#443: update certs and pins, M1397811 M1407740 M1408005 M1411458 M1406750 M1412252 M1400763
This commit is contained in:
parent
622263e71b
commit
f79d49e991
|
@ -186,6 +186,7 @@ NSSBase64_DecodeBuffer
|
|||
NSSBase64_EncodeItem
|
||||
NSSBase64_EncodeItem_Util
|
||||
NSS_CMSContentInfo_GetContent
|
||||
NSS_CMSContentInfo_GetContentTypeTag
|
||||
NSS_CMSContentInfo_SetContent_Data
|
||||
NSS_CMSContentInfo_SetContent_EnvelopedData
|
||||
NSS_CMSContentInfo_SetContent_SignedData
|
||||
|
|
|
@ -845,6 +845,9 @@ nsDocShell::~nsDocShell()
|
|||
{
|
||||
MOZ_ASSERT(!mObserved);
|
||||
|
||||
// Avoid notifying observers while we're in the dtor.
|
||||
mIsBeingDestroyed = true;
|
||||
|
||||
Destroy();
|
||||
|
||||
nsCOMPtr<nsISHistoryInternal> shPrivate(do_QueryInterface(mSessionHistory));
|
||||
|
|
|
@ -590,6 +590,15 @@ nsNodeUtils::CloneAndAdopt(nsINode *aNode, bool aClone, bool aDeep,
|
|||
}
|
||||
}
|
||||
|
||||
if (aNode->HasProperties()) {
|
||||
bool ok = aNodesWithProperties.AppendObject(aNode);
|
||||
MOZ_RELEASE_ASSERT(ok, "Out of memory");
|
||||
if (aClone) {
|
||||
ok = aNodesWithProperties.AppendObject(clone);
|
||||
MOZ_RELEASE_ASSERT(ok, "Out of memory");
|
||||
}
|
||||
}
|
||||
|
||||
if (aDeep && (!aClone || !aNode->IsNodeOfType(nsINode::eATTRIBUTE))) {
|
||||
// aNode's children.
|
||||
for (nsIContent* cloneChild = aNode->GetFirstChild();
|
||||
|
@ -645,15 +654,6 @@ nsNodeUtils::CloneAndAdopt(nsINode *aNode, bool aClone, bool aDeep,
|
|||
}
|
||||
#endif
|
||||
|
||||
if (aNode->HasProperties()) {
|
||||
bool ok = aNodesWithProperties.AppendObject(aNode);
|
||||
if (aClone) {
|
||||
ok = ok && aNodesWithProperties.AppendObject(clone);
|
||||
}
|
||||
|
||||
NS_ENSURE_TRUE(ok, NS_ERROR_OUT_OF_MEMORY);
|
||||
}
|
||||
|
||||
clone.forget(aResult);
|
||||
|
||||
return NS_OK;
|
||||
|
|
|
@ -7938,8 +7938,9 @@ nsCSSFrameConstructor::ContentRemoved(nsIContent* aContainer,
|
|||
}
|
||||
}
|
||||
if (ancestorFrame) {
|
||||
nsTArray<nsIContent*>* generated = ancestorFrame->GetGenConPseudos();
|
||||
if (generated) {
|
||||
nsIFrame* contentInsertion = ancestorFrame->GetContentInsertionFrame();
|
||||
if (ancestorFrame->GetGenConPseudos() ||
|
||||
(contentInsertion && contentInsertion->GetGenConPseudos())) {
|
||||
*aDidReconstruct = true;
|
||||
LAYOUT_PHASE_TEMP_EXIT();
|
||||
// XXXmats Can we recreate frames only for the ::after/::before content?
|
||||
|
|
|
@ -642,6 +642,11 @@ nsComputedDOMStyle::UpdateCurrentStyleSources(bool aNeedsLayoutFlush)
|
|||
mFlushedPendingReflows = aNeedsLayoutFlush;
|
||||
#endif
|
||||
|
||||
nsCOMPtr<nsIPresShell> presShellForContent = GetPresShellForContent(mContent);
|
||||
if (presShellForContent && presShellForContent != mPresShell) {
|
||||
presShellForContent->FlushPendingNotifications(Flush_Style);
|
||||
}
|
||||
|
||||
mPresShell = document->GetShell();
|
||||
if (!mPresShell || !mPresShell->GetPresContext()) {
|
||||
ClearStyleContext();
|
||||
|
@ -709,10 +714,11 @@ nsComputedDOMStyle::UpdateCurrentStyleSources(bool aNeedsLayoutFlush)
|
|||
#endif
|
||||
// Need to resolve a style context
|
||||
RefPtr<nsStyleContext> resolvedStyleContext =
|
||||
nsComputedDOMStyle::GetStyleContextForElement(mContent->AsElement(),
|
||||
mPseudo,
|
||||
mPresShell,
|
||||
mStyleType);
|
||||
nsComputedDOMStyle::GetStyleContextForElementNoFlush(
|
||||
mContent->AsElement(),
|
||||
mPseudo,
|
||||
presShellForContent ? presShellForContent.get() : mPresShell,
|
||||
mStyleType);
|
||||
if (!resolvedStyleContext) {
|
||||
ClearStyleContext();
|
||||
return;
|
||||
|
|
|
@ -1108,6 +1108,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
|
|||
{ "security.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "services.mozilla.com", true, false, true, 6, &kPinset_mozilla_services },
|
||||
{ "sg.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
{ "sirburton.com", true, true, false, -1, &kPinset_ncsccs },
|
||||
{ "sites.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
{ "spideroak.com", true, false, false, -1, &kPinset_spideroak },
|
||||
{ "spreadsheets.google.com", true, false, false, -1, &kPinset_google_root_pems },
|
||||
|
@ -1175,8 +1176,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
|
|||
{ "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
||||
};
|
||||
|
||||
// Pinning Preload List Length = 473;
|
||||
// Pinning Preload List Length = 474;
|
||||
|
||||
static const int32_t kUnknownId = -1;
|
||||
|
||||
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1516901517980000);
|
||||
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1518725677736000);
|
||||
|
|
|
@ -146,6 +146,12 @@ VerifyCMSDetachedSignatureIncludingCertificate(
|
|||
return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
|
||||
}
|
||||
|
||||
// We're expecting this to be a PKCS#7 signedData content info.
|
||||
if (NSS_CMSContentInfo_GetContentTypeTag(cinfo)
|
||||
!= SEC_OID_PKCS7_SIGNED_DATA) {
|
||||
return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
|
||||
}
|
||||
|
||||
// signedData is non-owning
|
||||
NSSCMSSignedData* signedData =
|
||||
reinterpret_cast<NSSCMSSignedData*>(NSS_CMSContentInfo_GetContent(cinfo));
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1217,6 +1217,8 @@ ApplicationReputationService::ApplicationReputationService()
|
|||
|
||||
ApplicationReputationService::~ApplicationReputationService() {
|
||||
LOG(("Application reputation service shutting down"));
|
||||
MOZ_ASSERT(gApplicationReputationService == this);
|
||||
gApplicationReputationService = nullptr;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
|
|
Loading…
Reference in New Issue