commit b26a841fc620d02383802d9fe9f31d179050070b Author: Georg Koppen gk@torproject.org Date: Thu Mar 30 10:38:06 2017 +0000

Bug 14970: Don't block our unsigned extensions

Mozilla introduced extension signing as a way to make it harder for an attacker to get a malicious add-on running in a user's browser. See: https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experienc... and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/ for some background information.

Since ESR45 this feature is enabled by default and we exempt EFF's HTTPS-Everywhere from this requirement. --- browser/components/BrowserGlue.jsm | 6 +++++- toolkit/mozapps/extensions/content/aboutaddonsCommon.js | 6 ++++++ toolkit/mozapps/extensions/internal/XPIDatabase.jsm | 5 +++++ toolkit/mozapps/extensions/internal/XPIInstall.jsm | 1 + 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm index 0a3555f26432..515ae1df553e 100644 --- a/browser/components/BrowserGlue.jsm +++ b/browser/components/BrowserGlue.jsm @@ -2180,7 +2180,11 @@ BrowserGlue.prototype = { ); AddonManager.getAddonsByIDs(disabledAddons).then(addons => { for (let addon of addons) { - if (addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) { + // We don't need a false notification that our extensions are + // disabled. Even if they lack Mozilla's blessing they are enabled + // nevertheless. + if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) && + (addon.id !== "https-everywhere-eff@eff.org")) { this._notifyUnsignedAddonsDisabled(); break; } diff --git a/toolkit/mozapps/extensions/content/aboutaddonsCommon.js b/toolkit/mozapps/extensions/content/aboutaddonsCommon.js index 9b218c3dae2c..a566979bc8c8 100644 --- a/toolkit/mozapps/extensions/content/aboutaddonsCommon.js +++ b/toolkit/mozapps/extensions/content/aboutaddonsCommon.js @@ -214,9 +214,15 @@ var gBrowser = { }, };

+// This function is the central check point to decide whether to show a warning +// about unsigned extensions or not. We want those warnings but only for +// extensions we don't distribute. function isCorrectlySigned(addon) { // Add-ons without an "isCorrectlySigned" property are correctly signed as // they aren't the correct type for signing. + if (addon.id == "https-everywhere-eff@eff.org") { + return true; + } return addon.isCorrectlySigned !== false; }

diff --git a/toolkit/mozapps/extensions/internal/XPIDatabase.jsm b/toolkit/mozapps/extensions/internal/XPIDatabase.jsm index 4d1c469418c5..fb9ef83066bf 100644 --- a/toolkit/mozapps/extensions/internal/XPIDatabase.jsm +++ b/toolkit/mozapps/extensions/internal/XPIDatabase.jsm @@ -2207,6 +2207,11 @@ this.XPIDatabase = { * True if the add-on should not be appDisabled */ isUsableAddon(aAddon) { + // Ensure that we allow https-everywhere + if (aAddon.id == "https-everywhere-eff@eff.org") { + return true; + } + if (this.mustSign(aAddon.type) && !aAddon.isCorrectlySigned) { logger.warn(`Add-on ${aAddon.id} is not correctly signed.`); if (Services.prefs.getBoolPref(PREF_XPI_SIGNATURES_DEV_ROOT, false)) { diff --git a/toolkit/mozapps/extensions/internal/XPIInstall.jsm b/toolkit/mozapps/extensions/internal/XPIInstall.jsm index 71034a3e73a7..5269e2755e58 100644 --- a/toolkit/mozapps/extensions/internal/XPIInstall.jsm +++ b/toolkit/mozapps/extensions/internal/XPIInstall.jsm @@ -3834,6 +3834,7 @@ var XPIInstall = {

if ( XPIDatabase.mustSign(addon.type) && + addon.id !== "https-everywhere-eff@eff.org" && addon.signedState <= AddonManager.SIGNEDSTATE_MISSING ) { throw new Error(