0e750e0b2e
Bug 1792135 - land NSS NSS_3_84_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck
...
Differential Revision: https://phabricator.services.mozilla.com/D159278
2022-10-13 15:29:32 +00:00
59119c81d9
Bug 1794479 - Gather telemetry on the age of OCSP responses used to override CRLite. r=keeler
...
Defines the OCSP_AGE_AT_CRLITE_OVERRIDE histogram which records the age of an
OCSP response, in hours, when CRLite says a certificate is revoked and OCSP
says it's OK.
Differential Revision: https://phabricator.services.mozilla.com/D158991
2022-10-13 14:08:23 +00:00
437a3ce886
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D159263
2022-10-13 12:31:11 +00:00
0dedda0179
Bug 1720118 - store certificate error override and failed certificate chain information in the TLS token cache r=kershaw,jschanck,necko-reviewers
...
Differential Revision: https://phabricator.services.mozilla.com/D158793
2022-10-12 23:54:11 +00:00
07cf1e9f2c
Bug 1720118 - always use the TLS token cache r=kershaw,necko-reviewers,ci-and-tooling,jmaher
...
Differential Revision: https://phabricator.services.mozilla.com/D158792
2022-10-12 23:54:10 +00:00
e2bc1afa4f
Bug 1794450 - Gather telemetry on use of revocation checking mechanisms. r=keeler
...
Adds the CERT_REVOCATION_MECHANISMS histogram with bins "CRLite", "Stapled OCSP", "Cached OCSP", "OCSP", "OneCRL", and "Short Validity" to gauge how often we use each certificate revocation checking mechanisms. The Short Validity bin counts cases where a revocation check was not performed because the certificate had a short validity period. The other bin names are self-explanatory. We may use more than one mechanism per certificate, so we may accumulate to more than one bin per certificate.
Differential Revision: https://phabricator.services.mozilla.com/D158975
2022-10-12 21:05:08 +00:00
f2f36b1381
Backed out 2 changesets (bug 1720118) for causing Hybrid bustages on nsHashtablesFwd.h CLOSED TREE
...
Backed out changeset af570580e2f7 (bug 1720118)
Backed out changeset 57b8a6400749 (bug 1720118)
2022-10-12 14:20:47 -04:00
eab44906ca
Bug 1720118 - store certificate error override and failed certificate chain information in the TLS token cache r=kershaw,jschanck,necko-reviewers
...
Differential Revision: https://phabricator.services.mozilla.com/D158793
2022-10-12 17:43:29 +00:00
d894513c37
Bug 1720118 - always use the TLS token cache r=kershaw,necko-reviewers,ci-and-tooling,jmaher
...
Differential Revision: https://phabricator.services.mozilla.com/D158792
2022-10-12 17:43:28 +00:00
ad795fde70
Bug 1520297 - enable intermediate preloading on Android r=jschanck
...
The current collection of preloaded intermediates is under 3MB. This should not
be a prohibitive amount for mobile users to download. Once downloaded, updates
to the collection are minimal and again should not be an issue.
Differential Revision: https://phabricator.services.mozilla.com/D159092
2022-10-11 21:53:59 +00:00
f16ca73e4c
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D158942
2022-10-10 13:14:27 +00:00
7da0562237
Bug 1792135 - land NSS NSS_3_84_BETA1 UPGRADE_NSS_RELEASE, r=nss-reviewers,nkulatova
...
Differential Revision: https://phabricator.services.mozilla.com/D158772
2022-10-06 22:47:02 +00:00
6a92f8d147
Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto
...
Differential Revision: https://phabricator.services.mozilla.com/D156286
2022-10-06 15:51:56 +00:00
bb317b2bae
Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
...
Differential Revision: https://phabricator.services.mozilla.com/D156285
2022-10-06 15:51:56 +00:00
f4906ff3eb
Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
...
Differential Revision: https://phabricator.services.mozilla.com/D156284
2022-10-06 15:51:55 +00:00
62cd9065c3
Bug 1720601 - Allow token cache to store more than one token per key, r=necko-reviewers,dragana
...
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.
Differential Revision: https://phabricator.services.mozilla.com/D153605
2022-10-06 12:56:01 +00:00
9e30e89e90
Backed out 13 changesets (bug 1788596) for causing build bustage in toolkit/components/processtools/ProcInfo_common.cpp CLOSED TREE
...
Backed out changeset 620c85305800 (bug 1788596)
Backed out changeset 1f64776a859a (bug 1788596)
Backed out changeset 707e4c9c8801 (bug 1788596)
Backed out changeset 2221a97ebe97 (bug 1788596)
Backed out changeset d50fd0551159 (bug 1788596)
Backed out changeset 7e2ad8c47afb (bug 1788596)
Backed out changeset f87c5fb2c36f (bug 1788596)
Backed out changeset 61dd9a9eb714 (bug 1788596)
Backed out changeset a67c4ea1c8b3 (bug 1788596)
Backed out changeset 1be7af1214cf (bug 1788596)
Backed out changeset e99c7089bf93 (bug 1788596)
Backed out changeset 9a87f108548b (bug 1788596)
Backed out changeset 3dd59224f38b (bug 1788596)
2022-10-06 16:28:46 +03:00
22a6ff72e5
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=pascalc
...
Differential Revision: https://phabricator.services.mozilla.com/D158756
2022-10-06 12:19:24 +00:00
16c9919af1
Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto
...
Differential Revision: https://phabricator.services.mozilla.com/D156286
2022-10-06 10:56:41 +00:00
1d211b0ec1
Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
...
Differential Revision: https://phabricator.services.mozilla.com/D156285
2022-10-06 10:56:41 +00:00
301e159051
Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
...
Differential Revision: https://phabricator.services.mozilla.com/D156284
2022-10-06 10:56:40 +00:00
2fb4e10f0d
Backed out 13 changesets (bug 1788596) for causing browser-chrome failures in security/sandbox/test/browser_sandbox_test.js CLOSED TREE
...
Backed out changeset 338c18d01cfd (bug 1788596)
Backed out changeset 9d4a5c557191 (bug 1788596)
Backed out changeset 1d1d15dbe44c (bug 1788596)
Backed out changeset e9d29218beba (bug 1788596)
Backed out changeset 397e6c6587f3 (bug 1788596)
Backed out changeset 077fd3a987ca (bug 1788596)
Backed out changeset 2fc674146915 (bug 1788596)
Backed out changeset 4ebb8837ee1a (bug 1788596)
Backed out changeset 9040533dabe1 (bug 1788596)
Backed out changeset 8b27ee4d4168 (bug 1788596)
Backed out changeset 93f50c2f0b9e (bug 1788596)
Backed out changeset 3e7125be66fa (bug 1788596)
Backed out changeset 63ee00ea9be6 (bug 1788596)
2022-10-06 10:28:00 +03:00
dd8daf38e3
Bug 1788596 - Use Utility process actor names for crash annotations r=gsvelto
...
Differential Revision: https://phabricator.services.mozilla.com/D156286
2022-10-06 06:14:06 +00:00
272b0c9273
Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
...
Differential Revision: https://phabricator.services.mozilla.com/D156285
2022-10-06 06:14:06 +00:00
592b1be2e3
Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
...
Differential Revision: https://phabricator.services.mozilla.com/D156284
2022-10-06 06:14:05 +00:00
644aa7999c
Bug 1716082 - clear all ongoing connections when removing certificate error overrides r=jschanck
...
Differential Revision: https://phabricator.services.mozilla.com/D158613
2022-10-05 20:15:02 +00:00
d71d3c19ed
Bug 1792809 - Make library and other windows keep stretching after bug 1665476. r=eemeli
...
Much like the dialog changes in bug 1792730.
Differential Revision: https://phabricator.services.mozilla.com/D158351
2022-10-04 10:21:05 +00:00
c6a00ce965
No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D158497
2022-10-03 13:20:51 +00:00
87d48b75dd
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D158326
2022-09-29 16:44:52 +00:00
adebd56af9
Bug 1766432 - Part 4: Enable Arbitrary Code Guard in MinGW builds. r=bobowen
...
Differential Revision: https://phabricator.services.mozilla.com/D157906
2022-09-29 15:29:15 +00:00
eaa892440f
Bug 1766432 - Part 3: Add Part 2 to the list of patches to apply when updating third-party. r=bobowen
...
Differential Revision: https://phabricator.services.mozilla.com/D157905
2022-09-29 15:29:15 +00:00
0b60970f1b
Bug 1766432 - Part 2: Propagate custom definition for PROCESS_MITIGATION_DYNAMIC_CODE_POLICY to third-party. r=bobowen
...
Differential Revision: https://phabricator.services.mozilla.com/D157904
2022-09-29 15:29:14 +00:00
8d1ebcb9d6
Bug 1792365 - Convert toolkit/modules consumers to use ES module imports directly. r=webdriver-reviewers,perftest-reviewers,geckoview-reviewers,extension-reviewers,preferences-reviewers,desktop-theme-reviewers,application-update-reviewers,pip-reviewers,credential-management-reviewers,robwu,Gijs,sgalich,bytesized,AlexandruIonescu,dao,m_kato
...
Differential Revision: https://phabricator.services.mozilla.com/D158094
2022-09-29 06:52:34 +00:00
4af4ff2e5b
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D158124
2022-09-27 16:27:33 +00:00
4e99c68740
No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=dmeehan
...
Differential Revision: https://phabricator.services.mozilla.com/D157923
2022-09-22 12:46:23 +00:00
a466bdb2c4
Bug 1780312 - Part 2: Allow fstatfs in the Linux RDD sandbox policy. r=gcp
...
As discussed in the last patch, allowing `fstatfs` will also make
`statfs` work on any path that the process could open for reading
(subject to sandbox policy).
Differential Revision: https://phabricator.services.mozilla.com/D157542
2022-09-21 17:57:54 +00:00
3b5c74387e
Bug 1780312 - Part 1: Move the statfs replacement into the common sandbox policy. r=gcp
...
We have code to handle `statfs` calls in content processes by
intercepting them and calling `open` and `fstatfs` instead; the former
is then recursively intercepted and brokered. This patch moves that
feature into the common policy, but does not allow `fstatfs` in any
other sandbox types (yet; see next patch). This doesn't affect security
because the caller could have attempted the `open` and `fstatfs`
syscalls itself.
Differential Revision: https://phabricator.services.mozilla.com/D157541
2022-09-21 17:57:54 +00:00
4c4438b4f7
Bug 1536208 - removing old aarch64 manifest annotations. r=aryx,application-update-reviewers,bytesized
...
Differential Revision: https://phabricator.services.mozilla.com/D157677
2022-09-21 15:35:02 +00:00
9f24806607
Backed out 2 changesets (bug 1768250, bug 1720601) for multiple failures CLOSED TREE
...
Backed out changeset d6caea480d4d (bug 1768250)
Backed out changeset 97eccf466bf3 (bug 1720601)
2022-09-20 16:50:29 +03:00
137b76a861
Bug 1720601 - Allow token cache to store more than one token per key, r=necko-reviewers,dragana
...
1. Allow to store more than one token per key.
2. Allow to use the token only once. The token will be removed after reading it.
3. Add a gtest.
Differential Revision: https://phabricator.services.mozilla.com/D153605
2022-09-20 12:58:06 +00:00
bdb75eecd3
Bug 1790451 - remove now-unnecessary QueryInterface(Ci.nsITransportSecurityInfo) calls r=jschanck,webdriver-reviewers,necko-reviewers,application-update-reviewers,nalexander,valentin
...
Differential Revision: https://phabricator.services.mozilla.com/D157166
2022-09-20 03:58:50 +00:00
26a22933ed
No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D157632
2022-09-19 13:30:31 +00:00
ef80532ec8
Bug 1787505 - land NSS NSS_3_83_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,bbeurdouche
...
Differential Revision: https://phabricator.services.mozilla.com/D157510
2022-09-15 19:24:37 +00:00
0316dc51b9
Bug 1790614 - Part 2: Use {ASSERT,ENSURE}_NS_{SUCCEEEDED,FAILED} in gtests, r=ahal,necko-reviewers
...
These macros will produce better outputs when they fail than these existing
patterns using `ENSURE_TRUE(NS_SUCCEEDED(...))` or similar, so this is a bulk
rewrite of existing tests to use them.
It should also help with discoverability when people base their tests off of
other existing tests.
Differential Revision: https://phabricator.services.mozilla.com/D157214
2022-09-15 14:51:50 +00:00
2bddac315a
No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
...
Differential Revision: https://phabricator.services.mozilla.com/D157441
2022-09-15 13:07:24 +00:00
0d0b51d1e4
Bug 1790152 - use nsIX509Cert directly in IPC in AddCertException r=nika
...
This avoids unnecessarily serializing the certificate to a string before
sending it over IPC.
Depends on D157007
Differential Revision: https://phabricator.services.mozilla.com/D157008
2022-09-14 21:49:53 +00:00
855f519b0a
Backed out changeset a389830fb63f (bug 1783223) for causing bug 1790713
2022-09-14 19:38:52 +03:00
262ca63d8f
Bug 1787505 - land NSS NSS_3_83_BETA2 UPGRADE_NSS_RELEASE, r=nss-reviewers,djackson
...
Differential Revision: https://phabricator.services.mozilla.com/D156982
2022-09-13 16:39:55 +00:00
3d9a6d0374
Bug 1789902 - Part 2: Use XPCOM static components instead of Services in Rust, r=xpcom-reviewers,necko-reviewers,barret,valentin
...
Differential Revision: https://phabricator.services.mozilla.com/D156891
2022-09-13 13:47:13 +00:00
64aded89bb
Bug 1783223 - Enable Arbitratry Code Guard in RDD on Nightly. r=bobowen
...
This was previously disabled in bug 1673194 because of start up crashes.
It seems like msmpeg2vdec.dll may use dynamic code to support encrypted
code that uses. In recent versions of Windows this only seems used
in the 32bit version. The 32bit version will opt out of ACG on the
threads where it needs to use VirtualProtect so we use the weaker
variant there.
Differential Revision: https://phabricator.services.mozilla.com/D153762
2022-09-12 16:32:08 +00:00
Dennis Jackson
John Schanck
ffxbld
Dana Keeler
Cristian Tuns
Alexandre Lissy
Kershaw Chang
Sandor Molnar
Emilio Cobos Álvarez
Yannis Juglaret
Mark Banner
Jed Davis
Joel Maher
Andreea Pavel
Nika Layzell
Narcis Beleuzu
Jeff Muizelaar