hardcode ESR version because ESR doesn't ship every 8 releases anymore
Categories
(Core :: DOM: Security, task, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox76 | --- | fixed |
People
(Reporter: aryx, Assigned: cpeterson)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
https://docs.google.com/spreadsheets/d/1QAbF2mM-v7usT8hrNIAnaz7ybDaRzPR-YfN_8sxWGhc/edit#gid=327015013 has the upcoming ESR versions: 78 and 91 after the current 68. In other words: The current ESR release cannot be calculated anymore unless the release of an ESR version gets bound to a specific date in the year.
Making the latest ESR version directly available to the application looks less error prone if changing it becomes of the 'new ESR' playbook.
The two current calculations of the ESR version I found:
https://hg.mozilla.org/mozilla-central/annotate/d39f4366eba4bf1b89f0f3a48ace2d8c9e1f410f/browser/components/resistfingerprinting/test/browser/browser_navigator.js#l253
https://hg.mozilla.org/mozilla-central/annotate/d39f4366eba4bf1b89f0f3a48ace2d8c9e1f410f/toolkit/components/resistfingerprinting/nsRFPService.cpp#l655
Comment 1•4 years ago
|
||
This is arguably wrong, but perhaps not terrible since all the "resistFingerprinting" folks will consistently report the same version, which is sort of the point. But better if that can hide in the small ESR crowd so worth fixing.
Assignee | ||
Comment 2•4 years ago
|
||
I believe Release Management is aiming to have one major ESR release a year. (ESR 78 and 91 release dates are both scheduled for the end of June.) If we maintain that cadence, there would be a new ESR major version every 12 or 13 Firefox releases.
I suggest we change the ESR version spoofing algorithm to assume we have a new ESR every 13 releases (i.e. 91 - 78 = 13):
- If current version < 78, then spoof version 68 (the current ESR version).
- If current version >= 78, then assume ESR version to be spoofed is 78 + 13 * X.
If this algorithm is wrong, we'll won't need to worry about it until ESR 104±1 in 2022. :) We already have debug asserts to catch if the spoofed version no longer matches the ESR cadence:
Assignee | ||
Comment 3•4 years ago
•
|
||
I have a patch to fix this bug. I will post it for review when the 78 Nightly cycle starts.
Assignee | ||
Comment 4•4 years ago
|
||
The old ESR version calculation assumed six-week release cycles, but Firefox has moved to four-week release cycles and Release Management shifted some of the ESR dates.
I plan to remove the special case for Firefox version < 78 once the 78 Nightly development cycle starts.
Comment 5•4 years ago
|
||
Can we set bug 1583326 as resolved duplicate of this one?
Assignee | ||
Comment 6•4 years ago
|
||
(In reply to Ethan Tseng [:ethan] from comment #5)
Can we set bug 1583326 as resolved duplicate of this one?
Yes. I'll dupe that bug.
Pushed by cpeterson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/79814e338266 Update ESR version spoofing calculation to assume a new ESR is released every June. r=ethan,timhuang
Comment 9•4 years ago
|
||
bugherder |
Description
•