Closed
Bug 1158938
Opened 9 years ago
Closed 9 years ago
End mozilla.sf with two newlines
Categories
(addons.mozilla.org Graveyard :: Code Quality, enhancement, P1)
addons.mozilla.org Graveyard
Code Quality
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: clouserw, Assigned: rtilder)
References
Details
We had crashes on older versions of Fx (see bug 1158467). Testing shows that adding two newlines to the end of mozilla.sf will fix these crashes.
|
||
Comment 1•9 years ago
|
||
This would be to work around lacking the parsing as outlined in the jar signing docs:
"Before parsing:
If the last character of the file is an EOF character (code 26), the EOF is treated as whitespace. Two newlines are appended (one for editors that don't put a newline at the end of the last line, and one so that the grammar doesn't have to special-case the last entry, which may not have a blank line after it)." [1]
The parser should probably be changed (if you are going to use the jar signing spec) to account for this rule, and instead of just ignoring the error with a nullcheck as is done currently, the extension should be considered untrusted:
"Errors:
If a file cannot be parsed according to this spec, a warning should be output, and none of the signatures should be trusted." [1]
[1] http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#Notes_on_Manifest_and_Signature_Files
|
Reporter | |
Comment 2•9 years ago
|
||
We're not in the best spot since old browsers literally crash (vs just ignoring it or something benign) so we might not be able to do everything we want. That said, adhering to a spec would be nice. Dave - let us know if two newlines is still the plan.
Flags: needinfo?(dtownsend)
|
||
Comment 3•9 years ago
|
||
We're actually just adding an additional newline to mozilla.sf so it ends with two newlines. This should still be complaint with the JAR spec.
Flags: needinfo?(dtownsend)
Summary: Add two newlines to the end of mozilla.sf → End mozilla.sf with two newlines
|
|
Reporter | |
Updated•9 years ago
|
Severity: major → enhancement
|
Assignee | |
Comment 4•9 years ago
|
||
PR submitted: https://github.com/mozilla/signing-clients/pull/17
Status: NEW → ASSIGNED
|
||
Comment 5•9 years ago
|
||
Fixed in signing_clients: https://github.com/mozilla/signing-clients/commit/b7ca3c1029b67176668c29bb5f5b1b4ad5f3fac5 PR on olympia: https://github.com/mozilla/olympia/pull/532 STR: 1/ upload a new add-on 2/ have it signed by reviewing it (prelim or full, it doesn't matter) 3/ go the add-on install page, once it's signed, with an old version of firefox (version 28 or below), and install it 4/ Firefox should not crash
|
|
||
Comment 6•9 years ago
|
||
Fixed in https://github.com/mozilla/olympia/commit/1a41830127e964e007d76a3412b3a67f12f36f29
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
||
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•