[tor-commits] [Git][tpo/applications/tor-browser][base-browser-102.9.0esr-12.5-1] 12 commits: Bug 13379: Allow using NSS to sign and verify MAR signatures

Pier Angelo Vendrame (@pierov) git at gitlab.torproject.org
Mon Mar 20 17:47:22 UTC 2023 


Pier Angelo Vendrame pushed to branch base-browser-102.9.0esr-12.5-1 at The Tor Project / Applications / Tor Browser


Commits:
9a95e213 by Kathy Brade at 2023-03-20T18:38:16+01:00
Bug 13379: Allow using NSS to sign and verify MAR signatures

Allow using NSS on all platforms for checking MAR signatures (instead
  of using OS-native APIs, the default on Mac OS and Windows).
  So that the NSS and NSPR libraries the updater depends on can be
  found at runtime, we add the firefox directory to the shared library
  search path on macOS.
  On Linux, rpath is used to solve that problem, but that approach
  won't work on macOS because the updater executable is copied during
  the update process to a location that can vary.

- - - - -
136c2813 by Pier Angelo Vendrame at 2023-03-20T18:38:25+01:00
fixup! Bug 13379: Allow using NSS to sign and verify MAR signatures

Bug 41668: Port some updater patches to Base Browser

Use a configure-time flag to force using NSS for MARs signatures.

- - - - -
72aa9358 by Pier Angelo Vendrame at 2023-03-20T18:38:25+01:00
fixup! Bug 13379: Allow using NSS to sign and verify MAR signatures

Bug 41668: Port some updater patches to Base Browser

Avoid using -rpath on macOS.

- - - - -
038b55d2 by Pier Angelo Vendrame at 2023-03-20T18:38:26+01:00
fixup! Base Browser's .mozconfigs.

Bug 41668: Port some updater patches to Base Browser

- - - - -
7ae822c3 by Pier Angelo Vendrame at 2023-03-20T18:38:26+01:00
fixup! Base Browser's .mozconfigs.

Bug 41677: Fix updater settings for Android

- - - - -
da0f77aa by Pier Angelo Vendrame at 2023-03-20T18:38:26+01:00
fixup! Firefox preference overrides.

Bug 41668: Port some updater patches to Base Browser

Do not change app.update.auto in firefox.js, but add it to 001.

- - - - -
b5f2300a by Kathy Brade at 2023-03-20T18:38:27+01:00
Bug 4234: Use the Firefox Update Process for Base Browser.

Windows: disable "runas" code path in updater (15201).
Windows: avoid writing to the registry (16236).
Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406,
  16014, 16909, 24476, and 25909.

Also fix bug 27221: purge the startup cache if the Base Browser
version changed (even if the Firefox version and build ID did
not change), e.g., after a minor Base Browser update.

Also fix 32616: Disable GetSecureOutputDirectoryPath() functionality.

Bug 26048: potentially confusing "restart to update" message

Within the update doorhanger, remove the misleading message that mentions
that windows will be restored after an update is applied, and replace the
"Restart and Restore" button label with an existing
"Restart to update Tor Browser" string.

Bug 28885: notify users that update is downloading

Add a "Downloading Base Browser update" item which appears in the
hamburger (app) menu while the update service is downloading a MAR
file. Before this change, the browser did not indicate to the user
that an update was in progress, which is especially confusing in
Tor Browser because downloads often take some time. If the user
clicks on the new menu item, the about dialog is opened to allow
the user to see download progress.

As part of this fix, the update service was changed to always show
update-related messages in the hamburger menu, even if the update
was started in the foreground via the about dialog or via the
"Check for Tor Browser Update" toolbar menu item. This change is
consistent with the Tor Browser goal of making sure users are
informed about the update process.

Removed #28885 parts of this patch which have been uplifted to Firefox.

- - - - -
e359ab23 by Pier Angelo Vendrame at 2023-03-20T18:38:27+01:00
fixup! Bug 4234: Use the Firefox Update Process for Base Browser.

Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros

Changed TOR_BROWSER_VERSION with BASE_BROWSER_VERSION.

- - - - -
ef8cc25a by Pier Angelo Vendrame at 2023-03-20T18:38:28+01:00
fixup! Bug 4234: Use the Firefox Update Process for Base Browser.

Bug 41668: Port some updater patches to Base Browser

Move the check on the update package version to this other commit.

- - - - -
2ae0ca1c by Pier Angelo Vendrame at 2023-03-20T18:38:28+01:00
fixup! Bug 4234: Use the Firefox Update Process for Base Browser.

Bug 41668: Port some updater patches to Base Browser

Rename TOR_BROWSER_UPDATE to BASE_BROWSER_UPDATE.
Also, do not change app.update.auto in firefox.js, but add it to 001.

- - - - -
9640ba6e by Pier Angelo Vendrame at 2023-03-20T18:38:28+01:00
fixup! Bug 4234: Use the Firefox Update Process for Base Browser.

Bug 41668: Port some updater patches to Base Browser

Changes that will need to remain when actually cherry-picking to
base-browser, because they contain name fixes, for example.
Or, for UpdateService.jsm, they need to stay because they make the patch
more understandable.

- - - - -
9b61b6f0 by Pier Angelo Vendrame at 2023-03-20T18:38:29+01:00
fixup! Bug 4234: Use the Firefox Update Process for Base Browser.

Bug 41668: Port some updater patches to Base Browser

Remove Tor Browser-only additions to make the updater patches usable
with Base Browser.
This commit should be reverted, and become a commit on its own, to
further adapt the updater to Tor Browser needs.

- - - - -


30 changed files:

- browser/app/Makefile.in
- browser/app/profile/001-base-profile.js
- browser/app/profile/firefox.js
- browser/base/content/aboutDialog-appUpdater.js
- browser/base/content/aboutDialog.js
- browser/base/moz.build
- browser/components/BrowserContentHandler.jsm
- browser/components/customizableui/content/panelUI.inc.xhtml
- browser/components/preferences/main.js
- browser/config/mozconfigs/base-browser
- browser/config/mozconfigs/base-browser-android
- browser/confvars.sh
- browser/installer/Makefile.in
- browser/installer/package-manifest.in
- build/application.ini.in
- build/moz.configure/init.configure
- build/moz.configure/update-programs.configure
- devtools/client/aboutdebugging/src/actions/runtimes.js
- modules/libmar/tool/mar.c
- modules/libmar/tool/moz.build
- modules/libmar/verify/moz.build
- mozconfig-linux-x86_64-dev
- toolkit/modules/AppConstants.jsm
- toolkit/modules/UpdateUtils.jsm
- toolkit/modules/moz.build
- toolkit/mozapps/extensions/AddonManager.jsm
- toolkit/mozapps/extensions/test/browser/head.js
- toolkit/mozapps/extensions/test/xpcshell/head_addons.js
- toolkit/mozapps/update/UpdateService.jsm
- toolkit/mozapps/update/UpdateServiceStub.jsm


The diff was not included because it is too large.


View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/9c1dd51f8930318313b1a85f11ad04fd8e51ef56...9b61b6f08d4a53c5c36c3b0225d7e82cb0cdfe1a

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/9c1dd51f8930318313b1a85f11ad04fd8e51ef56...9b61b6f08d4a53c5c36c3b0225d7e82cb0cdfe1a
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20230320/4fb5f21a/attachment.htm>

More information about the tor-commits mailing list