:00
wolfbeast 1ed60ee41b Don't leak newTemplate in pk11_copyAttributes() 
Cherry-pick of NSS fix from 3.37
 2019-02-16 00:07:15 +08:00
wolfbeast 7b82a2ece4 Remove SSL Error Reporting telemetry 2019-02-16 00:06:16 +08:00
trav90 a179019413 Update HSTS preload list 
Tag #447
 2019-02-16 00:03:49 +08:00
wolfbeast 624aa2c581 Fix SSL status ambiguity. 
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.
 2019-02-16 00:03:48 +08:00
JustOff fe96962962 Update NSS to 3.36.4-RTM 2019-02-16 00:02:32 +08:00
JustOff f9dfa17007 [PALEMOON] Add missed strings required by page info 2019-02-16 00:02:09 +08:00
trav90 0c4e5ff00d Regenerate the HSTS preload list 2019-02-16 00:01:48 +08:00
trav90 70b28bf2ee Restore clearly-delimited format for the HSTS preload list 2019-02-16 00:01:46 +08:00
trav90 e8d7388622 Increase concurrent lookups to 15 when generating HSTS preload list 2019-02-16 00:01:45 +08:00
trav90 4752033ff0 Update HSTS preload list generation script 
Previous behavior: if an entry was in the previously-used list, and there would be an error connecting to or processing the host, it would adopt it using the previous status, with a new minimum required max age TTL.
New behavior: if an entry is in the previously-used list, and there is an error connecting to or processing the host, it will be dropped from the preload list.

The old behavior would allow entries to persist on the HSTS preload list when they drop off the 'net. Considering domain churn, it would cause issues for new owners for having a persisted HSTS entry preloaded in the browser.
Bonus: it keeps our HSTS preload list lean.
 2019-02-16 00:01:43 +08:00
JustOff 7ff80ee648 Request NSS to use DBM as the storage file format 2019-02-16 00:01:09 +08:00
wolfbeast 8c296a9714 Revert "Restore NSS default storage file format to DBM when no prefix is given." 
This reverts commit b2c78bbf83f75bf034028814329fdd43b6bfe885.
 2019-02-16 00:01:08 +08:00
wolfbeast e88fd14de6 Restore NSS default storage file format to DBM when no prefix is given. 2019-02-16 00:01:06 +08:00
wolfbeast 608f9fca02 Update NSS to 3.35-RTM 2019-02-16 00:01:03 +08:00
Gaming4JC d4ac94cf3e Remove support and tests for HSTS priming from the tree. Fixes #384 2019-02-15 23:59:39 +08:00
wolfbeast b586913598 Remove MOZ_WIDGET_GONK [1/2] 
Tag #288
 2019-02-15 23:57:08 +08:00
wolfbeast a0decb1dcc Nuke the sandbox 2019-02-15 23:55:43 +08:00
wolfbeast c8462db202 Remove sandbox ductwork conditional code. 2019-02-15 23:55:41 +08:00
wolfbeast aa9ae963f6 Remove GMP sandbox code. 2019-02-15 23:55:38 +08:00
wolfbeast 369378d566 Remove content process sandbox code. 2019-02-15 23:55:37 +08:00
janekptacijarabaci b56d147095 Fix unsafe "instanceof" negations 
https://github.com/MoonchildProductions/Pale-Moon/pull/1173
 2019-02-15 23:55:28 +08:00
NTD da15587e4a Partially revert 1ef526f0f - sftkpwd.c 
#82 #265
 2019-02-15 23:51:37 +08:00
wolfbeast 9e32522120 Revert "Update NSS to 3.35-RTM" 
This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
 2019-02-15 23:50:26 +08:00
janekptacijarabaci b9ed9af662 moebius#119: (Windows) Security - Certificate Stores - NSSCertDBTrustDomain allows end-entities to be their own trust anchors 
https://github.com/MoonchildProductions/moebius/pull/119
 2019-02-15 23:49:14 +08:00
wolfbeast 522a346ef8 Strengthen the use of the Master Password. 
- Use 30k iterations instead of 1.
- Enforce minimum password length of 8 characters.
- Adjust strength meter accordingly.

This resolves #82.
 2019-02-15 23:46:38 +08:00
janekptacijarabaci acfa05e886 moebius#126: [very minor fix] Fix typo in a comment in NSSCertDBTrustDomain.cpp 
https://github.com/MoonchildProductions/moebius/pull/126
 2019-02-15 23:44:07 +08:00
wolfbeast 434f3590e3 Remove base conditional code for crash reporter and injector. 2019-02-15 23:39:53 +08:00
trav90 3d90bec874 Disable -Wimplicit-fallthrough for a chromium file 
GCC 7 supports the clang option -Wimplicit-fallthrough.
 2019-02-15 23:35:52 +08:00
wolfbeast b23857f77b Fix build system translation errors. 
Follow-up to 11a8a39f6d2e057d51559c52c1bf0ba74bbfe189
 2019-02-15 23:35:25 +08:00
janekptacijarabaci 38e95f9e35 DevTools - network - security (improvements) 
https://github.com/MoonchildProductions/moebius/pull/113
https://github.com/MoonchildProductions/moebius/pull/118
https://github.com/MoonchildProductions/moebius/pull/127
 2019-02-15 23:34:38 +08:00
NTD a25b655d51 Use MOZ_FENNEC and MOZ_XULRUNNER instead of checking MOZ_BUILD_APP in most places 2019-02-15 23:34:16 +08:00
wolfbeast 66dd670b60 Update NSS to 3.35-RTM 2019-02-15 23:33:36 +08:00
wolfbeast c91ef9012b Update NSS to 3.32.1-RTM 2019-02-15 23:29:46 +08:00
wolfbeast 504e1d12bb Disable 3DES cipher by default + re-order a few things. 
Issue #4 point 4
 2019-02-14 14:28:30 +08:00