Update NoScript to 5.1.8.5

NoScript 5.1.8.5 is out.

added TorBrowserTeam201804 component::applications/tor browser owner::tbb-team priority::medium resolution::fixed severity::normal status::closed tbb-backported type::defect labels

Trac:
Summary: Of course, you don't care, but anyway to Upgrade to NoScript 5.1.8.5

Important change from the changelog

{{{ x Automatic updates test + Updates for NoScript Classic are now served directly from secure.informaction.com due to beta channel deprecation and other problems with dual branches on AMO }}}

This summary shouldn't be modified by cypherpunks.

Trac:
Summary: Upgrade to NoScript 5.1.8.5 to Of course, you don't care, but anyway

Trac:
Keywords: N/A deleted, TorBrowserTeam201803 added
Summary: Of course, you don't care, but anyway to Update NoScript to 5.1.8.5

Giorgio Maone posted a comment on the blog about NoScript 5.1.8.5: https://blog.torproject.org/comment/274622#comment-274622

Moving our tickets to April.

Trac:
Keywords: TorBrowserTeam201803 deleted, TorBrowserTeam201804 added

Okay, pushed this to master with commit 36cfa493d65da45022aad17c6d7b21ee0a9b2fae so that we can test the update in the upcoming alpha.

I diffed 5.1.8.4 and 5.1.8.5 and it looks mostly good. Turns out I discovered a packaging error as a Perl script is included, too, in the .xpi. It's not used, though, so there is not much harm done.

Trac:
Status: new to closed
Resolution: N/A to fixed

Hint: let's disable updates.

Replying to cypherpunks:

Hint: let's disable updates. Of course, you don't care, but anyway 2:

addons.update-checker	WARN	Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in."  nsresult: "0x80004004 (NS_ERROR_ABORT)"  location: "JS frame :: re[/gre/modules/CertUtils.jsm](/gre/modules/CertUtils.jsm) :: checkCert :: line 171"  data: no]

Replying to cypherpunks:

Replying to cypherpunks:

Hint: let's disable updates. Of course, you don't care, but anyway 2: {{{ addons.update-checker WARN Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: re/gre/modules/CertUtils.jsm :: checkCert :: line 171" data: no] }}} That's a feature in our context, right? I'll point it out to Giorgio, though, as not all of his users might share that attitude, thanks.

Replying to cypherpunks:

Replying to cypherpunks:

Hint: let's disable updates. Of course, you don't care, but anyway 2: {{{ addons.update-checker WARN Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: re/gre/modules/CertUtils.jsm :: checkCert :: line 171" data: no] }}}

Could you please elaborate a bit? secure.informaction.com has a Let's Encrypt certificate. Does it mean autoupdates are expected not to work for this kind of certificates? Is it a Tor Browser specific feature? (Auto-updates from secure.informaction.com seem to work fine in Firefox).

Replying to ma1:

Replying to cypherpunks:

Replying to cypherpunks:

Hint: let's disable updates. Of course, you don't care, but anyway 2:

addons.update-checker	WARN	Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in."  nsresult: "0x80004004 (NS_ERROR_ABORT)"  location: "JS frame :: re[/gre/modules/CertUtils.jsm](/gre/modules/CertUtils.jsm) :: checkCert :: line 171"  data: no]
}}}

Could you please elaborate a bit? secure.informaction.com has a Let's Encrypt certificate. Does it mean autoupdates are expected not to work for this kind of certificates? Is it a Tor Browser specific feature? (Auto-updates from secure.informaction.com seem to work fine in Firefox). Not the same cypherpunk but I did get that error when going to about:addons and clicking "Check for updates"

{{{ 1525217115900 addons.update-checker WARN onUpdateCheckComplete failed to determine manifest type 1525217115900 addons.update-checker WARN onUpdateCheckComplete failed to determine manifest type 1525217119400 addons.update-checker WARN Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: re/gre/modules/CertUtils.jsm :: checkCert :: line 171" data: no]

Commit f0f669e25747a9c33f07d365397a030a21ede864 has the backport to maint-7.5. It should be available in 7.5.4.

Trac:
Keywords: N/A deleted, tbb-backported added

Replying to ma1:

Replying to cypherpunks:

Replying to cypherpunks:

Hint: let's disable updates. Of course, you don't care, but anyway 2: {{{ addons.update-checker WARN Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: re/gre/modules/CertUtils.jsm :: checkCert :: line 171" data: no] }}}

Could you please elaborate a bit? Me? I can elaborate that "Of course, you don't care" is related to you too, to some degree, in part of fixing NoScript bugs, related to Tor Browser. secure.informaction.com has a Let's Encrypt certificate. Does it mean autoupdates are expected not to work for this kind of certificates? Is it a Tor Browser specific feature? (Auto-updates from secure.informaction.com seem to work fine in Firefox). ticket:22974#comment:3

closed

moved to tpo/applications/tor-browser#25572 (closed)