In testing (local and CI) these seem to no longer be used.
MozReview-Commit-ID: 2D3C8eWoIsB
--HG--
extra : rebase_source : dde2015af1d036c32631d185703f1149285b253e
This flags is added in the http channel interface by which developers can control the TLS
connections from JavaScript code (e.g. Add-ons). Basically, all the changes accounted for
plumbing this TLS flags from JavaScript level to C++ code responsible for calling NSS
module. We also added a unit test to make sure that separate connections are created if we
use different tlsFlags. Basically we used a concrete set of flag values that covers the
edge cases and check the hashkey generated in the connection info.
--HG--
rename : netwerk/test/unit/test_separate_connections.js => netwerk/test/unit/test_tls_flags_separate_connections.js
This switches the STS preload list over to a more compact representation by
using a DAFSA. `getHSTSPreloadList.js` is updated to output data in the gperf
format expected by `make_dafsa.py`. We then add a generated file that gets
created by pumping `nsSTSPreloadList.inc` through `make_dafsa.py`.
`nsSiteSecurityService` is updated to use the DAFSA which either returns -1
(kNotFound) if an entry is not present or (0, 1) indicating whether or not to
use subdomains.
`nsSTSPreloadList.inc` is an automated conversion to the new gperf-like format.
Moves IsDevelopmentBuild(), GetRepoDir(), and GetObjectDir() out of
SandboxSettings because they also need to be used by ExtensionProtocolHandler
to do security checks on developer builds as a result of how developer builds
rely on symlinks to the repo dir from system extension directories.
Remove the Linux-implementation of GetRepoDir() and GetObjectDir()
because the Linux content sandbox implementation and the
ExtensionProtocolHandler checks don't need them.
MozReview-Commit-ID: KwBFUnh6Cml
--HG--
extra : rebase_source : 3529a18ea802699ff968b798a7c560613469809b
1. X_OK is now allowed, and is limited only by the MAY_ACCESS permission.
2. The actual access() syscall is now used, if access is granted by the
broker policy. This fixed bug 1382246, which explains the background.
MozReview-Commit-ID: 926429PlBnL
--HG--
extra : rebase_source : 6ae54c4c25e1389fa3af75b0bdf727323448294a
The preload script currently imports XPCOMUtils.jsm like so:
> Cu.import("resource:///modules/XPCOMUtils.jsm");
As explained in Bug 1383215 comments [21, 24], this has been incorrect for
years, but happened to work.
The import URL is changed so it points at the correct thing now:
> Cu.import("resource://gre/modules/XPCOMUtils.jsm");
MozReview-Commit-ID: J6j594sJs60
--HG--
extra : rebase_source : 402808439e5fba8b4909dee9a96f1e44debfa6f0
Some entries in the existing list referred to roots that were removed from in
upstream NSS in Bug 1380941 (the equivalent change landed in Firefox's copy of
NSS in Bug 1370890). This broke the periodic HPKP script because it would still
try to find the roots within our built-in roots.
Running dumpGoogleRoots.js and pasting the output into the appropriate section
of PreloadedHPKPins.json fixes this.
MozReview-Commit-ID: Ck6WobCk9gl
--HG--
extra : rebase_source : 676e39c7e447f8e2db2cdb52bacaa57d20088a46
This patch parameterizes nsAuto[C]String, renames them as nsAuto[C]StringN, and
redefines nsAuto[C]String as typedefs for nsAuto[C]StringN<64>.
(The alternative would be to templatize nsAuto[C]String and use a default
parameter, but that would require writing "nsAuto[C]String<>" everywhere.)
nsXPIDLStrings are marked as VOIDED upon initialization. Most of these local
nsXPIDLString variables are immediately set via getter_Copies(), which will
either assign a string value (using Adopt()) or do SetIsVoid(). These can be
trivially converted to nsString, which will get the same treatment.
The patch suitably converts the remaining nsXPIDLString local variable as well.
--HG--
extra : rebase_source : 5fff9f2c6844559198f601853f8db08564add7d5
In a profile, loading the loadable roots PKCS#11 module (i.e. the built-in root
CA module) accounted for about 60% of the time to initialize PSM/NSS. Since we
only need the roots module loaded when we're actually looking for an issuing
certificate or querying a certificate's trust, we can do the load
asynchronously (where it hopefully finishes before we actually need it, because
otherwise we'll have to wait anyway).
MozReview-Commit-ID: JyY6NtpQAUj
--HG--
extra : rebase_source : f63a697b18a409dd042289afa2b727b09f81f19f
This removes about 2/3 of the occurrences of nsXPIDLString in the tree. The
places where nsXPIDLStrings are null-checked are replaced with |rv| checks.
The patch also removes a couple of unused declarations from
nsIStringBundle.idl.
Note that nsStringBundle::GetStringFromNameHelper() was merged into
GetStringFromName(), because they both would have had the same signature.
--HG--
extra : rebase_source : ac40bc31c2a4997f2db0bd5069cc008757a2df6d
This mechanically replaces nsILocalFile with nsIFile in
*.js, *.jsm, *.sjs, *.html, *.xul, *.xml, and *.py.
MozReview-Commit-ID: 4ecl3RZhOwC
--HG--
extra : rebase_source : 412880ea27766118c38498d021331a3df6bccc70
As a result of CNNIC issuing an unconstrained intermediate certificate that
misissued an end-entity certificate for google.com (see bug 1146026 and
bug 1177209), we implemented a system that would in theory enable Firefox to
continue to trust certificates that were valid at the time but not newly issued
certificates. This consisted of a whitelist added in bug 1151512. The CNNIC
roots have since been removed from NSS in bug 1380868. We can now remove the
whitelist in Firefox.
MozReview-Commit-ID: 7VXOuvwzbct
--HG--
extra : rebase_source : 20e6e39c40417a9b7f2962e06cf9de85e3e08ee8
This removes /tmp/com.apple.csseed access entirely, ipc-posix-shm-read-metadata
from CFPBS:, and ipc-posix-shm-write-{create,unlink} from AudioIO and CFPBS:.
MozReview-Commit-ID: Eahx6guqGos
--HG--
extra : rebase_source : 621e81eb00411ae39882504db7d10a50eef30b27
Before this change we were trying to change the settings from both the content
and parent processes, so this doesn't change any functionality. This allows to
remove access to the com.apple.PowerManagement.control mach service from the
content process.
MozReview-Commit-ID: 3DOhqG5U6oz
--HG--
extra : rebase_source : dee0b97c444ae95cfc8f80cb0fb99aa9e2658d51
3DES usage is well below 1% [1]. A recent TLS Canary run with
"security.ssl3.rsa_des_ede3_sha" disabled showed 825 of 500,000 sites being
affected by deprecating 3DES [2]. This starts the deprecation by disabling the
3DES cipher suite preference in nightly builds.
[1] https://mzl.la/2uNt0BP
[2] https://tlscanary.mozilla.org/runs/2017-08-01-17-07-49/
MozReview-Commit-ID: C9cobeOqGLj
--HG--
extra : rebase_source : 07b433efff1b5e3812a0dd54569bbe4198981328
MozStackWalk() is different on Windows to the other platforms. It has two extra
arguments, which can be used to walk the stack of a different thread.
This patch makes those differences clearer. Instead of having a single function
and forbidding those two arguments on non-Windows, it removes those arguments
from MozStackWalk, and splits off MozStackWalkThread() which retains them. This
also allows those arguments to have more appropriate types (HANDLE instead of
uintptr_t; CONTEXT* instead of than void*) and names (aContext instead of
aPlatformData).
The patch also removes unnecessary reinterpret_casts for the aClosure argument
at a couple of MozStackWalk() callsites.
--HG--
extra : rebase_source : 111ab7d6426d7be921facc2264f6db86c501d127