This changes the way crash reports for child processes happening too early
during the child process' startup. Before bug 1547698 we wrote a partial
.extra file with those crashes that lacked the process type. The user would
not be notified of those crashes until she restarted Firefox and even when
submitted those crashes would be erroneously labeled as browser crashes.
After bug 1547698 we stopped writing .extra files entirely for those crashes
which left orphaned .dmp files among the pending crash reports.
This patch does three things to improve the situation:
* It writes a partial .extra file so that the crashes are detected at the next
startup. So the user is still not notified directly of these crashes but she
can report them later.
* It adds the process type to the .extra file so that the crash reporters are
labelled correctly.
* It fixes a leak in the `pidToMinidump` hash-map. Since the crashes were
not finalized the `ChildProcessData` strucutre associated with them would
never be fred.
Differential Revision: https://phabricator.services.mozilla.com/D40810
--HG--
extra : moz-landing-system : lando
Don't show the login in about:logins if the username or password cannot be decrypted.
Differential Revision: https://phabricator.services.mozilla.com/D40845
--HG--
extra : moz-landing-system : lando
security-prefs.js is #included into greprefs.js, but there's no good reason for
it to be separate from all.js. Having it separate makes it easier to overlook,
and all.js has a bunch of `security.*` prefs in it anyway.
This patch inlines it into all.js. It inlines it at the start of the file to
minimize the risk of the change, so that the prefs end up in greprefs.js in the
same order as before.
Differential Revision: https://phabricator.services.mozilla.com/D40919
--HG--
extra : moz-landing-system : lando
There are no longer any consumers of the JS-implemented
`FakeTransportSecurityInfo` class, so it can be removed. That removes the last
JS-implemented `nsITransportSecurityInfo` instance and it therefore can be
marked `builtinclass`.
Differential Revision: https://phabricator.services.mozilla.com/D40355
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer
use JS-implemented `nsITransportSecurityInfo` instances in test cases.
This patch migrates `test_sss_resetState.js` to use `add_connection_test()` to
get a valid `nsITransportSecurityInfo` instance for the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40352
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use
JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch
migrates `test_sss_originAttributes.js` to use `add_connection_test()` to get a
valid `nsITransportSecurityInfo` instance for the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40351
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer
use JS-implemented `nsITransportSecurityInfo` instances in test cases.
This patch migrates `test_sss_enumerate.js` to use `add_connection_test()` to
get a valid `nsITransportSecurityInfo` instance for the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40350
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use
JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch
migrates `test_pinning_header_parsing.js` to use `add_connection_test()` to get
a valid `nsITransportSecurityInfo` instance for the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40349
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use
JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch
migrates `test_ocsp_must_staple.js` to use `add_connection_test()` to get a
valid `nsITransportSecurityInfo` instance for the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40348
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use
JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch
migrates `test_forget_about_site_security_headers.js to use
`add_connection_test()` to get a valid `nsITransportSecurityInfo` instance for
the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40347
--HG--
extra : moz-landing-system : lando
There is now a contract ID for `nsITransportSecurityInfo`, allowing
`mozilla::psm::TransportSecurityInfo` instances to be created from JS. Tests
using a JS-implemented `nsITransportSecurityInfo` that were not modifying,
e.g., the `serverCert` attribute have been updated to create a
`mozilla::psm::TransportSecurityInfo` via the contract.
Differential Revision: https://phabricator.services.mozilla.com/D40346
--HG--
extra : moz-landing-system : lando
This patch does not change the existing servers to use the new mechanism, rather
attempting to be minimalist. I filed Bug 1569222 for that.
Differential Revision: https://phabricator.services.mozilla.com/D39518
--HG--
extra : moz-landing-system : lando
To do this, we preload the AV libraries. They may not be needed right now,
but by doing this now we ensure that future RDD work won't mysteriously
fail during development for some poor coworker.
Differential Revision: https://phabricator.services.mozilla.com/D37928
--HG--
extra : moz-landing-system : lando
To avoid crashing in macOS 10.15, allow access to the proc_info PROC_INFO_CALL_SETCONTROL syscall variant in the GMP and RDD sandboxes.
Differential Revision: https://phabricator.services.mozilla.com/D39079
--HG--
extra : moz-landing-system : lando
nsIX509CertDB::PrivilegedPackageRoot was added in bug 1178518 to support privileged packaged apps for Firefox OS. However, we no longer need to support this use-case.
Differential Revision: https://phabricator.services.mozilla.com/D38655
--HG--
extra : moz-landing-system : lando
This patch removes nsIClientAuthUserDecision and add another output parameter to nsIClientAuthDialogs.chooseCertificate.
Differential Revision: https://phabricator.services.mozilla.com/D38074
--HG--
extra : moz-landing-system : lando
This patch adds a new pref, "security.tls.enable_delegated_credentials",
default false, which controls the NSS option SSL_ENABLE_DELEGATED_CREDENTIALS.
Tests are in D37918.
Differential Revision: https://phabricator.services.mozilla.com/D37907
--HG--
extra : moz-landing-system : lando
When a test crashes, the harness skips all of the remaining tests in the
directory. That means that with crashes skipped, we now try to run a whole lot
more tests than we did before, and a lot of them fail under Fission.
This patch adds annotations to the new failures that show up after part 1.
Differential Revision: https://phabricator.services.mozilla.com/D38726
--HG--
extra : rebase_source : 292157039c88fc615f5de41679e96e72766ac4db
Bug 1543795 configured lmdb to use less memory when opening a database in
read/write mode, so we can remove the workaround code in cert_storage that was
added in bug 1538093 as a way to mitigate the memory usage.
Differential Revision: https://phabricator.services.mozilla.com/D38525
--HG--
extra : moz-landing-system : lando
My preference was to annotate most of the failing tests with `fail-if` so that
if they start passing, the `fail-if` needs to be removed and they need to keep
passing. That doesn't work for tests that timeout, or which trigger failures
from their cleanup functions, however, so those tests need skip-if. And tests
with fail in their cleanup functions likely leave the browser in an
inconsistent state for subsequent tests, anyway, so really should be skipped
regardless.
There are some remaining tests which still fail because of crashes. I chose
not to skip them here, but to fix the crashes in separate bugs instead.
Differential Revision: https://phabricator.services.mozilla.com/D38247
--HG--
extra : rebase_source : 39ba8fec2e882cfe577c5f2b58ab7e4b461f1178
Before the nsNSSCertificateDB::AddCert() function encoded the given DER input into Base64 and then called nsNSSCertificateDB::AddCertFromBase64() to do the remaining work. In nsNSSCertificateDB::AddCertFromBase64() the input was then eventually decoded back into DER.
Now nsNSSCertificateDB::AddCertFromBase64() encodes its input into DER and then calls nsNSSCertificateDB::AddCert() which now does the remaining work without converting between formats.
Differential Revision: https://phabricator.services.mozilla.com/D37738
--HG--
extra : moz-landing-system : lando
As originally implemented, nsISiteSecurityService.removeState allowed direct
access to remove HSTS state. It also provided the implementation for when the
browser encountered an HSTS header with "max-age=0". In bug 775370, it was
updated to store an entry that would override preloaded information when
processing such headers. However, this meant that the semantics of the direct
access API had changed. Preloaded information could be overridden if a user
invoked the "forget about this site" feature. This change fixes the public API
(and renames it to "resetState") so it actually behaves as its consumers expect.
Reviewers: jcj!, KevinJacobs!
Tags: #secure-revision
Bug #: 1564481
Differential Revision: https://phabricator.services.mozilla.com/D38108
--HG--
extra : rebase_source : 8dd5460d3fd3c0ce92746cc83fae220d6e2a83cf
extra : amend_source : 171ebb015e9f9ae775f0caa22e161d41970f3d51
This is because we are hitting it frequently during PolicyBase::OnJobEmpty and
currently we can't work out how this can happen.
Differential Revision: https://phabricator.services.mozilla.com/D38090
--HG--
extra : moz-landing-system : lando
Having to namespace these into GeckoChildProcessHost is annoying. The
|using| declarations help to some extent, but it's easier to just put
them in mozilla::ipc.
Differential Revision: https://phabricator.services.mozilla.com/D36538
--HG--
extra : moz-landing-system : lando
Allow limited access to the proc_pidinfo() syscall from the Mac utility process sandbox.
Differential Revision: https://phabricator.services.mozilla.com/D37533
--HG--
extra : moz-landing-system : lando
Now that UniqueFileHandle can be used more widely, and with
ipc::FileDescriptor being essentially a copyable UniqueFileHandle, it
makes sense to add a move constructor and a "forget"-like method to
convert between them when needed.
Depends on D26737
Differential Revision: https://phabricator.services.mozilla.com/D26738
--HG--
extra : moz-landing-system : lando
Daniel Varga
Gabriele Svelto
Jared Wein
Tom Schuster
Nicholas Nethercote
Jed Davis
Kevin Jacobs
Moritz Birghan
Andreea Pavel
Barret Rennie
J.C. Jones
Cosmin Sabou
Mihai Alexandru Michis
Razvan Maries
ffxbld
Bob Owen
Kershaw Chang
Gurzau Raul
Johann Hofmann
Ciure Andrei
Bogdan Tara
J.C. Jones
Tom Ritter
Kannan Vijayan
Gian-Carlo Pascutto
Haik Aftandilian
Boris Zbarsky
Paul Adenot
Kris Maglione
Dragana Damjanovic
Dana Keeler
Tim Nguyen
Carolina
Bobby Holley
Narcis Beleuzu
Sebastian Hengst
Sylvestre Ledru
Noemi Erli
Victor Porof
Csoregi Natalia
Oana Pop Rus