summaryrefslogtreecommitdiff
path: root/automation
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1831983 - Add a constant time select function. r=mtHEADmasterJohn M. Schanck2023-05-171-0/+5
| | | | Differential Revision: https://phabricator.services.mozilla.com/D177803
* Bug 1755267 - run linux tests on nss-t/t-linux-xlarge-gcp. ↵Julien Cristau2023-05-031-1/+5
| | | | | | | | | | | | | | | r=nss-reviewers,bbeurdouche NSS tasks using LSAN seem to run into frequent failures due to ptrace(2) failing with EACCES (Permission Denied), apparently coming from the apparmor profile for docker on the VM. Until now Linux tests tasks were using the nss-{1,3}/linux-gcp pools, which use the same base image as gecko builders. This switches them to a new pool using the same base image as used by gecko's test tasks, where ptrace appears to work reliably. Differential Revision: https://phabricator.services.mozilla.com/D177037
* Bug 1783647 - Integrate Vale Curve25519 r=nss-reviewers,bbeurdoucheNatalia Kulatova2023-04-171-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D153944
* Bug 1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 ↵Anna Weine2023-04-171-6/+18
| | | | | | r=nss-reviewers,jschanck Differential Revision: https://phabricator.services.mozilla.com/D158327
* Bug 1818766: Update ACVP dockerfile for compatibility with debian package ↵Iaroslav Gridin2023-04-041-0/+1
| | | | | | changes r=nkulatova Differential Revision: https://phabricator.services.mozilla.com/D170903
* Bug 1815796: Add a CI task for tracking ECCKiila code status, update ↵Iaroslav Gridin2023-04-046-1/+115
| | | | | | whitespace in ECCKiila files r=nss-reviewers,nkulatova Differential Revision: https://phabricator.services.mozilla.com/D169262
* Set version numbers to 3.90 BetaJohn M. Schanck2023-03-092-6/+1
|
* Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTagJohn M. Schanck2023-03-071-0/+5
|
* Sigh, even when I explicitly push to nss-try, it's pushing to nss!Robert Relyea2023-02-272-3/+0
|
* Add liboqsRobert Relyea2023-02-272-0/+3
|
* Bug 1811337 - migrate Win 2012 tasks to Azure. r=bbeurdouchemcornmesser2023-02-171-2/+2
| | | | Differential Revision: https://phabricator.services.mozilla.com/D170225
* Set version numbers to 3.89 BetaAnna Weine2023-02-091-1/+1
|
* Bug 1815870 - use a different treeherder symbol for each docker image build ↵Julien Cristau2023-02-091-1/+1
| | | | | | task. r=nkulatova Differential Revision: https://phabricator.services.mozilla.com/D169317
* Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker ↵Julien Cristau2023-02-096-6/+6
| | | | | | | | | images r=nkulatova As of the images dated 20230126, our docker-in-docker-based image build process dies trying to retrieve the base images. Differential Revision: https://phabricator.services.mozilla.com/D169316
* Backed out changeset 7f64f5d3df09 for build bustageMartin Thomson2023-01-141-1/+1
|
* Bug 1766767 - Move scripts to python3, r=nss-reviewers,jschanckMartin Thomson2023-01-121-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D166506
* Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust ↵Iaroslav Gridin2023-01-054-0/+118
| | | | | | r=nss-reviewers,bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D164770
* Set version numbers to 3.88 BetaDennis Jackson2023-01-051-1/+1
|
* Bug 1749030 - Modification of supported compilers r=nss-reviewers,bbeurdoucheAnna Weine2022-12-082-37/+9
| | | | | | | Adding: clang-10. Removing: gcc-6, gcc-9, gcc-10. Differential Revision: https://phabricator.services.mozilla.com/D162545
* Set version numbers to 3.87 BetaJohn M. Schanck2022-12-081-1/+1
|
* Bug 1803211: Disable libpkix for static builds r=bbeurdouche,nss-reviewersskhamis2022-12-021-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D163369
* Set version numbers to 3.86 BetaNSS_3_86_BETA1John M. Schanck2022-12-011-1/+1
|
* Bug 1803190 conscious language removal in NSSRobert Relyea2022-11-302-8/+8
| | | | | | | Clean up problemantic terms are master, slave, whitelist, blacklist. These are usually easily changes to main/server, client, allowlist, and blocklist (or other similiar terms, which are often more descriptive anyway). Things related to the tls/ssl master key, which part of the tls spec and needs to first be handled by the tls ietf working group. Differential Revision: https://phabricator.services.mozilla.com/D163522
* Bug 1802331 - compress docker image artifact with zstd. ↵Julien Cristau2022-11-293-5/+8
| | | | | | | | | | | | | | | | | | | | | r=nss-reviewers,releng-reviewers,jlorenzo,bbeurdouche When we moved tasks to run on GCP from AWS in bug 1799315, we started using a newer version of docker-worker including the changes from bug 1637302; as a result, artifacts are compressed with gzip before upload to s3, and downloads now come with a "content-encoding: gzip" header and compressed content, regardless of the client's "accept-encoding". Unfortunately docker-worker doesn't handle that encoding and expects an artifact called image.tar to be uncompressed. To work around that issue, we now compress docker images in image_builder with zstd before upload. [Ideally we'd install the zstd package in the nssdev/image_builder docker image itself instead of doing it in every task, however I'm not sure who owns that or how it's built so this might be good enough for right now.] Differential Revision: https://phabricator.services.mozilla.com/D163306
* Bug 1799315 - Migrate nss from AWS to GCP r=ahal,nss-reviewers,bbeurdoucheMichelle Goossens2022-11-241-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D161376
* Bug 1800989 - Enable static builds in the CI r=bbeurdoucheskhamis2022-11-171-0/+6
| | | | Differential Revision: https://phabricator.services.mozilla.com/D162252
* Bug 1765759 - Removing SAW docker from the NSS build system. ↵Anna Weine2022-11-0712-995/+0
| | | | | | r=nss-reviewers,jschanck Differential Revision: https://phabricator.services.mozilla.com/D160237
* Bug 1792821 - Updating the clang-format version to 10. r=jschanckAnna Weine2022-10-074-9/+9
| | | | Differential Revision: https://phabricator.services.mozilla.com/D158323
* Bug 1791699 - Bump minimum NSPR version to 4.35. r=nss-reviewers,djacksonRyan VanderMeulen2022-09-211-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D157770
* Set version numbers to 3.84 BetaJohn M. Schanck2022-09-151-1/+1
|
* Bug 1771100 - Update BoGo tests to recent BoringSSL version. r=djacksonLeander Schwarz2022-08-261-3/+4
| | | | | | | | | | It was required to update docker-interop image to ubuntu 20.04 since a newer Go release was required for the BoGo tests to run. See nss/gtests/nss_bogo_shim/config.json for a list of disabled BoGo test, including short descriptions/bug links. A -loose-local-errors falg was added to Bogo (runner.go) to allow usage of more tests by ignoring differences in local errors on the Go side of test connections, similar to the remote error 'suppression' used. The code is patched to the BoGo runner after cloning in nss/tests/bogo/bogo.sh and can be found in nss/gtests/nss_bogo_shim/nss_loose_local_errors.patch. Differential Revision: https://phabricator.services.mozilla.com/D147675
* Bug 1785846 - Bump minimum NSPR version to 4.34.1. r=nss-reviewers,bbeurdoucheRyan VanderMeulen2022-08-181-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D154994
* Set version numbers to 3.83 BetaAnna Weine2022-08-182-7/+1
|
* Bug 1681099, pk11wrap: Tighten certificate lookup based on PKCS #11 URI, ↵Daiki Ueno2022-07-261-0/+6
| | | | | | | | | | r=kjacobs,rrelyea Previously we only used the "object" attribute (mapped to CKA_LABEL) to find certificates by PKCS #11 URI. This updates the logic to match also with "id" (mapped to CKA_ID) and reject the request if a "type" attribute is present with the value other than "cert". Note: as "id" may not be null-terminated, the PKCS #11 URI API had to be revamped to allow binary blobs. This is still not perfect because PK11URIAttribute doesn't have a length field of value. Differential Revision: https://phabricator.services.mozilla.com/D98940
* Set version numbers to 3.82 betaDennis Jackson2022-07-211-1/+1
|
* Set version numbers to 3.81 BetaJohn M. Schanck2022-06-232-6/+1
|
* Add libssl3 abi-check exception for SSL_ClientCertCallbackCompleteJohn M. Schanck2022-06-221-0/+5
|
* Set version numbers to 3.80 BetaNSS_3_80_BETA1Dennis Jackson2022-06-162-8/+0
|
* Bug 1617956 - Add support for asynchronous client auth hooks. r=mtDennis Jackson2022-06-162-0/+8
| | | | Differential Revision: https://phabricator.services.mozilla.com/D138149
* Set version numbers to 3.80 BetaDennis Jackson2022-05-313-11/+1
|
* Bug 1769302 - NSS 3.79 should depend on NSPR 4.34. r=bbeurdoucheKai Engert2022-05-251-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D147375
* Bug 1753315 - Add SECMOD_LockedModuleHasRemovableSlots. r=rrelyeaJohn M. Schanck2022-05-161-0/+5
| | | | Differential Revision: https://phabricator.services.mozilla.com/D137702
* Bug 1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. ↵Kai Engert2022-05-131-0/+5
| | | | | | r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D146334
* Bug 1766907 - Update mercurial in clang-format docker image. r=mtJohn M. Schanck2022-05-061-1/+8
| | | | Differential Revision: https://phabricator.services.mozilla.com/D145355
* Set version numbers to 3.79 betaDennis Jackson2022-04-281-1/+1
|
* Set version numbers to 3.78 BetaJohn M. Schanck2022-03-313-13/+1
|
* Bug 1760827 - Add a CI Target for gcc-11. r=nss-reviewers,nkulatovaDennis Jackson2022-03-222-3/+14
| | | | | | Depends on D141764 Differential Revision: https://phabricator.services.mozilla.com/D141765
* Bug 1760828 - Change to makefiles for gcc-4.8. r=nss-reviewers,mtDennis Jackson2022-03-221-1/+1
| | | | | | Depends on D131425 Differential Revision: https://phabricator.services.mozilla.com/D141764
* Bug 1741688 - Update googletest to 1.11.0 r=nss-reviewers,mtJ08nY2022-03-221-1/+3
| | | | Differential Revision: https://phabricator.services.mozilla.com/D131425
* Bug 1552254 internal_error alert on Certificate Request with sha1+ecdsa in ↵Robert Relyea2022-03-182-0/+12
| | | | | | | | | | | | | | | | | | | TLS 1.3 We need to be able to select Client certificates based on the schemes sent to us from the server. Rather than changing the callback function, this patch adds those schemes to the ssl socket info as suggested by Dana. In addition, two helpful functions have been added to aid User applications in properly selecting the Certificate: PRBool SSL_CertIsUsable(PRFileDesc *fd, CERTCertificate *cert) - returns true if the given cert matches the schemes of the server, the schemes configured on the socket, capability of the token the private key resides on, and the current policy. For future SSL protocol, additional restrictions may be parsed. SSL_FilterCertListBySocket(PRFileDesc *fd, CERTCertList *certlist) - removes the certs from the cert list that doesn't pass the SSL_CertIsUsable() call. In addition the built in cert selection function (NSS_GetClientAuthData) uses the above functions to filter the list. In order to support the NSS_GetClientAuthData three new functions have been added: SECStatus CERT_FilterCertListByNickname(CERTCertList *certList, char *nickname, void *pwarg) -- removes the certs that don't match the 'nickname'. SECStatus CERT_FilterCertListByCertList(CERTCertlist *certList, const CERTCertlist *filterList ) -- removes all the certs on the first cert list that isn't on the second. PRBool CERT_IsInList(CERTCertificate *, const CERTCertList *certList) -- returns true if cert is on certList. In addition * PK11_FindObjectForCert() is exported so the token the cert lives on can be accessed. * the ssle ssl_PickClientSignatureScheme() function (along with several supporing functions) have been modified so it can be used by SSL_CertIsUsable() Differential Revision: https://phabricator.services.mozilla.com/D135715
View Lorry Controller Status