Changes the semantics of the security.sandbox.content.level pref on OS X with
respect to file access to the user's home directory. With the fix, Nightly
defaults to 2 while other releases will default to 1. The level values now
have the following meaning.
*) security.sandbox.content.level=0 disables content process sandboxing.
No change here.
*) security.sandbox.content.level=1 blocks write access to the majority of the
home directory.
*) security.sandbox.content.level=2 includes the write access blocking in
level 1, but also blocks both read and write access to ~/Library and $PROFILE
excluding the extensions and weave subdirectories.
Prior to this fix, Nightly defaulted to a value of 1 while all other releases
used 0. The value of 1 meant that read/write access to ~/Library and the
$PROFILE dir (excluding $PROFILE/{extensions,weave}) was prevented.
The strength of a level=1 sandbox is reduced by this with fix,
but level=1 becomes the first ride-the-trains content sandbox candidate,
Nightly changes to level=2, and higher levels still indicate a more
restrictive sandbox.
MozReview-Commit-ID: 7NJAe24T4pU
--HG--
extra : rebase_source : 8cb5ea82004ad631fe688bafffa9dc9979568679
Disabling the Adobe CDM but leaving it visible means that we won't download it
and if a site tries to use it we will prompt the user to enable DRM and only
then download it.
MozReview-Commit-ID: LtEr0NJMiQM
--HG--
extra : rebase_source : b7c6f005fb6173c41af6a583c22473066a47a5eb
Changes the semantics of the security.sandbox.content.level pref on OS X with
respect to file access to the user's home directory. With the fix, Nightly
defaults to 2 while other releases will default to 1. The level values now
have the following meaning.
*) security.sandbox.content.level=0 disables content process sandboxing.
No change here.
*) security.sandbox.content.level=1 blocks write access to the majority of the
home directory.
*) security.sandbox.content.level=2 includes the write access blocking in
level 1, but also blocks both read and write access to ~/Library and $PROFILE
excluding the extensions and weave subdirectories.
Prior to this fix, Nightly defaulted to a value of 1 while all other releases
used 0. The value of 1 meant that read/write access to ~/Library and the
$PROFILE dir (excluding $PROFILE/{extensions,weave}) was prevented.
The strength of a level=1 sandbox is reduced by this with fix,
but level=1 becomes the first ride-the-trains content sandbox candidate,
Nightly changes to level=2, and higher levels still indicate a more
restrictive sandbox.
MozReview-Commit-ID: 7NJAe24T4pU
--HG--
extra : rebase_source : 6e678cc6d23c604d8ed0888d6ceeeb4bf797cb1f
The "Enable Crash Reporter" pref is erroneous because what it actually controls is
whether or not the "Submit crash report" checkbox is checked by default when the
crash report dialog comes up.
MozReview-Commit-ID: Ud6SLKXvxw
--HG--
extra : rebase_source : 45d3bc0e5ea727983e8c6e6c0d2c13b020dc0a11
The current UI for EME on Linux is confusing. We have the 'Play DRM Content'
checkbox ticked, but the CDM disabled. It would be clearer if we just had
the 'Play DRM Checkbox' unticked, and instead left the Widevine CDM enabled.
Then we won't download and install the CDM until the 'Play DRM Content'
checkbox is checked (which toggles media.eme.enabled).
This also means that the Widevine CDM won't appear in the plugins list
by default unless the 'Play DRM Checkbox' is checked.
MozReview-Commit-ID: 7CeCe1DOWgM
--HG--
extra : rebase_source : 39fa0bf479f3632616ef6e79178348605404c575
We don't want the Widevine CDM to be downloaded by default on Linux, as
the CDM is proprietary software and the user hasn't opted in to having such
software on their system. By leaving the CDM visible but disabled, we'll
prompt the user the first time EME is used, and they can approve the
download.
This means the Widevine CDM won't be downloaded by default. The user will
need to opt-in to enablding DRM playback before we'll download proprietary
CDMs.
MozReview-Commit-ID: GLBoK2Czjcc
--HG--
extra : rebase_source : 35aac5a84a1b779149d08fe5a2c85179bd00756d
This patch adds the gpsd location provider to |nsGeolocationService|.
On release builds, the new provider is *not* used by default, as GPS
is slow to start and unreliable indoors. To enable gpsd, users with a
supported GPS receiver must set the preference 'geo.location.use_gpsd'
to 'true'.
On non-release builds, the gpsd location provider is enabled by default
to give it some testing.
MozReview-Commit-ID: I0tj1GmmFNP
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
