The Family Safety TLS interception feature is seldom used and security-wise is
essentially equivalent to the enterprise or third-party roots feature. To
simplify future improvements, this patch folds them together by automatically
importing third-party roots if Firefox detects that the Family Safety TLS
interception feature has been enabled. This affects Windows 8.1 only. When
usage of Windows 8.1 is low enough, we will remove the feature altogether.
Differential Revision: https://phabricator.services.mozilla.com/D16727
--HG--
extra : moz-landing-system : lando
This stops the use of some win32k calls during start-up that will fail and in
some cases cause a crash.
It also moves the MITIGATION_DYNAMIC_CODE_DISABLE to be enabled after start-up.
This is required because the hooks to fake the user32 and gdi32 initialization
are applied as the DLLs load and the dynamic code disable blocks that.
Add "(with no-log)" to the iokit-get-properties and other extra deny types in the content and GMP sandbox profiles.
Differential Revision: https://phabricator.services.mozilla.com/D17285
--HG--
extra : moz-landing-system : lando
NSS 3.42 added a new build flag, enable_sslkeylogfile, to toggle the
availability of the SSLKEYLOGFILE variable (see Bug 1515236 and Bug 1519209).
Differential Revision: https://phabricator.services.mozilla.com/D17588
--HG--
extra : moz-landing-system : lando
***
Bug 1514594: Part 3a - Change ChromeUtils.import to return an exports object; not pollute global. r=mccr8
This changes the behavior of ChromeUtils.import() to return an exports object,
rather than a module global, in all cases except when `null` is passed as a
second argument, and changes the default behavior not to pollute the global
scope with the module's exports. Thus, the following code written for the old
model:
ChromeUtils.import("resource://gre/modules/Services.jsm");
is approximately the same as the following, in the new model:
var {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
Since the two behaviors are mutually incompatible, this patch will land with a
scripted rewrite to update all existing callers to use the new model rather
than the old.
***
Bug 1514594: Part 3b - Mass rewrite all JS code to use the new ChromeUtils.import API. rs=Gijs
This was done using the followng script:
https://bitbucket.org/kmaglione/m-c-rewrites/src/tip/processors/cu-import-exports.jsm
***
Bug 1514594: Part 3c - Update ESLint plugin for ChromeUtils.import API changes. r=Standard8
Differential Revision: https://phabricator.services.mozilla.com/D16747
***
Bug 1514594: Part 3d - Remove/fix hundreds of duplicate imports from sync tests. r=Gijs
Differential Revision: https://phabricator.services.mozilla.com/D16748
***
Bug 1514594: Part 3e - Remove no-op ChromeUtils.import() calls. r=Gijs
Differential Revision: https://phabricator.services.mozilla.com/D16749
***
Bug 1514594: Part 3f.1 - Cleanup various test corner cases after mass rewrite. r=Gijs
***
Bug 1514594: Part 3f.2 - Cleanup various non-test corner cases after mass rewrite. r=Gijs
Differential Revision: https://phabricator.services.mozilla.com/D16750
--HG--
extra : rebase_source : 359574ee3064c90f33bf36c2ebe3159a24cc8895
extra : histedit_source : b93c8f42808b1599f9122d7842d2c0b3e656a594%2C64a3a4e3359dc889e2ab2b49461bab9e27fc10a7
For sandbox early startup, ensure violation logging is only enabled when the parent passes the -sbLogging flag.
Differential Revision: https://phabricator.services.mozilla.com/D17013
--HG--
extra : moz-landing-system : lando
In Bug 1462100 we started casting to void* because mingw doesn't do
automatic conversions like MSVC does. In Bug 1498695 I backed out that
change because I (mistakenly) thought it wasn't necessary for mingw-clang
when in actuality, I simply wasn't hitting the code path due to
SANDBOX_EXPORTS being defined.
Since we want to _not_ define SANDBOX_EXPORTS I need to put the original
patch back in place.
--HG--
extra : amend_source : a26eec746e7881fa88b963c8dd3c1fa900b6a8b6
ffxbld
Andrea Marchesini
Myk Melez
shindli
Dana Keeler
Bob Owen
arthur.iakab
Kris Maglione
Haik Aftandilian
Byron Campen [:bwc]
Sebastian Hengst
Razvan Maries
J.C. Jones
J.C. Jones
Sylvestre Ledru
Ciure Andrei
Tim Nguyen
Gurzau Raul
Tom Ritter
Cosmin Sabou
Noemi Erli
Ehsan Akhgari
Valentin Gosu
Jared Wein