Commit Graph

16023 Commits

Author SHA1 Message Date
Dana Keeler
7053b26b8c Bug 1723211 - introduce error module to osclientcerts r=rmf
Differential Revision: https://phabricator.services.mozilla.com/D121418
2021-08-03 18:34:21 +00:00
Zibi Braniecki
7b320ed8a6 Bug 1613705 - [localization] part17: Fix racy tests to wait for l10n frame. r=platform-i18n-reviewers,dminor,application-update-reviewers,nalexander
Depends on D116791

Differential Revision: https://phabricator.services.mozilla.com/D116792
2021-08-03 16:25:16 +00:00
Butkovits Atila
949da905e7 Backed out 19 changesets (bug 1613705) for causing build bustages complaining about Document.cpp. CLOSED TREE
Backed out changeset 2ee1091dd20d (bug 1613705)
Backed out changeset d377afc0b09f (bug 1613705)
Backed out changeset de9d4378f0ac (bug 1613705)
Backed out changeset 9843372abb6e (bug 1613705)
Backed out changeset 5fc5918e5905 (bug 1613705)
Backed out changeset a7aeae7afd49 (bug 1613705)
Backed out changeset 5d61617a5402 (bug 1613705)
Backed out changeset 85bf98573899 (bug 1613705)
Backed out changeset 175af8a1b8c2 (bug 1613705)
Backed out changeset 93fcb23d7898 (bug 1613705)
Backed out changeset 595529cd906f (bug 1613705)
Backed out changeset 9f3e2963d925 (bug 1613705)
Backed out changeset 442289058933 (bug 1613705)
Backed out changeset fc3b9acb0e81 (bug 1613705)
Backed out changeset 408983c64f7f (bug 1613705)
Backed out changeset 08b637fc3fcd (bug 1613705)
Backed out changeset 6ef0aafd2db0 (bug 1613705)
Backed out changeset d88b294e0a5e (bug 1613705)
Backed out changeset e6bebff87544 (bug 1613705)
2021-08-03 12:36:01 +03:00
Zibi Braniecki
0bf7c83400 Bug 1613705 - [localization] part17: Fix racy tests to wait for l10n frame. r=platform-i18n-reviewers,dminor,application-update-reviewers,nalexander
Depends on D116791

Differential Revision: https://phabricator.services.mozilla.com/D116792
2021-08-03 05:52:06 +00:00
ffxbld
2831cbf797 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D121518
2021-08-02 11:35:31 +00:00
Zibi Braniecki
9b6ec8c442 Bug 1660392 - [l10nregistry] part10: Fix mozapps update test to await for gAppUpdater. r=application-update-reviewers,bytesized
Differential Revision: https://phabricator.services.mozilla.com/D121126
2021-07-30 16:47:50 +00:00
Christoph Kerschbaumer
7aa6219ad0 Bug 1723086: Annotate all mixed content tests so that https-first does not interfere with them r=lyavor
Differential Revision: https://phabricator.services.mozilla.com/D121341
2021-07-30 09:12:46 +00:00
Alexandre Lissy
5064274394 Bug 1718210 - Enable SandboxTest on Windows/Debug r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D121047
2021-07-29 15:07:24 +00:00
ffxbld
293f05bd5a No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D121171
2021-07-29 13:29:32 +00:00
Christoph Kerschbaumer
4a6250387f Bug 1719272: Annotate failing browser/ tests to potentially enable https-first mode in Nightly r=webcompat-reviewers,denschub,webdriver-reviewers,preferences-reviewers,Gijs,whimboo
Differential Revision: https://phabricator.services.mozilla.com/D119177
2021-07-28 19:16:16 +00:00
Sandor Molnar
68cdec0548 Backed out changeset 7eb8945dd8e3 (bug 1719272) for causing bustages in gecko decision task. CLOSED TREE 2021-07-28 19:47:06 +03:00
Christoph Kerschbaumer
bb716f0701 Bug 1719272: Annotate failing browser/ tests to potentially enable https-first mode in Nightly r=webcompat-reviewers,denschub,webdriver-reviewers,preferences-reviewers,Gijs,whimboo
Differential Revision: https://phabricator.services.mozilla.com/D119177
2021-07-28 16:08:07 +00:00
Alexandre Lissy
e59f6995be Bug 1718084 - Test allow $HOME/.config and block $HOME/.config/mozilla/ r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D119179
2021-07-27 08:07:22 +00:00
Alexandre Lissy
583a763b25 Bug 1718084 - Block access to $HOME/.config/mozilla/ r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D119180
2021-07-27 08:07:21 +00:00
Alexandre Lissy
6301b3cd09 Bug 1718084 - Reorganize test for lower complexity r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D119375
2021-07-27 08:07:21 +00:00
ffxbld
24499204c2 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=pascalc
Differential Revision: https://phabricator.services.mozilla.com/D120836
2021-07-26 15:45:06 +00:00
Benjamin Beurdouche
a1a5fc3aa9 Bug 1720464 - land NSS e9236397be13 UPGRADE_NSS_RELEASE, r=beurdouche
```
2021-07-24  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* doc/rst/build_artifacts.rst, doc/rst/community.rst,
	doc/rst/getting_started.rst, doc/rst/index.rst, doc/rst/more.rst,
	doc/rst/releases/index.rst, doc/rst/releases/nss_3_64.rst,
	doc/rst/releases/nss_3_65.rst, doc/rst/releases/nss_3_66.rst,
	doc/rst/releases/nss_3_67.rst, doc/rst/releases/nss_3_68.rst:
	Documentation: update and release notes for NSS 3.64 to 3.68
	[e9236397be13] [tip]

2021-07-20  Robert Relyea  <rrelyea@redhat.com>

	* gtests/ssl_gtest/nss_policy.h,
	gtests/ssl_gtest/ssl_auth_unittest.cc,
	gtests/ssl_gtest/ssl_extension_unittest.cc,
	gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h,
	gtests/ssl_gtest/tls_connect.cc, lib/ssl/ssl3con.c,
	lib/ssl/sslimpl.h:
	Bug 1720235 SSL handling of signature algorithms ignores
	environmental invalid algorithms.

	Our QA is quite extensive on handling of alert corner cases. Our
	code that checks if a signature algorithm is supported ignores the
	role of policy. If SHA1 is turned off by policy, for instance, we
	only detect that late in the game. This shows up in our test cases
	as decrypt_alerts rather than illegal_parameter or handshake_error
	alerts. It also shows up in us apparently accepting a client auth
	request which only has invalid alerts.

	We also don't handle filtering out signature algorithms that are
	illegal in tls 13 mode.

	This patch not only fixes these issues, but also issues where we
	proposing signature algorithms in server mode that we don't support
	by policy.

	This patch includes:

	In gtests: 1) adding support for policy in ssl_gtests. Currently
	both the server an client will run with the same policy. The patch
	allows us to set policy on one and keeping the old policy on the
	other.

	2) Update extension tests which failed in tls 1.3 because the patch
	now correctly rejects illegal tls 1.3 auth values. The test was
	updated to use a legal auth value in tls 1.3 (so we are correctly
	testing the format issue.

	3) Update extension tests to handle the case where we try to use an
	illegal value for tls 1.3.

	4) add tests to ssl_auth_unittests.cc to make sure we can properly
	connect even when several auth methods are turned off by policy
	(make sure we don't advertize them on the client side, and that the
	server doesn't select them when the client doesn't advertize them).

	5) add tests to ssl_auth_unittests.cc to make sure we don't send
	empty client auth requests when the requester only sends invalid
	auth requests.

	patch itself: 1) The handling of policy checks for ssl schemes were
	scattered in various locations. I've consolidated them into a single
	function. That function now checks for NSS_ALG_USE_IN_ANY_SIGNATURE
	as if this is off by policy, we will fail if we try to use the
	algorithm in a signature in any case. NSS now supports policy on all
	signature algorithms, not just DSA, so we need to check the policy
	of all the algorithms.

	2) to support the policy check on the signature algorithms, I added
	a new ssl_AuthTypeToOID, which also replaces our switch in checking
	if the SPKI matches our auth type.

	 3) ssl_SignatureSchemeValid now accepts an spkiOid of
	SEC_OID_UNKNOWN. To allow us to filter signature schemes based on
	version and policy restrictions before we try to select a
	certificate. This prevents us from sending empty client auth
	messages when we are presented with only invalid signature schemes.

	4) We filter supported algorithms against policy early, preventing
	us from sending, or even setting invalid algorithms if they are
	turned off by policy.

	5) ssl ConsumeSignatureScheme was handling alerts inconsistently.
	The Consume could send an allert in it's failure case, but the check
	of scheme validity wouldn't sent an alert. The collers were
	inconstent as well. Now ssl_ConsumeSignatureScheme always sends and
	alert on failure, and the callers do not.

	[c71bb1bedf7d]
```

Differential Revision: https://phabricator.services.mozilla.com/D120787
2021-07-24 17:26:14 +00:00
Benjamin Beurdouche
dde8b5dd22 Bug 1720464 - land NSS 8f41147c2192 UPGRADE_NSS_RELEASE, r=beurdouche
```
2021-07-22  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* doc/rst/index.rst:
	Display warning on the new NSS documentation
	[8f41147c2192] [tip]

2021-07-20  Robert Relyea  <rrelyea@redhat.com>

	* lib/softoken/sdb.c:
	Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss
	failures.

	https://sqlite.org/forum/info/42cf8e985bb051a2

	sqlite is now permissive on opening a readonly file even if you ask
	for the file to be opened R/W.

	normally sqlite is very conservative in changing it's underlying
	semantics, but evidently they chose convience over compatibility.
	NSS now needs to check the file permissions itself to preserve nss
	semantics.

	[f2d34a957599]

2021-07-15  Robert Relyea  <rrelyea@redhat.com>

	* tests/common/init.sh, tests/common/parsegtestreport.sed,
	tests/common/parsegtestreport.sh, tests/gtests/gtests.sh,
	tests/ssl_gtests/ssl_gtests.sh:
	Bug 1720230 Gtest update changed the gtest reports, losing gtest
	details in all.sh reports.

	This patch includes the updated .sed script, and an experiment using
	bash instead to see how hard it would be to make a more robust
	parser.

	The robust parser generates identical output as sed, but takes about
	30x longer, so instead of subsecond operations, it takes almost half
	a minute. With that result, I think we can stay with sed and
	continue to update when we get new versions of gtests. (sigh).

	time cat report.xml.0 | sed -f parsegtestreport.sed > r1

	real 0m0.710s user 0m0.705s sys 0m0.008s

	time cat report.xml.0 | sh parsegtestreport.sh > r2

	real 0m25.066s user 0m17.759s sys 0m9.506s [rrelyea@localhost
	common]$ diff r1 r2

	updated: with review comments from Martin and move the report
	parsing to the common code so it can be shared with both ssl_gtests
	and gtests shell scripts.

	[f12856d5d2c2]

2021-07-13  Robert Relyea  <rrelyea@redhat.com>

	* gtests/softoken_gtest/softoken_dh_vectors.h, lib/softoken/pkcs11c.c,
	lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c,
	lib/softoken/sftkdhverify.c:
	Bug 1720228 NSS incorrectly accepting 1536 bit DH primes in FIPS
	mode

	When NSS is in FIPS mode, it should reject all primes smaller than
	2048. The ike 1536 prime is in the accepted primes table. In FIPS
	mode it should be rejected.

	[d2ec946e601a]

2021-07-15  Robert Relyea  <rrelyea@redhat.com>

	* cmd/manifest.mn, cmd/sdbthreadtst/Makefile,
	cmd/sdbthreadtst/manifest.mn, cmd/sdbthreadtst/sdbthreadtst.c,
	cmd/sdbthreadtst/sdbthreadtst.gyp, lib/softoken/sdb.c,
	lib/softoken/sftkdb.c, nss.gyp, tests/dbtests/dbtests.sh:
	Bug 1720232 SQLite calls could timeout in starvation situations.

	Some of our servers could cause random failures when trying to
	generate many key pairs from multiple threads. This is caused
	because some threads would starve long enough for them to give up on
	getting a begin transaction on sqlite. sqlite only allows one
	transaction at a time.

	Also, there were some bugs in error handling of the broken
	transaction case where NSS would try to cancel a transation after
	the begin failed (most cases were correct, but one case in
	particular was problematic).

	[b54b0d41e51b]

2021-07-13  Robert Relyea  <rrelyea@redhat.com>

	* lib/pk11wrap/pk11cxt.c, lib/pk11wrap/pk11hpke.c,
	lib/softoken/kbkdf.c, lib/softoken/sftkhmac.c,
	lib/softoken/sftkike.c:
	Bug 1720225 Coverity/cpp scanner errors found in nss 3.67

	A number of coverity/scanner issues were found in the kdf code which
	was added in nss 3.44 and the fixes never upstreamed, as well as
	coverity/scanner errors in nss 3.66. Not all errors were fixed,
	those errors which were determined to be false positives were just
	recorded. No attempt has been made to fix coverity/scanner errors in
	gtests.

	[d1b9709d8861]
```

Differential Revision: https://phabricator.services.mozilla.com/D120624
2021-07-23 09:23:50 +00:00
Dorel Luca
df0ba034a0 Backed out changeset 94ca8dafa006 (bug 1720464) for Browser-chrome failures in browser/base/content/test/performance/browser_startup_mainthreadio.js. UPGRADE_NSS_RELEASE CLOSED TREE 2021-07-22 20:49:30 +03:00
Benjamin Beurdouche
9753f750fd Bug 1720464 - land NSS 8f41147c2192 UPGRADE_NSS_RELEASE, r=beurdouche
```
2021-07-22  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* doc/rst/index.rst:
	Display warning on the new NSS documentation
	[8f41147c2192] [tip]

2021-07-20  Robert Relyea  <rrelyea@redhat.com>

	* lib/softoken/sdb.c:
	Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss
	failures.

	https://sqlite.org/forum/info/42cf8e985bb051a2

	sqlite is now permissive on opening a readonly file even if you ask
	for the file to be opened R/W.

	normally sqlite is very conservative in changing it's underlying
	semantics, but evidently they chose convience over compatibility.
	NSS now needs to check the file permissions itself to preserve nss
	semantics.

	[f2d34a957599]

2021-07-15  Robert Relyea  <rrelyea@redhat.com>

	* tests/common/init.sh, tests/common/parsegtestreport.sed,
	tests/common/parsegtestreport.sh, tests/gtests/gtests.sh,
	tests/ssl_gtests/ssl_gtests.sh:
	Bug 1720230 Gtest update changed the gtest reports, losing gtest
	details in all.sh reports.

	This patch includes the updated .sed script, and an experiment using
	bash instead to see how hard it would be to make a more robust
	parser.

	The robust parser generates identical output as sed, but takes about
	30x longer, so instead of subsecond operations, it takes almost half
	a minute. With that result, I think we can stay with sed and
	continue to update when we get new versions of gtests. (sigh).

	time cat report.xml.0 | sed -f parsegtestreport.sed > r1

	real 0m0.710s user 0m0.705s sys 0m0.008s

	time cat report.xml.0 | sh parsegtestreport.sh > r2

	real 0m25.066s user 0m17.759s sys 0m9.506s [rrelyea@localhost
	common]$ diff r1 r2

	updated: with review comments from Martin and move the report
	parsing to the common code so it can be shared with both ssl_gtests
	and gtests shell scripts.

	[f12856d5d2c2]

2021-07-13  Robert Relyea  <rrelyea@redhat.com>

	* gtests/softoken_gtest/softoken_dh_vectors.h, lib/softoken/pkcs11c.c,
	lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c,
	lib/softoken/sftkdhverify.c:
	Bug 1720228 NSS incorrectly accepting 1536 bit DH primes in FIPS
	mode

	When NSS is in FIPS mode, it should reject all primes smaller than
	2048. The ike 1536 prime is in the accepted primes table. In FIPS
	mode it should be rejected.

	[d2ec946e601a]

2021-07-15  Robert Relyea  <rrelyea@redhat.com>

	* cmd/manifest.mn, cmd/sdbthreadtst/Makefile,
	cmd/sdbthreadtst/manifest.mn, cmd/sdbthreadtst/sdbthreadtst.c,
	cmd/sdbthreadtst/sdbthreadtst.gyp, lib/softoken/sdb.c,
	lib/softoken/sftkdb.c, nss.gyp, tests/dbtests/dbtests.sh:
	Bug 1720232 SQLite calls could timeout in starvation situations.

	Some of our servers could cause random failures when trying to
	generate many key pairs from multiple threads. This is caused
	because some threads would starve long enough for them to give up on
	getting a begin transaction on sqlite. sqlite only allows one
	transaction at a time.

	Also, there were some bugs in error handling of the broken
	transaction case where NSS would try to cancel a transation after
	the begin failed (most cases were correct, but one case in
	particular was problematic).

	[b54b0d41e51b]

2021-07-13  Robert Relyea  <rrelyea@redhat.com>

	* lib/pk11wrap/pk11cxt.c, lib/pk11wrap/pk11hpke.c,
	lib/softoken/kbkdf.c, lib/softoken/sftkhmac.c,
	lib/softoken/sftkike.c:
	Bug 1720225 Coverity/cpp scanner errors found in nss 3.67

	A number of coverity/scanner issues were found in the kdf code which
	was added in nss 3.44 and the fixes never upstreamed, as well as
	coverity/scanner errors in nss 3.66. Not all errors were fixed,
	those errors which were determined to be false positives were just
	recorded. No attempt has been made to fix coverity/scanner errors in
	gtests.

	[d1b9709d8861]
```

Differential Revision: https://phabricator.services.mozilla.com/D120624
2021-07-22 13:53:32 +00:00
Benjamin Beurdouche
4582da2473 Bug 1709817 - Enable NSS documentation in firefox-src-tree. r=beurdouche
Differential Revision: https://phabricator.services.mozilla.com/D119913
2021-07-22 12:10:19 +00:00
ffxbld
10795c51f3 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D120594
2021-07-22 11:55:25 +00:00
Kashav Madan
5781dca888 Bug 1720688 - Support extended attribute syntax in protocol declarations, r=mccr8
Differential Revision: https://phabricator.services.mozilla.com/D119975
2021-07-22 02:24:43 +00:00
Alexandre Lissy
f7a9b9a730 Bug 1719279 - Properly add $HOME/.cache/fontconfig allowance r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D119178
2021-07-20 12:24:56 +00:00
Alex Lopez
77ce415604 Bug 1696251 - Replace self with command_context where possible in existing mach commands. r=mhentges,webdriver-reviewers,perftest-reviewers,whimboo
This step removes all the dependencies of mach commands to
having a MachCommandBase as the `self` by using the `command_context`
argument instead. This also removes any remaining statefulness from those
classes that implement mach commands, ultimately making it easier to move
existing commands out of classes in a follow-up.

Differential Revision: https://phabricator.services.mozilla.com/D118058
2021-07-19 16:04:25 +00:00
ffxbld
42e26fb23c No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D120208
2021-07-19 11:41:05 +00:00
Bob Owen
189584d4f9 Bug 1716024 p1: Change CET support to compatible modules only. r=handyman
Differential Revision: https://phabricator.services.mozilla.com/D117550
2021-07-19 07:36:19 +00:00
Butkovits Atila
a07f790e42 Backed out changeset e1921c5112d8 (bug 1696251) for causing bustages complaining about 'CommandContext'. CLOSED TREE 2021-07-16 20:35:55 +03:00
Alex Lopez
190e03aaab Bug 1696251 - Replace self with command_context where possible in existing mach commands. r=mhentges,webdriver-reviewers,perftest-reviewers,whimboo
This step removes all the dependencies of mach commands to
having a MachCommandBase as the `self` by using the `command_context`
argument instead. This also removes any remaining statefulness from those
classes that implement mach commands, ultimately making it easier to move
existing commands out of classes in a follow-up.

Differential Revision: https://phabricator.services.mozilla.com/D118058
2021-07-16 15:51:29 +00:00
Mike Hommey
e2a1db5178 Bug 1713735 - Add the bits necessary to build wasm sandbox libs with wasm2c. r=firefox-build-system-reviewers,mhentges
For the moment, it's opt-in via explicitly setting `LUCETC` to an empty
string.

Differential Revision: https://phabricator.services.mozilla.com/D119939
2021-07-16 02:38:41 +00:00
shravanrn@gmail.com
c90a46987f Bug 1713735 part 2 - Configs to build wasm2c for use in rlbox r=glandium
Differential Revision: https://phabricator.services.mozilla.com/D116442
2021-07-16 02:38:40 +00:00
Dana Keeler
4d9a172951 Bug 1718844 - handle certificates not being available in the remembered client authentication decision dialog r=rmf,fluent-reviewers
This patch updates the remembered client authentication decision tab of the
certificate manager to gracefully handle cases where a certificate
corresponding to a remembered decision has been deleted from the user's
certificate store or if it lives on a token that has been removed.

Differential Revision: https://phabricator.services.mozilla.com/D119794
2021-07-15 21:47:39 +00:00
Dana Keeler
8a1b124e00 Bug 1710355 - replace the unmaintained memmap crate with memmap2 in cert_storage r=rmf
Differential Revision: https://phabricator.services.mozilla.com/D119563
2021-07-15 21:47:12 +00:00
Alexandre Lissy
41550dc422 Bug 1695195 - Set SandboxReporter profiler thread name r=jld
Differential Revision: https://phabricator.services.mozilla.com/D119361
2021-07-15 19:06:35 +00:00
ffxbld
3ea69315a0 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D119964
2021-07-15 12:19:52 +00:00
Dorel Luca
a8dbc3a00f Backed out changeset 893f32015ef0 (bug 1709817) for Gecko Decision Task failure and Build bustages. CLOSED TREE 2021-07-15 14:03:08 +03:00
Benjamin Beurdouche
c0714b01bc Bug 1709817 - Import the NSS documentation from MDN in nss/doc. r=beurdouche
Differential Revision: https://phabricator.services.mozilla.com/D119913
2021-07-15 10:47:28 +00:00
Rob Wu
8e4d13f64a Bug 1713628 - Treat notBefore in the future of signed XPI files as valid + tests r=keeler
This patch also includes unit tests for this + previous untested cases
(bug 1713628, bug 1267318 and bug 1548973).

The tool to generate the test cases (zip files) has also been updated
because it has been broken by changes from bug 1699294.

Differential Revision: https://phabricator.services.mozilla.com/D119802
2021-07-14 20:24:56 +00:00
Benjamin Beurdouche
fbf40a7e56 Bug 1720464 - land NSS b1eac8c86e99 UPGRADE_NSS_RELEASE, r=beurdouche
Differential Revision: https://phabricator.services.mozilla.com/D119914
2021-07-14 20:05:21 +00:00
Kershaw Chang
bba712b93d Bug 1654507 - Part2: Plumbing for echRetry, r=necko-reviewers,dragana
Differential Revision: https://phabricator.services.mozilla.com/D119403
2021-07-13 09:24:26 +00:00
Kershaw Chang
3b354571f5 Bug 1654507 - Part1: Plumbing for setting ech config, r=necko-reviewers,dragana
Differential Revision: https://phabricator.services.mozilla.com/D119402
2021-07-13 09:24:25 +00:00
Alexandre Lissy
27dc28950f Bug 1718046 - Use String concatenation rather than AppendPrintf r=handyman
Using AppendPrintf implies pure ASCII content, and strerror() might
return localized string, so this will break.

Differential Revision: https://phabricator.services.mozilla.com/D119286
2021-07-12 19:10:04 +00:00
ffxbld
20ebcad429 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D119613
2021-07-12 12:46:36 +00:00
Benjamin Beurdouche
5227b2bd67 Bug 1715772 - land NSS NSS_3_68_RTM UPGRADE_NSS_RELEASE, r=beurdouche
Differential Revision: https://phabricator.services.mozilla.com/D119577
2021-07-11 18:02:26 +00:00
Jed Davis
ce1dc6dc06 Bug 1719391 - Fix fd leak during Linux sandbox file broker creation. r=glandium
Differential Revision: https://phabricator.services.mozilla.com/D119456
2021-07-09 21:05:51 +00:00
ffxbld
36123d2646 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D119384
2021-07-08 12:04:42 +00:00
Makoto Kato
f912325645 Bug 1719115 - Add riscv64 defines to build/build_config.h. r=firefox-build-system-reviewers,andi
mozilla-central has some imported files of build_config.h from Chromium.
Actually although they doesn't have riscv64 defines yet, I would like to
add it to build Firefox for riscv64.

Differential Revision: https://phabricator.services.mozilla.com/D119051
2021-07-06 08:05:40 +00:00
Jed Davis
a8d8e90b70 Bug 1635451 - Attempt to start WebGL even in headless mode. r=jgilbert
Currently we return an error when creating a WebGL context in headless
mode, but our WebGL implementation renders to an offscreen context, so
in theory it could work normally in a headless browser, and in practice
it already does work on some OSes.  This patch removes that check; the
attempt to use GL may fail, in which case we'll return an error to
content.

The main purpose of this patch is to run content processes with headless
mode set in an otherwise non-headless browser, but it should also be
useful for fully headless mode.  Comments in bug NNNNNNN indicate that
this change should be sufficient for headless WebGL on Windows and MacOS,
although it may not have been extensively tested.

Linux is more complicated.  The EGL/X11 backend manages its own
connection to the X server (indirectly via the EGL library); a later
patch in this series allows doing that in GLX mode as well.  Our Wayland
support can't do this yet, but it should be possible.

This patch also modifies the Linux sandbox policy so that content
processes can connect to a local X server (via the file broker) even when
the parent process is in headless mode.

Differential Revision: https://phabricator.services.mozilla.com/D118721
2021-07-06 07:42:41 +00:00
ffxbld
90157073c1 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D119078
2021-07-05 11:42:50 +00:00
Benjamin Beurdouche
e070f79f95 Bug 1715772 - land NSS NSS_3_68_BETA1 UPGRADE_NSS_RELEASE, r=beurdouche
```
2021-07-01  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* automation/release/nspr-version.txt:
	Bug 1717452 - NSS 3.68 should depend on NSPR 4.32. r=kaie

	[352fca8a348e] [NSS_3_68_BETA1]

2021-06-30  Robert Relyea  <rrelyea@redhat.com>

	* gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc,
	gtests/pk11_gtest/pk11_ecdsa_unittest.cc,
	gtests/pk11_gtest/pk11_keygen.cc, gtests/pk11_gtest/pk11_keygen.h,
	gtests/pk11_gtest/pk11_signature_test.cc,
	gtests/pk11_gtest/pk11_signature_test.h,
	gtests/ssl_gtest/libssl_internals.c, lib/pk11wrap/pk11pk12.c:
	Bug 1693206 - Implement PKCS8 export of ECDSA keys patch by
	Christoph Walcher r=rrelyea, bbeurdouche
	[9343c18b4df7]

2021-06-25  Martin Thomson  <mt@lowentropy.net>

	* gtests/ssl_gtest/ssl_extension_unittest.cc, lib/ssl/ssl3prot.h,
	lib/ssl/sslproto.h, lib/ssl/tls13con.c:
	Bug 1712883 - DTLS 1.3 draft-43 r=bbeurdouche

	[b2178fe9d27b]

2021-06-25  Makoto Kato  <m_kato@ga2.so-net.ne.jp>

	* automation/taskcluster/graph/src/extend.js, coreconf/WIN32.mk,
	coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/freebl.gyp,
	lib/freebl/sha256-x86.c, lib/freebl/sha512.c:
	Bug 1655493 - Support SHA2 HW acceleration using Intel SHA
	Extension. r=bbeurdouche

	Before applying (on Ryzen 9 3900X) ``` # mode in opreps cxreps
	context op time(sec) thrgput sha256_e 1Gb 208Mb 23M 0 0.000
	10000.000 10.000 123Mb 301Kb ```

	After applying ``` # mode in opreps cxreps context op time(sec)
	thrgput sha256_e 5Gb 797Mb 110M 0 0.000 10000.000 10.000 591Mb 769Kb
	```

	[65a7c7b3f182]

2021-05-31  Martin Thomson  <mt@lowentropy.net>

	* gtests/ssl_gtest/libssl_internals.c,
	gtests/ssl_gtest/libssl_internals.h,
	gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/manifest.mn,
	lib/ssl/ssl.gyp, lib/ssl/tls13ech.c, lib/ssl/tls13ech.h,
	lib/ssl/tls13echv.c, lib/util/seccomon.h:
	Bug 1713562 - Validate ECH public names, r=bbeurdouche

	This validates that they are LDH (with underscore because we don't
	hate freedom), but that they are not IP addresses. This invokes the
	horrible WhatWG IP parsing routines, so that it recognizes a vast
	array of crazy address formats (thanks 1980s design).

	[ac81f721cbbf]
```

Differential Revision: https://phabricator.services.mozilla.com/D119026
2021-07-02 12:56:36 +00:00