[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.15.0esr-13.5-2] 2 commits: fixup! Bug 4234: Use the Firefox Update Process for Base Browser.
Pier Angelo Vendrame (@pierov)
git at gitlab.torproject.org
Thu Aug 29 15:35:53 UTC 2024
Pier Angelo Vendrame pushed to branch tor-browser-115.15.0esr-13.5-2 at The Tor Project / Applications / Tor Browser
Commits:
757b1f4d by Pier Angelo Vendrame at 2024-08-28T08:45:55+02:00
fixup! Bug 4234: Use the Firefox Update Process for Base Browser.
Bug 42747: Discard unsupported updates earlier.
Firefox's updater has a function to select updates, which checks mainly
the version number.
Therefore, a more recent update that is unsupported will be chosen over
a compatible one.
We patch this to be able to provide an alternative update path to
Windows 7.
- - - - -
2f730245 by Pier Angelo Vendrame at 2024-08-28T08:45:55+02:00
fixup! Bug 19121: reinstate the update.xml hash check
Revert "Bug 19121: reinstate the update.xml hash check"
This reverts commit 39a712fbaf18cb64b6dc601c71bac82718de1a01.
- - - - -
3 changed files:
- toolkit/mozapps/update/UpdateService.sys.mjs
- toolkit/mozapps/update/UpdateTelemetry.sys.mjs
- toolkit/mozapps/update/nsIUpdateService.idl
Changes:
=====================================
toolkit/mozapps/update/UpdateService.sys.mjs
=====================================
@@ -2127,8 +2127,6 @@ function UpdatePatch(patch) {
}
break;
case "finalURL":
- case "hashFunction":
- case "hashValue":
case "state":
case "type":
case "URL":
@@ -2148,8 +2146,6 @@ UpdatePatch.prototype = {
// over writing nsIUpdatePatch attributes.
_attrNames: [
"errorCode",
- "hashFunction",
- "hashValue",
"finalURL",
"selected",
"size",
@@ -2163,8 +2159,6 @@ UpdatePatch.prototype = {
*/
serialize: function UpdatePatch_serialize(updates) {
var patch = updates.createElementNS(URI_UPDATE_NS, "patch");
- patch.setAttribute("hashFunction", this.hashFunction);
- patch.setAttribute("hashValue", this.hashValue);
patch.setAttribute("size", this.size);
patch.setAttribute("type", this.type);
patch.setAttribute("URL", this.URL);
@@ -3737,18 +3731,20 @@ UpdateService.prototype = {
switch (aUpdate.type) {
case "major":
- if (!majorUpdate) {
+ if (!majorUpdate || majorUpdate.unsupported) {
majorUpdate = aUpdate;
} else if (
+ !aUpdate.unsupported &&
vc.compare(majorUpdate.appVersion, aUpdate.appVersion) <= 0
) {
majorUpdate = aUpdate;
}
break;
case "minor":
- if (!minorUpdate) {
+ if (!minorUpdate || minorUpdate.unsupported) {
minorUpdate = aUpdate;
} else if (
+ !aUpdate.unsupported &&
vc.compare(minorUpdate.appVersion, aUpdate.appVersion) <= 0
) {
minorUpdate = aUpdate;
@@ -5792,56 +5788,7 @@ Downloader.prototype = {
}
LOG("Downloader:_verifyDownload downloaded size == expected size.");
- let fileStream = Cc[
- "@mozilla.org/network/file-input-stream;1"
- ].createInstance(Ci.nsIFileInputStream);
- fileStream.init(
- destination,
- FileUtils.MODE_RDONLY,
- FileUtils.PERMS_FILE,
- 0
- );
-
- let digest;
- try {
- let hash = Cc["@mozilla.org/security/hash;1"].createInstance(
- Ci.nsICryptoHash
- );
- var hashFunction =
- Ci.nsICryptoHash[this._patch.hashFunction.toUpperCase()];
- if (hashFunction == undefined) {
- throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED);
- }
- hash.init(hashFunction);
- hash.updateFromStream(fileStream, -1);
- // NOTE: For now, we assume that the format of _patch.hashValue is hex
- // encoded binary (such as what is typically output by programs like
- // sha1sum). In the future, this may change to base64 depending on how
- // we choose to compute these hashes.
- hash = hash.finish(false);
- digest = Array.from(hash, (c, i) =>
- hash.charCodeAt(i).toString(16).padStart(2, "0")
- ).join("");
- } catch (e) {
- LOG(
- "Downloader:_verifyDownload - failed to compute hash of the downloaded update archive"
- );
- digest = "";
- }
-
- fileStream.close();
-
- if (digest == this._patch.hashValue.toLowerCase()) {
- LOG("Downloader:_verifyDownload hashes match.");
- return true;
- }
-
- LOG("Downloader:_verifyDownload hashes do not match. ");
- AUSTLMY.pingDownloadCode(
- this.isCompleteUpdate,
- AUSTLMY.DWNLD_ERR_VERIFY_NO_HASH_MATCH
- );
- return false;
+ return true;
},
/**
@@ -6477,9 +6424,6 @@ Downloader.prototype = {
" is higher than patch size: " +
this._patch.size
);
- // It's important that we use a different code than
- // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
- // between a hash error and a wrong download error.
AUSTLMY.pingDownloadCode(
this.isCompleteUpdate,
AUSTLMY.DWNLD_ERR_PATCH_SIZE_LARGER
@@ -6498,9 +6442,6 @@ Downloader.prototype = {
" is not equal to expected patch size: " +
this._patch.size
);
- // It's important that we use a different code than
- // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
- // between a hash error and a wrong download error.
AUSTLMY.pingDownloadCode(
this.isCompleteUpdate,
AUSTLMY.DWNLD_ERR_PATCH_SIZE_NOT_EQUAL
=====================================
toolkit/mozapps/update/UpdateTelemetry.sys.mjs
=====================================
@@ -190,7 +190,6 @@ export var AUSTLMY = {
DWNLD_ERR_VERIFY_NO_REQUEST: 13,
DWNLD_ERR_VERIFY_PATCH_SIZE_NOT_EQUAL: 14,
DWNLD_ERR_WRITE_FAILURE: 15,
- DWNLD_ERR_VERIFY_NO_HASH_MATCH: 16,
// Temporary failure code to see if there are failures without an update phase
DWNLD_UNKNOWN_PHASE_ERR_WRITE_FAILURE: 40,
=====================================
toolkit/mozapps/update/nsIUpdateService.idl
=====================================
@@ -39,17 +39,6 @@ interface nsIUpdatePatch : nsISupports
*/
attribute AString finalURL;
- /**
- * The hash function to use when determining this file's integrity
- */
- attribute AString hashFunction;
-
- /**
- * The value of the hash function named above that should be computed if
- * this file is not corrupt.
- */
- attribute AString hashValue;
-
/**
* The size of this file, in bytes.
*/
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/6935ca008ef96a5c040296a08d5d590fae2d1e25...2f73024545f202f43f20832bcaa77bb46f462c27
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/6935ca008ef96a5c040296a08d5d590fae2d1e25...2f73024545f202f43f20832bcaa77bb46f462c27
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20240829/469eb076/attachment-0001.htm>
More information about the tor-commits
mailing list