Closed Bug 1137498 Opened 10 years ago Closed 10 years ago

Prevent updates changing short_name

Tracking

(feature-b2g:2.2+, firefox37 wontfix, firefox38 wontfix, firefox39 fixed, b2g-v2.2 fixed, b2g-master fixed)

Status:

RESOLVED FIXED

Milestone:

mozilla39

Project Flags:

feature-b2g

2.2+

Tracking Flags:

Tracking

Status

firefox37

---

wontfix

firefox38

---

wontfix

firefox39

---

fixed

b2g-v2.2

---

fixed

b2g-master

---

fixed

People

(Reporter: pauljt, Assigned: tedders1)

References

Details

(Keywords: dev-doc-needed, feature, uiwanted, Whiteboard: [dependency: marketplace-partners][systemsfe])

Attachments

(1 file, 1 obsolete file)

bug-1137498-fix.patch 10 years ago Ted Clancy [:tedders1] 10.62 KB, patch	fabrice : review+	Details \| Diff \| Splinter Review
bug-1137498-fix.patch 10 years ago Ted Clancy [:tedders1] 10.66 KB, patch	bajaj : approval-mozilla-b2g37+	Details \| Diff \| Splinter Review

Paul Theriault [:pauljt] (no longer reading bugmail)

Reporter

Description

•

10 years ago

AFAIU, bug 1001861 will result in always only showing the short_name to the user when such value is present in the manifest. We currently prevent updates from changing an apps name, to prevent apps spoofing other apps after they have been installed. If we are going to replace all places where app name is shown with shortname, we should apply this same restriction to short_name.

Paul Theriault [:pauljt] (no longer reading bugmail)

Reporter

Updated

•

10 years ago

Blocks: 1001861
No longer blocks: 1075704

No longer depends on: 1001861, 1134680, 1121466, 1124144, 1124146, 1131338

Paul Theriault [:pauljt] (no longer reading bugmail)

Reporter

Comment 1

•

10 years ago

FYI The code in question is here: https://mxr.mozilla.org/mozilla-central/source/dom/apps/Webapps.jsm#3871

Paul Theriault [:pauljt] (no longer reading bugmail)

Reporter

Comment 2

•

10 years ago

Actually there's a AppUtils funciton that does the actuall manifest checking. I guess just this can be updated: https://mxr.mozilla.org/mozilla-central/source/dom/apps/AppsUtils.jsm#520

Gregor Wagner [:gwagner]

Comment 3

•

10 years ago

security related

blocking-b2g: --- → 2.2+

Gregor Wagner [:gwagner]

Comment 4

•

10 years ago

Can you take this one?

Flags: needinfo?(tclancy)

Ted Clancy [:tedders1]

Assignee

Updated

•

10 years ago

Assignee: nobody → tclancy

Flags: needinfo?(tclancy)

Candice Serran (:cserran)

Updated

•

10 years ago

blocking-b2g: 2.2+ → ---

feature-b2g: --- → 2.2+

Candice Serran (:cserran)

Comment 5

•

10 years ago

This is another one that got missed as a feature, not a blocking-b2g ...so you're aware bajaj. Risk is low

Flags: needinfo?(bbajaj)

Ted Clancy [:tedders1]

Assignee

Comment 6

•

10 years ago

Attached patch bug-1137498-fix.patch (obsolete) — Details — Splinter Review

Attachment #8575267 - Flags: review?(fabrice)

Ted Clancy [:tedders1]

Assignee

Comment 7

•

10 years ago

Green try run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=ed19f615b0e5

[:fabrice] Fabrice Desré

Comment 8

•

10 years ago

Comment on attachment 8575267 [details] [diff] [review] bug-1137498-fix.patch Review of attachment 8575267 [details] [diff] [review]: ----------------------------------------------------------------- r=me with nits fixed. Thanks for adding tests! ::: dom/apps/AppsUtils.jsm @@ +530,4 @@ > for (let locale in aNewManifest.locales) { > + let newLocaleEntry = aNewManifest.locales[locale]; > + > + let oldLocaleEntry = aOldManifest && 'locales' in aOldManifest && nit: double quotes on "locales" @@ +535,5 @@ > + > + if (newLocaleEntry.name) { > + // In case previous manifest didn't had a name, > + // we use the default app name > + newLocaleEntry.name = nit: trailing whitespace @@ +541,3 @@ > } > + if (newLocaleEntry.short_name) { > + newLocaleEntry.short_name = here too

Attachment #8575267 - Flags: review?(fabrice) → review+

Ted Clancy [:tedders1]

Assignee

Comment 9

•

10 years ago

Attached patch bug-1137498-fix.patch — Details — Splinter Review

Attachment #8575267 - Attachment is obsolete: true

Ted Clancy [:tedders1]

Assignee

Updated

•

10 years ago

Keywords: checkin-needed

Ryan VanderMeulen [:RyanVM]

Comment 10

•

10 years ago

https://hg.mozilla.org/integration/fx-team/rev/82536efb0b2e

Flags: in-testsuite+

Keywords: checkin-needed

Whiteboard: [dependency: marketplace-partners][systemsfe] → [dependency: marketplace-partners][systemsfe][fixed-in-fx-team]

bhavana bajaj [:bajaj]

Updated

•

10 years ago

Flags: needinfo?(bbajaj)

Ryan VanderMeulen [:RyanVM]

Comment 11

•

10 years ago

https://hg.mozilla.org/mozilla-central/rev/82536efb0b2e

Status: NEW → RESOLVED

Closed: 10 years ago

status-firefox39: --- → fixed

Resolution: --- → FIXED

Whiteboard: [dependency: marketplace-partners][systemsfe][fixed-in-fx-team] → [dependency: marketplace-partners][systemsfe]

Target Milestone: --- → mozilla39

Ted Clancy [:tedders1]

Assignee

Comment 12

•

10 years ago

Comment on attachment 8576683 [details] [diff] [review] bug-1137498-fix.patch NOTE: Please see https://wiki.mozilla.org/Release_Management/B2G_Landing to better understand the B2G approval process and landings. [Approval Request Comment] Bug caused by (feature/regressing bug #): Bug 1001861 User impact if declined: Possible security risk. Testing completed: Tests are included in the patch. Risk to taking this patch (and alternatives if risky): None forseen. String or UUID changes made by this patch: None

Attachment #8576683 - Flags: approval-mozilla-b2g37?

bhavana bajaj [:bajaj]

Updated

•

10 years ago

Attachment #8576683 - Flags: approval-mozilla-b2g37? → approval-mozilla-b2g37+

Ryan VanderMeulen [:RyanVM]

Comment 13

•

10 years ago

https://hg.mozilla.org/releases/mozilla-b2g37_v2_2/rev/fba907f72eb3

status-b2g-v2.2: --- → fixed

status-b2g-master: --- → fixed

status-firefox37: --- → wontfix

status-firefox38: --- → wontfix

BMO Automation

Updated

•

7 years ago

Product: Core → Core Graveyard

You need to log in before you can comment on or make changes to this bug.