Closed Bug 190378 Opened 22 years ago Closed 22 years ago

should not use "not.supplied.com" as default download host

Categories

(SeaMonkey :: Installer, defect)

Product:
SeaMonkey
Component:
Installer
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: mjl+bmo, Assigned: ssu0262)

References

(
URL
)

Details

Attachments

(2 files, 1 obsolete file)

patch v1.1 (ns tree)
2.06 KB, patch
samir_bugzilla
: review+
sspitzer
: superreview+
Details | Diff | Splinter Review
patch v1.1 (moz tree)
8.28 KB, patch
samir_bugzilla
: review+
sspitzer
: superreview+
dbaron
: approval1.3b+
Details | Diff | Splinter Review 
bug 190309 made me notice that the default host is "not.supplied.com"

in the event that it doesn't get replaced with a real host, this will at best
lead to lots of dumb DNS queries at supplied.com (which is a real domain).

also, there's a potential security issue - if the folks at supplied.com create a
host called "not", they can serve trojans to the installer or whatever else...
not good.

RFC 2606 http://www.rfc-editor.org/rfc/rfc2606.txt suggests names which should
be used in these circumstances.  I think "not.supplied.invalid" would be a good
choice - clearly invalid to anyone that sees it, and guaranteed never to be a
real host.
Comment on attachment 112541 [details] [diff] [review]
use a safe placeholder download location

sr=me, patch can be considered supplied by Michael Lefevre. Seeking r= from ssu
Attachment #112541 - Flags: superreview+
Attachment #112541 - Flags: review?(ssu)
Comment on attachment 112541 [details] [diff] [review]
use a safe placeholder download location

also don't for get the other makeall.pl:
  xpinstall/packager/win_gre
 xpinstall/packager/win_mfcembed

I'll take care of ns/xpinstall/packager/windows one.
Attachment #112541 - Flags: review?(ssu) → review+
Flags: blocking1.3b?
Flags: blocking1.3b? → blocking1.3b+
A cursory grep from the xpinstall directory shows this string in:

./packager/windows/makeall.pl
./packager/os2/makeall.pl
./packager/os2/deliver.pl
./packager/win_gre/makeall.pl
./packager/build/scripts/makeall.pl
./packager/win_mfcembed/makeall.pl
./wizard/windows/builder/build.pl
./wizard/windows/builder/build_mfcembed.pl
./wizard/windows/builder/build_static.pl
./wizard/windows/builder/build_gre.pl
./wizard/os2/builder/build.pl


    
    

    
  


  
this patch catches all of the other references to not.supplied.com and changes
it to not.supplied.invalid.

        Attachment #112541 -
        Attachment is obsolete: true

    
  

        Attachment #112806 -
        Flags: superreview?(dveditz)

        Attachment #112806 -
        Flags: review?(sgehani)

    
  

        Attachment #112807 -
        Flags: superreview?(dveditz)

        Attachment #112807 -
        Flags: review?(sgehani)

    
    

    
  
Comment on attachment 112806 [details] [diff] [review]
patch v1.1 (ns tree)

r=sgehani

        Attachment #112806 -
        Flags: review?(sgehani) → review+

    
    

    
  
Comment on attachment 112807 [details] [diff] [review]
patch v1.1 (moz tree)

r=sgehani

        Attachment #112807 -
        Flags: review?(sgehani) → review+

    
    

    
  
Comment on attachment 112806 [details] [diff] [review]
patch v1.1 (ns tree)

rs=sspitzer

        Attachment #112806 -
        Flags: superreview?(dveditz) → superreview+

    
    

    
  
Comment on attachment 112807 [details] [diff] [review]
patch v1.1 (moz tree)

rs=sspitzer

        Attachment #112807 -
        Flags: superreview?(dveditz) → superreview+

    
    

    
  
sr=dveditz

    
    

    
  
Comment on attachment 112807 [details] [diff] [review]
patch v1.1 (moz tree)

What does the version stuff that's in this patch do?  (Your email described
this as a 1-line patch.)

    
    

    
  
sorry, the version stuff in the diff was part of another patch that simply said
that the build*.pl files are not part of the regular build, but for testing
installer builds only.  They are not used by anyone, unless trying to do test
installer builds.
Assignee: dveditz → ssu

    
    

    
  
Comment on attachment 112807 [details] [diff] [review]
patch v1.1 (moz tree)

Approving with the assumption that the version changes weren't supposed to be
included.

        Attachment #112807 -
        Flags: approval1.3b+

    
    

    
  
patches checked in.  marking bug fixed.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED

    
    

    
  
v
Status: RESOLVED → VERIFIED
QA Contact: bugzilla → gbush
Product: Browser → Seamonkey

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: