Closed Bug 393823 Opened 17 years ago Closed 17 years ago

-osint logic not written out to the windows registry when using software update on the 1.8.0 branch

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mscott, Assigned: mscott)

References

Details

(Keywords: fixed1.8.0.14)

Attachments

(1 file)

brute force fix
1.35 KB, patch
Bienvenu
: superreview+
dveditz
: approval1.8.0.14+
Details | Diff | Splinter Review
spinning out from Bug 389613. Stephen and I actually put a bunch of comments in Bug 389613 over the weekend, but we really should have broken this issue out into a new bug for triage purposes so I'm doing that now. "Stephen identified a problem with this fix. On the 1.5.0.x branch, we compare the application path and nothing else when determining if the app is still the default. Thus, a user who is running 1.5.0.12 as the default and gets upgraded to 1.5.0.13, won't get the osint flag written out to the registry for the appropriate keys. You need to unset, then set Thunderbird as the default mail client for the keys to get written out. This isn't a problem when testing: 1.5.0.12 and 1.5.0.13 using clean VMs for each test. 1.5.0.12 and a debug 1.5.0.13 with the fix. Note: the behavior of detecting default client status based on the application path and not the command line arguments as well has changed on the 1.8.1 branch so this isn't an issue there. It's specific to 1.8.0."
Flags: blocking1.8.0.14?
Attached patch brute force fixSplinter Review
Same comment I put in Bug 389613: "Here's a fix that seems to address the spot where the default client status isn't changing, causing us to fail to write out the osint flags. It's a brute force approach for sure, but this is for the 1.8.0 branch only, and this approach has a lot less risk than modifying the different ways in which we detect default app status for mailto, news, nntp, snews and feed urls. Every time 1.5.0.x starts up, for each protocol the current application instance is the default for, re-write out the registration keys. And re-write out the protocol key giving us default status with the OS."
Repeating the testing comments over in: https://bugzilla.mozilla.org/show_bug.cgi?id=389613#c49 Here's what I did to test the brute force patch: (either a clean VM or make sure the mailto, nntp, news, feed and snews keys don't have -osint already in the registry) 1) Downloaded a nightly 1.5.0.13pre build from before the original fix went in like this one: ftp://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/2007-07-31-06-mozilla1.8.0/thunderbird-1.5.0.13pre.en-US.win32.installer.exe 2) Make sure this installation is the default mail, news and feed client. 3) Verify that the test case still fails and the profile manager comes up. 4) Now check for updates and get updated to the latest update. 5) Restart to install the update 6) Quit thunderbird 7) you can manually inspect HKLM\mailto, HKLM\news, etc. to see that the -osint is now written out into the registry. 8) Run the test case again and verify that nothing comes up.
and since I temporarily checked in the brute force patch onto the branch so we could test it this weekend, here are Stephen's findings copied from https://bugzilla.mozilla.org/show_bug.cgi?id=389613#c50: I can *finally*, *truly* verify this bug as fixed, using Scott's instructions in comment 49, above. C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE -osint -compose %1 gets set under: My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Mozilla Thunderbird\protocols\mailto\shell\open\command Using the pre-fix build (2007-07-31-06 of mozilla1.8.0), I see the Profile Manager invoked when running the testcase in comment 43. Post-fix, after upgrading to 2007-08-26-04, I can see that not even the compose window comes up, which I think is the expected outcome given Scott's step #8 in comment 49.
Depends on: 389613
Does this hack need to go into Tbird 2.0 as well, or is it just an issue with 1.5-era installers?
This is just for 1.5 Dan.
Comment on attachment 278375 [details] [diff] [review] brute force fix asking David for an sr on this brute force patch which is currently on the 1.8.0.x branch to make it easier for QA and others to help verify the fix.
Attachment #278375 - Flags: superreview?(bienvenu)
Attachment #278375 - Flags: superreview?(bienvenu) → superreview+
Flags: blocking1.8.0.14? → blocking1.8.0.14+
Looks like the "temporary" landing is still there, and we're going to take it anyway so marking fixed on the branch.
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: fixed1.8.0.14
Resolution: --- → FIXED
Comment on attachment 278375 [details] [diff] [review] brute force fix approved for 1.8.0.14, a=dveditz for release-drivers
Attachment #278375 - Flags: approval1.8.0.14+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: