This replaces some old Chromium code that tries to minimally disentangle
an arbitrary file descriptor mapping with simpler algorithm, for several
reasons:
1. Do something appropriate when a file descriptor is mapped to the same
fd number in the child; currently they're ignored, which means they'll
be closed if they were close-on-exec. This implementation duplicates
the fd twice in that case, which seems to be uncommon in practice; this
isn't maximally efficient but avoids special-case code.
2. Make this more generally applicable; the previous design is
specialized for arbitrary code running between fork and exec, but we
also want to use this on OS X with posix_spawn, which exposes a very
limited set of operations.
3. Avoid the use of C++ standard library iterators in async signal safe
code; the Chromium developers mention that this is a potential problem in
some debugging implementations that take locks.
4. In general the algorithm is simpler and should be more "obviously
correct"; more concretely, it should get complete coverage just by being
run normally in a debug build.
As a convenient side benefit, CloseSuperfluousFds now takes an arbitrary
predicate for which fds to leave open, which means it can be used in
other code that needs it without creating a fake fd mapping.
MozReview-Commit-ID: EoiRttrbrKL
--HG--
extra : rebase_source : 336e0ba9f56dc80f7347dc62617b4ad1efea7e7e
When doing TLS session resumption, Firefox currently does not have enough
information to trivially reconstitute the original connection's security
information. Consequently, we have to rebuild the certificate chain in the
handshake callback. Before this patch, we determined the EV and CT status of the
connection but did not set the succeeded cert chain unless the certificate was
EV. This was insufficient. In this patch, we set the succeeded cert chain
regardless of if the certificate is EV or not (provided we found a valid chain).
MozReview-Commit-ID: AuKrlBwX1Qh
--HG--
extra : rebase_source : 357ec38ce8c768ac5218d05ccaea5d1b45af8dfd
No bug, Automated HSTS preload list update from task PFJDsn1_RJyPxtwQXtin8A
No bug, Automated HPKP preload list update from task PFJDsn1_RJyPxtwQXtin8A
No bug, Automated blocklist update from task PFJDsn1_RJyPxtwQXtin8A
No bug, Automated remote settings update from task PFJDsn1_RJyPxtwQXtin8A
Differential Revision: https://phabricator.services.mozilla.com/D1580
Before this patch, nsNSSComponent initialization would call PK11_ConfigurePKCS11
with some localized strings, which contributed to startup time. Also,
PK11_UnconfigurePKCS11 was never called, so the memory allocated to these
strings would stick around forever. This patch addresses both of these problems
by not calling PK11_ConfigurePKCS11. This means that some properties of NSS'
internal "PKCS#11 slots/tokens" have to be localized when displaying them to the
user.
MozReview-Commit-ID: BbAgbgpFfFG
--HG--
extra : rebase_source : b633da8fea683675d0c0514a378954332afeb024
There is one actual behavior change here, in the webidl version of
TreeBoxObject::GetCellAt. I believe this change fixes a leak of the
nsTreeColumn, but could use careful review.
I tried to avoid changes not needed to get this compiling. There will be a lot
more cleanup in the next few changesets.
Same approach as the other bug, mostly replacing automatically by removing
'using mozilla::Forward;' and then:
s/mozilla::Forward/std::forward/
s/Forward</std::forward</
The only file that required manual fixup was TestTreeTraversal.cpp, which had
a class called TestNodeForward with template parameters :)
MozReview-Commit-ID: A88qFG5AccP
This was done automatically replacing:
s/mozilla::Move/std::move/
s/ Move(/ std::move(/
s/(Move(/(std::move(/
Removing the 'using mozilla::Move;' lines.
And then with a few manual fixups, see the bug for the split series..
MozReview-Commit-ID: Jxze3adipUh
Also removes displayUnknownCertErrorAlert, which was declared but never used.
Also removes some unnecessary ns(I)CertOverrideService OID stuff.
MozReview-Commit-ID: 4o7c1TkKeKJ
--HG--
extra : rebase_source : a8069b76fc847e6b4d158e4b30a75bde3e290ed9
Before this patch, we exposed a few interfaces that revolved around mapping a
name to a specific PKCS#11 module, slot, or token. These APIs were all either
problematic and/or unnecessary. In theory there could be two tokens in different
modules with the same name, so nsIPK11TokenDB.findTokenByName wasn't guaranteed
to return what the consumer expected it to. In general, these APIs were used by
front-end code to go from a handle on the specific object in question to a
string identifier and then back to a handle on the object. This was unnecessary
- we can just retain the original handle.
MozReview-Commit-ID: IbqLbV4wceA
--HG--
extra : rebase_source : 05d39afd6bed0aa5e7694e1c79baf836edc03214
The patch for bug 1456489 included a workaround for the issue that origin
attributes weren't honored on channels that didn't have a load group set (bug
1456742). Now that that's fixed, we don't need the workaround.
MozReview-Commit-ID: I4ExIqt6dYo
--HG--
extra : rebase_source : d323c0860989985b72933dcffd62743b9d73644d
nsNSSComponent::PIPBundleFormatStringFromName and ::GetNSSBundleString are now
unused. They can be removed (which means that nsNSSComponent::mNSSErrorsBundle
can be removed as well).
MozReview-Commit-ID: GAaGawSDL2n
--HG--
extra : rebase_source : 3f683a902e292c6b0cf736773e71fb893074c32b
nsNSSComponent startup and shutdown would be simpler if there were no direct
dependencies on localized strings. This patch removes a dependency on the
localized name of the builtin roots module by hard-coding the name internally
and then mapping it to/from the localized version as appropriate.
MozReview-Commit-ID: 30kbpWFYbzm
--HG--
extra : rebase_source : 3d384af5a9fa45d5ac1f78e1fcb0dd9e4b94267d
Add font servers to sandbox policies instead of relying
on them to be registered before the sandbox is enabled.
MozReview-Commit-ID: IoVJhAqoEEW
--HG--
extra : rebase_source : 448cc9e556056c44cf76f79c126fbfe56e948e1e
Before this patch, if nsNSSComponent initialization failed after allocating the
XPCOM object for the component but before dispatching the load loadable roots
task, BlockUntilLoadableRootsLoaded would block indefinitely in ShutdownNSS
(called from ~nsNSSComponent).
This patch re-arranges some things so that nsNSSComponent cleanup won't block on
the load loadable roots task if it never fired. It also splits the cleanup into
idempotent operations and operations that can only be run once.
Unfortunately if nsNSSComponent initialization fails, Firefox is likely to exit
or fail promptly anyway (since it is essential to so many other components).
However, quitting outright is probably a better experience than hanging
indefinitely.
MozReview-Commit-ID: RWmBUV2pEU
--HG--
extra : rebase_source : e2d06178ecc8ca8681eef18cb3af0a9ac8f83d1c