If the preference security.enterprise_roots.enabled is set to true, the platform will import trusted TLS certificates from the OS X keystore.
Differential Revision: https://phabricator.services.mozilla.com/D2169
--HG--
extra : moz-landing-system : lando
On 10.9 and 10.10, grant global read access to the Flash sandbox.
Change Flash sandbox levels by adding a new level 1 that includes
global read access which will be the default on 10.9/10.10.
Level 2 is the new default for 10.11 and above with file read
access enabled by file dialog activity.
MozReview-Commit-ID: LvXhd6Vf7mo
--HG--
extra : rebase_source : 946f89937e5bb4506fd6bc8b2c050c86a8b29cc8
Apparently a prehistoric server implementation would send a
certificate_authorities field that didn't include the outer DER SEQUENCE tag, so
PSM attempted to detect this and work around it. Telemetry indicates this is
unnecessary now: https://mzl.la/2Lbi1Lz
--HG--
extra : rebase_source : 6669586d657efb243070a4ceb231583b40823543
extra : amend_source : e87f7c84c6c1a51637914bde5950268409b70571
Pass the user cache dir as a parameter to the Flash sandbox profile.
Add services and paths to the Flash sandbox profile needed for TLS
and encrypted video playback.
MozReview-Commit-ID: 1szVXVVATFy
--HG--
extra : rebase_source : 04885bb5d8b9995559462d373199078b109bfdc5
I initially tried to avoid this, but decided it was necessary given the number
of times I had to repeat the same pattern of casting a variable to void*, and
then casting it back in a part of code far distant from the original type.
This changes our preference callback registration functions to match the type
of the callback's closure argument to the actual type of the closure pointer
passed, and then casting it to the type of our generic callback function. This
ensures that the callback function always gets an argument of the type it's
actually expecting without adding any additional runtime memory or
QueryInterface overhead for tracking it.
MozReview-Commit-ID: 9tLKBe10ddP
--HG--
extra : rebase_source : 7524fa8dcd5585f5a31fdeb37d95714f1bb94922
Add the com.apple.xpcd service to the Flash plugin sandbox for OS X 10.9 systems to avoid crashes when opening file dialogs.
MozReview-Commit-ID: A40Mov98Ddy
--HG--
extra : rebase_source : 3aa7471f239bd64d9e153e2e7076e99006358f1f
By separating the platform-specific code that finds enterprise roots to load
into its own file, we can make it easier to both add support for other
platforms and maintain the implementations going forward.
Differential Revision: https://phabricator.services.mozilla.com/D2103
--HG--
extra : moz-landing-system : lando
This introduces a helper class that provides one thread all DataStorage
instances can use to do background work. This thread should have a light
workload which mainly consists of reading some files at startup, periodically
writing to these files, and writing them again at shutdown. One thread should be
able to handle this and in any case having multiple threads trying to perform
i/o at the same time would probably be less efficient than merely performing the
work sequentially.
Differential Revision: https://phabricator.services.mozilla.com/D1890
--HG--
extra : moz-landing-system : lando
ChangeCertTrustWithPossibleAuthentication should never be called while holding
nsNSSComponent::mMutex, because doing so can result in showing the master
password dialog, which spins the event loop, which can cause other code to run
that may attempt to acquire the same lock (e.g. speculative connect checking
nsNSSComponent to see if the user has smart cards or client certificates).
Differential Revision: https://phabricator.services.mozilla.com/D2011
--HG--
extra : moz-landing-system : lando
Summary: Coverity found this issue. We shouldn't continue if n is null because CERT_LIST_NEXT dereferences n.
Differential Revision: https://phabricator.services.mozilla.com/D1876
--HG--
extra : rebase_source : 8023a38425194099f334c6624ce2bd5f2e50cb95
extra : amend_source : 27947d33f9dbb0afa9ae5927dde874957eb4017c
Defining nsINSSComponent in idl rather than manually in a header file allows us
to make full use of the machinery that already exists to process and generate
the correct definitions. Furthermore, it enables us to define JS-accessible APIs
on nsINSSComponent, which enables us to build frontend features that can work
directly with the data and functionality the underlying implementation has
access to.
MozReview-Commit-ID: JFI9s12wmRE
--HG--
extra : rebase_source : 16b660e37db681c8823cbb6b7ff59dd0d35f7e73
Add whitelist rules to allow access to Extensis Universal Type Manager fonts
on 10.11 and earlier OS versions.
MozReview-Commit-ID: 3cPKlC1xCUW
--HG--
extra : rebase_source : 2f8b126cbc7dff2b4d660b6261c1a45d695e09d8
David Keeler
Xidorn Quan
trisha
Robert Bartlensky
Haik Aftandilian
ffxbld
Coroiu Cristina
Kris Maglione
Noemi Erli
Kai Engert
Brian Grinstead
Gurzau Raul
Jan de Mooij
Mathieu Leplatre
Franziskus Kiefer
Aaron Klotz
shindli
Tiberius Oros
Mark Banner
Margareta Eliza Balazs
Tom Ritter
Dorel Luca
Csoregi Natalia