1301425 - Update Websense hotfix with maxVersion = 49.*

Status: RESOLVED FIXED

(Toolkit :: Application Update, defect)

Description

[:Felipe Gomes (needinfo for replies!)]

According bug 1300523, the hotfix is not being ignored in the compatibility check. If we just republish the current hotfix (bug 1298404) with maxVersion = 49, that should resolve the issue for this one. When Firefox upgrades to 48 or 49, the hotfix will run and immediatelly uninstall itself.

Comment 1

[:Felipe Gomes (needinfo for replies!)]

Attachment: new version

Comment 2

[:Felipe Gomes (needinfo for replies!)]

Attachment: updated README

Comment 3

[:Felipe Gomes (needinfo for replies!)]

Attachment: hotfix-v20160826.02.xpi unsigned

Jason, could you sign this one for us?

Comment 4

[Jason Thomas [:jason]]

Attachment: hotfix-v20160826.02.xpi signed

Comment 5

[Kris Maglione [:kmag]]

Is there a particular reason you can't just change the compatibility range on AMO?

Comment 6

[:Felipe Gomes (needinfo for replies!)]

I don't know how that works. Will that info going to propagate to the existing installs?

Comment 7

[Kris Maglione [:kmag]]

Yes, the compatibility information comes from the same update manifest that's used to deploy new versions, so it should have exactly the same effect.

Comment 8

[:Felipe Gomes (needinfo for replies!)]

Alright, that sounds simpler. Could you do that for us?

Comment 9

[Kris Maglione [:kmag]]

Done.

Comment 10

[Andreas Wagner [:TheOne] [use NI]]

I would be in favor of actually finding and fixing the issue instead of working around it.
This basically causes the add-on to be installed and uninstalled over and over again.

Comment 11

[Kris Maglione [:kmag]]

(In reply to Andreas Wagner [:TheOne] from comment #10)
> I would be in favor of actually finding and fixing the issue instead of
> working around it.
> This basically causes the add-on to be installed and uninstalled over and
> over again.

No it doesn't. Hotfixes have special handling so that a given version is only ever installed once.

This should definitely be fixed in Firefox so that it doesn't happen again in the future, but there's no way we're going to be able to fix it in 48 or 49.

Comment 12

[:Felipe Gomes (needinfo for replies!)]

It would be nice if someone could verify this:

- Launch a fresh profile with Firefox 47
- Force add-on background update check to get the hotfix
- Check that the hotfix installed and added "(nowebsense)" to the app.update.url pref
- Check Firefox for updates and accept Firefox 48
- Check that Add-on Compatibility Dialog doesn't show up when launching Firefox after it updated to 48

Comment 13

[:Felipe Gomes (needinfo for replies!)]

(This test only makes sense on Windows)

Comment 14

[Robert Strong (they/them - no direct email)]

(In reply to :Felipe Gomes (needinfo me!) from comment #12)
> It would be nice if someone could verify this:
> 
> - Launch a fresh profile with Firefox 47
> - Force add-on background update check to get the hotfix
> - Check that the hotfix installed and added "(nowebsense)" to the
> app.update.url pref
> - Check Firefox for updates and accept Firefox 48
> - Check that Add-on Compatibility Dialog doesn't show up when launching
> Firefox after it updated to 48
The last step should be check that app update doesn't display to the user that the add-on is not compatible with the update.

Comment 15

[Robert Strong (they/them - no direct email)]

(In reply to Robert Strong [:rstrong] (use needinfo to contact me) from comment #14)
> (In reply to :Felipe Gomes (needinfo me!) from comment #12)
> > It would be nice if someone could verify this:
> > 
> > - Launch a fresh profile with Firefox 47
> > - Force add-on background update check to get the hotfix
> > - Check that the hotfix installed and added "(nowebsense)" to the
> > app.update.url pref
> > - Check Firefox for updates and accept Firefox 48
> > - Check that Add-on Compatibility Dialog doesn't show up when launching
> > Firefox after it updated to 48
> The last step should be check that app update doesn't display to the user
> that the add-on is not compatible with the update.
This happens before the restart. The one that happens after restart is the add-ons manager compatibility dialog and can display for several different reasons other than this.

Comment 16

[Alexandru Simonca [:asimonca], Release Desktop QA]

I have verified the request from Comment #12 using the provided STR. 

The hotfix is installed (checked in about:config for app.update.url and (nowebsense) string is present) and Firefox updated to 48.0.2. 

The Add-on Compatibility Dialog does show up but there is no error and it goes away after the check. 

Please ni? me if we can help in any other way.

Comment 17

[:Felipe Gomes (needinfo for replies!)]

Do you mean it shows up briefly and doesn't report any incompatibility? Or does it show the Hotfix as requiring a check, like the screenshot in this report here: https://twitter.com/shinax/status/773580772733227008

Comment 18

[Alexandru Simonca [:asimonca], Release Desktop QA]

It showed up briefly and didn't report anything. It just went away by itself.

Comment 19

[garrettmc]

Hello all, thank you for your efforts to collaborate. I want to provide information for direct contact regarding all product security issues in all Forcepoint products and services:

I am a founding member of the Forcepoint Global Product Security Incident Response Team (PSIRT).

(Forcepoint is the synthesis of Raytheon Cyber Products, Websense, Trusted Computer Solutions, Oakley Networks, Visual Analytics, Stonesoft, Sidewinder, and others)

If you ever need to report a product security vulnerability, contact PSIRT@forcepoint.com. PGP Key: https://www.forcepoint.com/innovation/product-security/product-security-report-issue