Don't offer a Firefox 7 update to users with a too-old version of Freetype

RESOLVED FIXED

Status

AUS Graveyard
General
RESOLVED FIXED
6 years ago
3 years ago

People

(Reporter: Joe Drew (not getting mail), Assigned: nthomas)

Tracking

Dependency tree / graph

Firefox Tracking Flags

(firefox6+, firefox7+ fixed)

Details

(Whiteboard: [qa+])

Attachments

(2 attachments, 3 obsolete attachments)

(Reporter)

Description

6 years ago
Bug 666732 will start sending the Freetype version as part of the AUS ping. This bug is to make sure we don't offer Firefox 7 updates to users running Firefox 6 on a too-old version of Freetype.
(Reporter)

Updated

6 years ago
tracking-firefox6: --- → ?
OS: Mac OS X → Linux

Updated

6 years ago
tracking-firefox6: ? → +
(Assignee)

Comment 1

6 years ago
There are two parts to this I think:
* a config change - eg http://mxr.mozilla.org/mozilla/source/webtools/aus/xml/inc/config-dist.php#201
* a code change to make that config apply to all updates, not just major ones (since we're going to be doing minor updates from Fx5 to the latest release)

We also have to figure out how to block Fx5 users, which won't be sending the Freetype info in the query unless we can get bug 666732 into any 5.0.1 that happens. This may mean we have to update people to 6 first, then possibly on to 7.

enh: might be useful to flip the config so that it blocks based on destination release rather than the one asking for an update.

Currently don't have time to work on this.

Comment 2

6 years ago
Just a passing comment, but this seems to be rather contrary to the rest of the new update process. Is the visual experience really bad enough to leave users on an unsupported version with published security flaws (assuming that Firefox 5/6 isn't going to avoid having any vulnerabilities at all...)?

Comment 3

6 years ago
We're getting deep into the Beta cycle. if Nick can't. then who can work on this?

Updated

6 years ago
tracking-firefox7: --- → ?
(Assignee)

Comment 4

6 years ago
Created attachment 553099 [details] [diff] [review]
Rework OS blocking

This patch does two major things
* blocks OSes based on the app version they'd have after an update, instead of the version in the request. I think this is a more natural way to capture that we de-supported X at ver Y, instead of listing of listing all prior versions. The unsupportedPlatforms array can have versions specified explicitly, using a wildcard (*), or by a minimum version (+)
* removes the restriction that only major updates can be blocked as unsupported. Need to do this because we're only doing minor updates in the rapid release world (4.0+)

The current blocking config is rewritten to support these changes, and I add a block for RHEL5 for Fx7 because it's ancient (v2.2.1 on 5.6). The tests have been tweaked to verify the new code is working.
Assignee: morgamic → nrthomas
Status: NEW → ASSIGNED
Attachment #553099 - Flags: review?(rhelmer)
(Assignee)

Comment 5

6 years ago
Christian - do you have a list of strings we should block to avoid this come the first Firefox 7 beta?

Joe - what version of freetype is the minimum requirement now ? I can't see that in bug 660448.
(Assignee)

Comment 6

6 years ago
Created attachment 553100 [details]
Verify.txt against production snippets

This is a test manifest against aus2-staging for the current state of the snippets. I get 168 passes with and without the code change in attachment 553099 [details] [diff] [review] applied there, so I'm pretty confident it won't regress our current blocking setup.
(In reply to Nick Thomas [:nthomas] from comment #5)
> Christian - do you have a list of strings we should block to avoid this come
> the first Firefox 7 beta?
> 
> Joe - what version of freetype is the minimum requirement now ? I can't see
> that in bug 660448.

FreeType 2.3.0 (bug 456448 comment 1)

Comment 8

6 years ago
Product has decided we will EOL firefox on affected systems rather than deliver them a worse Firefox. Tracking for Firefox 7
tracking-firefox7: ? → +

Comment 9

6 years ago
I focused on RH/Fedora, SuSE/openSUSE and Ubuntu for blocking.  Results are:

*** 

RHEL 5 -> FT 2.2.1 (see above
RHEL 6 -> FT 2.3.11

http://fedoraproject.org/wiki/LifeCycle/EOL
Fedora 14 -> FT 2.4.2
Fedora 15 -> FT 2.4.4

SLE 10 -> FT 2.1.10
SLE 11 -> FT 2.3.7 (no older than - 11.1 as base)

http://en.opensuse.org/Lifetime
openSUSE 11.3 -> 2.3.12
openSUSE 11.4 -> 2.4.4

https://wiki.ubuntu.com/Releases
Ubuntu 8.04 LTS -> 2.3.5
Ubuntu 10.04 LTS -> 2.3.11
Ubuntu 10.10 -> 2.4.2
Ubuntu 11.04 -> 2.4.4

***

Basically RHEL 5 and older and SLE 10 and older.  I'll check Debian as well.
(Assignee)

Comment 10

6 years ago
Thanks for looking into this jpr. joe also mentioned
Ubuntu 06.04 LTS -> 2.1.10  
so it's too old.

The other question is how to identify those releases. RHEL5 conveniently appends a .el5 do their kernel version, which is included in our update requests.

Comment 11

6 years ago
(In reply to Nick Thomas [:nthomas] from comment #10)
> Thanks for looking into this jpr. joe also mentioned
> Ubuntu 06.04 LTS -> 2.1.10  
> so it's too old.

Yes, anything older of course - I only covered releases that are not EOL.

> The other question is how to identify those releases. RHEL5 conveniently
> appends a .el5 do their kernel version, which is included in our update
> requests.

What kind of data do we collect? uname -a or /etc/*-release?
(Assignee)

Comment 12

6 years ago
rstrong would be able to provide specifics, but an update request from Fx6 on Ubuntu 10.04 LTS is:

https://aus3.mozilla.org/update/3/Firefox/6.0/20110811165603/Linux_x86-gcc3/en-US/release/Linux%202.6.32-32-generic%20(GTK%202.20.1)/default/default/update.xml?force=1

The 'Linux 2.6.32-32-generic (GTK 2.20.1)' part is what we can block on.

Comment 13

6 years ago
(In reply to Nick Thomas [:nthomas] from comment #12)
> https://aus3.mozilla.org/update/3/Firefox/6.0/20110811165603/Linux_x86-gcc3/
> en-US/release/Linux%202.6.32-32-generic%20(GTK%202.20.1)/default/default/
> update.xml?force=1

I just see a blank <update> tag at this link unfortunately.

Comment 14

6 years ago
Debian Lenny (previous stable) had 2.3.7 and is EOL.
(Assignee)

Comment 15

6 years ago
(In reply to JP Rosevear from comment #13)
> I just see a blank <update> tag at this link unfortunately.

That was just an example of a full query URL. The empty response is expected until there's something beyond 6.0 on the release channel.

Comment 16

6 years ago
(In reply to Nick Thomas [:nthomas] from comment #12) 
> The 'Linux 2.6.32-32-generic (GTK 2.20.1)' part is what we can block on.

Ok, if we just have the kernel version to go by, looking at RH/SuSE/Ubuntu/Debian, we have the follow shipped kernel versions:

SLE 11 -> 2.6.27 (SLE10 2.6.13)
RHEL 6 -> 2.6.32 (RHEL5 2.6.18)
Ubuntu 8.04 LTS -> 2.6.24
Debian Stable -> 2.6.32 (Lenny 2.6.13)

So in theory we could block 2.6.23 and older kernel versions since its either EOL or without FT >= 2.3.x.

(Adding in various linux distro maintainers - not sure who the ubuntu person is).
FWIW, there are a whole lot of people upgrading their kernel but not touching to libraries.

Comment 18

6 years ago
(In reply to Mike Hommey [:glandium] from comment #17)
> FWIW, there are a whole lot of people upgrading their kernel but not
> touching to libraries.

Do you think there is a significant number that would be updating Firefox independent of the packaged version on their distro too?
So, according to the URL formatter code, the most valuable piece of information we have in the update ping url is OS_VERSION, which is created from the kernel version and the GTK version. The GTK version might be a better fit.

Comment 20

6 years ago
Gtk versions are:

SLE 11 -> 2.14.4 (SLE10 2.8.11)
RHEL 6 -> 2.18.9 (RHEL5 2.10.4)
Ubuntu 8.04 LTS -> 2.12.9
Debian Stable -> 2.20.1 (Lenny 2.12.12)

So on GTK we could block 2.10.x and older.
(Reporter)

Comment 21

6 years ago
Do you also have a list of what version of GTK the too-old distros use?

Comment 22

6 years ago
(In reply to Joe Drew (:JOEDREW!) from comment #21)
> Do you also have a list of what version of GTK the too-old distros use?

My RHEL-5 VM says
gtk2-2.10.4-21.el5_5.6.i386

For RHEL-4 I have as the most recent
gtk2-2.4.13-24.el4.i386
(Assignee)

Comment 23

6 years ago
FWIW, we're already blocking GTK 2.0 - 2.9 for updates from Fx 2.0*, 3.5* and 3.6*, because GTK 2.10 or higher was required for Firefox 3.0. For the builds from mozilla.com at least, but that's all we're talking about blocking here anyway.

Comment 24

6 years ago
(In reply to Joe Drew (:JOEDREW!) from comment #21)
> Do you also have a list of what version of GTK the too-old distros use?

Yes, the too old versions are in brackets.  Either FT is too old or the distro is EOL.

Comment 25

6 years ago
(In reply to Nick Thomas [:nthomas] from comment #23)
> FWIW, we're already blocking GTK 2.0 - 2.9 for updates from Fx 2.0*, 3.5*
> and 3.6*, because GTK 2.10 or higher was required for Firefox 3.0. For the
> builds from mozilla.com at least, but that's all we're talking about
> blocking here anyway.

Ok, for consistency does it make sense to bump this to 2.0-2.10 for FF 7 and newer then?
Comment on attachment 553099 [details] [diff] [review]
Rework OS blocking

This lgtm, much more readable without the regexes too.

One nit - I notice a typo in a few comments, s/detemine/determine/g
Attachment #553099 - Flags: review?(rhelmer) → review+
(Assignee)

Updated

6 years ago
Blocks: 682182

Comment 27

6 years ago
Is this change landed now?
(Assignee)

Comment 28

6 years ago
Not yet. I will update the patch to block GTK 2.10 for Fx7, and figure out when to land this around the chemspills.
(Assignee)

Comment 29

6 years ago
Created attachment 557717 [details] [diff] [review]
config followup

This blocks GTK 2.10.*, per jpr in comment #25. It's on top of attachment 553099 [details] [diff] [review], which already had GTK 2.0.-2.9. blocked for Fx3.0b1+.
Attachment #557717 - Flags: review?(aki)

Comment 30

6 years ago
Comment on attachment 557717 [details] [diff] [review]
config followup

*stamp*
Attachment #557717 - Flags: review?(aki) → review+
(Assignee)

Comment 31

6 years ago
Landed
* attachment 553099 [details] [diff] [review]
* attachment 557717 [details] [diff] [review]
with
* fixes for the detemine typos
* fixes for '10.3/10.3' -> '10.2/10.3' typos

New Rev File
1.21 	mozilla/webtools/aus/tests/Verify.txt
1.3 	mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/complete.txt
1.3 	mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/partial.txt
1.33 	mozilla/webtools/aus/xml/index.php
1.158 	mozilla/webtools/aus/xml/inc/config-dist.php
1.5 	mozilla/webtools/aus/xml/inc/config-test.php
1.28 	mozilla/webtools/aus/xml/inc/patch.class.php
(Assignee)

Comment 32

6 years ago
SeaMonkey and Thunderbird people - FYI, if you're running mozilla/webtools/aus for your update server then your config-dist.php will need updating.
(Assignee)

Comment 33

6 years ago
$ cvs tag AUS2_PRODUCTION
W index.php : AUS2_PRODUCTION already exists on version 1.32 : NOT MOVING tag to version 1.33
W inc/config-dist.php : AUS2_PRODUCTION already exists on version 1.157 : NOT MOVING tag to version 1.158
W inc/config-test.php : AUS2_PRODUCTION already exists on version 1.4 : NOT MOVING tag to version 1.5
W inc/patch.class.php : AUS2_PRODUCTION already exists on version 1.27 : NOT MOVING tag to version 1.28

$ cvs tag -F AUS2_PRODUCTION
T index.php
T inc/config-dist.php
T inc/config-test.php
T inc/patch.class.php
(Assignee)

Updated

6 years ago
Depends on: 684151
(Assignee)

Comment 34

6 years ago
When I tested the changes in production we're not blocking 'GTK 2.10.', so I'm backing it out.

File 	New Rev
mozilla/webtools/aus/tests/Verify.txt 	1.22
mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/complete.txt 	1.4
mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/partial.txt 	1.4
mozilla/webtools/aus/xml/index.php 	1.34
mozilla/webtools/aus/xml/inc/config-dist.php 	1.159
mozilla/webtools/aus/xml/inc/config-test.php 	1.6
mozilla/webtools/aus/xml/inc/patch.class.php 	1.29

$ cvs diff -r1.32 -r1.34 index.php
$ cvs diff -r1.157 -r1.159 inc/config-dist.php
$ cvs diff -r1.27 -r1.29 inc/patch.class.php 

$ cvs tag AUS2_PRODUCTION
W index.php : AUS2_PRODUCTION already exists on version 1.33 : NOT MOVING tag to version 1.34
W inc/config-dist.php : AUS2_PRODUCTION already exists on version 1.158 : NOT MOVING tag to version 1.159
W inc/config-test.php : AUS2_PRODUCTION already exists on version 1.5 : NOT MOVING tag to version 1.6
W inc/patch.class.php : AUS2_PRODUCTION already exists on version 1.28 : NOT MOVING tag to version 1.29

$ cvs tag -F AUS2_PRODUCTION
T index.php
T inc/config-dist.php
T inc/config-test.php
T inc/patch.class.php
(Assignee)

Comment 35

6 years ago
Created attachment 559096 [details]
Updated Verify.txt

Updated for the new 3.6.22 release, and add a test for the blocking of GTK 2.10 when the destination is 7.0bN. Set to run against aus2-staging, but can be used to verify deployment too.
Attachment #553100 - Attachment is obsolete: true
(Assignee)

Comment 36

6 years ago
Created attachment 559101 [details] [diff] [review]
Roll-up patch with fix to destination version

This patch rolls up attachment 553099 [details] [diff] [review] with attachment 557717 [details] [diff] [review], the fixes for the typos in the comments, and this important interdiff in index.php:

-            if ($xml->hasPatchLine() && $completePatch->isSupported($completePatch->updateType, $clean['product'], $completePatch->updateVersion, $clean['platformVersion'], $unsupportedPlatforms)) {
+            if ($xml->hasPatchLine() && $completePatch->isSupported($completePatch->updateType, $clean['product'], $completePatch->updateExtensionVersion, $clean['platformVersion'], $unsupportedPlatforms)) {

This was needed because we've been presenting human friendly strings like 'Firefox 7.0 Beta' in the update offers, by setting appv in the snippets to '7.0 Beta', and that ends up in $completePatch->updateVersion. The string in there mucks up the version comparison, so I've switched it to updateExtensionVersion, aka extv in the snippet, which is set to a sensible value of '7.0'.

Verified working and no regressions against aus2-staging.
Attachment #553099 - Attachment is obsolete: true
Attachment #557717 - Attachment is obsolete: true
Attachment #559101 - Flags: review?(rhelmer)
Attachment #559101 - Flags: review?(rhelmer) → review+
(Assignee)

Comment 37

6 years ago
Comment on attachment 559101 [details] [diff] [review]
Roll-up patch with fix to destination version

File    New Rev.
mozilla/webtools/aus/tests/Verify.txt 	1.23
mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/complete.txt 	1.5
mozilla/webtools/aus/tests/data/3/Synthetic/1.0/platform/9000000001/locale/channel/partial.txt 	1.5
mozilla/webtools/aus/xml/inc/config-dist.php 	1.161
mozilla/webtools/aus/xml/inc/config-test.php 	1.7
mozilla/webtools/aus/xml/inc/patch.class.php 	1.30
mozilla/webtools/aus/xml/index.php 	1.35 

Green on https://hudson.mozilla.org/job/AUSv2/

Tagged all of xml with AUS2_RTM_201109081628.

$ cvs tag AUS2_PRODUCTION
W index.php : AUS2_PRODUCTION already exists on version 1.34 : NOT MOVING tag to version 1.35
W inc/config-dist.php : AUS2_PRODUCTION already exists on version 1.160 : NOT MOVING tag to version 1.161
W inc/config-test.php : AUS2_PRODUCTION already exists on version 1.6 : NOT MOVING tag to version 1.7
W inc/patch.class.php : AUS2_PRODUCTION already exists on version 1.29 : NOT MOVING tag to version 1.30

$ cvs tag -F AUS2_PRODUCTION
T index.php
T inc/config-dist.php
T inc/config-test.php
T inc/patch.class.php

All tests pass using attachment 559096 [details] against aus2-staging.
(Assignee)

Comment 38

6 years ago
No update for GTK 2.10
https://aus3.mozilla.org/update/2/Firefox/6.0/20110804030150/Linux_x86-gcc3/en-US/beta/Linux%202.6.18-53.1.19.el5%20(GTK%202.10.4)/default/default/update.xml

Update for latest beta for GTK 2.11:
https://aus3.mozilla.org/update/2/Firefox/6.0/20110804030150/Linux_x86-gcc3/en-US/beta/Linux%202.6.18-53.1.19.el5%20(GTK%202.11.0)/default/default/update.xml
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
No longer depends on: 666732
Resolution: --- → FIXED

Updated

6 years ago
Blocks: 686369

Updated

6 years ago
status-firefox7: --- → fixed
Blocks: 687826
qa+ for verification on Firefox 7. Test the positive case using Freetype >=2.3.0, negative case using Freetype <2.3.0
Whiteboard: [qa+]
Blocks: 745702
(Assignee)

Updated

5 years ago
No longer blocks: 745702
Depends on: 745702
You need to log in before you can comment on or make changes to this bug.