[tor-commits] [tor-messenger-build/master] Add patch for signing MAR files (#13379)
arlo at torproject.org
arlo at torproject.org
Thu Jul 28 23:52:35 UTC 2016
commit df4695f356a3369ef448b8c923c7b9bec4f77f18
Author: Sukhbir Singh <sukhbir at torproject.org>
Date: Tue Jul 19 14:13:24 2016 -0400
Add patch for signing MAR files (#13379)
---
.../instantbird/Sign-MAR-files-bug-13379.mozpatch | 616 +++++++++++++++++++++
projects/instantbird/config | 1 +
2 files changed, 617 insertions(+)
diff --git a/projects/instantbird/Sign-MAR-files-bug-13379.mozpatch b/projects/instantbird/Sign-MAR-files-bug-13379.mozpatch
new file mode 100644
index 0000000..bfc1e64
--- /dev/null
+++ b/projects/instantbird/Sign-MAR-files-bug-13379.mozpatch
@@ -0,0 +1,616 @@
+From 94882047c2de9160fd08f33ee2d5541df7baff4d Mon Sep 17 00:00:00 2001
+From: Kathy Brade <brade at pearlcrescent.com>
+Date: Wed, 17 Dec 2014 16:37:11 -0500
+Subject: Bug 13379: Sign our MAR files.
+
+Replace Mozilla's MAR signing certificates with our own.
+Configure with --enable-signmar (build the signmar tool).
+Configure with --enable-verify-mar (when updating, require a valid signature
+ on the MAR file before it is applied).
+Use the Tor Browser version instead of the Firefox version inside the
+ MAR file info block (necessary to prevent downgrade attacks).
+Use NSS on all platforms for checking MAR signatures (Mozilla plans to use
+ OS-native APIs on Mac OS and they already do so on Windows). So that the
+ NSS and NSPR libraries the updater depends on can be found at runtime, we
+ add the firefox directory to the shared library search path on all platforms.
+Use SHA512-based MAR signatures instead of the SHA1-based ones that Mozilla
+ uses. This is implemented inside MAR_USE_SHA512_RSA_SIG #ifdef's and with
+ a signature algorithm ID of 512 to help avoid collisions with future work
+ Mozilla might do in this area.
+ See: https://bugzilla.mozilla.org/show_bug.cgi?id=1105689
+
+diff --git a/config/external/nss/Makefile.in b/config/external/nss/Makefile.in
+index c91bf5b..e636fa0 100644
+--- a/config/external/nss/Makefile.in
++++ b/config/external/nss/Makefile.in
+@@ -283,11 +283,11 @@ endif
+ NSS_DIRS += \
+ nss/cmd/lib \
+ nss/cmd/shlibsign \
++ nss/cmd/certutil \
+ $(NULL)
+
+ ifdef ENABLE_TESTS
+ NSS_DIRS += \
+- nss/cmd/certutil \
+ nss/cmd/pk12util \
+ nss/cmd/modutil \
+ $(NULL)
+diff --git a/modules/libmar/sign/mar_sign.c b/modules/libmar/sign/mar_sign.c
+index 2a08abf..902c6f2 100644
+--- a/modules/libmar/sign/mar_sign.c
++++ b/modules/libmar/sign/mar_sign.c
+@@ -95,7 +95,12 @@ NSSSignBegin(const char *certName,
+ return -1;
+ }
+
+- *ctx = SGN_NewContext (SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, *privKey);
++#ifdef MAR_USE_SHA512_RSA_SIG
++ SECOidTag sigAlg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
++#else
++ SECOidTag sigAlg = SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE;
++#endif
++ *ctx = SGN_NewContext(sigAlg, *privKey);
+ if (!*ctx) {
+ fprintf(stderr, "ERROR: Could not create signature context\n");
+ return -1;
+@@ -994,8 +999,12 @@ mar_repackage_and_sign(const char *NSSConfigDir,
+ signaturePlaceholderOffset = ftello(fpDest);
+
+ for (k = 0; k < certCount; k++) {
+- /* Write out the signature algorithm ID, Only an ID of 1 is supported */
+- signatureAlgorithmID = htonl(1);
++ /* Write out the signature algorithm ID. */
++#ifdef MAR_USE_SHA512_RSA_SIG
++ signatureAlgorithmID = htonl(SIGNATURE_ALGORITHM_ID_SHA512_RSA);
++#else
++ signatureAlgorithmID = htonl(SIGNATURE_ALGORITHM_ID_SHA1_RSA);
++#endif
+ if (WriteAndUpdateSignatures(fpDest, &signatureAlgorithmID,
+ sizeof(signatureAlgorithmID),
+ ctxs, certCount, "num signatures")) {
+diff --git a/modules/libmar/sign/moz.build b/modules/libmar/sign/moz.build
+index d7b8d1f..849deff 100644
+--- a/modules/libmar/sign/moz.build
++++ b/modules/libmar/sign/moz.build
+@@ -19,6 +19,7 @@ LOCAL_INCLUDES += [
+ ]
+
+ DEFINES['MAR_NSS'] = True
++DEFINES['MAR_USE_SHA512_RSA_SIG'] = True
+
+ if CONFIG['OS_ARCH'] == 'WINNT':
+ USE_STATIC_LIBS = True
+diff --git a/modules/libmar/src/mar_private.h b/modules/libmar/src/mar_private.h
+index e0c2632..add03f5 100644
+--- a/modules/libmar/src/mar_private.h
++++ b/modules/libmar/src/mar_private.h
+@@ -21,6 +21,14 @@
+ which is 16 bytes */
+ #define SIGNATURE_BLOCK_OFFSET 16
+
++/* Signature algorithm IDs. */
++#define SIGNATURE_ALGORITHM_ID_SHA1_RSA 1
++#ifdef MAR_USE_SHA512_RSA_SIG
++/* Use 512 as the algorithm ID so it is less likely that we will conflict with
++ whatever Mozilla chooses when they add support for a stronger signature. */
++#define SIGNATURE_ALGORITHM_ID_SHA512_RSA 512
++#endif
++
+ /* Make sure the file is less than 500MB. We do this to protect against
+ invalid MAR files. */
+ #define MAX_SIZE_OF_MAR_FILE ((int64_t)524288000)
+diff --git a/modules/libmar/tool/mar.c b/modules/libmar/tool/mar.c
+index 5011c88..ef0a3eb 100644
+--- a/modules/libmar/tool/mar.c
++++ b/modules/libmar/tool/mar.c
+@@ -31,7 +31,11 @@ int mar_repackage_and_sign(const char *NSSConfigDir,
+ const char * dest);
+
+ static void print_version() {
++#ifdef TOR_BROWSER_UPDATE
++ printf("Version: %s\n", TOR_BROWSER_VERSION);
++#else
+ printf("Version: %s\n", MOZ_APP_VERSION);
++#endif
+ printf("Default Channel ID: %s\n", MAR_CHANNEL_ID);
+ }
+
+@@ -61,7 +65,7 @@ static void print_usage() {
+ "signed_input_archive.mar base_64_encoded_signature_file "
+ "changed_signed_output.mar\n");
+ printf("(i) is the index of the certificate to extract\n");
+-#if defined(XP_MACOSX) || (defined(XP_WIN) && !defined(MAR_NSS))
++#if (defined(XP_MACOSX) || defined(XP_WIN)) && !defined(MAR_NSS)
+ printf("Verify a MAR file:\n");
+ printf(" mar [-C workingDir] -D DERFilePath -v signed_archive.mar\n");
+ printf("At most %d signature certificate DER files are specified by "
+@@ -116,7 +120,11 @@ int main(int argc, char **argv) {
+ char *NSSConfigDir = NULL;
+ const char *certNames[MAX_SIGNATURES];
+ char *MARChannelID = MAR_CHANNEL_ID;
++#ifdef TOR_BROWSER_UPDATE
++ char *productVersion = TOR_BROWSER_VERSION;
++#else
+ char *productVersion = MOZ_APP_VERSION;
++#endif
+ uint32_t k;
+ int rv = -1;
+ uint32_t certCount = 0;
+@@ -135,8 +143,8 @@ int main(int argc, char **argv) {
+ #if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY)
+ memset((void*)certBuffers, 0, sizeof(certBuffers));
+ #endif
+-#if !defined(NO_SIGN_VERIFY) && ((!defined(MAR_NSS) && defined(XP_WIN)) || \
+- defined(XP_MACOSX))
++#if !defined(NO_SIGN_VERIFY) && (!defined(MAR_NSS) && (defined(XP_WIN) || \
++ defined(XP_MACOSX)))
+ memset(DERFilePaths, 0, sizeof(DERFilePaths));
+ memset(fileSizes, 0, sizeof(fileSizes));
+ #endif
+@@ -167,8 +175,8 @@ int main(int argc, char **argv) {
+ argv += 2;
+ argc -= 2;
+ }
+-#if !defined(NO_SIGN_VERIFY) && ((!defined(MAR_NSS) && defined(XP_WIN)) || \
+- defined(XP_MACOSX))
++#if !defined(NO_SIGN_VERIFY) && (!defined(MAR_NSS) && (defined(XP_WIN) || \
++ defined(XP_MACOSX)))
+ /* -D DERFilePath, also matches -D[index] DERFilePath
+ We allow an index for verifying to be symmetric
+ with the import and export command line arguments. */
+@@ -343,6 +351,10 @@ int main(int argc, char **argv) {
+ #if (defined(XP_WIN) || defined(XP_MACOSX)) && !defined(MAR_NSS)
+ rv = mar_read_entire_file(DERFilePaths[k], MAR_MAX_CERT_SIZE,
+ &certBuffers[k], &fileSizes[k]);
++ if (rv) {
++ fprintf(stderr, "ERROR: could not read file %s", DERFilePaths[k]);
++ break;
++ }
+ #else
+ /* It is somewhat circuitous to look up a CERTCertificate and then pass
+ * in its DER encoding just so we can later re-create that
+@@ -359,11 +371,11 @@ int main(int argc, char **argv) {
+ } else {
+ rv = -1;
+ }
+-#endif
+ if (rv) {
+- fprintf(stderr, "ERROR: could not read file %s", DERFilePaths[k]);
++ fprintf(stderr, "ERROR: no certificate named %s", certNames[k]);
+ break;
+ }
++#endif
+ }
+
+ if (!rv) {
+diff --git a/modules/libmar/tool/moz.build b/modules/libmar/tool/moz.build
+index 5b52124..9fa982e 100644
+--- a/modules/libmar/tool/moz.build
++++ b/modules/libmar/tool/moz.build
+@@ -29,7 +29,13 @@ for var in ('MAR_CHANNEL_ID', 'MOZ_APP_VERSION'):
+ DEFINES[var] = '"%s"' % CONFIG[var]
+ HOST_DEFINES[var] = DEFINES[var]
+
++if CONFIG['TOR_BROWSER_UPDATE']:
++ DEFINES['TOR_BROWSER_UPDATE'] = '%s' % CONFIG['TOR_BROWSER_UPDATE']
++if CONFIG['TOR_BROWSER_VERSION']:
++ DEFINES['TOR_BROWSER_VERSION'] = '"%s"' % CONFIG['TOR_BROWSER_VERSION']
++
+ if CONFIG['MOZ_ENABLE_SIGNMAR']:
++ DEFINES['MAR_NSS'] = True
+ USE_LIBS += [
+ 'nspr',
+ 'nss',
+@@ -43,12 +49,12 @@ if CONFIG['OS_ARCH'] == 'WINNT':
+ OS_LIBS += [
+ 'ws2_32',
+ ]
+- if CONFIG['MOZ_ENABLE_SIGNMAR']:
++ if CONFIG['MOZ_ENABLE_SIGNMAR'] and not DEFINES['MAR_NSS']:
+ OS_LIBS += [
+ 'crypt32',
+ 'advapi32',
+ ]
+-elif CONFIG['OS_ARCH'] == 'Darwin':
++elif CONFIG['OS_ARCH'] == 'Darwin' and not DEFINES['MAR_NSS']:
+ OS_LIBS += [
+ '-framework Security',
+ ]
+diff --git a/modules/libmar/verify/cryptox.c b/modules/libmar/verify/cryptox.c
+index af34210..f39669b 100644
+--- a/modules/libmar/verify/cryptox.c
++++ b/modules/libmar/verify/cryptox.c
+@@ -64,8 +64,12 @@ NSS_VerifyBegin(VFYContext **ctx,
+ return CryptoX_Error;
+ }
+
+- *ctx = VFY_CreateContext(*publicKey, NULL,
+- SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, NULL);
++#ifdef MAR_USE_SHA512_RSA_SIG
++ SECOidTag sigAlg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
++#else
++ SECOidTag sigAlg = SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE;
++#endif
++ *ctx = VFY_CreateContext(*publicKey, NULL, sigAlg, NULL);
+ if (*ctx == NULL) {
+ return CryptoX_Error;
+ }
+diff --git a/modules/libmar/verify/cryptox.h b/modules/libmar/verify/cryptox.h
+index 2296b81..ab9b5a3 100644
+--- a/modules/libmar/verify/cryptox.h
++++ b/modules/libmar/verify/cryptox.h
+@@ -59,6 +59,10 @@ CryptoX_Result NSS_VerifySignature(VFYContext * const *ctx ,
+
+ #elif XP_MACOSX
+
++#ifdef MAR_USE_SHA512_RSA_SIG
++#error MAR_USE_SHA512_RSA_SIG is not implemented.
++#endif
++
+ #define CryptoX_InvalidHandleValue NULL
+ #define CryptoX_ProviderHandle void*
+ #define CryptoX_SignatureHandle void*
+@@ -106,6 +110,11 @@ void CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey);
+
+ #elif defined(XP_WIN)
+
++#ifdef MAR_USE_SHA512_RSA_SIG
++#error MAR_USE_SHA512_RSA_SIG is not implemented.
++#endif
++
++
+ #include <windows.h>
+ #include <wincrypt.h>
+
+diff --git a/modules/libmar/verify/mar_verify.c b/modules/libmar/verify/mar_verify.c
+index 07e4354..a9ecaa8 100644
+--- a/modules/libmar/verify/mar_verify.c
++++ b/modules/libmar/verify/mar_verify.c
+@@ -277,8 +277,25 @@ mar_extract_and_verify_signatures_fp(FILE *fp,
+ }
+
+ /* We don't try to verify signatures we don't know about */
+- if (signatureAlgorithmIDs[i] != 1) {
+- fprintf(stderr, "ERROR: Unknown signature algorithm ID.\n");
++#ifdef MAR_USE_SHA512_RSA_SIG
++ const uint32_t kSupportedAlgID = SIGNATURE_ALGORITHM_ID_SHA512_RSA;
++#else
++ const uint32_t kSupportedAlgID = SIGNATURE_ALGORITHM_ID_SHA1_RSA;
++#endif
++
++ if (signatureAlgorithmIDs[i] != kSupportedAlgID) {
++#ifdef MAR_USE_SHA512_RSA_SIG
++ if (signatureAlgorithmIDs[i] == SIGNATURE_ALGORITHM_ID_SHA1_RSA) {
++ fprintf(stderr,
++ "ERROR: Unsupported signature algorithm (SHA1 with RSA).\n");
++ } else {
++ fprintf(stderr, "ERROR: Unknown signature algorithm ID %u.\n",
++ signatureAlgorithmIDs[i]);
++ }
++#else
++ fprintf(stderr, "ERROR: Unknown signature algorithm ID %u.\n",
++ signatureAlgorithmIDs[i]);
++#endif
+ for (i = 0; i < signatureCount; ++i) {
+ free(extractedSignatures[i]);
+ }
+diff --git a/modules/libmar/verify/moz.build b/modules/libmar/verify/moz.build
+index 89f7323..735cf7c 100644
+--- a/modules/libmar/verify/moz.build
++++ b/modules/libmar/verify/moz.build
+@@ -15,16 +15,10 @@ FORCE_STATIC_LIB = True
+
+ if CONFIG['OS_ARCH'] == 'WINNT':
+ USE_STATIC_LIBS = True
+-elif CONFIG['OS_ARCH'] == 'Darwin':
+- UNIFIED_SOURCES += [
+- 'MacVerifyCrypto.cpp',
+- ]
+- OS_LIBS += [
+- '-framework Security',
+- ]
+-else:
+- DEFINES['MAR_NSS'] = True
+- LOCAL_INCLUDES += ['../sign']
++
++DEFINES['MAR_NSS'] = True
++DEFINES['MAR_USE_SHA512_RSA_SIG'] = True
++LOCAL_INCLUDES += ['../sign']
+
+ LOCAL_INCLUDES += [
+ '../src',
+diff --git a/toolkit/mozapps/update/updater/Makefile.in b/toolkit/mozapps/update/updater/Makefile.in
+index d216298..f2c7540 100644
+--- a/toolkit/mozapps/update/updater/Makefile.in
++++ b/toolkit/mozapps/update/updater/Makefile.in
+@@ -15,7 +15,7 @@ endif
+
+ include $(topsrcdir)/config/rules.mk
+
+-ifneq (,$(filter beta release esr,$(MOZ_UPDATE_CHANNEL)))
++ifneq (,$(filter alpha beta hardened release esr,$(MOZ_UPDATE_CHANNEL)))
+ PRIMARY_CERT = release_primary.der
+ SECONDARY_CERT = release_secondary.der
+ else ifneq (,$(filter nightly aurora nightly-elm nightly-profiling nightly-oak nightly-ux,$(MOZ_UPDATE_CHANNEL)))
+diff --git a/toolkit/mozapps/update/updater/release_primary.der b/toolkit/mozapps/update/updater/release_primary.der
+index 11417c3..542fb24 100644
+Binary files a/toolkit/mozapps/update/updater/release_primary.der and b/toolkit/mozapps/update/updater/release_primary.der differ
+diff --git a/toolkit/mozapps/update/updater/updater-common.build b/toolkit/mozapps/update/updater/updater-common.build
+index a39d47d88..a9699c23 100644
+--- a/toolkit/mozapps/update/updater/updater-common.build
++++ b/toolkit/mozapps/update/updater/updater-common.build
+@@ -4,6 +4,10 @@
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
++DEFINES['MAR_NSS'] = True
++
++link_with_nss = DEFINES['MAR_NSS'] or (CONFIG['OS_ARCH'] == 'Linux' and CONFIG['MOZ_VERIFY_MAR_SIGNATURE'])
++
+ srcs = [
+ 'archivereader.cpp',
+ 'bspatch.cpp',
+@@ -41,19 +45,23 @@ if CONFIG['OS_ARCH'] == 'WINNT':
+ 'ws2_32',
+ 'shell32',
+ 'shlwapi',
+- 'crypt32',
+- 'advapi32',
+ ]
+-elif CONFIG['OS_ARCH'] == 'Linux' and CONFIG['MOZ_VERIFY_MAR_SIGNATURE']:
++
++ if not link_with_nss:
++ OS_LIBS += [
++ 'crypt32',
++ 'advapi32',
++ ]
++else:
+ USE_LIBS += [
+- 'nss',
+- 'signmar',
+ 'updatecommon',
+ ]
+- OS_LIBS += CONFIG['NSPR_LIBS']
+-else:
++
++if link_with_nss:
+ USE_LIBS += [
+- 'updatecommon',
++ 'nspr',
++ 'nss',
++ 'signmar',
+ ]
+
+ USE_LIBS += [
+@@ -81,8 +89,12 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
+ ]
+ OS_LIBS += [
+ '-framework Cocoa',
+- '-framework Security',
+ ]
++
++ if not link_with_nss:
++ OS_LIBS += [
++ '-framework Security',
++ ]
+ elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gonk':
+ have_progressui = 1
+ srcs += [
+diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp
+index f362292..2d205a8 100644
+--- a/toolkit/mozapps/update/updater/updater.cpp
++++ b/toolkit/mozapps/update/updater/updater.cpp
+@@ -120,11 +120,13 @@ static bool sUseHardLinks = true;
+ # define MAYBE_USE_HARD_LINKS 0
+ #endif
+
+-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && \
+- !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)
++#if defined(MOZ_VERIFY_MAR_SIGNATURE)
++#if defined(MAR_NSS) || (!defined(XP_WIN) && !defined(XP_MACOSX) && \
++ !defined(MOZ_WIDGET_GONK))
+ #include "nss.h"
+ #include "prerror.h"
+ #endif
++#endif
+
+ #ifdef XP_WIN
+ #ifdef MOZ_MAINTENANCE_SERVICE
+@@ -2635,8 +2637,13 @@ UpdateThreadFunc(void *param)
+ MARStrings.MARChannelID[0] = '\0';
+ }
+
++#ifdef TOR_BROWSER_UPDATE
++ const char *appVersion = TOR_BROWSER_VERSION;
++#else
++ const char *appVersion = MOZ_APP_VERSION;
++#endif
+ rv = gArchiveReader.VerifyProductInformation(MARStrings.MARChannelID,
+- MOZ_APP_VERSION);
++ appVersion);
+ }
+ }
+ #endif
+@@ -2722,12 +2729,11 @@ int NS_main(int argc, NS_tchar **argv)
+ }
+ #endif
+
+-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && \
+- !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)
+- // On Windows and Mac we rely on native APIs to do verifications so we don't
+- // need to initialize NSS at all there.
+- // Otherwise, minimize the amount of NSS we depend on by avoiding all the NSS
+- // databases.
++#if defined(MOZ_VERIFY_MAR_SIGNATURE)
++#if defined(MAR_NSS) || (!defined(XP_WIN) && !defined(XP_MACOSX) && \
++ !defined(MOZ_WIDGET_GONK))
++ // If using NSS for signature verification, initialize NSS but minimize
++ // the portion we depend on by avoiding all of the NSS databases.
+ if (NSS_NoDB_Init(NULL) != SECSuccess) {
+ PRErrorCode error = PR_GetError();
+ fprintf(stderr, "Could not initialize NSS: %s (%d)",
+@@ -2735,6 +2741,7 @@ int NS_main(int argc, NS_tchar **argv)
+ _exit(1);
+ }
+ #endif
++#endif
+
+ InitProgressUI(&argc, &argv);
+
+diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build
+index 3e6a3b6..7d46dfd 100644
+--- a/toolkit/xre/moz.build
++++ b/toolkit/xre/moz.build
+@@ -149,6 +149,9 @@ for var in ('APP_VERSION', 'APP_ID'):
+ if CONFIG['MOZ_BUILD_APP'] == 'browser':
+ DEFINES['MOZ_BUILD_APP_IS_BROWSER'] = True
+
++if CONFIG['MOZ_ENABLE_SIGNMAR'] and CONFIG['TOR_BROWSER_UPDATE']:
++ DEFINES['MAR_NSS'] = True
++
+ LOCAL_INCLUDES += [
+ '../profile',
+ '/config',
+diff --git a/toolkit/xre/nsUpdateDriver.cpp b/toolkit/xre/nsUpdateDriver.cpp
+index ee60aee..0c7b6b0 100644
+--- a/toolkit/xre/nsUpdateDriver.cpp
++++ b/toolkit/xre/nsUpdateDriver.cpp
+@@ -39,7 +39,6 @@
+ # include <windows.h>
+ # include <shlwapi.h>
+ # include "nsWindowsHelpers.h"
+-# include "prprf.h"
+ # define getcwd(path, size) _getcwd(path, size)
+ # define getpid() GetCurrentProcessId()
+ #elif defined(XP_UNIX)
+@@ -169,36 +168,6 @@ GetInstallDirPath(nsIFile *appDir, nsACString& installDirPath)
+ return NS_OK;
+ }
+
+-#if defined(TOR_BROWSER_UPDATE) && defined(XP_WIN)
+-#define PATH_SEPARATOR ";"
+-
+-// In Tor Browser, updater.exe depends on some DLLs that are located in the
+-// app directory. To allow the updater to run when it has been copied into
+-// the update directory, we append the app directory to the PATH.
+-static nsresult
+-AdjustPathForUpdater(nsIFile *appDir)
+-{
+- nsAutoCString appPath;
+- nsresult rv = appDir->GetNativePath(appPath);
+- NS_ENSURE_SUCCESS(rv, rv);
+-
+- char *s = nullptr;
+- char *pathValue = PR_GetEnv("PATH");
+- if ((nullptr == pathValue) || ('\0' == *pathValue)) {
+- s = PR_smprintf("PATH=%s", appPath.get());
+- } else {
+- s = PR_smprintf("PATH=%s" PATH_SEPARATOR "%s", pathValue, appPath.get());
+- }
+-
+- // We intentionally leak the value that is passed into PR_SetEnv() because
+- // the environment will hold a pointer to it.
+- if ((nullptr == s) || (PR_SUCCESS != PR_SetEnv(s)))
+- return NS_ERROR_FAILURE;
+-
+- return NS_OK;
+-}
+-#endif
+-
+ #ifdef DEBUG
+ static void
+ dump_argv(const char *aPrefix, char **argv, int argc)
+@@ -500,13 +469,22 @@ CopyUpdaterIntoUpdateDir(nsIFile *greDir, nsIFile *appDir, nsIFile *updateDir,
+ * Appends the specified path to the library path.
+ * This is used so that updater can find libmozsqlite3.so and other shared libs.
+ *
+- * @param pathToAppend A new library path to prepend to LD_LIBRARY_PATH
++ * @param pathToAppend A new library path to prepend to the dynamic linker's search path.
+ */
+-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && \
+- !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)
++#if defined(MOZ_VERIFY_MAR_SIGNATURE) && (defined(MAR_NSS) || \
++ (!defined(XP_WIN) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)))
+ #include "prprf.h"
++#if defined(XP_WIN)
++#define PATH_SEPARATOR ";"
++#define LD_LIBRARY_PATH_ENVVAR_NAME "PATH"
++#else
+ #define PATH_SEPARATOR ":"
++#if defined(XP_MACOSX)
++#define LD_LIBRARY_PATH_ENVVAR_NAME "DYLD_LIBRARY_PATH"
++#else
+ #define LD_LIBRARY_PATH_ENVVAR_NAME "LD_LIBRARY_PATH"
++#endif
++#endif
+ static void
+ AppendToLibPath(const char *pathToAppend)
+ {
+@@ -732,16 +710,20 @@ SwitchToUpdatedApp(nsIFile *greDir, nsIFile *updateDir,
+ if (gSafeMode) {
+ PR_SetEnv("MOZ_SAFE_MODE_RESTART=1");
+ }
+-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && \
+- !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)
+- AppendToLibPath(installDirPath.get());
+-#endif
+
+-#if defined(TOR_BROWSER_UPDATE) && defined(XP_WIN)
+- nsresult rv2 = AdjustPathForUpdater(appDir);
+- if (NS_FAILED(rv2)) {
+- LOG(("SwitchToUpdatedApp -- AdjustPathForUpdater failed (0x%x)\n", rv2));
++#if defined(MOZ_VERIFY_MAR_SIGNATURE) && (defined(MAR_NSS) || \
++ (!defined(XP_WIN) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)))
++#ifdef TOR_BROWSER_UPDATE
++ nsAutoCString appPath;
++ nsresult rv2 = appDir->GetNativePath(appPath);
++ if (NS_SUCCEEDED(rv2)) {
++ AppendToLibPath(appPath.get());
++ } else {
++ LOG(("SwitchToUpdatedApp -- appDir->GetNativePath() failed (0x%x)\n", rv2));
+ }
++#else
++ AppendToLibPath(installDirPath.get());
++#endif
+ #endif
+
+ LOG(("spawning updater process for replacing [%s]\n", updaterPath.get()));
+@@ -1020,22 +1002,25 @@ ApplyUpdate(nsIFile *greDir, nsIFile *updateDir, nsIFile *statusFile,
+ if (gSafeMode) {
+ PR_SetEnv("MOZ_SAFE_MODE_RESTART=1");
+ }
+-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && \
+- !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)
++#if defined(MOZ_VERIFY_MAR_SIGNATURE) && (defined(MAR_NSS) || \
++ (!defined(XP_WIN) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)))
++#ifdef TOR_BROWSER_UPDATE
++ nsAutoCString appPath;
++ nsresult rv2 = appDir->GetNativePath(appPath);
++ if (NS_SUCCEEDED(rv2)) {
++ AppendToLibPath(appPath.get());
++ } else {
++ LOG(("ApplyUpdate -- appDir->GetNativePath() failed (0x%x)\n", rv2));
++ }
++#else
+ AppendToLibPath(installDirPath.get());
+ #endif
++#endif
+
+ if (isOSUpdate) {
+ PR_SetEnv("MOZ_OS_UPDATE=1");
+ }
+
+-#if defined(TOR_BROWSER_UPDATE) && defined(XP_WIN)
+- nsresult rv2 = AdjustPathForUpdater(appDir);
+- if (NS_FAILED(rv2)) {
+- LOG(("ApplyUpdate -- AdjustPathForUpdater failed (0x%x)\n", rv2));
+- }
+-#endif
+-
+ #if defined(MOZ_WIDGET_GONK)
+ // We want the updater to be CPU friendly and not subject to being killed by
+ // the low memory killer, so we pass in some preferences to allow it to
+--
+cgit v0.10.2
+
diff --git a/projects/instantbird/config b/projects/instantbird/config
index 3c5871d..f6db253 100644
--- a/projects/instantbird/config
+++ b/projects/instantbird/config
@@ -126,6 +126,7 @@ input_files:
- filename: Improve-profile-access-bug-14631-first.mozpatch
- filename: Improve-profile-access-bug-14631-second.mozpatch
- filename: Mac-outside-app-data-bug-13252.mozpatch
+ - filename: Sign-MAR-files-bug-13379.mozpatch
- filename: Update-load-local-changes-bug-14392-first.mozpatch
- filename: Update-load-local-changes-bug-16940-second.mozpatch
- filename: aboutTBUpdateLogo.png
More information about the tor-commits
mailing list