searching for reviewer(jcj)
44ec76478317fdc6fba90c55771f6514c32e388b: bug 1555110 - Backed out changeset a187487af38a to disable cert_storage on non-nightly builds r=jcj,froydnj a=jcristau
Dana Keeler <dkeeler@mozilla.com> - Wed, 29 May 2019 00:11:53 +0000 - rev 533535
Push 11346 by malexandru@mozilla.com at Fri, 31 May 2019 16:15:31 +0000
bug 1555110 - Backed out changeset a187487af38a to disable cert_storage on non-nightly builds r=jcj,froydnj a=jcristau There are ongoing lmdb issues we need to sort out before we can ship cert_storage (see e.g. bug 1538541 and bug 1550174). Differential Revision: https://phabricator.services.mozilla.com/D32885
cad154da3d81263133d3658a59de631addcf4cee: Bug 1551282 and bug 1553436. Allow pages to override window.u2f but not the "sign" and "register" properties on the U2F object. r=jcj,smaug a=jcristau
Boris Zbarsky <bzbarsky@mit.edu> - Fri, 24 May 2019 20:40:59 +0000 - rev 533414
Push 11312 by nbeleuzu@mozilla.com at Mon, 27 May 2019 09:34:11 +0000
Bug 1551282 and bug 1553436. Allow pages to override window.u2f but not the "sign" and "register" properties on the U2F object. r=jcj,smaug a=jcristau There are two related problems this patch is trying to address. The first, and simpler, one is bug 1553436: there are websites that use existing variables and functions named "u2f" and adding a non-replaceable readonly property with that name on Window breaks them. The fix for this is straightforward: mark the property [Replaceable]. The second problem, covered by bug 1551282, involves sites that use the Google U2F polyfill. The relevant parts of that polyfill look like this: 'use strict'; var u2f = u2f || {}; u2f.register = some_function_that_only_works_right_in_Chrome; u2f.sign = some_function_that_only_works_right_in_Chrome; The failure mode for that code before this fix is that the assignment to "u2f" throws because it's a readonly property and we're in strict mode, so any code the page concatenates in the same file after the polyfill does not get run. That's what bug 1551282 is about. The [Replaceable] annotation fixes that issue, because now the polyfill gets the value of window.u2f and then redefines the property (via the [Replaceable] setter) to be a value property with that value. So far, so good. But then we need to prevent the sets of u2f.register and u2f.sign from taking effect, because if they are allowed to happen, the actual sign/register functionality on the page will not work in Firefox. We can't just make the properties readonly, because then the sets will throw due to being in strict mode, and we still have bug 1551282. The proposed fix is to make these accessor properties with a no-op setter, which is exactly what [LenientSetter] gives us. The rest of the patch is just setting up infrastructure for generating the normal bits we would generate if "sign" and "register" were methods and using that to create the JSFunctions at the point when the getter is called. The JSFunctions then get cached on the u2f instance object. Differential Revision: https://phabricator.services.mozilla.com/D32357
a187487af38a4caa5f125ab660c4d1d09d69aa9d: Bug 1548365 - enable intermediate preloading on early beta or earlier r=froydnj,jcj
Dana Keeler <dkeeler@mozilla.com> - Thu, 16 May 2019 00:03:09 +0000 - rev 532839
Push 11272 by apavel@mozilla.com at Thu, 16 May 2019 15:28:22 +0000
Bug 1548365 - enable intermediate preloading on early beta or earlier r=froydnj,jcj This also enables using cert_storage for OneCRL, since it and intermediate preloading both use the same backend. Differential Revision: https://phabricator.services.mozilla.com/D31345
73ead3a81fdf357101987a2796c7c1c1b24dc2bd: bug 1548040 - batch cert_storage certificate adding/removal r=jcj,myk
Dana Keeler <dkeeler@mozilla.com> - Tue, 14 May 2019 20:51:10 +0000 - rev 532797
Push 11272 by apavel@mozilla.com at Thu, 16 May 2019 15:28:22 +0000
bug 1548040 - batch cert_storage certificate adding/removal r=jcj,myk Differential Revision: https://phabricator.services.mozilla.com/D30271
2c0de6646a6199e4558a4bf6279f7250302fc172: Bug 1551297 - Use MOZ_WIDGET_ANDROID instead of ANDROID when targeting Java r=jcj
Fabrice Desré <fabrice@desre.org> - Mon, 13 May 2019 20:42:37 +0000 - rev 532502
Push 11268 by csabou@mozilla.com at Tue, 14 May 2019 15:24:22 +0000
Bug 1551297 - Use MOZ_WIDGET_ANDROID instead of ANDROID when targeting Java r=jcj ANDROID is true for platforms based only on the native parts of the stack so can't be used when what you depend on is actually the Java layer. Differential Revision: https://phabricator.services.mozilla.com/D30965
c52835481c084fecff479ddf35e06054c5e0ba32: bug 1549249 - hard-code new add-on signing intermediate so it's always available r=jcj,kmag a=ryanvm
Dana Keeler <dkeeler@mozilla.com> - Mon, 06 May 2019 10:42:52 -0700 - rev 531478
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
bug 1549249 - hard-code new add-on signing intermediate so it's always available r=jcj,kmag a=ryanvm Summary: Our previous approach to making this intermediate available relied on being able to add it to the user's NSS cert DB. This does work in the majority of cases, but there are some situations where it doesn't work (e.g. if the user's DB is set to read only, if they've configured Firefox to run in "nocertdb" mode, if they have a master password but forgot it, and so on). This patch compiles the intermediate in to Firefox in the same way we incorporate the root, so it should always be available. At the same time, this patch reverts the changes from 023dd959512e2cfa685187616560f91efa91183c and 1d35f8d88bdd007e01d42c4ff76c6d10d7c01a98 (the patches that implemented the original approach) because they should no longer be necessary. Reviewers: jcj!, kmag! Tags: #secure-revision Bug #: 1549249 Differential Revision: https://phabricator.services.mozilla.com/D30090
a977984e786215c2d186e00eee7c1f408c46e274: bug 1546361 - recreate cert_storage data as necessary r=jcj,myk
Dana Keeler <dkeeler@mozilla.com> - Fri, 03 May 2019 23:41:17 +0000 - rev 531433
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
bug 1546361 - recreate cert_storage data as necessary r=jcj,myk It turns out that an rkv database created on a 32-bit platform cannot be used on a 64-bit platform and vice-versa. To work around this for now, we delete and recreate the DB backing cert_storage and set flags to let our consumers know to re-load all known data. Differential Revision: https://phabricator.services.mozilla.com/D29591
fa013d593d02e29d9062900f89a14fd40a9ba687: Bug 1549010 - verify add-on signing certificates at 2019-04-27T02:43:20.000Z r=jcj a=lizzard
Dana Keeler <dkeeler@mozilla.com> - Sat, 04 May 2019 04:15:11 +0000 - rev 531364
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1549010 - verify add-on signing certificates at 2019-04-27T02:43:20.000Z r=jcj a=lizzard Differential Revision: https://phabricator.services.mozilla.com/D29928
e1ab2cda04243606b3e030f6858f415b83fae1f6: Bug 1512451 - Read OneCRL blocklist from security-states/onecrl r=jcj,mgoodwin,glasserc
Mathieu Leplatre <mathieu@mozilla.com> - Wed, 24 Apr 2019 14:52:13 +0000 - rev 530076
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1512451 - Read OneCRL blocklist from security-states/onecrl r=jcj,mgoodwin,glasserc Read OneCRL blocklist from security-states/onecrl Differential Revision: https://phabricator.services.mozilla.com/D23645
a19d696f96fbf2375fbf3cf107a3d974262a7d5e: Bug 1512451 - Read OneCRL blocklist from security-states/onecrl r=jcj,mgoodwin,glasserc
Mathieu Leplatre <mathieu@mozilla.com> - Tue, 23 Apr 2019 18:40:40 +0000 - rev 529363
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1512451 - Read OneCRL blocklist from security-states/onecrl r=jcj,mgoodwin,glasserc Read OneCRL blocklist from security-states/onecrl Differential Revision: https://phabricator.services.mozilla.com/D23645
8855bf5ed33f745cadfbd59870e997cae6f3d2ca: Bug 1536773 - WebAuthn does not return userHandle back during Authentication r=jcj
Akshay Kumar <akshay.sonu@gmail.com> - Thu, 21 Mar 2019 11:37:07 +0000 - rev 526989
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1536773 - WebAuthn does not return userHandle back during Authentication r=jcj Differential Revision: https://phabricator.services.mozilla.com/D24189
d1814ba5bb8e0b5716c4eb728ca3a6e9aa305fcc: Bug 1539415 - make nsICertStorage (cert_storage) asynchronous for functions called from the main thread r=jcj,mgoodwin
Dana Keeler <dkeeler@mozilla.com> - Wed, 03 Apr 2019 23:24:19 +0000 - rev 526676
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1539415 - make nsICertStorage (cert_storage) asynchronous for functions called from the main thread r=jcj,mgoodwin The Set* functions of nsICertStorage (SetRevocationByIssuerAndSerial, SetRevocationBySubjectAndPubKey, SetEnrollment, and SetWhitelist) are called on the main thread by the implementations that manage consuming remote security information. We don't want to block the main thread, so this patch modifies these functions to take a callback that will be called (on the original thread) when the operation in question has been completed on a background thread. The Get* functions of nsICertStorage (GetRevocationState, GetEnrollmentState, and GetWhitelistState) should only be called off the main thread. For the most part they are, but there are at least two main-thread certificate verifications that can cause these functions to be called on the main thread. These instances are in nsSiteSecurityService::ProcessPKPHeader and ContentSignatureVerifier::CreateContextInternal and will be dealt with in bug 1406854 bug 1534600, respectively. Differential Revision: https://phabricator.services.mozilla.com/D25174
44f7c1b809eeee7a0f5f5611cca47c7d2da5f8d7: Bug 1538250 - follow-up to remove xperf_whitelist.json entry r=jcj
Dana Keeler <dkeeler@mozilla.com> - Thu, 28 Mar 2019 17:05:04 +0000 - rev 525452
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1538250 - follow-up to remove xperf_whitelist.json entry r=jcj Differential Revision: https://phabricator.services.mozilla.com/D25250
3d4f7e72dadb643ba57214bdf4a8cf6d1bbe217d: bug 1538250 - lazily open DB in cert_storage to avoid main-thread I/O r=jcj
Dana Keeler <dkeeler@mozilla.com> - Wed, 27 Mar 2019 19:35:31 +0000 - rev 525255
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
bug 1538250 - lazily open DB in cert_storage to avoid main-thread I/O r=jcj After initialization (which happens on the main thread because we need to access preferences), cert_storage will first be used on a certificate verification thread. We can use this to avoid main-thread I/O by lazily opening the DB when it first gets used rather than at initialization. Differential Revision: https://phabricator.services.mozilla.com/D24998
6937e95afc2e74a90282ae709040ef90b879533d: Bug 1536097 - Part 5 - convert AttestationConveyancePreference to use ParamTraits for deserialization; r=jcj
Alex Gaynor <agaynor@mozilla.com> - Tue, 19 Mar 2019 23:25:35 +0000 - rev 524065
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1536097 - Part 5 - convert AttestationConveyancePreference to use ParamTraits for deserialization; r=jcj Depends on D24065 Differential Revision: https://phabricator.services.mozilla.com/D24066
e516a5f9e905add224dc3bba0efd39448758ddf4: Bug 1536097 - Part 4 - convert UserVerificationRequirement to use ParamTraits for deserialization; r=jcj
Alex Gaynor <agaynor@mozilla.com> - Tue, 19 Mar 2019 23:25:47 +0000 - rev 524064
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1536097 - Part 4 - convert UserVerificationRequirement to use ParamTraits for deserialization; r=jcj Depends on D24064 Differential Revision: https://phabricator.services.mozilla.com/D24065
a41f369384368b0863dded39fb9f308ad35f1df6: Bug 1536097 - Part 3 - convert WebAuthnMaybeGetAssertionExtraInfo to use a native IPDL maybe; r=jcj
Alex Gaynor <agaynor@mozilla.com> - Tue, 19 Mar 2019 23:26:00 +0000 - rev 524063
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1536097 - Part 3 - convert WebAuthnMaybeGetAssertionExtraInfo to use a native IPDL maybe; r=jcj Depends on D24063 Differential Revision: https://phabricator.services.mozilla.com/D24064
fd19320348e24f246bf96477e90c06960d45f06a: Bug 1536097 - Part 2 - convert WebAuthnMaybeMakeCredentialExtraInfo to use a native IPDL maybe; r=jcj
Alex Gaynor <agaynor@mozilla.com> - Tue, 19 Mar 2019 23:26:20 +0000 - rev 524062
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1536097 - Part 2 - convert WebAuthnMaybeMakeCredentialExtraInfo to use a native IPDL maybe; r=jcj Depends on D24062 Differential Revision: https://phabricator.services.mozilla.com/D24063
0aec0a2b5cb63943c82c5ddee03b1c4004c30f20: Bug 1536097 - Part 1 - convert WebAuthnMaybeAuthenticatorAttachment to use a native IPDL maybe and use ParamTraits for deserialization; r=jcj
Alex Gaynor <agaynor@mozilla.com> - Wed, 20 Mar 2019 15:23:44 +0000 - rev 524061
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1536097 - Part 1 - convert WebAuthnMaybeAuthenticatorAttachment to use a native IPDL maybe and use ParamTraits for deserialization; r=jcj Differential Revision: https://phabricator.services.mozilla.com/D24062
5514aae0e34e81b39a88447094a34e13c0d74aac: Bug 1429796 - cert_storage: create rkv environment and store only once to avoid races r=mgoodwin,jcj
Dana Keeler <dkeeler@mozilla.com> - Wed, 20 Mar 2019 00:01:47 +0000 - rev 524052
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1429796 - cert_storage: create rkv environment and store only once to avoid races r=mgoodwin,jcj This patch also base64-decodes the API inputs before storing in the DB in anticipation of being able to pass binary data directly (bug 1535752). This patch additionally whitelists the DB backing file in talos. Differential Revision: https://phabricator.services.mozilla.com/D23430
b0d08863f7a5fc08a3c0709b5e7151d80ae18261: Bug 1429796 - cert_storage: create rkv environment and store only once to avoid races r=mgoodwin,jcj
Dana Keeler <dkeeler@mozilla.com> - Mon, 18 Mar 2019 20:08:30 +0000 - rev 523891
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
Bug 1429796 - cert_storage: create rkv environment and store only once to avoid races r=mgoodwin,jcj This patch also base64-decodes the API inputs before storing in the DB in anticipation of being able to pass binary data directly (bug 1535752). Differential Revision: https://phabricator.services.mozilla.com/D23430
143fe24df3a9ffb261f2684cd00bd3929f57bf71: bug 1515608 - allow end-entity certificates to be trust anchors for compatibility r=jcj
Dana Keeler <dkeeler@mozilla.com> - Mon, 18 Mar 2019 20:01:02 +0000 - rev 523726
Push 11265 by ffxbld-merge at Mon, 13 May 2019 10:53:39 +0000
bug 1515608 - allow end-entity certificates to be trust anchors for compatibility r=jcj Differential Revision: https://phabricator.services.mozilla.com/D23240
8f9fdaef9fc06cd0dda8edcb6e58aa37efbf2ddf: bug 1549249 - hard-code new add-on signing intermediate so it's always available r=jcj,kmag a=lizzard
Dana Keeler <dkeeler@mozilla.com> - Mon, 06 May 2019 23:05:23 +0000 - rev 523508
Push 11240 by ryanvm@gmail.com at Tue, 07 May 2019 01:08:08 +0000
bug 1549249 - hard-code new add-on signing intermediate so it's always available r=jcj,kmag a=lizzard Our previous approach to making this intermediate available relied on being able to add it to the user's NSS cert DB. This does work in the majority of cases, but there are some situations where it doesn't work (e.g. if the user's DB is set to read only, if they've configured Firefox to run in "nocertdb" mode, if they have a master password but forgot it, and so on). This patch compiles the intermediate in to Firefox in the same way we incorporate the root, so it should always be available. At the same time, this patch reverts the changes from be8cd9575508ce1a95b971ccbfe3a7ceec59bc0b (the patch that implemented the original approach) because it should no longer be necessary. This also bumps the add-on DB schema to trigger add-on revalidation. Differential Revision: https://phabricator.services.mozilla.com/D30139
fe6ddfaa325f8e9b57b134cd5ff48753726b8aff: bug 1549249 - hard-code new add-on signing intermediate so it's always available r=jcj,kmag a=lizzard FIREFOX_ESR_67b18_RELBRANCH DEVEDITION_67_0b18_BUILD1 DEVEDITION_67_0b18_RELEASE FENNEC_67_0b18_BUILD1 FENNEC_67_0b18_RELEASE FIREFOX_67_0b18_BUILD1 FIREFOX_67_0b18_RELEASE
Dana Keeler <dkeeler@mozilla.com> - Mon, 06 May 2019 23:05:23 +0000 - rev 523507
Push 11239 by mozilla@hocat.ca at Mon, 06 May 2019 23:55:59 +0000
bug 1549249 - hard-code new add-on signing intermediate so it's always available r=jcj,kmag a=lizzard Our previous approach to making this intermediate available relied on being able to add it to the user's NSS cert DB. This does work in the majority of cases, but there are some situations where it doesn't work (e.g. if the user's DB is set to read only, if they've configured Firefox to run in "nocertdb" mode, if they have a master password but forgot it, and so on). This patch compiles the intermediate in to Firefox in the same way we incorporate the root, so it should always be available. At the same time, this patch reverts the changes from be8cd9575508ce1a95b971ccbfe3a7ceec59bc0b (the patch that implemented the original approach) because it should no longer be necessary. This also bumps the add-on DB schema to trigger add-on revalidation. Differential Revision: https://phabricator.services.mozilla.com/D30139
d716b75b8ac3f4588061e720074c093dae08e43e: Bug 1549010 - verify add-on signing certificates at 2019-04-27T02:43:20.000Z r=jcj a=lizzard
Dana Keeler <dkeeler@mozilla.com> - Sat, 04 May 2019 04:15:11 +0000 - rev 523490
Push 11227 by maglione.k@gmail.com at Sat, 04 May 2019 06:36:23 +0000
Bug 1549010 - verify add-on signing certificates at 2019-04-27T02:43:20.000Z r=jcj a=lizzard Differential Revision: https://phabricator.services.mozilla.com/D29928
bfdb7d766a6d6a817db48093f78b1391d50e53e9: Bug 1536773 - WebAuthn does not return userHandle back during Authentication r=jcj a=pascalc
Akshay Kumar <akshay.sonu@gmail.com> - Thu, 21 Mar 2019 11:37:07 +0000 - rev 523099
Push 11056 by ncsoregi@mozilla.com at Wed, 10 Apr 2019 14:27:43 +0000
Bug 1536773 - WebAuthn does not return userHandle back during Authentication r=jcj a=pascalc Differential Revision: https://phabricator.services.mozilla.com/D24189
bfe72a7c57bde0d1825ba43cbd9afa34d03ed00d: Bug 1528097 U2F doesn't work on Windows 10 19H1/20H1 Insider builds r=jcj,keeler
Akshay Kumar <akshay.sonu@gmail.com> - Wed, 06 Mar 2019 22:59:29 +0000 - rev 520703
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1528097 U2F doesn't work on Windows 10 19H1/20H1 Insider builds r=jcj,keeler Differential Revision: https://phabricator.services.mozilla.com/D22343
dd200b211b4adbbf149096dcf7341576384c5129: bug 1521983 - remove some unused certificate pinning telemetry probes r=jcj,ulfr
Dana Keeler <dkeeler@mozilla.com> - Mon, 04 Mar 2019 20:30:47 +0000 - rev 520150
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
bug 1521983 - remove some unused certificate pinning telemetry probes r=jcj,ulfr Differential Revision: https://phabricator.services.mozilla.com/D19731
ce7738b3a35df45b1984a8fccec773cc3a429325: Bug 1528097 : Fix FIDO U2F support on Windows 10 19H1/20H1 Insider builds r=keeler,jcj
Akshay Kumar <akshay.sonu@gmail.com> - Mon, 04 Mar 2019 20:07:24 +0000 - rev 520148
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1528097 : Fix FIDO U2F support on Windows 10 19H1/20H1 Insider builds r=keeler,jcj U2F support, behind the `security.webauth.u2f` pref and exposed by `dom/u2f/U2F.cpp`, was broken when using Windows Hello, as the correct options for compatibility weren't set. This patch sets up Windows Hello to handle U2F-protocol backward compatibility properly. Differential Revision: https://phabricator.services.mozilla.com/D21844
825dfac611b25553f36ee0da6d7e5b043087b7e3: bug 1435858 - add a canary test that will fail before all of the test certificates expire r=Alex_Gaynor,jcj
Dana Keeler <dkeeler@mozilla.com> - Mon, 25 Feb 2019 22:51:47 +0000 - rev 518904
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
bug 1435858 - add a canary test that will fail before all of the test certificates expire r=Alex_Gaynor,jcj This test should remind us to regenerate the test certificates next year before they actually expire. Differential Revision: https://phabricator.services.mozilla.com/D21065
3a11dd127e2c2384564cf162cc73b31c3e525e35: Bug 1456089 - Make a tutorial out of the genpgocerts.py README. r=jcj
Johann Hofmann <jhofmann@mozilla.com> - Mon, 25 Feb 2019 21:06:41 +0000 - rev 518865
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1456089 - Make a tutorial out of the genpgocerts.py README. r=jcj Differential Revision: https://phabricator.services.mozilla.com/D20178
77eb18940eb116616c0a8b5e252823879a4b3655: bug 1526004 - enterprise certs: differentiate between intermediates and roots on MacOS r=jcj,spohl
Dana Keeler <dkeeler@mozilla.com> - Fri, 22 Feb 2019 18:46:21 +0000 - rev 518522
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
bug 1526004 - enterprise certs: differentiate between intermediates and roots on MacOS r=jcj,spohl Differential Revision: https://phabricator.services.mozilla.com/D19721
b3b7eeec7aa1785d23232844d2cfdc366afb73fa: Bug 1528492 - Add cbor-cpp to the thirdparty list r=jcj
Sylvestre Ledru <sledru@mozilla.com> - Sun, 17 Feb 2019 01:03:40 +0000 - rev 517583
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1528492 - Add cbor-cpp to the thirdparty list r=jcj Depends on D20065 Differential Revision: https://phabricator.services.mozilla.com/D20066
427fa1eaa4afb82328cf50d3623c086cefe6d418: Bug 1528492 - Revert '1511181 - Reformat everything to the Google coding style' r=jcj
Sylvestre Ledru <sledru@mozilla.com> - Sun, 17 Feb 2019 00:54:15 +0000 - rev 517582
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1528492 - Revert '1511181 - Reformat everything to the Google coding style' r=jcj Differential Revision: https://phabricator.services.mozilla.com/D20065
f72ae300612f1ecfc83bcceb60b5c5a7719087c5: Bug 1527600 - Update moz.build files to use new bugzilla component 'Core :: DOM: Web Authentication' r=jcj
Sebastian Hengst <archaeopteryx@coole-files.de> - Wed, 13 Feb 2019 14:22:06 +0000 - rev 516776
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1527600 - Update moz.build files to use new bugzilla component 'Core :: DOM: Web Authentication' r=jcj Differential Revision: https://phabricator.services.mozilla.com/D19659
c8e523ac7349df2b579b31c74174f0760eefe7f2: bug 1473573 - import intermediate certificates as well as roots r=jcj
Dana Keeler <dkeeler@mozilla.com> - Tue, 12 Feb 2019 18:23:25 +0000 - rev 516658
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
bug 1473573 - import intermediate certificates as well as roots r=jcj Differential Revision: https://phabricator.services.mozilla.com/D18630
6e14d77dce8ceea07ed8b780bd75b6dc11ecfc80: Bug 1526473, Export NSS_CMSSignedData_GetDigestAlgs and NSS_CMSSignedData_HasDigests in security/nss.symbols, r=jcj
Kai Engert <kaie@kuix.de> - Sat, 09 Feb 2019 03:35:00 +0100 - rev 516272
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
Bug 1526473, Export NSS_CMSSignedData_GetDigestAlgs and NSS_CMSSignedData_HasDigests in security/nss.symbols, r=jcj
7168320522bb4ba749c89007972513b53e00c469: bug 1526007 - don't return early from NSSCertDBTrustDomain::FindIssuer if NSS doesn't find any candidate issuers r=jcj
Dana Keeler <dkeeler@mozilla.com> - Thu, 07 Feb 2019 21:52:18 +0000 - rev 516152
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
bug 1526007 - don't return early from NSSCertDBTrustDomain::FindIssuer if NSS doesn't find any candidate issuers r=jcj As of bug 1514118, NSS is not the only place NSSCertDBTrustDomain looks for issuer certificates. However, the initial implementation did not take into account that NSSCertDBTrustDomain::FindIssuer would return early if NSS did not find candidate issuers, resulting in unknown issuer errors for third party roots. This patch fixes that bug by not returning early. Differential Revision: https://phabricator.services.mozilla.com/D19058
0052ee18f2c81aff3b36a911a0a96d557874dec1: bug 1525386 - improvements to some tests so they don't break when certificates are regenerated r=jcj
Dana Keeler <dkeeler@mozilla.com> - Thu, 07 Feb 2019 00:42:07 +0000 - rev 515516
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
bug 1525386 - improvements to some tests so they don't break when certificates are regenerated r=jcj In bug 1525191, the test certificates expired again. While regenerating them is almost as simple as running a script, there were some manual test changes that had to happen to get the tests passing again. This patch fixes up those tests so that they shouldn't need changing the next time we regenerate the certificates. Differential Revision: https://phabricator.services.mozilla.com/D18891
b828ed311a01c2977f3c78251cb231bc0f7cfbd1: bug 1514118 - have CertVerifier use any third-party roots rather than going through NSS r=jcj
Dana Keeler <dkeeler@mozilla.com> - Fri, 01 Feb 2019 22:01:00 +0000 - rev 514384
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
bug 1514118 - have CertVerifier use any third-party roots rather than going through NSS r=jcj Before this patch, if the enterprise roots feature were enabled, nsNSSComponent would gather any such roots and temporarily import them into NSS so that CertVerifier could use them during path building and trust querying. This turned out to be problematic in part because doing so would require unlocking the user's key DB if they had a password. This patch implements a scheme whereby nsNSSComponent can give these extra roots directly to CertVerifier, thus bypassing NSS and any need to unlock/modify any DBs. This should also provide a path forward for other improvements such as not repeatedly searching through all certificates on all tokens, which has inefficiencies (see e.g. bug 1478148). Differential Revision: https://phabricator.services.mozilla.com/D18156
d29e9e51d4306f897bdb8fe86c1d1b7c306b3df0: bug 1520347 - fold Family Safety TLS interception feature into enterprise/third-party roots feature r=jcj
Dana Keeler <dkeeler@mozilla.com> - Tue, 29 Jan 2019 20:10:39 +0000 - rev 513856
Push 10862 by ffxbld-merge at Mon, 11 Mar 2019 13:01:11 +0000
bug 1520347 - fold Family Safety TLS interception feature into enterprise/third-party roots feature r=jcj The Family Safety TLS interception feature is seldom used and security-wise is essentially equivalent to the enterprise or third-party roots feature. To simplify future improvements, this patch folds them together by automatically importing third-party roots if Firefox detects that the Family Safety TLS interception feature has been enabled. This affects Windows 8.1 only. When usage of Windows 8.1 is low enough, we will remove the feature altogether. Differential Revision: https://phabricator.services.mozilla.com/D16727
93d78ef4e591cb9b980605691051abadaca9d773: Bug 1528097 - U2F doesn't work on Windows 10 19H1/20H1 Insider builds r=jcj, keeler a=lizzard
Bogdan Tara <btara@mozilla.com> - Sat, 09 Mar 2019 06:00:23 +0200 - rev 513461
Push 10859 by btara@mozilla.com at Sat, 09 Mar 2019 04:18:49 +0000
Bug 1528097 - U2F doesn't work on Windows 10 19H1/20H1 Insider builds r=jcj, keeler a=lizzard Reviewers: jcj, keeler Reviewed By: jcj, keeler Subscribers: reviewbot, jcj Bug #: 1528097 Differential Revision: https://phabricator.services.mozilla.com/D22343
e8fd50fb1d542b3d357d9c67616ce59f63c8f9f9: Bug 1528097 : Fix FIDO U2F support on Windows 10 19H1/20H1 Insider builds r=keeler,jcj a=lizzard
Akshay Kumar <akshay.sonu@gmail.com> - Mon, 04 Mar 2019 20:07:24 +0000 - rev 513449
Push 10857 by btara@mozilla.com at Sat, 09 Mar 2019 01:47:04 +0000
Bug 1528097 : Fix FIDO U2F support on Windows 10 19H1/20H1 Insider builds r=keeler,jcj a=lizzard U2F support, behind the `security.webauth.u2f` pref and exposed by `dom/u2f/U2F.cpp`, was broken when using Windows Hello, as the correct options for compatibility weren't set. This patch sets up Windows Hello to handle U2F-protocol backward compatibility properly. Differential Revision: https://phabricator.services.mozilla.com/D21844
d3f91dc5dfb47a91357c8276074fe57090bc5466: Bug 1526473, Export NSS_CMSSignedData_GetDigestAlgs and NSS_CMSSignedData_HasDigests in security/nss.symbols, r=jcj, a=lizzard
Kai Engert <kaie@kuix.de> - Sat, 09 Feb 2019 03:39:05 +0100 - rev 512957
Push 10658 by kaie@kuix.de at Sat, 09 Feb 2019 02:39:15 +0000
Bug 1526473, Export NSS_CMSSignedData_GetDigestAlgs and NSS_CMSSignedData_HasDigests in security/nss.symbols, r=jcj, a=lizzard
7013cb0056a24bf1638442c5328390f82331035c: Bug 1519480 - Update browser_webauthn_telemetry.js getParentProcessScalars with TelemetryTestUtils r=chutten,jcj
Varun Dey <varundey20@gmail.com> - Thu, 24 Jan 2019 14:47:21 +0000 - rev 512619
Push 10566 by archaeopteryx@coole-files.de at Mon, 28 Jan 2019 12:41:12 +0000
Bug 1519480 - Update browser_webauthn_telemetry.js getParentProcessScalars with TelemetryTestUtils r=chutten,jcj Replacing browser_webauthn_telemetry.js's custom getParentProcessScalars method with the method defined in TelemetryTestUtils module Differential Revision: https://phabricator.services.mozilla.com/D16568
60ee07f3171f98b42cd7ab9e134b6147e02b5539: Bug 1519480 - Update browser_webauthn_telemetry.js getParentProcessScalars with TelemetryTestUtils r=chutten,jcj
Varun Dey <varundey20@gmail.com> - Tue, 22 Jan 2019 17:24:36 +0000 - rev 511997
Push 10566 by archaeopteryx@coole-files.de at Mon, 28 Jan 2019 12:41:12 +0000
Bug 1519480 - Update browser_webauthn_telemetry.js getParentProcessScalars with TelemetryTestUtils r=chutten,jcj Replacing browser_webauthn_telemetry.js's custom getParentProcessScalars method with the method defined in TelemetryTestUtils module Differential Revision: https://phabricator.services.mozilla.com/D16568
828fe91e878b700d0135adb3f45a9554694e4498: Bug 1508115 - Web Authentication - Support Windows Hello r=keeler,jcj,baku
Akshay Kumar <akshay.sonu@gmail.com> - Mon, 21 Jan 2019 01:10:44 +0000 - rev 511969
Push 10566 by archaeopteryx@coole-files.de at Mon, 28 Jan 2019 12:41:12 +0000
Bug 1508115 - Web Authentication - Support Windows Hello r=keeler,jcj,baku This change adopts Windows Win32 WebAuthN APIs from https://github.com/Microsoft/webauthn Differential Revision: https://phabricator.services.mozilla.com/D15752
eec2cd4998b3dfa7a336d86ab6f02ca49c2b79f3: Bug 1346298 Update or Remove Telemetry Probe: SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME r=jcj
ui.manish <1991manish.kumar@gmail.com> - Wed, 16 Jan 2019 19:35:05 +0000 - rev 511244
Push 10547 by ffxbld-merge at Mon, 21 Jan 2019 13:03:58 +0000
Bug 1346298 Update or Remove Telemetry Probe: SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME r=jcj Differential Revision: https://phabricator.services.mozilla.com/D16631
7c46446409369b837a17aba20e550b4d6e23d683: bug 1519492 - reorganize NSSCertDBTrustDomain::FindIssuer to facilitate future improvements r=jcj
Dana Keeler <dkeeler@mozilla.com> - Tue, 15 Jan 2019 23:34:44 +0000 - rev 511225
Push 10547 by ffxbld-merge at Mon, 21 Jan 2019 13:03:58 +0000
bug 1519492 - reorganize NSSCertDBTrustDomain::FindIssuer to facilitate future improvements r=jcj Before this patch, NSSCertDBTrustDomain::FindIssuer would iterate over its candidate list (a CERTCertList) twice. This would have made it difficult to add in candidate issuers from other sources (see e.g. bug 1514118, wherein the goal is to bypass NSS' view of what certificates exist to facilitate third party/enterprise roots). This patch reorganizes this function to make future improvements easier. Differential Revision: https://phabricator.services.mozilla.com/D16341
1e674ee50a1d30961768ac175b0cc769603ffb14: bug 1517337 - make secret overwriting consistent across backends r=jcj
Dana Keeler <dkeeler@mozilla.com> - Wed, 09 Jan 2019 18:25:46 +0000 - rev 510230
Push 10547 by ffxbld-merge at Mon, 21 Jan 2019 13:03:58 +0000
bug 1517337 - make secret overwriting consistent across backends r=jcj As originally written, the keychain-backed secret storing implementation would not overwrite a secret if prompted to generate or recover one with a label that was already in use. Since libsecret and credential manager both do this by default, this change makes the keychain-backed implementation behave the same way. Differential Revision: https://phabricator.services.mozilla.com/D15697