`SyncRunnable`'s helper functions take an `nsIRunnable *`; but the most
common way of building nsIRunnables, `NS_NewRunnableFunction`, returns
an `already_AddRefed<nsIRunnable>` instead. Add two new overloads of the
helper functions to eliminate the impedance mismatch.
(This does result in an uncomfortable amount of code duplication. While
we could eliminate that with appropriate use of SFINAE, it'll be simpler
if we wait for C++20 and its `requires` keyword.)
Additionally, add two explicitly-deleted overloads to catch and prevent
a previously-common antipattern that presumably resulted from this type
mismatch: accidentally wrapping the actual runnable in two layers of
`SyncRunnable`. Fix the former use-sites appropriately. (This was
probably harmless, but is also probably best avoided.)
No functional changes. This is in some sense a continuation of bug
1281626.
(This is no longer actually relevant to bug 1772908 due to a different
approach being taken. It remains in the patchset anyway, for
simplicity's sake.)
Differential Revision: https://phabricator.services.mozilla.com/D157131
2022-10-31 John M. Schanck <jschanck@mozilla.com>
* lib/util/secoid.c:
Bug 1798150 - on-demand initialization of OID tables. r=nss-
reviewers,nkulatova
[4684102858e2] [tip]
2022-10-31 Anna Weine <anna.weine@mozilla.com>
* lib/freebl/mpi/primes.c, lib/ssl/dhe-param.c:
Bug 1792821 - Modification of the primes.c and dhe-params.c in order
to have better looking tables r=jschanck
[e512213db1c6]
2022-10-25 John M. Schanck <jschanck@mozilla.com>
* doc/rst/releases/index.rst, doc/rst/releases/nss_3_79_2.rst:
Documentation: Release notes for NSS 3.79.2
[ea50dc1087db]
Differential Revision: https://phabricator.services.mozilla.com/D160812
certManager is the only thing using it (both here and in comm-central,
excluding suite/).
There are better ways to do it generally, so just remove it from elsewhere.
Differential Revision: https://phabricator.services.mozilla.com/D160720
Because nsNSSComponent doesn't shut down NSS any longer, this test isn't
testing a valid configuration of gecko and can be removed.
Differential Revision: https://phabricator.services.mozilla.com/D160579
When gecko encounters multiple responses from the same host with substantially
the same HSTS information, the implementation shouldn't update DataStorage,
because that can cause unnecessary writes. "Substantially the same" means the
information is identical except for the expiration time, which can be up to a
day different.
Differential Revision: https://phabricator.services.mozilla.com/D159875
The use of `-Xclang -Wall` somehow makes `-Wno-unknown-pragmas`
ineffective. `-Xclang -Wno-unknown-pragmas` does however work.
But we don't need to set `-Xclang -Wall` from the moz.builds in the first
place, as that's already done properly via warnings.configure (setting
-Wall on non-clang-cl and -W3 on clang-cl, which is the equivalent).
Differential Revision: https://phabricator.services.mozilla.com/D159366
In bug 1546720, nsNSSComponent::ShutdownNSS() stopped unloading the builtin
roots and osclientcerts modules to avoid crashes due to NSS' pervasive thread
safety issues. Since that function no longer unloads the builtin module, it
shouldn't need to wait until the task that loads it has completed. Hopefully
this will avoid some shutdown hangs.
Note that when NSS is finally shut down, all threads other than the main thread
have been joined, so there shouldn't be any concurrency concerns at that time.
Differential Revision: https://phabricator.services.mozilla.com/D159434
Defines the OCSP_AGE_AT_CRLITE_OVERRIDE histogram which records the age of an
OCSP response, in hours, when CRLite says a certificate is revoked and OCSP
says it's OK.
Differential Revision: https://phabricator.services.mozilla.com/D158991
Adds the CERT_REVOCATION_MECHANISMS histogram with bins "CRLite", "Stapled OCSP", "Cached OCSP", "OCSP", "OneCRL", and "Short Validity" to gauge how often we use each certificate revocation checking mechanisms. The Short Validity bin counts cases where a revocation check was not performed because the certificate had a short validity period. The other bin names are self-explanatory. We may use more than one mechanism per certificate, so we may accumulate to more than one bin per certificate.
Differential Revision: https://phabricator.services.mozilla.com/D158975
The current collection of preloaded intermediates is under 3MB. This should not
be a prohibitive amount for mobile users to download. Once downloaded, updates
to the collection are minimal and again should not be an issue.
Differential Revision: https://phabricator.services.mozilla.com/D159092
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.
Differential Revision: https://phabricator.services.mozilla.com/D153605
As discussed in the last patch, allowing `fstatfs` will also make
`statfs` work on any path that the process could open for reading
(subject to sandbox policy).
Differential Revision: https://phabricator.services.mozilla.com/D157542
We have code to handle `statfs` calls in content processes by
intercepting them and calling `open` and `fstatfs` instead; the former
is then recursively intercepted and brokered. This patch moves that
feature into the common policy, but does not allow `fstatfs` in any
other sandbox types (yet; see next patch). This doesn't affect security
because the caller could have attempted the `open` and `fstatfs`
syscalls itself.
Differential Revision: https://phabricator.services.mozilla.com/D157541
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.
Differential Revision: https://phabricator.services.mozilla.com/D153605
These macros will produce better outputs when they fail than these existing
patterns using `ENSURE_TRUE(NS_SUCCEEDED(...))` or similar, so this is a bulk
rewrite of existing tests to use them.
It should also help with discoverability when people base their tests off of
other existing tests.
Differential Revision: https://phabricator.services.mozilla.com/D157214
This was previously disabled in bug 1673194 because of start up crashes.
It seems like msmpeg2vdec.dll may use dynamic code to support encrypted
code that uses. In recent versions of Windows this only seems used
in the 32bit version. The 32bit version will opt out of ACG on the
threads where it needs to use VirtualProtect so we use the weaker
variant there.
Differential Revision: https://phabricator.services.mozilla.com/D153762
When setting alternative destktop for the mf cdm process, it seems
interfering the media foundation framework and make the video playback
stutter.
But if we call `SetAlternateDesktop(false)` which won't create a new
window station, then the video playback won't be affected.
My guess is that there might be some internal performance issues
inside the media foundation framework when using Dcomp API between
different window stations.
In addition, Chromium also didn't enable alternative desktop for their
mf cdm process. So it makes sense to us to disalbe that as well.
Differential Revision: https://phabricator.services.mozilla.com/D155026
Create a new type of utility process which would be used for media
foundation media engine CDM usage. The media engine is a media pipeline
provided by the Windows Media Foundation, and our final goal is to use
that pipeline to play encrypted content in order to achieve Widevine L1
protection to allow users to watch high resolution videos.
Differential Revision: https://phabricator.services.mozilla.com/D154033
Previously, instantiating an nsIX509Cert (implemented by nsNSSCertificate)
would cause NSS to be initialized. However, if 'new nsNSSCertificate()' was
called directly (rather than going through XPCOM), NSS would not be
initialized. This didn't seem to be a problem until bug 1787942 changed how
nsITransportSecurityInfo was sent between processes for PHttpChannel and
HttpChannelOnStartRequestArgs (namely, by using the direct IPC support rather
than first serializing to a string, sending it over IPC, and then deserializing
it). That direct IPC implementation uses 'new nsNSSCertificate()', which is now
a problem.
nsNSSCertificate used to make extensive use of NSS, which warranted ensuring
NSS was initialized before creating one at all. Now, as of bug 1748341, the
cases where nsNSSCertificate uses NSS are limited and clearly delineated.
Accordinly, this change makes it so nsNSSCertificate only initializes NSS if
and when it needs it, rather than relying on the XPCOM boilerplate to
initialize NSS first.
Differential Revision: https://phabricator.services.mozilla.com/D156353
In preparation for making nsISocketTransport.securityInfo a concrete type
(nsITransportSecurityInfo), nsITLSServerConnectionInfo needs to be moved off of
securityInfo. securityCallbacks seems like a reasonable place.
Differential Revision: https://phabricator.services.mozilla.com/D154256
In preparation for making nsISocketTransport.securityInfo a concrete type
(nsITransportSecurityInfo), nsITLSServerConnectionInfo needs to be moved off of
securityInfo. securityCallbacks seems like a reasonable place.
Differential Revision: https://phabricator.services.mozilla.com/D154256
This was previously disabled in bug 1673194 because of start up crashes.
It seems like msmpeg2vdec.dll may use dynamic code to support encrypted
code that uses. In recent versions of Windows this only seems used
in the 32bit version. The 32bit version will opt out of ACG on the
threads where it needs to use VirtualProtect so we use the weaker
variant there.
Differential Revision: https://phabricator.services.mozilla.com/D153762
This makes it easier to get parity between legacy and regular flex
without having to either have tons of arbitrary attribute selectors in
the xul sheet, nor adding attribute lookup hacks to the html flexbox
layout.
Also, reimplement the remaining supported flex attribute-values (0 and 1)
purely in terms of CSS rules in xul.css (regardless of whether
emulate-moz-box-with-flex is enabled).
In practice these are pretty uncommon and the style attribute does the
trick in every case I've tried.
Add a debug-only assertion to ensure we preserve behavior for now.
Add a new test with another behavior difference between flexbox
emulation and old xul layout because the old reftest now passes. Use
replaced elements, which in modern flex are treated differently.
Differential Revision: https://phabricator.services.mozilla.com/D154394
This makes it easier to get parity between legacy and regular flex
without having to either have tons of arbitrary attribute selectors in
the xul sheet, nor adding attribute lookup hacks to the html flexbox
layout.
Also, reimplement the remaining supported flex attribute-values (0 and 1)
purely in terms of CSS rules in xul.css (regardless of whether
emulate-moz-box-with-flex is enabled).
In practice these are pretty uncommon and the style attribute does the
trick in every case I've tried.
Add a debug-only assertion to ensure we preserve behavior for now.
Add a new test with another behavior difference between flexbox
emulation and old xul layout because the old reftest now passes. Use
replaced elements, which in modern flex are treated differently.
Differential Revision: https://phabricator.services.mozilla.com/D154394
When generating code for arrays of interfaces from the rust-xpidl
compiler, the type was declared incorrectly as ThinVec<RefPtr<T>>
instead of ThinVec<Option<RefPtr<T>>> meaning that null values in the
array would be handled incorrectly.
This patch fixes this code generation mistake and updates crates using
the interface to handle null values correctly.
Differential Revision: https://phabricator.services.mozilla.com/D153485
These constructors are unnecessary and can be defined with a `using` statement,
making it easier to change all constructors simultaneously.
Differential Revision: https://phabricator.services.mozilla.com/D153620
This improves consistency with the child process case, and will make it easier
to attach additional state without needing to thread it through every child
process callsite manually.
Differential Revision: https://phabricator.services.mozilla.com/D153619
This type is also used in other places to start non-initial actors, and will
allow us to attach additional state more easily without needing to thread it
through every child process callsite manually.
Differential Revision: https://phabricator.services.mozilla.com/D153618
We uninstall signal handlers in child processes after clone(), because
they probably won't do the right thing if invoked in that context.
However, the current code also resets signals which were ignored;
if that disposition was set by an outside program like `nohup`, the
expectation is that it should be inherited. This patch omits those
signals when resetting handlers (similar to what `exec` does).
Differential Revision: https://phabricator.services.mozilla.com/D151336
These tests set up an ECH server which will only negotiate http/1.1 in the TLS ALPN extension.
If the client doesn't send an ALPN offering at least http/1.1 the connection will fail with
SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL.
Differential Revision: https://phabricator.services.mozilla.com/D153368
The biggest set of APIs from ns[T]StringObsolete which are still heavily used
are the string searching APIs. It appears the intention was for these to be
replaced by the `FindInReadable` APIs, however that doesn't appear to have
happened.
In addition, the APIs have some quirks around their handling of mixed character
widths. These APIs generally supported both narrow strings and the native
string type, probably because char16_t string literals weren't available until
c++11. Finally they also used easy-to-confuse unlabeled boolean and integer
optional arguments to control behaviour.
These patches do the following major changes to the searching APIs:
1. The ASCII case-insensitive search method was split out as
LowerCaseFindASCII, rather than using a boolean. This should be less
error-prone and more explicit, and allows the method to continue to use
narrow string literals for all string types (as only ASCII is supported).
2. The other [R]Find methods were restricted to only support arguments with
matching character types. I considered adding a FindASCII method which would
use narrow string literals for both wide and narrow strings but it would've
been the same amount of work as changing all of the literals to unicode
literals.
This ends up being the bulk of the changes in the patch.
3. All find methods were re-implemented using std::basic_string_view's find
algorithm or stl algorithms to reduce code complexity, and avoid the need to
carry around the logic from nsStringObsolete.cpp.
4. The implementations were moved to nsTStringRepr.cpp.
5. An overload of Find was added to try to catch callers which previously
called `Find(..., false)` or `Find(..., true)` to set case-sensitivity, due
to booleans normally implicitly coercing to `index_type`. This should
probably be removed at some point, but may be useful during the transition.
Differential Revision: https://phabricator.services.mozilla.com/D148300
This patch moves EqualsIgnoreCase to ns[T]StringObsolete, and removes
the aCount argument, instead migrating callers to use `StringBeginsWith`
with a case-insensitive comparator.
In addition, nsTStringRepr::Compare was removed and replaced with either
calls to methods like `StringBeginsWith` or the global `Compare` method.
These changes required some modifications at call-sites but should make
the behaviour less surprising and more consistent.
Differential Revision: https://phabricator.services.mozilla.com/D148299
`strerror` is async signal unsafe, and we're using it in contexts where
that's a problem: in particular in the child process after `clone()`ing,
where it can deadlock if it takes locks the parents' other threads had
held (or cause other undefined behavior), but also in the SIGSYS handler
if it's nested inside an async signal. It's also thread-unsafe.
This is mostly a mechanical replacement with the new `SANDBOX_LOG_ERRNO`
or `SANDBOX_LOG_WITH_ERROR`; two messages had the error string in the
middle and have been adjusted.
Differential Revision: https://phabricator.services.mozilla.com/D152099
This adds two new logging macros, which are intended to be async signal
safe:
* `SANDBOX_LOG_ERRNO`, which appends the error similarly to `perror` but
uses the error identifier (e.g., `EINVAL` instead of `Invalid argument`).
Unlike `perror`, formatting directives are available as for `SANDBOX_LOG`.
* `SANDBOX_LOG_WITH_ERROR` is the same thing but the error number is the
first argument instead of using `errno`; this is useful for newer POSIX
APIs which return an error number.
This will be used in the next patch to replace the existing use of
`strerror`, which is not async signal safe (or thread-safe).
Differential Revision: https://phabricator.services.mozilla.com/D152098
Originally this was written for B2G and used the Android logging
facility, which (like syslog) includes a severity level. However, all
current usage is on desktop where we just write to stderr, and there was
never much demand to add support for any log levels besides "error".
More importantly for the current situation, renaming the macro to
`SANDBOX_LOG` avoids confusion between `SANDBOX_LOG_ERROR` and
`SANDBOX_LOG_ERRNO` (or `SANDBOX_LOG_ERROR_ERRNO` or whatever).
Differential Revision: https://phabricator.services.mozilla.com/D152097
Two minor things I noticed while converting the existing sandbox logging:
1. One call site was using %u, but that doesn't exist in this printf
dialect, only %d; signedness is determined by the actual argument
type via template magic.
2. POSIX functions that return an error number just return the number;
there was one place that was negating it before use, as if it had
come from the Linux syscall ABI.
Differential Revision: https://phabricator.services.mozilla.com/D152096
This prevents copies and avoids the hack we have to avoid this, which
right now is using nsDependent{C,}String.
Non-virtual actors can still use `nsString` if they need to on the
receiving end.
Differential Revision: https://phabricator.services.mozilla.com/D152519
This patch adds two new telemetry histograms which collect specific types
of TLS handshake seperately from existing handshakes.
- The conservative histogram tracks handshakes used for essential connections (e.g. update checks)
- The first-try histogram tracks all initial connection attempts. This allows us to identify issues that might otherwise be masked by our retry logic.
A single handshake may belong to more than one histogram. All handshakes belong to the root histogram.
As the histogram buckets are aligned, it is possible to derive new histograms from these stored results.
For example, as ECH GREASE is only used on first-try handshakes, the histogram from non-GREASE first-try
handshakes can be calculated by subtracting the entries in the GREASE histogram from the first-try histogram.
This patch also extends the existing handshake necko tests to verify that the telemetry is recorded correctly.
Telemetry checks don't run if networking is running on the socket process as the histograms are no longer
accessible.
Differential Revision: https://phabricator.services.mozilla.com/D150754
If nsNSSSocketInfo::mFd is nullptr, it means the connection has been closed.
This isn't an error, and ClientAuthCertificateSelected shouldn't assert if this
happens.
Differential Revision: https://phabricator.services.mozilla.com/D151962
Cleanup our entitlement files by removing entitlements that use the default setting of false.
production.entitlements.xml and developer.entitlements.xml are used today.
The browser and plugin-container entitlement lists will be used when we enable using different entitlements for parent and child processes.
Differential Revision: https://phabricator.services.mozilla.com/D151943
In bug 1682412, loadCerts was removed from nsICertTree. At the time, the
certificate manager still had one use of it that should have been updated to
loadCertsFromCache. This patch makes that update.
Differential Revision: https://phabricator.services.mozilla.com/D150503
On multi-GPU systems, even though the GPU we're going to use for
accelerated video decoding is driven by Mesa, sometimes the nvidia
proprietary driver can be loaded and attempt to probe devices. This
patch attempts to make the sandbox policy quietly return errors for
those syscalls, instead of treating them as unexpected (and crashing on
Nightly).
Differential Revision: https://phabricator.services.mozilla.com/D149652
There are two parts to this patch; both affect only Linux:
1. The GMP sandbox policy is adjusted to allow certain syscalls used in
shared memory creation (ftruncate and fallocate). However, the file
broker is not used; the process still has no access to files in /dev/shm.
2. The profiler is not initialized for GMP processes unless memfd_create
is available (so the process can create shared memory to send
profiling data back, without filesystem access), or the GMP sandbox
is disabled (either at runtime or build time).
As of this patch, profiling GMP processes on Linux should succeed on
distros with kernel >=3.17 (Oct. 2014), but native stack frames won't
have symbols (and may be incorrectly unwound, not that it matters much
without symbols); see the bug for more info. Pseudo-stack frames and
markers should work, however.
Differential Revision: https://phabricator.services.mozilla.com/D148470
The profiler may try to readlink `/proc/self/exe` to determine the
executable name; currently, its attempt to get information about loaded
objects is broken for other reasons, so this isn't helpful. Thus, this
patch has it fail with `EINVAL` (meaning "not a symbolic link) instead of
being treated as unexpected.
(In the future, if we need to, we could simulate that syscall by
recording the target of `/proc/self/exe` before sandboxing, and
recognizing that specific case in a trap function.)
Differential Revision: https://phabricator.services.mozilla.com/D148469
Before this patch, the certificate verifier would only attempt to build a
trusted path to a root with the first recognized EV OID in the end-entity
certificate. Thus, if an end-entity certificate had more than one EV OID, it
could fail to verify as EV if an intermediate or root had the "wrong" EV OID.
This patch addresses this shortcoming by trying to build a path with each
recognized EV OID in the end-entity certificate until it finds one that works.
Differential Revision: https://phabricator.services.mozilla.com/D149319
Certificate error overrides made in non-private contexts should be availble in
private contexts as well (but not vice-versa).
Differential Revision: https://phabricator.services.mozilla.com/D149296
Add a preference for whether to remove ECH GREASE extensions when retrying a connection. This repurposes the flag which was previously present but not actually functional.
Differential Revision: https://phabricator.services.mozilla.com/D147191
The biggest set of APIs from ns[T]StringObsolete which are still heavily used
are the string searching APIs. It appears the intention was for these to be
replaced by the `FindInReadable` APIs, however that doesn't appear to have
happened.
In addition, the APIs have some quirks around their handling of mixed character
widths. These APIs generally supported both narrow strings and the native
string type, probably because char16_t string literals weren't available until
c++11. Finally they also used easy-to-confuse unlabeled boolean and integer
optional arguments to control behaviour.
These patches do the following major changes to the searching APIs:
1. The ASCII case-insensitive search method was split out as
LowerCaseFindASCII, rather than using a boolean. This should be less
error-prone and more explicit, and allows the method to continue to use
narrow string literals for all string types (as only ASCII is supported).
2. The other [R]Find methods were restricted to only support arguments with
matching character types. I considered adding a FindASCII method which would
use narrow string literals for both wide and narrow strings but it would've
been the same amount of work as changing all of the literals to unicode
literals.
This ends up being the bulk of the changes in the patch.
3. All find methods were re-implemented using std::basic_string_view's find
algorithm or stl algorithms to reduce code complexity, and avoid the need to
carry around the logic from nsStringObsolete.cpp.
4. The implementations were moved to nsTStringRepr.cpp.
5. An overload of Find was added to try to catch callers which previously
called `Find(..., false)` or `Find(..., true)` to set case-sensitivity, due
to booleans normally implicitly coercing to `index_type`. This should
probably be removed at some point, but may be useful during the transition.
Differential Revision: https://phabricator.services.mozilla.com/D148300
This changes the behavior of CRLite when configured in `ConfirmRevocations`
mode (the default mode on nightly and early beta). Under the new definition,
ConfirmRevocations mode fails closed when OCSP fails open. In particular, a
certificate will be marked as "Revoked" in the following scenarios:
- CRLite returns "Revoked" and the certificate does not list an OCSP URL,
- CRLite returns "Revoked" and the OCSP responder is unreachable,
- CRLite returns "Revoked" and the OCSP responder returns an error.
Differential Revision: https://phabricator.services.mozilla.com/D148686
Add a preference for whether to remove ECH GREASE extensions when retrying a connection. This repurposes the flag which was previously present but not actually functional.
Differential Revision: https://phabricator.services.mozilla.com/D147191
Drop the com.apple.security.cs.allow-dyld-environment-variables entitlement to disallow use of dyld environment variables in signed production builds.
Leave the entitlement in for signed developer builds.
Firefox gtests depend on the use of DYLD_LIBRARY_PATH. However, testing infrastructure does not run gtests on signed builds and therefore gtests are not impacted by this change. gtests could be run on signed developer builds in the future which will still allow dyld environment variables after this change.
browser.production.entitlements.xml and plugin-container.production.entitlements.xml are not used, but being kept up to date.
Differential Revision: https://phabricator.services.mozilla.com/D148324
Before this patch, the content signature verifier
(nsIContentSignatureVerifier/ContentSignatureVerifier) would identify the root
it trusted based on the value of a preference. This patch changes the
implementation to require a specified hard-coded root to trust as with add-on
signature verification.
Depends on D146644
Differential Revision: https://phabricator.services.mozilla.com/D146645
Before this patch, the app signature verification code lived in security/apps/.
The majority of the rest of PSM is in security/manager/ssl/ and there's little
reason to have that extra directory for the app signature verification
implementation alone.
Differential Revision: https://phabricator.services.mozilla.com/D146644
The patch for bug 1769499 lets the RDD process create a headless EGL
context using GBM, which needs access only to the GPU device files, not
the display server. This means that the X11 access recently added in
bug 1769182 can be turned back off.
Differential Revision: https://phabricator.services.mozilla.com/D147792
2022-05-26 Dennis Jackson <djackson@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.79 final
[3463596523be] [NSS_3_79_RTM] <NSS_3_79_BRANCH>
2022-05-20 Dennis Jackson <djackson@mozilla.com>
* .hgtags:
Added tag NSS_3_79_BETA2 for changeset 82f9862369bd
[5498a0531d73] <NSS_3_79_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D147412
This introduces a breaking change: the buckets cannot be changed via preferences anymore.
Before landing this patch, we should have a released a new version of the Remote Settings DevTools that is compatible with this new API.
Differential Revision: https://phabricator.services.mozilla.com/D145455
The ability to customize this preference name has very little value. We introduced this feature when we refactored our ad-hoc Kinto clients into a single RemoteSetting client.
Renaming this preference means that the DevTools will display an empty field until settings are resynced.
Differential Revision: https://phabricator.services.mozilla.com/D145454
This transferred sandbox mitigations directly into child process memory, which
may have caused issues with some security software.
Depends on D146930
Differential Revision: https://phabricator.services.mozilla.com/D146931
2022-05-19 John M. Schanck <jschanck@mozilla.com>
* lib/ckfw/wrap.c:
Bug 1766978 - improve error handling after
nssCKFWInstance_CreateObjectHandle. r=djackson
[2efccbd85918] [tip]
2022-03-18 Robert Relyea <rrelyea@redhat.com>
* cmd/pk12util/pk12util.c, lib/pkcs12/p12local.c,
tests/common/init.sh, tests/tools/tools.sh:
Bug 1757075 NSS does not properly import or export pkcs12 files with
large passwords and pkcs5v2 encoding.
Don't use NULL when encoding UTF8 with pkcs5v2. Fix a bug here when
converting from UCS2 to UTF8 we would add a double NULL when adding
a NULL.
[0f4664512bd0]
2022-05-17 Dennis Jackson <djackson@mozilla.com>
* nspr.patch:
Remove nspr.patch mistakenly committed in e3ac914bc684
[99e32fcca1c7]
2022-05-17 Leander Schwarz <lschwarz@mozilla.com>
* gtests/ssl_gtest/ssl_record_unittest.cc,
gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/ssl3gthr.c, lib/ssl/tls13con.c:
Bug 1764788 - Correct invalid record inner and outter content type
alerts. r=djackson
Added test cases for alerts during and pre handshake as well as TLS
1.3 only after handshake (application data) cases due to unsupported
de- and encryption of lower TLS version records in gtest.
Adjusted some test cases that expect failed connections to the
updated alerts.
[7f4b0af3a526]
* gtests/ssl_gtest/ssl_version_unittest.cc, lib/ssl/ssl3con.c:
Bug 1765753 - TLS 1.3 Server: Send protocol_version alert on
unsupported ClientHello.legacy_version. r=djackson
[bc7bfba47e0a]
* gtests/ssl_gtest/ssl_extension_unittest.cc, lib/ssl/ssl3exthandle.c:
Bug 1765753 - Added RFC8422 compliant TLS <= 1.2
undefined/compressed ECPointFormat extension alerts. r=djackson
[d06a8831ec84]
2022-05-16 John M. Schanck <jschanck@mozilla.com>
* gtests/util_gtest/manifest.mn, gtests/util_gtest/util_gtest.gyp,
gtests/util_gtest/util_secasn1d_unittest.cc, lib/util/secasn1d.c:
Bug 1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside
indefinite GROUP. r=keeler,nss-reviewers,djackson
In an iteration over elements of an indefinite-length encoded GROUP
(sec_asn1d_next_in_group), the child of the current state is
responsible for parsing the GROUP's end-of-contents octets---a call
to sec_asn1d_parse_end_of_contents(state->child) sets the
endofcontents flag for state->child and a later call to
sec_asn1d_next_in_group checks state->child->endofcontents and
terminates the iteration.
In an iteration over elements of an indefinite-length encoded
SEQUENCE (sec_asn1d_next_in_sequence), on the other hand, the
current state, not its child, handles the end-of-contents octets.
Prior to this commit, an error would occur when state pointed to an
indefinite-length encoded GROUP and state->child pointed to an
indefinite-length encoded SEQUENCE. In this case, state->child would
be passed to sec_asn1d_parse_end_of_contents to parse the SEQUENCE's
end-of-contents octets. This would set the endofcontents flag for
state->child, and this would be misinterpreted as an end-of-
iteration signal for the surrounding GROUP.
[1811eec24997]
* automation/abi-check/expected-report-libnss3.so.txt,
lib/nss/nss.def, lib/pk11wrap/pk11list.c, lib/pk11wrap/pk11util.c,
lib/pk11wrap/secmod.h, lib/util/nssrwlk.h:
Bug 1753315 - Add SECMOD_LockedModuleHasRemovableSlots. r=rrelyea
[499ae15c18ad]
2022-05-13 Kai Engert <kaie@kuix.de>
* automation/abi-check/expected-report-libnspr4.so.txt,
cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c, nspr.patch:
Bug 1769295 - selfserv and tstclnt should use
PR_GetPrefLoopbackAddrInfo. r=rrelyea
[e3ac914bc684]
2022-05-11 John M. Schanck <jschanck@mozilla.com>
* lib/softoken/legacydb/lginit.c:
Bug 1454072 - Use of uninitialized pointer in lg_init after alloc
fail. r=nss-reviewers,nkulatova
[927d47dcc509]
2022-05-06 John M. Schanck <jschanck@mozilla.com>
* automation/clang-format/Dockerfile:
Bug 1766907 - Update mercurial in clang-format docker image. r=mt
[83a89ed9f527]
Differential Revision: https://phabricator.services.mozilla.com/D146888
This patch mostly turns on the features set up by the earlier patches:
allow connecting to the X server and reading various related things
(.Xauthority, GPU device info in sysfs, etc.). It also turns off Mesa's
shader cache in the RDD process; that shouldn't be needed here, and
disabling it lets us avoid dealing with a few things in the sandbox
policy that we'd rather not (e.g., `getpwuid`).
Differential Revision: https://phabricator.services.mozilla.com/D146275
This patch moves a lot of text but the idea is relatively simple and
no functional change is intended: factor out the parts of the content
sandbox policy needed to create and use an EGL context under X11.
(The `AddDriPaths` function already has some of the dependencies in a
conveniently separated form, but there are others.)
Differential Revision: https://phabricator.services.mozilla.com/D146274
These syscalls (at least send/recv) are used by X11 client libraries, and
allowing them doesn't really change anything about security or attack
surface, because they're strict subsets of sendmsg/recvmsg which we
already allow everywhere for use by IPC. So, this patch allows them in
all process types instead of only content.
Differential Revision: https://phabricator.services.mozilla.com/D146273
We're going to want to let the RDD process make a (brokered) connection
to a local X server, but the seccomp-bpf plumbing for that mostly lives
in the content process sandbox policy. This moves it into the common
policy, and subclasses can opt in.
Differential Revision: https://phabricator.services.mozilla.com/D146272
The arguments to the SandboxPolicyCommon contructor will get more
complicated as more optional features are added (e.g., the one added in
the next patch), and they're basically just mapped to boolean member
variables, so this patch lets the subclasses set them directly, to keep
things simpler and more readable.
Differential Revision: https://phabricator.services.mozilla.com/D146271
This patch won't actually build, because a few bits of code are used
for both nsIFactory::createInstance and static components, and static
components are not fixed until the next patch.
The first place is nsLoadGroupConstructor, which uses an nsIFactory
macro to create a static component constructor. (This could be worked
around by expanding the macro to the state before this patch.)
The other issue is that nsAppShellConstructor is used in an nsIFactory
on OSX, but as a static component on all other platforms. This could
be worked around by wrapping nsAppShellConstructor in an adaptor that
passes in the extra null argument to nsAppShellConstructor.
Differential Revision: https://phabricator.services.mozilla.com/D146456
This patch mostly turns on the features set up by the earlier patches:
allow connecting to the X server and reading various related things
(.Xauthority, GPU device info in sysfs, etc.). It also turns off Mesa's
shader cache in the RDD process; that shouldn't be needed here, and
disabling it lets us avoid dealing with a few things in the sandbox
policy that we'd rather not (e.g., `getpwuid`).
Differential Revision: https://phabricator.services.mozilla.com/D146275
This patch moves a lot of text but the idea is relatively simple and
no functional change is intended: factor out the parts of the content
sandbox policy needed to create and use an EGL context under X11.
(The `AddDriPaths` function already has some of the dependencies in a
conveniently separated form, but there are others.)
Differential Revision: https://phabricator.services.mozilla.com/D146274
These syscalls (at least send/recv) are used by X11 client libraries, and
allowing them doesn't really change anything about security or attack
surface, because they're strict subsets of sendmsg/recvmsg which we
already allow everywhere for use by IPC. So, this patch allows them in
all process types instead of only content.
Differential Revision: https://phabricator.services.mozilla.com/D146273
We're going to want to let the RDD process make a (brokered) connection
to a local X server, but the seccomp-bpf plumbing for that mostly lives
in the content process sandbox policy. This moves it into the common
policy, and subclasses can opt in.
Differential Revision: https://phabricator.services.mozilla.com/D146272
The arguments to the SandboxPolicyCommon contructor will get more
complicated as more optional features are added (e.g., the one added in
the next patch), and they're basically just mapped to boolean member
variables, so this patch lets the subclasses set them directly, to keep
things simpler and more readable.
Differential Revision: https://phabricator.services.mozilla.com/D146271
This also upgrades the headers crate to 0.3.7. Webdriver depends on warp 0.2,
which depends on headers 0.3. But headers < 0.3.7 depends on sha-1 < 0.10. We
need sha-1 and sha2 at the same minor version to avoid duplicate block-buffer,
generic-array, and digest crates.
Differential Revision: https://phabricator.services.mozilla.com/D146010
This patch removes the redundant nsICryptoHMAC interface and implementation,
updates front-end code to use WebCrypto, and changes back-end code to use the
helper class HMAC introduced by this patch.
This also removes the last uses of nsIKeyObject and nsIKeyObjectFactory, and
thus those interfaces and implementations as well.
Differential Revision: https://phabricator.services.mozilla.com/D145656
Chrome's transport_security_state_static.pins (used by Gecko to glean static
pinning information) recently added a timestamp to note its creation time.
This patch updates genHPKPStaticPins.js to handle the timestamp's presence by
ignoring it.
This also removes the obsolete security/manager/tools/genHPKPStaticPins.js.
The canonical version of that file is
taskcluster/docker/periodic-updates/scripts/genHPKPStaticPins.js.
Differential Revision: https://phabricator.services.mozilla.com/D146226
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Depends on D145152
Differential Revision: https://phabricator.services.mozilla.com/D145390
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Depends on D145151
Differential Revision: https://phabricator.services.mozilla.com/D145152
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Depends on D145150
Differential Revision: https://phabricator.services.mozilla.com/D145151
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Differential Revision: https://phabricator.services.mozilla.com/D145150
Bug 1766687 will remove support for sha-1 signatures in certificates entirely.
This patch will disable sha-1 via the preference and ride the trains first, to
allow time for any organizations that somehow still use certificates with sha-1
signatures to re-sign them.
Differential Revision: https://phabricator.services.mozilla.com/D145359
#including ApplicationServices.h within `namespace ApplicationServices` indirectly causes emmintrin.h to also be #included in namespace ApplicationServices in non-unified builds.
In file included from security/sandbox/common/test/SandboxTestingChild.cpp:12:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/mozilla/ipc/UtilityProcessChild.h:10:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/mozilla/ipc/UtilityAudioDecoderParent.h:9:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/ipc/ipdl/_ipdlheaders/mozilla/PRemoteDecoderManagerParent.h:23:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/PlatformDecoderModule.h:23:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/mozilla/layers/KnowsCompositor.h:10:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/mozilla/layers/LayersTypes.h:14:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/Units.h:19:
objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/nsRect.h:294:26: error: unknown type name '__m128i'; did you mean 'ApplicationServices::__m128i'?
static MOZ_ALWAYS_INLINE __m128i floor_ps2epi32(__m128 x) {
^~~~~~~
ApplicationServices::__m128i
/Users/chris/.mozbuild/clang/lib/clang/14.0.1/include/emmintrin.h:20:19: note: 'ApplicationServices::__m128i' declared here
typedef long long __m128i __attribute__((__vector_size__(16), __aligned__(16)));
Differential Revision: https://phabricator.services.mozilla.com/D145516
With MOZ_FORMAT_PRINTF annotations, the compiler expects a wchar_t*, and
it won't automatically consider char16ptr_t to be compatible with that.
While handling strings, there's one case of formatting that doesn't need
to use %S at all.
Differential Revision: https://phabricator.services.mozilla.com/D144919
In future parts, TaskQueue will require extra initialization to be performed
which cannot happen in a constructor, as it takes references to the TaskQueue
object itself, which will require the introduction of a helper method. This
patch switches all callers of the TaskQueue constructor to use the new method.
Differential Revision: https://phabricator.services.mozilla.com/D142604
browser/components/shell/WindowsUserChoice.cpp(233,23): error: comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
for (int j = 0; j < DWORDS_PER_BLOCK; ++j) {
~ ^ ~~~~~~~~~~~~~~~~
browser/components/shell/WindowsUserChoice.cpp(388,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(exts); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~
browser/components/shell/nsWindowsShellService.cpp(1225,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(shortcutCSIDLs); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
browser/components/shell/nsWindowsShellService.cpp(1492,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(folders); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~
dom/media/platforms/wmf/MFTDecoder.cpp(85,23): error: comparison of integers of different signs: 'int' and 'UINT32' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 1; i < actsNum; i++) {
~ ^ ~~~~~~~
gfx/2d/Factory.cpp(1276,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int y = 0; y < height; y++) {
~ ^ ~~~~~~
gfx/layers/d3d11/CompositorD3D11.cpp(1096,36): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
swapDesc.BufferDesc.Height == mSize.height) ||
~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~
gfx/layers/d3d11/CompositorD3D11.cpp(1095,35): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
if (((swapDesc.BufferDesc.Width == mSize.width &&
~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~
gfx/layers/d3d11/TextureD3D11.cpp(1278,30): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
currentDesc.Height != mSize.height ||
~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~
gfx/layers/d3d11/TextureD3D11.cpp(1277,29): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
if (currentDesc.Width != mSize.width ||
~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~
gfx/layers/ipc/ContentCompositorBridgeParent.cpp(248,19): error: comparison of integers of different signs: 'const uint32_t' (aka 'const unsigned int') and 'int32_t' (aka 'int') [-Werror,-Wsign-compare]
if (sequenceNum == status.sequenceNumber() && !dm->HasDeviceReset()) {
~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(129,21): error: comparison of integers of different signs: 'int' and 'unsigned int' [-Werror,-Wsign-compare]
if (resultColor != 0xffffff00) {
~~~~~~~~~~~ ^ ~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(154,23): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < PR_ARRAY_SIZE(checkModules); i += 1) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(409,14): error: comparison of integers of different signs: 'int32_t' (aka 'int') and 'UINT' (aka 'unsigned int') [-Werror,-Wsign-compare]
if (vendor != desc.VendorId) {
~~~~~~ ^ ~~~~~~~~~~~~~
gfx/thebes/gfxDWriteFontList.cpp(1248,39): error: comparison of integers of different signs: 'unsigned int' and 'int' [-Werror,-Wsign-compare]
addFamily(names[index], index != sysLocIndex);
~~~~~ ^ ~~~~~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(121,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(132,23): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(138,23): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(319,26): error: comparison of integers of different signs: 'std::basic_string<char>::size_type' (aka 'unsigned long long') and 'int' [-Werror,-Wsign-compare]
while (line.length() > whitespace &&
~~~~~~~~~~~~~ ^ ~~~~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(1003,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 1; i < noPlaceholderSpans.length(); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(1708,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < dataLen / (2 * sizeof(double)); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/sandbox/chromium-shim/sandbox/win/permissionsService.cpp(40,16): error: comparison of integers of different signs: 'int' and 'const std::basic_string<wchar_t>::size_type' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
if (slashIdx != std::wstring::npos) {
~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~
toolkit/components/aboutthirdparty/tests/gtest/TestAboutThirdParty.cpp(107,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kDirectoriesUnsorted); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/breakpad-client/windows/crash_generation/crash_generation_server.cc(957,23): error: comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < kExceptionAppMemoryRegions; i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(373,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(kDefaultAttachedBottom) / sizeof(UINT); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(671,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(controls) / sizeof(controls[0]); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(1048,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(kDefaultAttachedBottom) / sizeof(UINT); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/mozapps/defaultagent/SetDefaultBrowser.cpp(248,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < mozilla::ArrayLength(associations); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/system/windowsproxy/ProxyUtils.cpp(27,36): error: comparison of integers of different signs: 'const int' and 'nsTArray_base::size_type' (aka 'unsigned long long') [-Werror,-Wsign-compare]
if (i < addr.Length()) {
~ ^ ~~~~~~~~~~~~~
toolkit/xre/dllservices/mozglue/interceptor/Arm64.h(178,28): error: comparison of integers of different signs: 'int32_t' (aka 'int') and 'unsigned int' [-Werror,-Wsign-compare]
if (signbits && signbits != 0xFE000000) {
~~~~~~~~ ^ ~~~~~~~~~~
obj-build/dist/include/gtest/gtest.h(1842,54): note: expanded from macro 'EXPECT_EQ'
EXPECT_PRED_FORMAT2(::testing::internal::EqHelper::Compare, val1, val2)
^
obj-build/dist/include/gtest/gtest.h(1354,11): error: comparison of integers of different signs: 'const unsigned int' and 'const int' [-Werror,-Wsign-compare]
if (lhs == rhs) {
~~~ ^ ~~~
obj-build/dist/include/gtest/gtest.h(1373,12): note: in instantiation of function template specialization 'testing::internal::CmpHelperEQ<unsigned int, int>' requested here
return CmpHelperEQ(lhs_expression, rhs_expression, lhs, rhs);
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(35,5): note: in instantiation of function template specialization 'testing::internal::EqHelper::Compare<unsigned int, int, nullptr>' requested here
EXPECT_EQ(mCounters.Count(), N);
^
obj-build/dist/include/gtest/gtest.h(1842,54): note: expanded from macro 'EXPECT_EQ'
EXPECT_PRED_FORMAT2(::testing::internal::EqHelper::Compare, val1, val2)
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(210,28): note: in instantiation of function template specialization 'ModuleLoadCounter::Remains<1>' requested here
EXPECT_TRUE(waitForOne.Remains({kTestModules[0]}, {0}));
^
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(139,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(151,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(164,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
obj-build/dist/include/gtest/gtest.h(1354,11): error: comparison of integers of different signs: 'const int' and 'const unsigned long long' [-Werror,-Wsign-compare]
if (lhs == rhs) {
~~~ ^ ~~~
obj-build/dist/include/gtest/gtest.h(1373,12): note: in instantiation of function template specialization 'testing::internal::CmpHelperEQ<int, unsigned long long>' requested here
return CmpHelperEQ(lhs_expression, rhs_expression, lhs, rhs);
^
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(138,3): note: in instantiation of function template specialization 'testing::internal::EqHelper::Compare<int, unsigned long long, nullptr>' requested here
EXPECT_EQ(len, ArrayLength(kExpectedArgsW));
^
widget/windows/TSFTextStore.cpp(3455,28): error: comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'long' [-Werror,-Wsign-compare]
range.mEndOffset == end - mComposition->StartOffset() &&
~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
widget/windows/TSFTextStore.cpp(3454,30): error: comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'long' [-Werror,-Wsign-compare]
if (range.mStartOffset == start - mComposition->StartOffset() &&
~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xpfe/appshell/AppWindow.cpp(1900,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < toolbarSprings->Length(); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~
Differential Revision: https://phabricator.services.mozilla.com/D144695
browser/components/shell/WindowsUserChoice.cpp(233,23): error: comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
for (int j = 0; j < DWORDS_PER_BLOCK; ++j) {
~ ^ ~~~~~~~~~~~~~~~~
browser/components/shell/WindowsUserChoice.cpp(388,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(exts); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~
browser/components/shell/nsWindowsShellService.cpp(1225,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(shortcutCSIDLs); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
browser/components/shell/nsWindowsShellService.cpp(1492,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(folders); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~
dom/media/platforms/wmf/MFTDecoder.cpp(85,23): error: comparison of integers of different signs: 'int' and 'UINT32' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 1; i < actsNum; i++) {
~ ^ ~~~~~~~
gfx/2d/Factory.cpp(1276,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int y = 0; y < height; y++) {
~ ^ ~~~~~~
gfx/layers/d3d11/CompositorD3D11.cpp(1096,36): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
swapDesc.BufferDesc.Height == mSize.height) ||
~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~
gfx/layers/d3d11/CompositorD3D11.cpp(1095,35): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
if (((swapDesc.BufferDesc.Width == mSize.width &&
~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~
gfx/layers/d3d11/TextureD3D11.cpp(1278,30): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
currentDesc.Height != mSize.height ||
~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~
gfx/layers/d3d11/TextureD3D11.cpp(1277,29): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
if (currentDesc.Width != mSize.width ||
~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~
gfx/layers/ipc/ContentCompositorBridgeParent.cpp(248,19): error: comparison of integers of different signs: 'const uint32_t' (aka 'const unsigned int') and 'int32_t' (aka 'int') [-Werror,-Wsign-compare]
if (sequenceNum == status.sequenceNumber() && !dm->HasDeviceReset()) {
~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(129,21): error: comparison of integers of different signs: 'int' and 'unsigned int' [-Werror,-Wsign-compare]
if (resultColor != 0xffffff00) {
~~~~~~~~~~~ ^ ~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(154,23): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < PR_ARRAY_SIZE(checkModules); i += 1) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(409,14): error: comparison of integers of different signs: 'int32_t' (aka 'int') and 'UINT' (aka 'unsigned int') [-Werror,-Wsign-compare]
if (vendor != desc.VendorId) {
~~~~~~ ^ ~~~~~~~~~~~~~
gfx/thebes/gfxDWriteFontList.cpp(1248,39): error: comparison of integers of different signs: 'unsigned int' and 'int' [-Werror,-Wsign-compare]
addFamily(names[index], index != sysLocIndex);
~~~~~ ^ ~~~~~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(121,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(132,23): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(138,23): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(319,26): error: comparison of integers of different signs: 'std::basic_string<char>::size_type' (aka 'unsigned long long') and 'int' [-Werror,-Wsign-compare]
while (line.length() > whitespace &&
~~~~~~~~~~~~~ ^ ~~~~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(1003,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 1; i < noPlaceholderSpans.length(); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(1708,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < dataLen / (2 * sizeof(double)); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/sandbox/chromium-shim/sandbox/win/permissionsService.cpp(40,16): error: comparison of integers of different signs: 'int' and 'const std::basic_string<wchar_t>::size_type' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
if (slashIdx != std::wstring::npos) {
~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~
toolkit/components/aboutthirdparty/tests/gtest/TestAboutThirdParty.cpp(107,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kDirectoriesUnsorted); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/breakpad-client/windows/crash_generation/crash_generation_server.cc(957,23): error: comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < kExceptionAppMemoryRegions; i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(373,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(kDefaultAttachedBottom) / sizeof(UINT); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(671,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(controls) / sizeof(controls[0]); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(1048,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(kDefaultAttachedBottom) / sizeof(UINT); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/mozapps/defaultagent/SetDefaultBrowser.cpp(248,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < mozilla::ArrayLength(associations); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/system/windowsproxy/ProxyUtils.cpp(27,36): error: comparison of integers of different signs: 'const int' and 'nsTArray_base::size_type' (aka 'unsigned long long') [-Werror,-Wsign-compare]
if (i < addr.Length()) {
~ ^ ~~~~~~~~~~~~~
toolkit/xre/dllservices/mozglue/interceptor/Arm64.h(178,28): error: comparison of integers of different signs: 'int32_t' (aka 'int') and 'unsigned int' [-Werror,-Wsign-compare]
if (signbits && signbits != 0xFE000000) {
~~~~~~~~ ^ ~~~~~~~~~~
obj-build/dist/include/gtest/gtest.h(1842,54): note: expanded from macro 'EXPECT_EQ'
EXPECT_PRED_FORMAT2(::testing::internal::EqHelper::Compare, val1, val2)
^
obj-build/dist/include/gtest/gtest.h(1354,11): error: comparison of integers of different signs: 'const unsigned int' and 'const int' [-Werror,-Wsign-compare]
if (lhs == rhs) {
~~~ ^ ~~~
obj-build/dist/include/gtest/gtest.h(1373,12): note: in instantiation of function template specialization 'testing::internal::CmpHelperEQ<unsigned int, int>' requested here
return CmpHelperEQ(lhs_expression, rhs_expression, lhs, rhs);
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(35,5): note: in instantiation of function template specialization 'testing::internal::EqHelper::Compare<unsigned int, int, nullptr>' requested here
EXPECT_EQ(mCounters.Count(), N);
^
obj-build/dist/include/gtest/gtest.h(1842,54): note: expanded from macro 'EXPECT_EQ'
EXPECT_PRED_FORMAT2(::testing::internal::EqHelper::Compare, val1, val2)
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(210,28): note: in instantiation of function template specialization 'ModuleLoadCounter::Remains<1>' requested here
EXPECT_TRUE(waitForOne.Remains({kTestModules[0]}, {0}));
^
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(139,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(151,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(164,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
obj-build/dist/include/gtest/gtest.h(1354,11): error: comparison of integers of different signs: 'const int' and 'const unsigned long long' [-Werror,-Wsign-compare]
if (lhs == rhs) {
~~~ ^ ~~~
obj-build/dist/include/gtest/gtest.h(1373,12): note: in instantiation of function template specialization 'testing::internal::CmpHelperEQ<int, unsigned long long>' requested here
return CmpHelperEQ(lhs_expression, rhs_expression, lhs, rhs);
^
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(138,3): note: in instantiation of function template specialization 'testing::internal::EqHelper::Compare<int, unsigned long long, nullptr>' requested here
EXPECT_EQ(len, ArrayLength(kExpectedArgsW));
^
widget/windows/TSFTextStore.cpp(3455,28): error: comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'long' [-Werror,-Wsign-compare]
range.mEndOffset == end - mComposition->StartOffset() &&
~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
widget/windows/TSFTextStore.cpp(3454,30): error: comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'long' [-Werror,-Wsign-compare]
if (range.mStartOffset == start - mComposition->StartOffset() &&
~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xpfe/appshell/AppWindow.cpp(1900,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < toolbarSprings->Length(); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~
Differential Revision: https://phabricator.services.mozilla.com/D144695
2022-04-28 Dennis Jackson <djackson@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.78 final
[30fe50c80e23] [NSS_3_78_RTM] <NSS_3_78_BRANCH>
* doc/rst/releases/index.rst, doc/rst/releases/nss_3_78.rst:
Release notes for NSS 3.78
[6a5a0d7b1dba] <NSS_3_78_BRANCH>
2022-04-21 Dennis Jackson <djackson@mozilla.com>
* .hgtags:
Added tag NSS_3_78_BETA1 for changeset 144c87accae8
[c7950a356651] <NSS_3_78_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D144934