It turns out that an rkv database created on a 32-bit platform cannot be used on
a 64-bit platform and vice-versa. To work around this for now, we delete and
recreate the DB backing cert_storage and set flags to let our consumers know
to re-load all known data.
Differential Revision: https://phabricator.services.mozilla.com/D29591
--HG--
extra : moz-landing-system : lando
Conditionally include WindowServer access in the GMP sandbox so that it is only allowed for the Widevine CDM plugin, and not OpenH264.
Differential Revision: https://phabricator.services.mozilla.com/D29586
--HG--
extra : moz-landing-system : lando
Replace the MacSandboxType_Plugin sandbox type with MacSandboxType_Flash and MacSandboxType_GMP so that there is a 1:1 association between MacSandboxType values and sandbox policies.
Remove the MacSandboxPluginType enum. Instead of having different MacSandboxPluginTypes, we will just have MacSandboxType_GMP. We only use GMP for two plugin types, Widevine and OpenH264, and they only differ in that Widevine requires accss to the WindowServer.
Remove the MacSandboxPluginInfo struct and move the two needed fields pluginPath and pluginBinaryPath to MacSandboxInfo.
Differential Revision: https://phabricator.services.mozilla.com/D29585
--HG--
extra : moz-landing-system : lando
Now that ContentVerifier has been removed (bug 1441989), the only API of
nsIContentSignatureVerifier that is actually being used is
verifyContentSignature. As a result, we can vastly simplify the implementation
(ContentSignatureVerifier) to prepare for improvements such as having it not
block the main thread (bug 1534600).
Differential Revision: https://phabricator.services.mozilla.com/D29295
--HG--
extra : moz-landing-system : lando
Crashes as a result of 2e4a7bcc1a95 indicate that InitializeNSSWithFallbacks is
failing. Hopefully this will give us more information as to why.
Differential Revision: https://phabricator.services.mozilla.com/D29034
--HG--
extra : moz-landing-system : lando
Crashes as a result of 2e4a7bcc1a95 indicate that InitializeNSSWithFallbacks is
failing. Hopefully this will give us more information as to why.
Differential Revision: https://phabricator.services.mozilla.com/D29034
--HG--
extra : moz-landing-system : lando
Intermediate preloading was including cookies during attachment fetches to our
Kinto attachment servers. There's no reason for that, so let's not.
Differential Revision: https://phabricator.services.mozilla.com/D26193
--HG--
extra : rebase_source : b3fbb6c80c56b8428434fb177cad3424a66b837d
extra : source : 87be514024ac53ab6362ffc26610c063d50abe07
This updates cert_storage to be able to store certificates indexed by subject DN
for easy lookup by NSSCertDBTrustDomain during path building. This also updates
RemoteSecuritySettings to store newly-downloaded preloaded intermediates in
cert_storage.
Differential Revision: https://phabricator.services.mozilla.com/D27991
--HG--
extra : moz-landing-system : lando
Crashes as a result of 2e4a7bcc1a95 indicate that InitializeNSSWithFallbacks is
failing. Hopefully this will give us more information as to why.
Differential Revision: https://phabricator.services.mozilla.com/D29034
--HG--
extra : moz-landing-system : lando
If OCSP request is blocked, we can't get the certificate revocation
informatoin.
Add nsIChannel::LOAD_BYPASS_URL_ClASSIFIER to enfore URL classifier
bypasses OCSP request.
Differential Revision: https://phabricator.services.mozilla.com/D29230
--HG--
extra : moz-landing-system : lando
This allows us to loosen the coupling between the sandbox and code that needs
to run as soon as the token has been lowered.
We use std::list here because the observer service is not yet initialized.
Differential Revision: https://phabricator.services.mozilla.com/D28392
--HG--
extra : moz-landing-system : lando
Intermediate preloading was including cookies during attachment fetches to our
Kinto attachment servers. There's no reason for that, so let's not.
Differential Revision: https://phabricator.services.mozilla.com/D26193
--HG--
extra : moz-landing-system : lando
test_toolkit_securityreporter.js uses BadCertServer, which uses hard-coded
ports, so it needs to run sequentially.
Differential Revision: https://phabricator.services.mozilla.com/D28709
--HG--
extra : moz-landing-system : lando
Allow access to Apple's Metal shader language compiler in our content process sandbox. Limit the sandbox policy change to 10.14 and newer OS versions to reduce risk given that problems have only been reported on 10.14.5.
Differential Revision: https://phabricator.services.mozilla.com/D28904
--HG--
extra : moz-landing-system : lando
Crashes resulting from the diagnostic assertions added in 2ca136370e18 suggest
that certificate decoding is faiiling in the content process (which seems
impossible given that presumably we successfully decoded the very same
certificate in the parent). This should tell us what error code NSS is
returning when this happens, which may illustrate the issue.
Differential Revision: https://phabricator.services.mozilla.com/D27998
--HG--
extra : moz-landing-system : lando
The attributes for an interface should be on the line right before the
interface.
Interface attributes should be separated by spaces.
Clean up some trailing whitespace in widget/.
Differential Revision: https://phabricator.services.mozilla.com/D28234
--HG--
extra : moz-landing-system : lando
ffxbld
Dana Keeler
Myk Melez
Brindusan Cristian
Haik Aftandilian
Noemi Erli
Mark Goodwin
Sylvestre Ledru
J.C. Jones
Dorel Luca
J.C. Jones
Sebastian Hengst
Csoregi Natalia
dlee
Narcis Beleuzu
Aaron Klotz
Cosmin Sabou
monikamaheshwari
Kevin Jacobs
Mathieu Leplatre
Brian Grinstead
Andreea Pavel
Andrew McCreight