Commit Graph

13875 Commits

Author SHA1 Message Date
Nathan Froyd
ae396f2b88 Bug 1505938 - disable spectre mitigation warnings for aarch64 windows MSVC; r=dmajor 2018-11-09 10:49:31 -05:00
Haik Aftandilian
b1a4ba8dff Bug 1505445 - [Mac] With sandbox early startup, start the sandbox after the port exchange r=Alex_Gaynor
Don't start the sandbox until after the port exchange so the parent process does not have to wait longer in ContentParent::LaunchSubprocess() for the (expensive) sandbox_init_with_parameters call to complete in the child. Remove the policy rule allowing access to the parent port now that it is already open when the sandbox is initialized and therefore not needed.

Differential Revision: https://phabricator.services.mozilla.com/D11186

--HG--
extra : moz-landing-system : lando
2018-11-08 21:04:19 +00:00
ffxbld
3a972019e4 No Bug, mozilla-central repo-update HSTS HPKP blocklist remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D11314

--HG--
extra : moz-landing-system : lando
2018-11-08 13:54:03 +00:00
Tom Ritter
24a82c667b Bug 1504022 - Backout 1498693 to restore mingw exceptions for __try/__except r=bobowen
mingw-clang, when using SEH exceptions, compile these fine but don't unwind
them properly. When using sj/lj exceptions it can't compile them at all.

--HG--
extra : histedit_source : 4bda121d4d60ab6e7cf51a3d4287261c81904fe2
2018-11-02 13:06:24 -05:00
ffxbld
de627b48fd No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D10879

--HG--
extra : moz-landing-system : lando
2018-11-05 13:27:19 +00:00
Johann Hofmann
1c2de6c900 Bug 1501680 - Don't send credentials in ssl error reports. r=Gijs
Differential Revision: https://phabricator.services.mozilla.com/D10594

--HG--
extra : moz-landing-system : lando
2018-11-01 18:49:11 +00:00
Jan-Erik Rediger
50555e7773 Bug 1468761 - Migrate external Telemetry tests to handle packed histograms r=chutten
Depends on D9236

Differential Revision: https://phabricator.services.mozilla.com/D9237

--HG--
extra : moz-landing-system : lando
2018-11-01 13:46:59 +00:00
Ehsan Akhgari
164805ba94 Bug 1502774 - Part 2: Remove XPCOM component registrations for auth module classes r=valentin
Depends on D10025

Differential Revision: https://phabricator.services.mozilla.com/D10026

--HG--
extra : moz-landing-system : lando
2018-11-01 10:39:58 +00:00
ffxbld
1a798e34d6 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D10545

--HG--
extra : moz-landing-system : lando
2018-11-01 12:52:20 +00:00
Andreea Pavel
3770da1a92 Backed out 3 changesets (bug 1502774) for causing multiple crashes - bug 1503201 a=backout
Backed out changeset 6b821f5b12ae (bug 1502774)
Backed out changeset b3bf57d996a7 (bug 1502774)
Backed out changeset 32a581482291 (bug 1502774)

--HG--
rename : extensions/auth/nsIAuthModule.cpp => extensions/auth/nsAuthFactory.cpp
2018-10-30 21:18:29 +02:00
J.C. Jones
054009f29f Bug 1501587 - land NSS 3b79af0fa294 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 710a4c409afc9a1b0c8a77a872b04369b3d03671
2018-10-29 14:29:54 -07:00
Ehsan Akhgari
51908697bd Bug 1502774 - Part 2: Remove XPCOM component registrations for auth module classes r=valentin
Depends on D10025

Differential Revision: https://phabricator.services.mozilla.com/D10026

--HG--
extra : moz-landing-system : lando
2018-10-29 14:59:16 +00:00
Narcis Beleuzu
3467484554 Backed out 3 changesets (bug 1502774) for mingwclang bustages on include/sspi.h. CLOSED TREE
Backed out changeset a1f9c4666855 (bug 1502774)
Backed out changeset 07648e9d8400 (bug 1502774)
Backed out changeset b403c3c786ee (bug 1502774)

--HG--
rename : extensions/auth/nsIAuthModule.cpp => extensions/auth/nsAuthFactory.cpp
2018-10-29 17:01:21 +02:00
Ehsan Akhgari
acc9a12f81 Bug 1502774 - Part 2: Remove XPCOM component registrations for auth module classes r=valentin
Depends on D10025

Differential Revision: https://phabricator.services.mozilla.com/D10026

--HG--
extra : moz-landing-system : lando
2018-10-29 14:40:29 +00:00
ffxbld
36c0312102 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D10049

--HG--
extra : moz-landing-system : lando
2018-10-29 12:26:11 +00:00
Haik Aftandilian
2ca07b2f4a Bug 1502228 - [Mac] With sandbox early startup enabled, some form elements are not rendered r=Alex_Gaynor
Add the /private/var directory to the list of file-read-metadata paths to avoid rendering issues on macOS 10.14 when sandbox early startup is enabled.

Differential Revision: https://phabricator.services.mozilla.com/D9933

--HG--
extra : moz-landing-system : lando
2018-10-26 18:51:37 +00:00
Jeff Gilbert
02e6ff5ccb Bug 1499587 - Fix win64 clang-cl -Wwritable-strings. r=ted
Differential Revision: https://phabricator.services.mozilla.com/D9031

--HG--
extra : moz-landing-system : lando
2018-10-25 14:16:27 +00:00
ffxbld
705e5f8284 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D9775

--HG--
extra : moz-landing-system : lando
2018-10-25 14:05:03 +00:00
David Keeler
7473c7494c bug 1499846 - implement user reauthentication on MacOS r=franziskus,spohl
Differential Revision: https://phabricator.services.mozilla.com/D9025

--HG--
extra : moz-landing-system : lando
2018-10-25 00:24:04 +00:00
ffxbld
b260043af7 No Bug, mozilla-central repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update r=bagder,RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D9534

--HG--
extra : moz-landing-system : lando
2018-10-23 20:24:21 +00:00
Ehsan Akhgari
f6b7bc0052 Bug 1501404 - Part 6: Remove the XPCOM registrations for socket provider classes r=valentin
Depends on D9574

Differential Revision: https://phabricator.services.mozilla.com/D9575

--HG--
extra : moz-landing-system : lando
2018-10-23 20:07:27 +00:00
Margareta Eliza Balazs
1a7c7d8823 Merge mozilla-central to autoland. a=merge CLOSED TREE 2018-10-23 12:31:53 +03:00
Margareta Eliza Balazs
a7f4d3ba4f Merge inbound to mozilla-central. a=merge 2018-10-23 12:27:03 +03:00
Franziskus Kiefer
4c3ce53100 Bug 1498518 - user authentication prompts for Windows, r=keeler,mhowell
Depends on D8480

Differential Revision: https://phabricator.services.mozilla.com/D8530

--HG--
extra : moz-landing-system : lando
2018-10-23 09:05:07 +00:00
Dana Keeler
5af8762bc6 bug 1499766 - rework the threading model of OSKeyStore r=jcj
The original threading model of OSKeyStore could lead to a deadlock if an
asynchronous event were dispatched and then the isNSSKeyStore attribute were
queried. This patch removes that pitfall by moving the determination of the
attribute to OSKeyStore rather than the underlying implementation.

Additionally, the original threading model was inefficient in that it created
and destroyed a thread per asynchronous operation. This patch reworks this to
only ever create one worker thread.

Differential Revision: https://phabricator.services.mozilla.com/D9299

--HG--
extra : moz-landing-system : lando
2018-10-23 01:14:14 +00:00
Dana Keeler
c6f2578c07 bug 1496736 - check if we actually have a new key DB before removing the old one r=jcj
In bug 1475775, we added code to remove the old NSS key DB if the user has set a
password on the grounds that the old DB could potentially be unencrypted and
contain secrets. However, we did so with the assumption that we were using the
new DB, which is not necessarily true when the system has been configured to
always use the old DB, as with some RedHat products. This patch checks for the
existence of the new DB before proceeding with deleting the old DB. Technically
this isn't sufficient, because the new DB could be present even if we're not
using it. However, we've already gone far into "this configuration isn't
supported" territory.

Differential Revision: https://phabricator.services.mozilla.com/D9318

--HG--
extra : moz-landing-system : lando
2018-10-22 19:52:10 +00:00
Timothy Guan-tin Chien
b2023e958b Bug 1486954 - Part I, Encrypt credit card numbers with OS key store. r=MattN
This patch morphs MasterPassword.jsm to OSKeyStore.jsm while keeping the same
API, as an adaptor between the API and the native API exposed as nsIOSKeyStore.idl.

Noted that OS Key Store has the concept of "recovery phrase" that we won't
be adopting here. The recovery phrase, together with our label, allow
the user to re-create the same key in OS key store.

Test case changes are needed because we have started asking for login in
places where we'll only do previously when "master password is enabled".
This also made some "when master password is enabled" tests invalid because
it is always considered enabled.

Some more test changes are needed simply because they previously rely on the
stable order of microtask resolutions (and the stable # of promises for a
specific operation). That has certainly changed with OSKeyStore.

The credit card form autofill is only enabled on Nightly.

Differential Revision: https://phabricator.services.mozilla.com/D4498

--HG--
rename : browser/extensions/formautofill/MasterPassword.jsm => browser/extensions/formautofill/OSKeyStore.jsm
rename : browser/extensions/formautofill/test/browser/browser_creditCard_fill_master_password.js => browser/extensions/formautofill/test/browser/browser_creditCard_fill_cancel_login.js
extra : rebase_source : cabbd8cdec86e5b3965cf1c8b6e635b73b6c2095
extra : histedit_source : 65e71057104465553fefa1d0b293580efed53075
2018-10-17 02:31:04 +00:00
Haik Aftandilian
49e56fe77b Bug 1431441 - Part 5 - Parameterize access to the windowserver in the Mac content sandbox policy r=Alex_Gaynor
Only allow access to "com.apple.windowserver.active" when the pref
"security.sandbox.content.mac.disconnect-windowserver" is set to true.

Depends on D6721

Differential Revision: https://phabricator.services.mozilla.com/D7357

--HG--
extra : moz-landing-system : lando
2018-10-18 20:49:51 +00:00
Haik Aftandilian
cf8dfa28d7 Bug 1431441 - Part 4 - ASSERT the sandbox is already enabled r=Alex_Gaynor
When early initialization of the sandbox is enabled, assert that the sandbox has already been enabled in ContentProcess::Init().

Depends on D6720

Differential Revision: https://phabricator.services.mozilla.com/D6721

--HG--
extra : moz-landing-system : lando
2018-10-18 20:47:43 +00:00
Haik Aftandilian
81b56d13a8 Bug 1431441 - Part 3 - Start the Mac content sandbox earlier r=Alex_Gaynor
Pass sandbox parameters to content processes on the command line allowing for early sandbox startup.

Pref'd off behind "security.sandbox.content.mac.earlyinit" until it's ready to be enabled by default.

Once early startup is enabled by default and considered stable, the original sandbox startup code can be removed.

Depends on D6719

Differential Revision: https://phabricator.services.mozilla.com/D6720

--HG--
extra : moz-landing-system : lando
2018-10-19 18:23:16 +00:00
Haik Aftandilian
851ee0f677 Bug 1431441 - Part 2 - Remove rules for APP_BINARY_PATH and APP_DIR Mac sandbox parameters r=Alex_Gaynor
Simplify the content sandbox policy by removing APP_BINARY_PATH and APP_DIR Mac sandbox parameters and their associated rules in the policy. Keep APP_PATH which is a parent directory of APP_BINARY_PATH and APP_DIR. Change APP_PATH to be the path to the parent process .app directory and make GetAppPath return this path when called from the parent or a child process.

Depends on D6717

Differential Revision: https://phabricator.services.mozilla.com/D6719

--HG--
extra : moz-landing-system : lando
2018-10-19 18:23:06 +00:00
ffxbld
a57a738829 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=mtabara
Differential Revision: https://phabricator.services.mozilla.com/D9376

--HG--
extra : moz-landing-system : lando
2018-10-22 12:13:22 +00:00
Kershaw Chang
8d4d50662c Bug 1219935 - Skip OCSP request if PAC download is in progress r=keeler,bagder
This is a straightforward patch.
Just add a new attribute in nsIProtocolProxyService to indicate whether PAC is still loading. If yes, fail the OCSP request.

Differential Revision: https://phabricator.services.mozilla.com/D9154

--HG--
extra : moz-landing-system : lando
2018-10-22 09:07:51 +00:00
Johann Hofmann
d7b28163d3 Bug 1500020 - Update cert error page copy based on UX suggestions. r=nhnt11
Differential Revision: https://phabricator.services.mozilla.com/D9080

--HG--
extra : moz-landing-system : lando
2018-10-19 14:50:59 +00:00
Mark Banner
ceaeb93550 Bug 1486741 - Enable ESLint rule comma-dangle for all of mozilla-central (automatic fixes). r=mossop
Differential Revision: https://phabricator.services.mozilla.com/D8389

--HG--
extra : moz-landing-system : lando
2018-10-19 12:55:39 +00:00
Cosmin Sabou
d3c64e672f Merge mozilla-central to autoland. a=merge 2018-10-19 00:57:18 +03:00
Dana Keeler
1ccf5dc900 bug 1498686 - avoid acquiring TransportSecurityInfo::mMutex in hot code r=jesup,jcj
Before this patch, Necko functions polling the state of TLS sockets
(essentially, TransportSecurityInfo) would cause a considerable amount of
locking on TransportSecurityInfo::mMutex instances via GetErrorCode(). Most of
this code only cared if an error had been set via SetCanceled(), so this patch
adds an atomic boolean mCanceled (and associated accessor GetCanceled()) that
can be used to the same effect but without acquiring the lock.

Differential Revision: https://phabricator.services.mozilla.com/D8754

--HG--
extra : moz-landing-system : lando
2018-10-18 20:08:02 +00:00
Chris Martin
deeb744526 Bug 1496364 - Minor refactor to stop uninitialized variable warning r=handyman
The compiler warns that jobLevel is uninitialized if none of the if-else
conditions are true. Simply replacing the leading assert with a
"else crash" tells the compiler that case will never actually happen.

Differential Revision: https://phabricator.services.mozilla.com/D8841

--HG--
extra : moz-landing-system : lando
2018-10-18 19:14:05 +00:00
David Parks
8ad763743e Bug 1426733: Use restricting SIDs in Windows NPAPI process sandbox (r=bobowen)
Allow NPAPI sandbox to use restricting SIDs.  This hardens the plugin sandbox.

Differential Revision: https://phabricator.services.mozilla.com/D8746

--HG--
extra : moz-landing-system : lando
2018-10-18 16:27:56 +00:00
Ciure Andrei
bae4d8bacf Merge mozilla-central to mozilla-inbound. a=merge CLOSED TREE 2018-10-18 19:40:31 +03:00
ffxbld
74122af621 No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D9085

--HG--
extra : moz-landing-system : lando
2018-10-18 12:21:07 +00:00
Margareta Eliza Balazs
f4ce95166f Merge autoland to mozilla-central. a=merge 2018-10-18 13:19:19 +03:00
Margareta Eliza Balazs
53fc8ddacd Backed out 4 changesets (bug 1486954) for hangs on Linux. a=backout
Backed out changeset c895888bdddc (bug 1486954)
Backed out changeset 27e9286503e8 (bug 1486954)
Backed out changeset 87e64652386d (bug 1486954)
Backed out changeset 96a6e1ceb697 (bug 1486954)

--HG--
rename : browser/extensions/formautofill/OSKeyStore.jsm => browser/extensions/formautofill/MasterPassword.jsm
rename : browser/extensions/formautofill/test/browser/browser_creditCard_fill_cancel_login.js => browser/extensions/formautofill/test/browser/browser_creditCard_fill_master_password.js
2018-10-18 12:40:21 +03:00
Dana Keeler
d4ce8fc140 bug 1497555 - filter out same-document location changes in nsSecureBrowserUIImpl::OnLocationChange r=Ehsan
If nsSecureBrowserUIImpl::OnLocationChange receives a
LOCATION_CHANGE_SAME_DOCUMENT notification, it doesn't need to (and in fact
shouldn't) update its security state or notify downstream listeners.

Differential Revision: https://phabricator.services.mozilla.com/D8900

--HG--
extra : moz-landing-system : lando
2018-10-17 21:38:24 +00:00
Nick Alexander
d56eb2a314 Bug 1489443 - Set GCC_USE_GNU_LD based on linker kind. r=froydnj
The desired outcome of this change is that we'll set
-Wl,--version-script based on linker kind and not on the output of
$LINKER -v.

This is a cheap way to address a simple problem that has a complicated
ideal solution. The underlying issue is that in some situations, when
targeting Android, a macOS system ld is interrogated to determine if
a cross-compiling linker "is GNU ld" and a particular linker feature
is set in that situation. The macOS system ld doesn't pass the "is
GNU ld" test, and the linker feature isn't set; that causes link
failures, even though the actual linker has nothing to do with the
system ld.

The ideal solution is to test for linker capabilities dynamically. We
do a lot of that in old-configure.in, and we don't do any of that in
toolchain.configure. Rather than start testing in
toolchain.configure, we hard-code: a cheap solution to the immediate
problem.

MinGW suffers somewhat from the opposite problem: the linker "is GNU
ld" (compatible), but the linker checks don't happen at all. We hard-code
for MinGW based on the C compiler instead.

Differential Revision: https://phabricator.services.mozilla.com/D8471

--HG--
extra : moz-landing-system : lando
2018-10-17 19:46:03 +00:00
Dana Keeler
c4dab46f9c bug 1497258 - remove unsound OCSP assertion from NSSCertDBTrustDomain::CheckRevocation r=mayhemer
In reimplementing the OCSP fetching code in bug 1456489, we improperly
translated an assertion that relied on the nullness of a pointer to rely on the
length of a data structure that was populated by reference. It turns out that
this made the assertion invalid because we could return a successful result and
have filled the data structure with zero-length data and it still would be valid
to operate on (the decoding code returns a malformed input result in this case).
To fix this, we can simply remove the assertion. This patch also adds a test to
exercise this case.

Differential Revision: https://phabricator.services.mozilla.com/D8883

--HG--
extra : moz-landing-system : lando
2018-10-17 19:35:28 +00:00
Paolo Amadini
3a2f47fd3f Bug 1428869 - Use html:progress in front-end code. r=bgrins,Gijs
Differential Revision: https://phabricator.services.mozilla.com/D9009

--HG--
extra : rebase_source : 0e2d20dc6060a4c0ee278ef05d67668aec12e64f
2018-10-18 15:41:21 +01:00
Johann Hofmann
a63c05f4b8 Bug 1484255 - Add Telemetry Events for the certificate error pages. r=nhnt11,keeler
Differential Revision: https://phabricator.services.mozilla.com/D8281

--HG--
extra : moz-landing-system : lando
2018-10-17 13:10:26 +00:00
Csoregi Natalia
eef79962ba Merge inbound to mozilla-central. a=merge 2018-10-17 13:03:35 +03:00
Timothy Guan-tin Chien
f47a796bf6 Bug 1486954 - Part I, (Nighty-only feature) Encrypt credit card numbers with OS key store r=MattN
This patch morphs MasterPassword.jsm to OSKeyStore.jsm while keeping the same
API, as an adaptor between the API and the native API exposed as nsIOSKeyStore.idl.

Noted that OS Key Store has the concept of "recovery phrase" that we won't
be adopting here. The recovery phrase, together with our label, allow
the user to re-create the same key in OS key store.

Test case changes are needed because we have started asking for login in
places where we'll only do previously when "master password is enabled".
This also made some "when master password is enabled" tests invalid because
it is always considered enabled.

Some more test changes are needed simply because they previously rely on the
stable order of microtask resolutions (and the stable # of promises for a
specific operation). That has certainly changed with OSKeyStore.

The credit card form autofill is only enabled on Nightly.

Differential Revision: https://phabricator.services.mozilla.com/D4498

--HG--
rename : browser/extensions/formautofill/MasterPassword.jsm => browser/extensions/formautofill/OSKeyStore.jsm
rename : browser/extensions/formautofill/test/browser/browser_creditCard_fill_master_password.js => browser/extensions/formautofill/test/browser/browser_creditCard_fill_cancel_login.js
extra : moz-landing-system : lando
2018-10-17 02:31:04 +00:00