Noemi Erli
5a21645f73
Backed out 2 changesets (bug 1793841) for causing Gtest failures CLOSED TREE
...
Backed out changeset 4d39c423b92e (bug 1793841)
Backed out changeset 5cfb5f595add (bug 1793841)
2022-10-18 04:29:44 +03:00
Dana Keeler
0d78f1f283
Bug 1793841 - deserialize nsITransportSecurityInfo without already having an instance of it r=jschanck,necko-reviewers,dragana
...
This is an important step in making nsITransportSecurityInfo constant.
Depends on D157994
Differential Revision: https://phabricator.services.mozilla.com/D157995
2022-10-18 00:18:09 +00:00
Mike Hommey
969d7bb6fd
Bug 1795219 - Remove -Wall setup in security/{ct,certverifier}/moz.build. r=firefox-build-system-reviewers,andi
...
The use of `-Xclang -Wall` somehow makes `-Wno-unknown-pragmas`
ineffective. `-Xclang -Wno-unknown-pragmas` does however work.
But we don't need to set `-Xclang -Wall` from the moz.builds in the first
place, as that's already done properly via warnings.configure (setting
-Wall on non-clang-cl and -W3 on clang-cl, which is the equivalent).
Differential Revision: https://phabricator.services.mozilla.com/D159366
2022-10-17 21:55:03 +00:00
Dana Keeler
b195dc4082
Bug 1719706 - don't wait for the loadable roots task in nsNSSComponent::ShutdownNSS() r=jschanck,necko-reviewers,valentin
...
In bug 1546720
, nsNSSComponent::ShutdownNSS() stopped unloading the builtin
roots and osclientcerts modules to avoid crashes due to NSS' pervasive thread
safety issues. Since that function no longer unloads the builtin module, it
shouldn't need to wait until the task that loads it has completed. Hopefully
this will avoid some shutdown hangs.
Note that when NSS is finally shut down, all threads other than the main thread
have been joined, so there shouldn't be any concurrency concerns at that time.
Differential Revision: https://phabricator.services.mozilla.com/D159434
2022-10-17 16:11:30 +00:00
ffxbld
062797d3d6
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D159497
2022-10-17 12:10:23 +00:00
Dennis Jackson
0e750e0b2e
Bug 1792135 - land NSS NSS_3_84_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck
...
Differential Revision: https://phabricator.services.mozilla.com/D159278
2022-10-13 15:29:32 +00:00
John Schanck
59119c81d9
Bug 1794479 - Gather telemetry on the age of OCSP responses used to override CRLite. r=keeler
...
Defines the OCSP_AGE_AT_CRLITE_OVERRIDE histogram which records the age of an
OCSP response, in hours, when CRLite says a certificate is revoked and OCSP
says it's OK.
Differential Revision: https://phabricator.services.mozilla.com/D158991
2022-10-13 14:08:23 +00:00
ffxbld
437a3ce886
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D159263
2022-10-13 12:31:11 +00:00
Dana Keeler
0dedda0179
Bug 1720118 - store certificate error override and failed certificate chain information in the TLS token cache r=kershaw,jschanck,necko-reviewers
...
Differential Revision: https://phabricator.services.mozilla.com/D158793
2022-10-12 23:54:11 +00:00
Dana Keeler
07cf1e9f2c
Bug 1720118 - always use the TLS token cache r=kershaw,necko-reviewers,ci-and-tooling,jmaher
...
Differential Revision: https://phabricator.services.mozilla.com/D158792
2022-10-12 23:54:10 +00:00
John Schanck
e2bc1afa4f
Bug 1794450 - Gather telemetry on use of revocation checking mechanisms. r=keeler
...
Adds the CERT_REVOCATION_MECHANISMS histogram with bins "CRLite", "Stapled OCSP", "Cached OCSP", "OCSP", "OneCRL", and "Short Validity" to gauge how often we use each certificate revocation checking mechanisms. The Short Validity bin counts cases where a revocation check was not performed because the certificate had a short validity period. The other bin names are self-explanatory. We may use more than one mechanism per certificate, so we may accumulate to more than one bin per certificate.
Differential Revision: https://phabricator.services.mozilla.com/D158975
2022-10-12 21:05:08 +00:00
Cristian Tuns
f2f36b1381
Backed out 2 changesets (bug 1720118) for causing Hybrid bustages on nsHashtablesFwd.h CLOSED TREE
...
Backed out changeset af570580e2f7 (bug 1720118)
Backed out changeset 57b8a6400749 (bug 1720118)
2022-10-12 14:20:47 -04:00
Dana Keeler
eab44906ca
Bug 1720118 - store certificate error override and failed certificate chain information in the TLS token cache r=kershaw,jschanck,necko-reviewers
...
Differential Revision: https://phabricator.services.mozilla.com/D158793
2022-10-12 17:43:29 +00:00
Dana Keeler
d894513c37
Bug 1720118 - always use the TLS token cache r=kershaw,necko-reviewers,ci-and-tooling,jmaher
...
Differential Revision: https://phabricator.services.mozilla.com/D158792
2022-10-12 17:43:28 +00:00
Dana Keeler
ad795fde70
Bug 1520297 - enable intermediate preloading on Android r=jschanck
...
The current collection of preloaded intermediates is under 3MB. This should not
be a prohibitive amount for mobile users to download. Once downloaded, updates
to the collection are minimal and again should not be an issue.
Differential Revision: https://phabricator.services.mozilla.com/D159092
2022-10-11 21:53:59 +00:00
ffxbld
f16ca73e4c
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D158942
2022-10-10 13:14:27 +00:00
Dennis Jackson
7da0562237
Bug 1792135 - land NSS NSS_3_84_BETA1 UPGRADE_NSS_RELEASE, r=nss-reviewers,nkulatova
...
Differential Revision: https://phabricator.services.mozilla.com/D158772
2022-10-06 22:47:02 +00:00
Alexandre Lissy
6a92f8d147
Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto
...
Differential Revision: https://phabricator.services.mozilla.com/D156286
2022-10-06 15:51:56 +00:00
Alexandre Lissy
bb317b2bae
Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
...
Differential Revision: https://phabricator.services.mozilla.com/D156285
2022-10-06 15:51:56 +00:00
Alexandre Lissy
f4906ff3eb
Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
...
Differential Revision: https://phabricator.services.mozilla.com/D156284
2022-10-06 15:51:55 +00:00
Kershaw Chang
62cd9065c3
Bug 1720601 - Allow token cache to store more than one token per key, r=necko-reviewers,dragana
...
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.
Differential Revision: https://phabricator.services.mozilla.com/D153605
2022-10-06 12:56:01 +00:00
Sandor Molnar
9e30e89e90
Backed out 13 changesets (bug 1788596) for causing build bustage in toolkit/components/processtools/ProcInfo_common.cpp CLOSED TREE
...
Backed out changeset 620c85305800 (bug 1788596)
Backed out changeset 1f64776a859a (bug 1788596)
Backed out changeset 707e4c9c8801 (bug 1788596)
Backed out changeset 2221a97ebe97 (bug 1788596)
Backed out changeset d50fd0551159 (bug 1788596)
Backed out changeset 7e2ad8c47afb (bug 1788596)
Backed out changeset f87c5fb2c36f (bug 1788596)
Backed out changeset 61dd9a9eb714 (bug 1788596)
Backed out changeset a67c4ea1c8b3 (bug 1788596)
Backed out changeset 1be7af1214cf (bug 1788596)
Backed out changeset e99c7089bf93 (bug 1788596)
Backed out changeset 9a87f108548b (bug 1788596)
Backed out changeset 3dd59224f38b (bug 1788596)
2022-10-06 16:28:46 +03:00
ffxbld
22a6ff72e5
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=pascalc
...
Differential Revision: https://phabricator.services.mozilla.com/D158756
2022-10-06 12:19:24 +00:00
Alexandre Lissy
16c9919af1
Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto
...
Differential Revision: https://phabricator.services.mozilla.com/D156286
2022-10-06 10:56:41 +00:00
Alexandre Lissy
1d211b0ec1
Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
...
Differential Revision: https://phabricator.services.mozilla.com/D156285
2022-10-06 10:56:41 +00:00
Alexandre Lissy
301e159051
Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
...
Differential Revision: https://phabricator.services.mozilla.com/D156284
2022-10-06 10:56:40 +00:00
Sandor Molnar
2fb4e10f0d
Backed out 13 changesets (bug 1788596) for causing browser-chrome failures in security/sandbox/test/browser_sandbox_test.js CLOSED TREE
...
Backed out changeset 338c18d01cfd (bug 1788596)
Backed out changeset 9d4a5c557191 (bug 1788596)
Backed out changeset 1d1d15dbe44c (bug 1788596)
Backed out changeset e9d29218beba (bug 1788596)
Backed out changeset 397e6c6587f3 (bug 1788596)
Backed out changeset 077fd3a987ca (bug 1788596)
Backed out changeset 2fc674146915 (bug 1788596)
Backed out changeset 4ebb8837ee1a (bug 1788596)
Backed out changeset 9040533dabe1 (bug 1788596)
Backed out changeset 8b27ee4d4168 (bug 1788596)
Backed out changeset 93f50c2f0b9e (bug 1788596)
Backed out changeset 3e7125be66fa (bug 1788596)
Backed out changeset 63ee00ea9be6 (bug 1788596)
2022-10-06 10:28:00 +03:00
Alexandre Lissy
dd8daf38e3
Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto
...
Differential Revision: https://phabricator.services.mozilla.com/D156286
2022-10-06 06:14:06 +00:00
Alexandre Lissy
272b0c9273
Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
...
Differential Revision: https://phabricator.services.mozilla.com/D156285
2022-10-06 06:14:06 +00:00
Alexandre Lissy
592b1be2e3
Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
...
Differential Revision: https://phabricator.services.mozilla.com/D156284
2022-10-06 06:14:05 +00:00
Dana Keeler
644aa7999c
Bug 1716082 - clear all ongoing connections when removing certificate error overrides r=jschanck
...
Differential Revision: https://phabricator.services.mozilla.com/D158613
2022-10-05 20:15:02 +00:00
Emilio Cobos Álvarez
d71d3c19ed
Bug 1792809 - Make library and other windows keep stretching after bug 1665476. r=eemeli
...
Much like the dialog changes in bug 1792730.
Differential Revision: https://phabricator.services.mozilla.com/D158351
2022-10-04 10:21:05 +00:00
ffxbld
c6a00ce965
No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D158497
2022-10-03 13:20:51 +00:00
ffxbld
87d48b75dd
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D158326
2022-09-29 16:44:52 +00:00
Yannis Juglaret
adebd56af9
Bug 1766432 - Part 4: Enable Arbitrary Code Guard in MinGW builds. r=bobowen
...
Differential Revision: https://phabricator.services.mozilla.com/D157906
2022-09-29 15:29:15 +00:00
Yannis Juglaret
eaa892440f
Bug 1766432 - Part 3: Add Part 2 to the list of patches to apply when updating third-party. r=bobowen
...
Differential Revision: https://phabricator.services.mozilla.com/D157905
2022-09-29 15:29:15 +00:00
Yannis Juglaret
0b60970f1b
Bug 1766432 - Part 2: Propagate custom definition for PROCESS_MITIGATION_DYNAMIC_CODE_POLICY to third-party. r=bobowen
...
Differential Revision: https://phabricator.services.mozilla.com/D157904
2022-09-29 15:29:14 +00:00
Mark Banner
8d1ebcb9d6
Bug 1792365 - Convert toolkit/modules consumers to use ES module imports directly. r=webdriver-reviewers,perftest-reviewers,geckoview-reviewers,extension-reviewers,preferences-reviewers,desktop-theme-reviewers,application-update-reviewers,pip-reviewers,credential-management-reviewers,robwu,Gijs,sgalich,bytesized,AlexandruIonescu,dao,m_kato
...
Differential Revision: https://phabricator.services.mozilla.com/D158094
2022-09-29 06:52:34 +00:00
ffxbld
4af4ff2e5b
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D158124
2022-09-27 16:27:33 +00:00
ffxbld
4e99c68740
No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D157923
2022-09-22 12:46:23 +00:00
Jed Davis
a466bdb2c4
Bug 1780312 - Part 2: Allow fstatfs in the Linux RDD sandbox policy. r=gcp
...
As discussed in the last patch, allowing `fstatfs` will also make
`statfs` work on any path that the process could open for reading
(subject to sandbox policy).
Differential Revision: https://phabricator.services.mozilla.com/D157542
2022-09-21 17:57:54 +00:00
Jed Davis
3b5c74387e
Bug 1780312 - Part 1: Move the statfs replacement into the common sandbox policy. r=gcp
...
We have code to handle `statfs` calls in content processes by
intercepting them and calling `open` and `fstatfs` instead; the former
is then recursively intercepted and brokered. This patch moves that
feature into the common policy, but does not allow `fstatfs` in any
other sandbox types (yet; see next patch). This doesn't affect security
because the caller could have attempted the `open` and `fstatfs`
syscalls itself.
Differential Revision: https://phabricator.services.mozilla.com/D157541
2022-09-21 17:57:54 +00:00
Joel Maher
4c4438b4f7
Bug 1536208 - removing old aarch64 manifest annotations. r=aryx,application-update-reviewers,bytesized
...
Differential Revision: https://phabricator.services.mozilla.com/D157677
2022-09-21 15:35:02 +00:00
Andreea Pavel
9f24806607
Backed out 2 changesets (bug 1768250, bug 1720601) for multiple failures CLOSED TREE
...
Backed out changeset d6caea480d4d (bug 1768250)
Backed out changeset 97eccf466bf3 (bug 1720601)
2022-09-20 16:50:29 +03:00
Kershaw Chang
137b76a861
Bug 1720601 - Allow token cache to store more than one token per key, r=necko-reviewers,dragana
...
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.
Differential Revision: https://phabricator.services.mozilla.com/D153605
2022-09-20 12:58:06 +00:00
Dana Keeler
bdb75eecd3
Bug 1790451 - remove now-unnecessary QueryInterface(Ci.nsITransportSecurityInfo) calls r=jschanck,webdriver-reviewers,necko-reviewers,application-update-reviewers,nalexander,valentin
...
Differential Revision: https://phabricator.services.mozilla.com/D157166
2022-09-20 03:58:50 +00:00
ffxbld
26a22933ed
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D157632
2022-09-19 13:30:31 +00:00
John Schanck
ef80532ec8
Bug 1787505 - land NSS NSS_3_83_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,bbeurdouche
...
Differential Revision: https://phabricator.services.mozilla.com/D157510
2022-09-15 19:24:37 +00:00
Nika Layzell
0316dc51b9
Bug 1790614 - Part 2: Use {ASSERT,ENSURE}_NS_{SUCCEEEDED,FAILED} in gtests, r=ahal,necko-reviewers
...
These macros will produce better outputs when they fail than these existing
patterns using `ENSURE_TRUE(NS_SUCCEEDED(...))` or similar, so this is a bulk
rewrite of existing tests to use them.
It should also help with discoverability when people base their tests off of
other existing tests.
Differential Revision: https://phabricator.services.mozilla.com/D157214
2022-09-15 14:51:50 +00:00
ffxbld
2bddac315a
No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D157441
2022-09-15 13:07:24 +00:00