Commit Graph

15516 Commits

Author SHA1 Message Date
Jed Davis
cd985e90bd Bug 1663550 - Fix the alignment of the stack for the sandbox's clone() trampoline. r=gcp
The ABI on ARM64 requires 16-byte stack alignment, and that includes the
small temporary stack that exists only so that we can `longjmp` off of
it in the child process after calling `clone`.

Differential Revision: https://phabricator.services.mozilla.com/D90001
2020-09-16 20:48:02 +00:00
Jed Davis
e997e40530 Bug 1663550 - Update sandbox policy for various syscalls obsoleted on Linux/arm64. r=gcp
In addition to e.g. lacking `open` in favor of `openat`, Linux/arm64
also removes a number of older syscalls along similar lines, like `dup2`
in favor of `dup3`, and all variants of `select` other than `pselect6`.

Differential Revision: https://phabricator.services.mozilla.com/D90000
2020-09-16 20:23:22 +00:00
Jed Davis
e149e83eea Bug 1663550 - Implement brokering for the remaining at syscalls in the Linux sandbox. r=gcp
Linux/arm64 omits syscalls that can be implemented in terms of newer
syscalls by inserting constant arguments; this means that all of the
basic filesystem operations use the `at` versions, like `unlinkat`
replacing both `unlink` and `rmdir`.  We've supported some of them when
x86 libcs started using them, but there are several others we were
missing; this patch adds them.

Differential Revision: https://phabricator.services.mozilla.com/D89999
2020-09-16 20:12:20 +00:00
Jed Davis
54eee381cc Bug 1663550 - Rearrange the broker glue to handle none of the non-at syscalls existing. r=gcp
Linux/arm64 seems to exclude any syscalls that were redundant when it was
created (specifically, that can be implemented in terms of another by
inserting constant arguments), which includes all the of the non-`at`
filesystem syscalls --- for example, `open` vs. `openat`.

This patch rearranges ifdefs to handle that case; later patches will
fill in the currently unhandled syscalls in the `at`-only side.

Differential Revision: https://phabricator.services.mozilla.com/D89998
2020-09-16 19:45:52 +00:00
Jed Davis
1cabbae048 Bug 1663550 - Minor cleanups for Linux sandbox policy. r=gcp
Not strictly part of ARM support, but worth committing, and in
particular printing the `AT_*` flags in hex is helpful for matching them
against headers when `*at` syscalls fail.

Differential Revision: https://phabricator.services.mozilla.com/D89997
2020-09-16 19:01:32 +00:00
Jed Davis
9afac8dfc8 Bug 1663550 - Remove obsolete sandbox rule allowing utime(). r=gcp
We no longer use GConf (bug 1433685), so we can remove the sandbox rule
allowing it to call utime().  That syscall doesn't exist on ARM or ARM64,
so this rule would have to be ifdef'ed if it were re-added.

Differential Revision: https://phabricator.services.mozilla.com/D89996
2020-09-16 18:53:23 +00:00
Jed Davis
4ec3f298b0 Bug 1663550 - Add "arm" and "arm64" architecture names to Linux sandbox telemetry. r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D89995
2020-09-16 18:52:52 +00:00
Jed Davis
8ea790a391 Bug 1663550 - Add security/sandbox/chromium files needed for ARM/ARM64. r=bobowen
Chromium's Linux sandboxing code needs some architecture-specific files
for ARM and ARM64 that we don't currently include in our partial import.
These are copied from Chromium tag 81.0.4044.138 (matching the latest
import of the rest of security/sandbox/chromium) without changes.

Differential Revision: https://phabricator.services.mozilla.com/D89994
2020-09-15 14:46:35 +00:00
Simon Giesecke
de7bab0f06 Bug 1650145 - Replace all value uses of Empty[C]String by 0-length _ns literals. r=froydnj,geckoview-reviewers,agi
Differential Revision: https://phabricator.services.mozilla.com/D82325
2020-09-23 15:17:15 +00:00
Andrea Marchesini
03a46b29e8 Bug 1635828 - Isolate HSTS per first-party when privacy.partition.network_state is set to true - part 2 - tests, r=timhuang
Differential Revision: https://phabricator.services.mozilla.com/D74078
2020-09-20 20:51:11 +00:00
Dana Keeler
3d53187b90 Bug 1662636 - osclientcerts: rework legacy key handling to avoid slow APIs r=kjacobs
Bug 1658042 attempted to identify keys that could only handle legacy crypto
using CryptFindCertificateKeyProvInfo. However, it appears that this API can
be incredibly slow and potentially involve network I/O. This patch reworks
the legacy crypto handling by using CryptAcquireCertificatePrivateKey with the
CRYPT_ACQUIRE_SILENT_FLAG flag to avoid showing UI at inopportune times.

Differential Revision: https://phabricator.services.mozilla.com/D90733
2020-09-22 23:51:09 +00:00
J.C. Jones
f2b2199636 Bug 1666567 - land NSS c28e20f61e5d UPGRADE_NSS_RELEASE, r=kjacobs
2020-09-18  Kevin Jacobs  <kjacobs@mozilla.com>

        * automation/abi-check/previous-nss-release, lib/nss/nss.h,
        lib/softoken/softkver.h, lib/util/nssutil.h:
        Set version numbers to 3.58 Beta
        [c28e20f61e5d] [tip]

        * .hgtags:
        Added tag NSS_3_57_RTM for changeset cf7e3e8abd77
        [a963849538ca] <NSS_3_57_BRANCH>

        * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
        Set version numbers to 3.57 final
        [cf7e3e8abd77] [NSS_3_57_RTM] <NSS_3_57_BRANCH>

Differential Revision: https://phabricator.services.mozilla.com/D91070
2020-09-22 22:31:15 +00:00
ffxbld
40f2c8cc60 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D90947
2020-09-22 02:55:14 +00:00
Narcis Beleuzu
4a31045523 Backed out 4 changesets (bug 1635828) for causing Bug 1666083
Backed out changeset 1f93614c3fde (bug 1635828)
Backed out changeset 04a8f6581dde (bug 1635828)
Backed out changeset 1bfeca8427e6 (bug 1635828)
Backed out changeset 8ec4db600c1f (bug 1635828)
2020-09-20 20:00:45 +03:00
Kevin Jacobs
14f9e3ce78 Bug 1660509 - land NSS NSS_3_57_RTM UPGRADE_NSS_RELEASE, r=jcj
2020-09-18  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.57 final
	[cf7e3e8abd77] [NSS_3_57_RTM] <NSS_3_57_BRANCH>

2020-09-15  Kevin Jacobs  <kjacobs@mozilla.com>

	* .hgtags:
	Added tag NSS_3_57_BETA1 for changeset 56224882ccc3
	[f46f20c58c4f]

Differential Revision: https://phabricator.services.mozilla.com/D90726
2020-09-18 19:53:28 +00:00
Andrea Marchesini
0a3eef2b82 Bug 1635828 - Isolate HSTS per first-party when privacy.partition.network_state is set to true - part 2 - tests, r=timhuang
Differential Revision: https://phabricator.services.mozilla.com/D74078
2020-08-04 10:39:37 +00:00
Moritz Birghan
0c15bc6ad6 Bug 1664808 - Waiting for l10n strings to load r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D90578
2020-09-17 20:55:18 +00:00
ffxbld
3768ca343e No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D90609
2020-09-17 20:20:07 +00:00
Chris Peterson
cf7da1e809 Bug 1665270 - Replace MOZ_MUST_USE with [[nodiscard]] in PSM security manager. r=keeler
The MOZ_MUST_USE macro is defined as clang's and gcc's nonstandard __attribute__((warn_unused_result)). Now that we compile as C++17 by default (bug 1560664), we can replace MOZ_MUST_USE with C++17's standard [[nodiscard]] attribute.

We can also stop #including mozilla/Attributes.h because it was only needed for its MOZ_MUST_USE declaration.

Differential Revision: https://phabricator.services.mozilla.com/D90350
2020-09-16 23:25:38 +00:00
Kevin Jacobs
ed0deeb271 Bug 1660509 - land NSS NSS_3_57_BETA1 UPGRADE_NSS_RELEASE, r=jcj
2020-09-15  Kevin Jacobs  <kjacobs@mozilla.com>

	* automation/release/nspr-version.txt:
	Bug 1660372 - NSS 3.57 should depend on NSPR 4.29. r=kaie

	[56224882ccc3] [NSS_3_57_BETA1]

Differential Revision: https://phabricator.services.mozilla.com/D90324
2020-09-17 05:29:26 +00:00
Toshihito Kikuchi
d77b5bdf35 Bug 1662560 - Always retrieve the imagebase of the child process's executable from a process handle. r=mhowell
The earlier fix ea452bb92e6a proved the executable's imagebase in a child
process is not always the same as the local imagebase.  This patch applies
the new approach to retieve the imagebase from a handle to all channels.

Interestingly, we observed the launcher failures at `VirtualProtectEx` only
when launching a sandboxed process, not when launching the browser process.
In the long term, we may need to take care of all `WriteProcessMemory` calls
for a child process for greater safety, but given that observation, this
patch only updates `RestoreImportDirectory` and `InitializeDllBlocklistOOP`.

Differential Revision: https://phabricator.services.mozilla.com/D90316
2020-09-15 21:10:06 +00:00
Alexis Beingessner
e5dd298d13 Bug 1654807 - update thin-vec to 0.2.1 for potential endianess fix. r=froydnj
Differential Revision: https://phabricator.services.mozilla.com/D87019
2020-09-14 17:32:40 +00:00
Kevin Jacobs
25560bb43a Bug 1660509 - land NSS 2a17c8655a74 UPGRADE_NSS_RELEASE, r=jcj
2020-09-14  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* coreconf/arch.mk:
	Bug 1660735 - Fix typo in coreconfig/arch.mk. r=kjacobs

	[2a17c8655a74] [tip]

	* coreconf/config.mk:
	Bug 1660734 - Fix typo in coreconf/config.mk. r=kjacobs

	[4ae56ec2411b]

2020-09-11  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/ckfw/builtins/nssckbi.h:
	Bug 1663049 - September 2020 batch of root changes,
	NSS_BUILTINS_LIBRARY_VERSION 2.44. r=jcj

	[141ef83ac10b]

	* lib/ckfw/builtins/certdata.txt:
	Bug 1663049 - Add SecureTrust's Trustwave Global root certificates
	to NSS. r=KathleenWilson,jcj

	[7dfc054a983e]

	* lib/ckfw/builtins/certdata.txt:
	Bug 1656077 - Remove Taiwan Government Root Certification Authority
	root cert. r=KathleenWilson,jcj

	Depends on D89841

	[32a0d8f751ef]

	* lib/ckfw/builtins/certdata.txt:
	Bug 1653092 - Disable server trust bit for OISTE WISeKey Global Root
	GA CA root cert. r=KathleenWilson,jcj

	Depends on D89840

	[1cdfb26b3220]

	* lib/ckfw/builtins/certdata.txt:
	Bug 1651211 - Remove EE Certification Centre Root CA root cert.
	r=KathleenWilson,jcj

	[089aeca370df]

2020-09-11  Danh  <congdanhqx@gmail.com>

	* coreconf/arch.mk, coreconf/config.mk, lib/freebl/Makefile:
	Bug 1659727 - Move makefile avx2 detection to config.mk. r=kjacobs

	Summary: Current code base use CPU_ARCH to detect if avx2 is
	supported in arch.mk However, when arch.mk included, CPU_ARCH
	haven't been initialised, CPU_ARCH will be initialised by the OS
	specific code later on.

	Move the AVX2 detection to config.mk, after all other initialisation
	done.

	Reviewers: kjacobs

	Reviewed By: kjacobs

	Subscribers: kjacobs

	Bug #: 1659727

	[c6dcb99e6121]

2020-09-08  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/freebl_gtest/mpi_unittest.cc, lib/freebl/mpi/mpi.c:
	Bug 1605922 - Account for negative sign in mp_radix_size
	r=bbeurdouche

	[b64436ecbd79]

2020-09-09  Daiki Ueno  <dueno@redhat.com>

	* lib/freebl/Makefile:
	Bug 1659256, add gcc version check on AArch64 optimization,
	r=rrelyea

	Summary: As described in https://access.redhat.com/solutions/19458,
	gcc version in RHEL-7 is still 4.8.x and cannot compile the newly
	added aes-armv8.c. There is a version check already for 32-bit arm,
	but not for AArch64. This also removes NS_USE_GCC check added in bug
	1652032 in favor of the automatic detection using CC_IS_* macros.

	Reviewers: rrelyea

	Reviewed By: rrelyea

	Subscribers: jmux, kjacobs

	Bug #: 1659256

	[b971c77c0d68]

2020-09-08  Michael Shigorin  <mike@altlinux.org>

	* coreconf/config.gypi:
	Bug 1663346 - Build e2k architecture as 64-bit r=jcj
	[e524a577761d]

2020-09-05  Daiki Ueno  <dueno@redhat.com>

	* lib/freebl/fipsfreebl.c:
	Bug 1662738, run RNG self-tests only if NSPR is linked, r=rrelyea

	Summary: After the continuous DRBG test was added, RNG self-tests
	have no longer worked standalone. This moves the self-tests to the
	DO_REST block so it only runs when the program is also linked to
	NSPR.

	Reviewers: rrelyea

	Reviewed By: rrelyea

	Bug #: 1662738

	[e03296e73ba6]

2020-09-02  Khem Raj  <raj.khem@gmail.com>

	* lib/libpkix/pkix/util/pkix_logger.c:
	Bug 1661378 - pkix: Do not use NULL where 0 is needed Clang finds
	this error

	pkix_logger.c:316:32: error: cast to smaller integer type
	'PKIX_ERRORCLASS' from 'void *' [-Werror,-Wvoid-pointer-to-enum-
	cast] logger->logComponent = (PKIX_ERRORCLASS)NULL;
	^~~~~~~~~~~~~~~~~~~~~ pkix_logger.c:617:32: error: cast to smaller
	integer type 'PKIX_ERRORCLASS' from 'void *' [-Werror,-Wvoid-
	pointer-to-enum-cast] logger->logComponent = (PKIX_ERRORCLASS)NULL;
	^~~~~~~~~~~~~~~~~~~~~ 2 errors generated.

	Signed-off-by: Khem Raj <raj.khem@gmail.com>
	[9213848965f6]

Differential Revision: https://phabricator.services.mozilla.com/D90130
2020-09-14 17:06:12 +00:00
ffxbld
651ca4559b No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D90123
2020-09-14 15:48:22 +00:00
Moritz Birghan
628ee042f6 Bug 1659810 - Refactoring the cert manager server tab to use a richlist r=keeler,fluent-reviewers,preferences-reviewers,Gijs
Differential Revision: https://phabricator.services.mozilla.com/D87498
2020-09-14 10:06:31 +00:00
Dana Keeler
5763aba6d5 Bug 1664011 - avoid CERTCertificate in nsIX509CertValidity implementation r=rmf
This patch modifies the implementation of nsIX509CertValidity to use
mozilla::pkix to decode notBefore/notAfter values from the given encoded
certificate rather than using a CERTCertificate. This will help in avoiding
CERTCertificate in the implementation of nsIX509Cert.
This patch also renames/moves the previous implementation (which was in
nsNSSCertValidity.{h,cpp} but was called nsX509CertValidity) to be more
consistent and to drop the unnecessary "ns" prefix. It is now in the files
X509CertValidity.{h,cpp} and is called X509CertValidity.

Differential Revision: https://phabricator.services.mozilla.com/D89644
2020-09-11 17:20:25 +00:00
Chris Peterson
55b64360f6 Bug 1662961 - Replace MOZ_MUST_USE with [[nodiscard]] in security/sandbox/linux. r=jld
The MOZ_MUST_USE macro is defined as clang's and gcc's nonstandard __attribute__((warn_unused_result)). Now that we compile as C++17 by default (bug 1560664), we can replace MOZ_MUST_USE with C++17's standard [[nodiscard]] attribute.

The [[nodiscard]] attribute must precede a function declaration's declaration specifiers (like static, extern, inline, or virtual). The __attribute__((warn_unused_result)) attribute does not have this order restriction.

Differential Revision: https://phabricator.services.mozilla.com/D89235
2020-09-09 17:02:45 +00:00
Dana Keeler
5c87e14fbc Bug 1660580 - avoid CERTCertificate in AppTrustDomain and AppSignatureVerification r=kjacobs,bbeurdouche
Limitations in the NSS PKCS7 API prevent completely avoiding CERTCertificate in
this implementation, but these changes avoid a large number of unnecessary
certificate decoding operations.

Differential Revision: https://phabricator.services.mozilla.com/D87930
2020-09-09 22:45:42 +00:00
ffxbld
c9023a3ab0 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D89378
2020-09-07 14:23:46 +00:00
Julien Cristau
ae8cb5feaf Bug 1660901 - ignore AT_NO_AUTOMOUNT in fstatat system call. r=jld
Per the manpage "Both stat() and lstat() act as though AT_NO_AUTOMOUNT
was set.", so don't bail if it's set in a call to fstatat.

Differential Revision: https://phabricator.services.mozilla.com/D89121
2020-09-06 20:20:39 +00:00
ffxbld
7e7f470965 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D89266
2020-09-03 22:45:48 +00:00
Nathan Froyd
cfb8fb313f Bug 1662251 - stop assigning from NS_Convert* values, mostly; r=sg
This patch was generated by running:

```
perl -p -i \
     -e 's/^(\s+)([a-zA-Z0-9.]+) = NS_ConvertUTF8toUTF16\((.*)\);/\1CopyUTF8toUTF16(\3, \2);/;' \
     -e 's/^(\s+)([a-zA-Z0-9.]+) = NS_ConvertUTF16toUTF8\((.*)\);/\1CopyUTF16toUTF8(\3, \2);/;' \
     $FILE
```

against every .cpp and .h in mozilla-central, and then fixing up the
inevitable errors that happen as a result of matching C++ expressions with
regexes.  The errors fell into three categories:

1. Calling the convert functions with `std::string::c_str()`; these were
   changed to simply pass the string instead, relying on implicit conversion
   to `mozilla::Span`.
2. Calling the convert functions with raw pointers, which is not permitted
   with the copy functions; these were changed to invoke `MakeStringSpan` first.
3. Other miscellaneous errors resulting from over-eager regexes and/or the
   replacement not being type-aware.  These changes were reverted.

Differential Revision: https://phabricator.services.mozilla.com/D88903
2020-09-02 09:54:37 +00:00
Jed Davis
7bf48bbf12 Bug 1660901 - Add some test cases for fstatat inside the content sandbox. r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D88500
2020-08-28 09:33:53 +00:00
Jed Davis
08c45b9f68 Bug 1660901 - Support the fstat-like subset of fstatat in the Linux sandbox policies. r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D88499
2020-08-28 09:23:58 +00:00
Kevin Jacobs
ddc8978d1f Bug 1660509 - land NSS c100e11991f6 UPGRADE_NSS_RELEASE, r=jcj
2020-08-21  Kevin Jacobs  <kjacobs@mozilla.com>

	* automation/abi-check/previous-nss-release, lib/nss/nss.h,
	lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.57 Beta
	[783f49ae6126]

2020-08-24  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/ssl_gtest/ssl_auth_unittest.cc, lib/ssl/dtls13con.c,
	lib/ssl/dtlscon.c, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h,
	lib/ssl/sslnonce.c:
	Bug 1653641 - Cleanup inaccurate DTLS comments, code review fixes.
	r=mt

	[0e1b5c711cb9]

2020-08-24  Robert Relyea  <rrelyea@redhat.com>

	* lib/freebl/fipsfreebl.c, lib/softoken/fipstest.c,
	lib/softoken/kbkdf.c, lib/softoken/lowpbe.c, lib/softoken/lowpbe.h,
	lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h,
	lib/softoken/sftkhmac.c, lib/softoken/sftkike.c:
	Bug 1660304 New FIPS IG requires self-tests for approved kdfs.
	r=ueno comments=kjacobs

	FIPS guidance now requires self-tests for our kdfs. It also requires
	self-tests for cmac which we didn't have in the cmac patch.

	Currently only one test per kdf is necessary. Specifially for
	SP-800-108, only one of the three flavors are needed (counter,
	feedback, or pipeline). This patch includes more complete testing
	but it has been turned off the currently extraneous tests under the
	assumption that NIST guidance may require them in the future. HKDF
	is currently not included in FIPS, but is on track to be included,
	so hkdf have been included in this patch.

	Because the test vectors are const strings, the patch pushes some
	const definitions that were missing in existing private interfaces.

	There are three flavors of self-tests: Function implemented in
	freebl are added to the freebl/fipsfreebl.c Functions implemented in
	pkcs11c.c have selftests completely implemented in
	softoken/fipstest.c Functions implemented in their own .c file have
	their selftest function implemented in that .c file and called by
	fipstests.c These are consistant with the previous choices for
	selftests.

	Some private interfaces that took in keys from pkcs #11 structures
	or outputted keys to pkcs #11 structures were modified to optionally
	take keys in by bytes and output keys as bytes so the self-tests can
	work in just bytes.

	[5dca54fe61c2]

2020-08-25  Daiki Ueno  <dueno@redhat.com>

	* lib/softoken/manifest.mn:
	Bug 1659252, disable building libnssdbm3.so if NSS_DISABLE_DBM=1,
	r=rrelyea

	Reviewers: rrelyea

	Reviewed By: rrelyea

	Bug #: 1659252

	[4d55d36ca6ef]

2020-08-24  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/pk11wrap/pk11cxt.c, lib/softoken/pkcs11c.c, lib/softoken/sdb.c,
	lib/softoken/sftkpwd.c:
	Bug 1651834 - Fix various static analyzer warnings. r=rrelyea

	[ab04fd73fd6d]

2020-08-28  Mike Hommey  <mh@glandium.org>

	* lib/freebl/blapii.h:
	Bug 1661810 - Define pre_align/post_align based on the compiler.
	r=jcj

	Things worked fine before we upgraded to clang 11 presumably because
	the stack was always 16-bytes aligned in the first place, or
	something akin to that, and the lack of pre_align/post_align doing
	anything didn't matter. The runtime misalignment of the stack may
	well be a clang > 9 bug, but keeping pre_align/post_align tied to
	the x86/x64 is a footgun anyways.

	[c100e11991f6] [tip]

Differential Revision: https://phabricator.services.mozilla.com/D88876
2020-08-31 15:56:19 +00:00
ffxbld
ef863a6fcc No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D88854
2020-08-31 14:18:05 +00:00
Sylvestre Ledru
9c192aa9ca Bug 1519636 - Reformat recent changes to the Google coding style r=andi
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D88713
2020-08-31 09:23:02 +00:00
Mihai Alexandru Michis
261d01524b Backed out changeset d0f173a90792 (bug 1519636) for causing bustages.
CLOSED TREE
2020-08-31 10:14:58 +03:00
Sylvestre Ledru
939dd426e6 Bug 1519636 - Reformat recent changes to the Google coding style r=andi
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D88713
2020-08-31 06:51:21 +00:00
ffxbld
d847176371 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D88427
2020-08-27 14:42:57 +00:00
Julien Cristau
dde737671d Bug 1661543 - Backed out 1 changesets (bug 1651449) for performance regression. a=backout CLOSED TREE
Backed out changeset 323e4aecc563 (bug 1651449)
2020-08-27 22:31:36 +02:00
Haik Aftandilian
6e9c6f97f9 Bug 1660045 - Patch 2 - Allow mappings from translated binary directories r=spohl
Differential Revision: https://phabricator.services.mozilla.com/D87014
2020-08-27 07:04:35 +00:00
Toshihito Kikuchi
eaaa31291a Bug 1630444: Part3 - Send the launcher process failure ping from the browser process. r=aklotz
This patch adds a new property `process_type` to the launcher process failure
ping, indicating which process type the browser process failed to initialize
as a sandboxed process.

Depends on D83639

Differential Revision: https://phabricator.services.mozilla.com/D83640
2020-08-26 19:01:27 +00:00
ffxbld
090583273a No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D88052
2020-08-24 18:34:41 +00:00
Kevin Jacobs
d1d6b661e3 Bug 1655105 - land NSS NSS_3_56_RTM UPGRADE_NSS_RELEASE, r=jcj
2020-08-21  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.56 final
	[809ff9ff0140] [NSS_3_56_RTM] <NSS_3_56_BRANCH>

2020-08-19  Kevin Jacobs  <kjacobs@mozilla.com>

	* .hgtags:
	Added tag NSS_3_56_BETA1 for changeset 52c965eaffa1
	[0d8ff40479d5]

Differential Revision: https://phabricator.services.mozilla.com/D87882
2020-08-21 16:10:59 +00:00
Dana Keeler
3ac5dbc513 Bug 1659786 - avoid CERTCertificate in CSTrustDomain and ContentSignatureVerifier r=rmf
Differential Revision: https://phabricator.services.mozilla.com/D87497
2020-08-20 19:28:07 +00:00
ffxbld
5e4f839c65 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D87750
2020-08-20 14:26:06 +00:00
Kevin Jacobs
d343e2c8e6 Bug 1655105 - land NSS NSS_3_56_BETA1 UPGRADE_NSS_RELEASE, r=jcj
2020-08-19  Kevin Jacobs  <kjacobs@mozilla.com>

	* tests/libpkix/certs/PayPalEE.cert:
	Bug 1659792 - Update libpkix tests with unexpired PayPal cert. r=jcj

	The in-tree `PayPalEE.cert `expired today. This patch replaces it
	with a current copy that expires on 12 Jan 2022.

	CI breakage before patch: https://treeherder.mozilla.org/#/jobs?repo
	=nss&revision=2890f342de631bf6774ac747515a8b5736e20d3f CI with the
	fix applied: https://treeherder.mozilla.org/#/jobs?repo=nss-
	try&revision=bd28f21d8acbcb15502bd4fc606fc9c0ed09c810

	[52c965eaffa1] [NSS_3_56_BETA1]

2020-08-18  Kevin Jacobs  <kjacobs@mozilla.com>

	* tests/interop/interop.sh:
	Bug 1659814 - Pull updated tls-interop for dependency fix. r=jcj

	[70376af425ae]

	* automation/release/nspr-version.txt:
	Bug 1656519 - NSS 3.56 should depend on NSPR 4.28. r=kaie

	[2890f342de63]

Differential Revision: https://phabricator.services.mozilla.com/D87648
2020-08-19 21:02:09 +00:00
Simon Giesecke
cfd7d0ea9c Bug 1659923 - Avoid unnecessary copies around Base64Encode. r=xpcom-reviewers,necko-reviewers,froydnj,valentin
This also adds some more variants of Base64Encode and Base64EncodeAppend.

Differential Revision: https://phabricator.services.mozilla.com/D87559
2020-08-19 17:45:16 +00:00
Dana Keeler
67e203a187 Bug 1596401 - rework certificate deletion so it happens immediately r=rmf
Differential Revision: https://phabricator.services.mozilla.com/D86775
2020-08-17 23:23:03 +00:00