From 62f3296d0aaf4d95f564cc847bb09d01f5aa5af6 Mon Sep 17 00:00:00 2001
From: Georg Koppen <gk@torproject.org>
Date: Thu, 30 Mar 2017 10:38:06 +0000
Subject: [PATCH] Bug 14970: Don't block our unsigned extensions

Mozilla introduced extension signing as a way to make it harder for an
attacker to get a malicious add-on running in a user's browser. See:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience
and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/
for some background information.

Since ESR45 this feature is enabled by default and we exempt EFF's
HTTPS-Everywhere from this requirement.
---
 browser/components/BrowserGlue.jsm                      | 6 +++++-
 toolkit/mozapps/extensions/content/aboutaddonsCommon.js | 6 ++++++
 toolkit/mozapps/extensions/internal/XPIDatabase.jsm     | 5 +++++
 toolkit/mozapps/extensions/internal/XPIInstall.jsm      | 1 +
 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index 7f61019c3f947..9ce7e23826702 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -1900,7 +1900,11 @@ BrowserGlue.prototype = {
       );
       AddonManager.getAddonsByIDs(disabledAddons).then(addons => {
         for (let addon of addons) {
-          if (addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {
+          // We don't need a false notification that our extensions are
+          // disabled. Even if they lack Mozilla's blessing they are enabled
+          // nevertheless.
+          if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) &&
+              (addon.id !== "https-everywhere-eff@eff.org")) {
             this._notifyUnsignedAddonsDisabled();
             break;
           }
diff --git a/toolkit/mozapps/extensions/content/aboutaddonsCommon.js b/toolkit/mozapps/extensions/content/aboutaddonsCommon.js
index 19e21c265d41a..9843c66de6c76 100644
--- a/toolkit/mozapps/extensions/content/aboutaddonsCommon.js
+++ b/toolkit/mozapps/extensions/content/aboutaddonsCommon.js
@@ -186,9 +186,15 @@ var gBrowser = {
   },
 };
 
+// This function is the central check point to decide whether to show a warning
+// about unsigned extensions or not. We want those warnings but only for
+// extensions we don't distribute.
 function isCorrectlySigned(addon) {
   // Add-ons without an "isCorrectlySigned" property are correctly signed as
   // they aren't the correct type for signing.
+  if (addon.id == "https-everywhere-eff@eff.org") {
+    return true;
+  }
   return addon.isCorrectlySigned !== false;
 }
 
diff --git a/toolkit/mozapps/extensions/internal/XPIDatabase.jsm b/toolkit/mozapps/extensions/internal/XPIDatabase.jsm
index dc1e590625afc..e0d551601cca3 100644
--- a/toolkit/mozapps/extensions/internal/XPIDatabase.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIDatabase.jsm
@@ -2121,6 +2121,11 @@ this.XPIDatabase = {
    *        True if the add-on should not be appDisabled
    */
   isUsableAddon(aAddon) {
+    // Ensure that we allow https-everywhere
+    if (aAddon.id == "https-everywhere-eff@eff.org") {
+      return true;
+    }
+
     if (this.mustSign(aAddon.type) && !aAddon.isCorrectlySigned) {
       logger.warn(`Add-on ${aAddon.id} is not correctly signed.`);
       if (Services.prefs.getBoolPref(PREF_XPI_SIGNATURES_DEV_ROOT, false)) {
diff --git a/toolkit/mozapps/extensions/internal/XPIInstall.jsm b/toolkit/mozapps/extensions/internal/XPIInstall.jsm
index 0d3dd43dd8afc..41a688b853ff3 100644
--- a/toolkit/mozapps/extensions/internal/XPIInstall.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIInstall.jsm
@@ -3834,6 +3834,7 @@ var XPIInstall = {
 
     if (
       XPIDatabase.mustSign(addon.type) &&
+      addon.id !== "https-everywhere-eff@eff.org" &&
       addon.signedState <= AddonManager.SIGNEDSTATE_MISSING
     ) {
       throw new Error(
-- 
GitLab