GitLab

at 2023-03-10T10:39:17+01:00

Revert "Bug 13379: Sign our MAR files."

This reverts commit 778aa6cfc77d6b747bc7be1cd2d421861265d68d.

fixup! Bug 4234: Use the Firefox Update Process for Tor Browser.

Bug 41668: Port some updater patches to Base Browser

Move the check on the update package version to this other commit.

Bug 13379: Allow using NSS to sign and verify MAR signatures

Allow using NSS on all platforms for checking MAR signatures (instead
  of using OS-native APIs, the default on Mac OS and Windows).
  So that the NSS and NSPR libraries the updater depends on can be
  found at runtime, we add the firefox directory to the shared library
  search path on macOS.
  On Linux, rpath is used to solve that problem, but that approach
  won't work on macOS because the updater executable is copied during
  the update process to a location that can vary.

Bug 19121: reinstate the update.xml hash check

This is a partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.

Revert most changes from Mozilla Bug 862173 "don't verify mar file hash
when using mar signing to verify the mar file (lessens main thread I/O)."

We kept the addition to the AppConstants API in case other JS code
references it in the future.

fixup! Bug 19121: reinstate the update.xml hash check

Bug 41668: Port some updater patches to Base Browser

Modernize the way to compute the hash digest.

fixup! Bug 13379: Allow using NSS to sign and verify MAR signatures

Bug 41668: Port some updater patches to Base Browser

Use a configure-time flag to force using NSS for MARs signatures.

fixup! Base Browser's .mozconfigs.

Bug 41668: Port some updater patches to Base Browser

 ac_add_options --enable-optimize

 ac_add_options --enable-rust-simd

+# Bug 13379: Sign our MAR files.

+ac_add_options --enable-verify-mar

+ac_add_options --enable-nss-mar

+

 ac_add_options --enable-bundled-fonts

 ac_add_options --disable-tests

 # ac_add_options --with-user-appdir=.torproject

 ac_add_options --enable-tor-browser-update

-ac_add_options --enable-verify-mar

 ac_add_options --with-distribution-id=org.torproject
     "MOZ_VERIFY_MAR_SIGNATURE", depends_if("--enable-verify-mar")(lambda _: True)

 )

+# Use NSS for MAR signatures even on platforms where system libraries are

+# supported (currently Windows and macOS).

+# ==============================================================

+

+option("--enable-nss-mar", help="Always use NSS for MAR signatures")

+

+set_config("MOZ_USE_NSS_FOR_MAR", True, when="--enable-nss-mar")

+

 # Maintenance service (Windows only)

 # ==============================================================

         "verifymar",

     ]

-    if CONFIG["TOR_BROWSER_UPDATE"]:

+    if CONFIG["MOZ_USE_NSS_FOR_MAR"]:

         DEFINES["MAR_NSS"] = True

     if CONFIG["OS_ARCH"] == "WINNT":

         OS_LIBS += [

             "ws2_32",

         ]

-        if not CONFIG["TOR_BROWSER_UPDATE"]:

+        if not CONFIG["MOZ_USE_NSS_FOR_MAR"]:

             OS_LIBS += [

                 "crypt32",

                 "advapi32",

             ]

-    elif CONFIG["OS_ARCH"] == "Darwin" and not CONFIG["TOR_BROWSER_UPDATE"]:

+    elif CONFIG["OS_ARCH"] == "Darwin" and not CONFIG["MOZ_USE_NSS_FOR_MAR"]:

         OS_LIBS += [

             "-framework CoreFoundation",

             "-framework Security",

 if CONFIG["OS_ARCH"] == "WINNT":

     USE_STATIC_LIBS = True

-elif CONFIG["OS_ARCH"] == "Darwin":

-    USE_LIBS += [

-        "nspr",

-        "nss",

-        "signmar",

+    use_nss = CONFIG["MOZ_USE_NSS_FOR_MAR"]

+elif CONFIG["OS_ARCH"] == "Darwin" and not CONFIG["MOZ_USE_NSS_FOR_MAR"]:

+    UNIFIED_SOURCES += [

+        "MacVerifyCrypto.cpp",

     ]

+    OS_LIBS += [

+        "-framework Security",

+    ]

+    use_nss = False

 else:

     USE_LIBS += [

         "nspr",

     OS_LIBS += [

         "-Wl,-rpath=\\$$ORIGIN",

     ]

-

-DEFINES["MAR_NSS"] = True

-LOCAL_INCLUDES += ["../sign"]

+    use_nss = True

 LOCAL_INCLUDES += [

     "../src",

 ]

+if use_nss:

+    LOCAL_INCLUDES += ["../sign"]

+    DEFINES["MAR_NSS"] = True

+

 # C11 for static_assert

 c11_flags = ["-std=gnu11"]

 if CONFIG["CC_TYPE"] == "clang-cl":

   }

 }

-/**

- * Convert a string containing binary values to hex.

- */

-function binaryToHex(input) {

-  var result = "";

-  for (var i = 0; i < input.length; ++i) {

-    var hex = input.charCodeAt(i).toString(16);

-    if (hex.length == 1) {

-      hex = "0" + hex;

-    }

-    result += hex;

-  }

-  return result;

-}

-

 /**

  * Gets the specified directory at the specified hierarchy under the

  * update root directory and creates it if it doesn't exist.

       // encoded binary (such as what is typically output by programs like

       // sha1sum).  In the future, this may change to base64 depending on how

       // we choose to compute these hashes.

-      digest = binaryToHex(hash.finish(false));

+      hash = hash.finish(false);

+      digest = Array.from(hash, (c, i) =>

+        hash

+          .charCodeAt(i)

+          .toString(16)

+          .padStart(2, "0")

+      ).join("");

     } catch (e) {

       LOG(

         "Downloader:_verifyDownload - failed to compute hash of the downloaded update archive"

 # License, v. 2.0. If a copy of the MPL was not distributed with this

 # file, You can obtain one at http://mozilla.org/MPL/2.0/.

-DEFINES["MAR_NSS"] = True

-

-link_with_nss = DEFINES["MAR_NSS"] or (CONFIG["OS_ARCH"] == "Linux" and CONFIG["MOZ_VERIFY_MAR_SIGNATURE"])

+link_with_nss = CONFIG["MOZ_USE_NSS_FOR_MAR"] or (

+    CONFIG["OS_ARCH"] == "Linux" and CONFIG["MOZ_VERIFY_MAR_SIGNATURE"]

+)

+if link_with_nss:

+    DEFINES["MAR_NSS"] = True

 srcs = [

     "archivereader.cpp",

         if (ReadMARChannelIDs(updateSettingsPath, &MARStrings) != OK) {

           rv = UPDATE_SETTINGS_FILE_CHANNEL;

         } else {

-#  ifdef TOR_BROWSER_UPDATE

+#  ifdef BASE_BROWSER_VERSION_QUOTED

+          // Use the base browser version to prevent downgrade attacks.

           const char* appVersion = BASE_BROWSER_VERSION_QUOTED;

 #  else

           const char* appVersion = MOZ_APP_VERSION;

 if CONFIG["MOZ_BUILD_APP"] == "browser":

     DEFINES["MOZ_BUILD_APP_IS_BROWSER"] = True

-if CONFIG['TOR_BROWSER_UPDATE']:

-    DEFINES['MAR_NSS'] = True

+if CONFIG["MOZ_USE_NSS_FOR_MAR"]:

+    DEFINES["MAR_NSS"] = True

 LOCAL_INCLUDES += [

     "../../other-licenses/nsis/Contrib/CityHash/cityhash",

   return mozilla::Version(appVersion) > buf;

 }

-#if defined(TOR_BROWSER_UPDATE) && defined(MOZ_VERIFY_MAR_SIGNATURE) && \

-    defined(MAR_NSS) && defined(XP_MACOSX)

+#if defined(MOZ_VERIFY_MAR_SIGNATURE) && defined(MAR_NSS) && defined(XP_MACOSX)

 /**

  * Ideally we would save and restore the original library path value after

  * the updater finishes its work (and before firefox is re-launched).

     PR_SetEnv("MOZ_SAFE_MODE_RESTART=1");

   }

-#if defined(TOR_BROWSER_UPDATE) && defined(MOZ_VERIFY_MAR_SIGNATURE) && \

-    defined(MAR_NSS) && defined(XP_MACOSX)

+#if defined(MOZ_VERIFY_MAR_SIGNATURE) && defined(MAR_NSS) && defined(XP_MACOSX)

   // On macOS, append the app directory to the shared library search path

   // so the system can locate the shared libraries that are needed by the

   // updater, e.g., libnss3.dylib).

Pier Angelo Vendrame pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser

Commits:

10 changed files:

Changes: