[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] 2 commits: fixup! Bug 4234: Use the Firefox Update Process for Base Browser.

["Pier Angelo Vendrame \(@pierov\) via tor-commits" <tor-commits@xxxxxxxxxxxxxxxxxxxx>]

Title: GitLab

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser

Commits:

• af856ef0
  by Pier Angelo Vendrame at 2024-09-02T10:11:08+02:00

  fixup! Bug 4234: Use the Firefox Update Process for Base Browser.
  
  Bug 42747: Discard unsupported updates earlier.
  
  Firefox's updater has a function to select updates, which checks mainly
  the version number.
  Therefore, a more recent update that is unsupported will be chosen over
  a compatible one.
  We patch this to be able to provide an alternative update path to
  Windows 7.
  

• aa6ba139
  by Pier Angelo Vendrame at 2024-09-02T10:11:12+02:00

  fixup! Bug 19121: reinstate the update.xml hash check
  
  Bug 42737: Drop the hash check on updates.
  
  Updates are already signed, the hash check is redundant.
  
  Revert "Bug 19121: reinstate the update.xml hash check"
  
  This reverts commit 14ac8e5c0aff14dda4b15e435db58bea80960389.
  

3 changed files:

• toolkit/mozapps/update/UpdateService.sys.mjs
• toolkit/mozapps/update/UpdateTelemetry.sys.mjs
• toolkit/mozapps/update/nsIUpdateService.idl

Changes:

toolkit/mozapps/update/UpdateService.sys.mjs

---

...	...	@@ -2110,8 +2110,6 @@ class UpdatePatch {
2110	2110	// over writing nsIUpdatePatch attributes.
2111	2111	_attrNames = [
2112	2112	"errorCode",
2113		- "hashFunction",
2114		- "hashValue",
2115	2113	"finalURL",
2116	2114	"selected",
2117	2115	"size",
...	...	@@ -2164,8 +2162,6 @@ class UpdatePatch {
2164	2162	}
2165	2163	break;
2166	2164	case "finalURL":
2167		- case "hashFunction":
2168		- case "hashValue":
2169	2165	case "state":
2170	2166	case "type":
2171	2167	case "URL":
...	...	@@ -2186,8 +2182,6 @@ class UpdatePatch {
2186	2182	*/
2187	2183	serialize(updates) {
2188	2184	var patch = updates.createElementNS(URI_UPDATE_NS, "patch");
2189		- patch.setAttribute("hashFunction", this.hashFunction);
2190		- patch.setAttribute("hashValue", this.hashValue);
2191	2185	patch.setAttribute("size", this.size);
2192	2186	patch.setAttribute("type", this.type);
2193	2187	patch.setAttribute("URL", this.URL);
...	...	@@ -3757,18 +3751,20 @@ export class UpdateService {
3757	3751
3758	3752	switch (update.type) {
3759	3753	case "major":
3760		- if (!majorUpdate) {
	3754	+ if (!majorUpdate || majorUpdate.unsupported) {
3761	3755	majorUpdate = update;
3762	3756	} else if (
	3757	+ !update.unsupported &&
3763	3758	vc.compare(majorUpdate.appVersion, update.appVersion) <= 0
3764	3759	) {
3765	3760	majorUpdate = update;
3766	3761	}
3767	3762	break;
3768	3763	case "minor":
3769		- if (!minorUpdate) {
	3764	+ if (!minorUpdate || minorUpdate.unsupported) {
3770	3765	minorUpdate = update;
3771	3766	} else if (
	3767	+ !update.unsupported &&
3772	3768	vc.compare(minorUpdate.appVersion, update.appVersion) <= 0
3773	3769	) {
3774	3770	minorUpdate = update;
...	...	@@ -5876,56 +5872,7 @@ class Downloader {
5876	5872	}
5877	5873
5878	5874	LOG("Downloader:_verifyDownload downloaded size == expected size.");
5879		- let fileStream = Cc[
5880		- "@mozilla.org/network/file-input-stream;1"
5881		- ].createInstance(Ci.nsIFileInputStream);
5882		- fileStream.init(
5883		- destination,
5884		- FileUtils.MODE_RDONLY,
5885		- FileUtils.PERMS_FILE,
5886		- 0
5887		- );
5888		-
5889		- let digest;
5890		- try {
5891		- let hash = Cc["@mozilla.org/security/hash;1"].createInstance(
5892		- Ci.nsICryptoHash
5893		- );
5894		- var hashFunction =
5895		- Ci.nsICryptoHash[this._patch.hashFunction.toUpperCase()];
5896		- if (hashFunction == undefined) {
5897		- throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED);
5898		- }
5899		- hash.init(hashFunction);
5900		- hash.updateFromStream(fileStream, -1);
5901		- // NOTE: For now, we assume that the format of _patch.hashValue is hex
5902		- // encoded binary (such as what is typically output by programs like
5903		- // sha1sum). In the future, this may change to base64 depending on how
5904		- // we choose to compute these hashes.
5905		- hash = hash.finish(false);
5906		- digest = Array.from(hash, (c, i) =>
5907		- hash.charCodeAt(i).toString(16).padStart(2, "0")
5908		- ).join("");
5909		- } catch (e) {
5910		- LOG(
5911		- "Downloader:_verifyDownload - failed to compute hash of the downloaded update archive"
5912		- );
5913		- digest = "";
5914		- }
5915		-
5916		- fileStream.close();
5917		-
5918		- if (digest == this._patch.hashValue.toLowerCase()) {
5919		- LOG("Downloader:_verifyDownload hashes match.");
5920		- return true;
5921		- }
5922		-
5923		- LOG("Downloader:_verifyDownload hashes do not match. ");
5924		- AUSTLMY.pingDownloadCode(
5925		- this.isCompleteUpdate,
5926		- AUSTLMY.DWNLD_ERR_VERIFY_NO_HASH_MATCH
5927		- );
5928		- return false;
	5875	+ return true;
5929	5876	}
5930	5877
5931	5878	/**
...	...	@@ -6565,9 +6512,6 @@ class Downloader {
6565	6512	" is higher than patch size: " +
6566	6513	this._patch.size
6567	6514	);
6568		- // It's important that we use a different code than
6569		- // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
6570		- // between a hash error and a wrong download error.
6571	6515	AUSTLMY.pingDownloadCode(
6572	6516	this.isCompleteUpdate,
6573	6517	AUSTLMY.DWNLD_ERR_PATCH_SIZE_LARGER
...	...	@@ -6586,9 +6530,6 @@ class Downloader {
6586	6530	" is not equal to expected patch size: " +
6587	6531	this._patch.size
6588	6532	);
6589		- // It's important that we use a different code than
6590		- // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
6591		- // between a hash error and a wrong download error.
6592	6533	AUSTLMY.pingDownloadCode(
6593	6534	this.isCompleteUpdate,
6594	6535	AUSTLMY.DWNLD_ERR_PATCH_SIZE_NOT_EQUAL

toolkit/mozapps/update/UpdateTelemetry.sys.mjs

---

...	...	@@ -190,7 +190,6 @@ export var AUSTLMY = {
190	190	DWNLD_ERR_VERIFY_NO_REQUEST: 13,
191	191	DWNLD_ERR_VERIFY_PATCH_SIZE_NOT_EQUAL: 14,
192	192	DWNLD_ERR_WRITE_FAILURE: 15,
193		- DWNLD_ERR_VERIFY_NO_HASH_MATCH: 16,
194	193	// Temporary failure code to see if there are failures without an update phase
195	194	DWNLD_UNKNOWN_PHASE_ERR_WRITE_FAILURE: 40,
196	195

toolkit/mozapps/update/nsIUpdateService.idl

---

...	...	@@ -39,17 +39,6 @@ interface nsIUpdatePatch : nsISupports
39	39	*/
40	40	attribute AString finalURL;
41	41
42		- /**
43		- * The hash function to use when determining this file's integrity
44		- */
45		- attribute AString hashFunction;
46		-
47		- /**
48		- * The value of the hash function named above that should be computed if
49		- * this file is not corrupt.
50		- */
51		- attribute AString hashValue;
52		-
53	42	/**
54	43	* The size of this file, in bytes.
55	44	*/

—
View it on GitLab.
You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits