Closed Bug 520326 Opened 15 years ago Closed 15 years ago

Quicktime 7.6.3 reported Potentially Vulnerable for Snow Leopard

Categories

(addons.mozilla.org Graveyard :: Plugins, defect)

x86
macOS
defect
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: Mardak, Unassigned)

References

Details

https://www-trunk.stage.mozilla.com/en-US/plugincheck/

The latest version of Quicktime X for Snow Leopard seems to be interally versioned as 7.6.3. The Apple website for quicktime only has 7.6.4 for Leopard and Tiger, and there's no update for Snow Leopard.
We need the JSON file to have a 7.6.3.0 that is returned as latest when the clientOS=Intel+Mac+OS+X+10.6

I've added this object to the releases property:        
          { "version": "7.6.3.0",
            "guid": "{a42bb825-7eee-420f-8ee7-834062b6fefd}", 
            "os_name": "mac os x 10.6",
            "status": "latest" }

Making the request only returns 7.6.4.0
jsonp1254630926594([{"aliases":{"regex":[".*QuickTime.*"],"literal":["QuickTime Plug-in"]},"releases":{"latest":{"pfs_id":"apple-quicktime","name":"QuickTime Plug-in","vendor":"Apple","url":"http:\/\/www.apple.com\/quicktime\/download\/","status":"latest","guid":"{a42bb825-7eee-420f-8ee7-834062b6fefd}","version":"7.6.4.0","manual_installation_url":"http:\/\/www.apple.com\/quicktime\/download\/","modified":"2009-10-06T07:25:38+00:00","app_id":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","app_release":"*","app_version":"*","locale":"*","os_name":"mac"},"others":[]}}])

changing the os value to '10.6' didn't work

changing the os value to 'mac' does of course return :
jsonp1254630926594([{"aliases":{"regex":[".*QuickTime.*"],"literal":["QuickTime Plug-in"]},"releases":{"latest":{"pfs_id":"apple-quicktime","name":"QuickTime Plug-in","vendor":"Apple","url":"http:\/\/www.apple.com\/quicktime\/download\/","status":"latest","guid":"{a42bb825-7eee-420f-8ee7-834062b6fefd}","version":"7.6.4.0","manual_installation_url":"http:\/\/www.apple.com\/quicktime\/download\/","modified":"2009-10-06T07:24:22+00:00","app_id":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","app_release":"*","app_version":"*","locale":"*","os_name":"mac"},"others":[{"pfs_id":"apple-quicktime","name":"QuickTime Plug-in","vendor":"Apple","url":"http:\/\/www.apple.com\/quicktime\/download\/","status":"latest","guid":"{a42bb825-7eee-420f-8ee7-834062b6fefd}","version":"7.6.3.0","manual_installation_url":"http:\/\/www.apple.com\/quicktime\/download\/","modified":"2009-10-06T07:24:22+00:00","app_id":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","app_release":"*","app_version":"*","locale":"*","os_name":"mac"}]}}])

What is the correct way to enter the info so that
* Mac OS X 10.6 gets 7.6.3.0 as the latest
* Other Mac OS X get 7.6.4.0 as the latest
r52938 should fix this.

The first thing is that the OS needs to be an exact (though lower-case) match:

{ 
  "version": "7.6.3.0",
  "guid": "{a42bb825-7eee-420f-8ee7-834062b6fefd}", 
  "os_name": "intel mac os x 10.6",
  "status": "latest"
}    

The second thing is that I needed to rework the relevance handling a bit to allow what looks like a lesser version to preempt another version that's a less exact OS match
Actually, that second point is not quite right.  The server doesn't do any version comparisons.  The real issue was that it wasn't properly prioritizing exact matches of OS names as more relevant than less exact or wildcard matches
Looks like staging is reporting the correct thing now:

Portafilter:~/devel/mozilla/pfs2 lorchard$ curl -s 'http://pfs2.stage.mozilla.com/?mimetype=application/sdp&appID=%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D&appVersion=2008052906&appRelease=3.5&clientOS=Intel+Mac+OS+X+10.5&chromeLocale=ja-JP' ; echo

[{"aliases":{"regex":[".*QuickTime.*"],"literal":["QuickTime Plug-in"]},"releases":{"latest":{"pfs_id":"apple-quicktime","name":"QuickTime Plug-in","vendor":"Apple","url":"http:\/\/www.apple.com\/quicktime\/download\/","status":"latest","guid":"{a42bb825-7eee-420f-8ee7-834062b6fefd}","version":"7.6.4.0","manual_installation_url":"http:\/\/www.apple.com\/quicktime\/download\/","modified":"2009-10-06T22:50:01+00:00","app_id":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","app_release":"*","app_version":"*","locale":"*","os_name":"mac","relevance":4},"others":[]}}]

Portafilter:~/devel/mozilla/pfs2 lorchard$ curl -s 'http://pfs2.stage.mozilla.com/?mimetype=application/sdp&appID=%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D&appVersion=2008052906&appRelease=3.5&clientOS=Intel+Mac+OS+X+10.6&chromeLocale=ja-JP' ; echo

[{"aliases":{"regex":[".*QuickTime.*"],"literal":["QuickTime Plug-in"]},"releases":{"latest":{"pfs_id":"apple-quicktime","name":"QuickTime Plug-in","vendor":"Apple","url":"http:\/\/www.apple.com\/quicktime\/download\/","status":"latest","guid":"{a42bb825-7eee-420f-8ee7-834062b6fefd}","version":"7.6.3.0","manual_installation_url":"http:\/\/www.apple.com\/quicktime\/download\/","modified":"2009-10-06T22:50:01+00:00","app_id":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","app_release":"*","app_version":"*","locale":"*","os_name":"intel mac os x 10.6","relevance":7},"others":[]}}]
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Edward, can you confirm that this is now fixed for you?  Thanks!
Verified using production (trunk seems broken):
https://www.mozilla.com/en-US/plugincheck/
Status: RESOLVED → VERIFIED
(In reply to comment #7)
Bug#522145 - trunk only appears broken
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.