[tbb-bugs] #24159 [Applications/Tor Browser]: The Torbutton version check does not deal properly with platform specific checks

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 7 14:01:27 UTC 2017


#24159: The Torbutton version check does not deal properly with platform specific
checks
-------------------------------------+-------------------------------------
     Reporter:  gk                   |      Owner:  tbb-team
         Type:  defect               |     Status:  new
     Priority:  High                 |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  tbb-torbutton,
     Severity:  Major                |  TorBrowserTeam201711
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 Torbutton checks on first start (and then periodically) whether the
 currently deployed version is still up-to-date and, if not, shows a big
 warning and an error pointing to the onion menu (allowing the user to
 update manually).

 In order to do so it requests:
 https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions
 which delivers back something like:
 {{{
 [
 "7.0.6",
 "7.0.6-Windows",
 "7.0.7",
 "7.0.7-Windows",
 "7.0.8",
 "7.0.8-Windows",
 "7.0.9",
 "7.0.9-MacOS",
 "7.0.9-Linux",
 "7.5a5",
 "7.5a5-Windows",
 "7.5a6",
 "7.5a6-Windows",
 "7.5a7",
 "7.5a7-MacOS",
 "7.5a7-Linux"
 ]
 }}}
 The idea with the platform specifiers included was to allow users to stay
 on different versions depending on which platform they are. This is quite
 handy in cases like the recent one where we needed to provide updates to
 Linux and macOS users but Windows users were not affected. The example
 response above is meant for such a scenario: a Tor Browser < 7.0.9 is not
 recommended anymore for Linux or macOS while Windows users, which stay on
 7.0.8, are perfectly fine provided they have at least version 7.0.6.

 Now, that does not work as the code in question just checks
 `torbrowser.version` which does not contain platform information
 (anymore):
 {{{
           try {
             var version_list = JSON.parse(req.responseText);
             var my_version = m_tb_prefs.getCharPref("torbrowser.version");
             for (var v in version_list) {
               if (version_list[v] == my_version) {
                 torbutton_log(3, "Version check passed.");
                 m_tb_prefs.setBoolPref(k_tb_browser_update_needed_pref,
 false);
                 return;
               }
             }
             torbutton_log(5, "Your Tor Browser is out of date.");
             m_tb_prefs.setBoolPref(k_tb_browser_update_needed_pref, true);
             return;
           } catch(e) {
             torbutton_log(5, "Version check failed! JSON parsing error:
 "+e);
             return;
           }

 }}}
 One way to fix that is just adding "-$PLATFORM" to `my_version` (assuming
 the platform notation we get with some XPCOM API is the same we have in
 our recommended versions file).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24159>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list