mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
842 606 коммитов 613 Ветки 98 Теги 5,8 GiB
Граф коммитов

17118 Коммитов

Автор SHA1 Сообщение Дата
Bob Owen 72886c7966 Bug 1809657: Start next line break chunk from start of previous search when no breaks found. r=jfkthame 
This means that we start from a known non-break and that we shouldn't be in any
danger of causing false breaks once Uniscribe gets to unprocessed characters.

This also makes the crash tests manual and debug only.
Manual because now that the win32k pref is default on and not dynamic the tests
will not run on try any more.
Debug only so that we don't include code in opt builds that is only for manual
tests.

Differential Revision: https://phabricator.services.mozilla.com/D167271
 2023-01-20 13:12:06 +00:00
Gijs Kruitbosch 8be066753c Bug 1810995 - update BrowserTestUtils.loadURI consumers to use loadURIString (automated) - other directories - r=Standard8,webdriver-reviewers,whimboo 
Differential Revision: https://phabricator.services.mozilla.com/D167154
 2023-01-19 20:16:43 +00:00
Natalia Kulatova 6940237fdb Bug 1808725 - land NSS NSS_3_88_BETA1 UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D167294
 2023-01-19 19:22:53 +00:00
ffxbld 1884b5fef3 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D167243
 2023-01-19 16:56:45 +00:00
Nika Layzell 9d6bb19c23 Bug 1809753 - Part 4: Remove unnecessary GetMainThreadEventTarget, r=mccr8 
This method always returned GetMainThreadSerialEventTarget(). This patch
switches all callers over to use that method instead.

We can't easily switch all calls to be calls to NS_GetMainThread(), as there is
no version of that method returning a bare nsIThread* instance.

I didn't introduce one, as we may want to add a lock around mMainThread in the
future, which would require removing nsThreadManager::GetMainThreadWeak. As
this method only returns nsISerialEventTarget, it method could remain
implemented, however, by returning a statically allocated fake event target
which forwards dispatches (and QIs to nsIThread) to the real main thread.

Differential Revision: https://phabricator.services.mozilla.com/D166608
 2023-01-16 23:14:12 +00:00
Sandor Molnar 41b78439d0 Backed out 6 changesets (bug 1809752, bug 1809753) for causing perma failures in browser/components/firefoxview/tests/browser/browser_feature_callout_position.js 
Backed out changeset ea05784d74c4 (bug 1809753)
Backed out changeset 7c9b20eebcc8 (bug 1809753)
Backed out changeset d0267ac2256d (bug 1809753)
Backed out changeset aa9f2971bd6f (bug 1809753)
Backed out changeset f0d9fcfaa6f8 (bug 1809752)
Backed out changeset 6d58c799cffe (bug 1809752)
 2023-01-17 03:19:24 +02:00
Nika Layzell f7772bb6ae Bug 1809753 - Part 4: Remove unnecessary GetMainThreadEventTarget, r=mccr8 
This method always returned GetMainThreadSerialEventTarget(). This patch
switches all callers over to use that method instead.

We can't easily switch all calls to be calls to NS_GetMainThread(), as there is
no version of that method returning a bare nsIThread* instance.

I didn't introduce one, as we may want to add a lock around mMainThread in the
future, which would require removing nsThreadManager::GetMainThreadWeak. As
this method only returns nsISerialEventTarget, it method could remain
implemented, however, by returning a statically allocated fake event target
which forwards dispatches (and QIs to nsIThread) to the real main thread.

Differential Revision: https://phabricator.services.mozilla.com/D166608
 2023-01-16 23:14:12 +00:00
ffxbld 46a72deb4e No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D166905
 2023-01-16 14:39:17 +00:00
ffxbld 7b3591fa19 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D166656
 2023-01-12 13:35:54 +00:00
Sandor Molnar d5a35541c6 Backed out changeset bf3bdd2f1384 (bug 1809657) for causing wpt failures. 2023-01-11 23:06:12 +02:00
Greg Stoll 5ed659c337 Bug 1809657 - only set kMaxBrokeredLen to low value in debug mode r=bobowen 
Per the linked bug, this was getting set to a low value in released shipping builds, which may have a performance impact. As a side benefit this means we run tests with the low and the high value, which might catch more problems.

Differential Revision: https://phabricator.services.mozilla.com/D166564
 2023-01-11 16:59:51 +00:00
Ben Hearsum 6c520ec6c8 Bug 1805919: disable tests that are currently failing against MSIX packages. r=jmaher,necko-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D165754
 2023-01-11 14:45:03 +00:00
Dana Keeler 99fd87410b Bug 1808816 - find potential client certificates on the socket thread rather than the main thread r=jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D166371
 2023-01-09 21:46:59 +00:00
ffxbld e35344c5cf No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D166295
 2023-01-09 13:09:38 +00:00
Dennis Jackson d5b0265d37 Bug 1805486 - land NSS NSS_3_87_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,bbeurdouche 
Differential Revision: https://phabricator.services.mozilla.com/D166083
 2023-01-05 16:31:20 +00:00
Greg Stoll 20f1afb0b5 Bug 1806041 - limit CIG checking to nightly builds r=yjuglaret 
Differential Revision: https://phabricator.services.mozilla.com/D165997
 2023-01-05 14:59:48 +00:00
ffxbld 9858b2a52e No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D166045
 2023-01-05 13:10:13 +00:00
Greg Stoll d86f570a9a Bug 1808379 - don't return reference to temporary object r=yjuglaret 
Differential Revision: https://phabricator.services.mozilla.com/D165995
 2023-01-05 12:40:28 +00:00
John Schanck 9095a45904 Bug 1805371 - avoid building and running FaultyServer tests with system NSS. r=glandium,necko-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D164952
 2023-01-03 17:48:24 +00:00
Mark Banner 9594c03938 Bug 1808115 - Remove the separate EmbedPrompter wrapper, use Prompter instead. r=Gijs,necko-reviewers,geckoview-reviewers,valentin,m_kato 
We no longer support the legacy add-ons, so this should not be necessary.

Differential Revision: https://phabricator.services.mozilla.com/D165764
 2023-01-03 17:19:48 +00:00
Sylvestre Ledru 11543ba854 Bug 1802290 - Remove +x permissions on more files r=linter-reviewers,andi 
Differential Revision: https://phabricator.services.mozilla.com/D165841
 2023-01-03 08:17:50 +00:00
ffxbld 742e8d773c No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D165811
 2023-01-02 17:17:51 +00:00
Greg Stoll bd687d3319 Bug 1744362 - Part 12: fix build and some tests r=handyman 
- In sandboxBroker.cpp Be more careful about checking whether GetDependentModules() is returning an empty span to avoid ASAN problems
- In TestCrossProcessWin.cpp, make UniquePtr live as long as the Span that wraps it
- In LauncherRegistryInfo, mingw doesn't allow using `constexpr` with expressions containing '|', so just make flags `const` instead.

Differential Revision: https://phabricator.services.mozilla.com/D165561
 2022-12-30 20:10:06 +00:00
Toshihito Kikuchi 61206c170d Bug 1744362 - Part 5: Access the shared section through DllServices r=handyman 
Differential Revision: https://phabricator.services.mozilla.com/D164487
 2022-12-30 20:10:03 +00:00
ffxbld 1a73588968 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D165673
 2022-12-29 13:32:06 +00:00
Sylvestre Ledru 1f8d23143a Bug 1802288 - remove trailing whitespaces in idl/webidl files r=credential-management-reviewers,webidl,smaug,sgalich 
Differential Revision: https://phabricator.services.mozilla.com/D165559
 2022-12-28 09:52:44 +00:00
Butkovits Atila 5e31c1c2cf Backed out 12 changesets (bug 1744362) for causing build bustages. 
Backed out changeset 3f63f21115e2 (bug 1744362)
Backed out changeset 0df403e8f6ba (bug 1744362)
Backed out changeset 34f51e6aee96 (bug 1744362)
Backed out changeset 39ff51df4a45 (bug 1744362)
Backed out changeset da9133df4cd4 (bug 1744362)
Backed out changeset 315c57948afa (bug 1744362)
Backed out changeset a2d8f526e0ff (bug 1744362)
Backed out changeset 401ebbc0159d (bug 1744362)
Backed out changeset 2911fe484cc3 (bug 1744362)
Backed out changeset d1f4b99f352b (bug 1744362)
Backed out changeset 0a3ce8ea039e (bug 1744362)
Backed out changeset ab1292118c00 (bug 1744362)
 2022-12-27 22:54:30 +02:00
Greg Stoll 90ae8103e3 Bug 1744362 - Part 12: fix build and some tests r=handyman 
- In sandboxBroker.cpp Be more careful about checking whether GetDependentModules() is returning an empty span to avoid ASAN problems
- In TestCrossProcessWin.cpp, make UniquePtr live as long as the Span that wraps it
- In LauncherRegistryInfo, mingw doesn't allow using `constexpr` with expressions containing '|', so just make flags `const` instead.

Depends on D164738

Differential Revision: https://phabricator.services.mozilla.com/D165561
 2022-12-27 20:06:43 +00:00
Toshihito Kikuchi 882bef3d41 Bug 1744362 - Part 5: Access the shared section through DllServices r=handyman 
Differential Revision: https://phabricator.services.mozilla.com/D164487
 2022-12-27 20:06:40 +00:00
Stanca Serban 822be63b67 Backed out 11 changesets (bug 1744362) for causing multiple failures and build bustages. CLOSED TREE 
Backed out changeset 4b2e3689cea0 (bug 1744362)
Backed out changeset cf1db931c466 (bug 1744362)
Backed out changeset 8c87571dbb3e (bug 1744362)
Backed out changeset 8b50446f91e5 (bug 1744362)
Backed out changeset 848632184f56 (bug 1744362)
Backed out changeset acfdb2bcaa9f (bug 1744362)
Backed out changeset 80b67f7ea109 (bug 1744362)
Backed out changeset c88902b60d1f (bug 1744362)
Backed out changeset 438f74bb5b7c (bug 1744362)
Backed out changeset 704a4150d210 (bug 1744362)
Backed out changeset 1dd7e7c111da (bug 1744362)
 2022-12-27 16:25:04 +02:00
Toshihito Kikuchi 99ea21dafe Bug 1744362 - Part 5: Access the shared section through DllServices r=handyman 
Differential Revision: https://phabricator.services.mozilla.com/D164487
 2022-12-27 12:59:08 +00:00
ffxbld b07bb5c8bf No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D165520
 2022-12-26 15:37:07 +00:00
Marco Castelluccio f69e697461 Bug 1801836 - Remove no longer necessary 'from __future__' imports. r=linter-reviewers,glandium,webdriver-reviewers,perftest-reviewers,geckoview-reviewers,jld,ahal,owlish,afinder DONTBUILD 
Differential Revision: https://phabricator.services.mozilla.com/D165395
 2022-12-23 22:45:46 +00:00
ffxbld 07f8e9babd No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D165389
 2022-12-22 14:54:32 +00:00
ffxbld 8dd5f19d92 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D165231
 2022-12-21 04:03:00 +00:00
Emilio Cobos Álvarez 2b72ef3e89 Bug 1801607 - Improve certManager layout. r=mconley,settings-reviewers 
Allow the tabbox/tabpanels to shrink, and remove an useless <vbox>.

Differential Revision: https://phabricator.services.mozilla.com/D163660
 2022-12-20 09:19:09 +00:00
ffxbld b3afaa09ad No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D165011
 2022-12-19 14:48:41 +00:00
Dennis Jackson 93d4366b2d Bug 1805486 - land NSS NSS_3_87_BETA1 UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D164919
 2022-12-16 18:33:28 +00:00
Barret Rennie e6d1635f6e Bug 1772924 - Remove osfile.jsm usage in /security/sandbox/ r=haik 
Differential Revision: https://phabricator.services.mozilla.com/D163404
 2022-12-16 00:29:46 +00:00
ffxbld 1071f00713 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D164800
 2022-12-15 14:04:48 +00:00
Csoregi Natalia a94c9b3808 Backed out changeset 9a6e4fbe0be0 (bug 1772924) for failures on browser_content_sandbox_fs_xdg.js. CLOSED TREE 2022-12-15 05:29:28 +02:00
Barret Rennie 2b616f5008 Bug 1772924 - Remove osfile.jsm usage in /security/sandbox/ r=haik 
Differential Revision: https://phabricator.services.mozilla.com/D163404
 2022-12-15 02:47:48 +00:00
Dana Keeler d6331d843b Bug 177175 - cancel subsequent PKCS#11 password prompts if more than one happens concurrently r=jschanck 
Unfortunately, since NSS can prompt for PKCS#11 authentication on the main
thread, the prompt in question results in a nested event loop, which means that
the prompt code can be re-entered and another prompt can appear before the
first is dealt with. As long as NSS can run on the main thread, this will
continue to be the case. Recently we've done a lot of work to prevent NSS
running on the main thread, but that work is by no means complete. In the
meantime, we can paper over this situation by cancelling any prompts that come
after one that is still in progress. This will cause some NSS operations to
fail in a way that should be recoverable by simply retrying them (e.g. the user
can refresh the page or close and re-open it).

Differential Revision: https://phabricator.services.mozilla.com/D164280
 2022-12-13 20:43:37 +00:00
Dana Keeler b76b1c4d68 Bug 177175 - re-implement PKCS#11 protected auth UI with modern components r=jschanck,fluent-reviewers,flod 
The previous implementation used some heavyweight, outdated, and unnecessary
components to achieve its effect. This patch greatly simplifies the
implementation.

Differential Revision: https://phabricator.services.mozilla.com/D164279
 2022-12-13 20:43:36 +00:00
Dana Keeler cc88d42fef Bug 1804793 - add missing data-l10n-args for tokenName in changepassword.xhtml r=Gijs 
Differential Revision: https://phabricator.services.mozilla.com/D164278
 2022-12-13 19:59:53 +00:00
Dana Keeler 28f5b1d868 Bug 1805282 - update static pinning information url r=jschanck 
Chrome has updated where it stores its static pinning information.

Differential Revision: https://phabricator.services.mozilla.com/D164498
 2022-12-13 19:53:19 +00:00
Sylvestre Ledru 04363d3827 Bug 1802689 - Add missing licenses info in Cargo.toml r=mhoye,necko-reviewers,kershaw,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D163157
 2022-12-13 09:14:44 +00:00
Mike Hommey 5fd296e7b8 Bug 1804595 - Update osclientcerts to libloading 0.7. r=keeler,supply-chain-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D164177
 2022-12-13 00:37:50 +00:00
Mark Banner 53ce0faad1 Bug 1804661 - Convert browser/components/BrowserGlue.jsm to an ES module. r=Gijs,settings-reviewers,perftest-reviewers,sparky 
Differential Revision: https://phabricator.services.mozilla.com/D164204
 2022-12-12 14:59:18 +00:00
ffxbld fbbfc74875 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D164446
 2022-12-12 13:48:29 +00:00
John Schanck 7f3ed4068d Bug 1802996 - land NSS NSS_3_86_RTM UPGRADE_NSS_RELEASE, r=bbeurdouche 
Differential Revision: https://phabricator.services.mozilla.com/D164263
 2022-12-08 20:51:52 +00:00
ffxbld 255408cc51 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D164198
 2022-12-08 14:23:48 +00:00
Dana Keeler 88838b311a Bug 1801016: remove expiring telemetry "security.psm_ui_interaction" r=djackson 
Differential Revision: https://phabricator.services.mozilla.com/D163972
 2022-12-07 17:30:21 +00:00
Natalia Kulatova 9e6457328f Bug 1802319 - Modification of the bug "Consider removing ECDSA_SHA1 signature algorithm". r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D162999
 2022-12-07 11:34:55 +00:00
Mark Banner ff47c36f9b Bug 1803914 - Automatically replace Cu.reportError with console.error (misc). r=mossop 
Differential Revision: https://phabricator.services.mozilla.com/D163772
 2022-12-06 14:34:57 +00:00
Valentin Gosu c5dcc9435f Bug 1797279 - Add nsINSSComponent.asyncClearSSLExternalAndInternalSessionCache that waits for socket process to clear the cache r=keeler,necko-reviewers,kershaw 
This is a test only method, and the fact that the operation is not sync
with socket process can possibly cause racy tests.
This patch adds an async version of clearSSLExternalAndInternalSessionCache
that returns a promise.

Differential Revision: https://phabricator.services.mozilla.com/D162153
 2022-12-06 10:36:10 +00:00
Jed Davis 21e1f65696 Bug 1784517 - Explicitly skip sandboxing tests on unsandboxed build types. r=jmaher 
There are tools which consume `moz.build` files by reading every one in
the tree, rather than traversing `DIRS` for a specific build type (see
bug 1667271 comment #89 for background); as a result, we can end up with
CI test jobs that try to run sandboxing tests on build types like Linux
ASan where `security/sandbox` isn't built, and fail.

This patch applies a suggested workaround: add an otherwise redundant
`skip-if` declaration to the test manifests to skip them on the platforms
where they're not part of the build.

Note that sandboxing is disabled in the presence of Linux ASan or TSan
by logic in `toolkit/moz.configure`, but for code coverage builds it's
done via the CI mozconfig files adding `--disable-sandbox`.

Differential Revision: https://phabricator.services.mozilla.com/D163411
 2022-12-05 21:23:32 +00:00
ffxbld 3026e10680 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D163821
 2022-12-05 14:05:21 +00:00
John Schanck 282382a80f Bug 1802996 - land NSS NSS_3_86_BETA1 UPGRADE_NSS_RELEASE, r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D163641
 2022-12-03 21:47:31 +00:00
John M. Schanck 06c7606fd3 Bug 1803704 - Disable EV Treatment for "Network Solutions Certificate Authority". r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D163735
 2022-12-02 18:41:39 +00:00
Cristian Tuns 5eaed27bd7 Backed out changeset 4534fc16cb5c (bug 1802996) for causing multiple failures UPGRADE_NSS_RELEASE CLOSED TREE 2022-12-01 18:47:20 -05:00
John Schanck 399c57a914 Bug 1802996 - land NSS NSS_3_86_BETA1 UPGRADE_NSS_RELEASE, r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D163641
 2022-12-01 21:41:21 +00:00
Yannis Juglaret 8b95e44d5b Bug 1800933 - Let ACG in RDD and WMF ride the trains. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D163585
 2022-12-01 14:11:15 +00:00
ffxbld 7f88fb67c4 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D163574
 2022-12-01 13:09:16 +00:00
Mike Hommey 94c0c63594 Bug 1801029 - Upgrade bindgen to 0.63.0. r=emilio,necko-reviewers,supply-chain-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D163375
 2022-11-30 22:06:50 +00:00
Marian-Vasile Laza 9414231a2f Backed out 3 changesets (bug 1797279, bug 1800758) for causing xpcshell failures on test_httpssvc_retry_with_ech.js. CLOSED TREE 
Backed out changeset 8de777d3d624 (bug 1797279)
Backed out changeset daf5d55079db (bug 1797279)
Backed out changeset 40c7d48e81f6 (bug 1800758)
 2022-11-30 21:08:34 +02:00
Valentin Gosu bee1b0905e Bug 1797279 - Add nsINSSComponent.asyncClearSSLExternalAndInternalSessionCache that waits for socket process to clear the cache r=keeler,necko-reviewers,kershaw 
This is a test only method, and the fact that the operation is not sync
with socket process can possibly cause racy tests.
This patch adds an async version of clearSSLExternalAndInternalSessionCache
that returns a promise.

Differential Revision: https://phabricator.services.mozilla.com/D162153
 2022-11-30 13:37:11 +00:00
Alexandre Lissy 225f9f94b2 Bug 1802513 - Allow readlink(/proc/self/exe) in Utility sandbox for FFVPX r=gcp 
Differential Revision: https://phabricator.services.mozilla.com/D163227
 2022-11-30 10:10:22 +00:00
Dana Keeler e3836395ba Bug 1795831 - fix checkHandshake in PSM to correctly handle zero-length reads r=jschanck,necko-reviewers 
This also restructures checkHandshake to be more clear and understandable, to
simplify maintenance going forward.

Differential Revision: https://phabricator.services.mozilla.com/D162799
 2022-11-29 22:12:46 +00:00
Butkovits Atila 5258bae36b Backed out changeset 99ed42b2349b (bug 1795831) for causing build bustages at nsNSSIOLayer.cpp. CLOSED TREE 2022-11-29 04:05:41 +02:00
Dana Keeler ce55b5d5de Bug 1795831 - fix checkHandshake in PSM to correctly handle zero-length reads r=jschanck,necko-reviewers 
This also restructures checkHandshake to be more clear and understandable, to
simplify maintenance going forward.

Differential Revision: https://phabricator.services.mozilla.com/D162799
 2022-11-28 21:50:50 +00:00
ffxbld 501d9124e3 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D163210
 2022-11-28 13:42:23 +00:00
Barret Rennie 59bf1539b1 Bug 1541508 - Use Services.env in security/ r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D160145
 2022-11-25 19:09:10 +00:00
Marco Castelluccio 5c8c82f4e5 Bug 1790816 - Reformat security/ with isort. r=linter-reviewers,ahal DONTBUILD 
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D162666
 2022-11-24 17:22:21 +00:00
ffxbld ad2bde721e No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D162979
 2022-11-24 14:36:58 +00:00
ffxbld 70b662d1ff No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D162552
 2022-11-21 14:06:35 +00:00
Chris H-C fc358ad992 Bug 1799442 - Update Glean to v51.8.2, rkv to 0.18 r=janerik,supply-chain-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D162345
 2022-11-18 13:56:27 +00:00
Jan Andre Ikenmeyer 9ac9619c3c Bug 1600437 - Disable CBC-mode ECDSA ciphers and stop advertising ECDSA+SHA1 signature algorithm. r=nkulatova 
Differential Revision: https://phabricator.services.mozilla.com/D65197
 2022-11-18 13:13:52 +00:00
Marian-Vasile Laza 023eed4276 Backed out changeset 75acc8e81d81 (bug 1799442) for causing WR tidy bustage. CLOSED TREE 2022-11-18 14:23:58 +02:00
Chris H-C 7655a12f65 Bug 1799442 - Update Glean to v51.8.2, rkv to 0.18 r=janerik,supply-chain-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D162345
 2022-11-18 10:15:40 +00:00
ffxbld d538db87cb No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D162281
 2022-11-17 13:28:42 +00:00
Mark Banner 1ecc61f91d Bug 1799314 - Convert consumers of testing modules to import ES modules direct (security/manager/). r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D161912
 2022-11-17 12:00:30 +00:00
Dana Keeler 1a2ff46b6e Bug 1791633 - separate nsITLSSocketControl from nsITransportSecurityInfo r=necko-reviewers,kershaw,jschanck 
Depends on D160311

Differential Revision: https://phabricator.services.mozilla.com/D160313
 2022-11-16 16:37:29 +00:00
Dana Keeler d8c65c4b8b Bug 1791633 - rename nsISSLSocketControl to nsITLSSocketControl and move it and nsITransportSecurityInfo to PSM r=necko-reviewers,kershaw 
Depends on D160310

Differential Revision: https://phabricator.services.mozilla.com/D160311
 2022-11-16 16:37:29 +00:00
Dana Keeler d1189f7803 Bug 1791633 - rename nsNSSSocketInfo to NSSSocketControl and move to its own file r=jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D160310
 2022-11-16 16:37:28 +00:00
Marian-Vasile Laza 9c44d165bb Backed out 3 changesets (bug 1791633) for causing bustages on TransportSecurityInfo.cpp. CLOSED TREE 
Backed out changeset 23b864e14db0 (bug 1791633)
Backed out changeset 0bcba3375ec0 (bug 1791633)
Backed out changeset ab0ea0d68f5c (bug 1791633)
 2022-11-15 23:51:58 +02:00
Dana Keeler 0a13b94a8f Bug 1791633 - separate nsITLSSocketControl from nsITransportSecurityInfo r=necko-reviewers,kershaw,jschanck 
Depends on D160311

Differential Revision: https://phabricator.services.mozilla.com/D160313
 2022-11-15 20:03:29 +00:00
Dana Keeler 21ac70dabe Bug 1791633 - rename nsISSLSocketControl to nsITLSSocketControl and move it and nsITransportSecurityInfo to PSM r=necko-reviewers,kershaw 
Depends on D160310

Differential Revision: https://phabricator.services.mozilla.com/D160311
 2022-11-15 20:03:29 +00:00
Dana Keeler bd6502dc63 Bug 1791633 - rename nsNSSSocketInfo to NSSSocketControl and move to its own file r=jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D160310
 2022-11-15 20:03:28 +00:00
Haik Aftandilian e78d11eccf Bug 1799922 - Remove codesign.bash r=mstange 
Remove the unmaintained codesign.bash script.

Production builds are signed in automation using the Release Engineering script scriptworker-scripts/iscript.

Differential Revision: https://phabricator.services.mozilla.com/D161710
 2022-11-15 16:03:31 +00:00
Butkovits Atila f3f66bf7e5 Backed out 3 changesets (bug 1791633) for causing build bustages at nsHttpConnectionMgr.cpp:. CLOSED TREE 
Backed out changeset ee9744982673 (bug 1791633)
Backed out changeset f5a4bfdaba40 (bug 1791633)
Backed out changeset f57131b9cfe2 (bug 1791633)
 2022-11-15 08:07:16 +02:00
Dana Keeler a7fbd7a3a0 Bug 1791633 - separate nsITLSSocketControl from nsITransportSecurityInfo r=necko-reviewers,kershaw,jschanck 
Depends on D160311

Differential Revision: https://phabricator.services.mozilla.com/D160313
 2022-11-15 05:34:40 +00:00
Dana Keeler e5e2d15c2f Bug 1791633 - rename nsISSLSocketControl to nsITLSSocketControl and move it and nsITransportSecurityInfo to PSM r=necko-reviewers,kershaw 
Depends on D160310

Differential Revision: https://phabricator.services.mozilla.com/D160311
 2022-11-15 05:34:40 +00:00
Dana Keeler 0da2ba4f53 Bug 1791633 - rename nsNSSSocketInfo to NSSSocketControl and move to its own file r=jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D160310
 2022-11-15 05:34:39 +00:00
Mark Banner 47eab692fd Bug 1800247 - Replace incorrect uses of two-argument Cu.reportError with console.error or equivalent (RemoteSecuritySettings.jsm). r=keeler 
Depends on D161922

Differential Revision: https://phabricator.services.mozilla.com/D161923
 2022-11-14 21:27:47 +00:00
ffxbld e5f90c385f No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D161990
 2022-11-14 12:46:03 +00:00
Dana Keeler 4bd07dc4ca Bug 1799976 - onecrl: clean up the old versions of updated blocklisted entries r=jschanck 
When a onecrl revocation gets updated, the entry corresponding to its previous
value needs to be unset.

Differential Revision: https://phabricator.services.mozilla.com/D161827
 2022-11-10 21:53:33 +00:00
Natalia Kulatova 629bf33150 Bug 1795087 - land NSS NSS_3_85_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D161765
 2022-11-10 18:18:29 +00:00
ffxbld 606858c412 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D161774
 2022-11-10 14:59:47 +00:00
Robert Longson f39b618ff1 Bug 1799630 - replace sprintf by snprintf or SprintfLiteral r=emilio 
Differential Revision: https://phabricator.services.mozilla.com/D161573
 2022-11-10 07:01:11 +00:00
Csoregi Natalia 4e0bebb175 Backed out changeset 53c18b7903db (bug 1799630) for causing hybrid bustages on CocoaGamepad.cpp. CLOSED TREE 2022-11-10 01:27:08 +02:00
Robert Longson 143ac3fe87 Bug 1799630 - replace sprintf by snprintf or SprintfLiteral r=emilio 
Differential Revision: https://phabricator.services.mozilla.com/D161573
 2022-11-09 20:00:18 +00:00
Dana Keeler c6dce08962 Bug 1799040 - disable EV treatment for "Staat der Nederlanden EV Root CA" r=jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D161527
 2022-11-07 21:48:56 +00:00
John Schanck 13eee7dea4 Bug 1799121 - build a static NSS for tests when configured with system NSS. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D161324
 2022-11-07 17:48:51 +00:00
trickypr 03923d08b4 Bug 1510561 - Part 14: Apply `plugin:mozilla/valid-jsdoc` to `security/`. r=keeler 
Depends on D161388

Differential Revision: https://phabricator.services.mozilla.com/D161389
 2022-11-07 17:29:14 +00:00
ffxbld 9e6527a4e7 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D161446
 2022-11-07 14:02:33 +00:00
Ray Kraesig 54ac39289a Bug 1772908 - [1/6] Drive-by cleanup: simplify use of SyncRunnable r=xpcom-reviewers,necko-reviewers,nika,valentin 
`SyncRunnable`'s helper functions take an `nsIRunnable *`; but the most
common way of building nsIRunnables, `NS_NewRunnableFunction`, returns
an `already_AddRefed<nsIRunnable>` instead. Add two new overloads of the
helper functions to eliminate the impedance mismatch.

(This does result in an uncomfortable amount of code duplication. While
we could eliminate that with appropriate use of SFINAE, it'll be simpler
if we wait for C++20 and its `requires` keyword.)

Additionally, add two explicitly-deleted overloads to catch and prevent
a previously-common antipattern that presumably resulted from this type
mismatch: accidentally wrapping the actual runnable in two layers of
`SyncRunnable`. Fix the former use-sites appropriately. (This was
probably harmless, but is also probably best avoided.)

No functional changes. This is in some sense a continuation of bug
1281626.

(This is no longer actually relevant to bug 1772908 due to a different
approach being taken. It remains in the patchset anyway, for
simplicity's sake.)

Differential Revision: https://phabricator.services.mozilla.com/D157131
 2022-11-04 21:04:18 +00:00
Greg Stoll d44f201e8f Bug 1760668 - part 1: add ability to blocklist DLLs in socket process. r=gerard-majax 
Differential Revision: https://phabricator.services.mozilla.com/D160586
 2022-11-04 18:12:59 +00:00
Natalia Kulatova c101e3d2ac Bug 1795087 - land NSS NSS_3_85_BETA1 UPGRADE_NSS_RELEASE, r=nss-reviewers,djackson DONTBUILD 
Differential Revision: https://phabricator.services.mozilla.com/D161145
 2022-11-03 15:38:32 +00:00
ffxbld 5d12c91e5f No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D161118
 2022-11-03 12:01:53 +00:00
Mike Hommey 1c76ee5379 Bug 1797439 - Add more stubs for Rust unwind. r=jschanck 
Changes in rust 1.65 make it such that we need more stub symbols for
Rust unwind.

Differential Revision: https://phabricator.services.mozilla.com/D160991
 2022-11-02 05:32:34 +00:00
Cristian Tuns 4d37cf70f1 Backed out 19 changesets (bug 1541508) for causing xpcshell failures on test_notHeadlessByDefault.js CLOSED TREE 
Backed out changeset 08476fa2bc27 (bug 1541508)
Backed out changeset 0bf7514845db (bug 1541508)
Backed out changeset aa612a5e9ef7 (bug 1541508)
Backed out changeset 6bb9360473f7 (bug 1541508)
Backed out changeset b3d8e92f50c2 (bug 1541508)
Backed out changeset fa40dded133e (bug 1541508)
Backed out changeset 2e7db4aa8d4f (bug 1541508)
Backed out changeset 6098e2eb62ea (bug 1541508)
Backed out changeset 2c599ee639c4 (bug 1541508)
Backed out changeset 7d44f6e2644c (bug 1541508)
Backed out changeset c1279c3d674c (bug 1541508)
Backed out changeset 8bd08a62a590 (bug 1541508)
Backed out changeset 740010cb005c (bug 1541508)
Backed out changeset 0bfc7dd85c62 (bug 1541508)
Backed out changeset c4374a351356 (bug 1541508)
Backed out changeset 44ccfeca7364 (bug 1541508)
Backed out changeset e944e706a523 (bug 1541508)
Backed out changeset 2c59d66f43e4 (bug 1541508)
Backed out changeset a1896eacb6f1 (bug 1541508)
 2022-11-01 22:38:52 -04:00
Barret Rennie 8623565ec9 Bug 1541508 - Use Services.env in security/ r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D160145
 2022-11-02 02:08:57 +00:00
John Schanck 9a32599fad Bug 1754746 - example tlsserver that fails in handshake. r=necko-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D148845
 2022-11-01 09:52:52 +00:00
John Schanck 479f9ec25e Bug 1789520 - rust implementation of nssckbi. r=keeler,supply-chain-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D156612
 2022-10-31 17:09:43 +00:00
John Schanck d11dd7596d Bug 1795087 - land NSS 4684102858e2 UPGRADE_NSS_RELEASE, r=nss-reviewers,nkulatova 
2022-10-31  John M. Schanck  <jschanck@mozilla.com>

	* lib/util/secoid.c:
	Bug 1798150 - on-demand initialization of OID tables. r=nss-
	reviewers,nkulatova

	[4684102858e2] [tip]

2022-10-31  Anna Weine  <anna.weine@mozilla.com>

	* lib/freebl/mpi/primes.c, lib/ssl/dhe-param.c:
	Bug 1792821 - Modification of the primes.c and dhe-params.c in order
	to have better looking tables r=jschanck

	[e512213db1c6]

2022-10-25  John M. Schanck  <jschanck@mozilla.com>

	* doc/rst/releases/index.rst, doc/rst/releases/nss_3_79_2.rst:
	Documentation: Release notes for NSS 3.79.2
	[ea50dc1087db]

Differential Revision: https://phabricator.services.mozilla.com/D160812
 2022-10-31 16:41:42 +00:00
ffxbld ae0758de87 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D160782
 2022-10-31 13:34:34 +00:00
Emilio Cobos Álvarez a35e196f1c Bug 1798111 - Add good enough equalsize=always support for the cert manager. r=dao 
certManager is the only thing using it (both here and in comm-central,
excluding suite/).

There are better ways to do it generally, so just remove it from elsewhere.

Differential Revision: https://phabricator.services.mozilla.com/D160720
 2022-10-31 13:02:01 +00:00
Chris Martin fe1a56461e Bug 1797887 - Workaround: allow access to entire filesystem from GPU sandbox r=handyman,jrmuizel 
Differential Revision: https://phabricator.services.mozilla.com/D160655
 2022-10-28 16:58:01 +00:00
John Schanck ef9d700399 Bug 1787268 - avoid once_cell in ipcclientcerts. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D155611
 2022-10-28 16:53:28 +00:00
Dana Keeler c17587430e Bug 1797649 - remove securityInfo argument from nsISiteSecurityService.processHeader r=jschanck,necko-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D160555
 2022-10-27 23:24:21 +00:00
Dana Keeler d94ee2d9f9 Bug 1797461 - remove obsolete test_nss_shutdown.js test r=jschanck 
Because nsNSSComponent doesn't shut down NSS any longer, this test isn't
testing a valid configuration of gecko and can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D160579
 2022-10-27 23:23:01 +00:00
Mike Hommey a7ce6aad69 Bug 1795245 - Enable warnings as errors in NSS. r=firefox-build-system-reviewers,nalexander 
But leave out -Wsign-compare for now because there are too many of them.

Differential Revision: https://phabricator.services.mozilla.com/D159803
 2022-10-27 22:26:48 +00:00
John Schanck 968bd89420 Bug 1795087 - land NSS bed3afeff7fd UPGRADE_NSS_RELEASE, r=nss-reviewers,bbeurdouche 
Differential Revision: https://phabricator.services.mozilla.com/D160258
 2022-10-27 18:15:15 +00:00
ffxbld 509666e0f7 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D160474
 2022-10-27 12:58:29 +00:00
Yannis Juglaret 086ea0d49a Bug 1783223 - Enable best ACG variant compatible with system media libraries in RDD on Nightly. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D159180
 2022-10-27 10:52:03 +00:00
Yannis Juglaret a633bc97e8 Bug 1783223 - Use ACG-with-opt-out for 32-bit builds and Windows 10 1607 in audio decoder on Nightly. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D159179
 2022-10-27 10:52:02 +00:00
Yannis Juglaret 6bf1f506e7 Bug 1783223 - Define utility function for choosing an ACG variant compatible with system media libraries. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D159178
 2022-10-27 10:52:02 +00:00
Chris Martin 36e8371ccf Bug 1347710 - Add GPU sandbox to crash reporter annotations r=handyman,gsvelto 
Differential Revision: https://phabricator.services.mozilla.com/D160278
 2022-10-26 19:23:13 +00:00
Sandor Molnar 590f0de714 Backed out changeset b9a80242b74c (bug 1754746) for causing xpc failures in security/manager/ssl/tests/unit/test_ev_certs.js 2022-10-26 14:58:12 +03:00
Mark Banner 7f3cba09e8 Bug 1795322 - Update toolkit modules references in remaining places. r=mossop,zeid,geckoview-reviewers,calu 
Differential Revision: https://phabricator.services.mozilla.com/D160036
 2022-10-26 08:06:37 +00:00
Csoregi Natalia 5f9da7b301 Backed out 12 changesets (bug 1795322) for causing multiple failures e.g. test_deletion_request_ping.py. CLOSED TREE 
Backed out changeset aba25cbcda51 (bug 1795322)
Backed out changeset a4a35005ada9 (bug 1795322)
Backed out changeset 8e8d790eb0f4 (bug 1795322)
Backed out changeset db8903454bd3 (bug 1795322)
Backed out changeset 60cc71c61cad (bug 1795322)
Backed out changeset bc6a674994ad (bug 1795322)
Backed out changeset 6ac8a611f8c7 (bug 1795322)
Backed out changeset 9fb873ecfb31 (bug 1795322)
Backed out changeset c8a7a40c2a2f (bug 1795322)
Backed out changeset f2c118b6c6ce (bug 1795322)
Backed out changeset 38df43b4a70f (bug 1795322)
Backed out changeset 89aea8373411 (bug 1795322)
 2022-10-25 23:47:58 +03:00
Mark Banner fc7befc08d Bug 1795322 - Update toolkit modules references in remaining places. r=mossop,zeid,geckoview-reviewers,calu 
Differential Revision: https://phabricator.services.mozilla.com/D160036
 2022-10-25 19:49:28 +00:00
John Schanck c1b0fb0815 Bug 1754746 - example tlsserver that fails in handshake. r=necko-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D148845
 2022-10-25 08:10:30 +00:00
Simon Friedberger 926ced5bcb Bug 1791018 - Add DAP FFI layer. r=mt,emilio 
Differential Revision: https://phabricator.services.mozilla.com/D157477
 2022-10-24 17:56:12 +00:00
ffxbld 35b09185e5 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D160040
 2022-10-24 13:58:54 +00:00
Dana Keeler c48f1af8ff Bug 1779040 - don't update DataStorage if HSTS data hasn't significantly changed r=jschanck 
When gecko encounters multiple responses from the same host with substantially
the same HSTS information, the implementation shouldn't update DataStorage,
because that can cause unnecessary writes. "Substantially the same" means the
information is identical except for the expiration time, which can be up to a
day different.

Differential Revision: https://phabricator.services.mozilla.com/D159875
 2022-10-20 21:04:26 +00:00
John Schanck e8e708c2ad Bug 1795710 - part 2. clean cert-revocations attachment cache. r=keeler,leplatrem,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D159536
 2022-10-20 20:52:12 +00:00
John Schanck 41fc85955e Bug 1795710 - part 1. avoid deprecated downloadToDisk function. r=keeler,leplatrem,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D159535
 2022-10-20 20:52:11 +00:00
Alexandre Lissy c294fd8665 Bug 1796391 - Force init signed policy rules for delayed mitigations on MSIX r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D159802
 2022-10-20 17:03:43 +00:00
Csoregi Natalia 87ffabf991 Backed out 2 changesets (bug 1795710) for causing failures on test_crlite_filters.js. CLOSED TREE 
Backed out changeset ac705dd27e0a (bug 1795710)
Backed out changeset 747e24d0339e (bug 1795710)
 2022-10-20 20:58:33 +03:00
Cristian Tuns 93ee7434b2 Backed out changeset 89d3bd40e892 (bug 1796391) as requested by gerard-majax CLOSED TREE 2022-10-20 12:37:37 -04:00
John Schanck c381df22d6 Bug 1795710 - part 2. clean cert-revocations attachment cache. r=keeler,leplatrem,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D159536
 2022-10-20 16:28:41 +00:00
John Schanck dbebc739ff Bug 1795710 - part 1. avoid deprecated downloadToDisk function. r=keeler,leplatrem,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D159535
 2022-10-20 16:28:40 +00:00
Alexandre Lissy 475f354462 Bug 1796391 - Always init signed policy rules r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D159802
 2022-10-20 14:19:33 +00:00
ffxbld 5538c576a6 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D159848
 2022-10-20 13:00:11 +00:00
Norisz Fay c5c002f81f Backed out 4 changesets (bug 1791018, bug 1791394) for causing xpcshell failures on test_dap.js CLOSED TREE 
Backed out changeset b177970803d5 (bug 1791394)
Backed out changeset f41291f1fa37 (bug 1791018)
Backed out changeset 52ba173b1c2f (bug 1791018)
Backed out changeset e0ebc68e7d18 (bug 1791018)
 2022-10-20 07:33:41 +03:00
Simon Friedberger 5bf9a60ea9 Bug 1791018 - Add DAP FFI layer. r=mt,emilio 
Differential Revision: https://phabricator.services.mozilla.com/D157477
 2022-10-19 21:42:43 +00:00
Dana Keeler 9c1b9475f3 Bug 1793841 - deserialize nsITransportSecurityInfo without already having an instance of it r=jschanck,necko-reviewers,dragana 
This is an important step in making nsITransportSecurityInfo constant.

Depends on D157994

Differential Revision: https://phabricator.services.mozilla.com/D157995
 2022-10-18 21:25:03 +00:00
Mark Banner 2ffde1e92f Bug 1792341 - Migrate more toolkit/modules consumers to use direct ES module import. r=Gijs,webdriver-reviewers,perftest-reviewers,necko-reviewers,geckoview-reviewers,preferences-reviewers,application-update-reviewers,pip-reviewers,credential-management-reviewers,sgalich,owlish,bytesized,AlexandruIonescu,whimboo,mconley,mixedpuppy 
Mainly automated changes. Some manual ESLint fixes and whitespace cleanup.

Differential Revision: https://phabricator.services.mozilla.com/D158452
 2022-10-18 11:21:26 +00:00
Noemi Erli 5a21645f73 Backed out 2 changesets (bug 1793841) for causing Gtest failures CLOSED TREE 
Backed out changeset 4d39c423b92e (bug 1793841)
Backed out changeset 5cfb5f595add (bug 1793841)
 2022-10-18 04:29:44 +03:00
Dana Keeler 0d78f1f283 Bug 1793841 - deserialize nsITransportSecurityInfo without already having an instance of it r=jschanck,necko-reviewers,dragana 
This is an important step in making nsITransportSecurityInfo constant.

Depends on D157994

Differential Revision: https://phabricator.services.mozilla.com/D157995
 2022-10-18 00:18:09 +00:00
Mike Hommey 969d7bb6fd Bug 1795219 - Remove -Wall setup in security/{ct,certverifier}/moz.build. r=firefox-build-system-reviewers,andi 
The use of `-Xclang -Wall` somehow makes `-Wno-unknown-pragmas`
ineffective. `-Xclang -Wno-unknown-pragmas` does however work.

But we don't need to set `-Xclang -Wall` from the moz.builds in the first
place, as that's already done properly via warnings.configure (setting
-Wall on non-clang-cl and -W3 on clang-cl, which is the equivalent).

Differential Revision: https://phabricator.services.mozilla.com/D159366
 2022-10-17 21:55:03 +00:00
Dana Keeler b195dc4082 Bug 1719706 - don't wait for the loadable roots task in nsNSSComponent::ShutdownNSS() r=jschanck,necko-reviewers,valentin 
In bug 1546720, nsNSSComponent::ShutdownNSS() stopped unloading the builtin
roots and osclientcerts modules to avoid crashes due to NSS' pervasive thread
safety issues. Since that function no longer unloads the builtin module, it
shouldn't need to wait until the task that loads it has completed. Hopefully
this will avoid some shutdown hangs.

Note that when NSS is finally shut down, all threads other than the main thread
have been joined, so there shouldn't be any concurrency concerns at that time.

Differential Revision: https://phabricator.services.mozilla.com/D159434
 2022-10-17 16:11:30 +00:00
ffxbld 062797d3d6 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D159497
 2022-10-17 12:10:23 +00:00
Dennis Jackson 0e750e0b2e Bug 1792135 - land NSS NSS_3_84_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D159278
 2022-10-13 15:29:32 +00:00
John Schanck 59119c81d9 Bug 1794479 - Gather telemetry on the age of OCSP responses used to override CRLite. r=keeler 
Defines the OCSP_AGE_AT_CRLITE_OVERRIDE histogram which records the age of an
OCSP response, in hours, when CRLite says a certificate is revoked and OCSP
says it's OK.

Differential Revision: https://phabricator.services.mozilla.com/D158991
 2022-10-13 14:08:23 +00:00
ffxbld 437a3ce886 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D159263
 2022-10-13 12:31:11 +00:00
Dana Keeler 0dedda0179 Bug 1720118 - store certificate error override and failed certificate chain information in the TLS token cache r=kershaw,jschanck,necko-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D158793
 2022-10-12 23:54:11 +00:00
Dana Keeler 07cf1e9f2c Bug 1720118 - always use the TLS token cache r=kershaw,necko-reviewers,ci-and-tooling,jmaher 
Differential Revision: https://phabricator.services.mozilla.com/D158792
 2022-10-12 23:54:10 +00:00
John Schanck e2bc1afa4f Bug 1794450 - Gather telemetry on use of revocation checking mechanisms. r=keeler 
Adds the CERT_REVOCATION_MECHANISMS histogram with bins "CRLite", "Stapled OCSP", "Cached OCSP", "OCSP", "OneCRL", and "Short Validity" to gauge how often we use each certificate revocation checking mechanisms. The Short Validity bin counts cases where a revocation check was not performed because the certificate had a short validity period. The other bin names are self-explanatory. We may use more than one mechanism per certificate, so we may accumulate to more than one bin per certificate.

Differential Revision: https://phabricator.services.mozilla.com/D158975
 2022-10-12 21:05:08 +00:00
Cristian Tuns f2f36b1381 Backed out 2 changesets (bug 1720118) for causing Hybrid bustages on nsHashtablesFwd.h CLOSED TREE 
Backed out changeset af570580e2f7 (bug 1720118)
Backed out changeset 57b8a6400749 (bug 1720118)
 2022-10-12 14:20:47 -04:00
Dana Keeler eab44906ca Bug 1720118 - store certificate error override and failed certificate chain information in the TLS token cache r=kershaw,jschanck,necko-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D158793
 2022-10-12 17:43:29 +00:00
Dana Keeler d894513c37 Bug 1720118 - always use the TLS token cache r=kershaw,necko-reviewers,ci-and-tooling,jmaher 
Differential Revision: https://phabricator.services.mozilla.com/D158792
 2022-10-12 17:43:28 +00:00
Dana Keeler ad795fde70 Bug 1520297 - enable intermediate preloading on Android r=jschanck 
The current collection of preloaded intermediates is under 3MB. This should not
be a prohibitive amount for mobile users to download. Once downloaded, updates
to the collection are minimal and again should not be an issue.

Differential Revision: https://phabricator.services.mozilla.com/D159092
 2022-10-11 21:53:59 +00:00
ffxbld f16ca73e4c No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D158942
 2022-10-10 13:14:27 +00:00
Dennis Jackson 7da0562237 Bug 1792135 - land NSS NSS_3_84_BETA1 UPGRADE_NSS_RELEASE, r=nss-reviewers,nkulatova 
Differential Revision: https://phabricator.services.mozilla.com/D158772
 2022-10-06 22:47:02 +00:00
Alexandre Lissy 6a92f8d147 Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto 
Differential Revision: https://phabricator.services.mozilla.com/D156286
 2022-10-06 15:51:56 +00:00
Alexandre Lissy bb317b2bae Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu 
Differential Revision: https://phabricator.services.mozilla.com/D156285
 2022-10-06 15:51:56 +00:00
Alexandre Lissy f4906ff3eb Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld 
Differential Revision: https://phabricator.services.mozilla.com/D156284
 2022-10-06 15:51:55 +00:00
Kershaw Chang 62cd9065c3 Bug 1720601 - Allow token cache to store more than one token per key, r=necko-reviewers,dragana 
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.

Differential Revision: https://phabricator.services.mozilla.com/D153605
 2022-10-06 12:56:01 +00:00
Sandor Molnar 9e30e89e90 Backed out 13 changesets (bug 1788596) for causing build bustage in toolkit/components/processtools/ProcInfo_common.cpp CLOSED TREE 
Backed out changeset 620c85305800 (bug 1788596)
Backed out changeset 1f64776a859a (bug 1788596)
Backed out changeset 707e4c9c8801 (bug 1788596)
Backed out changeset 2221a97ebe97 (bug 1788596)
Backed out changeset d50fd0551159 (bug 1788596)
Backed out changeset 7e2ad8c47afb (bug 1788596)
Backed out changeset f87c5fb2c36f (bug 1788596)
Backed out changeset 61dd9a9eb714 (bug 1788596)
Backed out changeset a67c4ea1c8b3 (bug 1788596)
Backed out changeset 1be7af1214cf (bug 1788596)
Backed out changeset e99c7089bf93 (bug 1788596)
Backed out changeset 9a87f108548b (bug 1788596)
Backed out changeset 3dd59224f38b (bug 1788596)
 2022-10-06 16:28:46 +03:00
ffxbld 22a6ff72e5 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=pascalc 
Differential Revision: https://phabricator.services.mozilla.com/D158756
 2022-10-06 12:19:24 +00:00
Alexandre Lissy 16c9919af1 Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto 
Differential Revision: https://phabricator.services.mozilla.com/D156286
 2022-10-06 10:56:41 +00:00
Alexandre Lissy 1d211b0ec1 Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu 
Differential Revision: https://phabricator.services.mozilla.com/D156285
 2022-10-06 10:56:41 +00:00
Alexandre Lissy 301e159051 Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld 
Differential Revision: https://phabricator.services.mozilla.com/D156284
 2022-10-06 10:56:40 +00:00
Sandor Molnar 2fb4e10f0d Backed out 13 changesets (bug 1788596) for causing browser-chrome failures in security/sandbox/test/browser_sandbox_test.js CLOSED TREE 
Backed out changeset 338c18d01cfd (bug 1788596)
Backed out changeset 9d4a5c557191 (bug 1788596)
Backed out changeset 1d1d15dbe44c (bug 1788596)
Backed out changeset e9d29218beba (bug 1788596)
Backed out changeset 397e6c6587f3 (bug 1788596)
Backed out changeset 077fd3a987ca (bug 1788596)
Backed out changeset 2fc674146915 (bug 1788596)
Backed out changeset 4ebb8837ee1a (bug 1788596)
Backed out changeset 9040533dabe1 (bug 1788596)
Backed out changeset 8b27ee4d4168 (bug 1788596)
Backed out changeset 93f50c2f0b9e (bug 1788596)
Backed out changeset 3e7125be66fa (bug 1788596)
Backed out changeset 63ee00ea9be6 (bug 1788596)
 2022-10-06 10:28:00 +03:00
Alexandre Lissy dd8daf38e3 Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto 
Differential Revision: https://phabricator.services.mozilla.com/D156286
 2022-10-06 06:14:06 +00:00
Alexandre Lissy 272b0c9273 Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu 
Differential Revision: https://phabricator.services.mozilla.com/D156285
 2022-10-06 06:14:06 +00:00
Alexandre Lissy 592b1be2e3 Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld 
Differential Revision: https://phabricator.services.mozilla.com/D156284
 2022-10-06 06:14:05 +00:00
Dana Keeler 644aa7999c Bug 1716082 - clear all ongoing connections when removing certificate error overrides r=jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D158613
 2022-10-05 20:15:02 +00:00
Emilio Cobos Álvarez d71d3c19ed Bug 1792809 - Make library and other windows keep stretching after bug 1665476. r=eemeli 
Much like the dialog changes in bug 1792730.

Differential Revision: https://phabricator.services.mozilla.com/D158351
 2022-10-04 10:21:05 +00:00
ffxbld c6a00ce965 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D158497
 2022-10-03 13:20:51 +00:00
ffxbld 87d48b75dd No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D158326
 2022-09-29 16:44:52 +00:00
Yannis Juglaret adebd56af9 Bug 1766432 - Part 4: Enable Arbitrary Code Guard in MinGW builds. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D157906
 2022-09-29 15:29:15 +00:00
Yannis Juglaret eaa892440f Bug 1766432 - Part 3: Add Part 2 to the list of patches to apply when updating third-party. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D157905
 2022-09-29 15:29:15 +00:00
Yannis Juglaret 0b60970f1b Bug 1766432 - Part 2: Propagate custom definition for PROCESS_MITIGATION_DYNAMIC_CODE_POLICY to third-party. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D157904
 2022-09-29 15:29:14 +00:00
Mark Banner 8d1ebcb9d6 Bug 1792365 - Convert toolkit/modules consumers to use ES module imports directly. r=webdriver-reviewers,perftest-reviewers,geckoview-reviewers,extension-reviewers,preferences-reviewers,desktop-theme-reviewers,application-update-reviewers,pip-reviewers,credential-management-reviewers,robwu,Gijs,sgalich,bytesized,AlexandruIonescu,dao,m_kato 
Differential Revision: https://phabricator.services.mozilla.com/D158094
 2022-09-29 06:52:34 +00:00
ffxbld 4af4ff2e5b No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D158124
 2022-09-27 16:27:33 +00:00
ffxbld 4e99c68740 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D157923
 2022-09-22 12:46:23 +00:00
Jed Davis a466bdb2c4 Bug 1780312 - Part 2: Allow fstatfs in the Linux RDD sandbox policy. r=gcp 
As discussed in the last patch, allowing `fstatfs` will also make
`statfs` work on any path that the process could open for reading
(subject to sandbox policy).

Differential Revision: https://phabricator.services.mozilla.com/D157542
 2022-09-21 17:57:54 +00:00
Jed Davis 3b5c74387e Bug 1780312 - Part 1: Move the statfs replacement into the common sandbox policy. r=gcp 
We have code to handle `statfs` calls in content processes by
intercepting them and calling `open` and `fstatfs` instead; the former
is then recursively intercepted and brokered.  This patch moves that
feature into the common policy, but does not allow `fstatfs` in any
other sandbox types (yet; see next patch).  This doesn't affect security
because the caller could have attempted the `open` and `fstatfs`
syscalls itself.

Differential Revision: https://phabricator.services.mozilla.com/D157541
 2022-09-21 17:57:54 +00:00
Joel Maher 4c4438b4f7 Bug 1536208 - removing old aarch64 manifest annotations. r=aryx,application-update-reviewers,bytesized 
Differential Revision: https://phabricator.services.mozilla.com/D157677
 2022-09-21 15:35:02 +00:00
Andreea Pavel 9f24806607 Backed out 2 changesets (bug 1768250, bug 1720601) for multiple failures CLOSED TREE 
Backed out changeset d6caea480d4d (bug 1768250)
Backed out changeset 97eccf466bf3 (bug 1720601)
 2022-09-20 16:50:29 +03:00
Kershaw Chang 137b76a861 Bug 1720601 - Allow token cache to store more than one token per key, r=necko-reviewers,dragana 
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.

Differential Revision: https://phabricator.services.mozilla.com/D153605
 2022-09-20 12:58:06 +00:00
Dana Keeler bdb75eecd3 Bug 1790451 - remove now-unnecessary QueryInterface(Ci.nsITransportSecurityInfo) calls r=jschanck,webdriver-reviewers,necko-reviewers,application-update-reviewers,nalexander,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D157166
 2022-09-20 03:58:50 +00:00
ffxbld 26a22933ed No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D157632
 2022-09-19 13:30:31 +00:00
John Schanck ef80532ec8 Bug 1787505 - land NSS NSS_3_83_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,bbeurdouche 
Differential Revision: https://phabricator.services.mozilla.com/D157510
 2022-09-15 19:24:37 +00:00
Nika Layzell 0316dc51b9 Bug 1790614 - Part 2: Use {ASSERT,ENSURE}_NS_{SUCCEEEDED,FAILED} in gtests, r=ahal,necko-reviewers 
These macros will produce better outputs when they fail than these existing
patterns using `ENSURE_TRUE(NS_SUCCEEDED(...))` or similar, so this is a bulk
rewrite of existing tests to use them.

It should also help with discoverability when people base their tests off of
other existing tests.

Differential Revision: https://phabricator.services.mozilla.com/D157214
 2022-09-15 14:51:50 +00:00
ffxbld 2bddac315a No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D157441
 2022-09-15 13:07:24 +00:00
Dana Keeler 0d0b51d1e4 Bug 1790152 - use nsIX509Cert directly in IPC in AddCertException r=nika 
This avoids unnecessarily serializing the certificate to a string before
sending it over IPC.

Depends on D157007

Differential Revision: https://phabricator.services.mozilla.com/D157008
 2022-09-14 21:49:53 +00:00
Narcis Beleuzu 855f519b0a Backed out changeset a389830fb63f (bug 1783223) for causing bug 1790713 2022-09-14 19:38:52 +03:00
John Schanck 262ca63d8f Bug 1787505 - land NSS NSS_3_83_BETA2 UPGRADE_NSS_RELEASE, r=nss-reviewers,djackson 
Differential Revision: https://phabricator.services.mozilla.com/D156982
 2022-09-13 16:39:55 +00:00
Nika Layzell 3d9a6d0374 Bug 1789902 - Part 2: Use XPCOM static components instead of Services in Rust, r=xpcom-reviewers,necko-reviewers,barret,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D156891
 2022-09-13 13:47:13 +00:00
Jeff Muizelaar 64aded89bb Bug 1783223 - Enable Arbitratry Code Guard in RDD on Nightly. r=bobowen 
This was previously disabled in bug 1673194 because of start up crashes.
It seems like msmpeg2vdec.dll may use dynamic code to support encrypted
code that uses. In recent versions of Windows this only seems used
in the 32bit version. The 32bit version will opt out of ACG on the
threads where it needs to use VirtualProtect so we use the weaker
variant there.

Differential Revision: https://phabricator.services.mozilla.com/D153762
 2022-09-12 16:32:08 +00:00
ffxbld d7cbba5f61 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D157108
 2022-09-12 12:48:53 +00:00
Dennis Jackson 400f4a73bf Bug 1789458 - Backout asserts from 1788290. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D156944
 2022-09-09 17:15:10 +00:00
Cosmin Sabou ecfd7cff79 Backed out changeset 7dd0bcf1eeed (bug 1787505) for causing mass mochitest failures. r=land NSS NSS_3_83_BETA1 UPGRADE_NSS_RELEASE CLOSED TREE 2022-09-09 01:53:53 +03:00
John Schanck db095eb9f2 Bug 1787505 - land NSS NSS_3_83_BETA1 UPGRADE_NSS_RELEASE, r=keeler 
2022-09-08  John M. Schanck  <jschanck@mozilla.com>

	* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.83 beta
	[97fec8885336] [NSS_3_83_BETA1]

	* lib/softoken/pkcs11.c:
	Bug 1789886 - resource leak in NSC_OpenSession. r=bbeurdouche

	[b225a756abc2]

	* lib/pkcs12/p12d.c:
	Bug 1788875 - Remove set-but-unused variables from
	SEC_PKCS12DecoderValidateBags. r=nss-reviewers,bbeurdouche

	[132476bbefc5]

2022-09-07  Ludovic Hirlimann  <ludovic@mozilla.com>

	* cmd/lib/secpwd.c, coreconf/BeOS.mk, coreconf/config.mk,
	coreconf/nsinstall/nsinstall.c, lib/certhigh/ocsp.c,
	lib/dbm/include/mcom_db.h, lib/freebl/sysrand.c,
	lib/freebl/unix_rand.c, lib/jar/jar.h, lib/jar/jarfile.c,
	lib/nss/nssinit.c, lib/ssl/config.mk, lib/ssl/sslimpl.h,
	lib/ssl/sslmutex.c, lib/ssl/sslmutex.h, lib/ssl/sslnonce.c,
	lib/ssl/sslsnce.c, lib/ssl/sslsock.c, lib/ssl/unix_err.c,
	lib/util/secport.c, lib/util/secport.h, lib/zlib/zconf.h,
	lib/zlib/zutil.h:
	Bug 1563221 remove older oses that are unused part3/ BeOS r=nss-
	reviewers,djackson

	Depends on D36757

	[e0b144ea73b7]

	* coreconf/IRIX.mk, coreconf/IRIX5.2.mk, coreconf/IRIX5.3.mk,
	coreconf/IRIX5.mk, coreconf/IRIX6.2.mk, coreconf/IRIX6.3.mk,
	coreconf/IRIX6.5.mk, coreconf/IRIX6.mk, coreconf/arch.mk,
	lib/freebl/Makefile, lib/freebl/mpi/mpi.h, tests/set_environment:
	Bug 1563221 remove older unix support in NSS part 3 Irix r=nss-
	reviewers,djackson

	Depends on D36756

	[ee2e9b06b590]

	* lib/dbm/config/config.mk:
	Bug 1563221 remove support for older unix in NSS part 2 DGUX r=nss-
	reviewers,djackson

	Depends on D36755

	[b066df5e9148]

	* cmd/modutil/install.c, coreconf/OSF1.mk, coreconf/OSF1V2.0.mk,
	coreconf/OSF1V3.0.mk, coreconf/OSF1V3.2.mk, coreconf/OSF1V4.0.mk,
	coreconf/OSF1V4.0B.mk, coreconf/OSF1V4.0D.mk, coreconf/OSF1V5.0.mk,
	coreconf/OSF1V5.1.mk, coreconf/arch.mk, lib/dbm/config/config.mk,
	lib/freebl/Makefile, lib/freebl/arcfour.c, lib/freebl/mpi/mpi.c,
	lib/freebl/unix_rand.c, lib/ssl/sslsnce.c, tests/header,
	tests/mksymlinks, tests/nssqa, tests/platformlist.tbx,
	tests/set_environment:
	Bug 1563221 remove support for older unix in NSS part 1 OSF r=nss-
	reviewers,djackson

	[17f9365a7a1d]

2022-09-07  John M. Schanck  <jschanck@mozilla.com>

	* lib/ckfw/builtins/nssckbi.h:
	Bug 1778413 - Set nssckbi version number to 2.58. r=nss-
	reviewers,bbeurdouche

	Depends on D156583

	[2367ce7cdd32]

	* lib/ckfw/builtins/certdata.txt:
	Bug 1785297 - Add two SECOM root certificates to NSS.
	r=KathleenWilson

	Depends on D156582

	[9be22516dac9]

	* lib/ckfw/builtins/certdata.txt:
	Bug 1787075 - Add two DigitalSign root certificates to NSS.
	r=KathleenWilson

	Depends on D156581

	[04200c0488ee]

	* lib/ckfw/builtins/certdata.txt:
	Bug 1778412 - Remove Camerfirma Global Chambersign Root from NSS.
	r=KathleenWilson

	[a217a119cff1]

2022-09-06  John M. Schanck  <jschanck@mozilla.com>

	* lib/softoken/pkcs11.c, lib/softoken/pkcs11u.c:
	Bug 1767921 - check SFTKSlot head after acquiring session lock.
	r=rrelyea

	[ed04d4729b99]

2022-08-30  Kai Engert  <kaie@kuix.de>

	* coreconf/coreconf.dep:
	Dummy change, trigger a build to test latest NSPR commits.
	[bb1ae751d359]

Differential Revision: https://phabricator.services.mozilla.com/D156884
 2022-09-08 20:11:56 +00:00
ffxbld 1f2d882e17 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D156815
 2022-09-08 13:47:22 +00:00
Bob Owen 3d2f6719a8 Bug 1788233: Remove PermissionsService from process Windows sandboxing code. r=handyman 
Depends on D156069

Differential Revision: https://phabricator.services.mozilla.com/D156087
 2022-09-07 09:42:04 +00:00
Bob Owen 692f8a5532 Bug 1689136: Apply MITIGATION_HARDEN_TOKEN_IL_POLICY to main and launcher processes. r=handyman 
This also ensures that DEP without ATL thunk is enforced.

Differential Revision: https://phabricator.services.mozilla.com/D156069
 2022-09-07 09:42:04 +00:00
ffxbld dcae9a94c1 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D156422
 2022-09-06 03:01:37 +00:00
Jan Varga c8263583ce Bug 1789133 - Fix non-unified-build bustage in SandboxTestingChildTests.h; r=gerard-majax 
Differential Revision: https://phabricator.services.mozilla.com/D156376
 2022-09-04 15:01:06 +00:00
alwu 429ad203bb Bug 1785738 - part5 : don't set alternative desktop for the mf cdm process. r=bobowen 
When setting alternative destktop for the mf cdm process, it seems
interfering the media foundation framework and make the video playback
stutter.

But if we call `SetAlternateDesktop(false)` which won't create a new
window station, then the video playback won't be affected.

My guess is that there might be some internal performance issues
inside the media foundation framework when using Dcomp API between
different window stations.

In addition, Chromium also didn't enable alternative desktop for their
mf cdm process. So it makes sense to us to disalbe that as well.

Differential Revision: https://phabricator.services.mozilla.com/D155026
 2022-09-03 00:54:00 +00:00
alwu 24c4bb6bd5 Bug 1785738 - part1 : add new type of utility process. r=bobowen,gerard-majax,fluent-reviewers,flod 
Create a new type of utility process which would be used for media
foundation media engine CDM usage. The media engine is a media pipeline
provided by the Windows Media Foundation, and our final goal is to use
that pipeline to play encrypted content in order to achieve Widevine L1
protection to allow users to watch high resolution videos.

Differential Revision: https://phabricator.services.mozilla.com/D154033
 2022-09-03 00:53:58 +00:00
Dana Keeler 8c1204afeb Bug 1788856 - initialize NSS as needed in nsNSSCertificate r=jschanck 
Previously, instantiating an nsIX509Cert (implemented by nsNSSCertificate)
would cause NSS to be initialized. However, if 'new nsNSSCertificate()' was
called directly (rather than going through XPCOM), NSS would not be
initialized. This didn't seem to be a problem until bug 1787942 changed how
nsITransportSecurityInfo was sent between processes for PHttpChannel and
HttpChannelOnStartRequestArgs (namely, by using the direct IPC support rather
than first serializing to a string, sending it over IPC, and then deserializing
it). That direct IPC implementation uses 'new nsNSSCertificate()', which is now
a problem.

nsNSSCertificate used to make extensive use of NSS, which warranted ensuring
NSS was initialized before creating one at all. Now, as of bug 1748341, the
cases where nsNSSCertificate uses NSS are limited and clearly delineated.
Accordinly, this change makes it so nsNSSCertificate only initializes NSS if
and when it needs it, rather than relying on the XPCOM boilerplate to
initialize NSS first.

Differential Revision: https://phabricator.services.mozilla.com/D156353
 2022-09-02 22:26:37 +00:00
Dennis Jackson a7c2f2a620 Bug 1788290 - Add the telemetry for Web Privacy. r=keeler. 
Differential Revision: https://phabricator.services.mozilla.com/D156107
 2022-09-02 20:59:35 +00:00
Dennis Jackson 97f4470f70 Bug 1788290 - Record whether Private DNS was used for a TLS Connection. r=keeler,necko-reviewers,valentin. 
Differential Revision: https://phabricator.services.mozilla.com/D156106
 2022-09-02 20:59:35 +00:00
Dennis Jackson a0e440195f Bug 1788290 - Record whether OCSP requests were made whilst making a TLS connection. r=keeler,necko-reviewers. 
Differential Revision: https://phabricator.services.mozilla.com/D156105
 2022-09-02 20:59:34 +00:00
Butkovits Atila 7fed5a7ef2 Backed out 3 changesets (bug 1788290) for causing build bustages. CLOSED TREE 
Backed out changeset 52d5a06be477 (bug 1788290)
Backed out changeset a3b5d214b5d4 (bug 1788290)
Backed out changeset e94a38b79965 (bug 1788290)
 2022-09-02 19:13:34 +03:00
Dennis Jackson ea92d08e39 Bug 1788290 - Add the telemetry for Web Privacy. r=keeler. 
Differential Revision: https://phabricator.services.mozilla.com/D156107
 2022-09-02 14:16:08 +00:00
Dennis Jackson 4b3a179797 Bug 1788290 - Record whether Private DNS was used for a TLS Connection. r=keeler,necko-reviewers,valentin. 
Differential Revision: https://phabricator.services.mozilla.com/D156106
 2022-09-02 14:16:07 +00:00
Dennis Jackson 0e389c049e Bug 1788290 - Record whether OCSP requests were made whilst making a TLS connection. r=keeler,necko-reviewers. 
Differential Revision: https://phabricator.services.mozilla.com/D156105
 2022-09-02 14:16:07 +00:00
Alexandre Lissy ac1cbfd25b Bug 1788689 - Disable MITIGATION_DYNAMIC_CODE_DISABLE for more MinGW r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D156273
 2022-09-02 09:17:50 +00:00
Dana Keeler 865a8ba6b7 Bug 1778997 - provide pkcs11 rust bindings in-tree r=jschanck,supply-chain-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D154258
 2022-09-01 20:48:25 +00:00
ffxbld e57987e3d0 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D156168
 2022-09-01 13:14:23 +00:00
Alexandre Lissy b135ca0732 Bug 1780796 - Use one process per platform decoder module sandbox requirements r=alwu,nika,fluent-reviewers,flod 
Differential Revision: https://phabricator.services.mozilla.com/D152545
 2022-09-01 12:59:32 +00:00
ffxbld 353baa4945 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D155828
 2022-08-29 13:18:01 +00:00
Iulian Moraru 26ac918f96 Backed out changeset 8feed89ecea4 (bug 1787268) for causing build bustages. CLOSED TREE 2022-08-27 01:31:43 +03:00
John Schanck 7871c25d95 Bug 1787268 - avoid once_cell in ipcclientcerts. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D155611
 2022-08-26 19:58:46 +00:00
Dana Keeler 56e7ae8648 Bug 1781104 - replace error type booleans with error category in nsITransportSecurityInfo r=necko-reviewers,mixedpuppy,jschanck,mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D154561
 2022-08-26 18:48:38 +00:00
Dana Keeler b4c45d4248 Bug 1781104 - remove unnecessary bits parameter from nsICertOverrideService r=djackson,necko-reviewers,geckoview-reviewers,extension-reviewers,kershaw,calu 
Differential Revision: https://phabricator.services.mozilla.com/D152826
 2022-08-26 18:48:38 +00:00
Dana Keeler 40cd3d5efd Bug 1781104 - remove unused 'add override by fingerprint' API from nsICertOverrideService r=djackson 
`rememberTemporaryValidityOverrideUsingFingerprint` is no longer used in
`nsICertOverrideService` and can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D152825
 2022-08-26 18:48:37 +00:00
Dennis Jackson 7996136fb5 Bug 1787505 - land NSS e5c1e1a0eaff UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D155711
 2022-08-26 16:40:01 +00:00
Mark Banner e3bad2d44a Bug 1786197 - Turn on ESLint rule for prefer-boolean-length-check for security. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D155165
 2022-08-26 13:39:34 +00:00
ffxbld 7de1940b30 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D155573
 2022-08-25 14:49:54 +00:00
ffxbld 4955e3dc0f No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D155332
 2022-08-23 13:01:05 +00:00
Dana Keeler 9c30613d90 Bug 1784098 - make nsISocketTransport.securityInfo explicit as nsISSLSocketControl r=necko-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D154257
 2022-08-23 03:37:17 +00:00
Dana Keeler e7fe86c6a0 Bug 1784098 - move nsITLSServerConnectionInfo from nsISocketTransport.securityInfo to securityCallbacks r=necko-reviewers,kershaw 
In preparation for making nsISocketTransport.securityInfo a concrete type
(nsITransportSecurityInfo), nsITLSServerConnectionInfo needs to be moved off of
securityInfo. securityCallbacks seems like a reasonable place.

Differential Revision: https://phabricator.services.mozilla.com/D154256
 2022-08-23 03:37:17 +00:00
Narcis Beleuzu 5fb7ed6946 Backed out 4 changesets (bug 1784098) for bustages on nsCOMPtr.h . CLOSED TREE 
Backed out changeset d22ac7bcb472 (bug 1784098)
Backed out changeset a97052238dba (bug 1784098)
Backed out changeset a2bb8ecd6170 (bug 1784098)
Backed out changeset 16ab6547619c (bug 1784098)
 2022-08-22 20:50:21 +03:00
Dana Keeler 5a1655a87d Bug 1784098 - make nsISocketTransport.securityInfo explicit as nsISSLSocketControl r=necko-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D154257
 2022-08-22 16:32:01 +00:00
Dana Keeler 0142f6d701 Bug 1784098 - move nsITLSServerConnectionInfo from nsISocketTransport.securityInfo to securityCallbacks r=necko-reviewers,kershaw 
In preparation for making nsISocketTransport.securityInfo a concrete type
(nsITransportSecurityInfo), nsITLSServerConnectionInfo needs to be moved off of
securityInfo. securityCallbacks seems like a reasonable place.

Differential Revision: https://phabricator.services.mozilla.com/D154256
 2022-08-22 16:32:01 +00:00
ffxbld 6cb19f9e34 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D155203
 2022-08-22 13:44:16 +00:00
Mark Banner ff257fb43c Bug 1786076 - Enable ESlint rule no-unused-vars on the global scope for security/manager/ssl/ xpcshell-tests. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D155101
 2022-08-19 20:44:02 +00:00
Barret Rennie 6de0f1b749 Bug 1772923 - Port osfile.jsm usage to IOUtils in security/manager/ r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D153711
 2022-08-19 20:04:57 +00:00
Butkovits Atila e8ee25ae56 Backed out changeset ef7acc434052 (bug 1783223) for causing multiple mochitest failures. CLOSED TREE 2022-08-18 18:45:43 +03:00
ffxbld d61f881532 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D154979
 2022-08-18 14:05:58 +00:00
Nika Layzell 4011409c5d Bug 1783282 - Use a custom attribute instead of derive for implementing xpcom interfaces in rust, r=xpcom-reviewers,necko-reviewers,dragana,barret 
Differential Revision: https://phabricator.services.mozilla.com/D153801
 2022-08-18 13:57:35 +00:00
Jeff Muizelaar b55779b46a Bug 1783223 - Enable Arbitratry Code Guard in RDD on Nightly. r=bobowen 
This was previously disabled in bug 1673194 because of start up crashes.
It seems like msmpeg2vdec.dll may use dynamic code to support encrypted
code that uses. In recent versions of Windows this only seems used
in the 32bit version. The 32bit version will opt out of ACG on the
threads where it needs to use VirtualProtect so we use the weaker
variant there.

Differential Revision: https://phabricator.services.mozilla.com/D153762
 2022-08-18 13:41:24 +00:00