Граф коммитов

16768 Коммитов

Автор SHA1 Сообщение Дата
Noemi Erli 5a21645f73 Backed out 2 changesets (bug 1793841) for causing Gtest failures CLOSED TREE
Backed out changeset 4d39c423b92e (bug 1793841)
Backed out changeset 5cfb5f595add (bug 1793841)
2022-10-18 04:29:44 +03:00
Dana Keeler 0d78f1f283 Bug 1793841 - deserialize nsITransportSecurityInfo without already having an instance of it r=jschanck,necko-reviewers,dragana
This is an important step in making nsITransportSecurityInfo constant.

Depends on D157994

Differential Revision: https://phabricator.services.mozilla.com/D157995
2022-10-18 00:18:09 +00:00
Mike Hommey 969d7bb6fd Bug 1795219 - Remove -Wall setup in security/{ct,certverifier}/moz.build. r=firefox-build-system-reviewers,andi
The use of `-Xclang -Wall` somehow makes `-Wno-unknown-pragmas`
ineffective. `-Xclang -Wno-unknown-pragmas` does however work.

But we don't need to set `-Xclang -Wall` from the moz.builds in the first
place, as that's already done properly via warnings.configure (setting
-Wall on non-clang-cl and -W3 on clang-cl, which is the equivalent).

Differential Revision: https://phabricator.services.mozilla.com/D159366
2022-10-17 21:55:03 +00:00
Dana Keeler b195dc4082 Bug 1719706 - don't wait for the loadable roots task in nsNSSComponent::ShutdownNSS() r=jschanck,necko-reviewers,valentin
In bug 1546720, nsNSSComponent::ShutdownNSS() stopped unloading the builtin
roots and osclientcerts modules to avoid crashes due to NSS' pervasive thread
safety issues. Since that function no longer unloads the builtin module, it
shouldn't need to wait until the task that loads it has completed. Hopefully
this will avoid some shutdown hangs.

Note that when NSS is finally shut down, all threads other than the main thread
have been joined, so there shouldn't be any concurrency concerns at that time.

Differential Revision: https://phabricator.services.mozilla.com/D159434
2022-10-17 16:11:30 +00:00
ffxbld 062797d3d6 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan
Differential Revision: https://phabricator.services.mozilla.com/D159497
2022-10-17 12:10:23 +00:00
Dennis Jackson 0e750e0b2e Bug 1792135 - land NSS NSS_3_84_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck
Differential Revision: https://phabricator.services.mozilla.com/D159278
2022-10-13 15:29:32 +00:00
John Schanck 59119c81d9 Bug 1794479 - Gather telemetry on the age of OCSP responses used to override CRLite. r=keeler
Defines the OCSP_AGE_AT_CRLITE_OVERRIDE histogram which records the age of an
OCSP response, in hours, when CRLite says a certificate is revoked and OCSP
says it's OK.

Differential Revision: https://phabricator.services.mozilla.com/D158991
2022-10-13 14:08:23 +00:00
ffxbld 437a3ce886 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan
Differential Revision: https://phabricator.services.mozilla.com/D159263
2022-10-13 12:31:11 +00:00
Dana Keeler 0dedda0179 Bug 1720118 - store certificate error override and failed certificate chain information in the TLS token cache r=kershaw,jschanck,necko-reviewers
Differential Revision: https://phabricator.services.mozilla.com/D158793
2022-10-12 23:54:11 +00:00
Dana Keeler 07cf1e9f2c Bug 1720118 - always use the TLS token cache r=kershaw,necko-reviewers,ci-and-tooling,jmaher
Differential Revision: https://phabricator.services.mozilla.com/D158792
2022-10-12 23:54:10 +00:00
John Schanck e2bc1afa4f Bug 1794450 - Gather telemetry on use of revocation checking mechanisms. r=keeler
Adds the CERT_REVOCATION_MECHANISMS histogram with bins "CRLite", "Stapled OCSP", "Cached OCSP", "OCSP", "OneCRL", and "Short Validity" to gauge how often we use each certificate revocation checking mechanisms. The Short Validity bin counts cases where a revocation check was not performed because the certificate had a short validity period. The other bin names are self-explanatory. We may use more than one mechanism per certificate, so we may accumulate to more than one bin per certificate.

Differential Revision: https://phabricator.services.mozilla.com/D158975
2022-10-12 21:05:08 +00:00
Cristian Tuns f2f36b1381 Backed out 2 changesets (bug 1720118) for causing Hybrid bustages on nsHashtablesFwd.h CLOSED TREE
Backed out changeset af570580e2f7 (bug 1720118)
Backed out changeset 57b8a6400749 (bug 1720118)
2022-10-12 14:20:47 -04:00
Dana Keeler eab44906ca Bug 1720118 - store certificate error override and failed certificate chain information in the TLS token cache r=kershaw,jschanck,necko-reviewers
Differential Revision: https://phabricator.services.mozilla.com/D158793
2022-10-12 17:43:29 +00:00
Dana Keeler d894513c37 Bug 1720118 - always use the TLS token cache r=kershaw,necko-reviewers,ci-and-tooling,jmaher
Differential Revision: https://phabricator.services.mozilla.com/D158792
2022-10-12 17:43:28 +00:00
Dana Keeler ad795fde70 Bug 1520297 - enable intermediate preloading on Android r=jschanck
The current collection of preloaded intermediates is under 3MB. This should not
be a prohibitive amount for mobile users to download. Once downloaded, updates
to the collection are minimal and again should not be an issue.

Differential Revision: https://phabricator.services.mozilla.com/D159092
2022-10-11 21:53:59 +00:00
ffxbld f16ca73e4c No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D158942
2022-10-10 13:14:27 +00:00
Dennis Jackson 7da0562237 Bug 1792135 - land NSS NSS_3_84_BETA1 UPGRADE_NSS_RELEASE, r=nss-reviewers,nkulatova
Differential Revision: https://phabricator.services.mozilla.com/D158772
2022-10-06 22:47:02 +00:00
Alexandre Lissy 6a92f8d147 Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto
Differential Revision: https://phabricator.services.mozilla.com/D156286
2022-10-06 15:51:56 +00:00
Alexandre Lissy bb317b2bae Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
Differential Revision: https://phabricator.services.mozilla.com/D156285
2022-10-06 15:51:56 +00:00
Alexandre Lissy f4906ff3eb Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
Differential Revision: https://phabricator.services.mozilla.com/D156284
2022-10-06 15:51:55 +00:00
Kershaw Chang 62cd9065c3 Bug 1720601 - Allow token cache to store more than one token per key, r=necko-reviewers,dragana
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.

Differential Revision: https://phabricator.services.mozilla.com/D153605
2022-10-06 12:56:01 +00:00
Sandor Molnar 9e30e89e90 Backed out 13 changesets (bug 1788596) for causing build bustage in toolkit/components/processtools/ProcInfo_common.cpp CLOSED TREE
Backed out changeset 620c85305800 (bug 1788596)
Backed out changeset 1f64776a859a (bug 1788596)
Backed out changeset 707e4c9c8801 (bug 1788596)
Backed out changeset 2221a97ebe97 (bug 1788596)
Backed out changeset d50fd0551159 (bug 1788596)
Backed out changeset 7e2ad8c47afb (bug 1788596)
Backed out changeset f87c5fb2c36f (bug 1788596)
Backed out changeset 61dd9a9eb714 (bug 1788596)
Backed out changeset a67c4ea1c8b3 (bug 1788596)
Backed out changeset 1be7af1214cf (bug 1788596)
Backed out changeset e99c7089bf93 (bug 1788596)
Backed out changeset 9a87f108548b (bug 1788596)
Backed out changeset 3dd59224f38b (bug 1788596)
2022-10-06 16:28:46 +03:00
ffxbld 22a6ff72e5 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=pascalc
Differential Revision: https://phabricator.services.mozilla.com/D158756
2022-10-06 12:19:24 +00:00
Alexandre Lissy 16c9919af1 Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto
Differential Revision: https://phabricator.services.mozilla.com/D156286
2022-10-06 10:56:41 +00:00
Alexandre Lissy 1d211b0ec1 Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
Differential Revision: https://phabricator.services.mozilla.com/D156285
2022-10-06 10:56:41 +00:00
Alexandre Lissy 301e159051 Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
Differential Revision: https://phabricator.services.mozilla.com/D156284
2022-10-06 10:56:40 +00:00
Sandor Molnar 2fb4e10f0d Backed out 13 changesets (bug 1788596) for causing browser-chrome failures in security/sandbox/test/browser_sandbox_test.js CLOSED TREE
Backed out changeset 338c18d01cfd (bug 1788596)
Backed out changeset 9d4a5c557191 (bug 1788596)
Backed out changeset 1d1d15dbe44c (bug 1788596)
Backed out changeset e9d29218beba (bug 1788596)
Backed out changeset 397e6c6587f3 (bug 1788596)
Backed out changeset 077fd3a987ca (bug 1788596)
Backed out changeset 2fc674146915 (bug 1788596)
Backed out changeset 4ebb8837ee1a (bug 1788596)
Backed out changeset 9040533dabe1 (bug 1788596)
Backed out changeset 8b27ee4d4168 (bug 1788596)
Backed out changeset 93f50c2f0b9e (bug 1788596)
Backed out changeset 3e7125be66fa (bug 1788596)
Backed out changeset 63ee00ea9be6 (bug 1788596)
2022-10-06 10:28:00 +03:00
Alexandre Lissy dd8daf38e3 Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto
Differential Revision: https://phabricator.services.mozilla.com/D156286
2022-10-06 06:14:06 +00:00
Alexandre Lissy 272b0c9273 Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
Differential Revision: https://phabricator.services.mozilla.com/D156285
2022-10-06 06:14:06 +00:00
Alexandre Lissy 592b1be2e3 Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
Differential Revision: https://phabricator.services.mozilla.com/D156284
2022-10-06 06:14:05 +00:00
Dana Keeler 644aa7999c Bug 1716082 - clear all ongoing connections when removing certificate error overrides r=jschanck
Differential Revision: https://phabricator.services.mozilla.com/D158613
2022-10-05 20:15:02 +00:00
Emilio Cobos Álvarez d71d3c19ed Bug 1792809 - Make library and other windows keep stretching after bug 1665476. r=eemeli
Much like the dialog changes in bug 1792730.

Differential Revision: https://phabricator.services.mozilla.com/D158351
2022-10-04 10:21:05 +00:00
ffxbld c6a00ce965 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan
Differential Revision: https://phabricator.services.mozilla.com/D158497
2022-10-03 13:20:51 +00:00
ffxbld 87d48b75dd No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D158326
2022-09-29 16:44:52 +00:00
Yannis Juglaret adebd56af9 Bug 1766432 - Part 4: Enable Arbitrary Code Guard in MinGW builds. r=bobowen
Differential Revision: https://phabricator.services.mozilla.com/D157906
2022-09-29 15:29:15 +00:00
Yannis Juglaret eaa892440f Bug 1766432 - Part 3: Add Part 2 to the list of patches to apply when updating third-party. r=bobowen
Differential Revision: https://phabricator.services.mozilla.com/D157905
2022-09-29 15:29:15 +00:00
Yannis Juglaret 0b60970f1b Bug 1766432 - Part 2: Propagate custom definition for PROCESS_MITIGATION_DYNAMIC_CODE_POLICY to third-party. r=bobowen
Differential Revision: https://phabricator.services.mozilla.com/D157904
2022-09-29 15:29:14 +00:00
Mark Banner 8d1ebcb9d6 Bug 1792365 - Convert toolkit/modules consumers to use ES module imports directly. r=webdriver-reviewers,perftest-reviewers,geckoview-reviewers,extension-reviewers,preferences-reviewers,desktop-theme-reviewers,application-update-reviewers,pip-reviewers,credential-management-reviewers,robwu,Gijs,sgalich,bytesized,AlexandruIonescu,dao,m_kato
Differential Revision: https://phabricator.services.mozilla.com/D158094
2022-09-29 06:52:34 +00:00
ffxbld 4af4ff2e5b No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D158124
2022-09-27 16:27:33 +00:00
ffxbld 4e99c68740 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan
Differential Revision: https://phabricator.services.mozilla.com/D157923
2022-09-22 12:46:23 +00:00
Jed Davis a466bdb2c4 Bug 1780312 - Part 2: Allow fstatfs in the Linux RDD sandbox policy. r=gcp
As discussed in the last patch, allowing `fstatfs` will also make
`statfs` work on any path that the process could open for reading
(subject to sandbox policy).

Differential Revision: https://phabricator.services.mozilla.com/D157542
2022-09-21 17:57:54 +00:00
Jed Davis 3b5c74387e Bug 1780312 - Part 1: Move the statfs replacement into the common sandbox policy. r=gcp
We have code to handle `statfs` calls in content processes by
intercepting them and calling `open` and `fstatfs` instead; the former
is then recursively intercepted and brokered.  This patch moves that
feature into the common policy, but does not allow `fstatfs` in any
other sandbox types (yet; see next patch).  This doesn't affect security
because the caller could have attempted the `open` and `fstatfs`
syscalls itself.

Differential Revision: https://phabricator.services.mozilla.com/D157541
2022-09-21 17:57:54 +00:00
Joel Maher 4c4438b4f7 Bug 1536208 - removing old aarch64 manifest annotations. r=aryx,application-update-reviewers,bytesized
Differential Revision: https://phabricator.services.mozilla.com/D157677
2022-09-21 15:35:02 +00:00
Andreea Pavel 9f24806607 Backed out 2 changesets (bug 1768250, bug 1720601) for multiple failures CLOSED TREE
Backed out changeset d6caea480d4d (bug 1768250)
Backed out changeset 97eccf466bf3 (bug 1720601)
2022-09-20 16:50:29 +03:00
Kershaw Chang 137b76a861 Bug 1720601 - Allow token cache to store more than one token per key, r=necko-reviewers,dragana
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.

Differential Revision: https://phabricator.services.mozilla.com/D153605
2022-09-20 12:58:06 +00:00
Dana Keeler bdb75eecd3 Bug 1790451 - remove now-unnecessary QueryInterface(Ci.nsITransportSecurityInfo) calls r=jschanck,webdriver-reviewers,necko-reviewers,application-update-reviewers,nalexander,valentin
Differential Revision: https://phabricator.services.mozilla.com/D157166
2022-09-20 03:58:50 +00:00
ffxbld 26a22933ed No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D157632
2022-09-19 13:30:31 +00:00
John Schanck ef80532ec8 Bug 1787505 - land NSS NSS_3_83_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D157510
2022-09-15 19:24:37 +00:00
Nika Layzell 0316dc51b9 Bug 1790614 - Part 2: Use {ASSERT,ENSURE}_NS_{SUCCEEEDED,FAILED} in gtests, r=ahal,necko-reviewers
These macros will produce better outputs when they fail than these existing
patterns using `ENSURE_TRUE(NS_SUCCEEDED(...))` or similar, so this is a bulk
rewrite of existing tests to use them.

It should also help with discoverability when people base their tests off of
other existing tests.

Differential Revision: https://phabricator.services.mozilla.com/D157214
2022-09-15 14:51:50 +00:00
ffxbld 2bddac315a No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D157441
2022-09-15 13:07:24 +00:00