Skip to content

Bug 42747 + 42737: Verify whether an update is unsupported before choosing one and drop the hash check (14.0 version)

Pier Angelo Vendrame requested to merge pierov/tor-browser:bug_42747_14.0 into tor-browser-128.2.0esr-14.0-1

Merge Info

Related Issues

  • #42747, #42737 (closed)
    • Opened (and closed) #43103 for the changelogs, since we're not going to close #42747 after this.
  • mullvad-browser#xxxxx
  • tor-browser-build#xxxxx

Backporting

Timeline

  • Immediate: patchset needed as soon as possible
  • Next Minor Stable Release: patchset that needs to be verified in nightly before backport
  • Eventually: patchset that needs to be verified in alpha before backport
  • No Backport (preferred): patchset for the next major stable

(Optional) Justification

  • Emergency security update: patchset fixes CVEs, 0-days, etc
  • Censorship event: patchset enables censorship circumvention
  • Critical bug-fix: patchset fixes a bug in core-functionality
  • Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
  • Sponsor required: patchset required for sponsor
  • Localization: typos and other localization changes that should be also in the release branch
  • Other: please explain
    • We might need to support two update paths, so we need to actually patch the current stable channel. However, we have already merged the patch for 115 in a separate branch (!1138 (merged))

Merging

  • Merge to tor-browser - !fixups to tor-browser-specific commits, new features, security backports
  • Merge to base-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
    • NOTE: if your changeset includes patches to both base-browser and tor-browser please clearly label in the change description which commits should be cherry-picked to base-browser after merging
    • The hash verification is Tor Browser-only

Issue Tracking

Review

Request Reviewer

  • Request review from an applications developer depending on modified system:
    • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
    • accessibility : henry
    • android : clairehurst, dan
    • build system : boklm
    • extensions : ma1
    • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
    • fonts : pierov
    • frontend (implementation) : henry
    • frontend (review) : donuts, richard
    • localization : henry, pierov
    • macOS : clairehurst, dan
    • nightly builds : boklm
    • rebases/release-prep : dan, ma1, pierov, richard
    • security : jwilde, ma1
    • signing : boklm, richard
    • updater : pierov
    • windows : jwilde, richard
    • misc/other : pierov, richard

Change Description

This is the 128-version of !1138 (merged).

I had to reimplement it because of the upstream changes between 115 and 128.

The first one is a manual port of the patch (it's 4 line, but notice that aUpdate has been renamed to update - good guy VS Codium that reminded me about it 😅).

The second one is a git revert ran on the current commit (14ac8e5c).

How Tested

I just built and ran this to check for obvious errors.

I didn't run full builds, but I've been checking this a lot in the last few days in 13.5.

For 14.0aX I think we can use nightly builds.

Edited by Pier Angelo Vendrame

Merge request reports