mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
826 202 коммитов 615 Ветки 98 Теги 5,7 GiB
Граф коммитов

16906 Коммитов

Автор SHA1 Сообщение Дата
Barret Rennie 8623565ec9 Bug 1541508 - Use Services.env in security/ r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D160145
 2022-11-02 02:08:57 +00:00
John Schanck 9a32599fad Bug 1754746 - example tlsserver that fails in handshake. r=necko-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D148845
 2022-11-01 09:52:52 +00:00
John Schanck 479f9ec25e Bug 1789520 - rust implementation of nssckbi. r=keeler,supply-chain-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D156612
 2022-10-31 17:09:43 +00:00
John Schanck d11dd7596d Bug 1795087 - land NSS 4684102858e2 UPGRADE_NSS_RELEASE, r=nss-reviewers,nkulatova 
2022-10-31  John M. Schanck  <jschanck@mozilla.com>

	* lib/util/secoid.c:
	Bug 1798150 - on-demand initialization of OID tables. r=nss-
	reviewers,nkulatova

	[4684102858e2] [tip]

2022-10-31  Anna Weine  <anna.weine@mozilla.com>

	* lib/freebl/mpi/primes.c, lib/ssl/dhe-param.c:
	Bug 1792821 - Modification of the primes.c and dhe-params.c in order
	to have better looking tables r=jschanck

	[e512213db1c6]

2022-10-25  John M. Schanck  <jschanck@mozilla.com>

	* doc/rst/releases/index.rst, doc/rst/releases/nss_3_79_2.rst:
	Documentation: Release notes for NSS 3.79.2
	[ea50dc1087db]

Differential Revision: https://phabricator.services.mozilla.com/D160812
 2022-10-31 16:41:42 +00:00
ffxbld ae0758de87 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D160782
 2022-10-31 13:34:34 +00:00
Emilio Cobos Álvarez a35e196f1c Bug 1798111 - Add good enough equalsize=always support for the cert manager. r=dao 
certManager is the only thing using it (both here and in comm-central,
excluding suite/).

There are better ways to do it generally, so just remove it from elsewhere.

Differential Revision: https://phabricator.services.mozilla.com/D160720
 2022-10-31 13:02:01 +00:00
Chris Martin fe1a56461e Bug 1797887 - Workaround: allow access to entire filesystem from GPU sandbox r=handyman,jrmuizel 
Differential Revision: https://phabricator.services.mozilla.com/D160655
 2022-10-28 16:58:01 +00:00
John Schanck ef9d700399 Bug 1787268 - avoid once_cell in ipcclientcerts. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D155611
 2022-10-28 16:53:28 +00:00
Dana Keeler c17587430e Bug 1797649 - remove securityInfo argument from nsISiteSecurityService.processHeader r=jschanck,necko-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D160555
 2022-10-27 23:24:21 +00:00
Dana Keeler d94ee2d9f9 Bug 1797461 - remove obsolete test_nss_shutdown.js test r=jschanck 
Because nsNSSComponent doesn't shut down NSS any longer, this test isn't
testing a valid configuration of gecko and can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D160579
 2022-10-27 23:23:01 +00:00
Mike Hommey a7ce6aad69 Bug 1795245 - Enable warnings as errors in NSS. r=firefox-build-system-reviewers,nalexander 
But leave out -Wsign-compare for now because there are too many of them.

Differential Revision: https://phabricator.services.mozilla.com/D159803
 2022-10-27 22:26:48 +00:00
John Schanck 968bd89420 Bug 1795087 - land NSS bed3afeff7fd UPGRADE_NSS_RELEASE, r=nss-reviewers,bbeurdouche 
Differential Revision: https://phabricator.services.mozilla.com/D160258
 2022-10-27 18:15:15 +00:00
ffxbld 509666e0f7 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D160474
 2022-10-27 12:58:29 +00:00
Yannis Juglaret 086ea0d49a Bug 1783223 - Enable best ACG variant compatible with system media libraries in RDD on Nightly. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D159180
 2022-10-27 10:52:03 +00:00
Yannis Juglaret a633bc97e8 Bug 1783223 - Use ACG-with-opt-out for 32-bit builds and Windows 10 1607 in audio decoder on Nightly. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D159179
 2022-10-27 10:52:02 +00:00
Yannis Juglaret 6bf1f506e7 Bug 1783223 - Define utility function for choosing an ACG variant compatible with system media libraries. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D159178
 2022-10-27 10:52:02 +00:00
Chris Martin 36e8371ccf Bug 1347710 - Add GPU sandbox to crash reporter annotations r=handyman,gsvelto 
Differential Revision: https://phabricator.services.mozilla.com/D160278
 2022-10-26 19:23:13 +00:00
Sandor Molnar 590f0de714 Backed out changeset b9a80242b74c (bug 1754746) for causing xpc failures in security/manager/ssl/tests/unit/test_ev_certs.js 2022-10-26 14:58:12 +03:00
Mark Banner 7f3cba09e8 Bug 1795322 - Update toolkit modules references in remaining places. r=mossop,zeid,geckoview-reviewers,calu 
Differential Revision: https://phabricator.services.mozilla.com/D160036
 2022-10-26 08:06:37 +00:00
Csoregi Natalia 5f9da7b301 Backed out 12 changesets (bug 1795322) for causing multiple failures e.g. test_deletion_request_ping.py. CLOSED TREE 
Backed out changeset aba25cbcda51 (bug 1795322)
Backed out changeset a4a35005ada9 (bug 1795322)
Backed out changeset 8e8d790eb0f4 (bug 1795322)
Backed out changeset db8903454bd3 (bug 1795322)
Backed out changeset 60cc71c61cad (bug 1795322)
Backed out changeset bc6a674994ad (bug 1795322)
Backed out changeset 6ac8a611f8c7 (bug 1795322)
Backed out changeset 9fb873ecfb31 (bug 1795322)
Backed out changeset c8a7a40c2a2f (bug 1795322)
Backed out changeset f2c118b6c6ce (bug 1795322)
Backed out changeset 38df43b4a70f (bug 1795322)
Backed out changeset 89aea8373411 (bug 1795322)
 2022-10-25 23:47:58 +03:00
Mark Banner fc7befc08d Bug 1795322 - Update toolkit modules references in remaining places. r=mossop,zeid,geckoview-reviewers,calu 
Differential Revision: https://phabricator.services.mozilla.com/D160036
 2022-10-25 19:49:28 +00:00
John Schanck c1b0fb0815 Bug 1754746 - example tlsserver that fails in handshake. r=necko-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D148845
 2022-10-25 08:10:30 +00:00
Simon Friedberger 926ced5bcb Bug 1791018 - Add DAP FFI layer. r=mt,emilio 
Differential Revision: https://phabricator.services.mozilla.com/D157477
 2022-10-24 17:56:12 +00:00
ffxbld 35b09185e5 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D160040
 2022-10-24 13:58:54 +00:00
Dana Keeler c48f1af8ff Bug 1779040 - don't update DataStorage if HSTS data hasn't significantly changed r=jschanck 
When gecko encounters multiple responses from the same host with substantially
the same HSTS information, the implementation shouldn't update DataStorage,
because that can cause unnecessary writes. "Substantially the same" means the
information is identical except for the expiration time, which can be up to a
day different.

Differential Revision: https://phabricator.services.mozilla.com/D159875
 2022-10-20 21:04:26 +00:00
John Schanck e8e708c2ad Bug 1795710 - part 2. clean cert-revocations attachment cache. r=keeler,leplatrem,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D159536
 2022-10-20 20:52:12 +00:00
John Schanck 41fc85955e Bug 1795710 - part 1. avoid deprecated downloadToDisk function. r=keeler,leplatrem,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D159535
 2022-10-20 20:52:11 +00:00
Alexandre Lissy c294fd8665 Bug 1796391 - Force init signed policy rules for delayed mitigations on MSIX r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D159802
 2022-10-20 17:03:43 +00:00
Csoregi Natalia 87ffabf991 Backed out 2 changesets (bug 1795710) for causing failures on test_crlite_filters.js. CLOSED TREE 
Backed out changeset ac705dd27e0a (bug 1795710)
Backed out changeset 747e24d0339e (bug 1795710)
 2022-10-20 20:58:33 +03:00
Cristian Tuns 93ee7434b2 Backed out changeset 89d3bd40e892 (bug 1796391) as requested by gerard-majax CLOSED TREE 2022-10-20 12:37:37 -04:00
John Schanck c381df22d6 Bug 1795710 - part 2. clean cert-revocations attachment cache. r=keeler,leplatrem,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D159536
 2022-10-20 16:28:41 +00:00
John Schanck dbebc739ff Bug 1795710 - part 1. avoid deprecated downloadToDisk function. r=keeler,leplatrem,robwu 
Differential Revision: https://phabricator.services.mozilla.com/D159535
 2022-10-20 16:28:40 +00:00
Alexandre Lissy 475f354462 Bug 1796391 - Always init signed policy rules r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D159802
 2022-10-20 14:19:33 +00:00
ffxbld 5538c576a6 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=diannaS 
Differential Revision: https://phabricator.services.mozilla.com/D159848
 2022-10-20 13:00:11 +00:00
Norisz Fay c5c002f81f Backed out 4 changesets (bug 1791018, bug 1791394) for causing xpcshell failures on test_dap.js CLOSED TREE 
Backed out changeset b177970803d5 (bug 1791394)
Backed out changeset f41291f1fa37 (bug 1791018)
Backed out changeset 52ba173b1c2f (bug 1791018)
Backed out changeset e0ebc68e7d18 (bug 1791018)
 2022-10-20 07:33:41 +03:00
Simon Friedberger 5bf9a60ea9 Bug 1791018 - Add DAP FFI layer. r=mt,emilio 
Differential Revision: https://phabricator.services.mozilla.com/D157477
 2022-10-19 21:42:43 +00:00
Dana Keeler 9c1b9475f3 Bug 1793841 - deserialize nsITransportSecurityInfo without already having an instance of it r=jschanck,necko-reviewers,dragana 
This is an important step in making nsITransportSecurityInfo constant.

Depends on D157994

Differential Revision: https://phabricator.services.mozilla.com/D157995
 2022-10-18 21:25:03 +00:00
Mark Banner 2ffde1e92f Bug 1792341 - Migrate more toolkit/modules consumers to use direct ES module import. r=Gijs,webdriver-reviewers,perftest-reviewers,necko-reviewers,geckoview-reviewers,preferences-reviewers,application-update-reviewers,pip-reviewers,credential-management-reviewers,sgalich,owlish,bytesized,AlexandruIonescu,whimboo,mconley,mixedpuppy 
Mainly automated changes. Some manual ESLint fixes and whitespace cleanup.

Differential Revision: https://phabricator.services.mozilla.com/D158452
 2022-10-18 11:21:26 +00:00
Noemi Erli 5a21645f73 Backed out 2 changesets (bug 1793841) for causing Gtest failures CLOSED TREE 
Backed out changeset 4d39c423b92e (bug 1793841)
Backed out changeset 5cfb5f595add (bug 1793841)
 2022-10-18 04:29:44 +03:00
Dana Keeler 0d78f1f283 Bug 1793841 - deserialize nsITransportSecurityInfo without already having an instance of it r=jschanck,necko-reviewers,dragana 
This is an important step in making nsITransportSecurityInfo constant.

Depends on D157994

Differential Revision: https://phabricator.services.mozilla.com/D157995
 2022-10-18 00:18:09 +00:00
Mike Hommey 969d7bb6fd Bug 1795219 - Remove -Wall setup in security/{ct,certverifier}/moz.build. r=firefox-build-system-reviewers,andi 
The use of `-Xclang -Wall` somehow makes `-Wno-unknown-pragmas`
ineffective. `-Xclang -Wno-unknown-pragmas` does however work.

But we don't need to set `-Xclang -Wall` from the moz.builds in the first
place, as that's already done properly via warnings.configure (setting
-Wall on non-clang-cl and -W3 on clang-cl, which is the equivalent).

Differential Revision: https://phabricator.services.mozilla.com/D159366
 2022-10-17 21:55:03 +00:00
Dana Keeler b195dc4082 Bug 1719706 - don't wait for the loadable roots task in nsNSSComponent::ShutdownNSS() r=jschanck,necko-reviewers,valentin 
In bug 1546720, nsNSSComponent::ShutdownNSS() stopped unloading the builtin
roots and osclientcerts modules to avoid crashes due to NSS' pervasive thread
safety issues. Since that function no longer unloads the builtin module, it
shouldn't need to wait until the task that loads it has completed. Hopefully
this will avoid some shutdown hangs.

Note that when NSS is finally shut down, all threads other than the main thread
have been joined, so there shouldn't be any concurrency concerns at that time.

Differential Revision: https://phabricator.services.mozilla.com/D159434
 2022-10-17 16:11:30 +00:00
ffxbld 062797d3d6 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D159497
 2022-10-17 12:10:23 +00:00
Dennis Jackson 0e750e0b2e Bug 1792135 - land NSS NSS_3_84_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D159278
 2022-10-13 15:29:32 +00:00
John Schanck 59119c81d9 Bug 1794479 - Gather telemetry on the age of OCSP responses used to override CRLite. r=keeler 
Defines the OCSP_AGE_AT_CRLITE_OVERRIDE histogram which records the age of an
OCSP response, in hours, when CRLite says a certificate is revoked and OCSP
says it's OK.

Differential Revision: https://phabricator.services.mozilla.com/D158991
 2022-10-13 14:08:23 +00:00
ffxbld 437a3ce886 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D159263
 2022-10-13 12:31:11 +00:00
Dana Keeler 0dedda0179 Bug 1720118 - store certificate error override and failed certificate chain information in the TLS token cache r=kershaw,jschanck,necko-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D158793
 2022-10-12 23:54:11 +00:00
Dana Keeler 07cf1e9f2c Bug 1720118 - always use the TLS token cache r=kershaw,necko-reviewers,ci-and-tooling,jmaher 
Differential Revision: https://phabricator.services.mozilla.com/D158792
 2022-10-12 23:54:10 +00:00
John Schanck e2bc1afa4f Bug 1794450 - Gather telemetry on use of revocation checking mechanisms. r=keeler 
Adds the CERT_REVOCATION_MECHANISMS histogram with bins "CRLite", "Stapled OCSP", "Cached OCSP", "OCSP", "OneCRL", and "Short Validity" to gauge how often we use each certificate revocation checking mechanisms. The Short Validity bin counts cases where a revocation check was not performed because the certificate had a short validity period. The other bin names are self-explanatory. We may use more than one mechanism per certificate, so we may accumulate to more than one bin per certificate.

Differential Revision: https://phabricator.services.mozilla.com/D158975
 2022-10-12 21:05:08 +00:00
Cristian Tuns f2f36b1381 Backed out 2 changesets (bug 1720118) for causing Hybrid bustages on nsHashtablesFwd.h CLOSED TREE 
Backed out changeset af570580e2f7 (bug 1720118)
Backed out changeset 57b8a6400749 (bug 1720118)
 2022-10-12 14:20:47 -04:00
Dana Keeler eab44906ca Bug 1720118 - store certificate error override and failed certificate chain information in the TLS token cache r=kershaw,jschanck,necko-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D158793
 2022-10-12 17:43:29 +00:00
Dana Keeler d894513c37 Bug 1720118 - always use the TLS token cache r=kershaw,necko-reviewers,ci-and-tooling,jmaher 
Differential Revision: https://phabricator.services.mozilla.com/D158792
 2022-10-12 17:43:28 +00:00
Dana Keeler ad795fde70 Bug 1520297 - enable intermediate preloading on Android r=jschanck 
The current collection of preloaded intermediates is under 3MB. This should not
be a prohibitive amount for mobile users to download. Once downloaded, updates
to the collection are minimal and again should not be an issue.

Differential Revision: https://phabricator.services.mozilla.com/D159092
 2022-10-11 21:53:59 +00:00
ffxbld f16ca73e4c No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D158942
 2022-10-10 13:14:27 +00:00
Dennis Jackson 7da0562237 Bug 1792135 - land NSS NSS_3_84_BETA1 UPGRADE_NSS_RELEASE, r=nss-reviewers,nkulatova 
Differential Revision: https://phabricator.services.mozilla.com/D158772
 2022-10-06 22:47:02 +00:00
Alexandre Lissy 6a92f8d147 Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto 
Differential Revision: https://phabricator.services.mozilla.com/D156286
 2022-10-06 15:51:56 +00:00
Alexandre Lissy bb317b2bae Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu 
Differential Revision: https://phabricator.services.mozilla.com/D156285
 2022-10-06 15:51:56 +00:00
Alexandre Lissy f4906ff3eb Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld 
Differential Revision: https://phabricator.services.mozilla.com/D156284
 2022-10-06 15:51:55 +00:00
Kershaw Chang 62cd9065c3 Bug 1720601 - Allow token cache to store more than one token per key, r=necko-reviewers,dragana 
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.

Differential Revision: https://phabricator.services.mozilla.com/D153605
 2022-10-06 12:56:01 +00:00
Sandor Molnar 9e30e89e90 Backed out 13 changesets (bug 1788596) for causing build bustage in toolkit/components/processtools/ProcInfo_common.cpp CLOSED TREE 
Backed out changeset 620c85305800 (bug 1788596)
Backed out changeset 1f64776a859a (bug 1788596)
Backed out changeset 707e4c9c8801 (bug 1788596)
Backed out changeset 2221a97ebe97 (bug 1788596)
Backed out changeset d50fd0551159 (bug 1788596)
Backed out changeset 7e2ad8c47afb (bug 1788596)
Backed out changeset f87c5fb2c36f (bug 1788596)
Backed out changeset 61dd9a9eb714 (bug 1788596)
Backed out changeset a67c4ea1c8b3 (bug 1788596)
Backed out changeset 1be7af1214cf (bug 1788596)
Backed out changeset e99c7089bf93 (bug 1788596)
Backed out changeset 9a87f108548b (bug 1788596)
Backed out changeset 3dd59224f38b (bug 1788596)
 2022-10-06 16:28:46 +03:00
ffxbld 22a6ff72e5 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=pascalc 
Differential Revision: https://phabricator.services.mozilla.com/D158756
 2022-10-06 12:19:24 +00:00
Alexandre Lissy 16c9919af1 Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto 
Differential Revision: https://phabricator.services.mozilla.com/D156286
 2022-10-06 10:56:41 +00:00
Alexandre Lissy 1d211b0ec1 Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu 
Differential Revision: https://phabricator.services.mozilla.com/D156285
 2022-10-06 10:56:41 +00:00
Alexandre Lissy 301e159051 Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld 
Differential Revision: https://phabricator.services.mozilla.com/D156284
 2022-10-06 10:56:40 +00:00
Sandor Molnar 2fb4e10f0d Backed out 13 changesets (bug 1788596) for causing browser-chrome failures in security/sandbox/test/browser_sandbox_test.js CLOSED TREE 
Backed out changeset 338c18d01cfd (bug 1788596)
Backed out changeset 9d4a5c557191 (bug 1788596)
Backed out changeset 1d1d15dbe44c (bug 1788596)
Backed out changeset e9d29218beba (bug 1788596)
Backed out changeset 397e6c6587f3 (bug 1788596)
Backed out changeset 077fd3a987ca (bug 1788596)
Backed out changeset 2fc674146915 (bug 1788596)
Backed out changeset 4ebb8837ee1a (bug 1788596)
Backed out changeset 9040533dabe1 (bug 1788596)
Backed out changeset 8b27ee4d4168 (bug 1788596)
Backed out changeset 93f50c2f0b9e (bug 1788596)
Backed out changeset 3e7125be66fa (bug 1788596)
Backed out changeset 63ee00ea9be6 (bug 1788596)
 2022-10-06 10:28:00 +03:00
Alexandre Lissy dd8daf38e3 Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto 
Differential Revision: https://phabricator.services.mozilla.com/D156286
 2022-10-06 06:14:06 +00:00
Alexandre Lissy 272b0c9273 Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu 
Differential Revision: https://phabricator.services.mozilla.com/D156285
 2022-10-06 06:14:06 +00:00
Alexandre Lissy 592b1be2e3 Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld 
Differential Revision: https://phabricator.services.mozilla.com/D156284
 2022-10-06 06:14:05 +00:00
Dana Keeler 644aa7999c Bug 1716082 - clear all ongoing connections when removing certificate error overrides r=jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D158613
 2022-10-05 20:15:02 +00:00
Emilio Cobos Álvarez d71d3c19ed Bug 1792809 - Make library and other windows keep stretching after bug 1665476. r=eemeli 
Much like the dialog changes in bug 1792730.

Differential Revision: https://phabricator.services.mozilla.com/D158351
 2022-10-04 10:21:05 +00:00
ffxbld c6a00ce965 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D158497
 2022-10-03 13:20:51 +00:00
ffxbld 87d48b75dd No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D158326
 2022-09-29 16:44:52 +00:00
Yannis Juglaret adebd56af9 Bug 1766432 - Part 4: Enable Arbitrary Code Guard in MinGW builds. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D157906
 2022-09-29 15:29:15 +00:00
Yannis Juglaret eaa892440f Bug 1766432 - Part 3: Add Part 2 to the list of patches to apply when updating third-party. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D157905
 2022-09-29 15:29:15 +00:00
Yannis Juglaret 0b60970f1b Bug 1766432 - Part 2: Propagate custom definition for PROCESS_MITIGATION_DYNAMIC_CODE_POLICY to third-party. r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D157904
 2022-09-29 15:29:14 +00:00
Mark Banner 8d1ebcb9d6 Bug 1792365 - Convert toolkit/modules consumers to use ES module imports directly. r=webdriver-reviewers,perftest-reviewers,geckoview-reviewers,extension-reviewers,preferences-reviewers,desktop-theme-reviewers,application-update-reviewers,pip-reviewers,credential-management-reviewers,robwu,Gijs,sgalich,bytesized,AlexandruIonescu,dao,m_kato 
Differential Revision: https://phabricator.services.mozilla.com/D158094
 2022-09-29 06:52:34 +00:00
ffxbld 4af4ff2e5b No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D158124
 2022-09-27 16:27:33 +00:00
ffxbld 4e99c68740 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D157923
 2022-09-22 12:46:23 +00:00
Jed Davis a466bdb2c4 Bug 1780312 - Part 2: Allow fstatfs in the Linux RDD sandbox policy. r=gcp 
As discussed in the last patch, allowing `fstatfs` will also make
`statfs` work on any path that the process could open for reading
(subject to sandbox policy).

Differential Revision: https://phabricator.services.mozilla.com/D157542
 2022-09-21 17:57:54 +00:00
Jed Davis 3b5c74387e Bug 1780312 - Part 1: Move the statfs replacement into the common sandbox policy. r=gcp 
We have code to handle `statfs` calls in content processes by
intercepting them and calling `open` and `fstatfs` instead; the former
is then recursively intercepted and brokered.  This patch moves that
feature into the common policy, but does not allow `fstatfs` in any
other sandbox types (yet; see next patch).  This doesn't affect security
because the caller could have attempted the `open` and `fstatfs`
syscalls itself.

Differential Revision: https://phabricator.services.mozilla.com/D157541
 2022-09-21 17:57:54 +00:00
Joel Maher 4c4438b4f7 Bug 1536208 - removing old aarch64 manifest annotations. r=aryx,application-update-reviewers,bytesized 
Differential Revision: https://phabricator.services.mozilla.com/D157677
 2022-09-21 15:35:02 +00:00
Andreea Pavel 9f24806607 Backed out 2 changesets (bug 1768250, bug 1720601) for multiple failures CLOSED TREE 
Backed out changeset d6caea480d4d (bug 1768250)
Backed out changeset 97eccf466bf3 (bug 1720601)
 2022-09-20 16:50:29 +03:00
Kershaw Chang 137b76a861 Bug 1720601 - Allow token cache to store more than one token per key, r=necko-reviewers,dragana 
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.

Differential Revision: https://phabricator.services.mozilla.com/D153605
 2022-09-20 12:58:06 +00:00
Dana Keeler bdb75eecd3 Bug 1790451 - remove now-unnecessary QueryInterface(Ci.nsITransportSecurityInfo) calls r=jschanck,webdriver-reviewers,necko-reviewers,application-update-reviewers,nalexander,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D157166
 2022-09-20 03:58:50 +00:00
ffxbld 26a22933ed No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D157632
 2022-09-19 13:30:31 +00:00
John Schanck ef80532ec8 Bug 1787505 - land NSS NSS_3_83_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,bbeurdouche 
Differential Revision: https://phabricator.services.mozilla.com/D157510
 2022-09-15 19:24:37 +00:00
Nika Layzell 0316dc51b9 Bug 1790614 - Part 2: Use {ASSERT,ENSURE}_NS_{SUCCEEEDED,FAILED} in gtests, r=ahal,necko-reviewers 
These macros will produce better outputs when they fail than these existing
patterns using `ENSURE_TRUE(NS_SUCCEEDED(...))` or similar, so this is a bulk
rewrite of existing tests to use them.

It should also help with discoverability when people base their tests off of
other existing tests.

Differential Revision: https://phabricator.services.mozilla.com/D157214
 2022-09-15 14:51:50 +00:00
ffxbld 2bddac315a No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D157441
 2022-09-15 13:07:24 +00:00
Dana Keeler 0d0b51d1e4 Bug 1790152 - use nsIX509Cert directly in IPC in AddCertException r=nika 
This avoids unnecessarily serializing the certificate to a string before
sending it over IPC.

Depends on D157007

Differential Revision: https://phabricator.services.mozilla.com/D157008
 2022-09-14 21:49:53 +00:00
Narcis Beleuzu 855f519b0a Backed out changeset a389830fb63f (bug 1783223) for causing bug 1790713 2022-09-14 19:38:52 +03:00
John Schanck 262ca63d8f Bug 1787505 - land NSS NSS_3_83_BETA2 UPGRADE_NSS_RELEASE, r=nss-reviewers,djackson 
Differential Revision: https://phabricator.services.mozilla.com/D156982
 2022-09-13 16:39:55 +00:00
Nika Layzell 3d9a6d0374 Bug 1789902 - Part 2: Use XPCOM static components instead of Services in Rust, r=xpcom-reviewers,necko-reviewers,barret,valentin 
Differential Revision: https://phabricator.services.mozilla.com/D156891
 2022-09-13 13:47:13 +00:00
Jeff Muizelaar 64aded89bb Bug 1783223 - Enable Arbitratry Code Guard in RDD on Nightly. r=bobowen 
This was previously disabled in bug 1673194 because of start up crashes.
It seems like msmpeg2vdec.dll may use dynamic code to support encrypted
code that uses. In recent versions of Windows this only seems used
in the 32bit version. The 32bit version will opt out of ACG on the
threads where it needs to use VirtualProtect so we use the weaker
variant there.

Differential Revision: https://phabricator.services.mozilla.com/D153762
 2022-09-12 16:32:08 +00:00
ffxbld d7cbba5f61 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D157108
 2022-09-12 12:48:53 +00:00
Dennis Jackson 400f4a73bf Bug 1789458 - Backout asserts from 1788290. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D156944
 2022-09-09 17:15:10 +00:00
Cosmin Sabou ecfd7cff79 Backed out changeset 7dd0bcf1eeed (bug 1787505) for causing mass mochitest failures. r=land NSS NSS_3_83_BETA1 UPGRADE_NSS_RELEASE CLOSED TREE 2022-09-09 01:53:53 +03:00
John Schanck db095eb9f2 Bug 1787505 - land NSS NSS_3_83_BETA1 UPGRADE_NSS_RELEASE, r=keeler 
2022-09-08  John M. Schanck  <jschanck@mozilla.com>

	* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.83 beta
	[97fec8885336] [NSS_3_83_BETA1]

	* lib/softoken/pkcs11.c:
	Bug 1789886 - resource leak in NSC_OpenSession. r=bbeurdouche

	[b225a756abc2]

	* lib/pkcs12/p12d.c:
	Bug 1788875 - Remove set-but-unused variables from
	SEC_PKCS12DecoderValidateBags. r=nss-reviewers,bbeurdouche

	[132476bbefc5]

2022-09-07  Ludovic Hirlimann  <ludovic@mozilla.com>

	* cmd/lib/secpwd.c, coreconf/BeOS.mk, coreconf/config.mk,
	coreconf/nsinstall/nsinstall.c, lib/certhigh/ocsp.c,
	lib/dbm/include/mcom_db.h, lib/freebl/sysrand.c,
	lib/freebl/unix_rand.c, lib/jar/jar.h, lib/jar/jarfile.c,
	lib/nss/nssinit.c, lib/ssl/config.mk, lib/ssl/sslimpl.h,
	lib/ssl/sslmutex.c, lib/ssl/sslmutex.h, lib/ssl/sslnonce.c,
	lib/ssl/sslsnce.c, lib/ssl/sslsock.c, lib/ssl/unix_err.c,
	lib/util/secport.c, lib/util/secport.h, lib/zlib/zconf.h,
	lib/zlib/zutil.h:
	Bug 1563221 remove older oses that are unused part3/ BeOS r=nss-
	reviewers,djackson

	Depends on D36757

	[e0b144ea73b7]

	* coreconf/IRIX.mk, coreconf/IRIX5.2.mk, coreconf/IRIX5.3.mk,
	coreconf/IRIX5.mk, coreconf/IRIX6.2.mk, coreconf/IRIX6.3.mk,
	coreconf/IRIX6.5.mk, coreconf/IRIX6.mk, coreconf/arch.mk,
	lib/freebl/Makefile, lib/freebl/mpi/mpi.h, tests/set_environment:
	Bug 1563221 remove older unix support in NSS part 3 Irix r=nss-
	reviewers,djackson

	Depends on D36756

	[ee2e9b06b590]

	* lib/dbm/config/config.mk:
	Bug 1563221 remove support for older unix in NSS part 2 DGUX r=nss-
	reviewers,djackson

	Depends on D36755

	[b066df5e9148]

	* cmd/modutil/install.c, coreconf/OSF1.mk, coreconf/OSF1V2.0.mk,
	coreconf/OSF1V3.0.mk, coreconf/OSF1V3.2.mk, coreconf/OSF1V4.0.mk,
	coreconf/OSF1V4.0B.mk, coreconf/OSF1V4.0D.mk, coreconf/OSF1V5.0.mk,
	coreconf/OSF1V5.1.mk, coreconf/arch.mk, lib/dbm/config/config.mk,
	lib/freebl/Makefile, lib/freebl/arcfour.c, lib/freebl/mpi/mpi.c,
	lib/freebl/unix_rand.c, lib/ssl/sslsnce.c, tests/header,
	tests/mksymlinks, tests/nssqa, tests/platformlist.tbx,
	tests/set_environment:
	Bug 1563221 remove support for older unix in NSS part 1 OSF r=nss-
	reviewers,djackson

	[17f9365a7a1d]

2022-09-07  John M. Schanck  <jschanck@mozilla.com>

	* lib/ckfw/builtins/nssckbi.h:
	Bug 1778413 - Set nssckbi version number to 2.58. r=nss-
	reviewers,bbeurdouche

	Depends on D156583

	[2367ce7cdd32]

	* lib/ckfw/builtins/certdata.txt:
	Bug 1785297 - Add two SECOM root certificates to NSS.
	r=KathleenWilson

	Depends on D156582

	[9be22516dac9]

	* lib/ckfw/builtins/certdata.txt:
	Bug 1787075 - Add two DigitalSign root certificates to NSS.
	r=KathleenWilson

	Depends on D156581

	[04200c0488ee]

	* lib/ckfw/builtins/certdata.txt:
	Bug 1778412 - Remove Camerfirma Global Chambersign Root from NSS.
	r=KathleenWilson

	[a217a119cff1]

2022-09-06  John M. Schanck  <jschanck@mozilla.com>

	* lib/softoken/pkcs11.c, lib/softoken/pkcs11u.c:
	Bug 1767921 - check SFTKSlot head after acquiring session lock.
	r=rrelyea

	[ed04d4729b99]

2022-08-30  Kai Engert  <kaie@kuix.de>

	* coreconf/coreconf.dep:
	Dummy change, trigger a build to test latest NSPR commits.
	[bb1ae751d359]

Differential Revision: https://phabricator.services.mozilla.com/D156884
 2022-09-08 20:11:56 +00:00
ffxbld 1f2d882e17 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D156815
 2022-09-08 13:47:22 +00:00
Bob Owen 3d2f6719a8 Bug 1788233: Remove PermissionsService from process Windows sandboxing code. r=handyman 
Depends on D156069

Differential Revision: https://phabricator.services.mozilla.com/D156087
 2022-09-07 09:42:04 +00:00
Bob Owen 692f8a5532 Bug 1689136: Apply MITIGATION_HARDEN_TOKEN_IL_POLICY to main and launcher processes. r=handyman 
This also ensures that DEP without ATL thunk is enforced.

Differential Revision: https://phabricator.services.mozilla.com/D156069
 2022-09-07 09:42:04 +00:00
ffxbld dcae9a94c1 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D156422
 2022-09-06 03:01:37 +00:00
Jan Varga c8263583ce Bug 1789133 - Fix non-unified-build bustage in SandboxTestingChildTests.h; r=gerard-majax 
Differential Revision: https://phabricator.services.mozilla.com/D156376
 2022-09-04 15:01:06 +00:00
alwu 429ad203bb Bug 1785738 - part5 : don't set alternative desktop for the mf cdm process. r=bobowen 
When setting alternative destktop for the mf cdm process, it seems
interfering the media foundation framework and make the video playback
stutter.

But if we call `SetAlternateDesktop(false)` which won't create a new
window station, then the video playback won't be affected.

My guess is that there might be some internal performance issues
inside the media foundation framework when using Dcomp API between
different window stations.

In addition, Chromium also didn't enable alternative desktop for their
mf cdm process. So it makes sense to us to disalbe that as well.

Differential Revision: https://phabricator.services.mozilla.com/D155026
 2022-09-03 00:54:00 +00:00
alwu 24c4bb6bd5 Bug 1785738 - part1 : add new type of utility process. r=bobowen,gerard-majax,fluent-reviewers,flod 
Create a new type of utility process which would be used for media
foundation media engine CDM usage. The media engine is a media pipeline
provided by the Windows Media Foundation, and our final goal is to use
that pipeline to play encrypted content in order to achieve Widevine L1
protection to allow users to watch high resolution videos.

Differential Revision: https://phabricator.services.mozilla.com/D154033
 2022-09-03 00:53:58 +00:00
Dana Keeler 8c1204afeb Bug 1788856 - initialize NSS as needed in nsNSSCertificate r=jschanck 
Previously, instantiating an nsIX509Cert (implemented by nsNSSCertificate)
would cause NSS to be initialized. However, if 'new nsNSSCertificate()' was
called directly (rather than going through XPCOM), NSS would not be
initialized. This didn't seem to be a problem until bug 1787942 changed how
nsITransportSecurityInfo was sent between processes for PHttpChannel and
HttpChannelOnStartRequestArgs (namely, by using the direct IPC support rather
than first serializing to a string, sending it over IPC, and then deserializing
it). That direct IPC implementation uses 'new nsNSSCertificate()', which is now
a problem.

nsNSSCertificate used to make extensive use of NSS, which warranted ensuring
NSS was initialized before creating one at all. Now, as of bug 1748341, the
cases where nsNSSCertificate uses NSS are limited and clearly delineated.
Accordinly, this change makes it so nsNSSCertificate only initializes NSS if
and when it needs it, rather than relying on the XPCOM boilerplate to
initialize NSS first.

Differential Revision: https://phabricator.services.mozilla.com/D156353
 2022-09-02 22:26:37 +00:00
Dennis Jackson a7c2f2a620 Bug 1788290 - Add the telemetry for Web Privacy. r=keeler. 
Differential Revision: https://phabricator.services.mozilla.com/D156107
 2022-09-02 20:59:35 +00:00
Dennis Jackson 97f4470f70 Bug 1788290 - Record whether Private DNS was used for a TLS Connection. r=keeler,necko-reviewers,valentin. 
Differential Revision: https://phabricator.services.mozilla.com/D156106
 2022-09-02 20:59:35 +00:00
Dennis Jackson a0e440195f Bug 1788290 - Record whether OCSP requests were made whilst making a TLS connection. r=keeler,necko-reviewers. 
Differential Revision: https://phabricator.services.mozilla.com/D156105
 2022-09-02 20:59:34 +00:00
Butkovits Atila 7fed5a7ef2 Backed out 3 changesets (bug 1788290) for causing build bustages. CLOSED TREE 
Backed out changeset 52d5a06be477 (bug 1788290)
Backed out changeset a3b5d214b5d4 (bug 1788290)
Backed out changeset e94a38b79965 (bug 1788290)
 2022-09-02 19:13:34 +03:00
Dennis Jackson ea92d08e39 Bug 1788290 - Add the telemetry for Web Privacy. r=keeler. 
Differential Revision: https://phabricator.services.mozilla.com/D156107
 2022-09-02 14:16:08 +00:00
Dennis Jackson 4b3a179797 Bug 1788290 - Record whether Private DNS was used for a TLS Connection. r=keeler,necko-reviewers,valentin. 
Differential Revision: https://phabricator.services.mozilla.com/D156106
 2022-09-02 14:16:07 +00:00
Dennis Jackson 0e389c049e Bug 1788290 - Record whether OCSP requests were made whilst making a TLS connection. r=keeler,necko-reviewers. 
Differential Revision: https://phabricator.services.mozilla.com/D156105
 2022-09-02 14:16:07 +00:00
Alexandre Lissy ac1cbfd25b Bug 1788689 - Disable MITIGATION_DYNAMIC_CODE_DISABLE for more MinGW r=bobowen 
Differential Revision: https://phabricator.services.mozilla.com/D156273
 2022-09-02 09:17:50 +00:00
Dana Keeler 865a8ba6b7 Bug 1778997 - provide pkcs11 rust bindings in-tree r=jschanck,supply-chain-reviewers 
Differential Revision: https://phabricator.services.mozilla.com/D154258
 2022-09-01 20:48:25 +00:00
ffxbld e57987e3d0 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D156168
 2022-09-01 13:14:23 +00:00
Alexandre Lissy b135ca0732 Bug 1780796 - Use one process per platform decoder module sandbox requirements r=alwu,nika,fluent-reviewers,flod 
Differential Revision: https://phabricator.services.mozilla.com/D152545
 2022-09-01 12:59:32 +00:00
ffxbld 353baa4945 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D155828
 2022-08-29 13:18:01 +00:00
Iulian Moraru 26ac918f96 Backed out changeset 8feed89ecea4 (bug 1787268) for causing build bustages. CLOSED TREE 2022-08-27 01:31:43 +03:00
John Schanck 7871c25d95 Bug 1787268 - avoid once_cell in ipcclientcerts. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D155611
 2022-08-26 19:58:46 +00:00
Dana Keeler 56e7ae8648 Bug 1781104 - replace error type booleans with error category in nsITransportSecurityInfo r=necko-reviewers,mixedpuppy,jschanck,mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D154561
 2022-08-26 18:48:38 +00:00
Dana Keeler b4c45d4248 Bug 1781104 - remove unnecessary bits parameter from nsICertOverrideService r=djackson,necko-reviewers,geckoview-reviewers,extension-reviewers,kershaw,calu 
Differential Revision: https://phabricator.services.mozilla.com/D152826
 2022-08-26 18:48:38 +00:00
Dana Keeler 40cd3d5efd Bug 1781104 - remove unused 'add override by fingerprint' API from nsICertOverrideService r=djackson 
`rememberTemporaryValidityOverrideUsingFingerprint` is no longer used in
`nsICertOverrideService` and can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D152825
 2022-08-26 18:48:37 +00:00
Dennis Jackson 7996136fb5 Bug 1787505 - land NSS e5c1e1a0eaff UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck 
Differential Revision: https://phabricator.services.mozilla.com/D155711
 2022-08-26 16:40:01 +00:00
Mark Banner e3bad2d44a Bug 1786197 - Turn on ESLint rule for prefer-boolean-length-check for security. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D155165
 2022-08-26 13:39:34 +00:00
ffxbld 7de1940b30 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D155573
 2022-08-25 14:49:54 +00:00
ffxbld 4955e3dc0f No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D155332
 2022-08-23 13:01:05 +00:00
Dana Keeler 9c30613d90 Bug 1784098 - make nsISocketTransport.securityInfo explicit as nsISSLSocketControl r=necko-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D154257
 2022-08-23 03:37:17 +00:00
Dana Keeler e7fe86c6a0 Bug 1784098 - move nsITLSServerConnectionInfo from nsISocketTransport.securityInfo to securityCallbacks r=necko-reviewers,kershaw 
In preparation for making nsISocketTransport.securityInfo a concrete type
(nsITransportSecurityInfo), nsITLSServerConnectionInfo needs to be moved off of
securityInfo. securityCallbacks seems like a reasonable place.

Differential Revision: https://phabricator.services.mozilla.com/D154256
 2022-08-23 03:37:17 +00:00
Narcis Beleuzu 5fb7ed6946 Backed out 4 changesets (bug 1784098) for bustages on nsCOMPtr.h . CLOSED TREE 
Backed out changeset d22ac7bcb472 (bug 1784098)
Backed out changeset a97052238dba (bug 1784098)
Backed out changeset a2bb8ecd6170 (bug 1784098)
Backed out changeset 16ab6547619c (bug 1784098)
 2022-08-22 20:50:21 +03:00
Dana Keeler 5a1655a87d Bug 1784098 - make nsISocketTransport.securityInfo explicit as nsISSLSocketControl r=necko-reviewers,kershaw 
Differential Revision: https://phabricator.services.mozilla.com/D154257
 2022-08-22 16:32:01 +00:00
Dana Keeler 0142f6d701 Bug 1784098 - move nsITLSServerConnectionInfo from nsISocketTransport.securityInfo to securityCallbacks r=necko-reviewers,kershaw 
In preparation for making nsISocketTransport.securityInfo a concrete type
(nsITransportSecurityInfo), nsITLSServerConnectionInfo needs to be moved off of
securityInfo. securityCallbacks seems like a reasonable place.

Differential Revision: https://phabricator.services.mozilla.com/D154256
 2022-08-22 16:32:01 +00:00
ffxbld 6cb19f9e34 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D155203
 2022-08-22 13:44:16 +00:00
Mark Banner ff257fb43c Bug 1786076 - Enable ESlint rule no-unused-vars on the global scope for security/manager/ssl/ xpcshell-tests. r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D155101
 2022-08-19 20:44:02 +00:00
Barret Rennie 6de0f1b749 Bug 1772923 - Port osfile.jsm usage to IOUtils in security/manager/ r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D153711
 2022-08-19 20:04:57 +00:00
Butkovits Atila e8ee25ae56 Backed out changeset ef7acc434052 (bug 1783223) for causing multiple mochitest failures. CLOSED TREE 2022-08-18 18:45:43 +03:00
ffxbld d61f881532 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM 
Differential Revision: https://phabricator.services.mozilla.com/D154979
 2022-08-18 14:05:58 +00:00
Nika Layzell 4011409c5d Bug 1783282 - Use a custom attribute instead of derive for implementing xpcom interfaces in rust, r=xpcom-reviewers,necko-reviewers,dragana,barret 
Differential Revision: https://phabricator.services.mozilla.com/D153801
 2022-08-18 13:57:35 +00:00
Jeff Muizelaar b55779b46a Bug 1783223 - Enable Arbitratry Code Guard in RDD on Nightly. r=bobowen 
This was previously disabled in bug 1673194 because of start up crashes.
It seems like msmpeg2vdec.dll may use dynamic code to support encrypted
code that uses. In recent versions of Windows this only seems used
in the 32bit version. The 32bit version will opt out of ACG on the
threads where it needs to use VirtualProtect so we use the weaker
variant there.

Differential Revision: https://phabricator.services.mozilla.com/D153762
 2022-08-18 13:41:24 +00:00
Anna Weine db08a45c3d Bug 1785784 - land NSS NSS_3_82_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,bbeurdouche 
Differential Revision: https://phabricator.services.mozilla.com/D154974
 2022-08-18 10:14:31 +00:00
Dana Keeler 7af450dab0 Bug 1781976 - remove expiring telemetry probe CLIENT_CERTIFICATE_SCAN_TIME r=ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D154436
 2022-08-17 18:50:26 +00:00
ffxbld 87bde7886c No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D154638
 2022-08-15 12:10:00 +00:00
Emilio Cobos Álvarez a7401488af Bug 1784265 - Drop support for flex attribute values other than 0 and 1. r=dholbert,mconley,preferences-reviewers 
This makes it easier to get parity between legacy and regular flex
without having to either have tons of arbitrary attribute selectors in
the xul sheet, nor adding attribute lookup hacks to the html flexbox
layout.

Also, reimplement the remaining supported flex attribute-values (0 and 1)
purely in terms of CSS rules in xul.css (regardless of whether
emulate-moz-box-with-flex is enabled).

In practice these are pretty uncommon and the style attribute does the
trick in every case I've tried.

Add a debug-only assertion to ensure we preserve behavior for now.

Add a new test with another behavior difference between flexbox
emulation and old xul layout because the old reftest now passes. Use
replaced elements, which in modern flex are treated differently.

Differential Revision: https://phabricator.services.mozilla.com/D154394
 2022-08-12 23:13:41 +00:00
Marian-Vasile Laza 7f5e2711c6 Backed out 3 changesets (bug 1784265) for causing reftest failures on flex-emulation-1.xhtml. CLOSED TREE 
Backed out changeset 415da4b53bdd (bug 1784265)
Backed out changeset e27b21c54b1f (bug 1784265)
Backed out changeset fcb1a053fbe2 (bug 1784265)
 2022-08-13 01:14:13 +03:00
Emilio Cobos Álvarez a2ec6564f3 Bug 1784265 - Drop support for flex attribute values other than 0 and 1. r=dholbert,mconley,preferences-reviewers 
This makes it easier to get parity between legacy and regular flex
without having to either have tons of arbitrary attribute selectors in
the xul sheet, nor adding attribute lookup hacks to the html flexbox
layout.

Also, reimplement the remaining supported flex attribute-values (0 and 1)
purely in terms of CSS rules in xul.css (regardless of whether
emulate-moz-box-with-flex is enabled).

In practice these are pretty uncommon and the style attribute does the
trick in every case I've tried.

Add a debug-only assertion to ensure we preserve behavior for now.

Add a new test with another behavior difference between flexbox
emulation and old xul layout because the old reftest now passes. Use
replaced elements, which in modern flex are treated differently.

Differential Revision: https://phabricator.services.mozilla.com/D154394
 2022-08-12 19:34:34 +00:00
ffxbld fe0b61866f No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan 
Differential Revision: https://phabricator.services.mozilla.com/D154378
 2022-08-11 19:10:20 +00:00
Nika Layzell 706cf2f2fa Bug 1782765 - Fix nullability of arrays of interfaces in Rust, r=xpcom-reviewers,necko-reviewers,mccr8,valentin 
When generating code for arrays of interfaces from the rust-xpidl
compiler, the type was declared incorrectly as ThinVec<RefPtr<T>>
instead of ThinVec<Option<RefPtr<T>>> meaning that null values in the
array would be handled incorrectly.

This patch fixes this code generation mistake and updates crates using
the interface to handle null values correctly.

Differential Revision: https://phabricator.services.mozilla.com/D153485
 2022-08-11 17:53:48 +00:00
Csoregi Natalia e2f0a85bfd Backed out changeset 5c13cd875d8b (bug 1772923) for causing failures on browser_cert_export.js. CLOSED TREE 2022-08-11 21:24:54 +03:00
Barret Rennie cda27c85fe Bug 1772923 - Port osfile.jsm usage to IOUtils in security/manager/ r=keeler 
Differential Revision: https://phabricator.services.mozilla.com/D153711
 2022-08-11 17:11:36 +00:00
Nika Layzell 45397cbfdd Bug 1779792 - Part 4: Deduplicate ProcessChild subclass constructors, r=ipc-reviewers,necko-reviewers,media-playback-reviewers,alwu,mccr8 
These constructors are unnecessary and can be defined with a `using` statement,
making it easier to change all constructors simultaneously.

Differential Revision: https://phabricator.services.mozilla.com/D153620
 2022-08-10 14:55:23 +00:00
Nika Layzell 2ac29a461a Bug 1779792 - Part 3: Use an endpoint to bind the initial actor in parent processes, r=ipc-reviewers,necko-reviewers,media-playback-reviewers,alwu,mccr8 
This improves consistency with the child process case, and will make it easier
to attach additional state without needing to thread it through every child
process callsite manually.

Differential Revision: https://phabricator.services.mozilla.com/D153619
 2022-08-10 14:55:22 +00:00