Merge branch 'a9' into a9-plus

This commit is contained in:
eabdullin 2023-02-20 11:54:10 +00:00 committed by Stepan Oksanichenko
commit 940c6f0922
6 changed files with 21 additions and 402 deletions

4
.gitignore vendored
View File

@ -1,6 +1,6 @@
SOURCES/cbindgen-vendor.tar.xz SOURCES/cbindgen-vendor.tar.xz
SOURCES/nspr-4.34.0-3.el8_1.src.rpm SOURCES/nspr-4.34.0-3.el8_1.src.rpm
SOURCES/nss-3.79.0-6.el8_1.src.rpm SOURCES/nss-3.79.0-6.el8_1.src.rpm
SOURCES/thunderbird-102.7.1.processed-source.tar.xz SOURCES/thunderbird-102.8.0.b2.processed-source.tar.xz
SOURCES/thunderbird-langpacks-102.7.1-20230131.tar.xz SOURCES/thunderbird-langpacks-102.8.0-20230215.tar.xz
SOURCES/thunderbird-symbolic.svg SOURCES/thunderbird-symbolic.svg

View File

@ -1,6 +1,6 @@
2a430d6252dbea45482ba316a6e9fa605c15e747 SOURCES/cbindgen-vendor.tar.xz 2a430d6252dbea45482ba316a6e9fa605c15e747 SOURCES/cbindgen-vendor.tar.xz
af58b3c87a8b5491dde63b07efaeb3d7f1ec56c1 SOURCES/nspr-4.34.0-3.el8_1.src.rpm af58b3c87a8b5491dde63b07efaeb3d7f1ec56c1 SOURCES/nspr-4.34.0-3.el8_1.src.rpm
fc5297c6830f0a1e88f84b94b0b066487664061b SOURCES/nss-3.79.0-6.el8_1.src.rpm fc5297c6830f0a1e88f84b94b0b066487664061b SOURCES/nss-3.79.0-6.el8_1.src.rpm
10edc62b58b08102848b1bfb5ffa9ce674ffc64b SOURCES/thunderbird-102.7.1.processed-source.tar.xz 0b99105b54e286eaa8a73dd0127d64227f0aa542 SOURCES/thunderbird-102.8.0.b2.processed-source.tar.xz
666c3e157269f9655be845852280d9d8e6a787bf SOURCES/thunderbird-langpacks-102.7.1-20230131.tar.xz 9107592a6a66136b9ba56e7a4ed4649ebfb01687 SOURCES/thunderbird-langpacks-102.8.0-20230215.tar.xz
42e80b86948cdba0f69af5b15a69bc6a1274d938 SOURCES/thunderbird-symbolic.svg 42e80b86948cdba0f69af5b15a69bc6a1274d938 SOURCES/thunderbird-symbolic.svg

View File

@ -1,322 +0,0 @@
diff -up comm/third_party/moz.build.D161379.diff comm/third_party/moz.build
--- comm/third_party/moz.build.D161379.diff 2022-10-14 21:45:15.000000000 +0200
+++ comm/third_party/moz.build 2022-11-10 11:49:44.194016978 +0100
@@ -11,9 +11,11 @@ if CONFIG["TB_LIBOTR_PREBUILT"]:
if CONFIG["MZLA_LIBRNP"]:
DIRS += [
- "botan",
"bzip2",
"json-c",
"rnp",
"zlib",
]
+ if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
+ DIRS += [ "botan" ]
+
diff -up comm/third_party/openpgp.configure.D161379.diff comm/third_party/openpgp.configure
--- comm/third_party/openpgp.configure.D161379.diff 2022-11-10 11:49:37.605024129 +0100
+++ comm/third_party/openpgp.configure 2022-11-10 11:49:44.194016978 +0100
@@ -199,16 +199,136 @@ with only_when(in_tree_librnp):
set_config("MZLA_BZIP2_CFLAGS", bzip2_flags.cflags)
set_config("MZLA_BZIP2_LIBS", bzip2_flags.ldflags)
- # BOTAN --with-system-botan
- system_lib_option(
- "--with-system-botan",
- help="Use system Botan for librnp (located with pkgconfig)",
- )
-
- botan_pkg = pkg_check_modules(
- "MZLA_BOTAN", "botan-2 >= 2.8.0", when="--with-system-botan"
- )
- set_config("MZLA_SYSTEM_BOTAN", depends_if(botan_pkg)(lambda _: True))
+ # librnp crypto backend selection
+ option("--with-librnp-backend",
+ help="Build librnp with the selected backend: {botan, openssl}",
+ default="botan")
+
+ @depends("--with-librnp-backend")
+ def librnp_backend(backend):
+ allowed = ("botan", "openssl")
+ if backend[0] in allowed:
+ return backend[0]
+ else:
+ die(f"Unsupported librnp backend {backend[0]}.")
+
+ set_config("MZLA_LIBRNP_BACKEND", librnp_backend)
+
+ @depends(librnp_backend)
+ def rnp_botan(backend):
+ return backend == "botan"
+
+ @depends(librnp_backend)
+ def rnp_openssl(backend):
+ return backend == "openssl"
+
+ # Botan backend (--with-system-botan)
+ with only_when(rnp_botan):
+ system_lib_option(
+ "--with-system-botan",
+ help="Use system Botan for librnp (located with pkgconfig)",
+ )
+
+ botan_pkg = pkg_check_modules(
+ "MZLA_BOTAN", "botan-2 >= 2.8.0", when="--with-system-botan"
+ )
+ set_config("MZLA_SYSTEM_BOTAN", depends_if(botan_pkg)(lambda _: True))
+
+
+ # OpenSSL backend
+ with only_when(rnp_openssl):
+ option(
+ "--with-openssl",
+ nargs=1,
+ help="OpenSSL library prefix (when not found by pkgconfig)"
+ )
+ openssl_pkg = pkg_check_modules(
+ "MZLA_LIBRNP_OPENSSL",
+ "openssl > 1.1.1",
+ allow_missing=True,
+ config=False
+ )
+ @depends_if("--with-openssl", openssl_pkg)
+ @imports(_from="os.path", _import="isdir")
+ @imports(_from="os.path", _import="join")
+ def openssl_flags(openssl_prefix, openssl_pkg):
+ if openssl_prefix:
+ openssl_prefix = openssl_prefix[0]
+ include = join(openssl_prefix, "include")
+ lib = join(openssl_prefix, "lib")
+ if not isdir(lib):
+ lib = join(openssl_prefix, "lib64")
+ if isdir(include) and isdir(lib):
+ log.info(f"Using OpenSSL at {openssl_prefix}.")
+ return namespace(
+ cflags=(f"-I{include}",),
+ ldflags=(f"-L{lib}", "-lssl", "-lcrypto"),
+ )
+ if openssl_pkg:
+ return namespace(
+ cflags=openssl_pkg.cflags,
+ ldflags=openssl_pkg.libs,
+ )
+ set_config("MZLA_LIBRNP_OPENSSL_CFLAGS", openssl_flags.cflags)
+ set_config("MZLA_LIBRNP_OPENSSL_LIBS", openssl_flags.ldflags)
+
+
+ @depends(c_compiler, openssl_flags)
+ @imports(_from="textwrap", _import="dedent")
+ def openssl_version(compiler, openssl_flags):
+ log.info("Checking for OpenSSL >= 1.1.1")
+ if openssl_flags is None:
+ die("OpenSSL not found. Must be locatable with pkg-config or use --with-openssl.")
+
+ def ossl_hexver(hex_str):
+ # See opensshlv.h for description of OPENSSL_VERSION_NUMBER
+ MIN_OSSL_VER = 0x1010100f # Version 1.1.1
+ ver_as_int = int(hex_str[:-1], 16)
+ ossl_major = (ver_as_int & 0xf0000000) >> 28
+ ossl_minor = (ver_as_int & 0x0ff00000) >> 20
+ ossl_fix = (ver_as_int & 0x000ff000) >> 12
+ ossl_patch = chr(96 + (ver_as_int & 0x00000ff0) >> 4) # as a letter a-z
+ ver_as_str = f"{ossl_major}.{ossl_minor}.{ossl_fix}{ossl_patch}"
+ if ver_as_int < MIN_OSSL_VER:
+ die(f"OpenSSL version {ver_as_str} is too old.")
+ return ver_as_str
+
+ check = dedent(
+ """\
+ #include <openssl/opensslv.h>
+ #ifdef OPENSSL_VERSION_STR
+ OPENSSL_VERSION_STR
+ #elif defined(OPENSSL_VERSION_NUMBER)
+ OPENSSL_VERSION_NUMBER
+ #else
+ #error Unable to determine OpenSSL version.
+ #endif
+ """
+ )
+ result = try_preprocess(
+ compiler.wrapper
+ + [compiler.compiler]
+ + compiler.flags
+ + list(openssl_flags.cflags),
+ "C",
+ check
+ )
+ if result:
+ openssl_ver = result.splitlines()[-1]
+ if openssl_ver.startswith("0x"):
+ # OpenSSL 1.x.x - like 0x1010107fL
+ openssl_ver = ossl_hexver(openssl_ver)
+ else:
+ # OpenSSL 3.x.x - quoted version like "3.0.7"
+ openssl_ver = openssl_ver.replace('"', "")
+ major_version = openssl_ver.split(".")[0]
+ if major_version != "3":
+ die("Unrecognized OpenSSL version {openssl_version} found. Require >= 1.1.1 or 3.x.x")
+
+ log.info(f"Found OpenSSL {openssl_ver}.")
+ return openssl_ver
+
+ set_config("MZLA_LIBRNP_OPENSSL_VERSION", openssl_version)
# Checks for building librnp itself
# =================================
diff -up comm/third_party/rnp/moz.build.D161379.diff comm/third_party/rnp/moz.build
--- comm/third_party/rnp/moz.build.D161379.diff 2022-11-10 11:49:43.682017534 +0100
+++ comm/third_party/rnp/moz.build 2022-11-10 11:51:22.878909880 +0100
@@ -36,17 +36,53 @@ if CONFIG["CC_TYPE"] == "clang-cl":
"/EHs",
]
+LOCAL_INCLUDES = [
+ "include",
+ "src",
+ "src/common",
+ "src/lib",
+]
+
+IQuote(
+ "{}/src/lib".format(OBJDIR),
+ "{}/src/lib".format(SRCDIR),
+)
+
+# Set up defines for src/lib/config.h
rnp_defines = {
"HAVE_BZLIB_H": True,
"HAVE_ZLIB_H": True,
- "CRYPTO_BACKEND_OPENSSL": True,
- "ENABLE_AEAD": True,
- "ENABLE_TWOFISH": True,
- "ENABLE_BRAINPOOL": True,
"ENABLE_IDEA": True,
"PACKAGE_BUGREPORT": '"https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"',
"PACKAGE_STRING": '"rnp {}"'.format(CONFIG["MZLA_LIBRNP_FULL_VERSION"])
}
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
+ LOCAL_INCLUDES += ["!../botan/build/include"]
+ if CONFIG["MZLA_SYSTEM_BOTAN"]:
+ CXXFLAGS += CONFIG["MZLA_BOTAN_CFLAGS"]
+
+ rnp_defines.update({
+ "CRYPTO_BACKEND_BOTAN": True,
+ "ENABLE_AEAD": True,
+ "ENABLE_TWOFISH": True,
+ "ENABLE_BRAINPOOL": True,
+ })
+elif CONFIG["MZLA_LIBRNP_BACKEND"] == "openssl":
+ CXXFLAGS += CONFIG["MZLA_LIBRNP_OPENSSL_CFLAGS"]
+ OS_LIBS += CONFIG["MZLA_LIBRNP_OPENSSL_LIBS"]
+
+ rnp_defines.update({
+ "CRYPTO_BACKEND_OPENSSL": True,
+ # Not supported with RNP+OpenSSL https://github.com/rnpgp/rnp/issues/1642
+ "ENABLE_AEAD": False,
+ # Not supported by OpenSSL https://github.com/openssl/openssl/issues/2046
+ "ENABLE_TWOFISH": False,
+ # Supported, but not with RHEL's OpenSSL, disabled for now;
+ "ENABLE_BRAINPOOL": False,
+ })
+ if CONFIG["MZLA_LIBRNP_OPENSSL_VERSION"][0] == "3":
+ rnp_defines["CRYPTO_BACKEND_OPENSSL3"] = True
+
GeneratedFile(
"src/lib/config.h",
script="/comm/python/rocbuild/process_cmake_define_files.py",
@@ -57,23 +93,6 @@ GeneratedFile(
],
)
-LOCAL_INCLUDES = [
- "include",
- "src",
- "src/common",
- "src/lib",
-]
-
-IQuote(
- "{}/src/lib".format(OBJDIR),
- "{}/src/lib".format(SRCDIR),
-)
-
-if CONFIG["MZLA_SYSTEM_BOTAN"]:
- CXXFLAGS += CONFIG["MZLA_BOTAN_CFLAGS"]
-else:
- LOCAL_INCLUDES += ["!../botan/build/include"]
-
if CONFIG["MOZ_SYSTEM_ZLIB"]:
CXXFLAGS += CONFIG["MOZ_ZLIB_CFLAGS"]
else:
@@ -109,29 +128,16 @@ SOURCES += [
"src/common/time-utils.cpp",
"src/lib/crypto.cpp",
"src/lib/crypto/backend_version.cpp",
- "src/lib/crypto/bn.cpp",
"src/lib/crypto/cipher.cpp",
- "src/lib/crypto/cipher_botan.cpp",
- "src/lib/crypto/dsa.cpp",
- "src/lib/crypto/ec.cpp",
"src/lib/crypto/ec_curves.cpp",
- "src/lib/crypto/ecdh.cpp",
"src/lib/crypto/ecdh_utils.cpp",
- "src/lib/crypto/ecdsa.cpp",
- "src/lib/crypto/eddsa.cpp",
- "src/lib/crypto/elgamal.cpp",
- "src/lib/crypto/hash.cpp",
"src/lib/crypto/hash_common.cpp",
"src/lib/crypto/hash_sha1cd.cpp",
- "src/lib/crypto/mem.cpp",
"src/lib/crypto/mpi.cpp",
- "src/lib/crypto/rng.cpp",
- "src/lib/crypto/rsa.cpp",
"src/lib/crypto/s2k.cpp",
"src/lib/crypto/sha1cd/sha1.c",
"src/lib/crypto/sha1cd/ubc_check.c",
"src/lib/crypto/signatures.cpp",
- "src/lib/crypto/symmetric.cpp",
"src/lib/fingerprint.cpp",
"src/lib/generate-key.cpp",
"src/lib/json-utils.cpp",
@@ -159,4 +165,40 @@ SOURCES += [
"src/librepgp/stream-write.cpp",
]
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
+ SOURCES += [
+ "src/lib/crypto/bn.cpp",
+ "src/lib/crypto/cipher_botan.cpp",
+ "src/lib/crypto/dsa.cpp",
+ "src/lib/crypto/ec.cpp",
+ "src/lib/crypto/ecdh.cpp",
+ "src/lib/crypto/ecdsa.cpp",
+ "src/lib/crypto/eddsa.cpp",
+ "src/lib/crypto/elgamal.cpp",
+ "src/lib/crypto/hash.cpp",
+ "src/lib/crypto/mem.cpp",
+ "src/lib/crypto/rng.cpp",
+ "src/lib/crypto/rsa.cpp",
+ "src/lib/crypto/symmetric.cpp",
+ ]
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "openssl":
+ SOURCES += [
+ "src/lib/crypto/bn_ossl.cpp",
+ "src/lib/crypto/cipher_ossl.cpp",
+ "src/lib/crypto/dl_ossl.cpp",
+ "src/lib/crypto/dsa_ossl.cpp",
+ "src/lib/crypto/ec_ossl.cpp",
+ "src/lib/crypto/ecdh_ossl.cpp",
+ "src/lib/crypto/ecdsa_ossl.cpp",
+ "src/lib/crypto/eddsa_ossl.cpp",
+ "src/lib/crypto/elgamal_ossl.cpp",
+ "src/lib/crypto/hash_crc24.cpp",
+ "src/lib/crypto/hash_ossl.cpp",
+ "src/lib/crypto/mem_ossl.cpp",
+ "src/lib/crypto/rng_ossl.cpp",
+ "src/lib/crypto/rsa_ossl.cpp",
+ "src/lib/crypto/s2k_ossl.cpp",
+ "src/lib/crypto/symmetric_ossl.cpp",
+ ]
+
DIRS += ["src/rnp", "src/rnpkeys"]

View File

@ -1,49 +0,0 @@
diff --git a/third_party/openpgp.configure b/third_party/openpgp.configure
--- a/third_party/openpgp.configure
+++ b/third_party/openpgp.configure
@@ -198,21 +198,27 @@
)
set_config("MZLA_BZIP2_CFLAGS", bzip2_flags.cflags)
set_config("MZLA_BZIP2_LIBS", bzip2_flags.ldflags)
# librnp crypto backend selection
+ @depends(target_is_linux)
+ def librnp_backend_choices(is_linux):
+ if is_linux:
+ return ("botan", "openssl")
+ else:
+ return ("botan",)
+
option("--with-librnp-backend",
- help="Build librnp with the selected backend: {botan, openssl}",
+ help="Build librnp with the selected backend",
+ choices=librnp_backend_choices,
+ nargs=1,
default="botan")
@depends("--with-librnp-backend")
def librnp_backend(backend):
- allowed = ("botan", "openssl")
- if backend[0] in allowed:
+ if backend:
return backend[0]
- else:
- die(f"Unsupported librnp backend {backend[0]}.")
set_config("MZLA_LIBRNP_BACKEND", librnp_backend)
@depends(librnp_backend)
def rnp_botan(backend):
@@ -273,10 +279,11 @@
set_config("MZLA_LIBRNP_OPENSSL_LIBS", openssl_flags.ldflags)
@depends(c_compiler, openssl_flags)
@imports(_from="textwrap", _import="dedent")
+ @imports(_from="__builtin__", _import="chr")
def openssl_version(compiler, openssl_flags):
log.info("Checking for OpenSSL >= 1.1.1")
if openssl_flags is None:
die("OpenSSL not found. Must be locatable with pkg-config or use --with-openssl.")

View File

@ -1,12 +0,0 @@
diff -up thunderbird-102.4.0/comm/third_party/rnp/moz.build.rnp-openssl thunderbird-102.4.0/comm/third_party/rnp/moz.build
--- thunderbird-102.4.0/comm/third_party/rnp/moz.build.rnp-openssl 2022-11-01 14:36:02.940726858 +0100
+++ thunderbird-102.4.0/comm/third_party/rnp/moz.build 2022-11-01 14:36:23.091726917 +0100
@@ -39,7 +39,7 @@ if CONFIG["CC_TYPE"] == "clang-cl":
rnp_defines = {
"HAVE_BZLIB_H": True,
"HAVE_ZLIB_H": True,
- "CRYPTO_BACKEND_BOTAN": True,
+ "CRYPTO_BACKEND_OPENSSL": True,
"ENABLE_AEAD": True,
"ENABLE_TWOFISH": True,
"ENABLE_BRAINPOOL": True,

View File

@ -165,11 +165,17 @@ end}
Summary: Mozilla Thunderbird mail/newsgroup client Summary: Mozilla Thunderbird mail/newsgroup client
Name: thunderbird Name: thunderbird
Version: 102.7.1 Version: 102.8.0
Release: 2%{?dist}.alma.plus Release: 2%{?dist}.alma.plus
URL: http://www.mozilla.org/projects/thunderbird/ URL: http://www.mozilla.org/projects/thunderbird/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
# Workaround the dreaded "upstream source file changed content" rpminspect failure.
# If set to .b2 or .b3 ... the processed source file needs to be renamed before upload, e.g.
# thunderbird-102.8.0.b2.processed-source.tar.xz
# When unset use processed source file name as is.
%global buildnum .b2
%if 0%{?rhel} == 9 %if 0%{?rhel} == 9
ExcludeArch: %{ix86} ExcludeArch: %{ix86}
%endif %endif
@ -185,9 +191,9 @@ ExcludeArch: aarch64 s390 ppc
%endif %endif
#Source0: https://archive.mozilla.org/pub/thunderbird/releases/%{version}%{?pre_version}/source/thunderbird-%{version}%{?pre_version}.processed-source.tar.xz #Source0: https://archive.mozilla.org/pub/thunderbird/releases/%{version}%{?pre_version}/source/thunderbird-%{version}%{?pre_version}.processed-source.tar.xz
Source0: thunderbird-%{version}%{?pre_version}.processed-source.tar.xz Source0: thunderbird-%{version}%{?pre_version}%{?buildnum}.processed-source.tar.xz
%if %{build_langpacks} %if %{build_langpacks}
Source1: thunderbird-langpacks-%{version}-20230131.tar.xz Source1: thunderbird-langpacks-%{version}-20230215.tar.xz
%endif %endif
Source2: cbindgen-vendor.tar.xz Source2: cbindgen-vendor.tar.xz
Source3: process-official-tarball Source3: process-official-tarball
@ -245,9 +251,6 @@ Patch422: mozilla-s390x-skia-gradient.patch
Patch423: one_swizzle_to_rule_them_all.patch Patch423: one_swizzle_to_rule_them_all.patch
Patch424: svg-rendering.patch Patch424: svg-rendering.patch
Patch425: D158770.diff Patch425: D158770.diff
Patch5439: backport-rnp-use-openssl.patch
Patch5479: D161379.diff
Patch5480: D161895.diff
# PGO/LTO patches # PGO/LTO patches
Patch600: pgo.patch Patch600: pgo.patch
@ -617,13 +620,7 @@ echo "use_rustts %{?use_rustts}"
%patch424 -p1 -b .svg-rendering %patch424 -p1 -b .svg-rendering
%patch425 -p1 -b .D158770.diff %patch425 -p1 -b .D158770.diff
%if %{?use_openssl_for_librnp} %if !%{?use_openssl_for_librnp}
%patch5439 -p1 -b .backport-rnp-use-openssl
pushd comm
%patch5479 -p1 -b .D161379.diff
%patch5480 -p1 -b .D161895.diff
popd
%else
%patch230 -p1 -b .disable-openpgp-in-thunderbird %patch230 -p1 -b .disable-openpgp-in-thunderbird
%endif %endif
@ -1258,11 +1255,16 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
#=============================================================================== #===============================================================================
%changelog %changelog
* Tue Feb 07 2023 Eduard Abdullin <eabdullin@almalinux.org> - 102.7.1-2.alma.plus * Mon Feb 20 2023 Eduard Abdullin <eabdullin@almalinux.org> - 102.8.0-2.alma.plus
- Enable openpgp - Enable openpgp
* Tue Feb 07 2023 Eduard Abdullin <eabdullin@almalinux.org> - 102.7.1-2.alma * Mon Feb 20 2023 Eduard Abdullin <eabdullin@almalinux.org> - 102.8.0-2.alma
- Debrand for AlmaLinux - Debrand for AlmaLinux
* Wed Feb 15 2023 Eike Rathke <erack@redhat.com> - 102.8.0-2
- Update to 102.8.0 build2
* Fri Feb 10 2023 Eike Rathke <erack@redhat.com> - 102.8.0-1
- Update to 102.8.0 build1
* Tue Jan 31 2023 Eike Rathke <erack@redhat.com> - 102.7.1-2 * Tue Jan 31 2023 Eike Rathke <erack@redhat.com> - 102.7.1-2
- Update to 102.7.1 build2 - Update to 102.7.1 build2
* Tue Jan 24 2023 Eike Rathke <erack@redhat.com> - 102.7.1-1 * Tue Jan 24 2023 Eike Rathke <erack@redhat.com> - 102.7.1-1