[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] 7 commits: Revert "Bug 13379: Sign our MAR files."

Pier Angelo Vendrame pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser

Commits:

bd011d63

by Pier Angelo Vendrame at 2023-03-10T10:39:17+01:00

Revert "Bug 13379: Sign our MAR files."

This reverts commit 778aa6cfc77d6b747bc7be1cd2d421861265d68d.

1a81a5cc

by Pier Angelo Vendrame at 2023-03-10T10:39:17+01:00

fixup! Bug 4234: Use the Firefox Update Process for Tor Browser.

Bug 41668: Port some updater patches to Base Browser

Move the check on the update package version to this other commit.

fcf0e668

by Kathy Brade at 2023-03-10T10:39:17+01:00

Bug 13379: Allow using NSS to sign and verify MAR signatures

Allow using NSS on all platforms for checking MAR signatures (instead
  of using OS-native APIs, the default on Mac OS and Windows).
  So that the NSS and NSPR libraries the updater depends on can be
  found at runtime, we add the firefox directory to the shared library
  search path on macOS.
  On Linux, rpath is used to solve that problem, but that approach
  won't work on macOS because the updater executable is copied during
  the update process to a location that can vary.

6209ee94

by Kathy Brade at 2023-03-10T10:39:18+01:00

Bug 19121: reinstate the update.xml hash check

This is a partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.

Revert most changes from Mozilla Bug 862173 "don't verify mar file hash
when using mar signing to verify the mar file (lessens main thread I/O)."

We kept the addition to the AppConstants API in case other JS code
references it in the future.

7e05454e

by Pier Angelo Vendrame at 2023-03-10T10:39:18+01:00

fixup! Bug 19121: reinstate the update.xml hash check

Bug 41668: Port some updater patches to Base Browser

Modernize the way to compute the hash digest.

5f27ed12

by Pier Angelo Vendrame at 2023-03-10T10:39:19+01:00

fixup! Bug 13379: Allow using NSS to sign and verify MAR signatures

Bug 41668: Port some updater patches to Base Browser

Use a configure-time flag to force using NSS for MARs signatures.

7caf293f

by Pier Angelo Vendrame at 2023-03-10T10:39:19+01:00

fixup! Base Browser's .mozconfigs.

Bug 41668: Port some updater patches to Base Browser

10 changed files:

browser/config/mozconfigs/base-browser
browser/config/mozconfigs/tor-browser
build/moz.configure/update-programs.configure
modules/libmar/tool/moz.build
modules/libmar/verify/moz.build
toolkit/mozapps/update/UpdateService.jsm
toolkit/mozapps/update/updater/updater-common.build
toolkit/mozapps/update/updater/updater.cpp
toolkit/xre/moz.build
toolkit/xre/nsUpdateDriver.cpp

Changes:

browser/config/mozconfigs/base-browser

@@ -14,6 +14,10 @@ export MOZILLA_OFFICIAL=1
  ac_add_options --enable-optimize
  ac_add_options --enable-rust-simd
 +# Bug 13379: Sign our MAR files.
 +ac_add_options --enable-verify-mar
 +ac_add_options --enable-nss-mar
++
  ac_add_options --enable-bundled-fonts
  ac_add_options --disable-tests

browser/config/mozconfigs/tor-browser

@@ -11,6 +11,5 @@ ac_add_options --with-relative-data-dir=TorBrowser/Data/Browser
  # ac_add_options --with-user-appdir=.torproject
  ac_add_options --enable-tor-browser-update
 -ac_add_options --enable-verify-mar
  ac_add_options --with-distribution-id=org.torproject

build/moz.configure/update-programs.configure

@@ -32,6 +32,14 @@ set_config(
      "MOZ_VERIFY_MAR_SIGNATURE", depends_if("--enable-verify-mar")(lambda _: True)
+ )
 +# Use NSS for MAR signatures even on platforms where system libraries are
 +# supported (currently Windows and macOS).
 +# ==============================================================
++
 +option("--enable-nss-mar", help="Always use NSS for MAR signatures")
++
 +set_config("MOZ_USE_NSS_FOR_MAR", True, when="--enable-nss-mar")
++
  # Maintenance service (Windows only)
  # ==============================================================

modules/libmar/tool/moz.build

@@ -43,7 +43,7 @@ if CONFIG["MOZ_BUILD_APP"] != "tools/update-packaging":
          "verifymar",
+     ]
 -    if CONFIG["TOR_BROWSER_UPDATE"]:
 +    if CONFIG["MOZ_USE_NSS_FOR_MAR"]:
          DEFINES["MAR_NSS"] = True
      if CONFIG["OS_ARCH"] == "WINNT":
@@ -52,12 +52,12 @@ if CONFIG["MOZ_BUILD_APP"] != "tools/update-packaging":
          OS_LIBS += [
              "ws2_32",
+         ]
 -        if not CONFIG["TOR_BROWSER_UPDATE"]:
 +        if not CONFIG["MOZ_USE_NSS_FOR_MAR"]:
              OS_LIBS += [
                  "crypt32",
                  "advapi32",
+             ]
 -    elif CONFIG["OS_ARCH"] == "Darwin" and not CONFIG["TOR_BROWSER_UPDATE"]:
 +    elif CONFIG["OS_ARCH"] == "Darwin" and not CONFIG["MOZ_USE_NSS_FOR_MAR"]:
          OS_LIBS += [
              "-framework CoreFoundation",
              "-framework Security",

modules/libmar/verify/moz.build

@@ -15,12 +15,15 @@ FORCE_STATIC_LIB = True
  if CONFIG["OS_ARCH"] == "WINNT":
      USE_STATIC_LIBS = True
 -elif CONFIG["OS_ARCH"] == "Darwin":
 -    USE_LIBS += [
 -        "nspr",
 -        "nss",
 -        "signmar",
 +    use_nss = CONFIG["MOZ_USE_NSS_FOR_MAR"]
 +elif CONFIG["OS_ARCH"] == "Darwin" and not CONFIG["MOZ_USE_NSS_FOR_MAR"]:
 +    UNIFIED_SOURCES += [
 +        "MacVerifyCrypto.cpp",
+     ]
 +    OS_LIBS += [
 +        "-framework Security",
 +    ]
 +    use_nss = False
  else:
      USE_LIBS += [
          "nspr",
@@ -34,14 +37,16 @@ else:
      OS_LIBS += [
          "-Wl,-rpath=\\$$ORIGIN",
+     ]
+-
 -DEFINES["MAR_NSS"] = True
 -LOCAL_INCLUDES += ["../sign"]
 +    use_nss = True
  LOCAL_INCLUDES += [
      "../src",
+ ]
 +if use_nss:
 +    LOCAL_INCLUDES += ["../sign"]
 +    DEFINES["MAR_NSS"] = True
++
  # C11 for static_assert
  c11_flags = ["-std=gnu11"]
  if CONFIG["CC_TYPE"] == "clang-cl":

toolkit/mozapps/update/UpdateService.jsm

@@ -996,21 +996,6 @@ function LOG(string) {
+   }
+ }
 -/**
 - * Convert a string containing binary values to hex.
 - */
 -function binaryToHex(input) {
 -  var result = "";
 -  for (var i = 0; i < input.length; ++i) {
 -    var hex = input.charCodeAt(i).toString(16);
 -    if (hex.length == 1) {
 -      hex = "0" + hex;
 -    }
 -    result += hex;
 -  }
 -  return result;
 -}
+-
  /**
   * Gets the specified directory at the specified hierarchy under the
   * update root directory and creates it if it doesn't exist.
@@ -5204,7 +5189,13 @@ Downloader.prototype = {
        // encoded binary (such as what is typically output by programs like
        // sha1sum).  In the future, this may change to base64 depending on how
        // we choose to compute these hashes.
 -      digest = binaryToHex(hash.finish(false));
 +      hash = hash.finish(false);
 +      digest = Array.from(hash, (c, i) =>
 +        hash
 +          .charCodeAt(i)
 +          .toString(16)
 +          .padStart(2, "0")
 +      ).join("");
      } catch (e) {
        LOG(
          "Downloader:_verifyDownload - failed to compute hash of the downloaded update archive"

toolkit/mozapps/update/updater/updater-common.build

@@ -4,9 +4,11 @@
  # License, v. 2.0. If a copy of the MPL was not distributed with this
  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -DEFINES["MAR_NSS"] = True
+-
 -link_with_nss = DEFINES["MAR_NSS"] or (CONFIG["OS_ARCH"] == "Linux" and CONFIG["MOZ_VERIFY_MAR_SIGNATURE"])
 +link_with_nss = CONFIG["MOZ_USE_NSS_FOR_MAR"] or (
 +    CONFIG["OS_ARCH"] == "Linux" and CONFIG["MOZ_VERIFY_MAR_SIGNATURE"]
 +)
 +if link_with_nss:
 +    DEFINES["MAR_NSS"] = True
  srcs = [
      "archivereader.cpp",

toolkit/mozapps/update/updater/updater.cpp

@@ -2809,7 +2809,8 @@ static void UpdateThreadFunc(void* param) {
          if (ReadMARChannelIDs(updateSettingsPath, &MARStrings) != OK) {
            rv = UPDATE_SETTINGS_FILE_CHANNEL;
          } else {
 -#  ifdef TOR_BROWSER_UPDATE
 +#  ifdef BASE_BROWSER_VERSION_QUOTED
 +          // Use the base browser version to prevent downgrade attacks.
            const char* appVersion = BASE_BROWSER_VERSION_QUOTED;
  #  else
            const char* appVersion = MOZ_APP_VERSION;

toolkit/xre/moz.build

@@ -232,8 +232,8 @@ for var in ("APP_VERSION", "APP_ID"):
  if CONFIG["MOZ_BUILD_APP"] == "browser":
      DEFINES["MOZ_BUILD_APP_IS_BROWSER"] = True
 -if CONFIG['TOR_BROWSER_UPDATE']:
 -    DEFINES['MAR_NSS'] = True
 +if CONFIG["MOZ_USE_NSS_FOR_MAR"]:
 +    DEFINES["MAR_NSS"] = True
  LOCAL_INCLUDES += [
      "../../other-licenses/nsis/Contrib/CityHash/cityhash",

toolkit/xre/nsUpdateDriver.cpp

@@ -342,8 +342,7 @@ static bool IsOlderVersion(nsIFile* versionFile, const char* appVersion) {
    return mozilla::Version(appVersion) > buf;
+ }
 -#if defined(TOR_BROWSER_UPDATE) && defined(MOZ_VERIFY_MAR_SIGNATURE) && \
 -    defined(MAR_NSS) && defined(XP_MACOSX)
 +#if defined(MOZ_VERIFY_MAR_SIGNATURE) && defined(MAR_NSS) && defined(XP_MACOSX)
  /**
   * Ideally we would save and restore the original library path value after
   * the updater finishes its work (and before firefox is re-launched).
@@ -656,8 +655,7 @@ static void ApplyUpdate(nsIFile* greDir, nsIFile* updateDir, nsIFile* appDir,
      PR_SetEnv("MOZ_SAFE_MODE_RESTART=1");
+   }
 -#if defined(TOR_BROWSER_UPDATE) && defined(MOZ_VERIFY_MAR_SIGNATURE) && \
 -    defined(MAR_NSS) && defined(XP_MACOSX)
 +#if defined(MOZ_VERIFY_MAR_SIGNATURE) && defined(MAR_NSS) && defined(XP_MACOSX)
    // On macOS, append the app directory to the shared library search path
    // so the system can locate the shared libraries that are needed by the
    // updater, e.g., libnss3.dylib).