PFS is currently broken for Flash

VERIFIED FIXED

Status

Websites
plugins.mozilla.org
VERIFIED FIXED
4 years ago
4 years ago

People

(Reporter: Dolske, Assigned: clouserw)

Tracking

Details

Attachments

(2 attachments)

(Reporter)

Description

4 years ago
Created attachment 8370417 [details]
Screenshot of failure

We've had a few reports of Flash installs (via PFS) not working in Firefox. I just tried doing this on my Win7-sans-Flash box, and also get a failure. It downloads (somewhat slowly), and then displays the failure shown in the attached screenshot.

Note that the version number shown is 11.9.900.170. I'm pretty sure this just comes straight from the PFS datasource. That implies that the update in bug 946521 made it to production (commit was 12/8), but the update in bug 957357 did not (commit was 1/9).

The download URL stays the same, so I believe we're downloading the latest code from Adobe, but treating it as a failure because we're checking outdated hashes from PFS. :(

Our logging sucks, and I'm not sure offhand what the PFS url we're querying is, so I didn't fully verify this. But it seems likely.
(Reporter)

Comment 1

4 years ago
If I download the .exe manually and check the version, it's 12.0.0.44.
(Reporter)

Comment 2

4 years ago
dveditz points out that the hash changed in https://github.com/mozilla/zamboni/commit/7ee027d0500af47f5200521f9557ec43b8cd90a6 is a character short, so it probably never worked in the first place. :(

We should probably figure out how to loop QA into these changes so we can verify we're not breaking installs. :(
Blocks: 946521
(In reply to Justin Dolske [:Dolske] from comment #2)
> dveditz points out that the hash changed in
> https://github.com/mozilla/zamboni/commit/
> 7ee027d0500af47f5200521f9557ec43b8cd90a6 is a character short, so it
> probably never worked in the first place. :(
> 

hm https://github.com/mozilla/zamboni/blob/master/services/pfs.py shows 12.0.0.43 which was what we got from adobe so i guess it has worked till adobe updated now the files
Created attachment 8370560 [details] [diff] [review]
flashmorning.diff

Wil, seems adobe didn't notified us this time beforehand and so they did a security update and here comes the patch for pfs

Updated

4 years ago
Flags: needinfo?(clouserw)
(Assignee)

Comment 5

4 years ago
https://github.com/mozilla/zamboni/commit/bbc2d3c0742e8879b6eb8d97a508c59e8aaab09a

I'll try to get it out today
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Flags: needinfo?(clouserw)
Resolution: --- → FIXED
Paul, can you please take a look at this and verify that Flash is installable via the plugin finder service using a few different Firefox versions, locales and platforms?
Flags: needinfo?(paul.silaghi)
Keywords: verifyme
Checked on:
27 en-us, 28b1 en-us, 29a2 en-us, 30a1 en-us Win 7 x64 - PASS
27 de, 28b1 ja, 29a2 en-us, 30a1 en-us Win 8.1 x64 - PASS
27 fr, 28b1 ar, 29a2 en-us, 30a1 en-us Win XP x86 - PASS
Ubuntu 13.04 x64, Mac OS X 10.8.5 - FAIL
Flags: needinfo?(paul.silaghi)
Found another issue here: bug 968762
(In reply to Paul Silaghi, QA [:pauly] from comment #7)
> Checked on:
> 27 en-us, 28b1 en-us, 29a2 en-us, 30a1 en-us Win 7 x64 - PASS
> 27 de, 28b1 ja, 29a2 en-us, 30a1 en-us Win 8.1 x64 - PASS
> 27 fr, 28b1 ar, 29a2 en-us, 30a1 en-us Win XP x86 - PASS
> Ubuntu 13.04 x64, Mac OS X 10.8.5 - FAIL

Hi Paul,

i think the result for ubuntu and mac is expected since pfs for flash only supports windows i think
Calling this verified fixed based on comment 7. Thanks for the help, Paul.
Status: RESOLVED → VERIFIED
Keywords: verifyme
(Reporter)

Comment 11

4 years ago
(In reply to Carsten Book [:Tomcat] from comment #3)

> > dveditz points out that the hash changed in
> > https://github.com/mozilla/zamboni/commit/
> > 7ee027d0500af47f5200521f9557ec43b8cd90a6 is a character short, so it
> > probably never worked in the first place. :(
> > 
> 
> hm https://github.com/mozilla/zamboni/blob/master/services/pfs.py shows
> 12.0.0.43 which was what we got from adobe so i guess it has worked till
> adobe updated now the files

I don't see how that could have worked. sha256 hashes are always the same length, so specifying a hash that's too short will never match any input.

This seems to be working now (per QA), but I just wanted to reiterate: the root issue here was that had 2 problematic PFS.py changes in Github -- one with a bash hash, one that simply never made it into production -- and neither was noticed for a long time.
(Reporter)

Comment 12

4 years ago
(To be extra clear: this was all independent of the .44 update from Adobe. Even if that surprise update hadn't happened, PFS was still broken.)
You need to log in before you can comment on or make changes to this bug.