Closed Bug 666735 Opened 13 years ago Closed 13 years ago

Don't offer a Firefox 7 update to users with a too-old version of Freetype

Categories

(AUS Graveyard :: General, defect)

x86
Linux
defect
Not set
normal

Tracking

(firefox6+, firefox7+ fixed)

RESOLVED FIXED
Tracking Status
firefox6 + ---
firefox7 + fixed

People

(Reporter: joe, Assigned: nthomas)

References

Details

(Whiteboard: [qa+])

Attachments

(2 files, 3 obsolete files)

Bug 666732 will start sending the Freetype version as part of the AUS ping. This bug is to make sure we don't offer Firefox 7 updates to users running Firefox 6 on a too-old version of Freetype.
OS: Mac OS X → Linux
There are two parts to this I think: * a config change - eg http://mxr.mozilla.org/mozilla/source/webtools/aus/xml/inc/config-dist.php#201 * a code change to make that config apply to all updates, not just major ones (since we're going to be doing minor updates from Fx5 to the latest release) We also have to figure out how to block Fx5 users, which won't be sending the Freetype info in the query unless we can get bug 666732 into any 5.0.1 that happens. This may mean we have to update people to 6 first, then possibly on to 7. enh: might be useful to flip the config so that it blocks based on destination release rather than the one asking for an update. Currently don't have time to work on this.
Just a passing comment, but this seems to be rather contrary to the rest of the new update process. Is the visual experience really bad enough to leave users on an unsupported version with published security flaws (assuming that Firefox 5/6 isn't going to avoid having any vulnerabilities at all...)?
We're getting deep into the Beta cycle. if Nick can't. then who can work on this?
Attached patch Rework OS blocking (obsolete) — Splinter Review
This patch does two major things * blocks OSes based on the app version they'd have after an update, instead of the version in the request. I think this is a more natural way to capture that we de-supported X at ver Y, instead of listing of listing all prior versions. The unsupportedPlatforms array can have versions specified explicitly, using a wildcard (*), or by a minimum version (+) * removes the restriction that only major updates can be blocked as unsupported. Need to do this because we're only doing minor updates in the rapid release world (4.0+) The current blocking config is rewritten to support these changes, and I add a block for RHEL5 for Fx7 because it's ancient (v2.2.1 on 5.6). The tests have been tweaked to verify the new code is working.
Assignee: morgamic → nrthomas
Status: NEW → ASSIGNED
Attachment #553099 - Flags: review?(rhelmer)
Christian - do you have a list of strings we should block to avoid this come the first Firefox 7 beta? Joe - what version of freetype is the minimum requirement now ? I can't see that in bug 660448.
Attached file Verify.txt against production snippets (obsolete) —
This is a test manifest against aus2-staging for the current state of the snippets. I get 168 passes with and without the code change in attachment 553099 [details] [diff] [review] applied there, so I'm pretty confident it won't regress our current blocking setup.
(In reply to Nick Thomas [:nthomas] from comment #5) > Christian - do you have a list of strings we should block to avoid this come > the first Firefox 7 beta? > > Joe - what version of freetype is the minimum requirement now ? I can't see > that in bug 660448. FreeType 2.3.0 (bug 456448 comment 1)
Product has decided we will EOL firefox on affected systems rather than deliver them a worse Firefox. Tracking for Firefox 7
I focused on RH/Fedora, SuSE/openSUSE and Ubuntu for blocking. Results are: *** RHEL 5 -> FT 2.2.1 (see above RHEL 6 -> FT 2.3.11 http://fedoraproject.org/wiki/LifeCycle/EOL Fedora 14 -> FT 2.4.2 Fedora 15 -> FT 2.4.4 SLE 10 -> FT 2.1.10 SLE 11 -> FT 2.3.7 (no older than - 11.1 as base) http://en.opensuse.org/Lifetime openSUSE 11.3 -> 2.3.12 openSUSE 11.4 -> 2.4.4 https://wiki.ubuntu.com/Releases Ubuntu 8.04 LTS -> 2.3.5 Ubuntu 10.04 LTS -> 2.3.11 Ubuntu 10.10 -> 2.4.2 Ubuntu 11.04 -> 2.4.4 *** Basically RHEL 5 and older and SLE 10 and older. I'll check Debian as well.
Thanks for looking into this jpr. joe also mentioned Ubuntu 06.04 LTS -> 2.1.10 so it's too old. The other question is how to identify those releases. RHEL5 conveniently appends a .el5 do their kernel version, which is included in our update requests.
(In reply to Nick Thomas [:nthomas] from comment #10) > Thanks for looking into this jpr. joe also mentioned > Ubuntu 06.04 LTS -> 2.1.10 > so it's too old. Yes, anything older of course - I only covered releases that are not EOL. > The other question is how to identify those releases. RHEL5 conveniently > appends a .el5 do their kernel version, which is included in our update > requests. What kind of data do we collect? uname -a or /etc/*-release?
rstrong would be able to provide specifics, but an update request from Fx6 on Ubuntu 10.04 LTS is: https://aus3.mozilla.org/update/3/Firefox/6.0/20110811165603/Linux_x86-gcc3/en-US/release/Linux%202.6.32-32-generic%20(GTK%202.20.1)/default/default/update.xml?force=1 The 'Linux 2.6.32-32-generic (GTK 2.20.1)' part is what we can block on.
(In reply to Nick Thomas [:nthomas] from comment #12) > https://aus3.mozilla.org/update/3/Firefox/6.0/20110811165603/Linux_x86-gcc3/ > en-US/release/Linux%202.6.32-32-generic%20(GTK%202.20.1)/default/default/ > update.xml?force=1 I just see a blank <update> tag at this link unfortunately.
Debian Lenny (previous stable) had 2.3.7 and is EOL.
(In reply to JP Rosevear from comment #13) > I just see a blank <update> tag at this link unfortunately. That was just an example of a full query URL. The empty response is expected until there's something beyond 6.0 on the release channel.
(In reply to Nick Thomas [:nthomas] from comment #12) > The 'Linux 2.6.32-32-generic (GTK 2.20.1)' part is what we can block on. Ok, if we just have the kernel version to go by, looking at RH/SuSE/Ubuntu/Debian, we have the follow shipped kernel versions: SLE 11 -> 2.6.27 (SLE10 2.6.13) RHEL 6 -> 2.6.32 (RHEL5 2.6.18) Ubuntu 8.04 LTS -> 2.6.24 Debian Stable -> 2.6.32 (Lenny 2.6.13) So in theory we could block 2.6.23 and older kernel versions since its either EOL or without FT >= 2.3.x. (Adding in various linux distro maintainers - not sure who the ubuntu person is).
FWIW, there are a whole lot of people upgrading their kernel but not touching to libraries.
(In reply to Mike Hommey [:glandium] from comment #17) > FWIW, there are a whole lot of people upgrading their kernel but not > touching to libraries. Do you think there is a significant number that would be updating Firefox independent of the packaged version on their distro too?
So, according to the URL formatter code, the most valuable piece of information we have in the update ping url is OS_VERSION, which is created from the kernel version and the GTK version. The GTK version might be a better fit.
Gtk versions are: SLE 11 -> 2.14.4 (SLE10 2.8.11) RHEL 6 -> 2.18.9 (RHEL5 2.10.4) Ubuntu 8.04 LTS -> 2.12.9 Debian Stable -> 2.20.1 (Lenny 2.12.12) So on GTK we could block 2.10.x and older.
Do you also have a list of what version of GTK the too-old distros use?
(In reply to Joe Drew (:JOEDREW!) from comment #21) > Do you also have a list of what version of GTK the too-old distros use? My RHEL-5 VM says gtk2-2.10.4-21.el5_5.6.i386 For RHEL-4 I have as the most recent gtk2-2.4.13-24.el4.i386
FWIW, we're already blocking GTK 2.0 - 2.9 for updates from Fx 2.0*, 3.5* and 3.6*, because GTK 2.10 or higher was required for Firefox 3.0. For the builds from mozilla.com at least, but that's all we're talking about blocking here anyway.
(In reply to Joe Drew (:JOEDREW!) from comment #21) > Do you also have a list of what version of GTK the too-old distros use? Yes, the too old versions are in brackets. Either FT is too old or the distro is EOL.
(In reply to Nick Thomas [:nthomas] from comment #23) > FWIW, we're already blocking GTK 2.0 - 2.9 for updates from Fx 2.0*, 3.5* > and 3.6*, because GTK 2.10 or higher was required for Firefox 3.0. For the > builds from mozilla.com at least, but that's all we're talking about > blocking here anyway. Ok, for consistency does it make sense to bump this to 2.0-2.10 for FF 7 and newer then?
Comment on attachment 553099 [details] [diff] [review] Rework OS blocking This lgtm, much more readable without the regexes too. One nit - I notice a typo in a few comments, s/detemine/determine/g
Attachment #553099 - Flags: review?(rhelmer) → review+
Blocks: 682182
Is this change landed now?
Not yet. I will update the patch to block GTK 2.10 for Fx7, and figure out when to land this around the chemspills.
Attached patch config followup (obsolete) — Splinter Review
This blocks GTK 2.10.*, per jpr in comment #25. It's on top of attachment 553099 [details] [diff] [review], which already had GTK 2.0.-2.9. blocked for Fx3.0b1+.
Attachment #557717 - Flags: review?(aki)
Comment on attachment 557717 [details] [diff] [review] config followup *stamp*
Attachment #557717 - Flags: review?(aki) → review+
Landed * attachment 553099 [details] [diff] [review] * attachment 557717 [details] [diff] [review] with * fixes for the detemine typos * fixes for '10.3/10.3' -> '10.2/10.3' typos New Rev File 1.21 mozilla/webtools/aus/tests/Verify.txt 1.3 mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/complete.txt 1.3 mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/partial.txt 1.33 mozilla/webtools/aus/xml/index.php 1.158 mozilla/webtools/aus/xml/inc/config-dist.php 1.5 mozilla/webtools/aus/xml/inc/config-test.php 1.28 mozilla/webtools/aus/xml/inc/patch.class.php
SeaMonkey and Thunderbird people - FYI, if you're running mozilla/webtools/aus for your update server then your config-dist.php will need updating.
$ cvs tag AUS2_PRODUCTION W index.php : AUS2_PRODUCTION already exists on version 1.32 : NOT MOVING tag to version 1.33 W inc/config-dist.php : AUS2_PRODUCTION already exists on version 1.157 : NOT MOVING tag to version 1.158 W inc/config-test.php : AUS2_PRODUCTION already exists on version 1.4 : NOT MOVING tag to version 1.5 W inc/patch.class.php : AUS2_PRODUCTION already exists on version 1.27 : NOT MOVING tag to version 1.28 $ cvs tag -F AUS2_PRODUCTION T index.php T inc/config-dist.php T inc/config-test.php T inc/patch.class.php
Depends on: 684151
When I tested the changes in production we're not blocking 'GTK 2.10.', so I'm backing it out. File New Rev mozilla/webtools/aus/tests/Verify.txt 1.22 mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/complete.txt 1.4 mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/partial.txt 1.4 mozilla/webtools/aus/xml/index.php 1.34 mozilla/webtools/aus/xml/inc/config-dist.php 1.159 mozilla/webtools/aus/xml/inc/config-test.php 1.6 mozilla/webtools/aus/xml/inc/patch.class.php 1.29 $ cvs diff -r1.32 -r1.34 index.php $ cvs diff -r1.157 -r1.159 inc/config-dist.php $ cvs diff -r1.27 -r1.29 inc/patch.class.php $ cvs tag AUS2_PRODUCTION W index.php : AUS2_PRODUCTION already exists on version 1.33 : NOT MOVING tag to version 1.34 W inc/config-dist.php : AUS2_PRODUCTION already exists on version 1.158 : NOT MOVING tag to version 1.159 W inc/config-test.php : AUS2_PRODUCTION already exists on version 1.5 : NOT MOVING tag to version 1.6 W inc/patch.class.php : AUS2_PRODUCTION already exists on version 1.28 : NOT MOVING tag to version 1.29 $ cvs tag -F AUS2_PRODUCTION T index.php T inc/config-dist.php T inc/config-test.php T inc/patch.class.php
Attached file Updated Verify.txt
Updated for the new 3.6.22 release, and add a test for the blocking of GTK 2.10 when the destination is 7.0bN. Set to run against aus2-staging, but can be used to verify deployment too.
Attachment #553100 - Attachment is obsolete: true
This patch rolls up attachment 553099 [details] [diff] [review] with attachment 557717 [details] [diff] [review], the fixes for the typos in the comments, and this important interdiff in index.php: - if ($xml->hasPatchLine() && $completePatch->isSupported($completePatch->updateType, $clean['product'], $completePatch->updateVersion, $clean['platformVersion'], $unsupportedPlatforms)) { + if ($xml->hasPatchLine() && $completePatch->isSupported($completePatch->updateType, $clean['product'], $completePatch->updateExtensionVersion, $clean['platformVersion'], $unsupportedPlatforms)) { This was needed because we've been presenting human friendly strings like 'Firefox 7.0 Beta' in the update offers, by setting appv in the snippets to '7.0 Beta', and that ends up in $completePatch->updateVersion. The string in there mucks up the version comparison, so I've switched it to updateExtensionVersion, aka extv in the snippet, which is set to a sensible value of '7.0'. Verified working and no regressions against aus2-staging.
Attachment #553099 - Attachment is obsolete: true
Attachment #557717 - Attachment is obsolete: true
Attachment #559101 - Flags: review?(rhelmer)
Attachment #559101 - Flags: review?(rhelmer) → review+
Comment on attachment 559101 [details] [diff] [review] Roll-up patch with fix to destination version File New Rev. mozilla/webtools/aus/tests/Verify.txt 1.23 mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/complete.txt 1.5 mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/partial.txt 1.5 mozilla/webtools/aus/xml/inc/config-dist.php 1.161 mozilla/webtools/aus/xml/inc/config-test.php 1.7 mozilla/webtools/aus/xml/inc/patch.class.php 1.30 mozilla/webtools/aus/xml/index.php 1.35 Green on https://hudson.mozilla.org/job/AUSv2/ Tagged all of xml with AUS2_RTM_201109081628. $ cvs tag AUS2_PRODUCTION W index.php : AUS2_PRODUCTION already exists on version 1.34 : NOT MOVING tag to version 1.35 W inc/config-dist.php : AUS2_PRODUCTION already exists on version 1.160 : NOT MOVING tag to version 1.161 W inc/config-test.php : AUS2_PRODUCTION already exists on version 1.6 : NOT MOVING tag to version 1.7 W inc/patch.class.php : AUS2_PRODUCTION already exists on version 1.29 : NOT MOVING tag to version 1.30 $ cvs tag -F AUS2_PRODUCTION T index.php T inc/config-dist.php T inc/config-test.php T inc/patch.class.php All tests pass using attachment 559096 [details] against aus2-staging.
Blocks: 686369
Blocks: 687826
qa+ for verification on Firefox 7. Test the positive case using Freetype >=2.3.0, negative case using Freetype <2.3.0
Whiteboard: [qa+]
Blocks: 745702
No longer blocks: 745702
Depends on: 745702
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: