wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
200,618 Commits 1 Branch 166 Tags 1.2 GiB
bc4c9ba169
Commit Graph

123 Commits

Author SHA1 Message Date
Masatoshi Kimura
1ee4b71e83 Bug 1055541 - Fix build failure on VS2013 with --enable-warnings-as-errors due to Warning C4996. r=ehsan 2014-08-20 04:09:03 +09:00
Chris Peterson
ed9323def1 Bug 1052033 - Fix warnings in security/sandbox and mark as FAIL_ON_WARNINGS. r=smichaud 2014-08-09 14:25:24 -07:00
Jed Davis
212cc5b860 No bug - Add trailing newlines for non-Android Linux sandbox logging. r=kang 
--HG--
extra : rebase_source : c0e936b62289c0e5eecad41fce9afac881fe4667
 2014-08-14 15:39:14 -07:00
Jed Davis
66d1734f54 Bug 1043733 - Require sandboxing to load Gecko Media Plugins on Linux. r=jesup r=kang 
Also refactors how sandbox support and disabling are handled, and allows
simulating a lack of sandbox support with an env var (for testing
without rebuilding a kernel).
 2014-08-12 21:28:27 -07:00
Steven Michaud
d67d41563b Bug 1012949 - Sandbox the OpenH264 plugin for Mac r=rjesup,areinald,ted a=PatchNeedsToLandToday 2014-08-08 11:55:22 -05:00
Mike Hommey
0f4c5d9244 Bug 1047267 - Move remaining OS_LIBS and EXTRA_LIBS to moz.build. r=gps 
* * *
Bug 1047267 - To fold with "Move remaining OS_LIBS and EXTRA_LIBS to moz.build"
 2014-08-07 14:21:03 +09:00
Mike Hommey
ec54bf6c1f Bug 1045783 - Move most OS_LIBS to moz.build and do some related cleanup. r=mshal 2014-08-06 07:25:33 +09:00
Jed Davis
b55b89b5b5 Bug 1047620 - Fix sandboxing for B2G --disable-jemalloc builds. r=kang 
--HG--
extra : rebase_source : 1b2ec6491277a9dc451ab767d8563076cf522c27
 2014-08-04 15:11:33 -07:00
Jed Davis
7bab545482 Bug 1012951 - Add Linux sandboxing for GeckoMediaPlugin processes. r=kang r=ted 
--HG--
extra : rebase_source : 1b890000d5b8d2a8954cdd1118a1023eba829c29
 2014-08-04 15:11:18 -07:00
Jed Davis
54f805e8b9 Bug 1046541 - Use stdio for non-Android Linux sandbox error messages. r=kang 
--HG--
extra : rebase_source : e93a4a76f8188d715886e263a366d694c28b4525
 2014-08-04 15:11:04 -07:00
Jed Davis
b31eafbe86 Bug 1046525 - Allow get{e,}gid and sched_{g,s}etparam in sandboxed content processes. r=kang 
Some of these were already in the desktop whitelist; those duplicates
are removed.

--HG--
extra : amend_source : 3ab4b50e3f1980b4d7b93cc17f34b926e2aa2396
 2014-08-01 15:05:44 -07:00
Ed Morley
433e593c8c Backed out changeset d50d7e88f35e (bug 1012951) for LSan failures 2014-07-30 16:49:43 +01:00
Jed Davis
ac97af274c Bug 1012951 - Sandbox GMP plugins on Linux using seccomp-bpf. r=kang r=ted 2014-07-29 15:31:12 -07:00
Jed Davis
4f62652919 Bug 1017393 - Record rejected syscall number in crash dump. r=kang 2014-07-24 11:36:00 +02:00
Mike Hommey
71623acdd6 Bug 1036894 part 9 - Replace all EXTRA_DSO_LDOPTS, SHARED_LIBRARY_LIBS and LIBS with EXTRA_LIBS, OS_LIBS or OS_LDFLAGS, appropriately. r=gps 
OS_LIBS for libraries that are not part of the gecko tree, EXTRA_LIBS for
libraries, such as NSPR, that are in the tree, but are not handled by
moz.build just yet. Those EXTRA_LIBS may also come from a system library.
However, in cases where the expanded variables are always empty for the
in-tree case, OS_LIBS is used (as for, e.g. MOZ_ZLIB_LIBS). OS_LDFLAGS is
used exclusively for non-library linker flags.

Always pass EXTRA_LIBS before OS_LIBS on linker command lines.

Forbid EXTRA_DSO_LDOPTS, SHARED_LIBRARY_LIBS and LIBS in Makefiles.
 2014-07-23 13:31:02 +09:00
Mike Hommey
e5c43ef995 Bug 1036894 part 8 - Move most in-tree library linkage information to moz.build, as USE_LIBS. r=gps 2014-07-23 13:30:52 +09:00
Ehsan Akhgari
c7a033be8e Bug 1041325 - Use intrin.h for _ReturnAddress in the chromium sandbox code; r=bbondy 
--HG--
extra : rebase_source : 06bb642636a9f3df2e75eb950816a7d48da85faf
 2014-07-20 19:05:44 -04:00
Jed Davis
1cdd0d8544 Bug 1037211 - Remove MOZ_CONTENT_SANDBOX_REPORTER by making it always true. r=kang r=ted 
--HG--
extra : amend_source : 450d51dab077794e194bf407044de95627de0cde
 2014-07-17 14:57:28 -07:00
Jed Davis
285d65221e Bug 1038900 - Dynamically allocate signal number for sandbox startup. r=kang 2014-07-16 13:37:00 +02:00
Tim Abraldes
2271b8aa31 bug 985252. Build sandbox code regardless of whether --enable-content-sandbox/MOZ_CONTENT_SANDBOX is provided. Enable sandboxing of GMP plugins. Enable SandboxBroker to set different security policies for different process types. r=bbondy, r=cpearce, r=bent 2014-07-16 16:01:34 -07:00
Bob Owen
4f4b3629bb Bug 1035275 - Remove unused base Chromium code. r=bbondy 2014-07-07 13:59:11 +01:00
Jed Davis
ad5a014572 Bug 1038490 - Fix misuse of MOZ_WIDGET_GONK in Linux content process sandbox policy. r=kang 
--HG--
extra : amend_source : 0a7fe8ca751b59102cbc23316b18982268306423
 2014-07-14 18:35:56 -07:00
Jed Davis
ada7d21572 Bug 1038486 - Fix Linux desktop seccomp sandbox build on 32-bit x86. r=kang 
--HG--
extra : amend_source : 130d2cbd485734997739ea96ac5d83c01899d8b0
 2014-07-09 16:52:56 -07:00
jvoisin
7c10650a8f Bug 1035786 - Fix namespace bug in Linux sandbox LOG_ERROR macro. r=jld 2014-07-08 05:53:00 +01:00
Jed Davis
d9856e93b1 Bug 1035786 - Avoid warning-as-error sandbox build failure with an explicit cast. r=gdestuynder 
getpid() is never negative, so this is safe.
 2014-07-10 17:37:45 -07:00
Bob Owen
218decde34 Bug 1035786 - Fix member variable initialisation order in LogMessage stub in Linux Sandbox.cpp. r=jld 2014-07-09 12:32:49 +01:00
Mike Hommey
07267c6f7f Bug 1036864 - Remove EXPORT_LIBRARY. r=mshal 2014-07-11 19:06:55 +09:00
Jed Davis
dd6575be07 Bug 956961 - Stop disabling sandboxing when DMD is enabled. r=kang 
--HG--
extra : rebase_source : 4737cfd613c1ddee8e1a4340e819eddc151e73f7
extra : histedit_source : 2d2610a775a3ae986157f61ef3797f4e88baa922
 2014-07-02 11:28:48 -07:00
Wes Kocher
f174cd042e Backed out 3 changesets (bug 956961) for non-unified build bustage 
Backed out changeset f1be89cb58b9 (bug 956961)
Backed out changeset 272b01e4f856 (bug 956961)
Backed out changeset 56907af18c66 (bug 956961)
 2014-07-02 15:03:29 -07:00
Jed Davis
49f614d6ca Bug 956961 - Stop disabling sandboxing when DMD is enabled. r=kang 
--HG--
extra : amend_source : 66f2453794e6a8a581e1564e786cfc8cac1f6bbd
 2014-07-02 11:28:48 -07:00
Jed Davis
d1a5790ae4 Bug 1014299 - Add times() to seccomp whitelist. r=kang 
This system call seems to be used by some versions of the Qualcomm Adreno
graphics drivers when we run WebGL apps.
 2014-06-02 14:52:00 +02:00
Bob Owen
2c9a59f64a Bug 1009452 - inherit stdout and stderr into the content process to allow logging. r=aklotz 2014-05-14 16:09:31 +01:00
Jed Davis
c7dae997a6 Bug 920372 - Fix socketcall whitelisting on i386. r=kang 2014-05-20 18:38:14 -07:00
Jed Davis
1523066770 Bug 920372 - Allow tgkill only for threads of the calling process itself. r=kang 2014-05-20 18:38:06 -07:00
Jed Davis
3a308504da Bug 920372 - Use Chromium seccomp-bpf compiler to dynamically build sandbox program. r=kang 2014-05-20 18:37:53 -07:00
Jed Davis
3b103d307f Bug 920372 - Import Chromium seccomp-bpf compiler, rev 4c08f442d2588a2c7cfaa117a55bd87d2ac32f9a. r=kang 
Newly imported:
* sandbox/linux/seccomp-bpf/
* sandbox/linux/sandbox_export.h
* base/posix/eintr_wrapper.h

Updated:
* base/basictypes.h
* base/macros.h

At the time of this writing (see future patches for this bug) the only
things we're using from sandbox/linux/seccomp-bpf/ are codegen.cc and
basicblock.cc, and the header files they require.  However, we may use
more of this code in the future, and it seems cleaner in general to
import the entire subtree.
 2014-05-20 18:37:45 -07:00
Jed Davis
52cd05523d Bug 1004832 - Add tgkill to seccomp-bpf whitelist. r=kang 2014-05-02 16:57:00 +02:00
Jed Davis
a52d5f0783 Bug 997409 - Add set_thread_area to seccomp whitelist if available. r=kang 2014-04-17 16:23:23 -04:00
Jed Davis
738f39b679 Bug 981949 - Whitelist ftruncate for seccomp-bpf sandboxing. r=kang 2014-04-11 13:09:00 +02:00
Boris Zbarsky
46967823f5 Bug 995047 followup. Fix a caller that I missed because it's only compiled on some platforms, so we can reopen the CLOSED TREE 2014-04-12 00:38:06 -04:00
Jed Davis
f8ce2f4279 Bug 993145 - Skip attempting seccomp sandboxing if seccomp unavailable. r=kang 2014-04-09 15:23:00 +02:00
Bob Owen
f5a4bd97f2 Bug 928062 - Set Windows sandbox delayed integrity level to INTEGRITY_LEVEL_LOW. r=aklotz 2014-04-08 16:25:18 +01:00
Jed Davis
ddc591c878 Bug 989172 - Re-add sigaltstack to seccomp whitelist. r=kang 
This reinstates the patch from bug 983518, which was unintentionally
dropped while merging with the reorganization in bug 985227.
 2014-03-28 17:58:26 -07:00
Makoto Kato
c0da567b5b Bug 987888 - --enable-content-sandbox breaks 64-bit builds. r=dkeeler,r=mshal 2014-03-28 13:59:16 +09:00
Jed Davis
b939b580cf Bug 985227 - Part 3: Replace the seccomp filter arch ifdefs with syscall existence tests. r=kang 2014-03-20 10:19:42 -04:00
Jed Davis
d06bc434b1 Bug 985227 - Part 2: Flatten out the #define maze in the seccomp filter. r=kang 2014-03-20 10:19:42 -04:00
Jed Davis
893f056ba5 Bug 985227 - Part 1: Move the seccomp filter into its own translation unit. r=kang 
--HG--
rename : security/sandbox/linux/seccomp_filter.h => security/sandbox/linux/SandboxFilter.cpp
 2014-03-20 10:19:42 -04:00
Jed Davis
a8a37995ce Bug 975273 - Add missing include to unbreak desktop seccomp build. r=kang 2014-03-20 09:27:28 -04:00
Phil Ringnalda
8c19bde08b Merge m-c to m-i 2014-03-15 12:32:04 -07:00
Kyle Huey
510a49016d Bug 967364: Rename already_AddRefed::get to take. r=bsmedberg 2014-03-15 12:00:15 -07:00