Граф коммитов

14243 Коммитов

Автор SHA1 Сообщение Дата
Haik Aftandilian f357396a1e Bug 1541272 - Mac Utility sandbox profile missing crash reporter port allow rule r=Alex_Gaynor
Add the crash reporter port to the utility process sandbox so that crash reports can be saved for processes using the utility sandbox with early sandbox init.

At this time, the RDD process is the only process using the utility sandbox.

Differential Revision: https://phabricator.services.mozilla.com/D26228

--HG--
extra : moz-landing-system : lando
2019-04-04 19:59:25 +00:00
ffxbld d581d786f4 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D26115

--HG--
extra : moz-landing-system : lando
2019-04-04 13:00:37 +00:00
Ciure Andrei 4116e08315 Merge inbound to mozilla-central. a=merge 2019-04-04 07:34:14 +03:00
Dana Keeler a483dcca02 Bug 1539415 - make nsICertStorage (cert_storage) asynchronous for functions called from the main thread r=jcj,mgoodwin
The Set* functions of nsICertStorage (SetRevocationByIssuerAndSerial,
SetRevocationBySubjectAndPubKey, SetEnrollment, and SetWhitelist) are called on
the main thread by the implementations that manage consuming remote security
information. We don't want to block the main thread, so this patch modifies
these functions to take a callback that will be called (on the original thread)
when the operation in question has been completed on a background thread.

The Get* functions of nsICertStorage (GetRevocationState, GetEnrollmentState,
and GetWhitelistState) should only be called off the main thread. For the most
part they are, but there are at least two main-thread certificate verifications
that can cause these functions to be called on the main thread. These instances
are in nsSiteSecurityService::ProcessPKPHeader and
ContentSignatureVerifier::CreateContextInternal and will be dealt with in
bug 1406854 bug 1534600, respectively.

Differential Revision: https://phabricator.services.mozilla.com/D25174

--HG--
extra : moz-landing-system : lando
2019-04-03 23:24:19 +00:00
Brian Grinstead 54848835d5 Bug 1540123 - Use is/isnot/ok instead of Assert.equal/Assert.notEqual/Assert.ok in browser_clientAuth_ui.js r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D25828

--HG--
extra : moz-landing-system : lando
2019-04-02 21:09:05 +00:00
Brian Grinstead 928bc8adb2 Bug 1540123 - Append menuitems into the menupopup for the certificate nickname menulist in certificate selection dialog UI r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D25825

--HG--
extra : moz-landing-system : lando
2019-04-02 21:09:03 +00:00
Haik Aftandilian f7082591a7 Bug 1540892 - [Mac] Don't #include policy definition headers in mac/Sandbox.h r=Alex_Gaynor
Move sandbox policy includes to Sandbox.mm.

Differential Revision: https://phabricator.services.mozilla.com/D25691

--HG--
extra : moz-landing-system : lando
2019-04-02 12:59:46 +00:00
Gian-Carlo Pascutto d0f1336b84 Bug 1535794 - Allow getrandom() in all sandbox policies. r=jld
Differential Revision: https://phabricator.services.mozilla.com/D25610

--HG--
extra : moz-landing-system : lando
2019-04-02 12:37:58 +00:00
Eden Chuang 72b79c6fbd Bug 1442778 - Add "chromeContext" parameter to console API and console service messages. r=smaug
1. Adding a new attribute chromeContext in ConsoleEvent
2. Adding a new boolean attribute isFromChromeContext in nsIConsoleMessage
3. Sending IsFromChromeContext to the parent process

Differential Revision: https://phabricator.services.mozilla.com/D23330

--HG--
extra : moz-landing-system : lando
2019-04-01 22:42:34 +00:00
Dana Keeler f8da648dbc bug 1439002 - remove useless debug spew from nsSiteSecurityService r=erahm
Differential Revision: https://phabricator.services.mozilla.com/D25489

--HG--
extra : moz-landing-system : lando
2019-04-01 17:07:20 +00:00
Gian-Carlo Pascutto 4f54fd166f Bug 1536137 - Add getrusage to RDD policy. r=jld
Depends on D24190

Differential Revision: https://phabricator.services.mozilla.com/D25621

--HG--
extra : moz-landing-system : lando
2019-04-01 16:10:05 +00:00
Gian-Carlo Pascutto 9261673631 Bug 1536127 - Add F_SETFD/CLOEXEC logic to RDD process. r=jld
Differential Revision: https://phabricator.services.mozilla.com/D24190

--HG--
extra : moz-landing-system : lando
2019-04-01 16:10:07 +00:00
ffxbld c83d5b6a32 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D25600

--HG--
extra : moz-landing-system : lando
2019-04-01 13:10:51 +00:00
Sylvestre Ledru ef0bfc3822 Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D24168

--HG--
extra : moz-landing-system : lando
2019-03-31 15:12:55 +00:00
Myk Melez 5b6def9858 Bug 1538093 - reopen security_state env as read-only when not writing r=keeler
The new rkv-based cert_storage database caused a Heap Unclassified regression because of memory that LMDB reserves when opening a database in read-write mode. Since cert_storage usage is read-heavy, this change claws back that regression by opening it in read-only mode except when changes are being made.

Differential Revision: https://phabricator.services.mozilla.com/D25098

--HG--
extra : moz-landing-system : lando
2019-03-29 19:48:00 +00:00
J.C. Jones 1746417e71 Bug 1539541 - Enable FIDO U2F API, and permit registrations for Google Accounts r=keeler,qdot
Per the thread "Intent-to-Ship: Backward-Compatibility FIDO U2F support for
Google Accounts" on dev-platform [0], this bug is to:

  1. Enable the security.webauth.u2f by default, to ride the trains

  2. Remove the aOp == U2FOperation::Sign check from EvaluateAppID in
     WebAuthnUtil.cpp, permitting the Google override to work for Register as
     well as Sign.

This would enable Firefox users to use FIDO U2F API on most all sites, subject
to the algorithm limitations discussed in the section "Thorny issues in
enabling our FIDO U2F API implementation" of that post.

[0] https://groups.google.com/d/msg/mozilla.dev.platform/q5cj38hGTEA/lC834665BQAJ

Differential Revision: https://phabricator.services.mozilla.com/D25241

--HG--
extra : moz-landing-system : lando
2019-03-29 17:16:13 +00:00
ffxbld 11ed6b29f2 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D25214

--HG--
extra : moz-landing-system : lando
2019-03-28 12:46:21 +00:00
Mark Banner dba6983e75 Bug 1415265 - Remove now unnecessary .eslintrc.js files or entries. r=mossop
Differential Revision: https://phabricator.services.mozilla.com/D23850

--HG--
extra : moz-landing-system : lando
2019-03-28 09:38:14 +00:00
Haik Aftandilian a8b3df5de0 Bug 1525086 - Part 6 - Use AssertMacSandboxEnabled() for the RDD process, change the assert to use sandbox_check() r=Alex_Gaynor
When the RDD process sandbox is started at launch, assert the sandbox has been enabled in the Init message.

Change AssertMacSandboxEnabled() to use the undocumented sandbox_check() function instead of sandbox_init().

Differential Revision: https://phabricator.services.mozilla.com/D22414

--HG--
extra : moz-landing-system : lando
2019-03-27 20:29:08 +00:00
Haik Aftandilian ae8b138790 Bug 1525086 - Part 3a - Move sandbox param logic to GeckoChildProcessHost and MacSandboxInfo to be more reusable r=Alex_Gaynor
Move sandbox early start logic to GeckoChildProcessHost.

Move sandbox CLI param logic into MacSandboxInfo.

Differential Revision: https://phabricator.services.mozilla.com/D22409

--HG--
extra : moz-landing-system : lando
2019-03-28 02:25:52 +00:00
Haik Aftandilian a6d4dd5d34 Bug 1525086 - Part 2 - Remove unneeded params and permissions from the utility sandbox r=Alex_Gaynor
Remove the unused plugin binary path and app binary path parameters and cleanup file path permissions.

Explicitly allow access to launchservicesd to allow SetProcessName() to work when the sandbox is started during startup.

Differential Revision: https://phabricator.services.mozilla.com/D22408

--HG--
extra : moz-landing-system : lando
2019-03-27 20:27:32 +00:00
Haik Aftandilian 40e8968bd5 Bug 1525086 - Part 1 - Split up sandbox policies, create utility policy for the RDD process r=Alex_Gaynor
Move sandbox policies for different process types into their own files.

Create a new "utility" policy cloned from the GMP policy to be used for basic utility-type processes.

Use the utility policy for the RDD process.

Differential Revision: https://phabricator.services.mozilla.com/D22405

--HG--
extra : moz-landing-system : lando
2019-03-27 20:27:09 +00:00
Dana Keeler 82548d6407 bug 1538250 - lazily open DB in cert_storage to avoid main-thread I/O r=jcj
After initialization (which happens on the main thread because we need to access
preferences), cert_storage will first be used on a certificate verification
thread. We can use this to avoid main-thread I/O by lazily opening the DB when
it first gets used rather than at initialization.

Differential Revision: https://phabricator.services.mozilla.com/D24998

--HG--
extra : moz-landing-system : lando
2019-03-27 19:35:31 +00:00
Nan Jiang 719f34cee5 Bug 1522638 - Add bulk insert to kvstore r=myk,mossop,nika
This adds the bulk insert to kvstore as discussed in Bug 1522638

Differential Revision: https://phabricator.services.mozilla.com/D22032

--HG--
extra : moz-landing-system : lando
2019-03-27 14:16:59 +00:00
Cosmin Sabou 3d469329a4 Merge mozilla-inbound to mozilla-central. a=merge 2019-03-27 06:45:13 +02:00
J.C. Jones d602553050 Bug 1539227 - land NSS 67c41e385581 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : cd4c8d05e32ee16c9aaa1aeb23014b2299c100fd
2019-03-26 18:48:46 +00:00
Dana Keeler 13b7c3537c bug 1529044 - intermediate certificate caching: import on a background thread to not block certificate verification r=mgoodwin
Apparently importing a certificate into the NSS certificate DB is slow enough to
materially impact the time it takes to connect to a site. This patch addresses
this by importing any intermediate certificates we want to cache from verified
connections on a background thread (so the certificate verification thread can
return faster).

Differential Revision: https://phabricator.services.mozilla.com/D24384

--HG--
extra : moz-landing-system : lando
2019-03-26 15:56:32 +00:00
Jonas Allmann 1db9db7604 Bug 1529231, Remove all occurences of ondialogaccept and ondialogcancel, r=Gijs
Removed all occurences of ondialogaccept.
Removed all occurences of ondialogcancel.
Replaced all removed attributes with event handlers.

Differential Revision: https://phabricator.services.mozilla.com/D21227

--HG--
extra : moz-landing-system : lando
2019-03-26 18:34:02 +00:00
Cosmin Sabou 78fc71e3c3 Backed out changeset 7fa7d6e6dedc (bug 1442778) for devtools failures on browser_webconsole_check_stubs_console_api.js CLOSED TREE 2019-03-26 20:27:55 +02:00
Eden Chuang 5e4df764d9 Bug 1442778 - Add "chromeContext" parameter to console API and console service messages. r=smaug
1. Adding a new attribute chromeContext in ConsoleEvent
2. Adding a new boolean attribute isFromChromeContext in nsIConsoleMessage
3. Sending IsFromChromeContext to the parent process

Differential Revision: https://phabricator.services.mozilla.com/D23330

--HG--
extra : moz-landing-system : lando
2019-03-26 15:18:20 +00:00
Jeff Walden af2fe4f219 Bug 1538621. r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D24760

--HG--
extra : moz-landing-system : lando
2019-03-25 22:01:10 +00:00
Narcis Beleuzu db05e9557d Backed out changeset d641ac81d9f0 (bug 1529044) for XPCShel failures on test_missing_intermediate.js . CLOSED TREE 2019-03-25 23:20:27 +02:00
Dana Keeler f04ab743ad bug 1529044 - intermediate certificate caching: import on a background thread to not block certificate verification r=mgoodwin
Apparently importing a certificate into the NSS certificate DB is slow enough to
materially impact the time it takes to connect to a site. This patch addresses
this by importing any intermediate certificates we want to cache from verified
connections on a background thread (so the certificate verification thread can
return faster).

Differential Revision: https://phabricator.services.mozilla.com/D24384

--HG--
extra : moz-landing-system : lando
2019-03-25 17:09:37 +00:00
ffxbld 927082cd95 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D24686

--HG--
extra : moz-landing-system : lando
2019-03-25 12:45:49 +00:00
srujana 6e50bb941c Bug 1451127 : Added files to UNIFIED_SOURCES and removed conflicts. r=handyman
Added files to UNIFIED_SOURCES and removed conflicts. Files that required flags still remain in SOURCES.  SOURCES use "StrictOrderingOnAppendListWithFlagsFactory" base class and UNIFIED_SOURCES use "StrictOrderingOnAppendList" base class. As of now I do not think there is an option to add flags for the later. So the files requiring flags are kept in SOURCES.

Differential Revision: https://phabricator.services.mozilla.com/D23795

--HG--
extra : moz-landing-system : lando
2019-03-20 21:32:50 +00:00
Myk Melez 041a03ca0d Bug 1538372 - migrate revocations in single transaction r=keeler
cert_storage migrates revocations.txt via one transaction per entry, which can be expensive.  This change uses a single transaction to migrate all entries.

Differential Revision: https://phabricator.services.mozilla.com/D24579

--HG--
extra : moz-landing-system : lando
2019-03-22 23:16:43 +00:00
monikamaheshwari d0003fb1d7 Bug 1533485 - nsNSSCertificateDB::handleCACertDownload shouldn't assert that it got a non-zero number of certificates r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D23921

--HG--
extra : moz-landing-system : lando
2019-03-22 17:29:48 +00:00
brendaadel 7b652fc9d8 Bug 1474759 - added strings to the empty MOZ_Crash() in Linux sandboxing module. r=handyman
Added reason strings to all MOZ_CRASH in linux/sandbox

Differential Revision: https://phabricator.services.mozilla.com/D24143

--HG--
extra : moz-landing-system : lando
2019-03-22 07:43:29 +00:00
Nicholas Nethercote a955ca9592 Bug 1535226 - Remove uses of XP_WIN32 in Gecko. r=glandium
The definitions can't be entirely removed yet because NSS still needs them.

Differential Revision: https://phabricator.services.mozilla.com/D23454

--HG--
extra : moz-landing-system : lando
2019-03-21 01:28:50 +00:00
Brian Grinstead a797a66d25 Bug 1531119 - Remove editMenuCommands.inc.xul and make editMenuOverlay.js in charge of constructing the relevant commandset DOM r=bdahl,NeilDeakin
This allows us to drop preprocessing and makes it simpler to add edit menu functionality to any type of document.

Differential Revision: https://phabricator.services.mozilla.com/D21446

--HG--
extra : moz-landing-system : lando
2019-03-21 14:18:48 +00:00
ffxbld ead4572bc7 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D24335

--HG--
extra : moz-landing-system : lando
2019-03-21 12:29:05 +00:00
shindli 12c0629a98 Merge mozilla-central to inbound. a=merge CLOSED TREE
--HG--
rename : js/src/tests/non262/fields/basic.js => js/src/jit-test/tests/fields/basic.js
rename : js/src/tests/non262/fields/literal.js => js/src/jit-test/tests/fields/literal.js
rename : js/src/tests/non262/fields/mixed_methods.js => js/src/jit-test/tests/fields/mixed_methods.js
rename : js/src/tests/non262/fields/quirks.js => js/src/jit-test/tests/fields/quirks.js
2019-03-21 06:36:37 +02:00
Jeff Walden 44f0e9ca5f Bug 1533640 - Attempt to parse empty OCSP responses and let the parse attempt signal malformedness, instead of letting an empty response's |Vector<uint8_t>::begin() == nullptr| be the trigger of that signal. r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D22656

--HG--
extra : rebase_source : 47afff90c0a07330664b95fbdd7d5cc7e8b5bb4d
2019-03-07 15:28:00 -08:00
Dana Keeler 2cf1772b43 bug 1535851 - proactively check for mixed content in nsSecureBrowserUIImpl r=Ehsan
If nsSecureBrowserUIImpl::GetState is never called, it never checks for mixed
content (this can happen when loading a page from the BF cache). To ensure that
we properly set the security state (via OnLocationChange -> OnSecurityChange),
nsSecureBrowserUIImpl must check for mixed content more proactively.

Differential Revision: https://phabricator.services.mozilla.com/D23945

--HG--
extra : moz-landing-system : lando
2019-03-19 23:56:55 +00:00
Ian Moody 167f623a3e Bug 1246594 - Enable ESLint rule no-throw-literal by default. r=Standard8
Differential Revision: https://phabricator.services.mozilla.com/D24088

--HG--
extra : moz-landing-system : lando
2019-03-19 22:02:42 +00:00
Andreea Pavel c3cd918c5c Backed out 2 changesets (bug 1429796) for failing xperf on a CLOSED TREE
Backed out changeset b0d08863f7a5 (bug 1429796)
Backed out changeset 1bd54f8dfd9e (bug 1429796)
2019-03-20 00:03:49 +02:00
Dana Keeler 4ac9f8c38c Bug 1429796 - cert_storage: create rkv environment and store only once to avoid races r=mgoodwin,jcj
This patch also base64-decodes the API inputs before storing in the DB in
anticipation of being able to pass binary data directly (bug 1535752).

Differential Revision: https://phabricator.services.mozilla.com/D23430

--HG--
extra : moz-landing-system : lando
2019-03-18 20:08:30 +00:00
Mark Goodwin 59e0c373c3 Bug 1429796 Cleanup storage in CertBlocklist to allow easy addition of new types of pair (e.g. whitelist entries) r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D17668

--HG--
extra : moz-landing-system : lando
2019-03-19 17:48:04 +00:00
Alex Gaynor 177fb00eba Bug 1375863 - fold MOZ_CONTENT_SANDBOX and MOZ_GMP_SANDBOX into MOZ_SANDBOX; r=jld,firefox-build-system-reviewers
Differential Revision: https://phabricator.services.mozilla.com/D22975

--HG--
extra : moz-landing-system : lando
2019-03-18 22:31:59 +00:00
Dana Keeler 6110b2c67a bug 1515608 - allow end-entity certificates to be trust anchors for compatibility r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D23240

--HG--
extra : moz-landing-system : lando
2019-03-18 20:01:02 +00:00