- bug 1380690 - [Mac] Automatically determine the repo dir so that MOZ_DEVELOPER_REPO_DIR isn't needed
- Posted for review, :gps recommending a different approach, under discussion
- Issues with env vars with marionette tests, web-platform-tests
- bug 1376496 - Follow-up fixes to moz-extension remoting support in 1334550
- Posted for review
- bug 1380141 - Running Talos locally on OS X results in crashed tabs
- bug 1380132 - SSL info in url bar totally broken on mac nightlies due to sandboxing changes
- bug 1379906 - Assertion and crash during startup when running Marionette tests
- bug 1366694 - Enable Windows level 3 content process sandbox by default on Nightly - thanks to aklotz's fix.
- On inbound
- bug 1378377 - file:// URI sub-resources within CAPS whitelisted http pages will fail to load with read sandboxing
- bug 1379951 - a11y crashes [@ GetProxiedAccessibleInSubtree ]
- original problem seemed to be fixed, but there's another crash - I think it might be an existing issue, perhaps retriggered by level 3.
- bug 1352192 - Crash in mozilla::SandboxBroker::SetSecurityLevelForContentProcess with "SetIntegrityLevel should never fail, what happened?"
- Resurfaced due to sandbox lib change - updater issue with mismatching EXE/DLL versions still outstanding.
- bug 1314801 - Enable PROCESS_MITIGATION_IMAGE_LOAD_POLICY - depends on
- Reviewed bug 1308400 (Linux broker, deny read, symlinks, etc.)
- But on bug 1380690 I just suggested that if we didn't have the test symlinks we maybe could rip it all out and do something simpler….
- Requested uplift in bug 1372428
- Reviewed MOZ_WIDGET_GONK removals in bug 1382099; filed or update followup bugs
- bug 1316153 is IPC but vaguely related, because we might wind up passing sandbox settings in that enum…
- Considering removing the ifdef ANDROID stuff, too.... (need to file bug if we don't have one)
- Filed bug 1381653 to get full rejected syscall telemetry in a usable form
- Landed bug 1376653 - musl libc stuff
- Investigated “chaos mode” interactions in bug 1378944 - not sure what we should do
- (Not sandboxing: finished revising DTLS testing patch; awaiting re-review)
- Landed bug 1376910 - SysV IPC removal
- Triaged SIGSYS crashes & filed some bugs; don't understand how most of these things can even get to bind()…
- Considered remoting the proxy service, but it's annoying.
- There's a bunch that look like pre-1372428 Nightly + new plugin; sigh.
- bug 1382251 - Brokering https in NPAPI process
- Writing a "mostly automatic" brokering API to simply as we'll be brokering many calls (vs Chromium)
- Limiting to SChannel usage (vs all networking)
- Remaining concern: InitializeSecurityContext
- Need to figure out NPAPI failure cleanup (avoid leaving objects in brokering proc)
- Currently still using main actor but this will change
- Requirement to use MOZ_DEVELOPER_REPO_DIR for Linux builds.
- Officially EoL
- Hasn't been updated since 2013
- Do we still need to support it? (For WebRTC proxy lookup, or in general)
- We're not testing it on CI, so de facto it's not Tier 1
- Telemetry would be nice, but we may already have broken it (for WebRTC proxy lookup) in 56.
- dev-platform follow up email announcing Windows l3 landed \o/