[tbb-commits] [Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] 2 commits: fixup! Bug 4234: Use the Firefox Update Process for Base Browser.

Pier Angelo Vendrame (@pierov) git at gitlab.torproject.org
Mon Sep 2 08:19:12 UTC 2024



Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser


Commits:
af856ef0 by Pier Angelo Vendrame at 2024-09-02T10:11:08+02:00
fixup! Bug 4234: Use the Firefox Update Process for Base Browser.

Bug 42747: Discard unsupported updates earlier.

Firefox's updater has a function to select updates, which checks mainly
the version number.
Therefore, a more recent update that is unsupported will be chosen over
a compatible one.
We patch this to be able to provide an alternative update path to
Windows 7.

- - - - -
aa6ba139 by Pier Angelo Vendrame at 2024-09-02T10:11:12+02:00
fixup! Bug 19121: reinstate the update.xml hash check

Bug 42737: Drop the hash check on updates.

Updates are already signed, the hash check is redundant.

Revert "Bug 19121: reinstate the update.xml hash check"

This reverts commit 14ac8e5c0aff14dda4b15e435db58bea80960389.

- - - - -


3 changed files:

- toolkit/mozapps/update/UpdateService.sys.mjs
- toolkit/mozapps/update/UpdateTelemetry.sys.mjs
- toolkit/mozapps/update/nsIUpdateService.idl


Changes:

=====================================
toolkit/mozapps/update/UpdateService.sys.mjs
=====================================
@@ -2110,8 +2110,6 @@ class UpdatePatch {
   // over writing nsIUpdatePatch attributes.
   _attrNames = [
     "errorCode",
-    "hashFunction",
-    "hashValue",
     "finalURL",
     "selected",
     "size",
@@ -2164,8 +2162,6 @@ class UpdatePatch {
           }
           break;
         case "finalURL":
-        case "hashFunction":
-        case "hashValue":
         case "state":
         case "type":
         case "URL":
@@ -2186,8 +2182,6 @@ class UpdatePatch {
    */
   serialize(updates) {
     var patch = updates.createElementNS(URI_UPDATE_NS, "patch");
-    patch.setAttribute("hashFunction", this.hashFunction);
-    patch.setAttribute("hashValue", this.hashValue);
     patch.setAttribute("size", this.size);
     patch.setAttribute("type", this.type);
     patch.setAttribute("URL", this.URL);
@@ -3757,18 +3751,20 @@ export class UpdateService {
 
       switch (update.type) {
         case "major":
-          if (!majorUpdate) {
+          if (!majorUpdate || majorUpdate.unsupported) {
             majorUpdate = update;
           } else if (
+            !update.unsupported &&
             vc.compare(majorUpdate.appVersion, update.appVersion) <= 0
           ) {
             majorUpdate = update;
           }
           break;
         case "minor":
-          if (!minorUpdate) {
+          if (!minorUpdate || minorUpdate.unsupported) {
             minorUpdate = update;
           } else if (
+            !update.unsupported &&
             vc.compare(minorUpdate.appVersion, update.appVersion) <= 0
           ) {
             minorUpdate = update;
@@ -5876,56 +5872,7 @@ class Downloader {
     }
 
     LOG("Downloader:_verifyDownload downloaded size == expected size.");
-    let fileStream = Cc[
-      "@mozilla.org/network/file-input-stream;1"
-    ].createInstance(Ci.nsIFileInputStream);
-    fileStream.init(
-      destination,
-      FileUtils.MODE_RDONLY,
-      FileUtils.PERMS_FILE,
-      0
-    );
-
-    let digest;
-    try {
-      let hash = Cc["@mozilla.org/security/hash;1"].createInstance(
-        Ci.nsICryptoHash
-      );
-      var hashFunction =
-        Ci.nsICryptoHash[this._patch.hashFunction.toUpperCase()];
-      if (hashFunction == undefined) {
-        throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED);
-      }
-      hash.init(hashFunction);
-      hash.updateFromStream(fileStream, -1);
-      // NOTE: For now, we assume that the format of _patch.hashValue is hex
-      // encoded binary (such as what is typically output by programs like
-      // sha1sum).  In the future, this may change to base64 depending on how
-      // we choose to compute these hashes.
-      hash = hash.finish(false);
-      digest = Array.from(hash, (c, i) =>
-        hash.charCodeAt(i).toString(16).padStart(2, "0")
-      ).join("");
-    } catch (e) {
-      LOG(
-        "Downloader:_verifyDownload - failed to compute hash of the downloaded update archive"
-      );
-      digest = "";
-    }
-
-    fileStream.close();
-
-    if (digest == this._patch.hashValue.toLowerCase()) {
-      LOG("Downloader:_verifyDownload hashes match.");
-      return true;
-    }
-
-    LOG("Downloader:_verifyDownload hashes do not match. ");
-    AUSTLMY.pingDownloadCode(
-      this.isCompleteUpdate,
-      AUSTLMY.DWNLD_ERR_VERIFY_NO_HASH_MATCH
-    );
-    return false;
+    return true;
   }
 
   /**
@@ -6565,9 +6512,6 @@ class Downloader {
           " is higher than patch size: " +
           this._patch.size
       );
-      // It's important that we use a different code than
-      // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
-      // between a hash error and a wrong download error.
       AUSTLMY.pingDownloadCode(
         this.isCompleteUpdate,
         AUSTLMY.DWNLD_ERR_PATCH_SIZE_LARGER
@@ -6586,9 +6530,6 @@ class Downloader {
           " is not equal to expected patch size: " +
           this._patch.size
       );
-      // It's important that we use a different code than
-      // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
-      // between a hash error and a wrong download error.
       AUSTLMY.pingDownloadCode(
         this.isCompleteUpdate,
         AUSTLMY.DWNLD_ERR_PATCH_SIZE_NOT_EQUAL


=====================================
toolkit/mozapps/update/UpdateTelemetry.sys.mjs
=====================================
@@ -190,7 +190,6 @@ export var AUSTLMY = {
   DWNLD_ERR_VERIFY_NO_REQUEST: 13,
   DWNLD_ERR_VERIFY_PATCH_SIZE_NOT_EQUAL: 14,
   DWNLD_ERR_WRITE_FAILURE: 15,
-  DWNLD_ERR_VERIFY_NO_HASH_MATCH: 16,
   // Temporary failure code to see if there are failures without an update phase
   DWNLD_UNKNOWN_PHASE_ERR_WRITE_FAILURE: 40,
 


=====================================
toolkit/mozapps/update/nsIUpdateService.idl
=====================================
@@ -39,17 +39,6 @@ interface nsIUpdatePatch : nsISupports
    */
   attribute AString finalURL;
 
-  /**
-   * The hash function to use when determining this file's integrity
-   */
-  attribute AString hashFunction;
-
-  /**
-   * The value of the hash function named above that should be computed if
-   * this file is not corrupt.
-   */
-  attribute AString hashValue;
-
   /**
    * The size of this file, in bytes.
    */



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a6ebf61bcb78fb99e0120242b9f7371287786c9d...aa6ba13958e27df23498d7b26b045b0cf7271d6b

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a6ebf61bcb78fb99e0120242b9f7371287786c9d...aa6ba13958e27df23498d7b26b045b0cf7271d6b
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20240902/632a0b27/attachment-0001.htm>


More information about the tbb-commits mailing list