[tbb-bugs] #24159 [Applications/Tor Browser]: The Torbutton version check does not deal properly with platform specific checks
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 7 14:01:27 UTC 2017
#24159: The Torbutton version check does not deal properly with platform specific
checks
-------------------------------------+-------------------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: tbb-torbutton,
Severity: Major | TorBrowserTeam201711
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
Torbutton checks on first start (and then periodically) whether the
currently deployed version is still up-to-date and, if not, shows a big
warning and an error pointing to the onion menu (allowing the user to
update manually).
In order to do so it requests:
https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions
which delivers back something like:
{{{
[
"7.0.6",
"7.0.6-Windows",
"7.0.7",
"7.0.7-Windows",
"7.0.8",
"7.0.8-Windows",
"7.0.9",
"7.0.9-MacOS",
"7.0.9-Linux",
"7.5a5",
"7.5a5-Windows",
"7.5a6",
"7.5a6-Windows",
"7.5a7",
"7.5a7-MacOS",
"7.5a7-Linux"
]
}}}
The idea with the platform specifiers included was to allow users to stay
on different versions depending on which platform they are. This is quite
handy in cases like the recent one where we needed to provide updates to
Linux and macOS users but Windows users were not affected. The example
response above is meant for such a scenario: a Tor Browser < 7.0.9 is not
recommended anymore for Linux or macOS while Windows users, which stay on
7.0.8, are perfectly fine provided they have at least version 7.0.6.
Now, that does not work as the code in question just checks
`torbrowser.version` which does not contain platform information
(anymore):
{{{
try {
var version_list = JSON.parse(req.responseText);
var my_version = m_tb_prefs.getCharPref("torbrowser.version");
for (var v in version_list) {
if (version_list[v] == my_version) {
torbutton_log(3, "Version check passed.");
m_tb_prefs.setBoolPref(k_tb_browser_update_needed_pref,
false);
return;
}
}
torbutton_log(5, "Your Tor Browser is out of date.");
m_tb_prefs.setBoolPref(k_tb_browser_update_needed_pref, true);
return;
} catch(e) {
torbutton_log(5, "Version check failed! JSON parsing error:
"+e);
return;
}
}}}
One way to fix that is just adding "-$PLATFORM" to `my_version` (assuming
the platform notation we get with some XPCOM API is the same we have in
our recommended versions file).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24159>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list