The new rkv-based cert_storage database caused a Heap Unclassified regression because of memory that LMDB reserves when opening a database in read-write mode. Since cert_storage usage is read-heavy, this change claws back that regression by opening it in read-only mode except when changes are being made.
Differential Revision: https://phabricator.services.mozilla.com/D25098
--HG--
extra : moz-landing-system : lando
Per the thread "Intent-to-Ship: Backward-Compatibility FIDO U2F support for
Google Accounts" on dev-platform [0], this bug is to:
1. Enable the security.webauth.u2f by default, to ride the trains
2. Remove the aOp == U2FOperation::Sign check from EvaluateAppID in
WebAuthnUtil.cpp, permitting the Google override to work for Register as
well as Sign.
This would enable Firefox users to use FIDO U2F API on most all sites, subject
to the algorithm limitations discussed in the section "Thorny issues in
enabling our FIDO U2F API implementation" of that post.
[0] https://groups.google.com/d/msg/mozilla.dev.platform/q5cj38hGTEA/lC834665BQAJ
Differential Revision: https://phabricator.services.mozilla.com/D25241
--HG--
extra : moz-landing-system : lando
When the RDD process sandbox is started at launch, assert the sandbox has been enabled in the Init message.
Change AssertMacSandboxEnabled() to use the undocumented sandbox_check() function instead of sandbox_init().
Differential Revision: https://phabricator.services.mozilla.com/D22414
--HG--
extra : moz-landing-system : lando
Move sandbox early start logic to GeckoChildProcessHost.
Move sandbox CLI param logic into MacSandboxInfo.
Differential Revision: https://phabricator.services.mozilla.com/D22409
--HG--
extra : moz-landing-system : lando
Remove the unused plugin binary path and app binary path parameters and cleanup file path permissions.
Explicitly allow access to launchservicesd to allow SetProcessName() to work when the sandbox is started during startup.
Differential Revision: https://phabricator.services.mozilla.com/D22408
--HG--
extra : moz-landing-system : lando
Move sandbox policies for different process types into their own files.
Create a new "utility" policy cloned from the GMP policy to be used for basic utility-type processes.
Use the utility policy for the RDD process.
Differential Revision: https://phabricator.services.mozilla.com/D22405
--HG--
extra : moz-landing-system : lando
After initialization (which happens on the main thread because we need to access
preferences), cert_storage will first be used on a certificate verification
thread. We can use this to avoid main-thread I/O by lazily opening the DB when
it first gets used rather than at initialization.
Differential Revision: https://phabricator.services.mozilla.com/D24998
--HG--
extra : moz-landing-system : lando
Apparently importing a certificate into the NSS certificate DB is slow enough to
materially impact the time it takes to connect to a site. This patch addresses
this by importing any intermediate certificates we want to cache from verified
connections on a background thread (so the certificate verification thread can
return faster).
Differential Revision: https://phabricator.services.mozilla.com/D24384
--HG--
extra : moz-landing-system : lando
Removed all occurences of ondialogaccept.
Removed all occurences of ondialogcancel.
Replaced all removed attributes with event handlers.
Differential Revision: https://phabricator.services.mozilla.com/D21227
--HG--
extra : moz-landing-system : lando
1. Adding a new attribute chromeContext in ConsoleEvent
2. Adding a new boolean attribute isFromChromeContext in nsIConsoleMessage
3. Sending IsFromChromeContext to the parent process
Differential Revision: https://phabricator.services.mozilla.com/D23330
--HG--
extra : moz-landing-system : lando
Apparently importing a certificate into the NSS certificate DB is slow enough to
materially impact the time it takes to connect to a site. This patch addresses
this by importing any intermediate certificates we want to cache from verified
connections on a background thread (so the certificate verification thread can
return faster).
Differential Revision: https://phabricator.services.mozilla.com/D24384
--HG--
extra : moz-landing-system : lando
Added files to UNIFIED_SOURCES and removed conflicts. Files that required flags still remain in SOURCES. SOURCES use "StrictOrderingOnAppendListWithFlagsFactory" base class and UNIFIED_SOURCES use "StrictOrderingOnAppendList" base class. As of now I do not think there is an option to add flags for the later. So the files requiring flags are kept in SOURCES.
Differential Revision: https://phabricator.services.mozilla.com/D23795
--HG--
extra : moz-landing-system : lando
cert_storage migrates revocations.txt via one transaction per entry, which can be expensive. This change uses a single transaction to migrate all entries.
Differential Revision: https://phabricator.services.mozilla.com/D24579
--HG--
extra : moz-landing-system : lando
The definitions can't be entirely removed yet because NSS still needs them.
Differential Revision: https://phabricator.services.mozilla.com/D23454
--HG--
extra : moz-landing-system : lando
This allows us to drop preprocessing and makes it simpler to add edit menu functionality to any type of document.
Differential Revision: https://phabricator.services.mozilla.com/D21446
--HG--
extra : moz-landing-system : lando
If nsSecureBrowserUIImpl::GetState is never called, it never checks for mixed
content (this can happen when loading a page from the BF cache). To ensure that
we properly set the security state (via OnLocationChange -> OnSecurityChange),
nsSecureBrowserUIImpl must check for mixed content more proactively.
Differential Revision: https://phabricator.services.mozilla.com/D23945
--HG--
extra : moz-landing-system : lando
This patch also base64-decodes the API inputs before storing in the DB in
anticipation of being able to pass binary data directly (bug 1535752).
Differential Revision: https://phabricator.services.mozilla.com/D23430
--HG--
extra : moz-landing-system : lando
This patch also base64-decodes the API inputs before storing in the DB in
anticipation of being able to pass binary data directly (bug 1535752).
This patch additionally whitelists the DB backing file in talos.
Differential Revision: https://phabricator.services.mozilla.com/D23430
--HG--
extra : moz-landing-system : lando
The certificate when exported had filename with no separator. Now added "_" separator to filename.
Differential Revision: https://phabricator.services.mozilla.com/D23492
--HG--
extra : moz-landing-system : lando