Граф коммитов

14413 Коммитов

Автор SHA1 Сообщение Дата
J.C. Jones 1ab58c0d27 Bug 1550889 - land NSS d17569aa9d56 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 4fdf16aeb31e95f10548c847907eeffdbddb2d19
2019-06-07 17:51:08 +00:00
Dana Keeler 66f092c690 bug 1555392 - remove unnecessary things from test_cert_storage.js that were causing intermittent failures r=KevinJacobs
At some point in the past, test_cert_storage.js needed to initialize the add-on
system to start the blocklist system, which is where revocation updates used to
come from. This appears to no longer be the case and the code in question can be
removed (and it should be removed because it's causing intermittent failures).

Differential Revision: https://phabricator.services.mozilla.com/D33993

--HG--
extra : moz-landing-system : lando
2019-06-06 21:11:25 +00:00
Dana Keeler 1a1341430b bug 1488865 - import CRLite enrollment state r=jcj,KevinJacobs
This patch saves the CRLite enrollment state of every preloaded intermediate to
cert_storage. This is an intermediate (hah) step towards actually checking
CRLite state. We still have to implement downloading and updating the CRLite
bloom filter cascades and implement checking these filters when we encounter a
certificate issued from an enrolled intermediate (this work will be done in
future bugs).

Differential Revision: https://phabricator.services.mozilla.com/D33074

--HG--
extra : moz-landing-system : lando
2019-06-06 16:42:41 +00:00
Zibi Braniecki a49f5263f1 Bug 1552714 - Fix tests to compare the result of getAttributes against L10nKeys. r=smaug
Differential Revision: https://phabricator.services.mozilla.com/D33740

--HG--
extra : moz-landing-system : lando
2019-06-06 16:33:09 +00:00
J.C. Jones 2f955dea5e Bug 1550889 - land NSS 8082be3a6363 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 84cb27998d0b4e36d9a7d388e3a8b2a4fc3bb886
2019-06-04 19:39:40 +00:00
Gian-Carlo Pascutto 84108d4e2b Bug 1555589 - Include sys/prctl.h not linux/prctl.h. r=jld
Differential Revision: https://phabricator.services.mozilla.com/D33517

--HG--
extra : moz-landing-system : lando
2019-06-03 21:35:44 +00:00
Dana Keeler 098bc1f91c bug 1555854 - avoid creating transient threads in PSM (particularly CryptoTask) r=KevinJacobs
CryptoTask is a helper class that makes it easier to implement code that runs on
a background thread and then notifies completion on the main thread (this is
useful for not blocking the main thread with long-running cryptography or I/O).
Before this patch, each CryptoTask would create a new thread each time it ran,
which was inefficient. This patch updates CryptoTask to use the stream transport
service (which is essentially a pool of threads for doing exactly these kinds of
things and notably is not to be confused with the socket transport service) to
run each task. Additionally, there were a few places in PSM where we
unnecessarily created new threads to perform similar tasks. These now use the
stream transport service as well.

Differential Revision: https://phabricator.services.mozilla.com/D33534

--HG--
extra : moz-landing-system : lando
2019-06-03 23:47:48 +00:00
Nihanth Subramanya 3d82fc9a8a Bug 1547015 - Implement a clearAllOverrides method in nsICertOverrideService. r=johannh,keeler
Differential Revision: https://phabricator.services.mozilla.com/D32886

--HG--
extra : moz-landing-system : lando
2019-06-03 21:29:56 +00:00
J.C. Jones 2b5a2efa96 Bug 1555425 - Enable Web Authentication in all Fennec Android channels r=cpeterson,KevinJacobs
Disable for Geckoview, but enable for Fennec.

Differential Revision: https://phabricator.services.mozilla.com/D33050

--HG--
extra : moz-landing-system : lando
2019-06-03 17:51:57 +00:00
ffxbld 5cd2a9bc7d No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D33506

--HG--
extra : moz-landing-system : lando
2019-06-03 15:44:26 +00:00
Dana Keeler 4a553d09d1 bug 1554152 - use the auto-clearing TLS context for connections with origin attributes from private contexts r=KevinJacobs
PSM has two instances of TLS bookkeeping structures ("SharedSSLState"): a
"public" one for most connections and a "private" one that automatically clears
its state when the last private browsing context (usually a window) closes.
Since we moved to separating connections by origin attributes, the latter is
largely redundant because keying by origin attributes already separates
connections from different contexts, even when using the "public" shared TLS
state structure. However, it still has the advantage of clearing its state when
the last private browsing context closes. This patch updates the decision of
which SharedSSLState to use by taking into account origin attributes. That is,
if the origin attributes of the connection has a private browsing ID that isn't
the default (unset), we'll use the auto-clearing SharedSSLState. This has the
effect of auto-clearing cached client auth certificate state for private
contexts when the last private browsing window closes. It also clears
accumulated TLS intolerance state in the private context, but that isn't as
relevant any more since we don't do TLS fallback by default.

Differential Revision: https://phabricator.services.mozilla.com/D33099

--HG--
extra : moz-landing-system : lando
2019-05-31 21:59:10 +00:00
Andrea Marchesini b1b122fb20 Bug 1554464 - Merge nsICookie2 and nsICookie in 1 single interface, r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D33031

--HG--
extra : moz-landing-system : lando
2019-05-31 09:36:44 +00:00
Boris Zbarsky 794039bf74 Bug 1553018 part 3. Add various preferences bindings use in Pref annotations on interfaces to StaticPrefs. r=edgar
Differential Revision: https://phabricator.services.mozilla.com/D32944

--HG--
extra : moz-landing-system : lando
2019-05-30 17:23:04 +00:00
ffxbld 669d19df08 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D33154

--HG--
extra : moz-landing-system : lando
2019-05-30 13:07:37 +00:00
Mihai Alexandru Michis 2454605299 Merge mozilla-central to autoland. CLOSED TREE 2019-05-30 12:49:36 +03:00
prathiksha 325e222d30 Bug 1549561 - Move _setTechDetails from NetErrorChild.jsm to aboutNetError.js. r=johannh,flod
Differential Revision: https://phabricator.services.mozilla.com/D30852

--HG--
extra : moz-landing-system : lando
2019-05-30 06:43:14 +00:00
shindli 8b24790fb3 Merge mozilla-central to inbound. a=merge CLOSED TREE 2019-05-30 00:58:01 +03:00
J.C. Jones 5c17d448f9 Bug 1550889 - land NSS 29a48b604602 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 5ccf83f8eaa4e94a502770717e1afca14e59c0fb
2019-05-29 15:52:05 +00:00
Andrea Marchesini 4c6ace6ac6 Bug 1551798 - Rename nsICookie2.SAMESITE_UNSET to nsICookie2.SAMESITE_NONE, r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D31214

--HG--
extra : moz-landing-system : lando
2019-05-29 15:55:03 +00:00
arthur.iakab 944263f18a Backed out 5 changesets (bug 1551798) for multiple build bustages on StaticPrefList.h CLOSED TREE
Backed out changeset c89daff34d97 (bug 1551798)
Backed out changeset bbc3f88b8c03 (bug 1551798)
Backed out changeset b87996b8a411 (bug 1551798)
Backed out changeset d88b0002d736 (bug 1551798)
Backed out changeset 0fe740c90e2b (bug 1551798)
2019-05-29 18:07:26 +03:00
Andrea Marchesini e9bbb85ed1 Bug 1551798 - Rename nsICookie2.SAMESITE_UNSET to nsICookie2.SAMESITE_NONE, r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D31214

--HG--
extra : moz-landing-system : lando
2019-05-24 15:18:49 +00:00
Ehsan Akhgari 4cb428d268 Bug 1555205 - Move db/sqlite3 to third_party/; r=mak
Differential Revision: https://phabricator.services.mozilla.com/D32939

--HG--
rename : db/sqlite3/README => third_party/sqlite3/README
rename : db/sqlite3/README.MOZILLA => third_party/sqlite3/README.MOZILLA
rename : db/sqlite3/src/moz.build => third_party/sqlite3/src/moz.build
rename : db/sqlite3/src/sqlite.symbols => third_party/sqlite3/src/sqlite.symbols
rename : db/sqlite3/src/sqlite3.c => third_party/sqlite3/src/sqlite3.c
rename : db/sqlite3/src/sqlite3.h => third_party/sqlite3/src/sqlite3.h
extra : moz-landing-system : lando
2019-05-29 10:16:29 +00:00
ffxbld dafef8c4a2 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D32686

--HG--
extra : moz-landing-system : lando
2019-05-28 20:34:21 +00:00
Dana Keeler 61ec77eb24 bug 1555110 - Backed out changeset a187487af38a to disable cert_storage on non-nightly builds r=jcj,froydnj
There are ongoing lmdb issues we need to sort out before we can ship
cert_storage (see e.g. bug 1538541 and bug 1550174).

Differential Revision: https://phabricator.services.mozilla.com/D32885

--HG--
extra : moz-landing-system : lando
2019-05-29 00:11:53 +00:00
Sylvestre Ledru d57d4905f1 Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D30883

--HG--
extra : moz-landing-system : lando
2019-05-25 17:46:15 +00:00
arthur.iakab af8e458c5f Backed out changeset a296439a25ff (bug 1519636) for frequent Windows cppunit failures CLOSED TREE 2019-05-24 14:26:01 +03:00
Sylvestre Ledru c82ea97226 Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D30883

--HG--
extra : moz-landing-system : lando
2019-05-24 09:59:17 +00:00
Dana Keeler 04339696c5 bug 1552310 - use the correct field to delete preloaded certificates that have been removed from the preload list r=jcj,KevinJacobs
The initial implementation made some incorrect assumptions about the data that
was in our data set and used the wrong field to identify the certificates to
delete when they are removed from our preload list. Now that the data set has
the expected field (the hash of the whole certificate), we can use it instead.

Differential Revision: https://phabricator.services.mozilla.com/D32380

--HG--
extra : moz-landing-system : lando
2019-05-23 23:57:39 +00:00
Kevin Jacobs 7234bae169 Bug 1492305 - Fix LibSecret unlocking & NSS return values r=keeler,MattN
This fixes issues with the NSS and LibSecret keystore not correctly rejecting unlocking of the key store.

Updated for dynamic loading of LibSecret and a bug workaround added elsewhere (updated green try below)

Depends on D9969.

Differential Revision: https://phabricator.services.mozilla.com/D7713

--HG--
extra : moz-landing-system : lando
2019-05-22 18:25:59 +00:00
Sylvestre Ledru 993c03acb1 Bug 1552795 - Remove all trailing whitespaces in idl files r=Ehsan
Differential Revision: https://phabricator.services.mozilla.com/D31769

--HG--
extra : moz-landing-system : lando
2019-05-22 22:37:14 +00:00
ffxbld 7107838f34 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D32310

--HG--
extra : moz-landing-system : lando
2019-05-23 13:21:24 +00:00
shindli 16671b371f Merge mozilla-central to inbound. a=merge CLOSED TREE 2019-05-22 18:37:34 +03:00
J.C. Jones 6aa1eca84d Bug 1550889 - land NSS ec6843bc0ce7 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : d85221a37ef901187c3f2c5c5a85ab0ba5ce52b5
2019-05-21 20:39:24 +00:00
Mathieu Leplatre ecf5714fea Bug 1548542 - Remove notions of Kinto in blocklists unit tests r=keeler,Gijs
Differential Revision: https://phabricator.services.mozilla.com/D31221

--HG--
extra : moz-landing-system : lando
2019-05-22 11:25:04 +00:00
Mathieu Leplatre 8eb7224e54 Bug 1526018 - Initialize PSM clients in their own service r=Gijs,jcj
Differential Revision: https://phabricator.services.mozilla.com/D31603

--HG--
extra : moz-landing-system : lando
2019-05-21 21:14:11 +00:00
J.C. Jones a13c53a0db Bug 1552602 - Disable FIDO U2F API for Android r=keeler,bzbarsky
Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no
mechanism available for FIDO U2F JS API operations on Android. The exposed API
is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API
operations on Android, and we should disable the u2f preference so that
window.u2f is not set inappropriately.

Updated to fix test_interfaces.js

Differential Revision: https://phabricator.services.mozilla.com/D31695

--HG--
extra : moz-landing-system : lando
2019-05-20 16:46:43 +00:00
David Major 6efaa8b1cd Bug 1523526 - Don't allow CFG on old releases of Windows for arm64 r=bobowen,aklotz
There's a bug in ole32.dll on arm64 versions of Windows prior to 1809, that crashes our content processes if we enable CFG. We've reported the issue, but even if it gets fixed, we can't assume users will have the update.

This patch uses process mitigation policy flags to disable CFG on arm64 before 1809. Based on testing, we only need to do this in the sandbox for child processes, and it's not strictly necessary for the launcher stub to set the flag on the main process. But I've included that anyway as a guard against some yet-undiscovered scenario that might hit the issue and make the browser unusable.

The effects of this patch won't be visible until we actually enable CFG in a subsequent landing.

Differential Revision: https://phabricator.services.mozilla.com/D29474

--HG--
extra : moz-landing-system : lando
2019-05-20 17:25:30 +00:00
Dana Keeler 4401954b60 Bug 1551177 - avoid searching unproductive certificate paths during verification r=jcj,KevinJacobs
In bug 1056341 we introduced a search budget to mozilla::pkix to attempt to work
around the problem of having an extremely large search space given a set of
certificates all with the same subject and issuer distinguished names but
different public keys. In the end, though, there is probably no good value to
choose for the budget that is small enough to run quickly on the wide range of
hardware our users have and yet is large enough that we're confident won't break
someone's complicated pki setup (looking at you, the US federal government).

To address this, use the observation that as long as an intermediate can't *add*
information necessary to build a certificate chain (e.g. stapled SCTs), we
should never need a self-signed intermediate (as in, its own key verifies the
signature on it and its subject and issuer distinguished names are identical) to
build a trusted chain (since the exact same chain without that intermediate
should be valid). Given this, we simply skip all self-signed non-trust anchor
CA certificates during path building.

Differential Revision: https://phabricator.services.mozilla.com/D31368

--HG--
extra : moz-landing-system : lando
2019-05-18 00:15:54 +00:00
Coroiu Cristina 55a63d1520 Backed out 2 changesets (bug 1523526, bug 1526443) for Be bustage on Windows AArch on a CLOSED TREE
Backed out changeset 98013639d600 (bug 1526443)
Backed out changeset e8ac4b512f9d (bug 1523526)
2019-05-20 20:21:56 +03:00
David Major 250aff00e7 Bug 1523526 - Don't allow CFG on old releases of Windows for arm64 r=bobowen,aklotz
There's a bug in ole32.dll on arm64 versions of Windows prior to 1809, that crashes our content processes if we enable CFG. We've reported the issue, but even if it gets fixed, we can't assume users will have the update.

This patch uses process mitigation policy flags to disable CFG on arm64 before 1809. Based on testing, we only need to do this in the sandbox for child processes, and it's not strictly necessary for the launcher stub to set the flag on the main process. But I've included that anyway as a guard against some yet-undiscovered scenario that might hit the issue and make the browser unusable.

The effects of this patch won't be visible until we actually enable CFG in a subsequent landing.

Differential Revision: https://phabricator.services.mozilla.com/D29474

--HG--
extra : moz-landing-system : lando
2019-05-07 18:37:13 +00:00
ffxbld 132d447ea6 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D31781

--HG--
extra : moz-landing-system : lando
2019-05-20 12:42:12 +00:00
Julien Cristau 92574b8f84 Bug 1536463 - remove expiring security.pkcs11_modules_loaded telemetry. r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D27273

--HG--
extra : moz-landing-system : lando
2019-04-15 12:53:37 +00:00
Bogdan Tara cb81e93f4e Backed out changeset 8e8ea33ecb3d (bug 1552602) for test_interfaces_secureContext.html failures 2019-05-18 07:06:09 +03:00
J.C. Jones ebadc19bdf Bug 1552602 - Disable FIDO U2F API for Android r=keeler
Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no
mechanism available for FIDO U2F JS API operations on Android. The exposed API
is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API
operations on Android, and we should disable the u2f preference so that
window.u2f is not set inappropriately.

Differential Revision: https://phabricator.services.mozilla.com/D31695

--HG--
extra : moz-landing-system : lando
2019-05-17 23:45:47 +00:00
J.C. Jones 89a4b84031 Bug 1551342 - Fix conflicts w/ Android FIDO2 and Rust u2f-hid-rs r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D31366

--HG--
extra : moz-landing-system : lando
2019-05-16 07:54:44 +00:00
ffxbld fc63b3d821 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D31422

--HG--
extra : moz-landing-system : lando
2019-05-16 13:00:29 +00:00
Dana Keeler 69828aa2fe Bug 1548365 - enable intermediate preloading on early beta or earlier r=froydnj,jcj
This also enables using cert_storage for OneCRL, since it and intermediate
preloading both use the same backend.

Differential Revision: https://phabricator.services.mozilla.com/D31345

--HG--
extra : moz-landing-system : lando
2019-05-16 00:03:09 +00:00
Kevin Jacobs b93f23a66b Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections. r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D29576

--HG--
extra : moz-landing-system : lando
2019-05-15 23:34:52 +00:00
Dana Keeler 6d703cdf92 bug 1548040 - batch cert_storage certificate adding/removal r=jcj,myk
Differential Revision: https://phabricator.services.mozilla.com/D30271

--HG--
extra : moz-landing-system : lando
2019-05-14 20:51:10 +00:00
Nathan Froyd 279e2583b7 Bug 1551698 - disable PGO on some low-level windows files; r=dmajor
PGO instrumentation interacts badly with this code, and it's not crucial
that this code be lightning fast.

Differential Revision: https://phabricator.services.mozilla.com/D31131

--HG--
extra : moz-landing-system : lando
2019-05-15 13:00:39 +00:00