This introduces a helper class that provides one thread all DataStorage
instances can use to do background work. This thread should have a light
workload which mainly consists of reading some files at startup, periodically
writing to these files, and writing them again at shutdown. One thread should be
able to handle this and in any case having multiple threads trying to perform
i/o at the same time would probably be less efficient than merely performing the
work sequentially.
Differential Revision: https://phabricator.services.mozilla.com/D1890
--HG--
extra : moz-landing-system : lando
ChangeCertTrustWithPossibleAuthentication should never be called while holding
nsNSSComponent::mMutex, because doing so can result in showing the master
password dialog, which spins the event loop, which can cause other code to run
that may attempt to acquire the same lock (e.g. speculative connect checking
nsNSSComponent to see if the user has smart cards or client certificates).
Differential Revision: https://phabricator.services.mozilla.com/D2011
--HG--
extra : moz-landing-system : lando
Summary: Coverity found this issue. We shouldn't continue if n is null because CERT_LIST_NEXT dereferences n.
Differential Revision: https://phabricator.services.mozilla.com/D1876
--HG--
extra : rebase_source : 8023a38425194099f334c6624ce2bd5f2e50cb95
extra : amend_source : 27947d33f9dbb0afa9ae5927dde874957eb4017c
Defining nsINSSComponent in idl rather than manually in a header file allows us
to make full use of the machinery that already exists to process and generate
the correct definitions. Furthermore, it enables us to define JS-accessible APIs
on nsINSSComponent, which enables us to build frontend features that can work
directly with the data and functionality the underlying implementation has
access to.
MozReview-Commit-ID: JFI9s12wmRE
--HG--
extra : rebase_source : 16b660e37db681c8823cbb6b7ff59dd0d35f7e73
Add whitelist rules to allow access to Extensis Universal Type Manager fonts
on 10.11 and earlier OS versions.
MozReview-Commit-ID: 3cPKlC1xCUW
--HG--
extra : rebase_source : 2f8b126cbc7dff2b4d660b6261c1a45d695e09d8
This replaces some old Chromium code that tries to minimally disentangle
an arbitrary file descriptor mapping with simpler algorithm, for several
reasons:
1. Do something appropriate when a file descriptor is mapped to the same
fd number in the child; currently they're ignored, which means they'll
be closed if they were close-on-exec. This implementation duplicates
the fd twice in that case, which seems to be uncommon in practice; this
isn't maximally efficient but avoids special-case code.
2. Make this more generally applicable; the previous design is
specialized for arbitrary code running between fork and exec, but we
also want to use this on OS X with posix_spawn, which exposes a very
limited set of operations.
3. Avoid the use of C++ standard library iterators in async signal safe
code; the Chromium developers mention that this is a potential problem in
some debugging implementations that take locks.
4. In general the algorithm is simpler and should be more "obviously
correct"; more concretely, it should get complete coverage just by being
run normally in a debug build.
As a convenient side benefit, CloseSuperfluousFds now takes an arbitrary
predicate for which fds to leave open, which means it can be used in
other code that needs it without creating a fake fd mapping.
MozReview-Commit-ID: EoiRttrbrKL
--HG--
extra : rebase_source : 336e0ba9f56dc80f7347dc62617b4ad1efea7e7e
When doing TLS session resumption, Firefox currently does not have enough
information to trivially reconstitute the original connection's security
information. Consequently, we have to rebuild the certificate chain in the
handshake callback. Before this patch, we determined the EV and CT status of the
connection but did not set the succeeded cert chain unless the certificate was
EV. This was insufficient. In this patch, we set the succeeded cert chain
regardless of if the certificate is EV or not (provided we found a valid chain).
MozReview-Commit-ID: AuKrlBwX1Qh
--HG--
extra : rebase_source : 357ec38ce8c768ac5218d05ccaea5d1b45af8dfd
No bug, Automated HSTS preload list update from task PFJDsn1_RJyPxtwQXtin8A
No bug, Automated HPKP preload list update from task PFJDsn1_RJyPxtwQXtin8A
No bug, Automated blocklist update from task PFJDsn1_RJyPxtwQXtin8A
No bug, Automated remote settings update from task PFJDsn1_RJyPxtwQXtin8A
Differential Revision: https://phabricator.services.mozilla.com/D1580
Before this patch, nsNSSComponent initialization would call PK11_ConfigurePKCS11
with some localized strings, which contributed to startup time. Also,
PK11_UnconfigurePKCS11 was never called, so the memory allocated to these
strings would stick around forever. This patch addresses both of these problems
by not calling PK11_ConfigurePKCS11. This means that some properties of NSS'
internal "PKCS#11 slots/tokens" have to be localized when displaying them to the
user.
MozReview-Commit-ID: BbAgbgpFfFG
--HG--
extra : rebase_source : b633da8fea683675d0c0514a378954332afeb024
Jan de Mooij
David Keeler
ffxbld
Franziskus Kiefer
Aaron Klotz
shindli
Tiberius Oros
Mark Banner
Kai Engert
Margareta Eliza Balazs
Tom Ritter
Mathieu Leplatre
Dorel Luca
Haik Aftandilian
Csoregi Natalia
Gurzau Raul
Andi-Bogdan Postelnicu
ffxbld
Ciure Andrei
J.C. Jones
Jed Davis
Coroiu Cristina
Dipen Patel
Joel Maher
Narcis Beleuzu
Kris Maglione