icecat: add release icecat-140.6.0-1gnu1 for ecne

icecat/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs

@@ -1420,9 +1420,12 @@ export class AddonWrapper {
     let perms = {
       origins: required.origins.concat(requested?.origins ?? []),
       permissions: required.permissions.concat(requested?.permissions ?? []),
-      data_collection: required.data_collection.concat(
-        requested?.data_collection ?? []
-      ),
+      data_collection: [
+        // These fields can be missing if read from extensions.json that was
+        // generated before support for data_collection was introduced.
+        ...(required?.data_collection ?? []),
+        ...(requested?.data_collection ?? []),
+      ],
     };
     return perms;
   }

icecat/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs

@@ -1805,6 +1805,11 @@ class AddonInstall {
             this.removeTemporaryFile();
           } else {
             logger.info(`Install of ${this.addon.id} cancelled by user`);
+            if (err) {
+              // promptHandler is expected to reject() without value to cancel.
+              // A non-void error is unexpected, so log it for visibility.
+              Cu.reportError(err);
+            }
             this.state = AddonManager.STATE_CANCELLED;
             this._cleanup();
             this._callInstallListeners(

icecat/toolkit/mozapps/extensions/test/browser/browser_permission_prompt.js

@@ -1617,6 +1617,15 @@ add_task(async function testVerifyPostInstallPopupWithDataCollection() {
         `addons://detail/${encodeURIComponent(extensionId)}`,
         "Expected about:addons to show the detail view of the extension"
       );
+
+      // Asserting the browser chrome window url to guard against regressions
+      // like Bug 1983869.
+      Assert.equal(
+        AppConstants.BROWSER_CHROME_URL,
+        tab.ownerGlobal.window.location.href,
+        "Expect browser chrome window url to be unchanged"
+      );
+
       BrowserTestUtils.removeTab(tab);
 
       // Dismiss the popup by clicking "OK".

icecat/toolkit/mozapps/extensions/test/xpcshell/head_addons.js

@@ -16,6 +16,8 @@ const PREF_EM_CHECK_UPDATE_SECURITY = "extensions.checkUpdateSecurity";
 const PREF_EM_STRICT_COMPATIBILITY = "extensions.strictCompatibility";
 const PREF_GETADDONS_BYIDS = "extensions.getAddons.get.url";
 const PREF_XPI_SIGNATURES_REQUIRED = "xpinstall.signatures.required";
+const PREF_DATA_COLLECTION_PERMISSIONS_ENABLED =
+  "extensions.dataCollectionPermissions.enabled";
 
 // Maximum error in file modification times. Some file systems don't store
 // modification times exactly. As long as we are closer than this then it

icecat/toolkit/mozapps/extensions/test/xpcshell/test_data_collection_not_in_db.js

@@ -0,0 +1,144 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+// We don't have an easy way to serve update manifests from a secure URL.
+Services.prefs.setBoolPref(PREF_EM_CHECK_UPDATE_SECURITY, false);
+Services.prefs.setBoolPref(PREF_DATA_COLLECTION_PERMISSIONS_ENABLED, true);
+
+const server = AddonTestUtils.createHttpServer();
+
+add_setup(async () => {
+  ExtensionTestUtils.mockAppInfo();
+});
+
+async function deleteDataCollectionFromDB(addonId) {
+  await promiseShutdownManager();
+
+  info(`Modifying ${gExtensionsJSON.path} to drop data_collection`);
+  let json = await IOUtils.readJSON(gExtensionsJSON.path);
+  let addonDbItem = json.addons.find(a => a.id === addonId);
+
+  function simulateAddonDbItemWithoutDataCollection(propName) {
+    ok(
+      Array.isArray(addonDbItem[propName].data_collection),
+      `Sanity check: ${propName}.data_collection is an Array`
+    );
+    delete addonDbItem[propName].data_collection;
+  }
+  // Drop the "data_collection" field from every object describing permissions.
+  simulateAddonDbItemWithoutDataCollection("userPermissions");
+  simulateAddonDbItemWithoutDataCollection("optionalPermissions");
+  simulateAddonDbItemWithoutDataCollection("requestedPermissions");
+
+  // Now write the modifications.
+  await IOUtils.writeJSON(gExtensionsJSON.path, json);
+
+  await promiseStartupManager();
+}
+
+function prepareToServeUpdate(extensionData) {
+  const id = extensionData.manifest.browser_specific_settings.gecko.id;
+
+  const xpi = AddonTestUtils.createTempWebExtensionFile(extensionData);
+
+  const serverHost = `http://localhost:${server.identity.primaryPort}`;
+  const updatesPath = "/updates.json";
+  const xpiFilename = "/update.xpi";
+  server.registerFile(xpiFilename, xpi);
+  AddonTestUtils.registerJSON(server, updatesPath, {
+    addons: {
+      [id]: {
+        updates: [
+          {
+            version: extensionData.manifest.version,
+            update_link: `${serverHost}${xpiFilename}`,
+          },
+        ],
+      },
+    },
+  });
+  Services.prefs.setStringPref(
+    "extensions.update.background.url",
+    `${serverHost}${updatesPath}`
+  );
+}
+
+// Regression test for https://bugzilla.mozilla.org/show_bug.cgi?id=1984724
+add_task(async function test_db_without_data_collection_background_update() {
+  const ID = "@addon-without-data_collection-in-extensions.json";
+
+  await promiseStartupManager();
+
+  info("Preparing extensions.json without data_collection");
+  {
+    let startedPromise = promiseWebExtensionStartup(ID);
+    await promiseInstallWebExtension({
+      manifest: {
+        version: "1.0",
+        browser_specific_settings: { gecko: { id: ID } },
+      },
+    });
+    await startedPromise;
+    await deleteDataCollectionFromDB(ID);
+
+    let addon = await AddonManager.getAddonByID(ID);
+    Assert.deepEqual(
+      addon.userPermissions,
+      { permissions: [], origins: [] },
+      ".userPermissions is read from extensions.json (without data_collection)"
+    );
+  }
+
+  // Setup and sanity check completed - we have simulated the scenario relevant
+  // to bug 1984724 (user starts IceCat with extensions.json from old profile,
+  // without a forced extensions.json rebuild for other reasons).
+
+  info("Preparing update to version with data_collection_permissions");
+  prepareToServeUpdate({
+    manifest: {
+      version: "2.0",
+      browser_specific_settings: {
+        gecko: {
+          id: ID,
+          data_collection_permissions: { required: ["none"] },
+        },
+      },
+    },
+  });
+
+  function promptObserver() {
+    // We should not be getting the prompt because the update does not specify
+    // required data_collection_permissions values.
+    Assert.ok(false, "Unexpected webextension-update-permission-prompt");
+  }
+  Services.obs.addObserver(
+    promptObserver,
+    "webextension-update-permission-prompt"
+  );
+
+  let restartAfterUpdatePromise = promiseWebExtensionStartup(ID);
+  await AddonManagerPrivate.backgroundUpdateCheck();
+  info("Update check done. Waiting for extension to update and restart");
+  await restartAfterUpdatePromise;
+
+  // Getting here without error is the regression test for bug 1984724.
+  // Prior to the fix, we'd get errors as seen at:
+  // - https://bugzilla.mozilla.org/show_bug.cgi?id=1984724#c22
+  // - https://bugzilla.mozilla.org/show_bug.cgi?id=1984724#c23
+
+  let addon = await AddonManager.getAddonByID(ID);
+  equal(addon.version, "2.0", "Add-on was updated");
+  Assert.deepEqual(
+    addon.userPermissions,
+    { permissions: [], origins: [], data_collection: ["none"] },
+    ".userPermissions now contains the updated data_collection"
+  );
+  Services.obs.removeObserver(
+    promptObserver,
+    "webextension-update-permission-prompt"
+  );
+
+  await addon.uninstall();
+  await promiseShutdownManager();
+});

icecat/toolkit/mozapps/extensions/test/xpcshell/xpcshell.toml

@@ -87,6 +87,8 @@ skip-if = ["os == 'android'"] # Non-extension add-ons are not supported on Andro
 
 ["test_crash_annotation_quoting.js"]
 
+["test_data_collection_not_in_db.js"]
+
 ["test_db_path.js"]
 head = ""
 skip-if = ["os == 'android'"] # Cannot override profdir path, see comment about do_get_profile() in test_db_path.js

icecat/toolkit/mozapps/extensions/test/xpinstall/browser_doorhanger_installs.js

@@ -577,7 +577,17 @@ var TESTS = [
 
   async function test_recommendedPostDownload() {
     await SpecialPowers.pushPrefEnv({
-      set: [["extensions.postDownloadThirdPartyPrompt", true]],
+      set: [
+        ["extensions.postDownloadThirdPartyPrompt", true],
+        // recommended.xpi is signed with AMO staging signature.
+        ["xpinstall.signatures.dev-root", true],
+        // Disable the blocklist because recommended.xpi is signed
+        // only with the staging signature and it may end up hitting
+        // a false positive on the Blocklist bloomfilter computed
+        // from all add-ons known by AMO as signed with the
+        // production key (e.g. see Bug 1996059).
+        ["extensions.blocklist.enabled", false],
+      ],
     });
 
     let triggers = encodeURIComponent(
@@ -594,7 +604,7 @@ var TESTS = [
 
     let notificationPromise = acceptAppMenuNotificationWhenShown(
       "addon-installed",
-      "{811d77f1-f306-4187-9251-b4ff99bad60b}"
+      "recommended-line@test.mozilla.org"
     );
 
     installDialog.button.click();
@@ -604,7 +614,7 @@ var TESTS = [
     is(installs.length, 0, "Should be no pending installs");
 
     let addon = await AddonManager.getAddonByID(
-      "{811d77f1-f306-4187-9251-b4ff99bad60b}"
+      "recommended-line@test.mozilla.org"
     );
     await addon.uninstall();