mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
788 316 коммитов 613 Ветки 98 Теги 5,8 GiB
Граф коммитов

16396 Коммитов

Автор SHA1 Сообщение Дата
Randell Jesup fcaf70841e Bug 1207753 - Add MOZ_UNANNOTATED to all Mutexes/Monitors r=nika,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D140849
 2022-03-16 18:47:08 +00:00
Noemi Erli 2390d257e6 Backed out changeset 12a59e5a50bf (bug 1207753) for causing build bustage CLOSED TREE 2022-03-16 18:32:51 +02:00
Randell Jesup 4b033a5256 Bug 1207753 - Add MOZ_UNANNOTATED to all Mutexes/Monitors r=nika,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D140849
 2022-03-16 16:16:14 +00:00
Butkovits Atila 927ad62c6a Backed out changeset a68ee4b09f92 (bug 1207753) for causing Hazard bustages. CLOSED TREE 2022-03-16 14:38:14 +02:00
Randell Jesup 7d4b5fae04 Bug 1207753 - Add MOZ_UNANNOTATED to all Mutexes/Monitors r=nika,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D140849
 2022-03-16 12:01:14 +00:00
criss b61bbd064d Merge autoland to mozilla-central. a=merge 2022-03-16 11:49:56 +02:00
Haik Aftandilian e08fe4e5c5 Bug 1759408 - [macOS] Add sandboxing tests to more process types r=gerard-majax 
Add the WindowServer test and process launch tests to each Mac child process type.

Differential Revision: https://phabricator.services.mozilla.com/D140941
 2022-03-16 04:36:54 +00:00
ffxbld 39212588cc No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D140957
 2022-03-15 16:18:49 +00:00
Cosmin Sabou 74d7d4ed0c Backed out changeset 49a22cd6d6ee (bug 1759408) for causing build bustages on SandboxTestingChildTests.h. CLOSED TREE 2022-03-15 08:09:09 +02:00
Haik Aftandilian 5500a5a34a Bug 1759408 - [macOS] Add sandboxing tests to more process types r=gerard-majax 
Add the WindowServer test and process launch tests to each Mac child process type.

Differential Revision: https://phabricator.services.mozilla.com/D140941
 2022-03-15 05:47:18 +00:00
ffxbld 9cbbc57fb9 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D140905
 2022-03-12 02:15:24 +00:00
Mark Banner 8bb4667fae Bug 1758474 - Implement an ESLint rule to disallow passing {} as the target parameter for ChromeUtils.import. r=Gijs,mossop,perftest-reviewers,preferences-reviewers,sparky 
Differential Revision: https://phabricator.services.mozilla.com/D140517
 2022-03-11 16:41:29 +00:00
Dana Keeler 3f93068a72 Bug 1756061 - PSM changes corresponding to mozilla::pkix signature verification changes in bug 1755092 r=jschanck 
Bug 1755092 changed how mozilla::pkix verifies signatures. This patch makes the
corresponding changes in PSM.

Depends on D140597

Differential Revision: https://phabricator.services.mozilla.com/D139202
 2022-03-10 23:21:00 +00:00
John Schanck 5075ae5d88 Bug 1758579 - land NSS be8a62f85be7 UPGRADE_NSS_RELEASE, r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D140597
 2022-03-10 23:20:59 +00:00
ffxbld 65a682de7f No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D140720
 2022-03-10 14:28:10 +00:00
smolnar e89faa903f Backed out changeset 5018856d8fee (bug 1758474) for causing node eslint failure. CLOSED TREE 2022-03-10 11:58:45 +02:00
Mark Banner fe937b78bd Bug 1758474 - Implement an ESLint rule to disallow passing {} as the target parameter for ChromeUtils.import. r=Gijs,mossop,perftest-reviewers,preferences-reviewers,sparky 
Differential Revision: https://phabricator.services.mozilla.com/D140517
 2022-03-10 09:25:28 +00:00
Dana Keeler 23c938c2f3 Bug 1615974 - avoid memmapping CRLite filters in cert_storage r=jschanck,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D140266
 2022-03-09 22:46:15 +00:00
Julien Wajsberg 5aed3f508f Bug 1756791 - Allow the getcpu syscall in the sandbox r=gcp 
Recently bug 1753305 introduced the use of the getcpu syscall to add
this information to a profiler marker, but didn't allow this syscall
from the sandbox. In most situations this syscall doesn't happen because
of the VDSO mechanism. However in the cases where VDSO isn't used such
as running under rr, the sandbox crashes the process when starting the
profiler.

Thanks :padenot, :lissyx, :jcristau for all the help.

Differential Revision: https://phabricator.services.mozilla.com/D139712
 2022-03-09 10:15:14 +00:00
Gerald Squelart 5802980a6e Bug 1757596 - #include "mozilla/ProfilerThreadSleep.h" instead of GeckoProfiler.h where possible - r=florian 
And in one case, #include "mozilla/ProfilerThreadState.h" where only `AUTO_PROFILER_THREAD_WAKE` is used.

Depends on D140172

Differential Revision: https://phabricator.services.mozilla.com/D140173
 2022-03-08 10:32:44 +00:00
ffxbld db387700ea No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D140491
 2022-03-07 12:48:38 +00:00
Nika Layzell 05dc5e0d76 Bug 1754037 - Part 3c: Automatically update all ParamTraits implementations, r=ipc-reviewers,media-playback-reviewers,bryce,mccr8 
Automatically generated rewrites of all ParamTraits and IPDLParamTraits
implementations in-tree to use IPC::Message{Reader,Writer}.

Differential Revision: https://phabricator.services.mozilla.com/D140004
 2022-03-04 15:39:41 +00:00
Nika Layzell 5f06238318 Bug 1754037 - Part 3a: Manual changes to new ParamTraits API, r=ipc-reviewers,mccr8 
This change does not build without the automatically rewritten changes from
part 3c, as every IPC::ParamTraits and IPDLParamTraits implementation needs to
be updated at once, but these are the manual changes which are required and not
handled by the automatic script.

Differential Revision: https://phabricator.services.mozilla.com/D140001
 2022-03-04 15:39:40 +00:00
ffxbld 2d09a94c14 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D140176
 2022-03-03 14:10:26 +00:00
Dennis Jackson b5111d6214 Bug 1753980 - land NSS NSS_3_76_RTM UPGRADE_NSS_RELEASE, r=bbeurdouche DONTBUILD 
Differential Revision: https://phabricator.services.mozilla.com/D140180
 2022-03-03 11:51:30 +00:00
John Schanck 47c887153f Bug 1750787 - get CRLite enrollment list from cert-revocations. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D139728
 2022-03-02 18:19:25 +00:00
Jed Davis 9082363e4e Bug 1129492 - Remove X11 access from the Linux content process sandbox. r=gcp,jgilbert 
Background: The X11 protocol has a very permissive security model;
clients have essentially full access to the windows of other clients,
and to global resources like input devices.  Previously, our sandbox
policy for content processes needed to allow access to the X server;
this limited its effectiveness against a dedicated attacker.

This patch turns on the `security.sandbox.content.headless` pref added
in bug 1640345, which removes the sandbox policy rules that allowed
making new X11 connections, as well as opening the Xauthority file,
reading hardware info needed by Mesa, etc.  It also runs content
processes in headless mode (whence the name) so they won't connect to a
display server at startup.

This also removes access to the Wayland compositor: the sandbox policy
never allowed that (as of when socket connections became default-deny),
but now content processes won't connect to it at startup.  Wayland is
more capability-oriented so this is less significant for security, but at
a minimum it removes unnecessary attack surface.

Note that if the `webgl.out-of-process` pref is turned off, WebGL
will break unless `security.sandbox.content.headless` is also turned
off.  (Similarly, `widget.non-native-theme.enabled` is needed to render
scrollbars and form controls in content.)  As a result, this patch
adjusts the job definitions used by CI to test in-process WebGL so that
that they will continue to work.

Differential Revision: https://phabricator.services.mozilla.com/D138613
 2022-03-01 20:36:18 +00:00
ffxbld afffec69b7 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D139826
 2022-02-28 13:13:10 +00:00
Dennis Jackson 1eca8a6827 Bug 1753980 - land NSS NSS_3_76_BETA1 UPGRADE_NSS_RELEASE, r=jschanck 
2022-02-24  John M. Schanck  <jschanck@mozilla.com>

	* lib/pki/trustdomain.c:
	Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in
	nssTrustDomain_GetActiveSlots. r=rrelyea

	[a36477f0ee50] [NSS_3_76_BETA1]

2022-02-23  John M. Schanck  <jschanck@mozilla.com>

	* lib/certdb/crl.c, lib/certdb/stanpcertdb.c, lib/dev/devtoken.c,
	lib/dev/devutil.c, lib/pk11wrap/pk11auth.c, lib/pk11wrap/pk11cert.c,
	lib/pk11wrap/pk11nobj.c, lib/pk11wrap/pk11slot.c,
	lib/pk11wrap/pk11util.c, lib/pk11wrap/secmodti.h,
	lib/pki/pki3hack.c, lib/pki/trustdomain.c:
	Bug 1370866 - Check return value of PK11Slot_GetNSSToken. r=djackson

	[d7e8c2df6bca]

Differential Revision: https://phabricator.services.mozilla.com/D139588
 2022-02-24 18:15:43 +00:00
ffxbld 88111eadd6 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D139581
 2022-02-24 13:59:41 +00:00
ffxbld a78cf21c03 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update a=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D139273
 2022-02-22 15:05:34 +00:00
Jens Stutte 8dc1e5affa Bug 1750635: Substitute AppShutdown:IsShuttingDown with equivalent AppShutdown::IsInOrBeyond. r=florian,xpcom-reviewers,nika 
Differential Revision: https://phabricator.services.mozilla.com/D139143
 2022-02-18 19:35:13 +00:00
Tom Ritter cfbe02ff6e Bug 1750859: If not all decoders are remoted, you're disqualified from win32k r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D139043
 2022-02-17 18:59:17 +00:00
Sergey Galich 2924bdb35f Bug 1653486 - Replace all non-user-facing references to "master" password. r=dimi,tgiles,preferences-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D138113
 2022-02-17 17:29:57 +00:00
ffxbld fd59e8d9be No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update a=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D139007
 2022-02-17 13:37:52 +00:00
Dana Keeler f05d29b7f8 Bug 1754217 - remove brittle time format APIs from nsIX509CertValidity r=jschanck 
nsIX509CertValidity had a handful of APIs that would return formatted time
values. Some of these APIs were unused, and the rest were prone to error due to
platform differences. This patch simplifies this interface by removing those
APIs and having callers perform their own formatting using the remaining APIs
that return PRTime values.

Differential Revision: https://phabricator.services.mozilla.com/D138363
 2022-02-15 22:55:02 +00:00
Dennis Jackson ac3025042a Bug 1753980 - land NSS 4a8880ef UPGRADE_NSS_RELEASE, r=bbeurdouche 
```
2022-02-14  Martin Thomson  <mt@lowentropy.net>

	* gtests/common/testvectors/rsa_pss_2048_sha1_mgf1_20-vectors.h,
	gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_0-vectors.h,
	gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_32-vectors.h,
	gtests/common/testvectors/rsa_pss_3072_sha256_mgf1_32-vectors.h,
	gtests/common/testvectors/rsa_pss_4096_sha256_mgf1_32-vectors.h,
	gtests/common/testvectors/rsa_pss_4096_sha512_mgf1_32-vectors.h,
	gtests/common/testvectors/rsa_pss_misc-vectors.h,
	gtests/common/wycheproof/genTestVectors.py, gtests/common/wycheproof
	/source_vectors/rsa_pss_2048_sha1_mgf1_20_test.json, gtests/common/w
	ycheproof/source_vectors/rsa_pss_2048_sha256_mgf1_0_test.json, gtest
	s/common/wycheproof/source_vectors/rsa_pss_2048_sha256_mgf1_32_test.
	json, gtests/common/wycheproof/source_vectors/rsa_pss_3072_sha256_mg
	f1_32_test.json, gtests/common/wycheproof/source_vectors/rsa_pss_409
	6_sha256_mgf1_32_test.json, gtests/common/wycheproof/source_vectors/
	rsa_pss_4096_sha512_mgf1_32_test.json,
	gtests/common/wycheproof/source_vectors/rsa_pss_misc_test.json,
	gtests/pk11_gtest/json.h, gtests/pk11_gtest/pk11_hpke_unittest.cc,
	gtests/pk11_gtest/pk11_rsapss_unittest.cc:
	Bug 1747957 - Use Wycheproof JSON for RSASSA-PSS, r=nss-
	reviewers,bbeurdouche

	[4a8880ef1adc] [tip]

2022-02-10  Leander Schwarz  <lschwarz@mozilla.com>

	* gtests/ssl_gtest/ssl_extension_unittest.cc,
	gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/ssl3ext.c:
	Bug 1751157 - Throw illegal_parameter alert for illegal extensions
	in handshake message. r=djackson

	[8fd5ca0cf897]

2022-02-09  John M. Schanck  <jschanck@mozilla.com>

	* automation/release/nss-release-helper.py:
	Bug 1753505 - Avoid truncating files in nss-release-helper.py.
	r=bbeurdouche

	[7876a7255030]

2022-02-08  John M. Schanck  <jschanck@mozilla.com>

	* lib/ckfw/builtins/certdata.txt:
	Bug 1679803 - Add SHA256 fingerprint comments to old certdata.txt
	entries. r=nss-reviewers,bbeurdouche

	The new SHA256 hashes were calculated using the script below, which
	reads certificates out of the builtin token and re-processing them
	with the current version of addbuiltin. One of the "Autoridad de
	Certificacion Firmaprofesional CIF A62634068" certificates had to be
	handled manually because of Bug 456858.

	``` #!/bin/bash

	NSS_LIB=<path to dist/Debug/lib>

	WORK=/tmp/nssdb/ LIST=${WORK}/list.txt OUT=${WORK}/certdata.txt

	rm -rf ${WORK} mkdir -p ${WORK} modutil -force -dbdir "sql:${WORK}"
	-create modutil -force -dbdir "sql:${WORK}" -add "nssckbi" -libfile
	"${NSS_LIB}/libnssckbi.so"

	certutil -d "sql:${WORK}" -L -h "Builtin Object Token" | grep
	Builtin > ${LIST} sed -i 's/\s*\(C\?,C\?,C\?\)\s*$/;\1/' ${LIST}

	while IFS=";" read -r name trust do certutil -d "sql:${WORK}" -L -n
	"${name}" -r 1> "${WORK}/${name}.der" addbuiltin -t "${trust}" -n
	"${name/Builtin Object Token:/}" -i "${WORK}/${name}.der" done <
	${LIST} >> ${OUT} ```

	[7a34cf74b659]
```

Differential Revision: https://phabricator.services.mozilla.com/D138799
 2022-02-15 18:04:14 +00:00
Haik Aftandilian e1863039f6 Bug 1707739 - Re-enable browser_content_sandbox_fs.js r=spohl 
Change browser_content_sandbox_fs.js to not assume the font registry directory or the 'font' file have been created by the system. If the directory and or file are not present, skip the readability test instead of failing.

Differential Revision: https://phabricator.services.mozilla.com/D138622
 2022-02-15 16:13:55 +00:00
John Schanck 2654fbb629 Bug 1753071 - Add a "confirm revocations" mode to CRLite. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D137553
 2022-02-14 18:55:21 +00:00
ffxbld 79d6ccf336 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D138643
 2022-02-14 17:57:46 +00:00
Bob Owen dbc9c90549 Bug 1754940: Make alternate winstation depend on non-native theme. r=handyman 
Differential Revision: https://phabricator.services.mozilla.com/D138527
 2022-02-11 18:18:15 +00:00
Florian Quèze 7b45ca4063 Bug 1754519 - Add missing profiler_thread_sleep annotations, r=gerald,necko-reviewers,kershaw. 
Differential Revision: https://phabricator.services.mozilla.com/D138341
 2022-02-11 15:19:46 +00:00
Bob Owen e82a8ce887 Bug 1695556 p3: Add file tests for content process sandbox. r=handyman,ipc-reviewers,jld 
Depends on D135693

Differential Revision: https://phabricator.services.mozilla.com/D135694
 2022-02-10 16:56:02 +00:00
Bob Owen 36c9b7f8da Bug 1695556 p1a: Add allow reparse points in chromium sandbox code patch. r=handyman 
Differential Revision: https://phabricator.services.mozilla.com/D137858
 2022-02-10 16:56:01 +00:00
Bob Owen 9b1cd0242d Bug 1695556 p1: Allow reparse points in chromium sandbox code. r=handyman 
Differential Revision: https://phabricator.services.mozilla.com/D135692
 2022-02-10 16:56:01 +00:00
ffxbld 2420fb4c51 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D138425
 2022-02-10 13:42:48 +00:00
Kershaw Chang ef25b1a6f3 Bug 1734470 - Add MITIGATION_DYNAMIC_CODE_DISABLE back to socket process sandboxing, r=bobowen,necko-reviewers,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D138204
 2022-02-10 09:09:59 +00:00
Dana Keeler 437958626e Bug 1754294 - remove some unused files in PSM that should have been removed in bug 1751078 r=jschanck 
Depends on D138215

Differential Revision: https://phabricator.services.mozilla.com/D138224
 2022-02-09 21:13:24 +00:00
Dana Keeler 9731d7145f Bug 1754294 - take the appropriate lock when accessing SECMODModule slot information r=jschanck 
When accessing a SECMODModule's slots or slotCount members, the read lock of
the module list must be acquired.

Differential Revision: https://phabricator.services.mozilla.com/D138215
 2022-02-09 21:13:24 +00:00
Nika Layzell dabb46c84d Bug 1736371 - Default new actors to be refcounted, r=alwu,media-playback-reviewers,mccr8 
The changes to ipdl actors were mechanical, and largely automated using
a script.

Differential Revision: https://phabricator.services.mozilla.com/D137237
 2022-02-09 17:29:47 +00:00