This patch introduces ipcclientcerts, a PKCS#11 module that the socket process
can load to get access to client certificates and keys managed by the parent
process. This enables client certificate authentication to work with the socket
process (particularly for keys stored outside of NSS, as with osclientcerts or
third-party PKCS#11 modules).
Differential Revision: https://phabricator.services.mozilla.com/D122392
We still rely on dynamic loading to find the symbols, but since we get
them from libxul, we don't need to load the library before activating
the process sandbox anymore.
Differential Revision: https://phabricator.services.mozilla.com/D128333
Windows MSIX packages support a finite set of locales: see
https://docs.microsoft.com/en-us/windows/uwp/publish/supported-languages.
This patch encodes that list in
browser/installer/windows/msix/msix-all-locales. Two ad-hoc
modifications were necessary: removing 'sr*' (Serbian) and 'uz*'
(Uzbek) in order for the resulting MSIX packages to install.
We distribute all of the langpacks supported by the release channel in
our MSIX, which is encoded in browser/locales/all-locales. But we
only advertise support in the App manifest for the intersection of
that set and the set of locales supported by Windows.
We do so to avoid the following issue. Suppose a user manually
installs a langpack that is not supported by Windows, and then updates
the installed MSIX package. MSIX package upgrades are essentially
paveover installs, so there is no opportunity for Firefox to update
the langpack before the update. But, since all langpacks are bundled
with the MSIX, that langpack will be up-to-date, preventing one class
of YSOD.
Differential Revision: https://phabricator.services.mozilla.com/D126175
1. $LocalAppData behavior changes in NSIS 3.02, previously it always
used CSIDL_LOCAL_APPDATA but it now depends on context, work around
that by directly calling SHGetSpecialFolderPathW.
2. Refactor several other calls to SHGetSpecialFolderPathW for
CSIDL_COMMON_APPDATA and CSIDL_PROGRAMS.
3. Remove broken default path fallback to $APPDATA. I was in this
code for 1. and realized it hadn't worked properly in the full
installer since bug 367539, and it must have never worked in the stub.
4. Remove unused CleanUpdateDirectories and DeleteRelativeProfiles
macros rather than trying to fix them.
Differential Revision: https://phabricator.services.mozilla.com/D125490
When relanding Bug 1709697, all of the icons ended up as 0-byte files.
I can't explain this; it's hard to achieve this with a rebase. We
regenerate `Resources.pri` following the instructions in the
documentation.
This commit also moves to represent the package as "Mozilla Firefox",
which is consistent with how unpackaged versions appear in the Windows
UI. In the start menu, the application continues to be represented as
"Firefox" (no "Mozilla" vendor).
Finally, this commit also differentiates "Firefox Beta" from "Firefox"
in a few select places (while not changing branding and iconography).
Differential Revision: https://phabricator.services.mozilla.com/D122411
Installing the Nightly MSIX packages, signed with Mozilla's Nightly
key, yields an error: "Error in parsing the app package." Unpacking
with `makeappx.exe` yields:
```
MakeAppx : error: Error info: error 8007000B: The app manifest publisher name (CN=Mozilla Corporation) must match the subject name of the signing certificate (CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US).
```
Previously, we allowed just the `CN` to vary; in this patch we make
the publisher be the entire publisher subject, and we update the
publisher details in the task definitions.
Differential Revision: https://phabricator.services.mozilla.com/D121896
Allow for downstream projects such as Thunderbird to set different GUIDs for
AccessibleHandler to avoid clashes when both applications are installed.
The GUIDs themselves can be defined in confvars.sh or in branding/configure.sh
depending on the specific needs of the application. Fallback GUIDs are in
old-configure.
Differential Revision: https://phabricator.services.mozilla.com/D118124
Package a summary of the RemoteSettings dumps with the application, so
that RemoteSettings clients can look up the last_modified value of a
dump without loading the whole JSON dump file.
For simplicity, the initial version of `gen_last_modified.py` generates
only one entry for the only present use case. A more generic version of
the script will be implemented in bug 1719560.
Differential Revision: https://phabricator.services.mozilla.com/D119336