In migrating from Ajv 6 to @cfworker/json-schema, some schemas will no longer
validate due to the `format: uri` annotation only being a suggestion for
strings in Ajv 6. Our URLs that use %PLACEHOLDERS% (e.g., `%LOCALE%`) will not
pass validation as URIs due to being interpreted as invalid URL encoding.
Here we add a facade in front of @cfworker/json-schema which defines a
`moz-url-format` format for strings, which runs them through
Services.urlFormatter.formatURL before attempting to validate them as URIs. We
don't simply find-replace all %PLACEHOLDERS% because the URL formatter service
only supports certain variables and will leave undefined variables as-is,
leading to a validation error (which is what we want).
Differential Revision: https://phabricator.services.mozilla.com/D138926
We only want to save the site preferences when the user's dictionary
preferences do not match the preferred language for the site. This is always
the case when there is more than one dictionary in use, but the current
code does not handle this case.
Differential Revision: https://phabricator.services.mozilla.com/D141981
2022-03-24 John M. Schanck <jschanck@mozilla.com>
* lib/ckfw/builtins/certdata.txt:
Bug 1754890 - Add two D-TRUST 2020 root certificates.
r=KathleenWilson
[f63fb86db692] [NSS_3_77_BETA1]
* lib/ckfw/builtins/certdata.txt:
Bug 1751298 - Add Telia Root CA v2 root certificate.
r=KathleenWilson
[1fcbbd7e4f5f]
* lib/ckfw/builtins/certdata.txt:
Bug 1751305 - Remove expired explicitly distrusted certificates from
certdata.txt. r=KathleenWilson
[b722e523d662]
2022-03-23 Dana Keeler <dkeeler@mozilla.com>
* gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp,
gtests/mozpkix_gtest/pkixder_pki_types_tests.cpp,
gtests/mozpkix_gtest/pkixgtest.h,
gtests/mozpkix_gtest/pkixnss_tests.cpp,
lib/mozpkix/include/pkix/pkixder.h,
lib/mozpkix/include/pkix/pkixnss.h,
lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixc.cpp,
lib/mozpkix/lib/pkixcheck.cpp, lib/mozpkix/lib/pkixder.cpp,
lib/mozpkix/lib/pkixnss.cpp, lib/mozpkix/lib/pkixverify.cpp,
lib/mozpkix/test-lib/pkixtestnss.cpp:
Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix
r=jschanck
This patch adds support to mozilla::pkix for certificates signed
with RSA-PSS using one of the following parameters permitted by the
CA/Browser Forum Baseline Requirements 1.8.1:
* SHA-256, MGF-1 with SHA-256, and a salt length of 32 bytes
* SHA-384, MGF-1 with SHA-384, and a salt length of 48 bytes
* SHA-512, MGF-1 with SHA-512, and a salt length of 64 bytes
[853b64626b19]
2022-03-23 John M. Schanck <jschanck@mozilla.com>
* lib/util/secasn1d.c:
Bug 1753535 - Remove obsolete stateEnd check in
SEC_ASN1DecoderUpdate. r=rrelyea
The `stateEnd->parent != state` check was added in Bug 95458 to
avoid a crash in `sec_asn1d_free_child`. The diagnosis in Bug 95458
is incorrect---the crash was actually due to a `PORT_Assert(0)` that
was meant to highlight a memory leak when `SEC_ASN1DecoderStart` was
called with `their_pool==NULL`. The offending assertion was removed
in Bug 95311, which makes the `stateEnd` check obsolete. In Bug
1753535 it was observed that the `stateEnd` check could read from a
poisoned region of an arena when the decoder was used in a streaming
mode. This read-after-poison could lead to an arena memory leak,
although this is mitigated by the fact that the read-after-poison is
on an error-handling path where the caller typically frees the
entire arena.
[800111fa3bf8]
* lib/dev/dev.h, lib/dev/devslot.c, lib/dev/devt.h,
lib/dev/devtoken.c, lib/pk11wrap/dev3hack.c:
Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea
[55052f78244c]
* cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c,
lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn,
lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h,
lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c,
lib/freebl/secmpi.h:
Bug 1602379 - Provide secure variants of mpp_pprime and
mpp_make_prime. r=mt
[b83ad33acd67]
2022-03-22 John M. Schanck <jschanck@mozilla.com>
* cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c,
lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn,
lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h,
lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c,
lib/freebl/secmpi.h:
Backed out changeset 6c1092f5203f
Caused Windows gyp build failures for cmd/mpitests
[ffa1e4ce758a]
2022-03-22 Masatoshi Kimura <VYV03354@nifty.ne.jp>
* gtests/pk11_gtest/pk11_module_unittest.cc, lib/pk11wrap/pk11load.c:
Bug 1757279 - Support UTF-8 library path in the module spec string.
r=nss-reviewers,jschanck
[31bce2dae97b]
* gtests/base_gtest/Makefile, gtests/base_gtest/base_gtest.gyp,
gtests/base_gtest/manifest.mn, gtests/base_gtest/utf8_unittest.cc,
gtests/manifest.mn, lib/base/utf8.c, nss.gyp,
tests/gtests/gtests.sh:
Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer
overrun. r=nss-reviewers,jschanck
[2f2c85648edb]
2022-03-22 John M. Schanck <jschanck@mozilla.com>
* cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c,
lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn,
lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h,
lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c,
lib/freebl/secmpi.h:
Bug 1602379 - Provide secure variants of mpp_pprime and
mpp_make_prime. r=mt
[6c1092f5203f]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* automation/taskcluster/docker-builds/Dockerfile,
automation/taskcluster/graph/src/extend.js:
Bug 1760827 - Add a CI Target for gcc-11. r=nss-reviewers,nkulatova
[d4a3bb7731b0]
* automation/taskcluster/graph/src/extend.js:
Bug 1760828 - Change to makefiles for gcc-4.8. r=nss-reviewers,mt
[191e838399a6]
2022-03-22 J08nY <johny@neuromancer.sk>
* automation/taskcluster/graph/src/extend.js,
gtests/google_test/VERSION, gtests/google_test/gtest/CMakeLists.txt,
gtests/google_test/gtest/CONTRIBUTORS,
gtests/google_test/gtest/README.md,
gtests/google_test/gtest/cmake/gtest.pc.in,
gtests/google_test/gtest/cmake/gtest_main.pc.in,
gtests/google_test/gtest/cmake/internal_utils.cmake,
gtests/google_test/gtest/docs/Pkgconfig.md,
gtests/google_test/gtest/docs/README.md,
gtests/google_test/gtest/docs/advanced.md,
gtests/google_test/gtest/docs/faq.md,
gtests/google_test/gtest/docs/primer.md,
gtests/google_test/gtest/docs/pump_manual.md,
gtests/google_test/gtest/docs/samples.md,
gtests/google_test/gtest/include/gtest/gtest-death-test.h,
gtests/google_test/gtest/include/gtest/gtest-matchers.h,
gtests/google_test/gtest/include/gtest/gtest-message.h,
gtests/google_test/gtest/include/gtest/gtest-param-test.h,
gtests/google_test/gtest/include/gtest/gtest-printers.h,
gtests/google_test/gtest/include/gtest/gtest-spi.h,
gtests/google_test/gtest/include/gtest/gtest-test-part.h,
gtests/google_test/gtest/include/gtest/gtest-typed-test.h,
gtests/google_test/gtest/include/gtest/gtest.h,
gtests/google_test/gtest/include/gtest/gtest_pred_impl.h,
gtests/google_test/gtest/include/gtest/gtest_prod.h,
gtests/google_test/gtest/include/gtest/internal/custom/gtest-port.h,
gtests/google_test/gtest/include/gtest/internal/custom/gtest-
printers.h,
gtests/google_test/gtest/include/gtest/internal/custom/gtest.h,
gtests/google_test/gtest/include/gtest/internal/gtest-death-test-
internal.h, gtests/google_test/gtest/include/gtest/internal/gtest-
filepath.h, gtests/google_test/gtest/include/gtest/internal/gtest-
internal.h, gtests/google_test/gtest/include/gtest/internal/gtest-
param-util.h, gtests/google_test/gtest/include/gtest/internal/gtest-
port-arch.h, gtests/google_test/gtest/include/gtest/internal/gtest-
port.h, gtests/google_test/gtest/include/gtest/internal/gtest-
string.h, gtests/google_test/gtest/include/gtest/internal/gtest-
type-util.h, gtests/google_test/gtest/include/gtest/internal/gtest-
type-util.h.pump, gtests/google_test/gtest/samples/prime_tables.h,
gtests/google_test/gtest/samples/sample1.cc,
gtests/google_test/gtest/samples/sample1.h,
gtests/google_test/gtest/samples/sample10_unittest.cc,
gtests/google_test/gtest/samples/sample2.cc,
gtests/google_test/gtest/samples/sample2.h,
gtests/google_test/gtest/samples/sample2_unittest.cc,
gtests/google_test/gtest/samples/sample3-inl.h,
gtests/google_test/gtest/samples/sample3_unittest.cc,
gtests/google_test/gtest/samples/sample4.h,
gtests/google_test/gtest/samples/sample5_unittest.cc,
gtests/google_test/gtest/samples/sample6_unittest.cc,
gtests/google_test/gtest/samples/sample7_unittest.cc,
gtests/google_test/gtest/samples/sample8_unittest.cc,
gtests/google_test/gtest/samples/sample9_unittest.cc,
gtests/google_test/gtest/scripts/README.md,
gtests/google_test/gtest/scripts/gen_gtest_pred_impl.py,
gtests/google_test/gtest/scripts/pump.py,
gtests/google_test/gtest/scripts/release_docs.py,
gtests/google_test/gtest/scripts/run_with_path.py,
gtests/google_test/gtest/scripts/upload.py,
gtests/google_test/gtest/src/gtest-death-test.cc,
gtests/google_test/gtest/src/gtest-filepath.cc,
gtests/google_test/gtest/src/gtest-internal-inl.h,
gtests/google_test/gtest/src/gtest-matchers.cc,
gtests/google_test/gtest/src/gtest-port.cc,
gtests/google_test/gtest/src/gtest-printers.cc,
gtests/google_test/gtest/src/gtest-test-part.cc,
gtests/google_test/gtest/src/gtest-typed-test.cc,
gtests/google_test/gtest/src/gtest.cc,
gtests/google_test/gtest/src/gtest_main.cc,
gtests/google_test/gtest/test/BUILD.bazel,
gtests/google_test/gtest/test/googletest-catch-exceptions-test_.cc,
gtests/google_test/gtest/test/googletest-death-test-test.cc,
gtests/google_test/gtest/test/googletest-death-test_ex_test.cc,
gtests/google_test/gtest/test/googletest-env-var-test.py,
gtests/google_test/gtest/test/googletest-env-var-test_.cc,
gtests/google_test/gtest/test/googletest-failfast-unittest.py,
gtests/google_test/gtest/test/googletest-failfast-unittest_.cc,
gtests/google_test/gtest/test/googletest-filepath-test.cc,
gtests/google_test/gtest/test/googletest-filter-unittest_.cc,
gtests/google_test/gtest/test/googletest-global-environment-
unittest.py, gtests/google_test/gtest/test/googletest-global-
environment-unittest_.cc, gtests/google_test/gtest/test/googletest-
json-output-unittest.py, gtests/google_test/gtest/test/googletest-
list-tests-unittest_.cc, gtests/google_test/gtest/test/googletest-
listener-test.cc, gtests/google_test/gtest/test/googletest-message-
test.cc, gtests/google_test/gtest/test/googletest-options-test.cc,
gtests/google_test/gtest/test/googletest-output-test-golden-lin.txt,
gtests/google_test/gtest/test/googletest-output-test.py,
gtests/google_test/gtest/test/googletest-output-test_.cc,
gtests/google_test/gtest/test/googletest-param-test-invalid-
name1-test_.cc, gtests/google_test/gtest/test/googletest-param-test-
invalid-name2-test_.cc, gtests/google_test/gtest/test/googletest-
param-test-test.cc, gtests/google_test/gtest/test/googletest-param-
test-test.h, gtests/google_test/gtest/test/googletest-param-
test2-test.cc, gtests/google_test/gtest/test/googletest-port-
test.cc, gtests/google_test/gtest/test/googletest-printers-test.cc,
gtests/google_test/gtest/test/googletest-setuptestsuite-test.py,
gtests/google_test/gtest/test/googletest-setuptestsuite-test_.cc,
gtests/google_test/gtest/test/googletest-shuffle-test_.cc,
gtests/google_test/gtest/test/googletest-test-part-test.cc,
gtests/google_test/gtest/test/googletest-test2_test.cc,
gtests/google_test/gtest/test/googletest-throw-on-failure-test_.cc,
gtests/google_test/gtest/test/gtest-typed-test2_test.cc,
gtests/google_test/gtest/test/gtest-typed-test_test.cc,
gtests/google_test/gtest/test/gtest-typed-test_test.h,
gtests/google_test/gtest/test/gtest-unittest-api_test.cc,
gtests/google_test/gtest/test/gtest_assert_by_exception_test.cc,
gtests/google_test/gtest/test/gtest_environment_test.cc,
gtests/google_test/gtest/test/gtest_help_test.py,
gtests/google_test/gtest/test/gtest_list_output_unittest.py,
gtests/google_test/gtest/test/gtest_list_output_unittest_.cc,
gtests/google_test/gtest/test/gtest_pred_impl_unittest.cc,
gtests/google_test/gtest/test/gtest_premature_exit_test.cc,
gtests/google_test/gtest/test/gtest_repeat_test.cc,
gtests/google_test/gtest/test/gtest_skip_check_output_test.py,
gtests/google_test/gtest/test/gtest_skip_test.cc,
gtests/google_test/gtest/test/gtest_stress_test.cc,
gtests/google_test/gtest/test/gtest_test_utils.py,
gtests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc,
gtests/google_test/gtest/test/gtest_unittest.cc,
gtests/google_test/gtest/test/gtest_xml_outfiles_test.py,
gtests/google_test/gtest/test/gtest_xml_output_unittest.py,
gtests/google_test/gtest/test/gtest_xml_output_unittest_.cc,
gtests/google_test/gtest/test/gtest_xml_test_utils.py,
gtests/google_test/gtest/test/production.h,
gtests/google_test/update.sh,
gtests/ssl_gtest/ssl_agent_unittest.cc:
Bug 1741688 - Update googletest to 1.11.0 r=nss-reviewers,mt
[88249e154a23]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslsock.c,
lib/ssl/tls13ech.c, lib/ssl/tls13ech.h:
Bug 1759525 - Add SetTls13GreaseEchSize to experimental API. r=mt
[c2f93669b92c]
2022-03-22 Leander Schwarz <lschwarz@mozilla.com>
* gtests/ssl_gtest/ssl_version_unittest.cc,
gtests/ssl_gtest/tls_filter.cc, gtests/ssl_gtest/tls_filter.h,
lib/ssl/tls13con.c:
Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
r=djackson
[7d931c59d09f]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* lib/ssl/tls13ech.c:
Bug 1755904 - Fix calculation of ECH HRR Transcript. r=mt
[33c530e653b3]
2022-03-22 Zi Lin <lziest@chromium.org>
* coreconf/Linux.mk:
Bug 1758741 - Allow ld path to be set as environment variable. r=mt
Submitted on behalf of Zi Lin, the author of the patch.
[d9368381598f]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* gtests/ssl_gtest/tls_connect.cc:
Bug 1760653 - Ensure we don't read uninitialized memory in ssl
gtests. r=mt,nss-reviewers
[9a7b3c7f4e70]
* cpputil/databuffer.h:
Bug 1758478 - Fix DataBuffer Move Assignment. r=mt
[f12fd43d69c7]
2022-03-18 Robert Relyea <rrelyea@redhat.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/ssl_auth_unittest.cc, lib/certdb/cert.h,
lib/certdb/certdb.c, lib/nss/nss.def, lib/pk11wrap/pk11obj.c,
lib/pk11wrap/pk11pub.h, lib/ssl/authcert.c, lib/ssl/ssl.def,
lib/ssl/ssl.h, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h,
lib/ssl/sslsock.c, lib/ssl/tls13con.c, lib/ssl/tls13subcerts.c,
mach, tests/ssl/ssl.sh, tests/ssl/sslauth.txt:
Bug 1552254 internal_error alert on Certificate Request with
sha1+ecdsa in TLS 1.3
We need to be able to select Client certificates based on the
schemes sent to us from the server. Rather than changing the
callback function, this patch adds those schemes to the ssl socket
info as suggested by Dana. In addition, two helpful functions have
been added to aid User applications in properly selecting the
Certificate: PRBool SSL_CertIsUsable(PRFileDesc *fd, CERTCertificate
*cert) - returns true if the given cert matches the schemes of the
server, the schemes configured on the socket, capability of the
token the private key resides on, and the current policy. For future
SSL protocol, additional restrictions may be parsed.
SSL_FilterCertListBySocket(PRFileDesc *fd, CERTCertList *certlist) -
removes the certs from the cert list that doesn't pass the
SSL_CertIsUsable() call.
In addition the built in cert selection function
(NSS_GetClientAuthData) uses the above functions to filter the list.
In order to support the NSS_GetClientAuthData three new functions
have been added: SECStatus
CERT_FilterCertListByNickname(CERTCertList *certList, char
*nickname, void *pwarg) -- removes the certs that don't match the
'nickname'. SECStatus CERT_FilterCertListByCertList(CERTCertlist
*certList, const CERTCertlist *filterList ) -- removes all the certs
on the first cert list that isn't on the second. PRBool
CERT_IsInList(CERTCertificate *, const CERTCertList *certList) --
returns true if cert is on certList.
In addition
* PK11_FindObjectForCert() is exported so the token the cert lives on
can be accessed.
* the ssle ssl_PickClientSignatureScheme() function (along with
several supporing functions) have been modified so it can be used by
SSL_CertIsUsable()
[be6a97823bfe]
Differential Revision: https://phabricator.services.mozilla.com/D141995
If a test will add or update cc records in the storage, but don't wait for the completion of the update action,
the remaining task of the test may run prior to the update is commited, which confuses the testcase.
For example, in many tests we call `removeAllRecords` when the test
ends, but the order might become:
1. First test runs, triggers an async task that updates the storage
2. End of the test we remove all records by calling `removeAllRecords()`
3. Real update of step1 happens
4. The next test runs, which doesn't expect there is any data in the
storage at this point.
This patch fixes this issue by waiting for storage change event for
tests that update the storage.
Depends on D141485
Differential Revision: https://phabricator.services.mozilla.com/D141486
This patch adds an `focusUpdateSubmitForm` utility function.
We should use this function when we want to update elements in a form
and then submit the form. The function ensures the form is "identified"
by formautofill code while submitting.
Depends on D141481
Differential Revision: https://phabricator.services.mozilla.com/D141482
This patches adds `runAndWaitForAutocompletePopupOpen` utility function.
We should use this function when we expect a task will open an
autocomplete popup.
Differential Revision: https://phabricator.services.mozilla.com/D141481
The sourcemaps one was disabled.
In the new test, I'm now trying to assert the intermediate behavior of the debugger
when we haven't reloaded the page yet.
The test now also assert much more things about the content being displayed.
And also check for breakable lines.
Differential Revision: https://phabricator.services.mozilla.com/D141334
Because WASM debugging triggers different machine code with debugging instruction,
the memory usage very significantly increase.
So avoid enabling it until the debugger is opened.
Differential Revision: https://phabricator.services.mozilla.com/D140069
* Remove mention of --enable-address-sanitizer, since it's not at all sufficient on its own. (Leave link to asan docs though)
* Clarify that ./mach gtest dontruntests is only needed for gtests. (I didn't need it for grizzly replays)
Differential Revision: https://phabricator.services.mozilla.com/D141542
These Windows swgl tests no longer need the expanded fuzziness for asan or
beta builds. They can use the same fuzziness levels as other platforms.
Differential Revision: https://phabricator.services.mozilla.com/D141879
With the changes to EditorSpellCheck::SetFallbackDictionary to use a
promise chain to support calling either SetCurrentDictionaryFromList or
SetCurrentDictionaries as required, it is now possible that
RemoteSpellCheckEngineChild is destroyed by the time the second promise
runs. During destruction, RemoteSpellCheckEngineChild calls
mozSpellChecker::DeleteRemoteEngine, which sets mEngine to nullptr.
This patch adds a nullptr check for mEngine in both
SetCurrentDictionaryFromList and SetCurrentDictionaries.
Differential Revision: https://phabricator.services.mozilla.com/D141983
We protect the shaped-word cache in each font with a RWLock, so that multiple threads can
shape in parallel using cached data; only when a new entry needs to be cached will we need
to take a write lock.
(To improve clarity, this patch also constifys a bunch of methods that do not mutate the
font instance.)
Differential Revision: https://phabricator.services.mozilla.com/D141473
According to [1], `MFShutdown` will shutdown the media foundation for every other call of `MFStartup`, which means it's possible to shutdown the media foundation even if other components are still using that.
Therefore, we should consider make the media foundation alive when the first time any component wants to use it, and shutdown it when the whole process destroys.
We already did similar thing on the RDD process [2] so it makes sense to do it as well on other places. Especially considering we will move the MFT decoder into the RDD process in the future, we definitely don't want an encoder incorrectly shutdown the media foundation the decoder is using.
Also, it saves time to call `MFStartup` if the media foundation is already started.
[1] https://docs.microsoft.com/en-us/windows/win32/api/mfapi/nf-mfapi-mfshutdown
[2] https://searchfox.org/mozilla-central/rev/eeeba8183d3268e0d563c2becf9f4adc21a37368/dom/media/ipc/RDDParent.cpp#111,303,315
Differential Revision: https://phabricator.services.mozilla.com/D140757
In addition to adding test support for dynamic-range and video-dynamic-range,
this expands tests of pixelDepth and colorDepth to allow 30 as an acceptable
value.
Differential Revision: https://phabricator.services.mozilla.com/D141307
This matches Chrome behavior. Our video-dynamic-range media query also relies
on this value being greater than 24 in order to report "high" level support.
Differential Revision: https://phabricator.services.mozilla.com/D141306
Barret Rennie
Kagami Sascha Rosylight
Tomislav Jovanovic
Dan Minor
Csoregi Natalia
Iulian Moraru
Serge Guelton
Dana Keeler
John Schanck
Gijs Kruitbosch
Alexandre Lissy
Dimi
Alexandre Poirot
Yury Delendik
dshin
Tom Ritter
Kelsey Gilbert
Brad Werth
Michelle Goossens
Mozilla Releng Treescript
Jonathan Kew
alwu
Olli Pettay
Ryan VanderMeulen
Mark Banner
Alexis Beingessner
Tim Giles