Opened 21 months ago

Closed 20 months ago

Last modified 19 months ago

#25572 closed defect (fixed)

Update NoScript to 5.1.8.5

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam201804, tbb-backported
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

NoScript 5.1.8.5 is out.

Child Tickets

Change History (14)

comment:1 Changed 21 months ago by cypherpunks

Summary: Of course, you don't care, but anywayUpgrade to NoScript 5.1.8.5

comment:2 Changed 21 months ago by cypherpunks

Important change from the changelog

         x Automatic updates test
         + Updates for NoScript Classic are now served directly from
          secure.informaction.com due to beta channel deprecation and 
          other problems with dual branches on AMO

comment:3 Changed 21 months ago by cypherpunks

Summary: Upgrade to NoScript 5.1.8.5Of course, you don't care, but anyway

This summary shouldn't be modified by cypherpunks.

comment:4 Changed 21 months ago by gk

Keywords: TorBrowserTeam201803 added
Summary: Of course, you don't care, but anywayUpdate NoScript to 5.1.8.5

comment:5 Changed 21 months ago by boklm

Giorgio Maone posted a comment on the blog about NoScript 5.1.8.5:
https://blog.torproject.org/comment/274622#comment-274622

comment:6 Changed 20 months ago by gk

Keywords: TorBrowserTeam201804 added; TorBrowserTeam201803 removed

Moving our tickets to April.

comment:7 Changed 20 months ago by gk

Resolution: fixed
Status: newclosed

Okay, pushed this to master with commit 36cfa493d65da45022aad17c6d7b21ee0a9b2fae so that we can test the update in the upcoming alpha.

I diffed 5.1.8.4 and 5.1.8.5 and it looks mostly good. Turns out I discovered a packaging error as a Perl script is included, too, in the .xpi. It's not used, though, so there is not much harm done.

comment:8 Changed 20 months ago by cypherpunks

Hint: let's disable updates.

comment:9 in reply to:  8 ; Changed 20 months ago by cypherpunks

Replying to cypherpunks:

Hint: let's disable updates.

Of course, you don't care, but anyway 2:

addons.update-checker	WARN	Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in."  nsresult: "0x80004004 (NS_ERROR_ABORT)"  location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 171"  data: no]

comment:10 in reply to:  9 Changed 20 months ago by gk

Replying to cypherpunks:

Replying to cypherpunks:

Hint: let's disable updates.

Of course, you don't care, but anyway 2:

addons.update-checker	WARN	Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in."  nsresult: "0x80004004 (NS_ERROR_ABORT)"  location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 171"  data: no]

That's a feature in our context, right? I'll point it out to Giorgio, though, as not all of his users might share that attitude, thanks.

comment:11 in reply to:  9 ; Changed 20 months ago by ma1

Replying to cypherpunks:

Replying to cypherpunks:

Hint: let's disable updates.

Of course, you don't care, but anyway 2:

addons.update-checker	WARN	Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in."  nsresult: "0x80004004 (NS_ERROR_ABORT)"  location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 171"  data: no]

Could you please elaborate a bit?
secure.informaction.com has a Let's Encrypt certificate. Does it mean autoupdates are expected not to work for this kind of certificates? Is it a Tor Browser specific feature? (Auto-updates from secure.informaction.com seem to work fine in Firefox).

comment:12 in reply to:  11 Changed 20 months ago by cypherpunks

Replying to ma1:

Replying to cypherpunks:

Replying to cypherpunks:

Hint: let's disable updates.

Of course, you don't care, but anyway 2:

addons.update-checker	WARN	Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in."  nsresult: "0x80004004 (NS_ERROR_ABORT)"  location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 171"  data: no]

Could you please elaborate a bit?
secure.informaction.com has a Let's Encrypt certificate. Does it mean autoupdates are expected not to work for this kind of certificates? Is it a Tor Browser specific feature? (Auto-updates from secure.informaction.com seem to work fine in Firefox).

Not the same cypherpunk but I did get that error when going to about:addons and clicking "Check for updates"

1525217115900	addons.update-checker	WARN	onUpdateCheckComplete failed to determine manifest type
1525217115900	addons.update-checker	WARN	onUpdateCheckComplete failed to determine manifest type
1525217119400	addons.update-checker	WARN	Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in."  nsresult: "0x80004004 (NS_ERROR_ABORT)"  location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 171"  data: no]

comment:13 Changed 20 months ago by gk

Keywords: tbb-backported added

Commit f0f669e25747a9c33f07d365397a030a21ede864 has the backport to maint-7.5. It should be available in 7.5.4.

comment:14 in reply to:  11 Changed 19 months ago by cypherpunks

Replying to ma1:

Replying to cypherpunks:

Replying to cypherpunks:

Hint: let's disable updates.

Of course, you don't care, but anyway 2:

addons.update-checker	WARN	Request failed: https://secure.informaction.com/download/classic/?v=5.1.8.5 - [Exception... "Certificate issuer is not built-in."  nsresult: "0x80004004 (NS_ERROR_ABORT)"  location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 171"  data: no]

Could you please elaborate a bit?

Me? I can elaborate that "Of course, you don't care" is related to you too, to some degree, in part of fixing NoScript bugs, related to Tor Browser.

secure.informaction.com has a Let's Encrypt certificate. Does it mean autoupdates are expected not to work for this kind of certificates? Is it a Tor Browser specific feature? (Auto-updates from secure.informaction.com seem to work fine in Firefox).

ticket:22974#comment:3

Note: See TracTickets for help on using tickets.