[tbb-commits] [tor-browser/tor-browser-81.0b2-10.0-1] Bug 14970: Don't block our unsigned extensions

commit 36c4dde9d5da786b650059f854c266f4bdd9ce78 Author: Georg Koppen gk@torproject.org Date: Thu Mar 30 10:38:06 2017 +0000

Bug 14970: Don't block our unsigned extensions

Mozilla introduced extension signing as a way to make it harder for an attacker to get a malicious add-on running in a user's browser. See: https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experienc... and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/ for some background information.

Since ESR45 this feature is enabled by default and we exempt EFF's HTTPS-Everywhere from this requirement. --- browser/components/BrowserGlue.jsm | 6 +++++- toolkit/mozapps/extensions/content/aboutaddonsCommon.js | 6 ++++++ toolkit/mozapps/extensions/internal/XPIDatabase.jsm | 5 +++++ toolkit/mozapps/extensions/internal/XPIInstall.jsm | 1 + 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm index 68b77e6f42cf..a432b28b97bc 100644 --- a/browser/components/BrowserGlue.jsm +++ b/browser/components/BrowserGlue.jsm @@ -2257,7 +2257,11 @@ BrowserGlue.prototype = { ); AddonManager.getAddonsByIDs(disabledAddons).then(addons => { for (let addon of addons) { - if (addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) { + // We don't need a false notification that our extensions are + // disabled. Even if they lack Mozilla's blessing they are enabled + // nevertheless. + if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) && + (addon.id !== "https-everywhere-eff@eff.org")) { this._notifyUnsignedAddonsDisabled(); break; } diff --git a/toolkit/mozapps/extensions/content/aboutaddonsCommon.js b/toolkit/mozapps/extensions/content/aboutaddonsCommon.js index 5459d0fff050..9204aa657b83 100644 --- a/toolkit/mozapps/extensions/content/aboutaddonsCommon.js +++ b/toolkit/mozapps/extensions/content/aboutaddonsCommon.js @@ -225,9 +225,15 @@ var gBrowser = { }, };

+// This function is the central check point to decide whether to show a warning +// about unsigned extensions or not. We want those warnings but only for +// extensions we don't distribute. function isCorrectlySigned(addon) { // Add-ons without an "isCorrectlySigned" property are correctly signed as // they aren't the correct type for signing. + if (addon.id == "https-everywhere-eff@eff.org") { + return true; + } return addon.isCorrectlySigned !== false; }

diff --git a/toolkit/mozapps/extensions/internal/XPIDatabase.jsm b/toolkit/mozapps/extensions/internal/XPIDatabase.jsm index 0b9bfa34b138..c8407541c2df 100644 --- a/toolkit/mozapps/extensions/internal/XPIDatabase.jsm +++ b/toolkit/mozapps/extensions/internal/XPIDatabase.jsm @@ -2211,6 +2211,11 @@ this.XPIDatabase = { * True if the add-on should not be appDisabled */ isUsableAddon(aAddon) { + // Ensure that we allow https-everywhere + if (aAddon.id == "https-everywhere-eff@eff.org") { + return true; + } + if (this.mustSign(aAddon.type) && !aAddon.isCorrectlySigned) { logger.warn(`Add-on ${aAddon.id} is not correctly signed.`); if (Services.prefs.getBoolPref(PREF_XPI_SIGNATURES_DEV_ROOT, false)) { diff --git a/toolkit/mozapps/extensions/internal/XPIInstall.jsm b/toolkit/mozapps/extensions/internal/XPIInstall.jsm index 4e172f89694a..3396d43116d2 100644 --- a/toolkit/mozapps/extensions/internal/XPIInstall.jsm +++ b/toolkit/mozapps/extensions/internal/XPIInstall.jsm @@ -3953,6 +3953,7 @@ var XPIInstall = {

if ( XPIDatabase.mustSign(addon.type) && + addon.id !== "https-everywhere-eff@eff.org" && addon.signedState <= AddonManager.SIGNEDSTATE_MISSING ) { throw new Error(