Due to minor changes in D78159 and D77965 I figured it would be a good idea to release the bugfix version bump to pypi, despite our intention to discontinue using mozhttpd (Bug 1428709).
Differential Revision: https://phabricator.services.mozilla.com/D78163
This is an extension to Bug 1271392 part 2.
https://hg.mozilla.org/mozilla-central/rev/98710f78e04da1294b72517b5c5d7e0841eeb326
In flex/grid container P1's NormalizeChildLists(), when pulling up a
first-in-flow frame F1 into the principal child list, we've already made
sure its next-in-flow F2 is in P1's next-in-flow P2's respective
overflow list.
However, when reflowing P2, F2's next-in-flow may still be away in any
of P2's next continuation chain, not necessary in P2's immediate
next-in-flow P3. We'd want to pull up F2's next-in-flow (if any) after
we move F2 from P2's overflow list into principal child list.
This satisfies the assertion when calling
SanityCheckChildListsBeforeReflow() on P3, i.e. any P2 children's
next-in-flow should be in P3.
Differential Revision: https://phabricator.services.mozilla.com/D78850
2020-06-12 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/secutil.c:
Bug 1645479 - Use SECITEM_CopyItem instead of SECITEM_MakeItem in
secutil.c. r=jcj
This patch converts a call to `SECITEM_MakeItem` to use
`SECITEM_CopyItem` instead. Using the former works fine in NSS CI,
but causes build failures in mozilla-central due to differences in
how both symbols are exported (i.e. when folding nssutil into nss).
[cbf75aedf480] [tip]
2020-06-11 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/ssl_resumption_unittest.cc:
Bug 1644774 - Use ClearServerCache instead of
SSLInt_ClearSelfEncryptKey for ticket invalidation. r=mt
[7b2413d80ce3]
2020-06-10 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/basicutil.c, cmd/lib/secutil.c, cmd/lib/secutil.h,
cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c, lib/ssl/tls13psk.c:
Bug 1603042 - Support external PSKs in tstclnt/selfserv. r=jcj
This patch adds support for TLS 1.3 external PSKs in tstclnt and
selfserv with the `-z` option.
Command examples:
- `selfserv -D -p 4443 -d . -n localhost.localdomain -w nss -V tls1.3:
-H 1 -z 0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -m`
- `tstclnt -h 127.0.0.1 -p 4443 -z
0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -d . -w nss`
For OpenSSL interop:
- `openssl s_server -nocert -port 4433 -psk
AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD [-psk_identity label]`
Note: If the optional label is omitted, both NSS tools and OpenSSL
default to "Client_identity".
[c1b1112af415]
2020-06-09 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ssl/tls13con.c:
Bug 1642638 - Don't assert sid ciphersuite to be defined in fuzzer
mode. r=mt
[238bd7912429]
2020-06-08 Kevin Jacobs <kjacobs@mozilla.com>
* lib/freebl/freebl.gyp, lib/freebl/freebl_base.gypi:
Bug 1642802 - Win64 GYP builds to use HACL* curve25519.
r=bbeurdouche
This patch causes Windows 64-bit GYP builds to use HACL* curve25519
rather than the 32-bit (fiat-crypto) implementation.
For non-clang/GCC Win64 builds, we define `KRML_VERIFIED_UINT128` to
workaround an upstream bug that breaks Win32 builds by selecting a
64-bit `__int128` implementation (in types.h).
For clang/GCC builds, using the compiler-provided type yields a ~5x
speedup on Win64.
[566fa62d6522]
2020-06-05 Jeff Walden <jwalden@mit.edu>
* lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11kea.c,
lib/pk11wrap/pk11merge.c, lib/pk11wrap/pk11nobj.c,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11skey.c,
lib/pk11wrap/secmodi.h:
Bug 1643557 - Make pk11_FindObjectByTemplate accept a size_t count
rather than a signed type to avoid internal signed-unsigned
comparison warnings. r=kjacobs
Depends on D78454
[5ee293d1a282]
* lib/pk11wrap/pk11skey.c:
Bug 1643557 - Make PK11_SetWrapKey explicitly handle being passed a
negative wrap argument, to avoid a signed-unsigned comparison.
r=kjacobs
Depends on D78453
[7bb3677a2ed0]
* lib/pk11wrap/pk11akey.c, lib/pk11wrap/pk11cert.c,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/secmodi.h:
Bug 1643557 - Change the type of the size argument to
pk11_FindObjectsByTemplate to be size_t, consistent with the type of
some (small) numeric values passed to it after the previous
revision. r=kjacobs
Depends on D78452
[eaf223c2646a]
* lib/pk11wrap/pk11slot.c:
Bug 1643557 - Use size_t for various counts in pk11slot.c. r=kjacobs
Depends on D78451
[465a7954ce0a]
* lib/pk11wrap/pk11priv.h, lib/pk11wrap/pk11slot.c:
Bug 1643557 - Make pk11_MatchString accept a size_t length rather
than an int length (consistent with all callers), and reformulate
its internals to avoid a signed-unsigned comparison. r=kjacobs
Depends on D78450
[fff8c883ef7d]
* lib/pk11wrap/pk11skey.c, lib/ssl/sslsnce.c, lib/util/secport.h:
Bug 1643557 - Add PORT_AssertNotReached and use it instead of
PORT_Assert(!"str"), which may warn about vacuous string literal to
boolean conversions. r=kjacobs
Depends on D78449
[c0aa47eb2fdd]
* lib/util/secoid.c:
Bug 1643557 - Use SECOidTag as the type of a loop variable over all
values of that type to avoid a signed-unsigned comparison warning.
r=kjacobs
Depends on D78448
[d7f1e9975e67]
* lib/util/utilpars.c:
Bug 1643557 - Use size_t for a parameter-indexing variable to
eliminate a signed-unsigned comparison warning. r=kjacobs
Depends on D78447
[5d7206908ca7]
* lib/freebl/rsapkcs.c:
Bug 1643557 - Used unsigned int for two for-loops upper-bounded by
unsigned ints in rsa_FormatOneBlock. r=kjacobs
Depends on D78446
[ed9a1a41ca1e]
* lib/pk11wrap/debug_module.c:
Bug 1643557 - Use unsigned int for log level, consistent with
PRLogModuleLevel. r=kjacobs
[7f89fa701ce3]
Differential Revision: https://phabricator.services.mozilla.com/D79566
Another way to fix is to crop the transparent area out of the Google Play assets, but it would be annoying when new locales are added
Differential Revision: https://phabricator.services.mozilla.com/D79286
When trying to get the current focused element during reflow, when the current
focused element in the document is a frame which has yet to be initialized,
attempting to walk through that frame's BrowsingContext causes immediate frame
loader initialization. Since frame loader initialization often requires running
scripts, that's unsafe, which is why we defer initialization until the end of
any in-progress reflow or document update.
This patch fixes the focus manager code to ignore any uninitialized frame
loaders it comes across, since by definition they cannot have any
currently-focused element until their subdocuments have been created.
Differential Revision: https://phabricator.services.mozilla.com/D79392
Peephole optimizations are not supported by upstream on big endian and deactivated there as well.
Fixes segfault on startup on s390x.
Differential Revision: https://phabricator.services.mozilla.com/D79039
There are some issues with this code. It's using doubles, but SetRect
only takes floats, so we lose precision there already. Instead of
getting fancy, use the same conversion that the rest of Gecko uses, so
that pages that compute style values out of getBoundingClientRect values
don't get minor floating point changes.
Differential Revision: https://phabricator.services.mozilla.com/D79326
This patch does the following:
1. Both the flex-direction and flex-wrap badges are being treated as illustrations, not generic containers, so screen readers immediately pick up the full meaning from the title.
2. Turns the flex item list sub heading into an actual heading for screen readers. It is level 3 because the accordeon headings are all level 2.
Differential Revision: https://phabricator.services.mozilla.com/D79129
This also splits out the indicator theme-ing into an include file, with
platform-specific CSS files that import it. This allows us to do
platform-specific tweaks, such as changing the ordering of the window
controls and drag indicator, which we do on macOS.
Differential Revision: https://phabricator.services.mozilla.com/D79344
This removes the diagnostic warnings which used to be logged when the
Large-Allocation header was present, but failed to switch into a
Large-Allocation process. Due to the low adoption of the header, this shouldn't
be too large of a problem, but we can look into re-adding the diagnostics if
needed in the future.
The new codepath no longer performs multiple network requests for
Large-Allocation resources, and now relies on the battle-tested
DocumentLoadListener codepath for process switching.
Differential Revision: https://phabricator.services.mozilla.com/D78998