From f311c9666f944a8b70c77859997d9f5a121a1435 Mon Sep 17 00:00:00 2001 From: Georg Koppen Date: Thu, 30 Mar 2017 10:38:06 +0000 Subject: [PATCH] Bug 14970: Don't block our unsigned extensions Mozilla introduced extension signing as a way to make it harder for an attacker to get a malicious add-on running in a user's browser. See: https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/ for some background information. In ESR45 this feature is enabled by default and we exempt both our own extensions and EFF's HTTPS-Everywhere from this requirement. --- browser/components/nsBrowserGlue.js | 8 +++++++- toolkit/mozapps/extensions/content/extensions.js | 8 ++++++++ .../mozapps/extensions/internal/XPIProvider.jsm | 14 ++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/browser/components/nsBrowserGlue.js b/browser/components/nsBrowserGlue.js index f5108da58b926..bb2351d410148 100644 --- a/browser/components/nsBrowserGlue.js +++ b/browser/components/nsBrowserGlue.js @@ -1131,7 +1131,13 @@ BrowserGlue.prototype = { if (addon.type == "experiment") continue; - if (addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) { + // We don't need a false notification that our extensions are + // disabled. Even if they lack Mozilla's blessing they are enabled + // nevertheless. + if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) && + !(addon.id == "torbutton@torproject.org" || + addon.id == "tor-launcher@torproject.org" || + addon.id == "https-everywhere-eff@eff.org")) { this._notifyUnsignedAddonsDisabled(); break; } diff --git a/toolkit/mozapps/extensions/content/extensions.js b/toolkit/mozapps/extensions/content/extensions.js index adb658bb8deda..1e5f33b0a251e 100644 --- a/toolkit/mozapps/extensions/content/extensions.js +++ b/toolkit/mozapps/extensions/content/extensions.js @@ -274,9 +274,17 @@ function loadView(aViewId) { } } +// This function is the central check point to decide whether to show a warning +// about unsigned extensions or not. We want those warnings but only for +// extensions we don't distribute. function isCorrectlySigned(aAddon) { // Add-ons without an "isCorrectlySigned" property are correctly signed as // they aren't the correct type for signing. + if (aAddon.id == "torbutton@torproject.org" || + aAddon.id == "tor-launcher@torproject.org" || + aAddon.id == "https-everywhere-eff@eff.org") { + return true; + } return aAddon.isCorrectlySigned !== false; } diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index e5cbf3c79c133..0fa11b64e3b32 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -745,6 +745,14 @@ function isUsableAddon(aAddon) { if (aAddon.type == "theme" && aAddon.internalName == XPIProvider.defaultSkin) return true; + // Ensure that we allow torbutton, tor-launcher, and https-everywhere + if (aAddon.id == "torbutton@torproject.org" || + aAddon.id == "tor-launcher@torproject.org" || + aAddon.id == "https-everywhere-eff@eff.org" || + aAddon.id == "meek-http-helper@bamsoftware.com") { + return true; + } + if (mustSign(aAddon.type) && !aAddon.isCorrectlySigned) { logger.warn(`Add-on ${aAddon.id} is not correctly signed.`); return false; @@ -3450,7 +3458,13 @@ this.XPIProvider = { continue; } + // Make sure Torbutton, TorLauncher, EFF's HTTPS-Everywhere and meek + // are still working after an update. if (mustSign(addon.type) && + addon.id != "torbutton@torproject.org" && + addon.id != "tor-launcher@torproject.org" && + addon.id != "https-everywhere-eff@eff.org" && + addon.id != "meek-http-helper@bamsoftware.com" && addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) { logger.warn("Refusing to install staged add-on " + id + " with signed state " + addon.signedState); seenFiles.push(stageDirEntry.leafName); -- GitLab