searching for reviewer(gcp)
e881e8e454eb: Bug 1452445 - Fix update error observer in unit test. r=gcp, a=test-only
Francois Marier <francois@mozilla.com> - Tue, 29 May 2018 18:06:49 -0700 - rev 471244
Push 9342 by ryanvm@gmail.com at 2018-06-09 13:42 +0000
Bug 1452445 - Fix update error observer in unit test. r=gcp, a=test-only We should only observe for update errors while we are expecting a successful update. MozReview-Commit-ID: 3grGhmxqhIX
a761c0e32512: Bug 1452445 - Promote MOZ_LOG calls to NS_WARNING in LookupCacheV4. r=gcp
Francois Marier <francois@mozilla.com> - Mon, 30 Apr 2018 16:44:35 -0700 - rev 470563
Push 9184 by archaeopteryx@coole-files.de at 2018-05-06 20:01 +0000
Bug 1452445 - Promote MOZ_LOG calls to NS_WARNING in LookupCacheV4. r=gcp This should help narrow down which of the code paths is responsible for the intermittent failures we are seeing. MozReview-Commit-ID: JHVZzixpOg6
c7f6d061d06c: Bug 1434662 - Move initialization code to ProtocolParser::Begin(). r=gcp
Francois Marier <francois@mozilla.com> - Tue, 24 Apr 2018 10:08:56 +0200 - rev 468816
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1434662 - Move initialization code to ProtocolParser::Begin(). r=gcp Repurpose the previously unused Begin() function to initialize ProtocolParser objects and also assert that we are not reusing objects across update since that's not supported. MozReview-Commit-ID: HIGGgOr388h
e1f41b9f1d44: Bug 1434662 - Remove dead code. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 19 Apr 2018 16:06:40 -0700 - rev 468815
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1434662 - Remove dead code. r=gcp This check was added in bug 1296820 to disable V4 updates prior to their being implemented. It should have been removed once we landed working support for V4 updates. MozReview-Commit-ID: 828DIS72LNi
7bbbf41e9210: Bug 1434662 - Reset Safe Browsing V4 tables that fail to update. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 12 Apr 2018 10:11:30 -0700 - rev 468814
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1434662 - Reset Safe Browsing V4 tables that fail to update. r=gcp This is a generalization of the reset code that's used in pver2 to reset all tables when a `pleasereset` command is received. MozReview-Commit-ID: LF4RegQHqoT
983099e546d8: Bug 1434662 - Move initialization code to ProtocolParser::Begin(). r=gcp
Francois Marier <francois@mozilla.com> - Thu, 19 Apr 2018 17:10:45 -0700 - rev 468571
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1434662 - Move initialization code to ProtocolParser::Begin(). r=gcp Repurpose the previously unused Begin() function to initialize ProtocolParser objects and also assert that we are not reusing objects across update since that's not supported. MozReview-Commit-ID: HIGGgOr388h
39b9f46104ad: Bug 1434662 - Remove dead code. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 19 Apr 2018 16:06:40 -0700 - rev 468570
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1434662 - Remove dead code. r=gcp This check was added in bug 1296820 to disable V4 updates prior to their being implemented. It should have been removed once we landed working support for V4 updates. MozReview-Commit-ID: 828DIS72LNi
6f652d798a0c: Bug 1434662 - Reset Safe Browsing V4 tables that fail to update. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 12 Apr 2018 10:11:30 -0700 - rev 468569
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1434662 - Reset Safe Browsing V4 tables that fail to update. r=gcp This is a generalization of the reset code that's used in pver2 to reset all tables when a `pleasereset` command is received. MozReview-Commit-ID: LF4RegQHqoT
baeab3bff807: Bug 1439057 - Tighten /dev/shm access in Linux content sandbox policy. r=froydnj,gcp
Jed Davis <jld@mozilla.com> - Thu, 12 Apr 2018 23:48:16 -0600 - rev 468169
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1439057 - Tighten /dev/shm access in Linux content sandbox policy. r=froydnj,gcp This patch uses the shared memory name prefixes introduced in bug 1447867 to prevent access to /dev/shm files of other applications or other processes within the same browser instance. When a shared memory implementation that doesn't use shm_open is available (specifically, the memfd_create support to be added in bug 1440203), /dev/shm access is completely denied. MozReview-Commit-ID: L2ylG5KrXTU
e63436b2efb3: Bug 1438671 - Remove the std::string wrapper in TableUpdateV4. r=gcp
Francois Marier <francois@mozilla.com> - Tue, 03 Apr 2018 17:11:30 -0700 - rev 465708
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1438671 - Remove the std::string wrapper in TableUpdateV4. r=gcp Given we're no longer using dependent strings in LookupCacheV4::PrefixString(), we will end up make a copy of the prefixes at some point. Let's do it early and remove a bunch of complicated code. Make the string copies fallible so that we return an error and fail the update instead of crashing. MozReview-Commit-ID: 5cZHSDIJSlD
bbacf34b38b9: Bug 1438671 - Add assertions to enforce the size of prefix strings. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 29 Mar 2018 15:40:13 -0700 - rev 465707
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1438671 - Add assertions to enforce the size of prefix strings. r=gcp Also document the meaning of mPrimed in LookupCache.h. MozReview-Commit-ID: 63GAHwU3Rx3
40b6b9a6bb95: Bug 1438671 - Remove some inappropriate uses of dependent strings. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 29 Mar 2018 16:31:39 -0700 - rev 465706
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1438671 - Remove some inappropriate uses of dependent strings. r=gcp Dependent strings are recommended only when dealing with a character buffer (i.e. char*). Using it here makes it more likely that we'll hang on to a string buffer that will be deallocated. nsCString will by default share the underlying string buffers when it can (i.e. when copying entire strings on the heap) so it should be able to avoid unnecessary copies. MozReview-Commit-ID: 3rTUYmouzcT
82f6b95693c8: Bug 1438671 - Terminate tests early when updates fail. r=gcp
Francois Marier <francois@mozilla.com> - Tue, 27 Mar 2018 16:29:02 -0700 - rev 465705
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1438671 - Terminate tests early when updates fail. r=gcp Some of the tests don't handle update errors very well and rely on timeouts to fire after several minutes. Since these tests are not actually testing update failure modes, it's safe to fail quicly and terminate the test with an exception. MozReview-Commit-ID: EJgaWke6kl2
ca925c1b80e1: Bug 1441211 - Use common prefix for all URL Classifier gtests. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 05 Apr 2018 15:09:03 -0700 - rev 465671
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1441211 - Use common prefix for all URL Classifier gtests. r=gcp With a common prefix, all of the URL Classifier gtests can be run like this: ./mach gtest UrlClassifier* MozReview-Commit-ID: IqQznsldFOD
ddd9187ed66d: Bug 1450740 - Don't sandbox network namespace when X11 named sockets aren't accessible. r=gcp
Jed Davis <jld@mozilla.com> - Mon, 02 Apr 2018 15:19:04 -0600 - rev 465078
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1450740 - Don't sandbox network namespace when X11 named sockets aren't accessible. r=gcp MozReview-Commit-ID: KiL4GwMms3a
0b8d58958178: Bug 1445003 - Detect RenderDoc and adjust the sandbox policy so it can work. r=gcp
Jed Davis <jld@mozilla.com> - Mon, 12 Mar 2018 20:21:08 -0600 - rev 461720
Push 9165 by asasaki@mozilla.com at 2018-04-26 21:04 +0000
Bug 1445003 - Detect RenderDoc and adjust the sandbox policy so it can work. r=gcp RenderDoc, a graphics debugging tool, uses a preload library that creates a listening socket (Internet-domain) early in startup and accepts connections from the frontend. If it's detected (via env vars), we allow accept/accept4 (but not socket/bind/listen), and remain in the parent process's network namespace so that other processes can connect to the socket. This doesn't change the sandbox policy if not running under RenderDoc. MozReview-Commit-ID: 964RW4BFh4u
73fab5fbc843: Bug 1450740 - Don't sandbox network namespace when X11 named sockets aren't accessible. r=gcp, a=RyanVM
Jed Davis <jld@mozilla.com> - Mon, 02 Apr 2018 15:19:04 -0600 - rev 460634
Push 9003 by ryanvm@gmail.com at 2018-04-09 14:21 +0000
Bug 1450740 - Don't sandbox network namespace when X11 named sockets aren't accessible. r=gcp, a=RyanVM MozReview-Commit-ID: KiL4GwMms3a
79e7ee0f6d6a: Bug 1444175 - Mark CamerasParent final; r=gcp
Alex Gaynor <agaynor@mozilla.com> - Thu, 08 Mar 2018 14:54:58 -0500 - rev 459978
Push 8824 by archaeopteryx@coole-files.de at 2018-03-12 14:54 +0000
Bug 1444175 - Mark CamerasParent final; r=gcp MozReview-Commit-ID: 2m1rCZxrUTq
792ab44dd9ec: Bug 1440206 - Allow brokered access to a subset of connect() in the Linux content sandbox. r=gcp
Jed Davis <jld@mozilla.com> - Fri, 09 Mar 2018 19:31:23 -0700 - rev 459967
Push 8824 by archaeopteryx@coole-files.de at 2018-03-12 14:54 +0000
Bug 1440206 - Allow brokered access to a subset of connect() in the Linux content sandbox. r=gcp This is to support WebGL with hybrid graphics drivers that connect to a secondary X server for GL (Primus and VirtualGL), without allowing access to arbitrary sockets. In addition to local X11 connections, Primus needs to connect to the Bumblebee daemon (otherwise it will exit the calling process). The broker support is limited to AF_UNIX, to non-datagram sockets (see bug 1066750), and to pathname addresses. Abstract addresses could theoretically be handled but there isn't currently a compelling reason to, and the broker very much assumes it's dealing with a C-style string referring to a filesystem path and not an arbitrary byte sequence (including NULs). At a higher level: If the GPU X server is remote then it won't work, but it won't work anyway because WebGL requires features that aren't supported by indirect GLX. If the GPU X server is local but the browser is inside a chroot, it will fail to connect unless /tmp/.X11-unix is bind-mounted into the chroot; hopefully this use case is not common. MozReview-Commit-ID: IvI2jYDRZZ2
07b6161c7f60: Bug 1434392 - Don't preload libmozsandbox in grandchild processes, only the sandboxed children themselves. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 07 Mar 2018 18:55:20 -0700 - rev 459762
Push 8824 by archaeopteryx@coole-files.de at 2018-03-12 14:54 +0000
Bug 1434392 - Don't preload libmozsandbox in grandchild processes, only the sandboxed children themselves. r=gcp
8e02f0924908: Bug 1442486 - Mark LookupCacheV4 as primed after creating it. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 01 Mar 2018 18:09:58 -0800 - rev 458862
Push 8812 by archaeopteryx@coole-files.de at 2018-03-05 13:45 +0000
Bug 1442486 - Mark LookupCacheV4 as primed after creating it. r=gcp RegenActiveTables() relies on mPrimed being set correctly and so the V4 lookup cache should behave the same way as the V2 one. The V2 lookup cache on the other hand was unnecessarily setting mPrimed to true twice. MozReview-Commit-ID: LwNdI9DTqZ7
67e9ab1a4745: Bug 1439455 - Display error names instead of codes in about:url-classifier. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 22 Feb 2018 17:37:53 -0800 - rev 458339
Push 8808 by archaeopteryx@coole-files.de at 2018-03-02 22:13 +0000
Bug 1439455 - Display error names instead of codes in about:url-classifier. r=gcp This also changes a few MOZ_LOG() messages to use the error name instead of the raw numerical nsresult value. MozReview-Commit-ID: Jcngd0S9j2z
2d6c681af2c2: Bug 1439455 - Round timestamps up to nearest minute in log messages. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 22 Feb 2018 14:21:41 -0800 - rev 458338
Push 8808 by archaeopteryx@coole-files.de at 2018-03-02 22:13 +0000
Bug 1439455 - Round timestamps up to nearest minute in log messages. r=gcp MozReview-Commit-ID: DDv8smOelPQ
fca779af7ef7: Bug 1438391 - Detect VirtualGL and weaken the sandbox enough for it to work. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 22 Feb 2018 19:14:41 -0700 - rev 458336
Push 8808 by archaeopteryx@coole-files.de at 2018-03-02 22:13 +0000
Bug 1438391 - Detect VirtualGL and weaken the sandbox enough for it to work. r=gcp MozReview-Commit-ID: BXmm8JSfkeI
936b73ae6e3c: Bug 1438401 - Quietly fail shmget() in sandboxed content processes. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 27 Feb 2018 21:30:08 -0700 - rev 458335
Push 8808 by archaeopteryx@coole-files.de at 2018-03-02 22:13 +0000
Bug 1438401 - Quietly fail shmget() in sandboxed content processes. r=gcp The X11 symbol interposition isn't enough, possibly because Cairo can also use XCB. Interposing XCB is more difficult because the API exposes more protocol details. Instead, just allow shmget to be called and fail; this will tell Cairo that it can't use SysV IPC with the X server, which is what we want. MozReview-Commit-ID: 5y9tE7UXMTE
923a5ace946a: Bug 1362761 - Improve logging in PrefixSet. r=gcp
Francois Marier <francois@mozilla.com> - Wed, 21 Feb 2018 17:55:12 -0800 - rev 457838
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1362761 - Improve logging in PrefixSet. r=gcp In addition to including the name of the prefix set in all of the LOG messages, the VariablePrefixSet class now initializes its dependent fixed-size prefix set correctly. MozReview-Commit-ID: C7c78HLcXY3
3a00711bb0e6: Bug 1362761 - Add checksum to nsUrlClassifierPrefixSet::mIndexDeltas array. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 15 Feb 2018 16:59:14 -0800 - rev 457837
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1362761 - Add checksum to nsUrlClassifierPrefixSet::mIndexDeltas array. r=gcp Adding a checksum to an array in the URL classifier to test our theory that the crashes are due to memory corruption. This patch also restores the Compact() calls that were #ifdef'd out in bug 1362761 to test a different theory. MozReview-Commit-ID: IkLduLO3IXb
308f2a530cd1: Bug 1439468 - Improve error reporting in Safe Browsing protocol parser. r=gcp
Francois Marier <francois@mozilla.com> - Tue, 20 Feb 2018 13:54:30 -0800 - rev 457175
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1439468 - Improve error reporting in Safe Browsing protocol parser. r=gcp MozReview-Commit-ID: JeyCZSbdZBd
106b66081b0d: Bug 1254323 - Reduce identical gethash requests done by the URL Classifier. r=gcp
DimiL <dlee@mozilla.com> - Wed, 14 Feb 2018 16:12:29 -0800 - rev 457174
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1254323 - Reduce identical gethash requests done by the URL Classifier. r=gcp MozReview-Commit-ID: KNNL1dBqXx0
d418ce8a0564: Bug 1435859 - Fix OOM crash on filenames without extensions. r=gcp
Francois Marier <francois@mozilla.com> - Thu, 15 Feb 2018 12:30:40 -0800 - rev 457173
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1435859 - Fix OOM crash on filenames without extensions. r=gcp Passing a value of -1 to nsCString::Truncate() converts that value to a large integer and leads to an unnecessary 4GB memory allocation. MozReview-Commit-ID: Icm5iUsEgA6
d853ce9b3dd3: Bug 1438389 - Quietly disallow chown() in sandboxed content processes. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 15 Feb 2018 16:10:00 -0700 - rev 457142
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1438389 - Quietly disallow chown() in sandboxed content processes. r=gcp Also covers fchownat() and attempts to be ready for newer archs like ARM64. Bonus fix: extend bug 1354731 (mknod) fix to cover mknodat so this part of the policy isn't glaringly inconsistent about "at" syscalls. Tested locally by attaching gdb and injecting syscalls. MozReview-Commit-ID: CCOk0jZVoG4
9dcf26ff6a6e: Bug 1434528 - Adjust sandbox feature detection to deal with Ubuntu guest accounts. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 08 Feb 2018 17:46:42 -0700 - rev 456481
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1434528 - Adjust sandbox feature detection to deal with Ubuntu guest accounts. r=gcp Guest sessions on Ubuntu (and maybe other distributions that use LightDM?) apply an AppArmor policy that allows CLONE_NEWUSER but doesn't allow using any of the capabilities it grants, or even configuring the new user namespace. This patch causes those environments to be detected as not supporting unprivileged user namespaces, because for all practical purposes they don't. MozReview-Commit-ID: HVkoBakRwaA
55dddaa9b77c: Bug 1433636 - Put a limit on the length of Safe Browsing metadata values. r=gcp
Francois Marier <francois@mozilla.com> - Tue, 30 Jan 2018 14:21:33 -0800 - rev 456281
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1433636 - Put a limit on the length of Safe Browsing metadata values. r=gcp Disk corruption can lead to the stored length of a value to be unreasonably large and trigger an OOM. Since values are all currently <= 32 bytes, we can safely enforce a 256-byte upper bound. MozReview-Commit-ID: XygReOpEK3
f4b1eccde367: Bug 1384638 - Remove another NS_ENSURE warning from ShouldEnableTracking. r=gcp
Eric Rahm <erahm@mozilla.com> - Fri, 09 Feb 2018 16:32:41 -0800 - rev 455938
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1384638 - Remove another NS_ENSURE warning from ShouldEnableTracking. r=gcp
b579fb6511ba: Bug 1434741 - Only check final download URL against the application reputation whitelist. r=gcp
Francois Marier <francois@mozilla.com> - Mon, 05 Feb 2018 18:11:56 -0800 - rev 455685
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1434741 - Only check final download URL against the application reputation whitelist. r=gcp MozReview-Commit-ID: QCaStgteko
0cdfcf8734a9: Bug 1436213 - Make test_bug1274685_unowned_list.js work on pver2 and pver4. r=gcp
Francois Marier <francois@mozilla.com> - Tue, 06 Feb 2018 15:36:48 -0800 - rev 455679
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1436213 - Make test_bug1274685_unowned_list.js work on pver2 and pver4. r=gcp This test is supposed to verify that Safe Browsing providers can be initialized correctly even when a table is not configured properly. By removing a table from both google and google4, we ensure that the test will be meaningful regardless of the stack in use. Also filter out the console noise triggered by looking for the update and gethash URLs of the "test" dummy provider. MozReview-Commit-ID: KjWqSqA4FxJ
5ea26fba220d: Bug 1436882 - Fix termination signal when clone()ing child processes. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 08 Feb 2018 17:30:03 -0700 - rev 455623
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1436882 - Fix termination signal when clone()ing child processes. r=gcp This fixes a mistake in bug 1401062: the termination signal was omitted, so it's 0, and if it isn't exactly SIGCHLD, then a tracer/debugger will receive PTRACE_EVENT_CLONE rather than PTRACE_EVENT_FORK. This causes GDB to see the child process as a thread instead of a separate process, and it becomes very confused after the process calls execve(). MozReview-Commit-ID: Baf2RFHVWRU
4e2bf17f806d: Bug 1425274 - Filter socketpair() in content sandbox on 32-bit x86 with new-enough kernels. r=gcp
Jed Davis <jld@mozilla.com> - Mon, 29 Jan 2018 17:36:06 -0700 - rev 455464
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1425274 - Filter socketpair() in content sandbox on 32-bit x86 with new-enough kernels. r=gcp This replaces the globals for whether socket calls (and ipc(2) calls, but we never used that) have real arguments with a parameter, which in hindsight should have been done in bug 1273852, which is when we started handling both socketcall(2) and separate socket calls in the same policy. This allows handling the two cases differently. MozReview-Commit-ID: 1pfckmCpJlW
74b5e036363f: Bug 1376910 - Remove SysV IPC access from Linux content sandbox when possible. r=gcp
Jed Davis <jld@mozilla.com> - Fri, 26 Jan 2018 19:43:10 -0700 - rev 455442
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1376910 - Remove SysV IPC access from Linux content sandbox when possible. r=gcp There are a few things that use SysV IPC, which we discovered the last time we tried to do this, which need to be accomodated: 1. The ALSA dmix plugin; if the build has ALSA support (off by default) and if audio remoting is disabled, SysV IPC is allowed. 2. ATI/AMD's old proprietary graphics driver (fglrx), which is obsolete and doesn't support newer hardware, but still has users; if it's detected, SysV IPC is allowed. 3. Graphics libraries trying to use the MIT-SHM extension; this is already turned off for other reasons (see bug 1271100), but that shim seems to not load early enough in some cases, so it's copied into libmozsandbox, which is preloaded before anything else in LD_PRELOAD. Also, msgget is now blocked in all cases; the only case it was known to be used involved ESET antivirus, which is now handled specially (bug 1362601). In any case, the seccomp-bpf policy has never allowed actually *using* message queues, so creating them is not very useful. MozReview-Commit-ID: 5bOOQcXFd9U
40f74605367e: Bug 1435098 - Gate flashinfobar list on the plugins.show_infobar. r=bytesized,gcp
Francois Marier <francois@mozilla.com> - Fri, 02 Feb 2018 13:30:28 -0800 - rev 455120
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1435098 - Gate flashinfobar list on the plugins.show_infobar. r=bytesized,gcp The list of sites to suppress flash infobars on should not be downloaded from shavar unless the infobar feature is enabled. MozReview-Commit-ID: BjkS5vWiilg
3884f0f9f316: Bug 1435098 - Gate flashinfobar list on the plugins.show_infobar. r=bytesized,gcp
Francois Marier <francois@mozilla.com> - Fri, 02 Feb 2018 13:30:28 -0800 - rev 455031
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1435098 - Gate flashinfobar list on the plugins.show_infobar. r=bytesized,gcp The list of sites to suppress flash infobars on should not be downloaded from shavar unless the infobar feature is enabled. MozReview-Commit-ID: BjkS5vWiilg
3a9399e07e62: Bug 1435435 - Add new binary extensions to download protection. r=gcp
Francois Marier <francois@mozilla.com> - Fri, 02 Feb 2018 16:09:48 -0800 - rev 455030
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1435435 - Add new binary extensions to download protection. r=gcp Sync up with the Chrome list and add new BitTorrent, Visio and HTML-like file extensions. https://cs.chromium.org/chromium/src/chrome/browser/resources/safe_browsing/download_file_types.asciipb MozReview-Commit-ID: Alh2hrOZy1h
46c4a5ce6e0f: Bug 1213998 - Apply chroot() to sandboxed content processes on Linux. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 16 Jan 2018 19:10:51 -0700 - rev 454468
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1213998 - Apply chroot() to sandboxed content processes on Linux. r=gcp MozReview-Commit-ID: DGepECmw3pq
a415b43fc1d2: Bug 1430949 - Isolate network namespace in Linux content sandbox level 4. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 23 Jan 2018 22:31:06 -0700 - rev 454457
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1430949 - Isolate network namespace in Linux content sandbox level 4. r=gcp This is turned off if the X11 server is remote -- including TCP to localhost -- because otherwise it would be blocked. Note that ssh X forwarding presents a TCP-only server. The Nightly default for the force-namespace hidden pref is changed to false, because we will now normally be using namespaces if available. MozReview-Commit-ID: L9BbLdoLvLg
79905d4e85ab: Bug 1431192 - Only fetch download protection lists when Safe Browsing is enabled. r=gcp
Francois Marier <francois@mozilla.com> - Mon, 29 Jan 2018 15:16:54 -0800 - rev 454262
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1431192 - Only fetch download protection lists when Safe Browsing is enabled. r=gcp Download protection requires both the malware list as well as its own special lists. The code therefore checks that both Safe Browsing and download protection are enabled before checking downloaded files. The list manager should check the same prefs before downloading any of the download protection lists in order to avoid connecting to the Safe Browsing server when Safe Browsing is fully disabled. MozReview-Commit-ID: 66vMA56T4pJ
bdb502c30c7c: Bug 1431370 - Make DoRiceDeltaDecode allocation fallible to fix startup OOM crash. r=gcp
Francois Marier <francois@mozilla.com> - Tue, 30 Jan 2018 13:26:43 -0800 - rev 454261
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1431370 - Make DoRiceDeltaDecode allocation fallible to fix startup OOM crash. r=gcp MozReview-Commit-ID: 2vf4EU4TVCq
478aba1b67a4: Bug 1410522 - Enable download protection on non-official builds too. r=gcp,johannh
Francois Marier <francois@mozilla.com> - Mon, 29 Jan 2018 15:51:14 -0800 - rev 454050
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1410522 - Enable download protection on non-official builds too. r=gcp,johannh This reverts the change introduced in bug 1394053. Google has made the download protection lists available to everyone and so we no longer need to restrict the download protection feature to official builds. MozReview-Commit-ID: CQcG5Ip1mDV
af41b725ff91: Bug 1386019 - Also remove ALSA-related sandbox rules if ALSA is remoted. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 23 Jan 2018 22:37:45 -0700 - rev 453071
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1386019 - Also remove ALSA-related sandbox rules if ALSA is remoted. r=gcp MozReview-Commit-ID: FKebcgPi60x
c2836d5bc6bc: Bug 1386019 - Remove PulseAudio-specific sandbox broker rules when remoting audio. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 23 Jan 2018 22:37:44 -0700 - rev 453070
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1386019 - Remove PulseAudio-specific sandbox broker rules when remoting audio. r=gcp This also moves those parts of the policy factory out of the constructor, because the pref service isn't initialized yet at that point. MozReview-Commit-ID: 6wbq4MHu1GJ
ff1469e83494: Bug 1386019 - At sandbox level 4, remove syscalls used only by PulseAudio. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 23 Jan 2018 22:37:44 -0700 - rev 453069
Push 8799 by mtabara@mozilla.com at 2018-03-01 16:46 +0000
Bug 1386019 - At sandbox level 4, remove syscalls used only by PulseAudio. r=gcp MozReview-Commit-ID: 7YbJ8uYub7f