de6dc58f6f51caf627274eef936c7dbd2df69823: Bug 1528276 - Set DebuggerServer.keepAlive for RemoteDebugger and GeckoViewRemoteDebugger;r=ochameau
Julian Descottes <jdescottes@mozilla.com> - Wed, 27 Feb 2019 17:09:05 +0000 - rev 519408
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1528276 - Set DebuggerServer.keepAlive for RemoteDebugger and GeckoViewRemoteDebugger;r=ochameau Depends on D20831 Differential Revision: https://phabricator.services.mozilla.com/D20832
64aa07723c846dc9927b3e259fa2006854e1a071: Bug 1528276 - Add test for DebuggerServer.keepAlive;r=ochameau
Julian Descottes <jdescottes@mozilla.com> - Wed, 27 Feb 2019 17:08:43 +0000 - rev 519407
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1528276 - Add test for DebuggerServer.keepAlive;r=ochameau Depends on D20830 Differential Revision: https://phabricator.services.mozilla.com/D20831
d4dd2195766e051b57d93e799fbdc1a029c99c2b: Bug 1528276 - Do not destroy the DebuggerServer in non-e10s when last frame connection is closed r=ochameau
Julian Descottes <jdescottes@mozilla.com> - Wed, 27 Feb 2019 19:17:37 +0000 - rev 519406
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1528276 - Do not destroy the DebuggerServer in non-e10s when last frame connection is closed r=ochameau When reviewing https://bugzilla.mozilla.org/show_bug.cgi?id=1521052 I did not think about Firefox for Android which is not using e10s. This means the main DebuggerServer will be killed when there are no connections left. Happy to discuss more about the preferred solution. This is a regression in 66 and I hope to uplift a fix for this. Differential Revision: https://phabricator.services.mozilla.com/D20830
493b443954fe15f7b542ba14671f25e5f8531dff: Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 20:14:54 +0000 - rev 519405
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod The seccomp-bpf policy is currently just the "common" policy with no additions (but with the fixes in bug 1511560 to enable shared memory creation). The file broker policy allows shared memory creation and nothing else. The namespace setup is the same as for GMP (i.e., as restrictive as we currently can be). The sandbox can be turned off for troubleshooting by setting the environment variable MOZ_DISABLE_RDD_SANDBOX, similarly to the other process types. Tested against https://demo.bitmovin.com/public/firefox/av1/ with the necessary prefs set. Depends on D20895 Differential Revision: https://phabricator.services.mozilla.com/D14525
bf58d8320f5a1de358b930d996615c73ff22cce9: Bug 1506291 - Move the AV1 decoders to a sandbox-friendly CPU counting wrapper. r=gcp,mjf
Jed Davis <jld@mozilla.com> - Mon, 25 Feb 2019 16:20:50 +0000 - rev 519404
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1506291 - Move the AV1 decoders to a sandbox-friendly CPU counting wrapper. r=gcp,mjf Counting CPUs accesses the filesystem (sysfs or procfs), which we'd like to disallow when sandboxed if possible, and fails silently if access is denied. Because the CPU count rarely changes, this patch handles that problem for the RDD process by caching a copy before starting sandboxing. Tested with a local patch to have the sandbox file broker client crash if accessing the sysfs node for the CPU count, to verify that it's not accessed. Depends on D14524 Differential Revision: https://phabricator.services.mozilla.com/D20895
94cb1fe9db5eb0f0aa0634541afb08af17cf5c05: Bug 1511560 - Allow dup and ftruncate (when needed) in SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 20:14:52 +0000 - rev 519403
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1511560 - Allow dup and ftruncate (when needed) in SandboxPolicyCommon. r=gcp File descriptors are sometimes dup()ed in the process of communicating them over IPC; some of this may be unnecessary (due to insufficient use of move-only types), but dup() is relatively harmless. It was previously allowed for both content and GMP, so this doesn't change anything. The handling of ftruncate is a little complicated -- it's used for IPC shared memory, but only when creating segments; so GMP doesn't allow it and should continue not allowing it, but content needs it and RDD will as well. As a result, the subclass indicates if it will be needed. Note that even when we have memfd_create support (bug 1440203), ftruncate is still necessary even though brokering may not. Depends on D14523 Differential Revision: https://phabricator.services.mozilla.com/D14524
db2dee78ddb0dd23e29948258abd6c7404555b59: Bug 1511560 - Move the socketpair handling into SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Sat, 23 Feb 2019 00:44:10 +0000 - rev 519402
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1511560 - Move the socketpair handling into SandboxPolicyCommon. r=gcp The sandbox broker uses socketpair to construct the per-request channels over which responses are sent; thus, if and only if the policy will be using brokering, it will allow socketpair as safely as possible (i.e., denying datagram sockets if possible). Depends on D14522 Differential Revision: https://phabricator.services.mozilla.com/D14523
bab79f85596242146787d6d2a5ad56596cc1343e: Bug 1511560 - Move syscalls for adjusting memory mapping properties into SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Sat, 23 Feb 2019 00:44:08 +0000 - rev 519401
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1511560 - Move syscalls for adjusting memory mapping properties into SandboxPolicyCommon. r=gcp madvise is used by our malloc (and probably others), and mprotect is used with shared memory, including when created by another process, so the common policy should include those rules. Depends on D14521 Differential Revision: https://phabricator.services.mozilla.com/D14522
48431f63d84227177951f65c9c828548d9a8bbb2: Bug 1511560 - Move the Linux sandbox broker hooks into SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Sat, 23 Feb 2019 00:44:06 +0000 - rev 519400
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1511560 - Move the Linux sandbox broker hooks into SandboxPolicyCommon. r=gcp This will allow other policies to use brokering if needed (e.g., RDD and similar utility processes may need to access /dev/shm to create shared memory). The concrete policy class can deny filesystem access completely (matching the current behavior of the GMP policy) by passing nullptr to the superclass constructor instead. Depends on D14520 Differential Revision: https://phabricator.services.mozilla.com/D14521
56f39977c72c62e0fdff0e5f68e72d6091b221db: Bug 1500297 - Require a broker client in ContentSandboxPolicy at level > 1. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 15:23:25 +0000 - rev 519399
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1500297 - Require a broker client in ContentSandboxPolicy at level > 1. r=gcp ContentSandboxPolicy currently allows direct filesystem access if it isn't given a broker client; this is a legacy design from the B2G era, before the current idea of "sandbox level". With this patch, it allows filesystem access at level 1, and above that it requires brokering. This is both to reduce the opportunities for accidentally having a too-permissive sandbox and to prepare for refactoring the broker glue in bug 1511560. Depends on D14519 Differential Revision: https://phabricator.services.mozilla.com/D14520
bacaa3d582814d0a1ba3769de92e68a01d16a777: Bug 1500297 - Fix Linux content sandbox level 1. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 15:23:25 +0000 - rev 519398
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1500297 - Fix Linux content sandbox level 1. r=gcp Level 1 is meant to enable some seccomp-bpf filtering, but still allow direct access to the filesystem, and level 2 is where brokering starts. This was accidentally broken in 1365257 (making "level 1" act like level 2); this patch fixes that. This feature obviously isn't used much given how long nobody noticed it was broken, but it's useful to have around for troubleshooting, and it's actually easier to fix it than edit it out of the documentation. Differential Revision: https://phabricator.services.mozilla.com/D14519
da83e69c73310999b5c68b769b614351f279ca34: Bug 1530488 - Disable camera for aarch64 windows builds; r=pehrsons
Dan Minor <dminor@mozilla.com> - Wed, 27 Feb 2019 19:50:04 +0000 - rev 519397
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1530488 - Disable camera for aarch64 windows builds; r=pehrsons This disables the camera for win64-aarch64 for Windows versions below 19H1. These versions have problems with the DirectShow implementation which prevent the camera from working properly. Differential Revision: https://phabricator.services.mozilla.com/D21272
2c0ca241bd4b662f7022beb535509164ab7cde51: Bug 1519621 - Make sure ScrollToRestoredPosition() restores both the layout and visual scroll positions. r=tnikkel
Botond Ballo <botond@mozilla.com> - Wed, 27 Feb 2019 20:19:33 +0000 - rev 519396
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1519621 - Make sure ScrollToRestoredPosition() restores both the layout and visual scroll positions. r=tnikkel Differential Revision: https://phabricator.services.mozilla.com/D18367
30aad4a580eb65ad099c1c4c2d897db85b7a76ec: Bug 1527127 update addon panel text for private windows r=flod,Gijs,mstriemer,rpl
Shane Caraveo <scaraveo@mozilla.com> - Wed, 27 Feb 2019 20:05:38 +0000 - rev 519395
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1527127 update addon panel text for private windows r=flod,Gijs,mstriemer,rpl Differential Revision: https://phabricator.services.mozilla.com/D19845
3063f37eb7b21e145478f9ee641d2945e0e36986: Bug 1527127 set permission for enabled extensions on initial upgrade r=aswan
Shane Caraveo <scaraveo@mozilla.com> - Mon, 25 Feb 2019 16:59:55 +0000 - rev 519394
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1527127 set permission for enabled extensions on initial upgrade r=aswan When a user first upgrades to a version where incognito is enabled, add the permission to all enabled extensions. This preserves user workflow and addresses other issues (e.g. proxy). This will only happen once. Differential Revision: https://phabricator.services.mozilla.com/D19442
009e7457b990b1a0f6c19814cd31526539303ebc: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 12 - new CookieSettings for SharedWorkers and ServiceWorkers, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:58:26 +0000 - rev 519393
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 12 - new CookieSettings for SharedWorkers and ServiceWorkers, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D21357
efb2e8fca464952ac811ffc124d47bb543ff3a76: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 11 - windows/workers/documents must keep the current cookie settings and ignore changes, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:58:07 +0000 - rev 519392
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 11 - windows/workers/documents must keep the current cookie settings and ignore changes, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D18960
6a8401de32379f23a5544a7e0b5b1b16916fd581: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 10 - Fix existing tests, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:57:47 +0000 - rev 519391
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 10 - Fix existing tests, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D18958
38e802661b143173e5f1a3606a28faab480b089d: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 9 - Tests for DOM Cache and cookie settings changing, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:57:27 +0000 - rev 519390
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 9 - Tests for DOM Cache and cookie settings changing, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D18957
d02e3f436390ec69c44c3bd09ab1fe81489701a4: Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 8 - Tests for ServiceWorkers and cookie settings changing, r=Ehsan
Andrea Marchesini <amarchesini@mozilla.com> - Wed, 27 Feb 2019 19:57:09 +0000 - rev 519389
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 8 - Tests for ServiceWorkers and cookie settings changing, r=Ehsan Differential Revision: https://phabricator.services.mozilla.com/D18956
(0) -300000 -100000 -30000 -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 +3000 +10000 tip