2019-11-13 J.C. Jones <jjones@mozilla.com>
* lib/softoken/pkcs11c.c:
Bug 1591363 - Fixup double-free of params in nsc_SetupPBEKeyGen
r=keeler
Caused in commit 7ef8d2604494.
[87f35ba4c82f] [tip]
2019-11-07 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/ctr.c:
Bug 1592869 - Use NEON for ctr_xor. r=kjacobs
Using NEON for ctr_xor, aes_ctr can improve 30%-40%i decode/encode
time on Cortex-A72.
[d244c7287908]
2019-11-12 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/pk11_gtest/pk11_pbkdf2_unittest.cc, lib/pk11wrap/pk11pbe.c,
lib/pk11wrap/pk11skey.c, lib/softoken/pkcs11c.c:
Bug 1591363 - PBKDF2 memory leaks in NSC_GenerateKey. r=jcj
A memory leak was reported and confirmed in this bug. However,
during the "manual" analysis of the flow, another possible leak was
found. I created a patch for both leaks, added gtests for unexpected
keySizes and adjusted the general syntax of the gtest file.
[7ef8d2604494]
2019-11-11 Tom Prince <mozilla@hocat.ca>
* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/windows/setup.sh:
Bug 1594891 - Use tc-proxy for nss tooltool; r=dustin,jcj
[c33b214b2ec8]
2019-11-08 Daiki Ueno <dueno@redhat.com>
* gtests/ssl_gtest/ssl_dhe_unittest.cc,
gtests/ssl_gtest/ssl_ecdh_unittest.cc,
gtests/ssl_gtest/tls_connect.h, lib/ssl/ssl3con.c:
Bug 1566131, check policy against hash algorithms used for
ServerKeyExchange, r=mt
Summary: This adds necessary policy checks in
`ssl3_ComputeCommonKeyHash()`, right before calculating hashes. Note
that it currently doesn't check MD5 as it still needs to be allowed
in TLS 1.1 or earlier and many tests fail if we change that.
Reviewers: mt
Reviewed By: mt
Bug #: 1566131
[c08947c6af57]
2019-11-08 Kai Engert <kaie@kuix.de>
* coreconf/coreconf.dep:
Dummy change, trigger a build to test latest NSPR commits.
[e766899c72a5]
* automation/taskcluster/graph/src/extend.js:
Bug 1579836 - Execute NSPR tests as part of NSS continuous
integration. r=jcj
[46bfbabf7e75]
2019-11-08 Dustin J. Mitchell <dustin@mozilla.com>
* automation/taskcluster/graph/npm-shrinkwrap.json,
automation/taskcluster/graph/package.json,
automation/taskcluster/graph/src/image_builder.js,
automation/taskcluster/graph/src/queue.js,
automation/taskcluster/scripts/tools.sh,
automation/taskcluster/windows/gen_certs.sh,
automation/taskcluster/windows/run_tests.sh:
Bug 1594891 - Updates to run correctly on the new TC deployment
r=jcj
* Update the Taskcluster client used in the decision task to one
that understands Taskcluster rootUrls.
* Update scripts that fetch content to use the TASKCLUSTER_ROOT_URL
* the absence of this variale signals an "old" worker so we use an
"old" URL
[67d630e7cb7c]
2019-11-07 Tom Prince <mozilla@hocat.ca>
* .taskcluster.yml, automation/taskcluster/graph/src/extend.js,
automation/taskcluster/graph/src/queue.js:
Bug 1591275: Switch workers to use AWS Provder; r=kjacobs
[a2bebaad41dd]
2019-11-06 Daiki Ueno <dueno@redhat.com>
* gtests/pk11_gtest/pk11_module_unittest.cc:
Bug 1577803, clang-format, a=bustage
[c9014b2892d5]
* gtests/pk11_gtest/pk11_module_unittest.cc,
gtests/pkcs11testmodule/pkcs11testmodule.cpp,
lib/pk11wrap/debug_module.c, lib/pk11wrap/pk11obj.c,
lib/pk11wrap/pk11slot.c, lib/pk11wrap/secmodti.h,
lib/util/pkcs11t.h:
Bug 1577803, pk11wrap: set friendly flag if token implements
CKP_PUBLIC_CERTIFICATES_TOKEN, r=rrelyea
Summary: This makes NSS look for CKO_PROFILE object at token
initialization time to check if it implements the [[ https://docs
.oasis-open.org/pkcs11/pkcs11-profiles/v3.0/pkcs11-profiles-v3.0.pdf
| Public Certificates Token profile ]] as defined in PKCS #11 v3.0.
If it is found, the token is automatically marked as friendly so no
authentication attempts will be made when accessing certificates.
Reviewers: rrelyea
Reviewed By: rrelyea
Subscribers: reviewbot
Bug #: 1577803
[b39c8eeabe6a]
2019-11-06 Martin Thomson <mt@lowentropy.net>
* lib/freebl/blinit.c, lib/freebl/gcm-ppc.c:
Bug 1566126 - clang-format, a=bustage
[6125200fbc88]
2019-11-06 Lauri Kasanen <cand@gmx.com>
* lib/freebl/Makefile, lib/freebl/altivec-types.h,
lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/freebl.gyp,
lib/freebl/gcm-ppc.c, lib/freebl/gcm.c, lib/freebl/gcm.h:
Bug 1566126 - freebl: POWER GHASH Vector Acceleration, r=mt
Implementation for POWER8 adapted from the ARM paper:
https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf
Benchmark of `bltest -E -m aes_gcm -i tests/aes_gcm/plaintext10 \
-v tests/aes_gcm/iv10 -k tests/aes_gcm/key10 -5 10` on POWER8 3.3GHz.
NSS_DISABLE_HW_CRYPTO=1 mode in symmkey opreps cxreps context op
time(sec) thrgput aes_gcm_e 309Mb 192 5M 0 0.000 10000.000 10.001
30Mb
mode in symmkey opreps cxreps context op time(sec) thrgput
aes_gcm_e 829Mb 192 14M 0 0.000 10000.000 10.001 82Mb
Notable operf results, sw: samples % image name symbol name 226033
59.3991 libfreeblpriv3.so bmul 80606 21.1824 libfreeblpriv3.so
rijndael_encryptBlock128 28851 7.5817 libfreeblpriv3.so
gcm_HashMult_sftw
hw: 213899 56.2037 libfreeblpriv3.so rijndael_encryptBlock128 45233
11.8853 libfreeblpriv3.so gcm_HashMult_hw
So the ghash part is ~5.6x faster.
Signed-off-by: Lauri Kasanen <cand@gmx.com>
[3d7e509d6d20]
2019-11-05 Marcus Burghardt <mburghardt@mozilla.com>
* lib/certdb/certdb.c, lib/util/secport.h:
Bug 1589073 - Use of new PR_ASSERT_ARG in certdb.c. r=mt
Bug 1588015 introduced in NSPR a new way to ASSERT values where the
arguments are always used avoiding "unused variable" errors. This
was implemented in NSS, at certdb.c.
[73c28cad3dbb]
2019-11-05 Daiki Ueno <dueno@redhat.com>
* cpputil/nss_scoped_ptrs.h, gtests/manifest.mn,
gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_module_unittest.cc,
gtests/pkcs11testmodule/Makefile, gtests/pkcs11testmodule/config.mk,
gtests/pkcs11testmodule/manifest.mn,
gtests/pkcs11testmodule/pkcs11testmodule.cpp,
gtests/pkcs11testmodule/pkcs11testmodule.def,
gtests/pkcs11testmodule/pkcs11testmodule.gyp,
gtests/pkcs11testmodule/pkcs11testmodule.rc, nss.gyp:
Bug 1577803, gtests: import pkcs11testmodule from Firefox, r=rrelyea
Summary: This adds a mock PKCS #11 module from Firefox and add basic
tests around it. This is needed for proper testing of PKCS #11 v3.0
profile objects (D45669).
Reviewers: rrelyea
Reviewed By: rrelyea
Subscribers: reviewbot
Bug #: 1577803
[0a86945adf74]
Differential Revision: https://phabricator.services.mozilla.com/D52779
--HG--
extra : moz-landing-system : lando
Upgrade the emulator used by xpcshell tests to 29.2.1, the same version used
by all other android tests.
We have delayed this upgrade because of intermittent failures seen on the new
emulator not seen previously - bug 1568063. After the packet.net upgrade to
Ubuntu 18.04, try runs with the new emulator show that bug 1568063 persists
but has less impact than the intermittent failures it resolves: More tests
pass consistently with the new emulator than with the old.
Differential Revision: https://phabricator.services.mozilla.com/D52851
--HG--
extra : moz-landing-system : lando
This allows us to move the call to InvalidateRegionThroughoutSwapchain to just before the call to
NextSurface, which makes it easier to merge the two calls.
Differential Revision: https://phabricator.services.mozilla.com/D50877
--HG--
extra : moz-landing-system : lando
These settings are now supplied during layer creation and never change.
Consumers must now create new NativeLayer objects if they want to change size or toggle opaqueness.
This aligns the NativeLayer API with DirectComposition's capabilities. It also simplifies swap chain
management.
Differential Revision: https://phabricator.services.mozilla.com/D51757
--HG--
extra : moz-landing-system : lando
As Chrome has removed support for the HPKP (HTTP Public Key Pinning) header,
continuing to support it in Firefox is a compatibility risk. This patch adds
the preference "security.cert_pinning.hpkp.enabled" and sets it to false by
default. As such, the platform will no longer process the HPKP header nor
consult any cached HPKP information for certificate pins.
Preloaded (statically-compiled) pins are still enabled in Firefox by default.
This patch also disables dynamically setting pins via our remote security
settings infrastructure, as it uses the same backend and represents similar
compatibility risk.
Differential Revision: https://phabricator.services.mozilla.com/D52773
--HG--
extra : moz-landing-system : lando
The test that is timing out with these patches does something relatively simple:
await TestUtils.waitForCondition(async function() {
let color = await ContentTask.spawn(browserWindow, async function() {
/* Do stuff... */
});
return color == something;
});
await closeWindow(browserWindow);
Turns out that this can intermittently leak the window due to waitForCondition
using setInterval. setInterval can schedule multiple tasks while awaiting for
the inner ContentTask.
What this means, is that we may still have a ContentTask awaiting us when we get
to close the window. Closing the window makes the ContentTask not finish, and
thus we leak a promise keeping alive the window in gPromises:
https://searchfox.org/mozilla-central/rev/6566d92dd46417a2f57e75c515135ebe84c9cef5/testing/mochitest/BrowserTestUtils/ContentTask.jsm#24
Which means that we keep alive the window all the way until shutdown.
Fix it by ensuring that we only run one task at a time.
Differential Revision: https://phabricator.services.mozilla.com/D52833
--HG--
extra : moz-landing-system : lando
Converting about:preferences's root from a xul:window to an html:html involves moving the Fluent-translated title attribute to a title tag, which starts empty and is populated by Fluent. The initially-empty title tag causes the title bar to flash "about:preferences" on reload.
This patch ignores empty title updates via DOMTitleChanged events to prevent this. This is only done for internal pages (i.e. pages with a system principal).
Differential Revision: https://phabricator.services.mozilla.com/D52289
--HG--
extra : moz-landing-system : lando
This commit adds the memory address of the allocation and the thread id
of the allocation to the payload. These both are required for properly
processing the balanced allocations on the front-end. All of the native
allocation payloads are now stored on the main thread, and so are
disassociated from the thread where they were generated.
Differential Revision: https://phabricator.services.mozilla.com/D51938
--HG--
extra : moz-landing-system : lando
This change makes it so that all allocations (from any thread in a
process) are stored on the main thread in the profile. This way it's
easy to balance allocations with frees. Memory happens more in a
per-process model, than a per-thread model. The front-end can then
process the information and display it in more interesting ways.
Before allocations and deallocations were only stored on the
thread where they were being generated. It was easy to miss
deallocations with the old model.
Differential Revision: https://phabricator.services.mozilla.com/D51937
--HG--
extra : moz-landing-system : lando
This file adds coverage for the balanced native allocations feature from the
previous commit. It asserts that a de-allocation will have a matching allocation.
Differential Revision: https://phabricator.services.mozilla.com/D51936
--HG--
extra : moz-landing-system : lando
This patch creates a HashSet that tracks the allocations that are tracked by the profiler.
This way, we only collect markers for deallocations that have a matching allocation. A
following commit makes it so that all of the markers are collected on the main thread, but
for now this is still done on a per-thread basis.
Differential Revision: https://phabricator.services.mozilla.com/D51935
--HG--
extra : moz-landing-system : lando
The bloat log was not compatible with the native allocations, and is always on
for debug builds of mochitests. We had no native allocation coverage on debug
builds because of it.
This commit rewrites the test as an xpcshell test which is both faster and simpler.
I don't think we need the added complexity of running the test in the full browser
environment. An xpcshell test fully excercises the code in a simpler fashion.
Differential Revision: https://phabricator.services.mozilla.com/D51934
--HG--
extra : moz-landing-system : lando
The tests for xpcshell and mochitests were pretty similar, and need to
do similar things. This commit creates a shread-head.js file where those
functions can be shared. This patch also renames a few shared functions
to give them more clarity in their current usage.
Differential Revision: https://phabricator.services.mozilla.com/D51933
--HG--
rename : tools/profiler/tests/xpcshell/head_profiler.js => tools/profiler/tests/xpcshell/head.js
extra : moz-landing-system : lando
It is no longer needed with captured tracks' lifetimes spanning across seek
operations.
Differential Revision: https://phabricator.services.mozilla.com/D52051
--HG--
extra : moz-landing-system : lando
mediaElementAudioSourceToScriptProcessorTest creates an AudioContext at sample
rate 44100, but that might not be the default cubeb rate on some platforms. If
it isn't, we end up with two MediaTrackGraphs for the same window, with one
being fed by the media element, and the other running the script processor node.
It's when this happens that we only get 0 on the output. We force the preferred
cubeb rate to 44100 for this test, so we at least keep the test coverage of the
media element source node.
This became permafail with bug 1172394, whereas before it was intermittent.
Unclear why.
Differential Revision: https://phabricator.services.mozilla.com/D52050
--HG--
extra : moz-landing-system : lando
This patches does several minor things:
- Moves SetSink (from setSinkid) to automatic coalescing of multiple calls
through a Canonical/Mirror setup instead of a manual atomic counter.
- Simplifies the logic for when to update the sink in SetSink.
- Removes PlaybackParams as a general MediaSink property, as it only contains
audio params.
- Makes PlaybackParams an internal AudioSink concept, that AudioSinkWrapper
knows about.
- Ensures mMediaSink is only accessed on the decoder TaskQueue, to allow
accessing mirrored members when creating it.
Differential Revision: https://phabricator.services.mozilla.com/D52043
--HG--
extra : moz-landing-system : lando
This patch removes the responsibility of js-facing MediaStreamTracks from the
MediaDecoder stack, and moves the machinery for setting up DecodedStream to
higher order functions like state mirroring and watchables.
OutputStreamManager is completely gone, since it was designed to manage
MediaStreamTracks across multiple output streams for a single decoder,
on main thread. HTMLMediaElement took over its task in the previous patch.
The MediaDecoderStateMachine now has three control points for capturing:
- mOutputCaptured, which, if true, will capture all decoded data into
mOutputTracks. If this is set, but mOutputTracks is empty, we are still
waiting for tracks, and DecodedStream will not play any data. When tracks are
set, a new DecodedStream is created that will play data through
SourceMediaTracks piped into mOutputTracks.
- mOutputTracks, which is the set of tracks data is captured into, for
forwarding to all the output tracks the media element is managing. This set of
tracks is managed by the MediaDecoder owner, and must contain one audio track
if the decoder is decoding audio, and one video track if the decoder is
decoding video. It may be empty since output can be captured before metadata
is loaded, or playback has ended.
- mOutputPrincipal, which is the principal of the decoded data. All data sent
into SourceMediaTracks is tagged with this principal.
Differential Revision: https://phabricator.services.mozilla.com/D52042
--HG--
extra : moz-landing-system : lando
This reworks how media element captureStream works by removing the differences
between MediaStream and MediaDecoder capture. MediaDecoder capture will be
refactored so that ownership of MediaStreamTracks lies with the media element
instead of the OutputStreamManager. The internal MediaDecoder parts happen in a
later patch.
The new API for capturing a MediaDecoder involves a boolean on/off toggle, the
output tracks the decoder pipes data to, and the principal that data is tagged
with. If capturing is on but there are no output tracks, playback will not
happen, to ensure that no data gets accidentally skipped in the output tracks
while captured.
This also changes the logic for setting up MediaElementTrackSources in
HTMLMediaElement so it's triggered by the WatchManager and thus run in tail
dispatched runnables.
Differential Revision: https://phabricator.services.mozilla.com/D52040
--HG--
extra : moz-landing-system : lando
HTMLMediaElement avoid creating new tracks in MetadataLoaded when it has already
created some, so there should be no side effect to this patch.
Differential Revision: https://phabricator.services.mozilla.com/D52037
--HG--
extra : moz-landing-system : lando
On an https: page it's more important to use the login was from the same hostPort than to use an https: login from a different subdomain.
This fixes autocomplete to show "From this website" and also fixes autofill in the event that there was a duplicate username+password combo saved on an different https: subdomain while previously saving that combo on the http: version of the same hostPort.
Differential Revision: https://phabricator.services.mozilla.com/D52802
--HG--
extra : moz-landing-system : lando
Other browsers don't, plus it blocks work I want to do to query multiple links
at the same time.
Differential Revision: https://phabricator.services.mozilla.com/D52443
--HG--
extra : moz-landing-system : lando