[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor-browser/tor-browser-78.1.0esr-10.0-1] Bug 14970: Don't block our unsigned extensions
commit b26a841fc620d02383802d9fe9f31d179050070b
Author: Georg Koppen <gk@xxxxxxxxxxxxxx>
Date: Thu Mar 30 10:38:06 2017 +0000
Bug 14970: Don't block our unsigned extensions
Mozilla introduced extension signing as a way to make it harder for an
attacker to get a malicious add-on running in a user's browser. See:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience
and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/
for some background information.
Since ESR45 this feature is enabled by default and we exempt EFF's
HTTPS-Everywhere from this requirement.
---
browser/components/BrowserGlue.jsm | 6 +++++-
toolkit/mozapps/extensions/content/aboutaddonsCommon.js | 6 ++++++
toolkit/mozapps/extensions/internal/XPIDatabase.jsm | 5 +++++
toolkit/mozapps/extensions/internal/XPIInstall.jsm | 1 +
4 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index 0a3555f26432..515ae1df553e 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -2180,7 +2180,11 @@ BrowserGlue.prototype = {
);
AddonManager.getAddonsByIDs(disabledAddons).then(addons => {
for (let addon of addons) {
- if (addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {
+ // We don't need a false notification that our extensions are
+ // disabled. Even if they lack Mozilla's blessing they are enabled
+ // nevertheless.
+ if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) &&
+ (addon.id !== "https-everywhere-eff@xxxxxxx")) {
this._notifyUnsignedAddonsDisabled();
break;
}
diff --git a/toolkit/mozapps/extensions/content/aboutaddonsCommon.js b/toolkit/mozapps/extensions/content/aboutaddonsCommon.js
index 9b218c3dae2c..a566979bc8c8 100644
--- a/toolkit/mozapps/extensions/content/aboutaddonsCommon.js
+++ b/toolkit/mozapps/extensions/content/aboutaddonsCommon.js
@@ -214,9 +214,15 @@ var gBrowser = {
},
};
+// This function is the central check point to decide whether to show a warning
+// about unsigned extensions or not. We want those warnings but only for
+// extensions we don't distribute.
function isCorrectlySigned(addon) {
// Add-ons without an "isCorrectlySigned" property are correctly signed as
// they aren't the correct type for signing.
+ if (addon.id == "https-everywhere-eff@xxxxxxx") {
+ return true;
+ }
return addon.isCorrectlySigned !== false;
}
diff --git a/toolkit/mozapps/extensions/internal/XPIDatabase.jsm b/toolkit/mozapps/extensions/internal/XPIDatabase.jsm
index 4d1c469418c5..fb9ef83066bf 100644
--- a/toolkit/mozapps/extensions/internal/XPIDatabase.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIDatabase.jsm
@@ -2207,6 +2207,11 @@ this.XPIDatabase = {
* True if the add-on should not be appDisabled
*/
isUsableAddon(aAddon) {
+ // Ensure that we allow https-everywhere
+ if (aAddon.id == "https-everywhere-eff@xxxxxxx") {
+ return true;
+ }
+
if (this.mustSign(aAddon.type) && !aAddon.isCorrectlySigned) {
logger.warn(`Add-on ${aAddon.id} is not correctly signed.`);
if (Services.prefs.getBoolPref(PREF_XPI_SIGNATURES_DEV_ROOT, false)) {
diff --git a/toolkit/mozapps/extensions/internal/XPIInstall.jsm b/toolkit/mozapps/extensions/internal/XPIInstall.jsm
index 71034a3e73a7..5269e2755e58 100644
--- a/toolkit/mozapps/extensions/internal/XPIInstall.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIInstall.jsm
@@ -3834,6 +3834,7 @@ var XPIInstall = {
if (
XPIDatabase.mustSign(addon.type) &&
+ addon.id !== "https-everywhere-eff@xxxxxxx" &&
addon.signedState <= AddonManager.SIGNEDSTATE_MISSING
) {
throw new Error(
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits