tbb-commits May 2019

tbb-commits@lists.torproject.org

2 participants
142 discussions

[tor-browser/tor-browser-60.6.1esr-8.0-1] Bug 30388: Set security.nocertdb to false for now
by gk＠torproject.org 06 May '19

06 May '19

commit 24a43ea1332c6a2ca2bc7a952ddf04af669d0517 Author: Georg Koppen <gk(a)torproject.org> Date: Mon May 6 09:17:41 2019 +0000 Bug 30388: Set security.nocertdb to false for now --- browser/app/profile/000-tor-browser.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 8f74748f2072..e96493a5fb57 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -47,7 +47,7 @@ pref("browser.cache.offline.enable", false); pref("permissions.memory_only", true); pref("network.cookie.lifetimePolicy", 2); pref("browser.download.manager.retention", 1); -pref("security.nocertdb", true); +pref("security.nocertdb", false); // Disk activity: TBB Directory Isolation pref("browser.download.useDownloadDir", false);

1 0

[tor-browser/tor-browser-60.6.1esr-8.0-1] Revert "Bug 30388: Disable nocertdb pref for armagadd-on 2.0 cert inclusion if needed"
by gk＠torproject.org 06 May '19

06 May '19

commit dbf8e349d5813a918b3adc4229b0813a72778138 Author: Georg Koppen <gk(a)torproject.org> Date: Mon May 6 09:13:32 2019 +0000 Revert "Bug 30388: Disable nocertdb pref for armagadd-on 2.0 cert inclusion if needed" This reverts commit edf18e747ca8949a877f9c41575ce679ce99eb77. --- toolkit/mozapps/extensions/internal/XPIProvider.jsm | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index 2c6691d40c2a..10b21d5cb5fd 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -1814,13 +1814,6 @@ function addMissingIntermediateCertificate() { } logger.debug("hotfix for addon signing cert has not been applied; applying"); - // temporarily disable nocertb so we can write cert - const PREF_NOCERTDB = "security.nocertdb"; - let userNocertdb = Services.prefs.getBoolPref(PREF_NOCERTDB, true); - if (userNocertdb) { - Services.prefs.setBoolPref(PREF_NOCERTDB, false); - } - try { let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB); certDB.addCertFromBase64(MISSING_INTERMEDIATE_CERTIFICATE, ",,"); @@ -1828,11 +1821,6 @@ function addMissingIntermediateCertificate() { } catch (e) { logger.error("failed to add new intermediate certificate:", e); return; - } finally { - // revert nocertdb pref to original value (even if exception thrown) - if (userNocertdb) { - Services.prefs.setBoolPref(PREF_NOCERTDB, true); - } } Services.prefs.setBoolPref(PREF_SIGNER_HOTFIXED, true);

1 0

[tor-browser/tor-browser-60.6.1esr-8.5-1] Bug 1549061 - Add intermediate certificate [ESR60] r=kmag a=tomprince CLOSED TREE
by gk＠torproject.org 06 May '19

06 May '19

commit 178fcbbe24f543a15b165bdc680a5083247e87a3 Author: Mark Goodwin <mgoodwin(a)mozilla.com> Date: Sat May 4 16:58:30 2019 +0000 Bug 1549061 - Add intermediate certificate [ESR60] r=kmag a=tomprince CLOSED TREE This patch relies on a schema bump in a previous commit Differential Revision: https://phabricator.services.mozilla.com/D29947 --HG-- extra : source : bfd165fd51ec90777db01c21e3b727328a5ea1a3 --- .../mozapps/extensions/internal/XPIProvider.jsm | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index 8079f3460e0a..6cffc02d90ba 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -1813,6 +1813,29 @@ var XPIStates = { }, }; +// https://bugzilla.mozilla.org/show_bug.cgi?id=1548973 +const MISSING_INTERMEDIATE_CERTIFICATE = "MIIHLTCCBRWgAwIBAgIDEAAIMA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTEfMB0GA1UEAxMWcm9vdC1jYS1wcm9kdWN0aW9uLWFtbzAeFw0xNTA0MDQwMDAwMDBaFw0yNTA0MDQwMDAwMDBaMIGnMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEvMC0GA1UECxMmTW96aWxsYSBBTU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2UxJjAkBgNVBAMTHXNpZ25pbmdjYTEuYWRkb25zLm1vemlsbGEub3JnMSEwHwYJKoZIhvcNAQkBFhJmb3hzZWNAbW96aWxsYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/qluiiI+wO6qGA4vH7cHvWvXpdju9JnvbwnrbYmxhtUpfS68LbdjGGtv7RP6F1XhHT4MU3v4GuMulH0E4Wfalm8evsb3tBJRMJPICJX5UCLi6VJ6J2vipXSWBf8xbcOB+PY5Kk6L+EZiWaepiM23CdaZjNOJCAB6wFHlGe+zUk87whpLa7GrtrHjTb8u9TSS+mwjhvgfP8ILZrWhzb5H/ybgmD7jYaJGIDY/WDmq1gVe03fShxD09Ml1P7H38o5kbFLnbbqpqC6n8SfUI31MiJAXAN2e6rAOM8EmocAY0EC5KUooXKRsYvHzhwwHkwIbbe6QpTUlIqvw1MPlQPs7Zu/MBnVmyGTSqJxtYoklr0MaEXnJNY3g3FDf1R0Opp2/BEY9Vh3Fc9Pq6qWIhGoMyWdueoSYa+GURqDbsuYnk7Zk ysxK+yRoFJu4x3TUBmMKM14jQKLgxvuIzWVn6qg6cw7ye/DYNufc+DSPSTSakSsWJ9IPxiAU7xJ+GCMzaZ10Y3VGOybGLuPxDlSd6KALAoMcl9ghB2mvfB0N3wv6uWnbKuxihq/qDps+FjliNvr7C66mIVH+9rkyHIy6GgIUlwr7E88Qqw+SQeNeph6NIY85PL4p0Y8KivKP4J928tpp18wLuHNbIG+YaUk5WUDZ6/2621pi19UZQ8iiHxN/XKQIDAQABo4IBiTCCAYUwDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFBY++xz/DCuT+JsV1y2jwuZ4YdztMIGoBgNVHSMEgaAwgZ2AFLO86lh0q+FueCqyq5wjHqhjLJe3oYGBpH8wfTELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xLzAtBgNVBAsTJk1vemlsbGEgQU1PIFByb2R1Y3Rpb24gU2lnbmluZyBTZXJ2aWNlMR8wHQYDVQQDExZyb290LWNhLXByb2R1Y3Rpb24tYW1vggEBMDMGCWCGSAGG+EIBBAQmFiRodHRwOi8vYWRkb25zLm1vemlsbGEub3JnL2NhL2NybC5wZW0wTgYDVR0eBEcwRaFDMCCCHi5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzAfgh1jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzANBgkqhkiG9w0BAQwFAAOCAgEAX1PNli/zErw3tK3S9Bv803RV4tHkrMa5xztxzlWja0VAUJKEQx7f1yM8vmcQJ9g5RE8WFc43IePwzbAoum5F4BTM7tqM//+e476F1YUgB7SnkDTVpBOnV5vRLz1Si4iJ/U0HUvMUvNJEweXvKg/DNbXuCreSvTEAawmRIxqNYoaigQD8x4hC zGcVtIi5Xk2aMCJW2K/6JqkN50pnLBNkPx6FeiYMJCP8z0FIz3fv53FHgu3oeDhi2u3VdONjK3aaFWTlKNiGeDU0/lr0suWfQLsNyphTMbYKyTqQYHxXYJno9PuNi7e1903PvM47fKB5bFmSLyzB1hB1YIVLj0/YqD4nz3lADDB91gMBB7vR2h5bRjFqLOxuOutNNcNRnv7UPqtVCtLF2jVb4/AmdJU78jpfDs+BgY/t2bnGBVFBuwqS2Kult/2kth4YMrL5DrURIM8oXWVQRBKxzr843yDmHo8+2rqxLnZcmWoe8yQ41srZ4IB+V3w2TIAd4gxZAB0Xa6KfnR4D8RgE5sgmgQoK7Y/hdvd9Ahu0WEZI8Eg+mDeCeojWcyjF+dt6c2oERiTmFTIFUoojEjJwLyIqHKt+eApEYpF7imaWcumFN1jR+iUjE4ZSUoVxGtZ/Jdnkf8VVQMhiBA+i7r5PsfrHq+lqTTGOg+GzYx7OmoeJAT0zo4c="; + +function addMissingIntermediateCertificate() { + const PREF_SIGNER_HOTFIXED = "extensions.signer.hotfixed"; + let hotfixApplied = Services.prefs.getBoolPref(PREF_SIGNER_HOTFIXED, false); + if (hotfixApplied) { + return; + } + logger.debug("hotfix for addon signing cert has not been applied; applying"); + + try { + let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB); + certDB.addCertFromBase64(MISSING_INTERMEDIATE_CERTIFICATE, ",,"); + logger.debug("new intermediate certificate added"); + } catch (e) { + logger.error("failed to add new intermediate certificate:", e); + return; + } + + Services.prefs.setBoolPref(PREF_SIGNER_HOTFIXED, true); +} + var XPIProvider = { get name() { return "XPIProvider"; @@ -2121,6 +2144,11 @@ var XPIProvider = { XPIProvider.installLocationsByName[location.name] = location; } + // Add missing certificate (bug 1548973). Mistakenly disabled add-ons are + // going to be re-enabled because the schema version bump forces a new + // signature verification check. + addMissingIntermediateCertificate(); + try { AddonManagerPrivate.recordTimestamp("XPI_startup_begin");

1 0

[tor-browser/tor-browser-60.6.1esr-8.5-1] Bug 1549010: Part 2 - Bump DB schema version to force certificate reverification. r=zombie a=lizzard CLOSED TREE
by gk＠torproject.org 06 May '19

06 May '19

commit 3c99a9c698815fcfd4a285cf8db8554c74b9afb7 Author: Kris Maglione <maglione.k(a)gmail.com> Date: Fri May 3 21:40:38 2019 -0700 Bug 1549010: Part 2 - Bump DB schema version to force certificate reverification. r=zombie a=lizzard CLOSED TREE Users who are affected by the intermediate add-on signing certificate expiry need their add-on signatures re-verified as soon as possible after updating to a version containging the fix. A database rebuild includes signature reverifications, so a schema version achieves this. Differential Revision: https://phabricator.services.mozilla.com/D29932 --HG-- extra : histedit_source : 11cf212be43f51f389efcc7862eaa83d97c346a9 --- toolkit/mozapps/extensions/internal/XPIProvider.jsm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index c9b01bdc7395..8079f3460e0a 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -152,7 +152,7 @@ const TOOLKIT_ID = "toolkit(a)mozilla.org"; const XPI_SIGNATURE_CHECK_PERIOD = 24 * 60 * 60; -XPCOMUtils.defineConstant(this, "DB_SCHEMA", 25); +XPCOMUtils.defineConstant(this, "DB_SCHEMA", 26); XPCOMUtils.defineLazyPreferenceGetter(this, "ALLOW_NON_MPC", PREF_ALLOW_NON_MPC);

1 0

[tor-browser/tor-browser-60.6.1esr-8.5-1] Bug 30388: Disable nocertdb pref for armagadd-on 2.0 cert inclusion if needed
by gk＠torproject.org 06 May '19

06 May '19

commit 1d2d420ff1c7231a60ec3ff497bd57815fc1d665 Author: Georg Koppen <gk(a)torproject.org> Date: Sun May 5 06:10:28 2019 +0000 Bug 30388: Disable nocertdb pref for armagadd-on 2.0 cert inclusion if needed For Tor Browser added a fix to temporarily disable `security.nocertdb` so the new cert can be inserted, and revert to original once the cert is inserted. Patch by pospeselr. --- toolkit/mozapps/extensions/internal/XPIProvider.jsm | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index 6cffc02d90ba..3aa0e41b625f 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -1824,6 +1824,13 @@ function addMissingIntermediateCertificate() { } logger.debug("hotfix for addon signing cert has not been applied; applying"); + // temporarily disable nocertb so we can write cert + const PREF_NOCERTDB = "security.nocertdb"; + let userNocertdb = Services.prefs.getBoolPref(PREF_NOCERTDB, true); + if (userNocertdb) { + Services.prefs.setBoolPref(PREF_NOCERTDB, false); + } + try { let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB); certDB.addCertFromBase64(MISSING_INTERMEDIATE_CERTIFICATE, ",,"); @@ -1831,6 +1838,11 @@ function addMissingIntermediateCertificate() { } catch (e) { logger.error("failed to add new intermediate certificate:", e); return; + } finally { + // revert nocertdb pref to original value (even if exception thrown) + if (userNocertdb) { + Services.prefs.setBoolPref(PREF_NOCERTDB, true); + } } Services.prefs.setBoolPref(PREF_SIGNER_HOTFIXED, true);

1 0

[tor-browser-build/85a12_30388] build2 for 8.5a12
by gk＠torproject.org 05 May '19

05 May '19

commit 2cea321e14080aa9a5979ee824ed29ca526393d5 Author: Georg Koppen <gk(a)torproject.org> Date: Sun May 5 20:38:26 2019 +0000 build2 for 8.5a12 --- rbm.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rbm.conf b/rbm.conf index c7edd98..7008e5c 100644 --- a/rbm.conf +++ b/rbm.conf @@ -25,7 +25,7 @@ buildconf: var: torbrowser_version: '8.5a12' - torbrowser_build: 'build1' + torbrowser_build: 'build2' torbrowser_incremental_from: - 8.5a11 project_name: tor-browser

1 0

[tor-browser-build/85a12_30388] Bug 30280: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
by gk＠torproject.org 05 May '19

05 May '19

1 0

[tor-browser-build/maint-8.0] Release preparations for 8.0.9
by gk＠torproject.org 05 May '19

05 May '19

commit d48ca8aa4c5c5ad4a1285dfa102eab080776427c Author: Georg Koppen <gk(a)torproject.org> Date: Sun May 5 06:26:01 2019 +0000 Release preparations for 8.0.9 Picking up hotfix for 30388 --- projects/firefox/config | 2 +- projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt | 7 +++++++ projects/tor-browser/config | 4 ++-- rbm.conf | 5 ++--- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/projects/firefox/config b/projects/firefox/config index dcc20c4..2d0712e 100644 --- a/projects/firefox/config +++ b/projects/firefox/config @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' filename: 'firefox-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %]' -git_hash: 'tor-browser-[% c("var/firefox_version") %]-[% c("var/torbrowser_branch") %]-1-build1' +git_hash: 'tor-browser-[% c("var/firefox_version") %]-[% c("var/torbrowser_branch") %]-1-build2' tag_gpg_id: 1 git_url: https://git.torproject.org/tor-browser.git gpg_keyring: torbutton.gpg diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt index 0fed743..197b951 100644 --- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt +++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,10 @@ +Tor Browser 8.0.9 -- May 6 2019 +* All platforms + * Backport fixes for bug 1549010 and bug 1549061 + * Bug 30388: NoScript and all user-installed add-ons got deactivated + * Update NoScript to 10.6.1 + * Bug 29872: XSS popup with DuckDuckGo search on about:tor + Tor Browser 8.0.8 -- March 22 2019 * All platforms * Update Firefox to 60.6.1esr diff --git a/projects/tor-browser/config b/projects/tor-browser/config index 6aa3c66..94957d3 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -74,9 +74,9 @@ input_files: name: snowflake enable: '[% c("var/snowflake") %]' - filename: Bundle-Data - - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… + - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… name: noscript - sha256sum: b486b8c224882652b00b81a3e4a52389ed8b55035f8f09fec930a36b7477ac2e + sha256sum: b15047d0045d12f28b2e1e444bdb86800257b5ca6cc8f4c8022b20c550cd9727 - filename: 'RelativeLink/start-tor-browser.desktop' enable: '[% c("var/linux") %]' - filename: 'RelativeLink/execdesktop' diff --git a/rbm.conf b/rbm.conf index f63c3a1..f46ece9 100644 --- a/rbm.conf +++ b/rbm.conf @@ -15,11 +15,10 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '8.0.8' + torbrowser_version: '8.0.9' torbrowser_build: 'build1' torbrowser_incremental_from: - - 8.0.6 - - 8.0.7 + - 8.0.8 project_name: tor-browser multi_lingual: 0 build_mar: 1

1 0

[tor-browser/tor-browser-60.6.1esr-8.0-1] Bug 1549010: Part 2 - Bump DB schema version to force certificate reverification. r=zombie a=lizzard CLOSED TREE
by gk＠torproject.org 05 May '19

05 May '19

commit 421a5cdf1349d7fa0dfbbe7f1ee8146e435c1b97 Author: Kris Maglione <maglione.k(a)gmail.com> Date: Fri May 3 21:40:38 2019 -0700 Bug 1549010: Part 2 - Bump DB schema version to force certificate reverification. r=zombie a=lizzard CLOSED TREE Users who are affected by the intermediate add-on signing certificate expiry need their add-on signatures re-verified as soon as possible after updating to a version containging the fix. A database rebuild includes signature reverifications, so a schema version achieves this. Differential Revision: https://phabricator.services.mozilla.com/D29932 --HG-- extra : histedit_source : 11cf212be43f51f389efcc7862eaa83d97c346a9 --- toolkit/mozapps/extensions/internal/XPIProvider.jsm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index ddd337038659..d48e857159a5 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -152,7 +152,7 @@ const TOOLKIT_ID = "toolkit(a)mozilla.org"; const XPI_SIGNATURE_CHECK_PERIOD = 24 * 60 * 60; -XPCOMUtils.defineConstant(this, "DB_SCHEMA", 25); +XPCOMUtils.defineConstant(this, "DB_SCHEMA", 26); XPCOMUtils.defineLazyPreferenceGetter(this, "ALLOW_NON_MPC", PREF_ALLOW_NON_MPC);

1 0

[tor-browser/tor-browser-60.6.1esr-8.0-1] Bug 1549061 - Add intermediate certificate [ESR60] r=kmag a=tomprince CLOSED TREE
by gk＠torproject.org 05 May '19

05 May '19

commit 428fad69b4b0baa331d0e8be8c4012145ecae726 Author: Mark Goodwin <mgoodwin(a)mozilla.com> Date: Sat May 4 16:58:30 2019 +0000 Bug 1549061 - Add intermediate certificate [ESR60] r=kmag a=tomprince CLOSED TREE This patch relies on a schema bump in a previous commit Differential Revision: https://phabricator.services.mozilla.com/D29947 --HG-- extra : source : bfd165fd51ec90777db01c21e3b727328a5ea1a3 --- .../mozapps/extensions/internal/XPIProvider.jsm | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index d48e857159a5..10b21d5cb5fd 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -1803,6 +1803,29 @@ var XPIStates = { }, }; +// https://bugzilla.mozilla.org/show_bug.cgi?id=1548973 +const MISSING_INTERMEDIATE_CERTIFICATE = "MIIHLTCCBRWgAwIBAgIDEAAIMA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTEfMB0GA1UEAxMWcm9vdC1jYS1wcm9kdWN0aW9uLWFtbzAeFw0xNTA0MDQwMDAwMDBaFw0yNTA0MDQwMDAwMDBaMIGnMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEvMC0GA1UECxMmTW96aWxsYSBBTU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2UxJjAkBgNVBAMTHXNpZ25pbmdjYTEuYWRkb25zLm1vemlsbGEub3JnMSEwHwYJKoZIhvcNAQkBFhJmb3hzZWNAbW96aWxsYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/qluiiI+wO6qGA4vH7cHvWvXpdju9JnvbwnrbYmxhtUpfS68LbdjGGtv7RP6F1XhHT4MU3v4GuMulH0E4Wfalm8evsb3tBJRMJPICJX5UCLi6VJ6J2vipXSWBf8xbcOB+PY5Kk6L+EZiWaepiM23CdaZjNOJCAB6wFHlGe+zUk87whpLa7GrtrHjTb8u9TSS+mwjhvgfP8ILZrWhzb5H/ybgmD7jYaJGIDY/WDmq1gVe03fShxD09Ml1P7H38o5kbFLnbbqpqC6n8SfUI31MiJAXAN2e6rAOM8EmocAY0EC5KUooXKRsYvHzhwwHkwIbbe6QpTUlIqvw1MPlQPs7Zu/MBnVmyGTSqJxtYoklr0MaEXnJNY3g3FDf1R0Opp2/BEY9Vh3Fc9Pq6qWIhGoMyWdueoSYa+GURqDbsuYnk7Zk ysxK+yRoFJu4x3TUBmMKM14jQKLgxvuIzWVn6qg6cw7ye/DYNufc+DSPSTSakSsWJ9IPxiAU7xJ+GCMzaZ10Y3VGOybGLuPxDlSd6KALAoMcl9ghB2mvfB0N3wv6uWnbKuxihq/qDps+FjliNvr7C66mIVH+9rkyHIy6GgIUlwr7E88Qqw+SQeNeph6NIY85PL4p0Y8KivKP4J928tpp18wLuHNbIG+YaUk5WUDZ6/2621pi19UZQ8iiHxN/XKQIDAQABo4IBiTCCAYUwDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFBY++xz/DCuT+JsV1y2jwuZ4YdztMIGoBgNVHSMEgaAwgZ2AFLO86lh0q+FueCqyq5wjHqhjLJe3oYGBpH8wfTELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xLzAtBgNVBAsTJk1vemlsbGEgQU1PIFByb2R1Y3Rpb24gU2lnbmluZyBTZXJ2aWNlMR8wHQYDVQQDExZyb290LWNhLXByb2R1Y3Rpb24tYW1vggEBMDMGCWCGSAGG+EIBBAQmFiRodHRwOi8vYWRkb25zLm1vemlsbGEub3JnL2NhL2NybC5wZW0wTgYDVR0eBEcwRaFDMCCCHi5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzAfgh1jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzANBgkqhkiG9w0BAQwFAAOCAgEAX1PNli/zErw3tK3S9Bv803RV4tHkrMa5xztxzlWja0VAUJKEQx7f1yM8vmcQJ9g5RE8WFc43IePwzbAoum5F4BTM7tqM//+e476F1YUgB7SnkDTVpBOnV5vRLz1Si4iJ/U0HUvMUvNJEweXvKg/DNbXuCreSvTEAawmRIxqNYoaigQD8x4hC zGcVtIi5Xk2aMCJW2K/6JqkN50pnLBNkPx6FeiYMJCP8z0FIz3fv53FHgu3oeDhi2u3VdONjK3aaFWTlKNiGeDU0/lr0suWfQLsNyphTMbYKyTqQYHxXYJno9PuNi7e1903PvM47fKB5bFmSLyzB1hB1YIVLj0/YqD4nz3lADDB91gMBB7vR2h5bRjFqLOxuOutNNcNRnv7UPqtVCtLF2jVb4/AmdJU78jpfDs+BgY/t2bnGBVFBuwqS2Kult/2kth4YMrL5DrURIM8oXWVQRBKxzr843yDmHo8+2rqxLnZcmWoe8yQ41srZ4IB+V3w2TIAd4gxZAB0Xa6KfnR4D8RgE5sgmgQoK7Y/hdvd9Ahu0WEZI8Eg+mDeCeojWcyjF+dt6c2oERiTmFTIFUoojEjJwLyIqHKt+eApEYpF7imaWcumFN1jR+iUjE4ZSUoVxGtZ/Jdnkf8VVQMhiBA+i7r5PsfrHq+lqTTGOg+GzYx7OmoeJAT0zo4c="; + +function addMissingIntermediateCertificate() { + const PREF_SIGNER_HOTFIXED = "extensions.signer.hotfixed"; + let hotfixApplied = Services.prefs.getBoolPref(PREF_SIGNER_HOTFIXED, false); + if (hotfixApplied) { + return; + } + logger.debug("hotfix for addon signing cert has not been applied; applying"); + + try { + let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB); + certDB.addCertFromBase64(MISSING_INTERMEDIATE_CERTIFICATE, ",,"); + logger.debug("new intermediate certificate added"); + } catch (e) { + logger.error("failed to add new intermediate certificate:", e); + return; + } + + Services.prefs.setBoolPref(PREF_SIGNER_HOTFIXED, true); +} + var XPIProvider = { get name() { return "XPIProvider"; @@ -2111,6 +2134,11 @@ var XPIProvider = { XPIProvider.installLocationsByName[location.name] = location; } + // Add missing certificate (bug 1548973). Mistakenly disabled add-ons are + // going to be re-enabled because the schema version bump forces a new + // signature verification check. + addMissingIntermediateCertificate(); + try { AddonManagerPrivate.recordTimestamp("XPI_startup_begin");

1 0

← Newer
1
...
9
10
11
12
13
14
15
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

tbb-commits May 2019