This type is also used in other places to start non-initial actors, and will
allow us to attach additional state more easily without needing to thread it
through every child process callsite manually.
Differential Revision: https://phabricator.services.mozilla.com/D153618
We uninstall signal handlers in child processes after clone(), because
they probably won't do the right thing if invoked in that context.
However, the current code also resets signals which were ignored;
if that disposition was set by an outside program like `nohup`, the
expectation is that it should be inherited. This patch omits those
signals when resetting handlers (similar to what `exec` does).
Differential Revision: https://phabricator.services.mozilla.com/D151336
These tests set up an ECH server which will only negotiate http/1.1 in the TLS ALPN extension.
If the client doesn't send an ALPN offering at least http/1.1 the connection will fail with
SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL.
Differential Revision: https://phabricator.services.mozilla.com/D153368
The biggest set of APIs from ns[T]StringObsolete which are still heavily used
are the string searching APIs. It appears the intention was for these to be
replaced by the `FindInReadable` APIs, however that doesn't appear to have
happened.
In addition, the APIs have some quirks around their handling of mixed character
widths. These APIs generally supported both narrow strings and the native
string type, probably because char16_t string literals weren't available until
c++11. Finally they also used easy-to-confuse unlabeled boolean and integer
optional arguments to control behaviour.
These patches do the following major changes to the searching APIs:
1. The ASCII case-insensitive search method was split out as
LowerCaseFindASCII, rather than using a boolean. This should be less
error-prone and more explicit, and allows the method to continue to use
narrow string literals for all string types (as only ASCII is supported).
2. The other [R]Find methods were restricted to only support arguments with
matching character types. I considered adding a FindASCII method which would
use narrow string literals for both wide and narrow strings but it would've
been the same amount of work as changing all of the literals to unicode
literals.
This ends up being the bulk of the changes in the patch.
3. All find methods were re-implemented using std::basic_string_view's find
algorithm or stl algorithms to reduce code complexity, and avoid the need to
carry around the logic from nsStringObsolete.cpp.
4. The implementations were moved to nsTStringRepr.cpp.
5. An overload of Find was added to try to catch callers which previously
called `Find(..., false)` or `Find(..., true)` to set case-sensitivity, due
to booleans normally implicitly coercing to `index_type`. This should
probably be removed at some point, but may be useful during the transition.
Differential Revision: https://phabricator.services.mozilla.com/D148300
This patch moves EqualsIgnoreCase to ns[T]StringObsolete, and removes
the aCount argument, instead migrating callers to use `StringBeginsWith`
with a case-insensitive comparator.
In addition, nsTStringRepr::Compare was removed and replaced with either
calls to methods like `StringBeginsWith` or the global `Compare` method.
These changes required some modifications at call-sites but should make
the behaviour less surprising and more consistent.
Differential Revision: https://phabricator.services.mozilla.com/D148299
`strerror` is async signal unsafe, and we're using it in contexts where
that's a problem: in particular in the child process after `clone()`ing,
where it can deadlock if it takes locks the parents' other threads had
held (or cause other undefined behavior), but also in the SIGSYS handler
if it's nested inside an async signal. It's also thread-unsafe.
This is mostly a mechanical replacement with the new `SANDBOX_LOG_ERRNO`
or `SANDBOX_LOG_WITH_ERROR`; two messages had the error string in the
middle and have been adjusted.
Differential Revision: https://phabricator.services.mozilla.com/D152099
This adds two new logging macros, which are intended to be async signal
safe:
* `SANDBOX_LOG_ERRNO`, which appends the error similarly to `perror` but
uses the error identifier (e.g., `EINVAL` instead of `Invalid argument`).
Unlike `perror`, formatting directives are available as for `SANDBOX_LOG`.
* `SANDBOX_LOG_WITH_ERROR` is the same thing but the error number is the
first argument instead of using `errno`; this is useful for newer POSIX
APIs which return an error number.
This will be used in the next patch to replace the existing use of
`strerror`, which is not async signal safe (or thread-safe).
Differential Revision: https://phabricator.services.mozilla.com/D152098
Originally this was written for B2G and used the Android logging
facility, which (like syslog) includes a severity level. However, all
current usage is on desktop where we just write to stderr, and there was
never much demand to add support for any log levels besides "error".
More importantly for the current situation, renaming the macro to
`SANDBOX_LOG` avoids confusion between `SANDBOX_LOG_ERROR` and
`SANDBOX_LOG_ERRNO` (or `SANDBOX_LOG_ERROR_ERRNO` or whatever).
Differential Revision: https://phabricator.services.mozilla.com/D152097
Two minor things I noticed while converting the existing sandbox logging:
1. One call site was using %u, but that doesn't exist in this printf
dialect, only %d; signedness is determined by the actual argument
type via template magic.
2. POSIX functions that return an error number just return the number;
there was one place that was negating it before use, as if it had
come from the Linux syscall ABI.
Differential Revision: https://phabricator.services.mozilla.com/D152096
This prevents copies and avoids the hack we have to avoid this, which
right now is using nsDependent{C,}String.
Non-virtual actors can still use `nsString` if they need to on the
receiving end.
Differential Revision: https://phabricator.services.mozilla.com/D152519
This patch adds two new telemetry histograms which collect specific types
of TLS handshake seperately from existing handshakes.
- The conservative histogram tracks handshakes used for essential connections (e.g. update checks)
- The first-try histogram tracks all initial connection attempts. This allows us to identify issues that might otherwise be masked by our retry logic.
A single handshake may belong to more than one histogram. All handshakes belong to the root histogram.
As the histogram buckets are aligned, it is possible to derive new histograms from these stored results.
For example, as ECH GREASE is only used on first-try handshakes, the histogram from non-GREASE first-try
handshakes can be calculated by subtracting the entries in the GREASE histogram from the first-try histogram.
This patch also extends the existing handshake necko tests to verify that the telemetry is recorded correctly.
Telemetry checks don't run if networking is running on the socket process as the histograms are no longer
accessible.
Differential Revision: https://phabricator.services.mozilla.com/D150754
If nsNSSSocketInfo::mFd is nullptr, it means the connection has been closed.
This isn't an error, and ClientAuthCertificateSelected shouldn't assert if this
happens.
Differential Revision: https://phabricator.services.mozilla.com/D151962
Cleanup our entitlement files by removing entitlements that use the default setting of false.
production.entitlements.xml and developer.entitlements.xml are used today.
The browser and plugin-container entitlement lists will be used when we enable using different entitlements for parent and child processes.
Differential Revision: https://phabricator.services.mozilla.com/D151943
In bug 1682412, loadCerts was removed from nsICertTree. At the time, the
certificate manager still had one use of it that should have been updated to
loadCertsFromCache. This patch makes that update.
Differential Revision: https://phabricator.services.mozilla.com/D150503
On multi-GPU systems, even though the GPU we're going to use for
accelerated video decoding is driven by Mesa, sometimes the nvidia
proprietary driver can be loaded and attempt to probe devices. This
patch attempts to make the sandbox policy quietly return errors for
those syscalls, instead of treating them as unexpected (and crashing on
Nightly).
Differential Revision: https://phabricator.services.mozilla.com/D149652
There are two parts to this patch; both affect only Linux:
1. The GMP sandbox policy is adjusted to allow certain syscalls used in
shared memory creation (ftruncate and fallocate). However, the file
broker is not used; the process still has no access to files in /dev/shm.
2. The profiler is not initialized for GMP processes unless memfd_create
is available (so the process can create shared memory to send
profiling data back, without filesystem access), or the GMP sandbox
is disabled (either at runtime or build time).
As of this patch, profiling GMP processes on Linux should succeed on
distros with kernel >=3.17 (Oct. 2014), but native stack frames won't
have symbols (and may be incorrectly unwound, not that it matters much
without symbols); see the bug for more info. Pseudo-stack frames and
markers should work, however.
Differential Revision: https://phabricator.services.mozilla.com/D148470
The profiler may try to readlink `/proc/self/exe` to determine the
executable name; currently, its attempt to get information about loaded
objects is broken for other reasons, so this isn't helpful. Thus, this
patch has it fail with `EINVAL` (meaning "not a symbolic link) instead of
being treated as unexpected.
(In the future, if we need to, we could simulate that syscall by
recording the target of `/proc/self/exe` before sandboxing, and
recognizing that specific case in a trap function.)
Differential Revision: https://phabricator.services.mozilla.com/D148469
Before this patch, the certificate verifier would only attempt to build a
trusted path to a root with the first recognized EV OID in the end-entity
certificate. Thus, if an end-entity certificate had more than one EV OID, it
could fail to verify as EV if an intermediate or root had the "wrong" EV OID.
This patch addresses this shortcoming by trying to build a path with each
recognized EV OID in the end-entity certificate until it finds one that works.
Differential Revision: https://phabricator.services.mozilla.com/D149319
Certificate error overrides made in non-private contexts should be availble in
private contexts as well (but not vice-versa).
Differential Revision: https://phabricator.services.mozilla.com/D149296
Add a preference for whether to remove ECH GREASE extensions when retrying a connection. This repurposes the flag which was previously present but not actually functional.
Differential Revision: https://phabricator.services.mozilla.com/D147191
The biggest set of APIs from ns[T]StringObsolete which are still heavily used
are the string searching APIs. It appears the intention was for these to be
replaced by the `FindInReadable` APIs, however that doesn't appear to have
happened.
In addition, the APIs have some quirks around their handling of mixed character
widths. These APIs generally supported both narrow strings and the native
string type, probably because char16_t string literals weren't available until
c++11. Finally they also used easy-to-confuse unlabeled boolean and integer
optional arguments to control behaviour.
These patches do the following major changes to the searching APIs:
1. The ASCII case-insensitive search method was split out as
LowerCaseFindASCII, rather than using a boolean. This should be less
error-prone and more explicit, and allows the method to continue to use
narrow string literals for all string types (as only ASCII is supported).
2. The other [R]Find methods were restricted to only support arguments with
matching character types. I considered adding a FindASCII method which would
use narrow string literals for both wide and narrow strings but it would've
been the same amount of work as changing all of the literals to unicode
literals.
This ends up being the bulk of the changes in the patch.
3. All find methods were re-implemented using std::basic_string_view's find
algorithm or stl algorithms to reduce code complexity, and avoid the need to
carry around the logic from nsStringObsolete.cpp.
4. The implementations were moved to nsTStringRepr.cpp.
5. An overload of Find was added to try to catch callers which previously
called `Find(..., false)` or `Find(..., true)` to set case-sensitivity, due
to booleans normally implicitly coercing to `index_type`. This should
probably be removed at some point, but may be useful during the transition.
Differential Revision: https://phabricator.services.mozilla.com/D148300
This changes the behavior of CRLite when configured in `ConfirmRevocations`
mode (the default mode on nightly and early beta). Under the new definition,
ConfirmRevocations mode fails closed when OCSP fails open. In particular, a
certificate will be marked as "Revoked" in the following scenarios:
- CRLite returns "Revoked" and the certificate does not list an OCSP URL,
- CRLite returns "Revoked" and the OCSP responder is unreachable,
- CRLite returns "Revoked" and the OCSP responder returns an error.
Differential Revision: https://phabricator.services.mozilla.com/D148686
Add a preference for whether to remove ECH GREASE extensions when retrying a connection. This repurposes the flag which was previously present but not actually functional.
Differential Revision: https://phabricator.services.mozilla.com/D147191
Drop the com.apple.security.cs.allow-dyld-environment-variables entitlement to disallow use of dyld environment variables in signed production builds.
Leave the entitlement in for signed developer builds.
Firefox gtests depend on the use of DYLD_LIBRARY_PATH. However, testing infrastructure does not run gtests on signed builds and therefore gtests are not impacted by this change. gtests could be run on signed developer builds in the future which will still allow dyld environment variables after this change.
browser.production.entitlements.xml and plugin-container.production.entitlements.xml are not used, but being kept up to date.
Differential Revision: https://phabricator.services.mozilla.com/D148324
Before this patch, the content signature verifier
(nsIContentSignatureVerifier/ContentSignatureVerifier) would identify the root
it trusted based on the value of a preference. This patch changes the
implementation to require a specified hard-coded root to trust as with add-on
signature verification.
Depends on D146644
Differential Revision: https://phabricator.services.mozilla.com/D146645
Before this patch, the app signature verification code lived in security/apps/.
The majority of the rest of PSM is in security/manager/ssl/ and there's little
reason to have that extra directory for the app signature verification
implementation alone.
Differential Revision: https://phabricator.services.mozilla.com/D146644
The patch for bug 1769499 lets the RDD process create a headless EGL
context using GBM, which needs access only to the GPU device files, not
the display server. This means that the X11 access recently added in
bug 1769182 can be turned back off.
Differential Revision: https://phabricator.services.mozilla.com/D147792
2022-05-26 Dennis Jackson <djackson@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.79 final
[3463596523be] [NSS_3_79_RTM] <NSS_3_79_BRANCH>
2022-05-20 Dennis Jackson <djackson@mozilla.com>
* .hgtags:
Added tag NSS_3_79_BETA2 for changeset 82f9862369bd
[5498a0531d73] <NSS_3_79_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D147412
This introduces a breaking change: the buckets cannot be changed via preferences anymore.
Before landing this patch, we should have a released a new version of the Remote Settings DevTools that is compatible with this new API.
Differential Revision: https://phabricator.services.mozilla.com/D145455
The ability to customize this preference name has very little value. We introduced this feature when we refactored our ad-hoc Kinto clients into a single RemoteSetting client.
Renaming this preference means that the DevTools will display an empty field until settings are resynced.
Differential Revision: https://phabricator.services.mozilla.com/D145454
This transferred sandbox mitigations directly into child process memory, which
may have caused issues with some security software.
Depends on D146930
Differential Revision: https://phabricator.services.mozilla.com/D146931
2022-05-19 John M. Schanck <jschanck@mozilla.com>
* lib/ckfw/wrap.c:
Bug 1766978 - improve error handling after
nssCKFWInstance_CreateObjectHandle. r=djackson
[2efccbd85918] [tip]
2022-03-18 Robert Relyea <rrelyea@redhat.com>
* cmd/pk12util/pk12util.c, lib/pkcs12/p12local.c,
tests/common/init.sh, tests/tools/tools.sh:
Bug 1757075 NSS does not properly import or export pkcs12 files with
large passwords and pkcs5v2 encoding.
Don't use NULL when encoding UTF8 with pkcs5v2. Fix a bug here when
converting from UCS2 to UTF8 we would add a double NULL when adding
a NULL.
[0f4664512bd0]
2022-05-17 Dennis Jackson <djackson@mozilla.com>
* nspr.patch:
Remove nspr.patch mistakenly committed in e3ac914bc684
[99e32fcca1c7]
2022-05-17 Leander Schwarz <lschwarz@mozilla.com>
* gtests/ssl_gtest/ssl_record_unittest.cc,
gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/ssl3gthr.c, lib/ssl/tls13con.c:
Bug 1764788 - Correct invalid record inner and outter content type
alerts. r=djackson
Added test cases for alerts during and pre handshake as well as TLS
1.3 only after handshake (application data) cases due to unsupported
de- and encryption of lower TLS version records in gtest.
Adjusted some test cases that expect failed connections to the
updated alerts.
[7f4b0af3a526]
* gtests/ssl_gtest/ssl_version_unittest.cc, lib/ssl/ssl3con.c:
Bug 1765753 - TLS 1.3 Server: Send protocol_version alert on
unsupported ClientHello.legacy_version. r=djackson
[bc7bfba47e0a]
* gtests/ssl_gtest/ssl_extension_unittest.cc, lib/ssl/ssl3exthandle.c:
Bug 1765753 - Added RFC8422 compliant TLS <= 1.2
undefined/compressed ECPointFormat extension alerts. r=djackson
[d06a8831ec84]
2022-05-16 John M. Schanck <jschanck@mozilla.com>
* gtests/util_gtest/manifest.mn, gtests/util_gtest/util_gtest.gyp,
gtests/util_gtest/util_secasn1d_unittest.cc, lib/util/secasn1d.c:
Bug 1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside
indefinite GROUP. r=keeler,nss-reviewers,djackson
In an iteration over elements of an indefinite-length encoded GROUP
(sec_asn1d_next_in_group), the child of the current state is
responsible for parsing the GROUP's end-of-contents octets---a call
to sec_asn1d_parse_end_of_contents(state->child) sets the
endofcontents flag for state->child and a later call to
sec_asn1d_next_in_group checks state->child->endofcontents and
terminates the iteration.
In an iteration over elements of an indefinite-length encoded
SEQUENCE (sec_asn1d_next_in_sequence), on the other hand, the
current state, not its child, handles the end-of-contents octets.
Prior to this commit, an error would occur when state pointed to an
indefinite-length encoded GROUP and state->child pointed to an
indefinite-length encoded SEQUENCE. In this case, state->child would
be passed to sec_asn1d_parse_end_of_contents to parse the SEQUENCE's
end-of-contents octets. This would set the endofcontents flag for
state->child, and this would be misinterpreted as an end-of-
iteration signal for the surrounding GROUP.
[1811eec24997]
* automation/abi-check/expected-report-libnss3.so.txt,
lib/nss/nss.def, lib/pk11wrap/pk11list.c, lib/pk11wrap/pk11util.c,
lib/pk11wrap/secmod.h, lib/util/nssrwlk.h:
Bug 1753315 - Add SECMOD_LockedModuleHasRemovableSlots. r=rrelyea
[499ae15c18ad]
2022-05-13 Kai Engert <kaie@kuix.de>
* automation/abi-check/expected-report-libnspr4.so.txt,
cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c, nspr.patch:
Bug 1769295 - selfserv and tstclnt should use
PR_GetPrefLoopbackAddrInfo. r=rrelyea
[e3ac914bc684]
2022-05-11 John M. Schanck <jschanck@mozilla.com>
* lib/softoken/legacydb/lginit.c:
Bug 1454072 - Use of uninitialized pointer in lg_init after alloc
fail. r=nss-reviewers,nkulatova
[927d47dcc509]
2022-05-06 John M. Schanck <jschanck@mozilla.com>
* automation/clang-format/Dockerfile:
Bug 1766907 - Update mercurial in clang-format docker image. r=mt
[83a89ed9f527]
Differential Revision: https://phabricator.services.mozilla.com/D146888
This patch mostly turns on the features set up by the earlier patches:
allow connecting to the X server and reading various related things
(.Xauthority, GPU device info in sysfs, etc.). It also turns off Mesa's
shader cache in the RDD process; that shouldn't be needed here, and
disabling it lets us avoid dealing with a few things in the sandbox
policy that we'd rather not (e.g., `getpwuid`).
Differential Revision: https://phabricator.services.mozilla.com/D146275
This patch moves a lot of text but the idea is relatively simple and
no functional change is intended: factor out the parts of the content
sandbox policy needed to create and use an EGL context under X11.
(The `AddDriPaths` function already has some of the dependencies in a
conveniently separated form, but there are others.)
Differential Revision: https://phabricator.services.mozilla.com/D146274
These syscalls (at least send/recv) are used by X11 client libraries, and
allowing them doesn't really change anything about security or attack
surface, because they're strict subsets of sendmsg/recvmsg which we
already allow everywhere for use by IPC. So, this patch allows them in
all process types instead of only content.
Differential Revision: https://phabricator.services.mozilla.com/D146273
We're going to want to let the RDD process make a (brokered) connection
to a local X server, but the seccomp-bpf plumbing for that mostly lives
in the content process sandbox policy. This moves it into the common
policy, and subclasses can opt in.
Differential Revision: https://phabricator.services.mozilla.com/D146272
The arguments to the SandboxPolicyCommon contructor will get more
complicated as more optional features are added (e.g., the one added in
the next patch), and they're basically just mapped to boolean member
variables, so this patch lets the subclasses set them directly, to keep
things simpler and more readable.
Differential Revision: https://phabricator.services.mozilla.com/D146271
This patch won't actually build, because a few bits of code are used
for both nsIFactory::createInstance and static components, and static
components are not fixed until the next patch.
The first place is nsLoadGroupConstructor, which uses an nsIFactory
macro to create a static component constructor. (This could be worked
around by expanding the macro to the state before this patch.)
The other issue is that nsAppShellConstructor is used in an nsIFactory
on OSX, but as a static component on all other platforms. This could
be worked around by wrapping nsAppShellConstructor in an adaptor that
passes in the extra null argument to nsAppShellConstructor.
Differential Revision: https://phabricator.services.mozilla.com/D146456
This patch mostly turns on the features set up by the earlier patches:
allow connecting to the X server and reading various related things
(.Xauthority, GPU device info in sysfs, etc.). It also turns off Mesa's
shader cache in the RDD process; that shouldn't be needed here, and
disabling it lets us avoid dealing with a few things in the sandbox
policy that we'd rather not (e.g., `getpwuid`).
Differential Revision: https://phabricator.services.mozilla.com/D146275
This patch moves a lot of text but the idea is relatively simple and
no functional change is intended: factor out the parts of the content
sandbox policy needed to create and use an EGL context under X11.
(The `AddDriPaths` function already has some of the dependencies in a
conveniently separated form, but there are others.)
Differential Revision: https://phabricator.services.mozilla.com/D146274
These syscalls (at least send/recv) are used by X11 client libraries, and
allowing them doesn't really change anything about security or attack
surface, because they're strict subsets of sendmsg/recvmsg which we
already allow everywhere for use by IPC. So, this patch allows them in
all process types instead of only content.
Differential Revision: https://phabricator.services.mozilla.com/D146273
We're going to want to let the RDD process make a (brokered) connection
to a local X server, but the seccomp-bpf plumbing for that mostly lives
in the content process sandbox policy. This moves it into the common
policy, and subclasses can opt in.
Differential Revision: https://phabricator.services.mozilla.com/D146272
The arguments to the SandboxPolicyCommon contructor will get more
complicated as more optional features are added (e.g., the one added in
the next patch), and they're basically just mapped to boolean member
variables, so this patch lets the subclasses set them directly, to keep
things simpler and more readable.
Differential Revision: https://phabricator.services.mozilla.com/D146271
This also upgrades the headers crate to 0.3.7. Webdriver depends on warp 0.2,
which depends on headers 0.3. But headers < 0.3.7 depends on sha-1 < 0.10. We
need sha-1 and sha2 at the same minor version to avoid duplicate block-buffer,
generic-array, and digest crates.
Differential Revision: https://phabricator.services.mozilla.com/D146010
This patch removes the redundant nsICryptoHMAC interface and implementation,
updates front-end code to use WebCrypto, and changes back-end code to use the
helper class HMAC introduced by this patch.
This also removes the last uses of nsIKeyObject and nsIKeyObjectFactory, and
thus those interfaces and implementations as well.
Differential Revision: https://phabricator.services.mozilla.com/D145656
Chrome's transport_security_state_static.pins (used by Gecko to glean static
pinning information) recently added a timestamp to note its creation time.
This patch updates genHPKPStaticPins.js to handle the timestamp's presence by
ignoring it.
This also removes the obsolete security/manager/tools/genHPKPStaticPins.js.
The canonical version of that file is
taskcluster/docker/periodic-updates/scripts/genHPKPStaticPins.js.
Differential Revision: https://phabricator.services.mozilla.com/D146226
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Depends on D145152
Differential Revision: https://phabricator.services.mozilla.com/D145390
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Depends on D145151
Differential Revision: https://phabricator.services.mozilla.com/D145152
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Depends on D145150
Differential Revision: https://phabricator.services.mozilla.com/D145151
Using static preferences in PSM will eventually allow NSS to be initialized on
a background thread instead of blocking the main thread.
Differential Revision: https://phabricator.services.mozilla.com/D145150
Bug 1766687 will remove support for sha-1 signatures in certificates entirely.
This patch will disable sha-1 via the preference and ride the trains first, to
allow time for any organizations that somehow still use certificates with sha-1
signatures to re-sign them.
Differential Revision: https://phabricator.services.mozilla.com/D145359
#including ApplicationServices.h within `namespace ApplicationServices` indirectly causes emmintrin.h to also be #included in namespace ApplicationServices in non-unified builds.
In file included from security/sandbox/common/test/SandboxTestingChild.cpp:12:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/mozilla/ipc/UtilityProcessChild.h:10:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/mozilla/ipc/UtilityAudioDecoderParent.h:9:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/ipc/ipdl/_ipdlheaders/mozilla/PRemoteDecoderManagerParent.h:23:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/PlatformDecoderModule.h:23:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/mozilla/layers/KnowsCompositor.h:10:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/mozilla/layers/LayersTypes.h:14:
In file included from objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/Units.h:19:
objdir-x86_64-apple-darwin21.4.0-clang-mozbuild/dist/include/nsRect.h:294:26: error: unknown type name '__m128i'; did you mean 'ApplicationServices::__m128i'?
static MOZ_ALWAYS_INLINE __m128i floor_ps2epi32(__m128 x) {
^~~~~~~
ApplicationServices::__m128i
/Users/chris/.mozbuild/clang/lib/clang/14.0.1/include/emmintrin.h:20:19: note: 'ApplicationServices::__m128i' declared here
typedef long long __m128i __attribute__((__vector_size__(16), __aligned__(16)));
Differential Revision: https://phabricator.services.mozilla.com/D145516
With MOZ_FORMAT_PRINTF annotations, the compiler expects a wchar_t*, and
it won't automatically consider char16ptr_t to be compatible with that.
While handling strings, there's one case of formatting that doesn't need
to use %S at all.
Differential Revision: https://phabricator.services.mozilla.com/D144919
In future parts, TaskQueue will require extra initialization to be performed
which cannot happen in a constructor, as it takes references to the TaskQueue
object itself, which will require the introduction of a helper method. This
patch switches all callers of the TaskQueue constructor to use the new method.
Differential Revision: https://phabricator.services.mozilla.com/D142604
browser/components/shell/WindowsUserChoice.cpp(233,23): error: comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
for (int j = 0; j < DWORDS_PER_BLOCK; ++j) {
~ ^ ~~~~~~~~~~~~~~~~
browser/components/shell/WindowsUserChoice.cpp(388,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(exts); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~
browser/components/shell/nsWindowsShellService.cpp(1225,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(shortcutCSIDLs); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
browser/components/shell/nsWindowsShellService.cpp(1492,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(folders); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~
dom/media/platforms/wmf/MFTDecoder.cpp(85,23): error: comparison of integers of different signs: 'int' and 'UINT32' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 1; i < actsNum; i++) {
~ ^ ~~~~~~~
gfx/2d/Factory.cpp(1276,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int y = 0; y < height; y++) {
~ ^ ~~~~~~
gfx/layers/d3d11/CompositorD3D11.cpp(1096,36): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
swapDesc.BufferDesc.Height == mSize.height) ||
~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~
gfx/layers/d3d11/CompositorD3D11.cpp(1095,35): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
if (((swapDesc.BufferDesc.Width == mSize.width &&
~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~
gfx/layers/d3d11/TextureD3D11.cpp(1278,30): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
currentDesc.Height != mSize.height ||
~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~
gfx/layers/d3d11/TextureD3D11.cpp(1277,29): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
if (currentDesc.Width != mSize.width ||
~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~
gfx/layers/ipc/ContentCompositorBridgeParent.cpp(248,19): error: comparison of integers of different signs: 'const uint32_t' (aka 'const unsigned int') and 'int32_t' (aka 'int') [-Werror,-Wsign-compare]
if (sequenceNum == status.sequenceNumber() && !dm->HasDeviceReset()) {
~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(129,21): error: comparison of integers of different signs: 'int' and 'unsigned int' [-Werror,-Wsign-compare]
if (resultColor != 0xffffff00) {
~~~~~~~~~~~ ^ ~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(154,23): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < PR_ARRAY_SIZE(checkModules); i += 1) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(409,14): error: comparison of integers of different signs: 'int32_t' (aka 'int') and 'UINT' (aka 'unsigned int') [-Werror,-Wsign-compare]
if (vendor != desc.VendorId) {
~~~~~~ ^ ~~~~~~~~~~~~~
gfx/thebes/gfxDWriteFontList.cpp(1248,39): error: comparison of integers of different signs: 'unsigned int' and 'int' [-Werror,-Wsign-compare]
addFamily(names[index], index != sysLocIndex);
~~~~~ ^ ~~~~~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(121,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(132,23): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(138,23): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(319,26): error: comparison of integers of different signs: 'std::basic_string<char>::size_type' (aka 'unsigned long long') and 'int' [-Werror,-Wsign-compare]
while (line.length() > whitespace &&
~~~~~~~~~~~~~ ^ ~~~~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(1003,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 1; i < noPlaceholderSpans.length(); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(1708,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < dataLen / (2 * sizeof(double)); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/sandbox/chromium-shim/sandbox/win/permissionsService.cpp(40,16): error: comparison of integers of different signs: 'int' and 'const std::basic_string<wchar_t>::size_type' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
if (slashIdx != std::wstring::npos) {
~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~
toolkit/components/aboutthirdparty/tests/gtest/TestAboutThirdParty.cpp(107,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kDirectoriesUnsorted); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/breakpad-client/windows/crash_generation/crash_generation_server.cc(957,23): error: comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < kExceptionAppMemoryRegions; i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(373,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(kDefaultAttachedBottom) / sizeof(UINT); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(671,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(controls) / sizeof(controls[0]); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(1048,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(kDefaultAttachedBottom) / sizeof(UINT); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/mozapps/defaultagent/SetDefaultBrowser.cpp(248,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < mozilla::ArrayLength(associations); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/system/windowsproxy/ProxyUtils.cpp(27,36): error: comparison of integers of different signs: 'const int' and 'nsTArray_base::size_type' (aka 'unsigned long long') [-Werror,-Wsign-compare]
if (i < addr.Length()) {
~ ^ ~~~~~~~~~~~~~
toolkit/xre/dllservices/mozglue/interceptor/Arm64.h(178,28): error: comparison of integers of different signs: 'int32_t' (aka 'int') and 'unsigned int' [-Werror,-Wsign-compare]
if (signbits && signbits != 0xFE000000) {
~~~~~~~~ ^ ~~~~~~~~~~
obj-build/dist/include/gtest/gtest.h(1842,54): note: expanded from macro 'EXPECT_EQ'
EXPECT_PRED_FORMAT2(::testing::internal::EqHelper::Compare, val1, val2)
^
obj-build/dist/include/gtest/gtest.h(1354,11): error: comparison of integers of different signs: 'const unsigned int' and 'const int' [-Werror,-Wsign-compare]
if (lhs == rhs) {
~~~ ^ ~~~
obj-build/dist/include/gtest/gtest.h(1373,12): note: in instantiation of function template specialization 'testing::internal::CmpHelperEQ<unsigned int, int>' requested here
return CmpHelperEQ(lhs_expression, rhs_expression, lhs, rhs);
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(35,5): note: in instantiation of function template specialization 'testing::internal::EqHelper::Compare<unsigned int, int, nullptr>' requested here
EXPECT_EQ(mCounters.Count(), N);
^
obj-build/dist/include/gtest/gtest.h(1842,54): note: expanded from macro 'EXPECT_EQ'
EXPECT_PRED_FORMAT2(::testing::internal::EqHelper::Compare, val1, val2)
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(210,28): note: in instantiation of function template specialization 'ModuleLoadCounter::Remains<1>' requested here
EXPECT_TRUE(waitForOne.Remains({kTestModules[0]}, {0}));
^
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(139,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(151,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(164,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
obj-build/dist/include/gtest/gtest.h(1354,11): error: comparison of integers of different signs: 'const int' and 'const unsigned long long' [-Werror,-Wsign-compare]
if (lhs == rhs) {
~~~ ^ ~~~
obj-build/dist/include/gtest/gtest.h(1373,12): note: in instantiation of function template specialization 'testing::internal::CmpHelperEQ<int, unsigned long long>' requested here
return CmpHelperEQ(lhs_expression, rhs_expression, lhs, rhs);
^
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(138,3): note: in instantiation of function template specialization 'testing::internal::EqHelper::Compare<int, unsigned long long, nullptr>' requested here
EXPECT_EQ(len, ArrayLength(kExpectedArgsW));
^
widget/windows/TSFTextStore.cpp(3455,28): error: comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'long' [-Werror,-Wsign-compare]
range.mEndOffset == end - mComposition->StartOffset() &&
~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
widget/windows/TSFTextStore.cpp(3454,30): error: comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'long' [-Werror,-Wsign-compare]
if (range.mStartOffset == start - mComposition->StartOffset() &&
~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xpfe/appshell/AppWindow.cpp(1900,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < toolbarSprings->Length(); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~
Differential Revision: https://phabricator.services.mozilla.com/D144695
browser/components/shell/WindowsUserChoice.cpp(233,23): error: comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
for (int j = 0; j < DWORDS_PER_BLOCK; ++j) {
~ ^ ~~~~~~~~~~~~~~~~
browser/components/shell/WindowsUserChoice.cpp(388,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(exts); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~
browser/components/shell/nsWindowsShellService.cpp(1225,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(shortcutCSIDLs); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
browser/components/shell/nsWindowsShellService.cpp(1492,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(folders); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~
dom/media/platforms/wmf/MFTDecoder.cpp(85,23): error: comparison of integers of different signs: 'int' and 'UINT32' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 1; i < actsNum; i++) {
~ ^ ~~~~~~~
gfx/2d/Factory.cpp(1276,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int y = 0; y < height; y++) {
~ ^ ~~~~~~
gfx/layers/d3d11/CompositorD3D11.cpp(1096,36): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
swapDesc.BufferDesc.Height == mSize.height) ||
~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~
gfx/layers/d3d11/CompositorD3D11.cpp(1095,35): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
if (((swapDesc.BufferDesc.Width == mSize.width &&
~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~
gfx/layers/d3d11/TextureD3D11.cpp(1278,30): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
currentDesc.Height != mSize.height ||
~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~
gfx/layers/d3d11/TextureD3D11.cpp(1277,29): error: comparison of integers of different signs: 'UINT' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
if (currentDesc.Width != mSize.width ||
~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~
gfx/layers/ipc/ContentCompositorBridgeParent.cpp(248,19): error: comparison of integers of different signs: 'const uint32_t' (aka 'const unsigned int') and 'int32_t' (aka 'int') [-Werror,-Wsign-compare]
if (sequenceNum == status.sequenceNumber() && !dm->HasDeviceReset()) {
~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(129,21): error: comparison of integers of different signs: 'int' and 'unsigned int' [-Werror,-Wsign-compare]
if (resultColor != 0xffffff00) {
~~~~~~~~~~~ ^ ~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(154,23): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < PR_ARRAY_SIZE(checkModules); i += 1) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
gfx/thebes/D3D11Checks.cpp(409,14): error: comparison of integers of different signs: 'int32_t' (aka 'int') and 'UINT' (aka 'unsigned int') [-Werror,-Wsign-compare]
if (vendor != desc.VendorId) {
~~~~~~ ^ ~~~~~~~~~~~~~
gfx/thebes/gfxDWriteFontList.cpp(1248,39): error: comparison of integers of different signs: 'unsigned int' and 'int' [-Werror,-Wsign-compare]
addFamily(names[index], index != sysLocIndex);
~~~~~ ^ ~~~~~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(121,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(132,23): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
intl/lwbrk/nsUniscribeBreaker.cpp(138,23): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < aLength; ++i) {
~ ^ ~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(319,26): error: comparison of integers of different signs: 'std::basic_string<char>::size_type' (aka 'unsigned long long') and 'int' [-Werror,-Wsign-compare]
while (line.length() > whitespace &&
~~~~~~~~~~~~~ ^ ~~~~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(1003,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 1; i < noPlaceholderSpans.length(); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
mozglue/misc/PreXULSkeletonUI.cpp(1708,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < dataLen / (2 * sizeof(double)); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/sandbox/chromium-shim/sandbox/win/permissionsService.cpp(40,16): error: comparison of integers of different signs: 'int' and 'const std::basic_string<wchar_t>::size_type' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
if (slashIdx != std::wstring::npos) {
~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~
toolkit/components/aboutthirdparty/tests/gtest/TestAboutThirdParty.cpp(107,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kDirectoriesUnsorted); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/breakpad-client/windows/crash_generation/crash_generation_server.cc(957,23): error: comparison of integers of different signs: 'int' and 'const size_t' (aka 'const unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < kExceptionAppMemoryRegions; i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(373,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(kDefaultAttachedBottom) / sizeof(UINT); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(671,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(controls) / sizeof(controls[0]); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/crashreporter/client/crashreporter_win.cpp(1048,21): error: comparison of integers of different signs: 'int' and 'unsigned long long' [-Werror,-Wsign-compare]
for (int i = 0; i < sizeof(kDefaultAttachedBottom) / sizeof(UINT); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/mozapps/defaultagent/SetDefaultBrowser.cpp(248,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < mozilla::ArrayLength(associations); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/system/windowsproxy/ProxyUtils.cpp(27,36): error: comparison of integers of different signs: 'const int' and 'nsTArray_base::size_type' (aka 'unsigned long long') [-Werror,-Wsign-compare]
if (i < addr.Length()) {
~ ^ ~~~~~~~~~~~~~
toolkit/xre/dllservices/mozglue/interceptor/Arm64.h(178,28): error: comparison of integers of different signs: 'int32_t' (aka 'int') and 'unsigned int' [-Werror,-Wsign-compare]
if (signbits && signbits != 0xFE000000) {
~~~~~~~~ ^ ~~~~~~~~~~
obj-build/dist/include/gtest/gtest.h(1842,54): note: expanded from macro 'EXPECT_EQ'
EXPECT_PRED_FORMAT2(::testing::internal::EqHelper::Compare, val1, val2)
^
obj-build/dist/include/gtest/gtest.h(1354,11): error: comparison of integers of different signs: 'const unsigned int' and 'const int' [-Werror,-Wsign-compare]
if (lhs == rhs) {
~~~ ^ ~~~
obj-build/dist/include/gtest/gtest.h(1373,12): note: in instantiation of function template specialization 'testing::internal::CmpHelperEQ<unsigned int, int>' requested here
return CmpHelperEQ(lhs_expression, rhs_expression, lhs, rhs);
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(35,5): note: in instantiation of function template specialization 'testing::internal::EqHelper::Compare<unsigned int, int, nullptr>' requested here
EXPECT_EQ(mCounters.Count(), N);
^
obj-build/dist/include/gtest/gtest.h(1842,54): note: expanded from macro 'EXPECT_EQ'
EXPECT_PRED_FORMAT2(::testing::internal::EqHelper::Compare, val1, val2)
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(210,28): note: in instantiation of function template specialization 'ModuleLoadCounter::Remains<1>' requested here
EXPECT_TRUE(waitForOne.Remains({kTestModules[0]}, {0}));
^
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(139,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(151,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(164,21): error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long long') [-Werror,-Wsign-compare]
for (int i = 0; i < ArrayLength(kExpectedArgsW); ++i) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
obj-build/dist/include/gtest/gtest.h(1354,11): error: comparison of integers of different signs: 'const int' and 'const unsigned long long' [-Werror,-Wsign-compare]
if (lhs == rhs) {
~~~ ^ ~~~
obj-build/dist/include/gtest/gtest.h(1373,12): note: in instantiation of function template specialization 'testing::internal::CmpHelperEQ<int, unsigned long long>' requested here
return CmpHelperEQ(lhs_expression, rhs_expression, lhs, rhs);
^
toolkit/xre/test/gtest/TestAssembleCommandLineWin.cpp(138,3): note: in instantiation of function template specialization 'testing::internal::EqHelper::Compare<int, unsigned long long, nullptr>' requested here
EXPECT_EQ(len, ArrayLength(kExpectedArgsW));
^
widget/windows/TSFTextStore.cpp(3455,28): error: comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'long' [-Werror,-Wsign-compare]
range.mEndOffset == end - mComposition->StartOffset() &&
~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
widget/windows/TSFTextStore.cpp(3454,30): error: comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'long' [-Werror,-Wsign-compare]
if (range.mStartOffset == start - mComposition->StartOffset() &&
~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xpfe/appshell/AppWindow.cpp(1900,21): error: comparison of integers of different signs: 'int' and 'uint32_t' (aka 'unsigned int') [-Werror,-Wsign-compare]
for (int i = 0; i < toolbarSprings->Length(); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~
Differential Revision: https://phabricator.services.mozilla.com/D144695
2022-04-28 Dennis Jackson <djackson@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.78 final
[30fe50c80e23] [NSS_3_78_RTM] <NSS_3_78_BRANCH>
* doc/rst/releases/index.rst, doc/rst/releases/nss_3_78.rst:
Release notes for NSS 3.78
[6a5a0d7b1dba] <NSS_3_78_BRANCH>
2022-04-21 Dennis Jackson <djackson@mozilla.com>
* .hgtags:
Added tag NSS_3_78_BETA1 for changeset 144c87accae8
[c7950a356651] <NSS_3_78_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D144934
dom/system/PathUtils.cpp(77,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return false;
^~~~~
ipc/chromium/src/chrome/common/ipc_channel_win.cc(479,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return true;
^~~~
mozglue/misc/PreXULSkeletonUI.cpp(1263,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return 0;
^
mozglue/tests/TestPEExportSection.cpp(348,12): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return 0;
^
security/manager/ssl/OSReauthenticator.cpp(428,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return NS_OK;
^~~~~
toolkit/components/maintenanceservice/maintenanceservice.cpp(214,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return 0;
^
widget/windows/WindowsUIUtils.cpp(383,10): error: 'return' will never be executed [-Werror,-Wunreachable-code-return]
return false;
^~~~~
Differential Revision: https://phabricator.services.mozilla.com/D144661
Background: When 32-bit types are passed in registers on x86-64 (and
probably other platforms?), the function call ABI does not specify the
contents of the upper half, and the Linux kernel syscall ABI appears to
have the same behavior.
In practice, the upper half is usually zero (or maybe sign-extended from
the lower half), because 64-bit operations aren't cheaper than 32-bit,
and 32-bit operations zero-extend their outputs; therefore, this case
usually doesn't happen in the first place, and any kind of spill or
register move will zero the upper half. However, arbitrary values are
possible, and a case like this has occurred with the Firefox profiler
using `clock_gettime`. (This paragraph is applicable to x86-64 and
ARM64; other 64-bit architecutures may behave differently.)
But the Chromium seccomp-bpf compiler, when testing the value of a 32-bit
argument on a 64-bit platform, requires that the value be zero-extended
or sign-extended, and (incorrectly, as far as I can tell) considers
anything else an ABI violation.
With this patch, when that case is detected, we use the `SIGSYS` handler
to zero-extend the problematic argument and re-issue the syscall.
(It would also be possible to just ignore the upper half, and that would
be faster, but that could lead to subtle security holes if the type
used in `bpf_dsl` is incorrect and the kernel really does treat it as
64-bit.)
Differential Revision: https://phabricator.services.mozilla.com/D143964
Background: When 32-bit types are passed in registers on x86-64 (and
probably other platforms?), the function call ABI does not specify the
contents of the upper half, and the Linux kernel syscall ABI appears to
have the same behavior.
In practice, the upper half is usually zero (or maybe sign-extended from
the lower half), because 64-bit operations aren't cheaper than 32-bit,
and 32-bit operations zero-extend their outputs; therefore, this case
usually doesn't happen in the first place, and any kind of spill or
register move will zero the upper half. However, arbitrary values are
possible, and a case like this has occurred with the Firefox profiler
using `clock_gettime`. (This paragraph is applicable to x86-64 and
ARM64; other 64-bit architecutures may behave differently.)
But the Chromium seccomp-bpf compiler, when testing the value of a 32-bit
argument on a 64-bit platform, requires that the value be zero-extended
or sign-extended, and (incorrectly, as far as I can tell) considers
anything else an ABI violation.
With this patch, when that case is detected, we use the `SIGSYS` handler
to zero-extend the problematic argument and re-issue the syscall.
(It would also be possible to just ignore the upper half, and that would
be faster, but that could lead to subtle security holes if the type
used in `bpf_dsl` is incorrect and the kernel really does treat it as
64-bit.)
Differential Revision: https://phabricator.services.mozilla.com/D143964
Scanning for client certificates involves looking through each slot in each
PKCS#11 module. There may be many certificates that don't have corresponding
private keys in the NSS softoken, so it's more efficient to search for private
keys and then find any matching certificates. This reasoning also applies to
the NSS builtin roots module, which is the change this patch makes.
Differential Revision: https://phabricator.services.mozilla.com/D143859
This patch changes the default behaviour of `download()`.
- Previous file-based behaviour was moved to `downloadToDisk()` and `deleteFromDisk()`. Existing consumers were migrated to avoid behaviour change.
- `download()` has now `{useCache: true}` by default, option was dropped, and `deleteCached()` is now `deleteDownloaded()`
Differential Revision: https://phabricator.services.mozilla.com/D141980
This patch changes the default behaviour of `download()`.
- Previous file-based behaviour was moved to `downloadToDisk()` and `deleteFromDisk()`. Existing consumers were migrated to avoid behaviour change.
- `download()` has now `{useCache: true}` by default, option was dropped, and `deleteCached()` is now `deleteDownloaded()`
Differential Revision: https://phabricator.services.mozilla.com/D141980
Before this patch, nsISiteSecurityService APIs took "flags" parameters that
differentiated private contexts from not private contexts. However, these
parameters were redundant with respect to origin attributes, which led to some
confusion for consumers of these APIs. This patch removes these parameters in
favor of using origin attributes.
Differential Revision: https://phabricator.services.mozilla.com/D142901
The Baseline Requirements no longer require an OCSP URI for EV certificate
intermediates. Since OneCRL covers intermediates anyways, OCSP checking for
intermediates can be skipped entirely.
Differential Revision: https://phabricator.services.mozilla.com/D142369
2022-03-24 John M. Schanck <jschanck@mozilla.com>
* lib/ckfw/builtins/certdata.txt:
Bug 1754890 - Add two D-TRUST 2020 root certificates.
r=KathleenWilson
[f63fb86db692] [NSS_3_77_BETA1]
* lib/ckfw/builtins/certdata.txt:
Bug 1751298 - Add Telia Root CA v2 root certificate.
r=KathleenWilson
[1fcbbd7e4f5f]
* lib/ckfw/builtins/certdata.txt:
Bug 1751305 - Remove expired explicitly distrusted certificates from
certdata.txt. r=KathleenWilson
[b722e523d662]
2022-03-23 Dana Keeler <dkeeler@mozilla.com>
* gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp,
gtests/mozpkix_gtest/pkixder_pki_types_tests.cpp,
gtests/mozpkix_gtest/pkixgtest.h,
gtests/mozpkix_gtest/pkixnss_tests.cpp,
lib/mozpkix/include/pkix/pkixder.h,
lib/mozpkix/include/pkix/pkixnss.h,
lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixc.cpp,
lib/mozpkix/lib/pkixcheck.cpp, lib/mozpkix/lib/pkixder.cpp,
lib/mozpkix/lib/pkixnss.cpp, lib/mozpkix/lib/pkixverify.cpp,
lib/mozpkix/test-lib/pkixtestnss.cpp:
Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix
r=jschanck
This patch adds support to mozilla::pkix for certificates signed
with RSA-PSS using one of the following parameters permitted by the
CA/Browser Forum Baseline Requirements 1.8.1:
* SHA-256, MGF-1 with SHA-256, and a salt length of 32 bytes
* SHA-384, MGF-1 with SHA-384, and a salt length of 48 bytes
* SHA-512, MGF-1 with SHA-512, and a salt length of 64 bytes
[853b64626b19]
2022-03-23 John M. Schanck <jschanck@mozilla.com>
* lib/util/secasn1d.c:
Bug 1753535 - Remove obsolete stateEnd check in
SEC_ASN1DecoderUpdate. r=rrelyea
The `stateEnd->parent != state` check was added in Bug 95458 to
avoid a crash in `sec_asn1d_free_child`. The diagnosis in Bug 95458
is incorrect---the crash was actually due to a `PORT_Assert(0)` that
was meant to highlight a memory leak when `SEC_ASN1DecoderStart` was
called with `their_pool==NULL`. The offending assertion was removed
in Bug 95311, which makes the `stateEnd` check obsolete. In Bug
1753535 it was observed that the `stateEnd` check could read from a
poisoned region of an arena when the decoder was used in a streaming
mode. This read-after-poison could lead to an arena memory leak,
although this is mitigated by the fact that the read-after-poison is
on an error-handling path where the caller typically frees the
entire arena.
[800111fa3bf8]
* lib/dev/dev.h, lib/dev/devslot.c, lib/dev/devt.h,
lib/dev/devtoken.c, lib/pk11wrap/dev3hack.c:
Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea
[55052f78244c]
* cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c,
lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn,
lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h,
lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c,
lib/freebl/secmpi.h:
Bug 1602379 - Provide secure variants of mpp_pprime and
mpp_make_prime. r=mt
[b83ad33acd67]
2022-03-22 John M. Schanck <jschanck@mozilla.com>
* cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c,
lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn,
lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h,
lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c,
lib/freebl/secmpi.h:
Backed out changeset 6c1092f5203f
Caused Windows gyp build failures for cmd/mpitests
[ffa1e4ce758a]
2022-03-22 Masatoshi Kimura <VYV03354@nifty.ne.jp>
* gtests/pk11_gtest/pk11_module_unittest.cc, lib/pk11wrap/pk11load.c:
Bug 1757279 - Support UTF-8 library path in the module spec string.
r=nss-reviewers,jschanck
[31bce2dae97b]
* gtests/base_gtest/Makefile, gtests/base_gtest/base_gtest.gyp,
gtests/base_gtest/manifest.mn, gtests/base_gtest/utf8_unittest.cc,
gtests/manifest.mn, lib/base/utf8.c, nss.gyp,
tests/gtests/gtests.sh:
Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer
overrun. r=nss-reviewers,jschanck
[2f2c85648edb]
2022-03-22 John M. Schanck <jschanck@mozilla.com>
* cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c,
lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn,
lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h,
lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c,
lib/freebl/secmpi.h:
Bug 1602379 - Provide secure variants of mpp_pprime and
mpp_make_prime. r=mt
[6c1092f5203f]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* automation/taskcluster/docker-builds/Dockerfile,
automation/taskcluster/graph/src/extend.js:
Bug 1760827 - Add a CI Target for gcc-11. r=nss-reviewers,nkulatova
[d4a3bb7731b0]
* automation/taskcluster/graph/src/extend.js:
Bug 1760828 - Change to makefiles for gcc-4.8. r=nss-reviewers,mt
[191e838399a6]
2022-03-22 J08nY <johny@neuromancer.sk>
* automation/taskcluster/graph/src/extend.js,
gtests/google_test/VERSION, gtests/google_test/gtest/CMakeLists.txt,
gtests/google_test/gtest/CONTRIBUTORS,
gtests/google_test/gtest/README.md,
gtests/google_test/gtest/cmake/gtest.pc.in,
gtests/google_test/gtest/cmake/gtest_main.pc.in,
gtests/google_test/gtest/cmake/internal_utils.cmake,
gtests/google_test/gtest/docs/Pkgconfig.md,
gtests/google_test/gtest/docs/README.md,
gtests/google_test/gtest/docs/advanced.md,
gtests/google_test/gtest/docs/faq.md,
gtests/google_test/gtest/docs/primer.md,
gtests/google_test/gtest/docs/pump_manual.md,
gtests/google_test/gtest/docs/samples.md,
gtests/google_test/gtest/include/gtest/gtest-death-test.h,
gtests/google_test/gtest/include/gtest/gtest-matchers.h,
gtests/google_test/gtest/include/gtest/gtest-message.h,
gtests/google_test/gtest/include/gtest/gtest-param-test.h,
gtests/google_test/gtest/include/gtest/gtest-printers.h,
gtests/google_test/gtest/include/gtest/gtest-spi.h,
gtests/google_test/gtest/include/gtest/gtest-test-part.h,
gtests/google_test/gtest/include/gtest/gtest-typed-test.h,
gtests/google_test/gtest/include/gtest/gtest.h,
gtests/google_test/gtest/include/gtest/gtest_pred_impl.h,
gtests/google_test/gtest/include/gtest/gtest_prod.h,
gtests/google_test/gtest/include/gtest/internal/custom/gtest-port.h,
gtests/google_test/gtest/include/gtest/internal/custom/gtest-
printers.h,
gtests/google_test/gtest/include/gtest/internal/custom/gtest.h,
gtests/google_test/gtest/include/gtest/internal/gtest-death-test-
internal.h, gtests/google_test/gtest/include/gtest/internal/gtest-
filepath.h, gtests/google_test/gtest/include/gtest/internal/gtest-
internal.h, gtests/google_test/gtest/include/gtest/internal/gtest-
param-util.h, gtests/google_test/gtest/include/gtest/internal/gtest-
port-arch.h, gtests/google_test/gtest/include/gtest/internal/gtest-
port.h, gtests/google_test/gtest/include/gtest/internal/gtest-
string.h, gtests/google_test/gtest/include/gtest/internal/gtest-
type-util.h, gtests/google_test/gtest/include/gtest/internal/gtest-
type-util.h.pump, gtests/google_test/gtest/samples/prime_tables.h,
gtests/google_test/gtest/samples/sample1.cc,
gtests/google_test/gtest/samples/sample1.h,
gtests/google_test/gtest/samples/sample10_unittest.cc,
gtests/google_test/gtest/samples/sample2.cc,
gtests/google_test/gtest/samples/sample2.h,
gtests/google_test/gtest/samples/sample2_unittest.cc,
gtests/google_test/gtest/samples/sample3-inl.h,
gtests/google_test/gtest/samples/sample3_unittest.cc,
gtests/google_test/gtest/samples/sample4.h,
gtests/google_test/gtest/samples/sample5_unittest.cc,
gtests/google_test/gtest/samples/sample6_unittest.cc,
gtests/google_test/gtest/samples/sample7_unittest.cc,
gtests/google_test/gtest/samples/sample8_unittest.cc,
gtests/google_test/gtest/samples/sample9_unittest.cc,
gtests/google_test/gtest/scripts/README.md,
gtests/google_test/gtest/scripts/gen_gtest_pred_impl.py,
gtests/google_test/gtest/scripts/pump.py,
gtests/google_test/gtest/scripts/release_docs.py,
gtests/google_test/gtest/scripts/run_with_path.py,
gtests/google_test/gtest/scripts/upload.py,
gtests/google_test/gtest/src/gtest-death-test.cc,
gtests/google_test/gtest/src/gtest-filepath.cc,
gtests/google_test/gtest/src/gtest-internal-inl.h,
gtests/google_test/gtest/src/gtest-matchers.cc,
gtests/google_test/gtest/src/gtest-port.cc,
gtests/google_test/gtest/src/gtest-printers.cc,
gtests/google_test/gtest/src/gtest-test-part.cc,
gtests/google_test/gtest/src/gtest-typed-test.cc,
gtests/google_test/gtest/src/gtest.cc,
gtests/google_test/gtest/src/gtest_main.cc,
gtests/google_test/gtest/test/BUILD.bazel,
gtests/google_test/gtest/test/googletest-catch-exceptions-test_.cc,
gtests/google_test/gtest/test/googletest-death-test-test.cc,
gtests/google_test/gtest/test/googletest-death-test_ex_test.cc,
gtests/google_test/gtest/test/googletest-env-var-test.py,
gtests/google_test/gtest/test/googletest-env-var-test_.cc,
gtests/google_test/gtest/test/googletest-failfast-unittest.py,
gtests/google_test/gtest/test/googletest-failfast-unittest_.cc,
gtests/google_test/gtest/test/googletest-filepath-test.cc,
gtests/google_test/gtest/test/googletest-filter-unittest_.cc,
gtests/google_test/gtest/test/googletest-global-environment-
unittest.py, gtests/google_test/gtest/test/googletest-global-
environment-unittest_.cc, gtests/google_test/gtest/test/googletest-
json-output-unittest.py, gtests/google_test/gtest/test/googletest-
list-tests-unittest_.cc, gtests/google_test/gtest/test/googletest-
listener-test.cc, gtests/google_test/gtest/test/googletest-message-
test.cc, gtests/google_test/gtest/test/googletest-options-test.cc,
gtests/google_test/gtest/test/googletest-output-test-golden-lin.txt,
gtests/google_test/gtest/test/googletest-output-test.py,
gtests/google_test/gtest/test/googletest-output-test_.cc,
gtests/google_test/gtest/test/googletest-param-test-invalid-
name1-test_.cc, gtests/google_test/gtest/test/googletest-param-test-
invalid-name2-test_.cc, gtests/google_test/gtest/test/googletest-
param-test-test.cc, gtests/google_test/gtest/test/googletest-param-
test-test.h, gtests/google_test/gtest/test/googletest-param-
test2-test.cc, gtests/google_test/gtest/test/googletest-port-
test.cc, gtests/google_test/gtest/test/googletest-printers-test.cc,
gtests/google_test/gtest/test/googletest-setuptestsuite-test.py,
gtests/google_test/gtest/test/googletest-setuptestsuite-test_.cc,
gtests/google_test/gtest/test/googletest-shuffle-test_.cc,
gtests/google_test/gtest/test/googletest-test-part-test.cc,
gtests/google_test/gtest/test/googletest-test2_test.cc,
gtests/google_test/gtest/test/googletest-throw-on-failure-test_.cc,
gtests/google_test/gtest/test/gtest-typed-test2_test.cc,
gtests/google_test/gtest/test/gtest-typed-test_test.cc,
gtests/google_test/gtest/test/gtest-typed-test_test.h,
gtests/google_test/gtest/test/gtest-unittest-api_test.cc,
gtests/google_test/gtest/test/gtest_assert_by_exception_test.cc,
gtests/google_test/gtest/test/gtest_environment_test.cc,
gtests/google_test/gtest/test/gtest_help_test.py,
gtests/google_test/gtest/test/gtest_list_output_unittest.py,
gtests/google_test/gtest/test/gtest_list_output_unittest_.cc,
gtests/google_test/gtest/test/gtest_pred_impl_unittest.cc,
gtests/google_test/gtest/test/gtest_premature_exit_test.cc,
gtests/google_test/gtest/test/gtest_repeat_test.cc,
gtests/google_test/gtest/test/gtest_skip_check_output_test.py,
gtests/google_test/gtest/test/gtest_skip_test.cc,
gtests/google_test/gtest/test/gtest_stress_test.cc,
gtests/google_test/gtest/test/gtest_test_utils.py,
gtests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc,
gtests/google_test/gtest/test/gtest_unittest.cc,
gtests/google_test/gtest/test/gtest_xml_outfiles_test.py,
gtests/google_test/gtest/test/gtest_xml_output_unittest.py,
gtests/google_test/gtest/test/gtest_xml_output_unittest_.cc,
gtests/google_test/gtest/test/gtest_xml_test_utils.py,
gtests/google_test/gtest/test/production.h,
gtests/google_test/update.sh,
gtests/ssl_gtest/ssl_agent_unittest.cc:
Bug 1741688 - Update googletest to 1.11.0 r=nss-reviewers,mt
[88249e154a23]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslsock.c,
lib/ssl/tls13ech.c, lib/ssl/tls13ech.h:
Bug 1759525 - Add SetTls13GreaseEchSize to experimental API. r=mt
[c2f93669b92c]
2022-03-22 Leander Schwarz <lschwarz@mozilla.com>
* gtests/ssl_gtest/ssl_version_unittest.cc,
gtests/ssl_gtest/tls_filter.cc, gtests/ssl_gtest/tls_filter.h,
lib/ssl/tls13con.c:
Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
r=djackson
[7d931c59d09f]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* lib/ssl/tls13ech.c:
Bug 1755904 - Fix calculation of ECH HRR Transcript. r=mt
[33c530e653b3]
2022-03-22 Zi Lin <lziest@chromium.org>
* coreconf/Linux.mk:
Bug 1758741 - Allow ld path to be set as environment variable. r=mt
Submitted on behalf of Zi Lin, the author of the patch.
[d9368381598f]
2022-03-22 Dennis Jackson <djackson@mozilla.com>
* gtests/ssl_gtest/tls_connect.cc:
Bug 1760653 - Ensure we don't read uninitialized memory in ssl
gtests. r=mt,nss-reviewers
[9a7b3c7f4e70]
* cpputil/databuffer.h:
Bug 1758478 - Fix DataBuffer Move Assignment. r=mt
[f12fd43d69c7]
2022-03-18 Robert Relyea <rrelyea@redhat.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/ssl_auth_unittest.cc, lib/certdb/cert.h,
lib/certdb/certdb.c, lib/nss/nss.def, lib/pk11wrap/pk11obj.c,
lib/pk11wrap/pk11pub.h, lib/ssl/authcert.c, lib/ssl/ssl.def,
lib/ssl/ssl.h, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h,
lib/ssl/sslsock.c, lib/ssl/tls13con.c, lib/ssl/tls13subcerts.c,
mach, tests/ssl/ssl.sh, tests/ssl/sslauth.txt:
Bug 1552254 internal_error alert on Certificate Request with
sha1+ecdsa in TLS 1.3
We need to be able to select Client certificates based on the
schemes sent to us from the server. Rather than changing the
callback function, this patch adds those schemes to the ssl socket
info as suggested by Dana. In addition, two helpful functions have
been added to aid User applications in properly selecting the
Certificate: PRBool SSL_CertIsUsable(PRFileDesc *fd, CERTCertificate
*cert) - returns true if the given cert matches the schemes of the
server, the schemes configured on the socket, capability of the
token the private key resides on, and the current policy. For future
SSL protocol, additional restrictions may be parsed.
SSL_FilterCertListBySocket(PRFileDesc *fd, CERTCertList *certlist) -
removes the certs from the cert list that doesn't pass the
SSL_CertIsUsable() call.
In addition the built in cert selection function
(NSS_GetClientAuthData) uses the above functions to filter the list.
In order to support the NSS_GetClientAuthData three new functions
have been added: SECStatus
CERT_FilterCertListByNickname(CERTCertList *certList, char
*nickname, void *pwarg) -- removes the certs that don't match the
'nickname'. SECStatus CERT_FilterCertListByCertList(CERTCertlist
*certList, const CERTCertlist *filterList ) -- removes all the certs
on the first cert list that isn't on the second. PRBool
CERT_IsInList(CERTCertificate *, const CERTCertList *certList) --
returns true if cert is on certList.
In addition
* PK11_FindObjectForCert() is exported so the token the cert lives on
can be accessed.
* the ssle ssl_PickClientSignatureScheme() function (along with
several supporing functions) have been modified so it can be used by
SSL_CertIsUsable()
[be6a97823bfe]
Differential Revision: https://phabricator.services.mozilla.com/D141995
All commands declaring a virtualenv will have them activated before the
command executes. Removes all now-redundant manual activations of
declared virtualenvs.
Commands that don't declare a virtualenv will still implicitly be
associated with the "common" virtualenv, but unlike explicit
virtualenv declarations it'll have to be activated manually, just
like it was before this patch.
To smooth the migration with existing usages, virtualenv activation
behaviour was changed slightly: if attempting to activate a new
virtualenv, but the source venv is already command venv, then raise an
exception. (In the future, we should improve testability of
virtualenv scaffolding logic so that tests can be added for this
sort of thing.) This did cause some issues with some tests, which
will be solved more cleanly with bug 1724273. In the meantime,
minimal modifications were made to failing tests to keep them green:
* `test_command_line.py` was activating the `common` virtualenv so
that it could install `mozproxy`, and use its CLI. Instead, I
modified the test to use `mozproxy` using the "module" interface
(`python -m mozproxy ...`). At that point, `MozbuildObject` was
unnecessary and usages were replaced with simpler variants.
* `test_vendor.py` needed its explicit `activate_virtualenv()` call
patched out. It still needs to use a virtualenv's Python
executable, but due to `sys.executable` now being kept up-to-date
as of bug 1717051, it could be used directly.
Differential Revision: https://phabricator.services.mozilla.com/D122892
Before this change, it was assumed that readlink operation might be
performed on /sys if the driver is AMD. However, the operation would
always be performed by Mesa via libdrm if the device is PCI. In fact,
blocking the operation breaks virtio_gpu.
The readlink operation is part of invoking
realpath("/sys/dev/char/<PCI>/device/subsystem") so the read only
permissions for the file and the ancestor directories are added.
The permissions for the resolved real directory and its files are
already set, but the directory path is modified in libdrm when the
device is virtio_gpu. The path modification is also ported to the
sandbox policy.
Differential Revision: https://phabricator.services.mozilla.com/D139095
DataStorage writes should be atomic to avoid losing data if writing is
interrupted. Additionally, on mobile, if the app is backgrounded, it is more
likely to be killed, so an asynchronous write should be kicked off to hopefully
avoid losing data.
Differential Revision: https://phabricator.services.mozilla.com/D140788
Recently bug 1753305 introduced the use of the getcpu syscall to add
this information to a profiler marker, but didn't allow this syscall
from the sandbox. In most situations this syscall doesn't happen because
of the VDSO mechanism. However in the cases where VDSO isn't used such
as running under rr, the sandbox crashes the process when starting the
profiler.
Thanks :padenot, :lissyx, :jcristau for all the help.
Differential Revision: https://phabricator.services.mozilla.com/D139712
And in one case, #include "mozilla/ProfilerThreadState.h" where only `AUTO_PROFILER_THREAD_WAKE` is used.
Depends on D140172
Differential Revision: https://phabricator.services.mozilla.com/D140173
Automatically generated rewrites of all ParamTraits and IPDLParamTraits
implementations in-tree to use IPC::Message{Reader,Writer}.
Differential Revision: https://phabricator.services.mozilla.com/D140004
This change does not build without the automatically rewritten changes from
part 3c, as every IPC::ParamTraits and IPDLParamTraits implementation needs to
be updated at once, but these are the manual changes which are required and not
handled by the automatic script.
Differential Revision: https://phabricator.services.mozilla.com/D140001
Background: The X11 protocol has a very permissive security model;
clients have essentially full access to the windows of other clients,
and to global resources like input devices. Previously, our sandbox
policy for content processes needed to allow access to the X server;
this limited its effectiveness against a dedicated attacker.
This patch turns on the `security.sandbox.content.headless` pref added
in bug 1640345, which removes the sandbox policy rules that allowed
making new X11 connections, as well as opening the Xauthority file,
reading hardware info needed by Mesa, etc. It also runs content
processes in headless mode (whence the name) so they won't connect to a
display server at startup.
This also removes access to the Wayland compositor: the sandbox policy
never allowed that (as of when socket connections became default-deny),
but now content processes won't connect to it at startup. Wayland is
more capability-oriented so this is less significant for security, but at
a minimum it removes unnecessary attack surface.
Note that if the `webgl.out-of-process` pref is turned off, WebGL
will break unless `security.sandbox.content.headless` is also turned
off. (Similarly, `widget.non-native-theme.enabled` is needed to render
scrollbars and form controls in content.) As a result, this patch
adjusts the job definitions used by CI to test in-process WebGL so that
that they will continue to work.
Differential Revision: https://phabricator.services.mozilla.com/D138613
nsIX509CertValidity had a handful of APIs that would return formatted time
values. Some of these APIs were unused, and the rest were prone to error due to
platform differences. This patch simplifies this interface by removing those
APIs and having callers perform their own formatting using the remaining APIs
that return PRTime values.
Differential Revision: https://phabricator.services.mozilla.com/D138363
Change browser_content_sandbox_fs.js to not assume the font registry directory or the 'font' file have been created by the system. If the directory and or file are not present, skip the readability test instead of failing.
Differential Revision: https://phabricator.services.mozilla.com/D138622