When running as a "universal" build, use an x64 GMP child process if the CDM library is an x64 binary.
Use ifdefs extensively to reduce risk to Intel builds if the fix needs to be uplifted.
Requires a server-side balrog change to serve an Intel Widevine binary to ARM browser versions.
Differential Revision: https://phabricator.services.mozilla.com/D96288
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
It's not immediately obvious to me why we limit this check based on target;
I guess once upon a time there was no ELF or Mach-O support, so we wanted to
ensure people didn't shoot themselves in the foot. If that's the case,
testing indicates that Mach-O support isn't quite ready for prime-time and
we haven't got all the bits straightened out for our normal Linux builds.
So we're just going to enable it for Android here.
Differential Revision: https://phabricator.services.mozilla.com/D83560
It's not immediately obvious to me why we limit this check based on target;
I guess once upon a time there was no ELF or Mach-O support, so we wanted to
ensure people didn't shoot themselves in the foot. If that's the case,
testing indicates that Mach-O support isn't quite ready for prime-time and
we haven't got all the bits straightened out for our normal Linux builds.
So we're just going to enable it for Android here.
Differential Revision: https://phabricator.services.mozilla.com/D83560
It's not immediately obvious to me why we limit this check based on target;
I guess once upon a time there was no ELF or Mach-O support, so we wanted to
ensure people didn't shoot themselves in the foot. If that's the case,
testing indicates that Mach-O support isn't quite ready for prime-time and
we haven't got all the bits straightened out for our normal Linux builds.
So we're just going to enable it for Android here.
Differential Revision: https://phabricator.services.mozilla.com/D83560
This is just re-arranging the deckchairs in preparation for adding an
"update programs" build project. Here "update programs" refers to the
various standalone binaries we produce in order to update Firefox.
There's not strong conceptual coherence between them; rather, it's the
pieces that the Install/Update team generally work on.
Differential Revision: https://phabricator.services.mozilla.com/D82643
2020-06-01 Kevin Jacobs <kjacobs@mozilla.com>
* coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c,
lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c,
lib/freebl/sha256.h, lib/freebl/sha512.c, mach:
Bug 1528113 - Use ARM's crypto extension for SHA256
[ea54fd986036]
2020-04-08 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn,
gtests/ssl_gtest/ssl_0rtt_unittest.cc,
gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc,
gtests/ssl_gtest/tls_connect.h,
gtests/ssl_gtest/tls_psk_unittest.cc, lib/ssl/manifest.mn,
lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c,
lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h,
lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c,
lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c,
lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13psk.c,
lib/ssl/tls13psk.h, lib/ssl/tls13replay.c:
Bug 1603042 - TLS 1.3 out-of-band PSK support
[a448d7919077]
2020-06-01 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c,
lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c,
lib/freebl/sha256.h, lib/freebl/sha512.c:
Bug 1528113 - Use ARM's crypto extension for SHA256 r=kjacobs
ARMv8 CPU has accelerated hardware instruction for SHA256 that
supports GCC 4.9+. We should use it if available.
[61c83f79e90c]
2020-06-02 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn,
gtests/ssl_gtest/ssl_0rtt_unittest.cc,
gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc,
gtests/ssl_gtest/tls_connect.h,
gtests/ssl_gtest/tls_psk_unittest.cc, lib/ssl/manifest.mn,
lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c,
lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h,
lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c,
lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c,
lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13psk.c,
lib/ssl/tls13psk.h, lib/ssl/tls13replay.c:
Bug 1603042 - TLS 1.3 out-of-band PSK support r=mt
This patch adds support for External (out-of-band) PSKs in TLS 1.3.
An External PSK (EPSK) can be set by calling `SSL_AddExternalPsk`,
and removed with `SSL_RemoveExternalPsk`. `SSL_AddExternalPsk0Rtt`
can be used to add a PSK while also specifying a suite and
max_early_data_size for use with 0-RTT.
As part of handling PSKs more generically, the patch also changes
how resumption PSKs are handled internally, so as to rely on the
same mechanisms where possible.
A socket is currently limited to only one External PSK at a time. If
the server doesn't find the same identity for the configured EPSK,
it will fall back to certificate authentication.
[a2293e897889]
* lib/freebl/mpi/mplogic.c:
cast in LZCNTLOOP
[96e65b2e9531]
* lib/freebl/freebl.gyp:
Use KRML_VERIFIED_UINT128 on MSVC builds
[abd50c862bdb]
2020-06-03 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c,
lib/ssl/tls13con.c:
Bug 1643123 - Allow External PSKs to be used with Early Export
[46ef0c025cfc]
2020-06-02 Sylvestre Ledru <sledru@mozilla.com>
* lib/ssl/tls13con.c:
Bug 1642809 - Fix an assert (we need a comparison, not assignment)
r=kjacobs
[d0789cb32d8e]
2020-06-03 Mike Hommey <mh@glandium.org>
* cmd/shlibsign/Makefile:
Bug 1642153 - Avoid infinite recursion when CHECKLOC is not set.
r=jcj
[e955ece90b05]
2020-06-03 Martin Thomson <mt@lowentropy.net>
* gtests/ssl_gtest/ssl_auth_unittest.cc,
gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/tls13con.c:
Bug 1642871 - Allow tickets and PHA after resumption, r=kjacobs
The first part of this is fairly simple: we accidentally disabled
sending of session tickets after resumption.
The second part is much less obvious, because the spec is unclear.
This change takes the interpretation that it is OK to use post-
handshake authentication if the handshake is resumed, but not OK if
the handshake is based on a PSK. (This is based on a first-
principles understanding of resumption being a continuation of a
certificate-based connection rather than a reading of the spec, see
the bug for why the spec appears to be unhelpful on this point.)
This still prohibits the use of post-handshake authentication if an
external PSK was used, but that is more an abundance of caution than
anything principled.
[e9502f71b7fe]
2020-06-04 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c,
lib/ssl/tls13con.c:
Bug 1643123 - Allow External PSKs to be used with Early Export r=mt
This patch adjusts `tls13_exporter` to pull the hash algorithm from
the first PSK when a suite is not configured yet, which allows early
export with external PSKs.
[d211f3013abb]
Differential Revision: https://phabricator.services.mozilla.com/D78578
We will eventually have a solution for what FOG does for Gecko when not in
Firefox Desktop, but for now skip the Android question entirely.
Differential Revision: https://phabricator.services.mozilla.com/D77854
Version of NSS >= 3.27 have a pkg-config file. We're now requiring 3.53,
so while moving, just use pkg-config, which is simpler.
The old-configure check that rejected some untested platforms for
in-tree NSS is actually rejecting none: the accepted platforms cover all
the supported ones, so we remove that check.
And because building with system NSS without system NSPR doesn't make
sense, imply the latter when the former is used.
Differential Revision: https://phabricator.services.mozilla.com/D77428
--enable-hardware-aec-ns option does nothing so it is deleted too.
removed `hardware_aec_ns` from gyp vars since it is never used
Differential Revision: https://phabricator.services.mozilla.com/D75798
Now that we've landed all the pieces for Rust `storage.sync`, and
intend to ship it for everyone in 78, we don't need to hide it behind a
build flag. Setting the `webextensions.storage.sync.kinto` pref to
false toggles the new Rust backend at runtime.
Differential Revision: https://phabricator.services.mozilla.com/D75872
iOS support for Gecko has not been tested in years and is most probably
out of date. The build system part of it, specifically the checks in
build/autoconf/ios.m4, are not trivial to port to python configure, and
they prevent other things from moving to python configure (because some
of them change value when MOZ_IOS is set).
The code is left alone, although it could probably be stripped off as
well, but I'll leave that as an exercise for someone else.
Differential Revision: https://phabricator.services.mozilla.com/D75463
Now that upstream winchecksec builds and works natively on Linux, use
that. That should solve the random crashes under Wine. If random crashes
still happen, it will be easier to debug anyways.
We bump to the last version that doesn't use vcpkg because vcpkg makes
things more difficult.
Differential Revision: https://phabricator.services.mozilla.com/D73405
Now that upstream winchecksec builds and works natively on Linux, use
that. That should solve the random crashes under Wine. If random crashes
still happen, it will be easier to debug anyways.
We bump to the last version that doesn't use vcpkg because vcpkg makes
things more difficult.
Differential Revision: https://phabricator.services.mozilla.com/D73405
Hooray, our first Application Services Rust component! This is a
mechanical run of `mach vendor rust`, split out into its own commit
to make reviewing the Firefox bindings easier.
Differential Revision: https://phabricator.services.mozilla.com/D71895
Hooray, our first Application Services Rust component! This is a
mechanical run of `mach vendor rust`, split out into its own commit
to make reviewing the Firefox bindings easier.
Differential Revision: https://phabricator.services.mozilla.com/D71895