Add Direct URL and Delta update support to Velopack flow

[Viscerous]

Adds support for vpk direct URLs (via environment variable: VELOPACK_UPDATE_URL) and delta updates with retry behaviour.

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[Viscerous]

I have read the CLA Document and I hereby sign the CLA

[Copilot]

Pull request overview

Adds support to the viewer update flow for (1) overriding Velopack’s feed URL via VELOPACK_UPDATE_URL, and (2) pre-downloading multiple update assets to enable delta updates with a full-release fallback path.

Changes:

• Add VELOPACK_UPDATE_URL handling to bypass VVM and run Velopack update checks against a direct feed URL.
• Update Velopack asset pre-download logic from a single file to a filename→path map, enabling delta asset handling.
• Add a fallback attempt to download the full release if the delta download path fails.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
indra/newview/llvvmquery.cpp	Adds environment-variable override path to set Velopack update URL and launch an update check.
indra/newview/llvelopack.cpp	Pre-downloads multiple assets (deltas/full) and adds a fallback from delta to full release download.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The VELOPACK_UPDATE_URL validation is overly permissive: find("http") != npos will accept strings that aren't actually an http/https URL (e.g. myhttp), and the warning message implies stricter behavior. Consider validating the scheme explicitly (e.g. parse with LLURI or require prefix http:// / https://).

Suggested change

	if (direct_update_url && direct_update_url->find("http") != std::string::npos)
	if (direct_update_url &&
	(direct_update_url->compare(0, 7, "http://") == 0 ||
	direct_update_url->compare(0, 8, "https://") == 0))

[Copilot]

In the direct-URL path, the update check runs unconditionally. This bypasses the existing UpdaterServiceSetting gating used for optional updates in the normal VVM flow, so users who have disabled optional update checks may still get prompted when VELOPACK_UPDATE_URL is set. Consider applying the same preference logic before launching velopack_check_for_updates() when required_version is empty.

[Copilot]

This log line prints the full VELOPACK_UPDATE_URL value. If the URL contains credentials/tokens (e.g. query params or basic auth), it will end up in viewer logs. Consider redacting sensitive components (at least userinfo and query) before logging, or logging only the host/path.

Suggested change

	LL_INFOS("VVM") << "Using direct Velopack feed URL from VELOPACK_UPDATE_URL: "
	<< direct_update_url << LL_ENDL;
	LL_INFOS("VVM") << "Using direct Velopack feed URL from VELOPACK_UPDATE_URL" << LL_ENDL;

[Copilot]

asset_filename is sourced from the update feed and is used directly to build local_path under LL_PATH_TEMP. Since LLDir::getExpandedFilename() concatenates the filename verbatim, a filename containing path traversal (e.g. ../) could escape the temp directory. Consider sanitizing to a basename (and rejecting path separators / ..) before constructing local_path.

[Geenz]

FYI, this is on hold until we get 26.1.1 out the door.