[tbb-bugs] #25543 [Applications/Tor Browser]: Rebase Tor Browser patches for ESR60

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 15 17:03:25 UTC 2018

#25543: Rebase Tor Browser patches for ESR60
 Reporter:  gk                              |          Owner:
                                            |  arthuredelstein
     Type:  task                            |         Status:
                                            |  needs_revision
 Priority:  Very High                       |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  TorBrowserTeam201805, ff60-esr  |  Actual Points:
Parent ID:  #25741                          |         Points:
 Reviewer:                                  |        Sponsor:

Comment (by gk):

 Replying to [comment:27 mcs]:
 > Kathy and I agree that the patch order is important. We looked at the
 #13252 patch as well as the updater patches, and I propose that Kathy and
 I will produce revised patches that apply in the following order:
 > ||=Ticket=||=Description=||=Hashes from Arthur's 25543+10 branch=||
 > ||#13252||Do not store data in the app
 > ||#19121||Revert Bug 1373267 Remove hashFunction and
 > ||#19121||reinstate the update.xml hash
 > ||#25909||disable updater
 > ||#4234||main TB updater patch||80955896a5b447ea2908f562bbefdef9072c0be1
 > ||#13379||sign our MAR files||4a12c75f47d951186db9822fc425a3655d30fd26||
 > ||#16940||about:tbupdate||61aaeccacd01b036b4368f9b4f1204bd97cc0951
 > This will place all of the updater patches together in a logical order.
 > Also, we will merge the fixup patches for the above so there will only
 be one patch for each.

 Sounds good to me.

 > Finally, we propose dropping the following two patches because we need
 to use a new SHA384 MAR signing key. Is there a ticket for that task?

 Yes, #26045.

 > ||=Ticket=||=Description=||=Hashes from Arthur's 25543+10 branch=||
 > ||#20589||Adding new MAR signing
 > ||#23916||Add new MAR signing
 > Georg and Arthur: Please let Kathy and me know if you agree with this

 Careful! We need to keep at least one of the MAR signing keys we are
 currently shipping. Otherwise it is a bit hard with updates. :) So, if I
 see this correctly then #20589 added the one we are currently using in the
 alpha for signing and #23916 added the current backup key. I estimate
 we'll have the rebase ready before I'll add a new signing key. Thus, I
 think we could drop #20589 and add an adapted commit for #23916 that
 basically creates the status quo. And then we'd replace the current backup
 key with the new one using SHA-384.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25543#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list