28a267774e17dec9606813cac2610d5e52d0fb69: Bug 1422820 - Put a limit on the size of Compositors. r=Bas
Nicolas Silva <nsilva@mozilla.com> - Mon, 22 Jan 2018 11:41:56 +0100 - rev 452697
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1422820 - Put a limit on the size of Compositors. r=Bas
a4ac245899c51ebd221269375f6c4c75264e34b0: Bug 1431672 - Add a pref to control whether underscore is treated as a word-forming character. r=m_kato
Jonathan Kew <jkew@mozilla.com> - Mon, 22 Jan 2018 10:19:30 +0000 - rev 452696
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1431672 - Add a pref to control whether underscore is treated as a word-forming character. r=m_kato
809380d457b75e7b82c9e455e568d77e9af5825f: Merge autoland to mozilla-central. a=merge
Gurzau Raul <rgurzau@mozilla.com> - Tue, 23 Jan 2018 02:20:15 +0200 - rev 452695
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Merge autoland to mozilla-central. a=merge
bd7ff5744eb29e105b7b3c37cb5f46164fa11ef4: Bug 1401062 - Avoid doing sandbox-related things to unsandboxed child processes. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 09 Jan 2018 19:54:56 -0700 - rev 452694
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1401062 - Avoid doing sandbox-related things to unsandboxed child processes. r=gcp This is a small piece of cleanup that turned out to not be strictly necessary for the rest of this, so I've made it a separate commit. Sandbox-related launch adjustments (currently, interposing libc functions and providing a file descriptor for the syscall reporter) are no longer applied to processes that won't be sandboxed. The MOZ_SANDBOXED environment variable communicates this to the child process, which allows SandboxEarlyInit to be skipped in that case as well. The idea is that disabling sandboxing for a process type, as part of troubleshooting, should disable everything sandbox-related. As a side-effect, this also skips some very minor but unnecessary overhead for NPAPI process startup. MozReview-Commit-ID: D0KxsRIIRN
400800683ab64f40bade321bf05f5db03ff3ebd5: Bug 1401062 - Create Linux child processes with clone() for namespace/chroot sandboxing. r=gcp
Jed Davis <jld@mozilla.com> - Fri, 06 Oct 2017 17:16:41 -0600 - rev 452693
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1401062 - Create Linux child processes with clone() for namespace/chroot sandboxing. r=gcp Namespace isolation is now handled by using clone() at process creation time, rather than calling unshare. pthread_atfork will no longer apply to sandboxed child processes. The two significant uses of it in Firefox currently are to (1) make malloc work post-fork, which we already avoid depending on in IPC and sandboxing, and (2) block SIGPROF while forking, which is taken care of; see SandboxFork::Fork for details. Note that if we need pthread_atfork in the future it could be emulated by symbol interposition. clone() is called via glibc's wrapper, for increased compatibility vs. invoking the syscall directly, using longjmp to recover the syscall's fork-like semantics the same way Chromium does; see comments for details. The chroot helper is reimplemented; the general approach is similar, but instead of a thread it's a process cloned with CLONE_FS (so the filesystem root is shared) from the child process before it calls exec, so that it still holds CAP_SYS_CHROOT in the newly created user namespace. This does mean that it will retain a CoW copy of the parent's address space until the child starts sandboxing, but that is a relatively short period of time, so the memory overhead should be small and short-lived. The chrooting now happens *after* the seccomp-bpf policy is applied; previously this wasn't possible because the chroot thread would have become seccomp-restricted and unable to chroot. This fixes a potential race condition where a thread could try to access the filesystem after chrooting but before having its syscalls intercepted for brokering, causing spurious failure. (This failure mode hasn't been observed in practice, but we may not be looking for it.) This adds a hidden bool pref, security.sandbox.content.force-namespace, which unshares the user namespace (if possible) even if no sandboxing requires it. It defaults to true on Nightly and false otherwise, to get test coverage; the default will change to false once we're using namespaces by default with content. MozReview-Commit-ID: JhCXF9EgOt6
0a64770aace0e8fa74b972a03a610ceaaec73161: Bug 1401062 - Delete the old namespace/chroot code and reorganize sandbox init. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 31 Aug 2017 20:38:25 -0600 - rev 452692
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1401062 - Delete the old namespace/chroot code and reorganize sandbox init. r=gcp This is mostly deletion, except for SandboxEarlyInit. The unshare() parts are going away, and the "unexpected threads" workaround can go away along with them, but the signal broadcast setup still needs to happen early so we can prevent blocking the signal. So, SandboxEarlyInit's contract changes slightly from "call before any other threads exist" to "before any threads that might block all signals", and everything that can be deferred to immedately before sandbox startup is. As a result, some getenv()s change to PR_GetEnv because there can be threads, and there is now an NSPR dependency. (This may mean that mozglue can no longer interpose symbols in NSPR, because libmozsandbox is preloaded, but I don't think we're doing that.) MozReview-Commit-ID: 7e9u0qBNOqn
cba9a29be139a663869a2c26557fd527a6981407: Bug 1428342 - Make Places queries directly inherit options from their parent. r=standard8
Marco Bonardo <mbonardo@mozilla.com> <mbonardo@mozilla.com> - Thu, 14 Dec 2017 10:06:37 -0600 - rev 452691
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1428342 - Make Places queries directly inherit options from their parent. r=standard8 Rather then trying to guess options from the parent or the root node, make query nodes directly inherit some options from their parent. MozReview-Commit-ID: 1YgDjrrMqGY
e9d182c93bc1702c72dd4cac369044da2e30a280: Bug 1431395 - Set fixed size on all columns. r=Honza
Alexandre Poirot <poirot.alex@gmail.com> - Wed, 17 Jan 2018 14:34:52 -0800 - rev 452690
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1431395 - Set fixed size on all columns. r=Honza MozReview-Commit-ID: KNdjHyc7abU
679d44b3cfb04b80d847d7d519067932bf3a7673: Bug 1432222 - Actually default cargo check to gkrust when invoked without any crate arguments. r=froydnj
Kartikaya Gupta <kgupta@mozilla.com> - Mon, 22 Jan 2018 12:40:28 -0500 - rev 452689
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1432222 - Actually default cargo check to gkrust when invoked without any crate arguments. r=froydnj MozReview-Commit-ID: JIgippNiBP
e4631839df8cc2d0d380551bf9726a8aeceef1b4: Bug 1311177 - Implement the devtools.network.getHAR API method; r=jdescottes,rickychien,rpl
Jan Odvarko <odvarko@gmail.com> - Mon, 22 Jan 2018 18:30:46 +0100 - rev 452688
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1311177 - Implement the devtools.network.getHAR API method; r=jdescottes,rickychien,rpl MozReview-Commit-ID: gUtGjbr0FQ
111877d357c6798cb6c783d7fba1077b0acc3c9f: Bug 1431368 - Change from keypress to keydown per standards change. r=MattN
Jared Wein <jwein@mozilla.com> - Thu, 18 Jan 2018 06:29:54 -0500 - rev 452687
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1431368 - Change from keypress to keydown per standards change. r=MattN MozReview-Commit-ID: phprPvOfuU
a3642d94dc8b045eda9fa9836f67ba19eab3b1f8: Bug 1429723: Remove static analysis special-case that is no longer relevant. r=sfink
Emilio Cobos Álvarez <emilio@crisal.io> - Mon, 15 Jan 2018 03:32:51 +0100 - rev 452686
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1429723: Remove static analysis special-case that is no longer relevant. r=sfink MozReview-Commit-ID: bqCHE0eOx
750cbdd7eb8c6f7c283252e8574ed3860ceadcc9: Bug 1429723: Graphics cleanup. r=jrmuizel
Emilio Cobos Álvarez <emilio@crisal.io> - Mon, 15 Jan 2018 03:35:20 +0100 - rev 452685
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1429723: Graphics cleanup. r=jrmuizel MozReview-Commit-ID: LHo9K4lLtah
3017b55cf82d0b6d4bd57a21d7acff57075d57e2: Bug 1429723: Remove -moz-border-*-colors. r=xidorn
Emilio Cobos Álvarez <emilio@crisal.io> - Mon, 15 Jan 2018 03:36:00 +0100 - rev 452684
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1429723: Remove -moz-border-*-colors. r=xidorn MozReview-Commit-ID: 3P6f7rFcDa6
4c3dcce1163fdbe37f8c824c0c494e7503173573: servo: Merge #19833 - style: Remove -moz-border-*-colors (from emilio:bye-border-colors); r=xidorn
Emilio Cobos Álvarez <emilio@crisal.io> - Mon, 22 Jan 2018 09:23:20 -0600 - rev 452683
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
servo: Merge #19833 - style: Remove -moz-border-*-colors (from emilio:bye-border-colors); r=xidorn Bug: 1429723 Reviewed-by: xidorn MozReview-Commit-ID: 3P6f7rFcDa6 Source-Repo: https://github.com/servo/servo Source-Revision: abb04ce7c6d68bd6fa24d39692d2884c6cbc371d
8ad8d2f1649a76d6f62d823a81b4c6a7a08ca9eb: Bug 1430241 - Call PreventNativeKeyBindings for all key events in child; r=esawin
Jim Chen <nchen@mozilla.com> - Fri, 19 Jan 2018 17:52:27 -0500 - rev 452682
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1430241 - Call PreventNativeKeyBindings for all key events in child; r=esawin Call PreventNativeKeyBindings() for all key events to prevent triggering an assertion in PuppetWidget. MozReview-Commit-ID: 3x96p9baTze
eafefacbfaf926a479848e95e5b28d65f19af12f: Bug 1409672: Handle document state changes using the invalidation machinery. r=xidorn
Emilio Cobos Álvarez <emilio@crisal.io> - Tue, 16 Jan 2018 15:14:39 +0100 - rev 452681
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 1409672: Handle document state changes using the invalidation machinery. r=xidorn MozReview-Commit-ID: EoSMrYPS7dl
f13e81b2bad0146a126275742a44a22f55f7ead9: Bug 888784 - Modify testFormHistory Fennec test to wait until FormHistory database is created. r=nalexander
Mike Conley <mconley@mozilla.com> - Wed, 10 Jan 2018 17:17:31 -0500 - rev 452680
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 888784 - Modify testFormHistory Fennec test to wait until FormHistory database is created. r=nalexander MozReview-Commit-ID: Joysv4Qu9Li
73f44bb6788ef0440d213f68b8537f9cc40dfd4a: Bug 888784 - Use Sqlite.shutdown instead of AsyncShutdown to close FormHistory database connection. r=mak
Mike Conley <mconley@mozilla.com> - Tue, 09 Jan 2018 15:47:49 -0500 - rev 452679
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 888784 - Use Sqlite.shutdown instead of AsyncShutdown to close FormHistory database connection. r=mak MozReview-Commit-ID: GsM0bf8V7XD
2b2c3a2923a929c0426b114c8662f8f36dbf4632: Bug 888784 - Make satchel tests wait for FormHistory to be clear when shutting down. r=mak
Mike Conley <mconley@mozilla.com> - Tue, 09 Jan 2018 18:54:58 -0500 - rev 452678
Push 8799 by mtabara@mozilla.com at Thu, 01 Mar 2018 16:46:23 +0000
Bug 888784 - Make satchel tests wait for FormHistory to be clear when shutting down. r=mak MozReview-Commit-ID: 9rxyT48VnNj
(0) -300000 -100000 -30000 -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 +3000 +10000 +30000 tip