Bug 1529088 - Hold the HTML-based about:config to Nightly until we get Product sign-off. r=florian,paolo

Differential Revision: https://phabricator.services.mozilla.com/D20825

--HG--
extra : moz-landing-system : lando

Differential Revision: https://phabricator.services.mozilla.com/D21355

--HG--
extra : moz-landing-system : lando

Differential Revision: https://phabricator.services.mozilla.com/D21391

--HG--
extra : moz-landing-system : lando

Differential Revision: https://phabricator.services.mozilla.com/D21396

--HG--
extra : moz-landing-system : lando

* Add form autofill outcome AUTOFILL_RESULT.PASSWORD_AUTOCOMPLETE_NEW_PASSWORD
* Autocomplete behavior is not changed

Differential Revision: https://phabricator.services.mozilla.com/D21274

--HG--
extra : moz-landing-system : lando

Each instance has an instance of Java ExoPlayer that consumes memory in the
limited JVM heap. Too many concurrent players will cause OutOfMemoryError.

Differential Revision: https://phabricator.services.mozilla.com/D20420

--HG--
extra : moz-landing-system : lando

Differential Revision: https://phabricator.services.mozilla.com/D20419

--HG--
extra : moz-landing-system : lando

Differential Revision: https://phabricator.services.mozilla.com/D21246

--HG--
extra : moz-landing-system : lando

Differential Revision: https://phabricator.services.mozilla.com/D21379

--HG--
extra : moz-landing-system : lando

Bug 1528276 - Set DebuggerServer.keepAlive for RemoteDebugger and GeckoViewRemoteDebugger;r=ochameau

Depends on D20831

Differential Revision: https://phabricator.services.mozilla.com/D20832

--HG--
extra : moz-landing-system : lando

Depends on D20830

Differential Revision: https://phabricator.services.mozilla.com/D20831

--HG--
extra : moz-landing-system : lando

Bug 1528276 - Do not destroy the DebuggerServer in non-e10s when last frame connection is closed r=ochameau

When reviewing https://bugzilla.mozilla.org/show_bug.cgi?id=1521052 I did not think about Firefox for Android which is not using e10s.
This means the main DebuggerServer will be killed when there are no connections left. Happy to discuss more about the preferred solution.
This is a regression in 66 and I hope to uplift a fix for this.

Differential Revision: https://phabricator.services.mozilla.com/D20830

--HG--
extra : moz-landing-system : lando

The seccomp-bpf policy is currently just the "common" policy with no
additions (but with the fixes in bug 1511560 to enable shared memory
creation).  The file broker policy allows shared memory creation and
nothing else.  The namespace setup is the same as for GMP (i.e., as
restrictive as we currently can be).

The sandbox can be turned off for troubleshooting by setting the
environment variable MOZ_DISABLE_RDD_SANDBOX, similarly to the other
process types.

Tested against https://demo.bitmovin.com/public/firefox/av1/ with the
necessary prefs set.

Depends on D20895

Differential Revision: https://phabricator.services.mozilla.com/D14525

--HG--
extra : moz-landing-system : lando

Counting CPUs accesses the filesystem (sysfs or procfs), which we'd like
to disallow when sandboxed if possible, and fails silently if access
is denied.  Because the CPU count rarely changes, this patch handles
that problem for the RDD process by caching a copy before starting
sandboxing.

Tested with a local patch to have the sandbox file broker client crash
if accessing the sysfs node for the CPU count, to verify that it's not
accessed.

Depends on D14524

Differential Revision: https://phabricator.services.mozilla.com/D20895

--HG--
extra : moz-landing-system : lando

File descriptors are sometimes dup()ed in the process of communicating
them over IPC; some of this may be unnecessary (due to insufficient
use of move-only types), but dup() is relatively harmless.  It was
previously allowed for both content and GMP, so this doesn't change
anything.

The handling of ftruncate is a little complicated -- it's used for IPC
shared memory, but only when creating segments; so GMP doesn't allow
it and should continue not allowing it, but content needs it and RDD
will as well.  As a result, the subclass indicates if it will be needed.

Note that even when we have memfd_create support (bug 1440203),
ftruncate is still necessary even though brokering may not.

Depends on D14523

Differential Revision: https://phabricator.services.mozilla.com/D14524

--HG--
extra : moz-landing-system : lando

The sandbox broker uses socketpair to construct the per-request channels
over which responses are sent; thus, if and only if the policy will be
using brokering, it will allow socketpair as safely as possible (i.e.,
denying datagram sockets if possible).

Depends on D14522

Differential Revision: https://phabricator.services.mozilla.com/D14523

--HG--
extra : moz-landing-system : lando

madvise is used by our malloc (and probably others), and mprotect is
used with shared memory, including when created by another process, so
the common policy should include those rules.

Depends on D14521

Differential Revision: https://phabricator.services.mozilla.com/D14522

--HG--
extra : moz-landing-system : lando

This will allow other policies to use brokering if needed (e.g., RDD and
similar utility processes may need to access /dev/shm to create shared
memory).  The concrete policy class can deny filesystem access completely
(matching the current behavior of the GMP policy) by passing nullptr to
the superclass constructor instead.

Depends on D14520

Differential Revision: https://phabricator.services.mozilla.com/D14521

--HG--
extra : moz-landing-system : lando

ContentSandboxPolicy currently allows direct filesystem access if it
isn't given a broker client; this is a legacy design from the B2G era,
before the current idea of "sandbox level".  With this patch, it allows
filesystem access at level 1, and above that it requires brokering.

This is both to reduce the opportunities for accidentally having a
too-permissive sandbox and to prepare for refactoring the broker glue in
bug 1511560.

Depends on D14519

Differential Revision: https://phabricator.services.mozilla.com/D14520

--HG--
extra : moz-landing-system : lando

Level 1 is meant to enable some seccomp-bpf filtering, but still allow
direct access to the filesystem, and level 2 is where brokering starts.
This was accidentally broken in 1365257 (making "level 1" act like level
2); this patch fixes that.

This feature obviously isn't used much given how long nobody noticed it was
broken, but it's useful to have around for troubleshooting, and it's
actually easier to fix it than edit it out of the documentation.

Differential Revision: https://phabricator.services.mozilla.com/D14519

--HG--
extra : moz-landing-system : lando

This disables the camera for win64-aarch64 for Windows versions below
19H1. These versions have problems with the DirectShow implementation
which prevent the camera from working properly.

Differential Revision: https://phabricator.services.mozilla.com/D21272

--HG--
extra : moz-landing-system : lando

Bug 1519621 - Make sure ScrollToRestoredPosition() restores both the layout and visual scroll positions. r=tnikkel

Differential Revision: https://phabricator.services.mozilla.com/D18367

--HG--
extra : moz-landing-system : lando

Differential Revision: https://phabricator.services.mozilla.com/D19845

--HG--
extra : moz-landing-system : lando

When a user first upgrades to a version where incognito is enabled,
add the permission to all enabled extensions.  This preserves user workflow
and addresses other issues (e.g. proxy).  This will only happen once.

Differential Revision: https://phabricator.services.mozilla.com/D19442

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 12 - new CookieSettings for SharedWorkers and ServiceWorkers, r=Ehsan

Differential Revision: https://phabricator.services.mozilla.com/D21357

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 11 - windows/workers/documents must keep the current cookie settings and ignore changes, r=Ehsan

Differential Revision: https://phabricator.services.mozilla.com/D18960

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 10 - Fix existing tests, r=Ehsan

Differential Revision: https://phabricator.services.mozilla.com/D18958

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 9 - Tests for DOM Cache and cookie settings changing, r=Ehsan

Differential Revision: https://phabricator.services.mozilla.com/D18957

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 8 - Tests for ServiceWorkers and cookie settings changing, r=Ehsan

Differential Revision: https://phabricator.services.mozilla.com/D18956

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 7 - Tests for IndexedDB and cookie settings changing, r=Ehsan,asuth

Differential Revision: https://phabricator.services.mozilla.com/D18955

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 6 - Tests for SharedWorker and cookie settings changing, r=Ehsan

Differential Revision: https://phabricator.services.mozilla.com/D18954

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 5 - BroadcastChannel must be blocked when cookie jar access is denied to avoid communication between live and new documents, r=Ehsan

Differential Revision: https://phabricator.services.mozilla.com/D18953

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 4 - Storage tests, r=asuth

Differential Revision: https://phabricator.services.mozilla.com/D18952

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 3 - LocalStorage and SessionStorage, r=asuth

Differential Revision: https://phabricator.services.mozilla.com/D18951

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 2 - AntiTracking, r=Ehsan

Depends on D18949

Differential Revision: https://phabricator.services.mozilla.com/D18950

--HG--
extra : moz-landing-system : lando

Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 1 - information stored into loadInfo, r=Ehsan,ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D18949

--HG--
extra : moz-landing-system : lando

This one doesn't inherit the common mozconfig.nasm file.

Differential Revision: https://phabricator.services.mozilla.com/D21301

--HG--
extra : moz-landing-system : lando

Includes a drive-by fix for two unused `DEFINES`.

Differential Revision: https://phabricator.services.mozilla.com/D17859

--HG--
extra : moz-landing-system : lando

Differential Revision: https://phabricator.services.mozilla.com/D21076

--HG--
extra : moz-landing-system : lando

Spec https://mozilla.invisionapp.com/share/R3OVTEX9X76#/screens

Differential Revision: https://phabricator.services.mozilla.com/D21020

--HG--
extra : moz-landing-system : lando