Commit Graph

16030 Commits

Author SHA1 Message Date
ffxbld
7bf613163a No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D122093
2021-08-09 11:49:10 +00:00
Ben Hearsum
f5afc22625 Bug 1714200: skip failing xpcshell tests on M1 machines r=jmaher
Differential Revision: https://phabricator.services.mozilla.com/D121225
2021-08-06 19:16:55 +00:00
ffxbld
3b0b1c9a9a No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D121852
2021-08-05 12:14:03 +00:00
Martin Thomson
c240187284 Bug 1720464 - land NSS NSS_3_69_RTM UPGRADE_NSS_RELEASE, r=ckerschb DONTBUILD
2021-08-05  Martin Thomson  <mt@lowentropy.net>

o  	* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
|  	Set version numbers to 3.69 final
|  	[2f5c77e2c5b9] [NSS_3_69_RTM] <NSS_3_69_BRANCH>
|
2021-07-30  Martin Thomson  <mt@lowentropy.net>

o  	* .hgtags:
|  	Added tag NSS_3_69_BETA1 for changeset 60211e7f03ee
|  	[51b699171a91] <NSS_3_69_BRANCH>
|
2021-07-29  Martin Thomson  <mt@lowentropy.net>

o  	* lib/ssl/sslsock.c:
|  	Bug 1722613 - Disable DTLS 1.0 and 1.1 by default, r=rrelyea
|
|  	[60211e7f03ee] [NSS_3_69_BETA1]
|
2021-07-15  Robert Relyea  <rrelyea@redhat.com>

o  	* automation/taskcluster/docker-builds/Dockerfile,
~  	automation/taskcluster/docker-gcc-4.4/Dockerfile,
   	automation/taskcluster/docker/Dockerfile, lib/softoken/sftkpwd.c,
   	tests/dbtests/dbtests.sh:
   	Bug 1720226 integrity checks in key4.db not happening on private
   	components with AES_CBC When we added support for AES, we also added
   	support for integrity checks on the encrypted components.

   	It turns out the code that verifies the integrity checks was broken
   	in 2 ways:

   	 1. it wasn't accurately operating when AES was being used (the if
   	statement wasn't actually triggering for AES_CBC because we were
   	looking for AES in the wrong field). 2. password update did not
   	update the integrity checks in the correct location, meaning any
   	database which AES encrypted keys, and which had their password
   	updated will not be able to validate their keys.

   	While we found this in a previous rebase, the patch had not been
   	pushed upstream.

   	 The attached patch needs sqlite3 to run the tests.

   	[1e86f5cfc1cd]

Differential Revision: https://phabricator.services.mozilla.com/D121837
2021-08-05 09:50:08 +00:00
stransky
2e7b1387b7 Bug 1721326 - Use small stack for DoClone(). r=jld
Patch author is Florian Weimer <fweimer 'at' redhat.com>

Differential Revision: https://phabricator.services.mozilla.com/D120709
2021-08-04 06:24:47 +00:00
Dana Keeler
f0cbaf362a Bug 1723211 - move reusable parts of osclientcerts to rsclientcerts r=rmf
Depends on D121419

Differential Revision: https://phabricator.services.mozilla.com/D121451
2021-08-03 18:34:22 +00:00
Dana Keeler
b0147ecfd1 Bug 1723211 - rework osclientcerts::manager to take a backend implementation as a trait r=rmf
Depends on D121418

Differential Revision: https://phabricator.services.mozilla.com/D121419
2021-08-03 18:34:21 +00:00
Dana Keeler
7053b26b8c Bug 1723211 - introduce error module to osclientcerts r=rmf
Differential Revision: https://phabricator.services.mozilla.com/D121418
2021-08-03 18:34:21 +00:00
Zibi Braniecki
7b320ed8a6 Bug 1613705 - [localization] part17: Fix racy tests to wait for l10n frame. r=platform-i18n-reviewers,dminor,application-update-reviewers,nalexander
Depends on D116791

Differential Revision: https://phabricator.services.mozilla.com/D116792
2021-08-03 16:25:16 +00:00
Butkovits Atila
949da905e7 Backed out 19 changesets (bug 1613705) for causing build bustages complaining about Document.cpp. CLOSED TREE
Backed out changeset 2ee1091dd20d (bug 1613705)
Backed out changeset d377afc0b09f (bug 1613705)
Backed out changeset de9d4378f0ac (bug 1613705)
Backed out changeset 9843372abb6e (bug 1613705)
Backed out changeset 5fc5918e5905 (bug 1613705)
Backed out changeset a7aeae7afd49 (bug 1613705)
Backed out changeset 5d61617a5402 (bug 1613705)
Backed out changeset 85bf98573899 (bug 1613705)
Backed out changeset 175af8a1b8c2 (bug 1613705)
Backed out changeset 93fcb23d7898 (bug 1613705)
Backed out changeset 595529cd906f (bug 1613705)
Backed out changeset 9f3e2963d925 (bug 1613705)
Backed out changeset 442289058933 (bug 1613705)
Backed out changeset fc3b9acb0e81 (bug 1613705)
Backed out changeset 408983c64f7f (bug 1613705)
Backed out changeset 08b637fc3fcd (bug 1613705)
Backed out changeset 6ef0aafd2db0 (bug 1613705)
Backed out changeset d88b294e0a5e (bug 1613705)
Backed out changeset e6bebff87544 (bug 1613705)
2021-08-03 12:36:01 +03:00
Zibi Braniecki
0bf7c83400 Bug 1613705 - [localization] part17: Fix racy tests to wait for l10n frame. r=platform-i18n-reviewers,dminor,application-update-reviewers,nalexander
Depends on D116791

Differential Revision: https://phabricator.services.mozilla.com/D116792
2021-08-03 05:52:06 +00:00
ffxbld
2831cbf797 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D121518
2021-08-02 11:35:31 +00:00
Zibi Braniecki
9b6ec8c442 Bug 1660392 - [l10nregistry] part10: Fix mozapps update test to await for gAppUpdater. r=application-update-reviewers,bytesized
Differential Revision: https://phabricator.services.mozilla.com/D121126
2021-07-30 16:47:50 +00:00
Christoph Kerschbaumer
7aa6219ad0 Bug 1723086: Annotate all mixed content tests so that https-first does not interfere with them r=lyavor
Differential Revision: https://phabricator.services.mozilla.com/D121341
2021-07-30 09:12:46 +00:00
Alexandre Lissy
5064274394 Bug 1718210 - Enable SandboxTest on Windows/Debug r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D121047
2021-07-29 15:07:24 +00:00
ffxbld
293f05bd5a No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D121171
2021-07-29 13:29:32 +00:00
Christoph Kerschbaumer
4a6250387f Bug 1719272: Annotate failing browser/ tests to potentially enable https-first mode in Nightly r=webcompat-reviewers,denschub,webdriver-reviewers,preferences-reviewers,Gijs,whimboo
Differential Revision: https://phabricator.services.mozilla.com/D119177
2021-07-28 19:16:16 +00:00
Sandor Molnar
68cdec0548 Backed out changeset 7eb8945dd8e3 (bug 1719272) for causing bustages in gecko decision task. CLOSED TREE 2021-07-28 19:47:06 +03:00
Christoph Kerschbaumer
bb716f0701 Bug 1719272: Annotate failing browser/ tests to potentially enable https-first mode in Nightly r=webcompat-reviewers,denschub,webdriver-reviewers,preferences-reviewers,Gijs,whimboo
Differential Revision: https://phabricator.services.mozilla.com/D119177
2021-07-28 16:08:07 +00:00
Alexandre Lissy
e59f6995be Bug 1718084 - Test allow $HOME/.config and block $HOME/.config/mozilla/ r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D119179
2021-07-27 08:07:22 +00:00
Alexandre Lissy
583a763b25 Bug 1718084 - Block access to $HOME/.config/mozilla/ r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D119180
2021-07-27 08:07:21 +00:00
Alexandre Lissy
6301b3cd09 Bug 1718084 - Reorganize test for lower complexity r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D119375
2021-07-27 08:07:21 +00:00
ffxbld
24499204c2 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=pascalc
Differential Revision: https://phabricator.services.mozilla.com/D120836
2021-07-26 15:45:06 +00:00
Benjamin Beurdouche
a1a5fc3aa9 Bug 1720464 - land NSS e9236397be13 UPGRADE_NSS_RELEASE, r=beurdouche
```
2021-07-24  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* doc/rst/build_artifacts.rst, doc/rst/community.rst,
	doc/rst/getting_started.rst, doc/rst/index.rst, doc/rst/more.rst,
	doc/rst/releases/index.rst, doc/rst/releases/nss_3_64.rst,
	doc/rst/releases/nss_3_65.rst, doc/rst/releases/nss_3_66.rst,
	doc/rst/releases/nss_3_67.rst, doc/rst/releases/nss_3_68.rst:
	Documentation: update and release notes for NSS 3.64 to 3.68
	[e9236397be13] [tip]

2021-07-20  Robert Relyea  <rrelyea@redhat.com>

	* gtests/ssl_gtest/nss_policy.h,
	gtests/ssl_gtest/ssl_auth_unittest.cc,
	gtests/ssl_gtest/ssl_extension_unittest.cc,
	gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h,
	gtests/ssl_gtest/tls_connect.cc, lib/ssl/ssl3con.c,
	lib/ssl/sslimpl.h:
	Bug 1720235 SSL handling of signature algorithms ignores
	environmental invalid algorithms.

	Our QA is quite extensive on handling of alert corner cases. Our
	code that checks if a signature algorithm is supported ignores the
	role of policy. If SHA1 is turned off by policy, for instance, we
	only detect that late in the game. This shows up in our test cases
	as decrypt_alerts rather than illegal_parameter or handshake_error
	alerts. It also shows up in us apparently accepting a client auth
	request which only has invalid alerts.

	We also don't handle filtering out signature algorithms that are
	illegal in tls 13 mode.

	This patch not only fixes these issues, but also issues where we
	proposing signature algorithms in server mode that we don't support
	by policy.

	This patch includes:

	In gtests: 1) adding support for policy in ssl_gtests. Currently
	both the server an client will run with the same policy. The patch
	allows us to set policy on one and keeping the old policy on the
	other.

	2) Update extension tests which failed in tls 1.3 because the patch
	now correctly rejects illegal tls 1.3 auth values. The test was
	updated to use a legal auth value in tls 1.3 (so we are correctly
	testing the format issue.

	3) Update extension tests to handle the case where we try to use an
	illegal value for tls 1.3.

	4) add tests to ssl_auth_unittests.cc to make sure we can properly
	connect even when several auth methods are turned off by policy
	(make sure we don't advertize them on the client side, and that the
	server doesn't select them when the client doesn't advertize them).

	5) add tests to ssl_auth_unittests.cc to make sure we don't send
	empty client auth requests when the requester only sends invalid
	auth requests.

	patch itself: 1) The handling of policy checks for ssl schemes were
	scattered in various locations. I've consolidated them into a single
	function. That function now checks for NSS_ALG_USE_IN_ANY_SIGNATURE
	as if this is off by policy, we will fail if we try to use the
	algorithm in a signature in any case. NSS now supports policy on all
	signature algorithms, not just DSA, so we need to check the policy
	of all the algorithms.

	2) to support the policy check on the signature algorithms, I added
	a new ssl_AuthTypeToOID, which also replaces our switch in checking
	if the SPKI matches our auth type.

	 3) ssl_SignatureSchemeValid now accepts an spkiOid of
	SEC_OID_UNKNOWN. To allow us to filter signature schemes based on
	version and policy restrictions before we try to select a
	certificate. This prevents us from sending empty client auth
	messages when we are presented with only invalid signature schemes.

	4) We filter supported algorithms against policy early, preventing
	us from sending, or even setting invalid algorithms if they are
	turned off by policy.

	5) ssl ConsumeSignatureScheme was handling alerts inconsistently.
	The Consume could send an allert in it's failure case, but the check
	of scheme validity wouldn't sent an alert. The collers were
	inconstent as well. Now ssl_ConsumeSignatureScheme always sends and
	alert on failure, and the callers do not.

	[c71bb1bedf7d]
```

Differential Revision: https://phabricator.services.mozilla.com/D120787
2021-07-24 17:26:14 +00:00
Benjamin Beurdouche
dde8b5dd22 Bug 1720464 - land NSS 8f41147c2192 UPGRADE_NSS_RELEASE, r=beurdouche
```
2021-07-22  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* doc/rst/index.rst:
	Display warning on the new NSS documentation
	[8f41147c2192] [tip]

2021-07-20  Robert Relyea  <rrelyea@redhat.com>

	* lib/softoken/sdb.c:
	Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss
	failures.

	https://sqlite.org/forum/info/42cf8e985bb051a2

	sqlite is now permissive on opening a readonly file even if you ask
	for the file to be opened R/W.

	normally sqlite is very conservative in changing it's underlying
	semantics, but evidently they chose convience over compatibility.
	NSS now needs to check the file permissions itself to preserve nss
	semantics.

	[f2d34a957599]

2021-07-15  Robert Relyea  <rrelyea@redhat.com>

	* tests/common/init.sh, tests/common/parsegtestreport.sed,
	tests/common/parsegtestreport.sh, tests/gtests/gtests.sh,
	tests/ssl_gtests/ssl_gtests.sh:
	Bug 1720230 Gtest update changed the gtest reports, losing gtest
	details in all.sh reports.

	This patch includes the updated .sed script, and an experiment using
	bash instead to see how hard it would be to make a more robust
	parser.

	The robust parser generates identical output as sed, but takes about
	30x longer, so instead of subsecond operations, it takes almost half
	a minute. With that result, I think we can stay with sed and
	continue to update when we get new versions of gtests. (sigh).

	time cat report.xml.0 | sed -f parsegtestreport.sed > r1

	real 0m0.710s user 0m0.705s sys 0m0.008s

	time cat report.xml.0 | sh parsegtestreport.sh > r2

	real 0m25.066s user 0m17.759s sys 0m9.506s [rrelyea@localhost
	common]$ diff r1 r2

	updated: with review comments from Martin and move the report
	parsing to the common code so it can be shared with both ssl_gtests
	and gtests shell scripts.

	[f12856d5d2c2]

2021-07-13  Robert Relyea  <rrelyea@redhat.com>

	* gtests/softoken_gtest/softoken_dh_vectors.h, lib/softoken/pkcs11c.c,
	lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c,
	lib/softoken/sftkdhverify.c:
	Bug 1720228 NSS incorrectly accepting 1536 bit DH primes in FIPS
	mode

	When NSS is in FIPS mode, it should reject all primes smaller than
	2048. The ike 1536 prime is in the accepted primes table. In FIPS
	mode it should be rejected.

	[d2ec946e601a]

2021-07-15  Robert Relyea  <rrelyea@redhat.com>

	* cmd/manifest.mn, cmd/sdbthreadtst/Makefile,
	cmd/sdbthreadtst/manifest.mn, cmd/sdbthreadtst/sdbthreadtst.c,
	cmd/sdbthreadtst/sdbthreadtst.gyp, lib/softoken/sdb.c,
	lib/softoken/sftkdb.c, nss.gyp, tests/dbtests/dbtests.sh:
	Bug 1720232 SQLite calls could timeout in starvation situations.

	Some of our servers could cause random failures when trying to
	generate many key pairs from multiple threads. This is caused
	because some threads would starve long enough for them to give up on
	getting a begin transaction on sqlite. sqlite only allows one
	transaction at a time.

	Also, there were some bugs in error handling of the broken
	transaction case where NSS would try to cancel a transation after
	the begin failed (most cases were correct, but one case in
	particular was problematic).

	[b54b0d41e51b]

2021-07-13  Robert Relyea  <rrelyea@redhat.com>

	* lib/pk11wrap/pk11cxt.c, lib/pk11wrap/pk11hpke.c,
	lib/softoken/kbkdf.c, lib/softoken/sftkhmac.c,
	lib/softoken/sftkike.c:
	Bug 1720225 Coverity/cpp scanner errors found in nss 3.67

	A number of coverity/scanner issues were found in the kdf code which
	was added in nss 3.44 and the fixes never upstreamed, as well as
	coverity/scanner errors in nss 3.66. Not all errors were fixed,
	those errors which were determined to be false positives were just
	recorded. No attempt has been made to fix coverity/scanner errors in
	gtests.

	[d1b9709d8861]
```

Differential Revision: https://phabricator.services.mozilla.com/D120624
2021-07-23 09:23:50 +00:00
Dorel Luca
df0ba034a0 Backed out changeset 94ca8dafa006 (bug 1720464) for Browser-chrome failures in browser/base/content/test/performance/browser_startup_mainthreadio.js. UPGRADE_NSS_RELEASE CLOSED TREE 2021-07-22 20:49:30 +03:00
Benjamin Beurdouche
9753f750fd Bug 1720464 - land NSS 8f41147c2192 UPGRADE_NSS_RELEASE, r=beurdouche
```
2021-07-22  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* doc/rst/index.rst:
	Display warning on the new NSS documentation
	[8f41147c2192] [tip]

2021-07-20  Robert Relyea  <rrelyea@redhat.com>

	* lib/softoken/sdb.c:
	Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss
	failures.

	https://sqlite.org/forum/info/42cf8e985bb051a2

	sqlite is now permissive on opening a readonly file even if you ask
	for the file to be opened R/W.

	normally sqlite is very conservative in changing it's underlying
	semantics, but evidently they chose convience over compatibility.
	NSS now needs to check the file permissions itself to preserve nss
	semantics.

	[f2d34a957599]

2021-07-15  Robert Relyea  <rrelyea@redhat.com>

	* tests/common/init.sh, tests/common/parsegtestreport.sed,
	tests/common/parsegtestreport.sh, tests/gtests/gtests.sh,
	tests/ssl_gtests/ssl_gtests.sh:
	Bug 1720230 Gtest update changed the gtest reports, losing gtest
	details in all.sh reports.

	This patch includes the updated .sed script, and an experiment using
	bash instead to see how hard it would be to make a more robust
	parser.

	The robust parser generates identical output as sed, but takes about
	30x longer, so instead of subsecond operations, it takes almost half
	a minute. With that result, I think we can stay with sed and
	continue to update when we get new versions of gtests. (sigh).

	time cat report.xml.0 | sed -f parsegtestreport.sed > r1

	real 0m0.710s user 0m0.705s sys 0m0.008s

	time cat report.xml.0 | sh parsegtestreport.sh > r2

	real 0m25.066s user 0m17.759s sys 0m9.506s [rrelyea@localhost
	common]$ diff r1 r2

	updated: with review comments from Martin and move the report
	parsing to the common code so it can be shared with both ssl_gtests
	and gtests shell scripts.

	[f12856d5d2c2]

2021-07-13  Robert Relyea  <rrelyea@redhat.com>

	* gtests/softoken_gtest/softoken_dh_vectors.h, lib/softoken/pkcs11c.c,
	lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c,
	lib/softoken/sftkdhverify.c:
	Bug 1720228 NSS incorrectly accepting 1536 bit DH primes in FIPS
	mode

	When NSS is in FIPS mode, it should reject all primes smaller than
	2048. The ike 1536 prime is in the accepted primes table. In FIPS
	mode it should be rejected.

	[d2ec946e601a]

2021-07-15  Robert Relyea  <rrelyea@redhat.com>

	* cmd/manifest.mn, cmd/sdbthreadtst/Makefile,
	cmd/sdbthreadtst/manifest.mn, cmd/sdbthreadtst/sdbthreadtst.c,
	cmd/sdbthreadtst/sdbthreadtst.gyp, lib/softoken/sdb.c,
	lib/softoken/sftkdb.c, nss.gyp, tests/dbtests/dbtests.sh:
	Bug 1720232 SQLite calls could timeout in starvation situations.

	Some of our servers could cause random failures when trying to
	generate many key pairs from multiple threads. This is caused
	because some threads would starve long enough for them to give up on
	getting a begin transaction on sqlite. sqlite only allows one
	transaction at a time.

	Also, there were some bugs in error handling of the broken
	transaction case where NSS would try to cancel a transation after
	the begin failed (most cases were correct, but one case in
	particular was problematic).

	[b54b0d41e51b]

2021-07-13  Robert Relyea  <rrelyea@redhat.com>

	* lib/pk11wrap/pk11cxt.c, lib/pk11wrap/pk11hpke.c,
	lib/softoken/kbkdf.c, lib/softoken/sftkhmac.c,
	lib/softoken/sftkike.c:
	Bug 1720225 Coverity/cpp scanner errors found in nss 3.67

	A number of coverity/scanner issues were found in the kdf code which
	was added in nss 3.44 and the fixes never upstreamed, as well as
	coverity/scanner errors in nss 3.66. Not all errors were fixed,
	those errors which were determined to be false positives were just
	recorded. No attempt has been made to fix coverity/scanner errors in
	gtests.

	[d1b9709d8861]
```

Differential Revision: https://phabricator.services.mozilla.com/D120624
2021-07-22 13:53:32 +00:00
Benjamin Beurdouche
4582da2473 Bug 1709817 - Enable NSS documentation in firefox-src-tree. r=beurdouche
Differential Revision: https://phabricator.services.mozilla.com/D119913
2021-07-22 12:10:19 +00:00
ffxbld
10795c51f3 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D120594
2021-07-22 11:55:25 +00:00
Kashav Madan
5781dca888 Bug 1720688 - Support extended attribute syntax in protocol declarations, r=mccr8
Differential Revision: https://phabricator.services.mozilla.com/D119975
2021-07-22 02:24:43 +00:00
Alexandre Lissy
f7a9b9a730 Bug 1719279 - Properly add $HOME/.cache/fontconfig allowance r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D119178
2021-07-20 12:24:56 +00:00
Alex Lopez
77ce415604 Bug 1696251 - Replace self with command_context where possible in existing mach commands. r=mhentges,webdriver-reviewers,perftest-reviewers,whimboo
This step removes all the dependencies of mach commands to
having a MachCommandBase as the `self` by using the `command_context`
argument instead. This also removes any remaining statefulness from those
classes that implement mach commands, ultimately making it easier to move
existing commands out of classes in a follow-up.

Differential Revision: https://phabricator.services.mozilla.com/D118058
2021-07-19 16:04:25 +00:00
ffxbld
42e26fb23c No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D120208
2021-07-19 11:41:05 +00:00
Bob Owen
189584d4f9 Bug 1716024 p1: Change CET support to compatible modules only. r=handyman
Differential Revision: https://phabricator.services.mozilla.com/D117550
2021-07-19 07:36:19 +00:00
Butkovits Atila
a07f790e42 Backed out changeset e1921c5112d8 (bug 1696251) for causing bustages complaining about 'CommandContext'. CLOSED TREE 2021-07-16 20:35:55 +03:00
Alex Lopez
190e03aaab Bug 1696251 - Replace self with command_context where possible in existing mach commands. r=mhentges,webdriver-reviewers,perftest-reviewers,whimboo
This step removes all the dependencies of mach commands to
having a MachCommandBase as the `self` by using the `command_context`
argument instead. This also removes any remaining statefulness from those
classes that implement mach commands, ultimately making it easier to move
existing commands out of classes in a follow-up.

Differential Revision: https://phabricator.services.mozilla.com/D118058
2021-07-16 15:51:29 +00:00
Mike Hommey
e2a1db5178 Bug 1713735 - Add the bits necessary to build wasm sandbox libs with wasm2c. r=firefox-build-system-reviewers,mhentges
For the moment, it's opt-in via explicitly setting `LUCETC` to an empty
string.

Differential Revision: https://phabricator.services.mozilla.com/D119939
2021-07-16 02:38:41 +00:00
shravanrn@gmail.com
c90a46987f Bug 1713735 part 2 - Configs to build wasm2c for use in rlbox r=glandium
Differential Revision: https://phabricator.services.mozilla.com/D116442
2021-07-16 02:38:40 +00:00
Dana Keeler
4d9a172951 Bug 1718844 - handle certificates not being available in the remembered client authentication decision dialog r=rmf,fluent-reviewers
This patch updates the remembered client authentication decision tab of the
certificate manager to gracefully handle cases where a certificate
corresponding to a remembered decision has been deleted from the user's
certificate store or if it lives on a token that has been removed.

Differential Revision: https://phabricator.services.mozilla.com/D119794
2021-07-15 21:47:39 +00:00
Dana Keeler
8a1b124e00 Bug 1710355 - replace the unmaintained memmap crate with memmap2 in cert_storage r=rmf
Differential Revision: https://phabricator.services.mozilla.com/D119563
2021-07-15 21:47:12 +00:00
Alexandre Lissy
41550dc422 Bug 1695195 - Set SandboxReporter profiler thread name r=jld
Differential Revision: https://phabricator.services.mozilla.com/D119361
2021-07-15 19:06:35 +00:00
ffxbld
3ea69315a0 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D119964
2021-07-15 12:19:52 +00:00
Dorel Luca
a8dbc3a00f Backed out changeset 893f32015ef0 (bug 1709817) for Gecko Decision Task failure and Build bustages. CLOSED TREE 2021-07-15 14:03:08 +03:00
Benjamin Beurdouche
c0714b01bc Bug 1709817 - Import the NSS documentation from MDN in nss/doc. r=beurdouche
Differential Revision: https://phabricator.services.mozilla.com/D119913
2021-07-15 10:47:28 +00:00
Rob Wu
8e4d13f64a Bug 1713628 - Treat notBefore in the future of signed XPI files as valid + tests r=keeler
This patch also includes unit tests for this + previous untested cases
(bug 1713628, bug 1267318 and bug 1548973).

The tool to generate the test cases (zip files) has also been updated
because it has been broken by changes from bug 1699294.

Differential Revision: https://phabricator.services.mozilla.com/D119802
2021-07-14 20:24:56 +00:00
Benjamin Beurdouche
fbf40a7e56 Bug 1720464 - land NSS b1eac8c86e99 UPGRADE_NSS_RELEASE, r=beurdouche
Differential Revision: https://phabricator.services.mozilla.com/D119914
2021-07-14 20:05:21 +00:00
Kershaw Chang
bba712b93d Bug 1654507 - Part2: Plumbing for echRetry, r=necko-reviewers,dragana
Differential Revision: https://phabricator.services.mozilla.com/D119403
2021-07-13 09:24:26 +00:00
Kershaw Chang
3b354571f5 Bug 1654507 - Part1: Plumbing for setting ech config, r=necko-reviewers,dragana
Differential Revision: https://phabricator.services.mozilla.com/D119402
2021-07-13 09:24:25 +00:00
Alexandre Lissy
27dc28950f Bug 1718046 - Use String concatenation rather than AppendPrintf r=handyman
Using AppendPrintf implies pure ASCII content, and strerror() might
return localized string, so this will break.

Differential Revision: https://phabricator.services.mozilla.com/D119286
2021-07-12 19:10:04 +00:00
ffxbld
20ebcad429 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau
Differential Revision: https://phabricator.services.mozilla.com/D119613
2021-07-12 12:46:36 +00:00