The initial implementation made some incorrect assumptions about the data that
was in our data set and used the wrong field to identify the certificates to
delete when they are removed from our preload list. Now that the data set has
the expected field (the hash of the whole certificate), we can use it instead.
Differential Revision: https://phabricator.services.mozilla.com/D32380
--HG--
extra : moz-landing-system : lando
This fixes issues with the NSS and LibSecret keystore not correctly rejecting unlocking of the key store.
Updated for dynamic loading of LibSecret and a bug workaround added elsewhere (updated green try below)
Depends on D9969.
Differential Revision: https://phabricator.services.mozilla.com/D7713
--HG--
extra : moz-landing-system : lando
Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no
mechanism available for FIDO U2F JS API operations on Android. The exposed API
is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API
operations on Android, and we should disable the u2f preference so that
window.u2f is not set inappropriately.
Updated to fix test_interfaces.js
Differential Revision: https://phabricator.services.mozilla.com/D31695
--HG--
extra : moz-landing-system : lando
There's a bug in ole32.dll on arm64 versions of Windows prior to 1809, that crashes our content processes if we enable CFG. We've reported the issue, but even if it gets fixed, we can't assume users will have the update.
This patch uses process mitigation policy flags to disable CFG on arm64 before 1809. Based on testing, we only need to do this in the sandbox for child processes, and it's not strictly necessary for the launcher stub to set the flag on the main process. But I've included that anyway as a guard against some yet-undiscovered scenario that might hit the issue and make the browser unusable.
The effects of this patch won't be visible until we actually enable CFG in a subsequent landing.
Differential Revision: https://phabricator.services.mozilla.com/D29474
--HG--
extra : moz-landing-system : lando
In bug 1056341 we introduced a search budget to mozilla::pkix to attempt to work
around the problem of having an extremely large search space given a set of
certificates all with the same subject and issuer distinguished names but
different public keys. In the end, though, there is probably no good value to
choose for the budget that is small enough to run quickly on the wide range of
hardware our users have and yet is large enough that we're confident won't break
someone's complicated pki setup (looking at you, the US federal government).
To address this, use the observation that as long as an intermediate can't *add*
information necessary to build a certificate chain (e.g. stapled SCTs), we
should never need a self-signed intermediate (as in, its own key verifies the
signature on it and its subject and issuer distinguished names are identical) to
build a trusted chain (since the exact same chain without that intermediate
should be valid). Given this, we simply skip all self-signed non-trust anchor
CA certificates during path building.
Differential Revision: https://phabricator.services.mozilla.com/D31368
--HG--
extra : moz-landing-system : lando
There's a bug in ole32.dll on arm64 versions of Windows prior to 1809, that crashes our content processes if we enable CFG. We've reported the issue, but even if it gets fixed, we can't assume users will have the update.
This patch uses process mitigation policy flags to disable CFG on arm64 before 1809. Based on testing, we only need to do this in the sandbox for child processes, and it's not strictly necessary for the launcher stub to set the flag on the main process. But I've included that anyway as a guard against some yet-undiscovered scenario that might hit the issue and make the browser unusable.
The effects of this patch won't be visible until we actually enable CFG in a subsequent landing.
Differential Revision: https://phabricator.services.mozilla.com/D29474
--HG--
extra : moz-landing-system : lando
Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no
mechanism available for FIDO U2F JS API operations on Android. The exposed API
is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API
operations on Android, and we should disable the u2f preference so that
window.u2f is not set inappropriately.
Differential Revision: https://phabricator.services.mozilla.com/D31695
--HG--
extra : moz-landing-system : lando
This also enables using cert_storage for OneCRL, since it and intermediate
preloading both use the same backend.
Differential Revision: https://phabricator.services.mozilla.com/D31345
--HG--
extra : moz-landing-system : lando
PGO instrumentation interacts badly with this code, and it's not crucial
that this code be lightning fast.
Differential Revision: https://phabricator.services.mozilla.com/D31131
--HG--
extra : moz-landing-system : lando
If an XPIDL interface has a method or attribute that is [notxpcom],
then it is implicitly treated as [builtinclass], even if it is not
marked as such. For clarity, this patch goes through and marks every
place that relies on this behavior (aside from some test code).
Differential Revision: https://phabricator.services.mozilla.com/D30714
--HG--
extra : moz-landing-system : lando
SSLTokensCache is a simple memory only storage for resumption tokens which are get and set using API for external TLS session caches in NSS.
Differential Revision: https://phabricator.services.mozilla.com/D29465
--HG--
extra : moz-landing-system : lando
Support using the Google Play-provided FIDO2 API for Web Authentication.
FIDO U2F API support is being handled subsequently in Bug 1550625.
This patch uses the privileged APIs and thus will only work on Fennec Nightly, Beta, and Release builds.
Differential Revision: https://phabricator.services.mozilla.com/D1148
--HG--
extra : moz-landing-system : lando
Summary:
Our previous approach to making this intermediate available relied on being able
to add it to the user's NSS cert DB. This does work in the majority of cases,
but there are some situations where it doesn't work (e.g. if the user's DB is
set to read only, if they've configured Firefox to run in "nocertdb" mode, if
they have a master password but forgot it, and so on). This patch compiles the
intermediate in to Firefox in the same way we incorporate the root, so it should
always be available.
At the same time, this patch reverts the changes from
023dd959512e2cfa685187616560f91efa91183c and
1d35f8d88bdd007e01d42c4ff76c6d10d7c01a98 (the patches that implemented the
original approach) because they should no longer be necessary.
Reviewers: jcj!, kmag!
Tags: #secure-revision
Bug #: 1549249
Differential Revision: https://phabricator.services.mozilla.com/D30090
--HG--
extra : amend_source : dd475918be3f263a4a363c66a60edc708d3bdcca
extra : histedit_source : b6861a1d7c7ddbe07d5df73d76734d9a48ee3164%2C54cbc4b0446ff1ee3dc860bb2d3798ba8f662566
Sylvestre Ledru
arthur.iakab
Dana Keeler
Kevin Jacobs
ffxbld
shindli
J.C. Jones
Mathieu Leplatre
J.C. Jones
David Major
Coroiu Cristina
Julien Cristau
Bogdan Tara
Nathan Froyd
Andrew McCreight
Michal Novotny
Narcis Beleuzu
Razvan Maries
Daniel Varga
Oana Pop Rus
Haik Aftandilian
Gijs Kruitbosch