[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-messenger-build/updater] Add patch for signing MAR files (#13379)



commit df4695f356a3369ef448b8c923c7b9bec4f77f18
Author: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
Date:   Tue Jul 19 14:13:24 2016 -0400

    Add patch for signing MAR files (#13379)
---
 .../instantbird/Sign-MAR-files-bug-13379.mozpatch  | 616 +++++++++++++++++++++
 projects/instantbird/config                        |   1 +
 2 files changed, 617 insertions(+)

diff --git a/projects/instantbird/Sign-MAR-files-bug-13379.mozpatch b/projects/instantbird/Sign-MAR-files-bug-13379.mozpatch
new file mode 100644
index 0000000..bfc1e64
--- /dev/null
+++ b/projects/instantbird/Sign-MAR-files-bug-13379.mozpatch
@@ -0,0 +1,616 @@
+From 94882047c2de9160fd08f33ee2d5541df7baff4d Mon Sep 17 00:00:00 2001
+From: Kathy Brade <brade@xxxxxxxxxxxxxxxxx>
+Date: Wed, 17 Dec 2014 16:37:11 -0500
+Subject: Bug 13379: Sign our MAR files.
+
+Replace Mozilla's MAR signing certificates with our own.
+Configure with --enable-signmar (build the signmar tool).
+Configure with --enable-verify-mar (when updating, require a valid signature
+  on the MAR file before it is applied).
+Use the Tor Browser version instead of the Firefox version inside the
+  MAR file info block (necessary to prevent downgrade attacks).
+Use NSS on all platforms for checking MAR signatures (Mozilla plans to use
+  OS-native APIs on Mac OS and they already do so on Windows). So that the
+  NSS and NSPR libraries the updater depends on can be found at runtime, we
+  add the firefox directory to the shared library search path on all platforms.
+Use SHA512-based MAR signatures instead of the SHA1-based ones that Mozilla
+  uses. This is implemented inside MAR_USE_SHA512_RSA_SIG #ifdef's and with
+  a signature algorithm ID of 512 to help avoid collisions with future work
+  Mozilla might do in this area.
+  See: https://bugzilla.mozilla.org/show_bug.cgi?id=1105689
+
+diff --git a/config/external/nss/Makefile.in b/config/external/nss/Makefile.in
+index c91bf5b..e636fa0 100644
+--- a/config/external/nss/Makefile.in
++++ b/config/external/nss/Makefile.in
+@@ -283,11 +283,11 @@ endif
+ NSS_DIRS += \
+   nss/cmd/lib \
+   nss/cmd/shlibsign \
++  nss/cmd/certutil \
+   $(NULL)
+ 
+ ifdef ENABLE_TESTS
+ NSS_DIRS += \
+-  nss/cmd/certutil \
+   nss/cmd/pk12util \
+   nss/cmd/modutil \
+   $(NULL)
+diff --git a/modules/libmar/sign/mar_sign.c b/modules/libmar/sign/mar_sign.c
+index 2a08abf..902c6f2 100644
+--- a/modules/libmar/sign/mar_sign.c
++++ b/modules/libmar/sign/mar_sign.c
+@@ -95,7 +95,12 @@ NSSSignBegin(const char *certName,
+     return -1;
+   }
+ 
+-  *ctx = SGN_NewContext (SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, *privKey);
++#ifdef MAR_USE_SHA512_RSA_SIG
++  SECOidTag sigAlg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
++#else
++  SECOidTag sigAlg = SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE;
++#endif
++  *ctx = SGN_NewContext(sigAlg, *privKey);
+   if (!*ctx) {
+     fprintf(stderr, "ERROR: Could not create signature context\n");
+     return -1;
+@@ -994,8 +999,12 @@ mar_repackage_and_sign(const char *NSSConfigDir,
+   signaturePlaceholderOffset = ftello(fpDest);
+ 
+   for (k = 0; k < certCount; k++) {
+-    /* Write out the signature algorithm ID, Only an ID of 1 is supported */
+-    signatureAlgorithmID = htonl(1);
++    /* Write out the signature algorithm ID. */
++#ifdef MAR_USE_SHA512_RSA_SIG
++    signatureAlgorithmID = htonl(SIGNATURE_ALGORITHM_ID_SHA512_RSA);
++#else
++    signatureAlgorithmID = htonl(SIGNATURE_ALGORITHM_ID_SHA1_RSA);
++#endif
+     if (WriteAndUpdateSignatures(fpDest, &signatureAlgorithmID,
+                                  sizeof(signatureAlgorithmID),
+                                  ctxs, certCount, "num signatures")) {
+diff --git a/modules/libmar/sign/moz.build b/modules/libmar/sign/moz.build
+index d7b8d1f..849deff 100644
+--- a/modules/libmar/sign/moz.build
++++ b/modules/libmar/sign/moz.build
+@@ -19,6 +19,7 @@ LOCAL_INCLUDES += [
+ ]
+ 
+ DEFINES['MAR_NSS'] = True
++DEFINES['MAR_USE_SHA512_RSA_SIG'] = True
+ 
+ if CONFIG['OS_ARCH'] == 'WINNT':
+     USE_STATIC_LIBS = True
+diff --git a/modules/libmar/src/mar_private.h b/modules/libmar/src/mar_private.h
+index e0c2632..add03f5 100644
+--- a/modules/libmar/src/mar_private.h
++++ b/modules/libmar/src/mar_private.h
+@@ -21,6 +21,14 @@
+    which is 16 bytes */
+ #define SIGNATURE_BLOCK_OFFSET 16
+ 
++/* Signature algorithm IDs. */
++#define SIGNATURE_ALGORITHM_ID_SHA1_RSA 1
++#ifdef MAR_USE_SHA512_RSA_SIG
++/* Use 512 as the algorithm ID so it is less likely that we will conflict with
++   whatever Mozilla chooses when they add support for a stronger signature. */
++#define SIGNATURE_ALGORITHM_ID_SHA512_RSA 512
++#endif
++
+ /* Make sure the file is less than 500MB.  We do this to protect against
+    invalid MAR files. */
+ #define MAX_SIZE_OF_MAR_FILE ((int64_t)524288000)
+diff --git a/modules/libmar/tool/mar.c b/modules/libmar/tool/mar.c
+index 5011c88..ef0a3eb 100644
+--- a/modules/libmar/tool/mar.c
++++ b/modules/libmar/tool/mar.c
+@@ -31,7 +31,11 @@ int mar_repackage_and_sign(const char *NSSConfigDir,
+                            const char * dest);
+ 
+ static void print_version() {
++#ifdef TOR_BROWSER_UPDATE
++  printf("Version: %s\n", TOR_BROWSER_VERSION);
++#else
+   printf("Version: %s\n", MOZ_APP_VERSION);
++#endif
+   printf("Default Channel ID: %s\n", MAR_CHANNEL_ID);
+ }
+ 
+@@ -61,7 +65,7 @@ static void print_usage() {
+          "signed_input_archive.mar base_64_encoded_signature_file "
+          "changed_signed_output.mar\n");
+   printf("(i) is the index of the certificate to extract\n");
+-#if defined(XP_MACOSX) || (defined(XP_WIN) && !defined(MAR_NSS))
++#if (defined(XP_MACOSX) || defined(XP_WIN)) && !defined(MAR_NSS)
+   printf("Verify a MAR file:\n");
+   printf("  mar [-C workingDir] -D DERFilePath -v signed_archive.mar\n");
+   printf("At most %d signature certificate DER files are specified by "
+@@ -116,7 +120,11 @@ int main(int argc, char **argv) {
+   char *NSSConfigDir = NULL;
+   const char *certNames[MAX_SIGNATURES];
+   char *MARChannelID = MAR_CHANNEL_ID;
++#ifdef TOR_BROWSER_UPDATE
++  char *productVersion = TOR_BROWSER_VERSION;
++#else
+   char *productVersion = MOZ_APP_VERSION;
++#endif
+   uint32_t k;
+   int rv = -1;
+   uint32_t certCount = 0;
+@@ -135,8 +143,8 @@ int main(int argc, char **argv) {
+ #if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY)
+   memset((void*)certBuffers, 0, sizeof(certBuffers));
+ #endif
+-#if !defined(NO_SIGN_VERIFY) && ((!defined(MAR_NSS) && defined(XP_WIN)) || \
+-                                 defined(XP_MACOSX))
++#if !defined(NO_SIGN_VERIFY) && (!defined(MAR_NSS) && (defined(XP_WIN) || \
++                                 defined(XP_MACOSX)))
+   memset(DERFilePaths, 0, sizeof(DERFilePaths));
+   memset(fileSizes, 0, sizeof(fileSizes));
+ #endif
+@@ -167,8 +175,8 @@ int main(int argc, char **argv) {
+       argv += 2;
+       argc -= 2;
+     } 
+-#if !defined(NO_SIGN_VERIFY) && ((!defined(MAR_NSS) && defined(XP_WIN)) || \
+-                                 defined(XP_MACOSX))
++#if !defined(NO_SIGN_VERIFY) && (!defined(MAR_NSS) && (defined(XP_WIN) || \
++                                 defined(XP_MACOSX)))
+     /* -D DERFilePath, also matches -D[index] DERFilePath
+        We allow an index for verifying to be symmetric
+        with the import and export command line arguments. */
+@@ -343,6 +351,10 @@ int main(int argc, char **argv) {
+ #if (defined(XP_WIN) || defined(XP_MACOSX)) && !defined(MAR_NSS)
+       rv = mar_read_entire_file(DERFilePaths[k], MAR_MAX_CERT_SIZE,
+                                 &certBuffers[k], &fileSizes[k]);
++      if (rv) {
++        fprintf(stderr, "ERROR: could not read file %s", DERFilePaths[k]);
++        break;
++      }
+ #else
+       /* It is somewhat circuitous to look up a CERTCertificate and then pass
+        * in its DER encoding just so we can later re-create that
+@@ -359,11 +371,11 @@ int main(int argc, char **argv) {
+       } else {
+         rv = -1;
+       }
+-#endif
+       if (rv) {
+-        fprintf(stderr, "ERROR: could not read file %s", DERFilePaths[k]);
++        fprintf(stderr, "ERROR: no certificate named %s", certNames[k]);
+         break;
+       }
++#endif
+     }
+ 
+     if (!rv) {
+diff --git a/modules/libmar/tool/moz.build b/modules/libmar/tool/moz.build
+index 5b52124..9fa982e 100644
+--- a/modules/libmar/tool/moz.build
++++ b/modules/libmar/tool/moz.build
+@@ -29,7 +29,13 @@ for var in ('MAR_CHANNEL_ID', 'MOZ_APP_VERSION'):
+     DEFINES[var] = '"%s"' % CONFIG[var]
+     HOST_DEFINES[var] = DEFINES[var]
+ 
++if CONFIG['TOR_BROWSER_UPDATE']:
++    DEFINES['TOR_BROWSER_UPDATE'] = '%s' % CONFIG['TOR_BROWSER_UPDATE']
++if CONFIG['TOR_BROWSER_VERSION']:
++    DEFINES['TOR_BROWSER_VERSION'] = '"%s"' % CONFIG['TOR_BROWSER_VERSION']
++
+ if CONFIG['MOZ_ENABLE_SIGNMAR']:
++    DEFINES['MAR_NSS'] = True
+     USE_LIBS += [
+         'nspr',
+         'nss',
+@@ -43,12 +49,12 @@ if CONFIG['OS_ARCH'] == 'WINNT':
+     OS_LIBS += [
+         'ws2_32',
+     ]
+-    if CONFIG['MOZ_ENABLE_SIGNMAR']:
++    if CONFIG['MOZ_ENABLE_SIGNMAR'] and not DEFINES['MAR_NSS']:
+         OS_LIBS += [
+             'crypt32',
+             'advapi32',
+         ]
+-elif CONFIG['OS_ARCH'] == 'Darwin':
++elif CONFIG['OS_ARCH'] == 'Darwin' and not DEFINES['MAR_NSS']:
+     OS_LIBS += [
+       '-framework Security',
+     ]
+diff --git a/modules/libmar/verify/cryptox.c b/modules/libmar/verify/cryptox.c
+index af34210..f39669b 100644
+--- a/modules/libmar/verify/cryptox.c
++++ b/modules/libmar/verify/cryptox.c
+@@ -64,8 +64,12 @@ NSS_VerifyBegin(VFYContext **ctx,
+     return CryptoX_Error;
+   }
+ 
+-  *ctx = VFY_CreateContext(*publicKey, NULL, 
+-                           SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, NULL);
++#ifdef MAR_USE_SHA512_RSA_SIG
++  SECOidTag sigAlg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
++#else
++  SECOidTag sigAlg = SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE;
++#endif
++  *ctx = VFY_CreateContext(*publicKey, NULL, sigAlg, NULL);
+   if (*ctx == NULL) {
+     return CryptoX_Error;
+   }
+diff --git a/modules/libmar/verify/cryptox.h b/modules/libmar/verify/cryptox.h
+index 2296b81..ab9b5a3 100644
+--- a/modules/libmar/verify/cryptox.h
++++ b/modules/libmar/verify/cryptox.h
+@@ -59,6 +59,10 @@ CryptoX_Result NSS_VerifySignature(VFYContext * const *ctx ,
+ 
+ #elif XP_MACOSX
+ 
++#ifdef MAR_USE_SHA512_RSA_SIG
++#error MAR_USE_SHA512_RSA_SIG is not implemented.
++#endif
++
+ #define CryptoX_InvalidHandleValue NULL
+ #define CryptoX_ProviderHandle void*
+ #define CryptoX_SignatureHandle void*
+@@ -106,6 +110,11 @@ void CryptoMac_FreePublicKey(CryptoX_PublicKey* aPublicKey);
+ 
+ #elif defined(XP_WIN) 
+ 
++#ifdef MAR_USE_SHA512_RSA_SIG
++#error MAR_USE_SHA512_RSA_SIG is not implemented.
++#endif
++
++
+ #include <windows.h>
+ #include <wincrypt.h>
+ 
+diff --git a/modules/libmar/verify/mar_verify.c b/modules/libmar/verify/mar_verify.c
+index 07e4354..a9ecaa8 100644
+--- a/modules/libmar/verify/mar_verify.c
++++ b/modules/libmar/verify/mar_verify.c
+@@ -277,8 +277,25 @@ mar_extract_and_verify_signatures_fp(FILE *fp,
+     }
+ 
+     /* We don't try to verify signatures we don't know about */
+-    if (signatureAlgorithmIDs[i] != 1) {
+-      fprintf(stderr, "ERROR: Unknown signature algorithm ID.\n");
++#ifdef MAR_USE_SHA512_RSA_SIG
++    const uint32_t kSupportedAlgID = SIGNATURE_ALGORITHM_ID_SHA512_RSA;
++#else
++    const uint32_t kSupportedAlgID = SIGNATURE_ALGORITHM_ID_SHA1_RSA;
++#endif
++
++    if (signatureAlgorithmIDs[i] != kSupportedAlgID) {
++#ifdef MAR_USE_SHA512_RSA_SIG
++      if (signatureAlgorithmIDs[i] == SIGNATURE_ALGORITHM_ID_SHA1_RSA) {
++        fprintf(stderr,
++                "ERROR: Unsupported signature algorithm (SHA1 with RSA).\n");
++      } else {
++        fprintf(stderr, "ERROR: Unknown signature algorithm ID %u.\n",
++                        signatureAlgorithmIDs[i]);
++      }
++#else
++      fprintf(stderr, "ERROR: Unknown signature algorithm ID %u.\n",
++                      signatureAlgorithmIDs[i]);
++#endif
+       for (i = 0; i < signatureCount; ++i) {
+         free(extractedSignatures[i]);
+       }
+diff --git a/modules/libmar/verify/moz.build b/modules/libmar/verify/moz.build
+index 89f7323..735cf7c 100644
+--- a/modules/libmar/verify/moz.build
++++ b/modules/libmar/verify/moz.build
+@@ -15,16 +15,10 @@ FORCE_STATIC_LIB = True
+ 
+ if CONFIG['OS_ARCH'] == 'WINNT':
+     USE_STATIC_LIBS = True
+-elif CONFIG['OS_ARCH'] == 'Darwin':
+-    UNIFIED_SOURCES += [
+-      'MacVerifyCrypto.cpp',
+-    ]
+-    OS_LIBS += [
+-      '-framework Security',
+-    ]
+-else:
+-    DEFINES['MAR_NSS'] = True
+-    LOCAL_INCLUDES += ['../sign']
++
++DEFINES['MAR_NSS'] = True
++DEFINES['MAR_USE_SHA512_RSA_SIG'] = True
++LOCAL_INCLUDES += ['../sign']
+ 
+ LOCAL_INCLUDES += [
+     '../src',
+diff --git a/toolkit/mozapps/update/updater/Makefile.in b/toolkit/mozapps/update/updater/Makefile.in
+index d216298..f2c7540 100644
+--- a/toolkit/mozapps/update/updater/Makefile.in
++++ b/toolkit/mozapps/update/updater/Makefile.in
+@@ -15,7 +15,7 @@ endif
+ 
+ include $(topsrcdir)/config/rules.mk
+ 
+-ifneq (,$(filter beta release esr,$(MOZ_UPDATE_CHANNEL)))
++ifneq (,$(filter alpha beta hardened release esr,$(MOZ_UPDATE_CHANNEL)))
+ 	PRIMARY_CERT = release_primary.der
+ 	SECONDARY_CERT = release_secondary.der
+ else ifneq (,$(filter nightly aurora nightly-elm nightly-profiling nightly-oak nightly-ux,$(MOZ_UPDATE_CHANNEL)))
+diff --git a/toolkit/mozapps/update/updater/release_primary.der b/toolkit/mozapps/update/updater/release_primary.der
+index 11417c3..542fb24 100644
+Binary files a/toolkit/mozapps/update/updater/release_primary.der and b/toolkit/mozapps/update/updater/release_primary.der differ
+diff --git a/toolkit/mozapps/update/updater/updater-common.build b/toolkit/mozapps/update/updater/updater-common.build
+index a39d47d88..a9699c23 100644
+--- a/toolkit/mozapps/update/updater/updater-common.build
++++ b/toolkit/mozapps/update/updater/updater-common.build
+@@ -4,6 +4,10 @@
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ 
++DEFINES['MAR_NSS'] = True
++
++link_with_nss = DEFINES['MAR_NSS'] or (CONFIG['OS_ARCH'] == 'Linux' and CONFIG['MOZ_VERIFY_MAR_SIGNATURE'])
++
+ srcs = [
+     'archivereader.cpp',
+     'bspatch.cpp',
+@@ -41,19 +45,23 @@ if CONFIG['OS_ARCH'] == 'WINNT':
+         'ws2_32',
+         'shell32',
+         'shlwapi',
+-        'crypt32',
+-        'advapi32',
+     ]
+-elif CONFIG['OS_ARCH'] == 'Linux' and CONFIG['MOZ_VERIFY_MAR_SIGNATURE']:
++
++    if not link_with_nss:
++        OS_LIBS += [
++            'crypt32',
++            'advapi32',
++        ]
++else:
+     USE_LIBS += [
+-        'nss',
+-        'signmar',
+         'updatecommon',
+     ]
+-    OS_LIBS += CONFIG['NSPR_LIBS']
+-else:
++
++if link_with_nss:
+     USE_LIBS += [
+-        'updatecommon',
++        'nspr',
++        'nss',
++        'signmar',
+     ]
+ 
+ USE_LIBS += [
+@@ -81,8 +89,12 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
+     ]
+     OS_LIBS += [
+         '-framework Cocoa',
+-        '-framework Security',
+     ]
++
++    if not link_with_nss:
++        OS_LIBS += [
++            '-framework Security',
++        ]
+ elif CONFIG['MOZ_WIDGET_TOOLKIT'] == 'gonk':
+     have_progressui = 1
+     srcs += [
+diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp
+index f362292..2d205a8 100644
+--- a/toolkit/mozapps/update/updater/updater.cpp
++++ b/toolkit/mozapps/update/updater/updater.cpp
+@@ -120,11 +120,13 @@ static bool sUseHardLinks = true;
+ # define MAYBE_USE_HARD_LINKS 0
+ #endif
+ 
+-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && \
+-    !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)
++#if defined(MOZ_VERIFY_MAR_SIGNATURE)
++#if defined(MAR_NSS) || (!defined(XP_WIN) && !defined(XP_MACOSX) && \
++    !defined(MOZ_WIDGET_GONK))
+ #include "nss.h"
+ #include "prerror.h"
+ #endif
++#endif
+ 
+ #ifdef XP_WIN
+ #ifdef MOZ_MAINTENANCE_SERVICE
+@@ -2635,8 +2637,13 @@ UpdateThreadFunc(void *param)
+           MARStrings.MARChannelID[0] = '\0';
+         }
+ 
++#ifdef TOR_BROWSER_UPDATE
++        const char *appVersion = TOR_BROWSER_VERSION;
++#else
++        const char *appVersion = MOZ_APP_VERSION;
++#endif
+         rv = gArchiveReader.VerifyProductInformation(MARStrings.MARChannelID,
+-                                                     MOZ_APP_VERSION);
++                                                     appVersion);
+       }
+     }
+ #endif
+@@ -2722,12 +2729,11 @@ int NS_main(int argc, NS_tchar **argv)
+   }
+ #endif
+ 
+-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && \
+-    !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)
+-  // On Windows and Mac we rely on native APIs to do verifications so we don't
+-  // need to initialize NSS at all there.
+-  // Otherwise, minimize the amount of NSS we depend on by avoiding all the NSS
+-  // databases.
++#if defined(MOZ_VERIFY_MAR_SIGNATURE)
++#if defined(MAR_NSS) || (!defined(XP_WIN) && !defined(XP_MACOSX) && \
++    !defined(MOZ_WIDGET_GONK))
++  // If using NSS for signature verification, initialize NSS but minimize
++  // the portion we depend on by avoiding all of the NSS databases.
+   if (NSS_NoDB_Init(NULL) != SECSuccess) {
+    PRErrorCode error = PR_GetError();
+    fprintf(stderr, "Could not initialize NSS: %s (%d)",
+@@ -2735,6 +2741,7 @@ int NS_main(int argc, NS_tchar **argv)
+     _exit(1);
+   }
+ #endif
++#endif
+ 
+   InitProgressUI(&argc, &argv);
+ 
+diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build
+index 3e6a3b6..7d46dfd 100644
+--- a/toolkit/xre/moz.build
++++ b/toolkit/xre/moz.build
+@@ -149,6 +149,9 @@ for var in ('APP_VERSION', 'APP_ID'):
+ if CONFIG['MOZ_BUILD_APP'] == 'browser':
+     DEFINES['MOZ_BUILD_APP_IS_BROWSER'] = True
+ 
++if CONFIG['MOZ_ENABLE_SIGNMAR'] and CONFIG['TOR_BROWSER_UPDATE']:
++     DEFINES['MAR_NSS'] = True
++
+ LOCAL_INCLUDES += [
+     '../profile',
+     '/config',
+diff --git a/toolkit/xre/nsUpdateDriver.cpp b/toolkit/xre/nsUpdateDriver.cpp
+index ee60aee..0c7b6b0 100644
+--- a/toolkit/xre/nsUpdateDriver.cpp
++++ b/toolkit/xre/nsUpdateDriver.cpp
+@@ -39,7 +39,6 @@
+ # include <windows.h>
+ # include <shlwapi.h>
+ # include "nsWindowsHelpers.h"
+-# include "prprf.h"
+ # define getcwd(path, size) _getcwd(path, size)
+ # define getpid() GetCurrentProcessId()
+ #elif defined(XP_UNIX)
+@@ -169,36 +168,6 @@ GetInstallDirPath(nsIFile *appDir, nsACString& installDirPath)
+   return NS_OK;
+ }
+ 
+-#if defined(TOR_BROWSER_UPDATE) && defined(XP_WIN)
+-#define PATH_SEPARATOR ";"
+-
+-// In Tor Browser, updater.exe depends on some DLLs that are located in the
+-// app directory.  To allow the updater to run when it has been copied into
+-// the update directory, we append the app directory to the PATH.
+-static nsresult
+-AdjustPathForUpdater(nsIFile *appDir)
+-{
+-  nsAutoCString appPath;
+-  nsresult rv = appDir->GetNativePath(appPath);
+-  NS_ENSURE_SUCCESS(rv, rv);
+-
+-  char *s = nullptr;
+-  char *pathValue = PR_GetEnv("PATH");
+-  if ((nullptr == pathValue) || ('\0' == *pathValue)) {
+-    s = PR_smprintf("PATH=%s", appPath.get());
+-  } else {
+-    s = PR_smprintf("PATH=%s" PATH_SEPARATOR "%s", pathValue, appPath.get());
+-  }
+-
+-  // We intentionally leak the value that is passed into PR_SetEnv() because
+-  // the environment will hold a pointer to it.
+-  if ((nullptr == s) || (PR_SUCCESS != PR_SetEnv(s)))
+-    return NS_ERROR_FAILURE;
+-
+-  return NS_OK;
+-}
+-#endif
+-
+ #ifdef DEBUG
+ static void
+ dump_argv(const char *aPrefix, char **argv, int argc)
+@@ -500,13 +469,22 @@ CopyUpdaterIntoUpdateDir(nsIFile *greDir, nsIFile *appDir, nsIFile *updateDir,
+  * Appends the specified path to the library path.
+  * This is used so that updater can find libmozsqlite3.so and other shared libs.
+  *
+- * @param pathToAppend A new library path to prepend to LD_LIBRARY_PATH
++ * @param pathToAppend A new library path to prepend to the dynamic linker's search path.
+  */
+-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && \
+-    !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)
++#if defined(MOZ_VERIFY_MAR_SIGNATURE) && (defined(MAR_NSS) || \
++    (!defined(XP_WIN) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)))
+ #include "prprf.h"
++#if defined(XP_WIN)
++#define PATH_SEPARATOR ";"
++#define LD_LIBRARY_PATH_ENVVAR_NAME "PATH"
++#else
+ #define PATH_SEPARATOR ":"
++#if defined(XP_MACOSX)
++#define LD_LIBRARY_PATH_ENVVAR_NAME "DYLD_LIBRARY_PATH"
++#else
+ #define LD_LIBRARY_PATH_ENVVAR_NAME "LD_LIBRARY_PATH"
++#endif
++#endif
+ static void
+ AppendToLibPath(const char *pathToAppend)
+ {
+@@ -732,16 +710,20 @@ SwitchToUpdatedApp(nsIFile *greDir, nsIFile *updateDir,
+   if (gSafeMode) {
+     PR_SetEnv("MOZ_SAFE_MODE_RESTART=1");
+   }
+-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && \
+-    !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)
+-  AppendToLibPath(installDirPath.get());
+-#endif
+ 
+-#if defined(TOR_BROWSER_UPDATE) && defined(XP_WIN)
+-  nsresult rv2 = AdjustPathForUpdater(appDir);
+-  if (NS_FAILED(rv2)) {
+-    LOG(("SwitchToUpdatedApp -- AdjustPathForUpdater failed (0x%x)\n", rv2));
++#if defined(MOZ_VERIFY_MAR_SIGNATURE) && (defined(MAR_NSS) || \
++    (!defined(XP_WIN) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)))
++#ifdef TOR_BROWSER_UPDATE
++  nsAutoCString appPath;
++  nsresult rv2 = appDir->GetNativePath(appPath);
++  if (NS_SUCCEEDED(rv2)) {
++    AppendToLibPath(appPath.get());
++  } else {
++    LOG(("SwitchToUpdatedApp -- appDir->GetNativePath() failed (0x%x)\n", rv2));
+   }
++#else
++  AppendToLibPath(installDirPath.get());
++#endif
+ #endif
+ 
+   LOG(("spawning updater process for replacing [%s]\n", updaterPath.get()));
+@@ -1020,22 +1002,25 @@ ApplyUpdate(nsIFile *greDir, nsIFile *updateDir, nsIFile *statusFile,
+   if (gSafeMode) {
+     PR_SetEnv("MOZ_SAFE_MODE_RESTART=1");
+   }
+-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && \
+-    !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)
++#if defined(MOZ_VERIFY_MAR_SIGNATURE) && (defined(MAR_NSS) || \
++    (!defined(XP_WIN) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK)))
++#ifdef TOR_BROWSER_UPDATE
++  nsAutoCString appPath;
++  nsresult rv2 = appDir->GetNativePath(appPath);
++  if (NS_SUCCEEDED(rv2)) {
++    AppendToLibPath(appPath.get());
++  } else {
++    LOG(("ApplyUpdate -- appDir->GetNativePath() failed (0x%x)\n", rv2));
++  }
++#else
+   AppendToLibPath(installDirPath.get());
+ #endif
++#endif
+ 
+   if (isOSUpdate) {
+     PR_SetEnv("MOZ_OS_UPDATE=1");
+   }
+ 
+-#if defined(TOR_BROWSER_UPDATE) && defined(XP_WIN)
+-  nsresult rv2 = AdjustPathForUpdater(appDir);
+-  if (NS_FAILED(rv2)) {
+-    LOG(("ApplyUpdate -- AdjustPathForUpdater failed (0x%x)\n", rv2));
+-  }
+-#endif
+-
+ #if defined(MOZ_WIDGET_GONK)
+   // We want the updater to be CPU friendly and not subject to being killed by
+   // the low memory killer, so we pass in some preferences to allow it to
+-- 
+cgit v0.10.2
+
diff --git a/projects/instantbird/config b/projects/instantbird/config
index 3c5871d..f6db253 100644
--- a/projects/instantbird/config
+++ b/projects/instantbird/config
@@ -126,6 +126,7 @@ input_files:
   - filename: Improve-profile-access-bug-14631-first.mozpatch
   - filename: Improve-profile-access-bug-14631-second.mozpatch
   - filename: Mac-outside-app-data-bug-13252.mozpatch
+  - filename: Sign-MAR-files-bug-13379.mozpatch
   - filename: Update-load-local-changes-bug-14392-first.mozpatch
   - filename: Update-load-local-changes-bug-16940-second.mozpatch
   - filename: aboutTBUpdateLogo.png



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits