searching for reviewer(gcp)
9bac094cec23: Bug 1353956 - P7. Add gtest to ensure .pset is correctly loaded and removed. r=gcp
dlee <dlee@mozilla.com> - Thu, 07 Mar 2019 14:43:16 +0000 - rev 520894
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P7. Add gtest to ensure .pset is correctly loaded and removed. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D22490
a87bd3f9b87d: Bug 1353956 - P6. Load the old prefixset(.pset) when there is no .vlpset. r=gcp
dlee <dlee@mozilla.com> - Thu, 07 Mar 2019 14:42:31 +0000 - rev 520893
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P6. Load the old prefixset(.pset) when there is no .vlpset. r=gcp To avoid forcing a redownload of SafeBrowsing v4 list. Differential Revision: https://phabricator.services.mozilla.com/D21876
aaba7c25b72b: Bug 1353956 - P5. Remove old v4 prefix files after new files are stored. r=gcp
dlee <dlee@mozilla.com> - Thu, 07 Mar 2019 14:41:52 +0000 - rev 520892
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P5. Remove old v4 prefix files after new files are stored. r=gcp This patch is to cleanup old SafeBrowsing v4 prefix files. Differential Revision: https://phabricator.services.mozilla.com/D21464
3b5da75b9c7b: Bug 1353956 - P4. Add header and CRC32 checksum to SafeBrowsing V4 prefix files. r=gcp
dlee <dlee@mozilla.com> - Thu, 07 Mar 2019 14:41:25 +0000 - rev 520891
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P4. Add header and CRC32 checksum to SafeBrowsing V4 prefix files. r=gcp After this patch, we may have the following files in SafeBrowsing directory: - (v2) .sbstore : Store V2 chunkdata, for update, MD5 integrity check while load - (v2) .pset : Store V2 prefixset, for lookup, load upon startup, no integrity check - (v4) .metadata : Store V4 state, for update, no integrity check - (v4) .vlpset : Store V4 prefixset, for lookup, load upon startup, CRC32 integrity check - (v4) .pset : V4 prefix set before this patch, should be removed The magic string is also added to ".vlpset" header so we can add a telemetry to see if sanity check is good enough for prefix set integrity check (The telemetry is not yet added). If yes, we can remove the CRC32 in the future for even better performance. Differential Revision: https://phabricator.services.mozilla.com/D21463
e083106dc24f: Bug 1353956 - P3. Separate file processing and prefix data processing for SafeBrowsing prefix set. r=gcp
Dimi Lee <dlee@mozilla.com> - Thu, 07 Mar 2019 14:40:56 +0000 - rev 520890
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P3. Separate file processing and prefix data processing for SafeBrowsing prefix set. r=gcp SafeBrowsing prefix files LOAD/SAVE operations are handled in xxxPrefixSet.cpp. It would be more clear if xxxPrefixSet.cpp only processes prefix data, while LookupCacheV2/LookupCacheV4 which use prefix set process file. This patch doesn't change any behavior, testcases need to update because the LookupCache & xxxPrefixSet APIs are changed. Differential Revision: https://phabricator.services.mozilla.com/D21462
c7a253aed450: Bug 1353956 - P2. Do not use SHA-256 while loading the V4 prefix files. r=gcp
dlee <dlee@mozilla.com> - Thu, 07 Mar 2019 14:40:28 +0000 - rev 520889
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P2. Do not use SHA-256 while loading the V4 prefix files. r=gcp SHA256 is an expensive operation, we should avoid using them if possible. SafeBrowsing prefix files are loaded during startup and verify integrity with SHA256 which may affect the performance especially on the low-end device. This patch simply removes the SHA256 integrity check. CRC32 version integrity check will be introduced in the other patch. This patch also changes the behavior of recording "Telemetry::URLCLASSIFIER_VLPS_LOAD_CORRUPT" a little bit. It used to records only once per session(during startup, the first time we load prefix set), now it records per update. Differential Revision: https://phabricator.services.mozilla.com/D21461
c2331373e107: Bug 1353956 - P1. Rename checksum used in SafeBrowsing V4 to SHA256. r=gcp
Dimi Lee <dlee@mozilla.com> - Thu, 07 Mar 2019 14:40:14 +0000 - rev 520888
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P1. Rename checksum used in SafeBrowsing V4 to SHA256. r=gcp SafeBrowsing V4 protocol use SHA-256 as the checksum to check integrity of update data and also the integrity of prefix files. SafeBrowsing V2 HashStore use MD5 as the checksum to check integrity of .sbstore Since we are going to use CRC32 as the integrity check of V4 prefix files, I think rename V4 "checksum" to SHA256 can improve readability. Differential Revision: https://phabricator.services.mozilla.com/D21460
71dafccc22ae: Bug 1353956 - P6. Load the old prefixset(.pset) when there is no .vlpset. r=gcp
dlee <dlee@mozilla.com> - Wed, 06 Mar 2019 09:41:34 +0000 - rev 520664
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P6. Load the old prefixset(.pset) when there is no .vlpset. r=gcp To avoid forcing a redownload of SafeBrowsing v4 list. Differential Revision: https://phabricator.services.mozilla.com/D21876
f1f29fe519cf: Bug 1353956 - P5. Remove old v4 prefix files after new files are stored. r=gcp
dlee <dlee@mozilla.com> - Tue, 05 Mar 2019 18:32:23 +0000 - rev 520663
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P5. Remove old v4 prefix files after new files are stored. r=gcp This patch is to cleanup old SafeBrowsing v4 prefix files. Differential Revision: https://phabricator.services.mozilla.com/D21464
4978556a66f6: Bug 1353956 - P4. Add header and CRC32 checksum to SafeBrowsing V4 prefix files. r=gcp
dlee <dlee@mozilla.com> - Wed, 06 Mar 2019 22:57:12 +0000 - rev 520662
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P4. Add header and CRC32 checksum to SafeBrowsing V4 prefix files. r=gcp After this patch, we may have the following files in SafeBrowsing directory: - (v2) .sbstore : Store V2 chunkdata, for update, MD5 integrity check while load - (v2) .pset : Store V2 prefixset, for lookup, load upon startup, no integrity check - (v4) .metadata : Store V4 state, for update, no integrity check - (v4) .vlpset : Store V4 prefixset, for lookup, load upon startup, CRC32 integrity check - (v4) .pset : V4 prefix set before this patch, should be removed The magic string is also added to ".vlpset" header so we can add a telemetry to see if sanity check is good enough for prefix set integrity check (The telemetry is not yet added). If yes, we can remove the CRC32 in the future for even better performance. Differential Revision: https://phabricator.services.mozilla.com/D21463
bc0b91abce9b: Bug 1353956 - P3. Separate file processing and prefix data processing for SafeBrowsing prefix set. r=gcp
Dimi Lee <dlee@mozilla.com> - Mon, 04 Mar 2019 21:22:46 +0000 - rev 520661
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P3. Separate file processing and prefix data processing for SafeBrowsing prefix set. r=gcp SafeBrowsing prefix files LOAD/SAVE operations are handled in xxxPrefixSet.cpp. It would be more clear if xxxPrefixSet.cpp only processes prefix data, while LookupCacheV2/LookupCacheV4 which use prefix set process file. This patch doesn't change any behavior, testcases need to update because the LookupCache & xxxPrefixSet APIs are changed. Differential Revision: https://phabricator.services.mozilla.com/D21462
6b8412db5a05: Bug 1353956 - P2. Do not use SHA-256 while loading the V4 prefix files. r=gcp
dlee <dlee@mozilla.com> - Thu, 28 Feb 2019 08:18:46 +0000 - rev 520660
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P2. Do not use SHA-256 while loading the V4 prefix files. r=gcp SHA256 is an expensive operation, we should avoid using them if possible. SafeBrowsing prefix files are loaded during startup and verify integrity with SHA256 which may affect the performance especially on the low-end device. This patch simply removes the SHA256 integrity check. CRC32 version integrity check will be introduced in the other patch. This patch also changes the behavior of recording "Telemetry::URLCLASSIFIER_VLPS_LOAD_CORRUPT" a little bit. It used to records only once per session(during startup, the first time we load prefix set), now it records per update. Differential Revision: https://phabricator.services.mozilla.com/D21461
3d326cfcd002: Bug 1353956 - P1. Rename checksum used in SafeBrowsing V4 to SHA256. r=gcp
Dimi Lee <dlee@mozilla.com> - Thu, 28 Feb 2019 08:12:36 +0000 - rev 520659
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1353956 - P1. Rename checksum used in SafeBrowsing V4 to SHA256. r=gcp SafeBrowsing V4 protocol use SHA-256 as the checksum to check integrity of update data and also the integrity of prefix files. SafeBrowsing V2 HashStore use MD5 as the checksum to check integrity of .sbstore Since we are going to use CRC32 as the integrity check of V4 prefix files, I think rename V4 "checksum" to SHA256 can improve readability. Differential Revision: https://phabricator.services.mozilla.com/D21460
d5f2a2a21c15: Bug 1531322 - Add "bin" to the list of executable extensions in download protection. r=gcp
Dimi Lee <dlee@mozilla.com> - Thu, 28 Feb 2019 13:22:15 +0000 - rev 519596
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1531322 - Add "bin" to the list of executable extensions in download protection. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D21529
493b443954fe: Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 20:14:54 +0000 - rev 519405
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod The seccomp-bpf policy is currently just the "common" policy with no additions (but with the fixes in bug 1511560 to enable shared memory creation). The file broker policy allows shared memory creation and nothing else. The namespace setup is the same as for GMP (i.e., as restrictive as we currently can be). The sandbox can be turned off for troubleshooting by setting the environment variable MOZ_DISABLE_RDD_SANDBOX, similarly to the other process types. Tested against https://demo.bitmovin.com/public/firefox/av1/ with the necessary prefs set. Depends on D20895 Differential Revision: https://phabricator.services.mozilla.com/D14525
bf58d8320f5a: Bug 1506291 - Move the AV1 decoders to a sandbox-friendly CPU counting wrapper. r=gcp,mjf
Jed Davis <jld@mozilla.com> - Mon, 25 Feb 2019 16:20:50 +0000 - rev 519404
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1506291 - Move the AV1 decoders to a sandbox-friendly CPU counting wrapper. r=gcp,mjf Counting CPUs accesses the filesystem (sysfs or procfs), which we'd like to disallow when sandboxed if possible, and fails silently if access is denied. Because the CPU count rarely changes, this patch handles that problem for the RDD process by caching a copy before starting sandboxing. Tested with a local patch to have the sandbox file broker client crash if accessing the sysfs node for the CPU count, to verify that it's not accessed. Depends on D14524 Differential Revision: https://phabricator.services.mozilla.com/D20895
94cb1fe9db5e: Bug 1511560 - Allow dup and ftruncate (when needed) in SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 20:14:52 +0000 - rev 519403
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1511560 - Allow dup and ftruncate (when needed) in SandboxPolicyCommon. r=gcp File descriptors are sometimes dup()ed in the process of communicating them over IPC; some of this may be unnecessary (due to insufficient use of move-only types), but dup() is relatively harmless. It was previously allowed for both content and GMP, so this doesn't change anything. The handling of ftruncate is a little complicated -- it's used for IPC shared memory, but only when creating segments; so GMP doesn't allow it and should continue not allowing it, but content needs it and RDD will as well. As a result, the subclass indicates if it will be needed. Note that even when we have memfd_create support (bug 1440203), ftruncate is still necessary even though brokering may not. Depends on D14523 Differential Revision: https://phabricator.services.mozilla.com/D14524
db2dee78ddb0: Bug 1511560 - Move the socketpair handling into SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Sat, 23 Feb 2019 00:44:10 +0000 - rev 519402
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1511560 - Move the socketpair handling into SandboxPolicyCommon. r=gcp The sandbox broker uses socketpair to construct the per-request channels over which responses are sent; thus, if and only if the policy will be using brokering, it will allow socketpair as safely as possible (i.e., denying datagram sockets if possible). Depends on D14522 Differential Revision: https://phabricator.services.mozilla.com/D14523
bab79f855962: Bug 1511560 - Move syscalls for adjusting memory mapping properties into SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Sat, 23 Feb 2019 00:44:08 +0000 - rev 519401
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1511560 - Move syscalls for adjusting memory mapping properties into SandboxPolicyCommon. r=gcp madvise is used by our malloc (and probably others), and mprotect is used with shared memory, including when created by another process, so the common policy should include those rules. Depends on D14521 Differential Revision: https://phabricator.services.mozilla.com/D14522
48431f63d842: Bug 1511560 - Move the Linux sandbox broker hooks into SandboxPolicyCommon. r=gcp
Jed Davis <jld@mozilla.com> - Sat, 23 Feb 2019 00:44:06 +0000 - rev 519400
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1511560 - Move the Linux sandbox broker hooks into SandboxPolicyCommon. r=gcp This will allow other policies to use brokering if needed (e.g., RDD and similar utility processes may need to access /dev/shm to create shared memory). The concrete policy class can deny filesystem access completely (matching the current behavior of the GMP policy) by passing nullptr to the superclass constructor instead. Depends on D14520 Differential Revision: https://phabricator.services.mozilla.com/D14521
56f39977c72c: Bug 1500297 - Require a broker client in ContentSandboxPolicy at level > 1. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 15:23:25 +0000 - rev 519399
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1500297 - Require a broker client in ContentSandboxPolicy at level > 1. r=gcp ContentSandboxPolicy currently allows direct filesystem access if it isn't given a broker client; this is a legacy design from the B2G era, before the current idea of "sandbox level". With this patch, it allows filesystem access at level 1, and above that it requires brokering. This is both to reduce the opportunities for accidentally having a too-permissive sandbox and to prepare for refactoring the broker glue in bug 1511560. Depends on D14519 Differential Revision: https://phabricator.services.mozilla.com/D14520
bacaa3d58281: Bug 1500297 - Fix Linux content sandbox level 1. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 27 Feb 2019 15:23:25 +0000 - rev 519398
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1500297 - Fix Linux content sandbox level 1. r=gcp Level 1 is meant to enable some seccomp-bpf filtering, but still allow direct access to the filesystem, and level 2 is where brokering starts. This was accidentally broken in 1365257 (making "level 1" act like level 2); this patch fixes that. This feature obviously isn't used much given how long nobody noticed it was broken, but it's useful to have around for troubleshooting, and it's actually easier to fix it than edit it out of the documentation. Differential Revision: https://phabricator.services.mozilla.com/D14519
e7e5611f9bdc: Bug 1526885 - P2. Add MS Office files to the list of executable extensions in download protection. r=gcp
Dimi Lee <dlee@mozilla.com> - Thu, 14 Feb 2019 13:30:38 +0000 - rev 517025
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1526885 - P2. Add MS Office files to the list of executable extensions in download protection. r=gcp Sync with the list in chrome, chrome adds office docs because they have been abused in the past through embedded executables. Differential Revision: https://phabricator.services.mozilla.com/D19759
b7ccbea196c9: Bug 1526885 - P1. Add extensions to download protectionn executable list. r=gcp
Dimi Lee <dlee@mozilla.com> - Thu, 14 Feb 2019 13:29:45 +0000 - rev 517024
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1526885 - P1. Add extensions to download protectionn executable list. r=gcp Those extensions are set to SAMPLED_PING by google, which means they are not really dangerous. Add these extensions to sync up with google's list but comment them because we don't need to trigger remote lookup request for them. Differential Revision: https://phabricator.services.mozilla.com/D19758
cd21500d5111: Bug 1525199 - Part 1 - removed size_t from IPDL messages for Cameras; r=gcp
Alex Gaynor <agaynor@mozilla.com> - Sun, 10 Feb 2019 10:24:34 +0000 - rev 516371
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1525199 - Part 1 - removed size_t from IPDL messages for Cameras; r=gcp Differential Revision: https://phabricator.services.mozilla.com/D19191
f86cea87bf82: Bug 1513535 - Support the ability to separate feature toggle and list update in URL classifier. r=gcp
Dimi Lee <dlee@mozilla.com> - Tue, 22 Jan 2019 16:13:41 +0000 - rev 513756
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1513535 - Support the ability to separate feature toggle and list update in URL classifier. r=gcp Add preferences "browser.safebrowsing.features.[feature name].update". Normally these preferences won't be set so the SafeBrowsing uses features's enable/disable preferences to decide if it should update the list or not. If an update preference is present, then it has higher priority then the enable/disable one. This provides a way for the SafeBrowsing consumer to be able to separate feature toggle and upodate. Differential Revision: https://phabricator.services.mozilla.com/D17233
ff26ee3e478c: Bug 1435923 - Fix truncated logging of remote lookup protocol buffer. r=gcp
Dimi Lee <dlee@mozilla.com> - Thu, 17 Jan 2019 12:38:04 +0000 - rev 511379
Push 10547 by ffxbld-merge at Mon, 21 Jan 2019 13:03:58 +0000
Bug 1435923 - Fix truncated logging of remote lookup protocol buffer. r=gcp Fix the truncate issue when output the protocol buffer Differential Revision: https://phabricator.services.mozilla.com/D16675
d29c64bd30da: Bug 1513490 - Support update cryptomining and fingerprinting list in SafeBrowsing. r=gcp
dlee <dlee@mozilla.com> - Tue, 15 Jan 2019 19:29:49 +0000 - rev 511075
Push 10547 by ffxbld-merge at Mon, 21 Jan 2019 13:03:58 +0000
Bug 1513490 - Support update cryptomining and fingerprinting list in SafeBrowsing. r=gcp Add the fingerprinting and cryptomining tables to the SafeBrowsing update list. Leave the preference of blacklist/whitelist tables empty until the shavar server is ready. Differential Revision: https://phabricator.services.mozilla.com/D16533
33011122d2d5: Bug 1513490 - Refactor SafeBrowsing.jsm with feature list. r=gcp
Dimi Lee <dlee@mozilla.com> - Tue, 15 Jan 2019 20:04:40 +0000 - rev 511074
Push 10547 by ffxbld-merge at Mon, 21 Jan 2019 13:03:58 +0000
Bug 1513490 - Refactor SafeBrowsing.jsm with feature list. r=gcp When we add a table to SafeBrowsing.jsm we need to add related code in various places. This patch simplify the work by providing a FEATURE table which defines the data required. Differential Revision: https://phabricator.services.mozilla.com/D16532
ff87d87996fd: Bug 1519660 - Remove flash info bar from SafeBrowsing list. r=gcp
Dimi Lee <dlee@mozilla.com> - Mon, 14 Jan 2019 15:47:23 +0000 - rev 510852
Push 10547 by ffxbld-merge at Mon, 21 Jan 2019 13:03:58 +0000
Bug 1519660 - Remove flash info bar from SafeBrowsing list. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D16397
9a966111a9e0: Bug 1517704 - Add cpi to the list of executable extensions in download protection. r=gcp
Dimi Lee <dlee@mozilla.com> - Mon, 07 Jan 2019 15:22:21 +0000 - rev 509850
Push 10547 by ffxbld-merge at Mon, 21 Jan 2019 13:03:58 +0000
Bug 1517704 - Add cpi to the list of executable extensions in download protection. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D15804
454e10960236: Bug 1516363: Fix duplicate definition of scoreThreshold causing compile error with `--disable-tests` r=gcp
Carl Corcoran <ccorcoran@mozilla.com> - Wed, 26 Dec 2018 13:05:10 +0000 - rev 509028
Push 10547 by ffxbld-merge at Mon, 21 Jan 2019 13:03:58 +0000
Bug 1516363: Fix duplicate definition of scoreThreshold causing compile error with `--disable-tests` r=gcp When compiling without ENABLE_TESTS, the following error occurs: /toolkit/xre/ModuleEvaluator_windows.cpp(221,20): error: redefinition of 'scoreThreshold' with a different type: 'const int' vs 'int' This removes the 2 lines of code that caused the error. Differential Revision: https://phabricator.services.mozilla.com/D15372
a3d8cffac0ab: Bug 1510559 - Add .desktop to the list of executable extensions in download protection. r=gcp
Dimi Lee <dlee@mozilla.com> - Wed, 12 Dec 2018 10:57:50 +0000 - rev 507377
Push 10547 by ffxbld-merge at Mon, 21 Jan 2019 13:03:58 +0000
Bug 1510559 - Add .desktop to the list of executable extensions in download protection. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D14238
023c546c01cd: Bug 1508898 - Prepare the Linux sandbox's socketcall/ipc-call dispatch table for reformatting. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 21 Nov 2018 11:05:31 +0000 - rev 503939
Push 10290 by ffxbld-merge at Mon, 03 Dec 2018 16:23:23 +0000
Bug 1508898 - Prepare the Linux sandbox's socketcall/ipc-call dispatch table for reformatting. r=gcp The tables in SandboxFilterUtil.cpp should remain vertically aligned, but clang-format would disagree. This patch excludes that region from reformatting, and applies the other changes that clang-format would make there. Differential Revision: https://phabricator.services.mozilla.com/D12499
83fc4342c255: Bug 1506788 - Add pyd and pyo binary extensions to download protection. r=gcp
Dimi Lee <dlee@mozilla.com> - Thu, 15 Nov 2018 10:17:35 +0000 - rev 503009
Push 10290 by ffxbld-merge at Mon, 03 Dec 2018 16:23:23 +0000
Bug 1506788 - Add pyd and pyo binary extensions to download protection. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D11750
9b1adbad418a: Bug 1464220 - Extend SANDBOX_HAS_USER_NAMESPACES telemetry. r=chutten,gcp
Jed Davis <jld@mozilla.com> - Wed, 31 Oct 2018 22:29:39 +0000 - rev 500447
Push 10290 by ffxbld-merge at Mon, 03 Dec 2018 16:23:23 +0000
Bug 1464220 - Extend SANDBOX_HAS_USER_NAMESPACES telemetry. r=chutten,gcp Differential Revision: https://phabricator.services.mozilla.com/D9456
1eb5d7522136: Bug 1503221: Add missing namespace qualifications in nsXREDirProvider.cpp;r=gcp
Carl Corcoran <ccorcoran@mozilla.com> - Tue, 30 Oct 2018 11:50:20 +0000 - rev 499943
Push 10290 by ffxbld-merge at Mon, 03 Dec 2018 16:23:23 +0000
Bug 1503221: Add missing namespace qualifications in nsXREDirProvider.cpp;r=gcp Due to UNIFIED_SOURCES, some missing "mozilla::" namespace qualifications in nsXREDirProvider.cpp don't cause build errors. Fixing this for correctness and to avoid build errors if the sources are separated. Differential Revision: https://phabricator.services.mozilla.com/D10208
026130a68e7c: Bug 1489735 - Quietly deny sched_setaffinity in content process sandbox r=gcp
Jed Davis <jld@mozilla.com> - Mon, 17 Sep 2018 16:43:52 +0000 - rev 492606
Push 9984 by ffxbld-merge at Mon, 15 Oct 2018 21:07:35 +0000
Bug 1489735 - Quietly deny sched_setaffinity in content process sandbox r=gcp Differential Revision: https://phabricator.services.mozilla.com/D5908
f771187eec2d: Bug 1466593 - When sandboxing the content process on OpenBSD, fake a DBUS session if none is running r=gcp
Landry Breuil <landry@openbsd.org> - Thu, 06 Sep 2018 09:54:00 +0300 - rev 490917
Push 9984 by ffxbld-merge at Mon, 15 Oct 2018 21:07:35 +0000
Bug 1466593 - When sandboxing the content process on OpenBSD, fake a DBUS session if none is running r=gcp
cae2f8c62a2a: Bug 1466593 - When sandboxing the content process on OpenBSD, fake a DBUS session if none is running r=gcp a=pascalc
Landry Breuil <landry@openbsd.org> - Thu, 06 Sep 2018 09:54:00 +0300 - rev 489806
Push 9788 by ebalazs@mozilla.com at Wed, 12 Sep 2018 11:37:17 +0000
Bug 1466593 - When sandboxing the content process on OpenBSD, fake a DBUS session if none is running r=gcp a=pascalc
152b2a1144ae: Bug 1457092 - set conservative default values for pledge() sandboxing on OpenBSD. r=gcp
Landry Breuil <landry@openbsd.org> - Thu, 23 Aug 2018 07:33:00 +0300 - rev 488925
Push 9738 by aciure@mozilla.com at Mon, 03 Sep 2018 16:13:51 +0000
Bug 1457092 - set conservative default values for pledge() sandboxing on OpenBSD. r=gcp
411427c1f5fe: Bug 1457092 - Content sandbox codepaths are Linux only. r=gcp
Landry Breuil <landry@openbsd.org> - Wed, 22 Aug 2018 05:27:00 -0400 - rev 488182
Push 9719 by ffxbld-merge at Fri, 24 Aug 2018 17:49:46 +0000
Bug 1457092 - Content sandbox codepaths are Linux only. r=gcp
8f5c17ac83aa: Bug 1457092 - Implement sandboxing on OpenBSD. r=gcp, r=jld
Landry Breuil <landry@openbsd.org> - Thu, 23 Aug 2018 07:35:00 -0400 - rev 488181
Push 9719 by ffxbld-merge at Fri, 24 Aug 2018 17:49:46 +0000
Bug 1457092 - Implement sandboxing on OpenBSD. r=gcp, r=jld Add StartOpenBSDSandbox method calling pledge() syscall, and use it where we're sandboxing processes. The pledge subsets are coming from two new prefs: - security.sandbox.pledge.content for the content process - security.sandbox.pledge.main for the main process
366a2aa802b5: Bug 1478575 - Unify CamerasChild shutdown paths. r=gcp
Andreas Pehrson <pehrsons@mozilla.com> - Mon, 20 Aug 2018 10:44:49 +0200 - rev 488014
Push 9719 by ffxbld-merge at Fri, 24 Aug 2018 17:49:46 +0000
Bug 1478575 - Unify CamerasChild shutdown paths. r=gcp
73e2097aa0c3: Bug 1485142: Make url-classifier 'PartialHashHex()' API return a nsAutoCString instead of nsCString, to address build warning & reduce copying. r=gcp
Daniel Holbert <dholbert@cs.stanford.edu> - Wed, 22 Aug 2018 16:51:56 +0000 - rev 487970
Push 9719 by ffxbld-merge at Fri, 24 Aug 2018 17:49:46 +0000
Bug 1485142: Make url-classifier 'PartialHashHex()' API return a nsAutoCString instead of nsCString, to address build warning & reduce copying. r=gcp Before this patch -- with the nsCString return type -- we have to do heap allocation and copying to produce the return value. But the callers don't actually care about having a nsCString -- they just call .get() to access the character buffer, and log it, and then they're done. They can do this just as easily with the stack-allocated nsAutoCString that PartialHashHex() works with locally, so let's change the return type so that Return Value Optimization can give them that variable directly and avoid needless copying/allocation. This patch addresses the following clang 8.0 build warning: LookupCache.h:63:12 [-Wreturn-std-move] local variable 'hex' will be copied despite being returned by name Differential Revision: https://phabricator.services.mozilla.com/D3920
8743877cec09: Bug 1480554 - Fix missing include in SandboxOpenedFiles.cpp. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 16 Aug 2018 09:15:56 -0600 - rev 487065
Push 9719 by ffxbld-merge at Fri, 24 Aug 2018 17:49:46 +0000
Bug 1480554 - Fix missing include in SandboxOpenedFiles.cpp. r=gcp
02395f0e8074: Bug 1439057 - Tighten /dev/shm access in Linux content sandbox policy. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 31 Jul 2018 10:41:29 -0600 - rev 484555
Push 9719 by ffxbld-merge at Fri, 24 Aug 2018 17:49:46 +0000
Bug 1439057 - Tighten /dev/shm access in Linux content sandbox policy. r=gcp This patch uses the shared memory name prefixes introduced in bug 1447867 to prevent access to /dev/shm files of other applications or other processes within the same browser instance. When a shared memory implementation that doesn't use shm_open is available (specifically, the memfd_create support to be added in bug 1440203), /dev/shm access is completely denied. MozReview-Commit-ID: L2ylG5KrXTU
ecae69f91831: Bug 1243108 - Work around Linux kernel bug causing broker responses to be dropped. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 19 Jul 2018 18:20:03 -0600 - rev 483165
Push 9719 by ffxbld-merge at Fri, 24 Aug 2018 17:49:46 +0000
Bug 1243108 - Work around Linux kernel bug causing broker responses to be dropped. r=gcp MozReview-Commit-ID: LX2kEXybFGW
564e53c57905: Bug 1476340: Fix DEAD_STORE errors in security/sandbox/linux/*. r=gcp
Robert Bartlensky <rbartlensky@mozilla.com> - Tue, 17 Jul 2018 18:30:09 +0100 - rev 482580
Push 9719 by ffxbld-merge at Fri, 24 Aug 2018 17:49:46 +0000
Bug 1476340: Fix DEAD_STORE errors in security/sandbox/linux/*. r=gcp MozReview-Commit-ID: 3jNPRWGb7rU
0d676b757477: Bug 1478575 - Unify CamerasChild shutdown paths. r=gcp, a=RyanVM
Andreas Pehrson <pehrsons@mozilla.com> - Mon, 20 Aug 2018 10:44:49 +0200 - rev 478555
Push 9712 by ryanvm@gmail.com at Thu, 23 Aug 2018 12:41:46 +0000
Bug 1478575 - Unify CamerasChild shutdown paths. r=gcp, a=RyanVM