import thunderbird-102.6.0-2.el8_7
This commit is contained in:
parent
b8373a03cc
commit
9c41bc64c9
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,6 +1,6 @@
|
||||
SOURCES/cbindgen-vendor.tar.xz
|
||||
SOURCES/nspr-4.34.0-3.el8_1.src.rpm
|
||||
SOURCES/nss-3.79.0-6.el8_1.src.rpm
|
||||
SOURCES/thunderbird-102.5.0.processed-source.tar.xz
|
||||
SOURCES/thunderbird-langpacks-102.5.0-20221115.tar.xz
|
||||
SOURCES/thunderbird-102.6.0.processed-source.tar.xz
|
||||
SOURCES/thunderbird-langpacks-102.6.0-20221213.tar.xz
|
||||
SOURCES/thunderbird-symbolic.svg
|
||||
|
@ -1,6 +1,6 @@
|
||||
2a430d6252dbea45482ba316a6e9fa605c15e747 SOURCES/cbindgen-vendor.tar.xz
|
||||
af58b3c87a8b5491dde63b07efaeb3d7f1ec56c1 SOURCES/nspr-4.34.0-3.el8_1.src.rpm
|
||||
fc5297c6830f0a1e88f84b94b0b066487664061b SOURCES/nss-3.79.0-6.el8_1.src.rpm
|
||||
9aa205e4b8d075f7292d9b1941ca70f7f17ca914 SOURCES/thunderbird-102.5.0.processed-source.tar.xz
|
||||
cd691f3bb1cd19e1102bca10a3bac61e013f9e03 SOURCES/thunderbird-langpacks-102.5.0-20221115.tar.xz
|
||||
2e5705870dd47decb800757a4e26d288b24b61b1 SOURCES/thunderbird-102.6.0.processed-source.tar.xz
|
||||
d28522497a56117469dbabbde833b69619d8e090 SOURCES/thunderbird-langpacks-102.6.0-20221213.tar.xz
|
||||
42e80b86948cdba0f69af5b15a69bc6a1274d938 SOURCES/thunderbird-symbolic.svg
|
||||
|
322
SOURCES/D161379.diff
Normal file
322
SOURCES/D161379.diff
Normal file
@ -0,0 +1,322 @@
|
||||
diff -up comm/third_party/moz.build.D161379.diff comm/third_party/moz.build
|
||||
--- comm/third_party/moz.build.D161379.diff 2022-10-14 21:45:15.000000000 +0200
|
||||
+++ comm/third_party/moz.build 2022-11-10 11:49:44.194016978 +0100
|
||||
@@ -11,9 +11,11 @@ if CONFIG["TB_LIBOTR_PREBUILT"]:
|
||||
|
||||
if CONFIG["MZLA_LIBRNP"]:
|
||||
DIRS += [
|
||||
- "botan",
|
||||
"bzip2",
|
||||
"json-c",
|
||||
"rnp",
|
||||
"zlib",
|
||||
]
|
||||
+ if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
|
||||
+ DIRS += [ "botan" ]
|
||||
+
|
||||
diff -up comm/third_party/openpgp.configure.D161379.diff comm/third_party/openpgp.configure
|
||||
--- comm/third_party/openpgp.configure.D161379.diff 2022-11-10 11:49:37.605024129 +0100
|
||||
+++ comm/third_party/openpgp.configure 2022-11-10 11:49:44.194016978 +0100
|
||||
@@ -199,16 +199,136 @@ with only_when(in_tree_librnp):
|
||||
set_config("MZLA_BZIP2_CFLAGS", bzip2_flags.cflags)
|
||||
set_config("MZLA_BZIP2_LIBS", bzip2_flags.ldflags)
|
||||
|
||||
- # BOTAN --with-system-botan
|
||||
- system_lib_option(
|
||||
- "--with-system-botan",
|
||||
- help="Use system Botan for librnp (located with pkgconfig)",
|
||||
- )
|
||||
-
|
||||
- botan_pkg = pkg_check_modules(
|
||||
- "MZLA_BOTAN", "botan-2 >= 2.8.0", when="--with-system-botan"
|
||||
- )
|
||||
- set_config("MZLA_SYSTEM_BOTAN", depends_if(botan_pkg)(lambda _: True))
|
||||
+ # librnp crypto backend selection
|
||||
+ option("--with-librnp-backend",
|
||||
+ help="Build librnp with the selected backend: {botan, openssl}",
|
||||
+ default="botan")
|
||||
+
|
||||
+ @depends("--with-librnp-backend")
|
||||
+ def librnp_backend(backend):
|
||||
+ allowed = ("botan", "openssl")
|
||||
+ if backend[0] in allowed:
|
||||
+ return backend[0]
|
||||
+ else:
|
||||
+ die(f"Unsupported librnp backend {backend[0]}.")
|
||||
+
|
||||
+ set_config("MZLA_LIBRNP_BACKEND", librnp_backend)
|
||||
+
|
||||
+ @depends(librnp_backend)
|
||||
+ def rnp_botan(backend):
|
||||
+ return backend == "botan"
|
||||
+
|
||||
+ @depends(librnp_backend)
|
||||
+ def rnp_openssl(backend):
|
||||
+ return backend == "openssl"
|
||||
+
|
||||
+ # Botan backend (--with-system-botan)
|
||||
+ with only_when(rnp_botan):
|
||||
+ system_lib_option(
|
||||
+ "--with-system-botan",
|
||||
+ help="Use system Botan for librnp (located with pkgconfig)",
|
||||
+ )
|
||||
+
|
||||
+ botan_pkg = pkg_check_modules(
|
||||
+ "MZLA_BOTAN", "botan-2 >= 2.8.0", when="--with-system-botan"
|
||||
+ )
|
||||
+ set_config("MZLA_SYSTEM_BOTAN", depends_if(botan_pkg)(lambda _: True))
|
||||
+
|
||||
+
|
||||
+ # OpenSSL backend
|
||||
+ with only_when(rnp_openssl):
|
||||
+ option(
|
||||
+ "--with-openssl",
|
||||
+ nargs=1,
|
||||
+ help="OpenSSL library prefix (when not found by pkgconfig)"
|
||||
+ )
|
||||
+ openssl_pkg = pkg_check_modules(
|
||||
+ "MZLA_LIBRNP_OPENSSL",
|
||||
+ "openssl > 1.1.1",
|
||||
+ allow_missing=True,
|
||||
+ config=False
|
||||
+ )
|
||||
+ @depends_if("--with-openssl", openssl_pkg)
|
||||
+ @imports(_from="os.path", _import="isdir")
|
||||
+ @imports(_from="os.path", _import="join")
|
||||
+ def openssl_flags(openssl_prefix, openssl_pkg):
|
||||
+ if openssl_prefix:
|
||||
+ openssl_prefix = openssl_prefix[0]
|
||||
+ include = join(openssl_prefix, "include")
|
||||
+ lib = join(openssl_prefix, "lib")
|
||||
+ if not isdir(lib):
|
||||
+ lib = join(openssl_prefix, "lib64")
|
||||
+ if isdir(include) and isdir(lib):
|
||||
+ log.info(f"Using OpenSSL at {openssl_prefix}.")
|
||||
+ return namespace(
|
||||
+ cflags=(f"-I{include}",),
|
||||
+ ldflags=(f"-L{lib}", "-lssl", "-lcrypto"),
|
||||
+ )
|
||||
+ if openssl_pkg:
|
||||
+ return namespace(
|
||||
+ cflags=openssl_pkg.cflags,
|
||||
+ ldflags=openssl_pkg.libs,
|
||||
+ )
|
||||
+ set_config("MZLA_LIBRNP_OPENSSL_CFLAGS", openssl_flags.cflags)
|
||||
+ set_config("MZLA_LIBRNP_OPENSSL_LIBS", openssl_flags.ldflags)
|
||||
+
|
||||
+
|
||||
+ @depends(c_compiler, openssl_flags)
|
||||
+ @imports(_from="textwrap", _import="dedent")
|
||||
+ def openssl_version(compiler, openssl_flags):
|
||||
+ log.info("Checking for OpenSSL >= 1.1.1")
|
||||
+ if openssl_flags is None:
|
||||
+ die("OpenSSL not found. Must be locatable with pkg-config or use --with-openssl.")
|
||||
+
|
||||
+ def ossl_hexver(hex_str):
|
||||
+ # See opensshlv.h for description of OPENSSL_VERSION_NUMBER
|
||||
+ MIN_OSSL_VER = 0x1010100f # Version 1.1.1
|
||||
+ ver_as_int = int(hex_str[:-1], 16)
|
||||
+ ossl_major = (ver_as_int & 0xf0000000) >> 28
|
||||
+ ossl_minor = (ver_as_int & 0x0ff00000) >> 20
|
||||
+ ossl_fix = (ver_as_int & 0x000ff000) >> 12
|
||||
+ ossl_patch = chr(96 + (ver_as_int & 0x00000ff0) >> 4) # as a letter a-z
|
||||
+ ver_as_str = f"{ossl_major}.{ossl_minor}.{ossl_fix}{ossl_patch}"
|
||||
+ if ver_as_int < MIN_OSSL_VER:
|
||||
+ die(f"OpenSSL version {ver_as_str} is too old.")
|
||||
+ return ver_as_str
|
||||
+
|
||||
+ check = dedent(
|
||||
+ """\
|
||||
+ #include <openssl/opensslv.h>
|
||||
+ #ifdef OPENSSL_VERSION_STR
|
||||
+ OPENSSL_VERSION_STR
|
||||
+ #elif defined(OPENSSL_VERSION_NUMBER)
|
||||
+ OPENSSL_VERSION_NUMBER
|
||||
+ #else
|
||||
+ #error Unable to determine OpenSSL version.
|
||||
+ #endif
|
||||
+ """
|
||||
+ )
|
||||
+ result = try_preprocess(
|
||||
+ compiler.wrapper
|
||||
+ + [compiler.compiler]
|
||||
+ + compiler.flags
|
||||
+ + list(openssl_flags.cflags),
|
||||
+ "C",
|
||||
+ check
|
||||
+ )
|
||||
+ if result:
|
||||
+ openssl_ver = result.splitlines()[-1]
|
||||
+ if openssl_ver.startswith("0x"):
|
||||
+ # OpenSSL 1.x.x - like 0x1010107fL
|
||||
+ openssl_ver = ossl_hexver(openssl_ver)
|
||||
+ else:
|
||||
+ # OpenSSL 3.x.x - quoted version like "3.0.7"
|
||||
+ openssl_ver = openssl_ver.replace('"', "")
|
||||
+ major_version = openssl_ver.split(".")[0]
|
||||
+ if major_version != "3":
|
||||
+ die("Unrecognized OpenSSL version {openssl_version} found. Require >= 1.1.1 or 3.x.x")
|
||||
+
|
||||
+ log.info(f"Found OpenSSL {openssl_ver}.")
|
||||
+ return openssl_ver
|
||||
+
|
||||
+ set_config("MZLA_LIBRNP_OPENSSL_VERSION", openssl_version)
|
||||
|
||||
# Checks for building librnp itself
|
||||
# =================================
|
||||
diff -up comm/third_party/rnp/moz.build.D161379.diff comm/third_party/rnp/moz.build
|
||||
--- comm/third_party/rnp/moz.build.D161379.diff 2022-11-10 11:49:43.682017534 +0100
|
||||
+++ comm/third_party/rnp/moz.build 2022-11-10 11:51:22.878909880 +0100
|
||||
@@ -36,17 +36,53 @@ if CONFIG["CC_TYPE"] == "clang-cl":
|
||||
"/EHs",
|
||||
]
|
||||
|
||||
+LOCAL_INCLUDES = [
|
||||
+ "include",
|
||||
+ "src",
|
||||
+ "src/common",
|
||||
+ "src/lib",
|
||||
+]
|
||||
+
|
||||
+IQuote(
|
||||
+ "{}/src/lib".format(OBJDIR),
|
||||
+ "{}/src/lib".format(SRCDIR),
|
||||
+)
|
||||
+
|
||||
+# Set up defines for src/lib/config.h
|
||||
rnp_defines = {
|
||||
"HAVE_BZLIB_H": True,
|
||||
"HAVE_ZLIB_H": True,
|
||||
- "CRYPTO_BACKEND_OPENSSL": True,
|
||||
- "ENABLE_AEAD": True,
|
||||
- "ENABLE_TWOFISH": True,
|
||||
- "ENABLE_BRAINPOOL": True,
|
||||
"ENABLE_IDEA": True,
|
||||
"PACKAGE_BUGREPORT": '"https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"',
|
||||
"PACKAGE_STRING": '"rnp {}"'.format(CONFIG["MZLA_LIBRNP_FULL_VERSION"])
|
||||
}
|
||||
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
|
||||
+ LOCAL_INCLUDES += ["!../botan/build/include"]
|
||||
+ if CONFIG["MZLA_SYSTEM_BOTAN"]:
|
||||
+ CXXFLAGS += CONFIG["MZLA_BOTAN_CFLAGS"]
|
||||
+
|
||||
+ rnp_defines.update({
|
||||
+ "CRYPTO_BACKEND_BOTAN": True,
|
||||
+ "ENABLE_AEAD": True,
|
||||
+ "ENABLE_TWOFISH": True,
|
||||
+ "ENABLE_BRAINPOOL": True,
|
||||
+ })
|
||||
+elif CONFIG["MZLA_LIBRNP_BACKEND"] == "openssl":
|
||||
+ CXXFLAGS += CONFIG["MZLA_LIBRNP_OPENSSL_CFLAGS"]
|
||||
+ OS_LIBS += CONFIG["MZLA_LIBRNP_OPENSSL_LIBS"]
|
||||
+
|
||||
+ rnp_defines.update({
|
||||
+ "CRYPTO_BACKEND_OPENSSL": True,
|
||||
+ # Not supported with RNP+OpenSSL https://github.com/rnpgp/rnp/issues/1642
|
||||
+ "ENABLE_AEAD": False,
|
||||
+ # Not supported by OpenSSL https://github.com/openssl/openssl/issues/2046
|
||||
+ "ENABLE_TWOFISH": False,
|
||||
+ # Supported, but not with RHEL's OpenSSL, disabled for now;
|
||||
+ "ENABLE_BRAINPOOL": False,
|
||||
+ })
|
||||
+ if CONFIG["MZLA_LIBRNP_OPENSSL_VERSION"][0] == "3":
|
||||
+ rnp_defines["CRYPTO_BACKEND_OPENSSL3"] = True
|
||||
+
|
||||
GeneratedFile(
|
||||
"src/lib/config.h",
|
||||
script="/comm/python/rocbuild/process_cmake_define_files.py",
|
||||
@@ -57,23 +93,6 @@ GeneratedFile(
|
||||
],
|
||||
)
|
||||
|
||||
-LOCAL_INCLUDES = [
|
||||
- "include",
|
||||
- "src",
|
||||
- "src/common",
|
||||
- "src/lib",
|
||||
-]
|
||||
-
|
||||
-IQuote(
|
||||
- "{}/src/lib".format(OBJDIR),
|
||||
- "{}/src/lib".format(SRCDIR),
|
||||
-)
|
||||
-
|
||||
-if CONFIG["MZLA_SYSTEM_BOTAN"]:
|
||||
- CXXFLAGS += CONFIG["MZLA_BOTAN_CFLAGS"]
|
||||
-else:
|
||||
- LOCAL_INCLUDES += ["!../botan/build/include"]
|
||||
-
|
||||
if CONFIG["MOZ_SYSTEM_ZLIB"]:
|
||||
CXXFLAGS += CONFIG["MOZ_ZLIB_CFLAGS"]
|
||||
else:
|
||||
@@ -109,29 +128,16 @@ SOURCES += [
|
||||
"src/common/time-utils.cpp",
|
||||
"src/lib/crypto.cpp",
|
||||
"src/lib/crypto/backend_version.cpp",
|
||||
- "src/lib/crypto/bn.cpp",
|
||||
"src/lib/crypto/cipher.cpp",
|
||||
- "src/lib/crypto/cipher_botan.cpp",
|
||||
- "src/lib/crypto/dsa.cpp",
|
||||
- "src/lib/crypto/ec.cpp",
|
||||
"src/lib/crypto/ec_curves.cpp",
|
||||
- "src/lib/crypto/ecdh.cpp",
|
||||
"src/lib/crypto/ecdh_utils.cpp",
|
||||
- "src/lib/crypto/ecdsa.cpp",
|
||||
- "src/lib/crypto/eddsa.cpp",
|
||||
- "src/lib/crypto/elgamal.cpp",
|
||||
- "src/lib/crypto/hash.cpp",
|
||||
"src/lib/crypto/hash_common.cpp",
|
||||
"src/lib/crypto/hash_sha1cd.cpp",
|
||||
- "src/lib/crypto/mem.cpp",
|
||||
"src/lib/crypto/mpi.cpp",
|
||||
- "src/lib/crypto/rng.cpp",
|
||||
- "src/lib/crypto/rsa.cpp",
|
||||
"src/lib/crypto/s2k.cpp",
|
||||
"src/lib/crypto/sha1cd/sha1.c",
|
||||
"src/lib/crypto/sha1cd/ubc_check.c",
|
||||
"src/lib/crypto/signatures.cpp",
|
||||
- "src/lib/crypto/symmetric.cpp",
|
||||
"src/lib/fingerprint.cpp",
|
||||
"src/lib/generate-key.cpp",
|
||||
"src/lib/json-utils.cpp",
|
||||
@@ -159,4 +165,40 @@ SOURCES += [
|
||||
"src/librepgp/stream-write.cpp",
|
||||
]
|
||||
|
||||
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
|
||||
+ SOURCES += [
|
||||
+ "src/lib/crypto/bn.cpp",
|
||||
+ "src/lib/crypto/cipher_botan.cpp",
|
||||
+ "src/lib/crypto/dsa.cpp",
|
||||
+ "src/lib/crypto/ec.cpp",
|
||||
+ "src/lib/crypto/ecdh.cpp",
|
||||
+ "src/lib/crypto/ecdsa.cpp",
|
||||
+ "src/lib/crypto/eddsa.cpp",
|
||||
+ "src/lib/crypto/elgamal.cpp",
|
||||
+ "src/lib/crypto/hash.cpp",
|
||||
+ "src/lib/crypto/mem.cpp",
|
||||
+ "src/lib/crypto/rng.cpp",
|
||||
+ "src/lib/crypto/rsa.cpp",
|
||||
+ "src/lib/crypto/symmetric.cpp",
|
||||
+ ]
|
||||
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "openssl":
|
||||
+ SOURCES += [
|
||||
+ "src/lib/crypto/bn_ossl.cpp",
|
||||
+ "src/lib/crypto/cipher_ossl.cpp",
|
||||
+ "src/lib/crypto/dl_ossl.cpp",
|
||||
+ "src/lib/crypto/dsa_ossl.cpp",
|
||||
+ "src/lib/crypto/ec_ossl.cpp",
|
||||
+ "src/lib/crypto/ecdh_ossl.cpp",
|
||||
+ "src/lib/crypto/ecdsa_ossl.cpp",
|
||||
+ "src/lib/crypto/eddsa_ossl.cpp",
|
||||
+ "src/lib/crypto/elgamal_ossl.cpp",
|
||||
+ "src/lib/crypto/hash_crc24.cpp",
|
||||
+ "src/lib/crypto/hash_ossl.cpp",
|
||||
+ "src/lib/crypto/mem_ossl.cpp",
|
||||
+ "src/lib/crypto/rng_ossl.cpp",
|
||||
+ "src/lib/crypto/rsa_ossl.cpp",
|
||||
+ "src/lib/crypto/s2k_ossl.cpp",
|
||||
+ "src/lib/crypto/symmetric_ossl.cpp",
|
||||
+ ]
|
||||
+
|
||||
DIRS += ["src/rnp", "src/rnpkeys"]
|
49
SOURCES/D161895.diff
Normal file
49
SOURCES/D161895.diff
Normal file
@ -0,0 +1,49 @@
|
||||
diff --git a/third_party/openpgp.configure b/third_party/openpgp.configure
|
||||
--- a/third_party/openpgp.configure
|
||||
+++ b/third_party/openpgp.configure
|
||||
@@ -198,21 +198,27 @@
|
||||
)
|
||||
set_config("MZLA_BZIP2_CFLAGS", bzip2_flags.cflags)
|
||||
set_config("MZLA_BZIP2_LIBS", bzip2_flags.ldflags)
|
||||
|
||||
# librnp crypto backend selection
|
||||
+ @depends(target_is_linux)
|
||||
+ def librnp_backend_choices(is_linux):
|
||||
+ if is_linux:
|
||||
+ return ("botan", "openssl")
|
||||
+ else:
|
||||
+ return ("botan",)
|
||||
+
|
||||
option("--with-librnp-backend",
|
||||
- help="Build librnp with the selected backend: {botan, openssl}",
|
||||
+ help="Build librnp with the selected backend",
|
||||
+ choices=librnp_backend_choices,
|
||||
+ nargs=1,
|
||||
default="botan")
|
||||
|
||||
@depends("--with-librnp-backend")
|
||||
def librnp_backend(backend):
|
||||
- allowed = ("botan", "openssl")
|
||||
- if backend[0] in allowed:
|
||||
+ if backend:
|
||||
return backend[0]
|
||||
- else:
|
||||
- die(f"Unsupported librnp backend {backend[0]}.")
|
||||
|
||||
set_config("MZLA_LIBRNP_BACKEND", librnp_backend)
|
||||
|
||||
@depends(librnp_backend)
|
||||
def rnp_botan(backend):
|
||||
@@ -273,10 +279,11 @@
|
||||
set_config("MZLA_LIBRNP_OPENSSL_LIBS", openssl_flags.ldflags)
|
||||
|
||||
|
||||
@depends(c_compiler, openssl_flags)
|
||||
@imports(_from="textwrap", _import="dedent")
|
||||
+ @imports(_from="__builtin__", _import="chr")
|
||||
def openssl_version(compiler, openssl_flags):
|
||||
log.info("Checking for OpenSSL >= 1.1.1")
|
||||
if openssl_flags is None:
|
||||
die("OpenSSL not found. Must be locatable with pkg-config or use --with-openssl.")
|
||||
|
||||
|
81
SOURCES/backport-rnp-0.16.2-to-esr102-a-bug-1753683.patch
Normal file
81
SOURCES/backport-rnp-0.16.2-to-esr102-a-bug-1753683.patch
Normal file
@ -0,0 +1,81 @@
|
||||
# HG changeset patch
|
||||
# User Daniel <daniel@thunderbird.net>
|
||||
# Date 1658184582 0
|
||||
# Mon Jul 18 22:49:42 2022 +0000
|
||||
# Node ID 9998ed5c2bcee289b03828eba670053614fa26da
|
||||
# Parent e572bc3cfa07492189aec439e98378b0811ae3bb
|
||||
Bug 1753683 - Replace distutils (deprecated) with packaging. r=rjl
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D152123
|
||||
|
||||
diff --git a/comm/python/thirdroc/thirdroc/__init__.py b/comm/python/thirdroc/thirdroc/__init__.py
|
||||
--- a/comm/python/thirdroc/thirdroc/__init__.py
|
||||
+++ b/comm/python/thirdroc/thirdroc/__init__.py
|
||||
@@ -3,11 +3,11 @@
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
from __future__ import print_function, absolute_import
|
||||
|
||||
import re
|
||||
-from distutils.version import StrictVersion
|
||||
+from packaging.version import parse
|
||||
|
||||
VTAG_RE = re.compile(r"^v\d+\.\d+\.\d+$")
|
||||
|
||||
|
||||
def tag2version(tag):
|
||||
@@ -22,16 +22,16 @@ def tag2version(tag):
|
||||
raise Exception("Invalid tag {}".format(tag))
|
||||
|
||||
|
||||
def get_latest_version(*versions):
|
||||
"""
|
||||
- Given a list of versions (that must parse with distutils.version.StrictVersion,
|
||||
+ Given a list of versions (that must parse with packaging.version.parse),
|
||||
return the latest/newest version.
|
||||
:param list versions:
|
||||
- :return StrictVersion:
|
||||
+ :return Version:
|
||||
"""
|
||||
- version_list = [StrictVersion(tag2version(v)) for v in versions]
|
||||
+ version_list = [parse(tag2version(v)) for v in versions]
|
||||
version_list.sort()
|
||||
return version_list[-1]
|
||||
|
||||
|
||||
def latest_version(*versions):
|
||||
diff --git a/comm/python/thirdroc/thirdroc/rnp.py b/comm/python/thirdroc/thirdroc/rnp.py
|
||||
--- a/comm/python/thirdroc/thirdroc/rnp.py
|
||||
+++ b/comm/python/thirdroc/thirdroc/rnp.py
|
||||
@@ -6,11 +6,11 @@ from __future__ import absolute_import
|
||||
|
||||
import os
|
||||
from io import StringIO
|
||||
from datetime import date
|
||||
import re
|
||||
-from distutils.version import StrictVersion
|
||||
+from packaging.version import parse
|
||||
|
||||
from mozbuild.preprocessor import Preprocessor
|
||||
|
||||
|
||||
def rnp_source_update(rnp_root, version_str, revision, timestamp, bug_report):
|
||||
@@ -21,14 +21,14 @@ def rnp_source_update(rnp_root, version_
|
||||
:param string version_str: latest version
|
||||
:param string revision: revision hash (short form)
|
||||
:param float timestamp: UNIX timestamp from revision
|
||||
:param string bug_report: where to report bugs for this RNP build
|
||||
"""
|
||||
- version = StrictVersion(version_str)
|
||||
- version_major = version.version[0]
|
||||
- version_minor = version.version[1]
|
||||
- version_patch = version.version[2]
|
||||
+ version = parse(version_str)
|
||||
+ version_major = version.major
|
||||
+ version_minor = version.minor
|
||||
+ version_patch = version.micro
|
||||
date_str = date.fromtimestamp(float(timestamp)).strftime("%Y%m%d")
|
||||
revision_short = revision[:8]
|
||||
version_full = "{}+git{}.{}.MZLA".format(version_str, date_str, revision_short)
|
||||
|
||||
defines = dict(
|
118
SOURCES/backport-rnp-0.16.2-to-esr102-b-bug-1790446.patch
Normal file
118
SOURCES/backport-rnp-0.16.2-to-esr102-b-bug-1790446.patch
Normal file
@ -0,0 +1,118 @@
|
||||
# HG changeset patch
|
||||
# User Rob Lemley <rob@thunderbird.net>
|
||||
# Date 1662996130 0
|
||||
# Mon Sep 12 15:22:10 2022 +0000
|
||||
# Node ID 5dfb405f325609c62215f9d74e01dba029b84611
|
||||
# Parent 9998ed5c2bcee289b03828eba670053614fa26da
|
||||
Bug 1790446 - Stop rewriting RNP config.h.in when updating the source from upstream. r=dandarnell
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D157151
|
||||
|
||||
diff --git a/comm/python/thirdroc/thirdroc/rnp.py b/comm/python/thirdroc/thirdroc/rnp.py
|
||||
--- a/comm/python/thirdroc/thirdroc/rnp.py
|
||||
+++ b/comm/python/thirdroc/thirdroc/rnp.py
|
||||
@@ -11,19 +11,18 @@ import re
|
||||
from packaging.version import parse
|
||||
|
||||
from mozbuild.preprocessor import Preprocessor
|
||||
|
||||
|
||||
-def rnp_source_update(rnp_root, version_str, revision, timestamp, bug_report):
|
||||
+def rnp_source_update(rnp_root, version_str, revision, timestamp):
|
||||
"""
|
||||
Update RNP source files: generate version.h and mangle config.h.in
|
||||
:param rnp_root:
|
||||
:type rnp_root:
|
||||
:param string version_str: latest version
|
||||
:param string revision: revision hash (short form)
|
||||
:param float timestamp: UNIX timestamp from revision
|
||||
- :param string bug_report: where to report bugs for this RNP build
|
||||
"""
|
||||
version = parse(version_str)
|
||||
version_major = version.major
|
||||
version_minor = version.minor
|
||||
version_patch = version.micro
|
||||
@@ -36,20 +35,17 @@ def rnp_source_update(rnp_root, version_
|
||||
RNP_VERSION_MINOR=version_minor,
|
||||
RNP_VERSION_PATCH=version_patch,
|
||||
RNP_VERSION=version_str,
|
||||
RNP_VERSION_FULL=version_full,
|
||||
RNP_VERSION_COMMIT_TIMESTAMP=str(timestamp),
|
||||
- BUGREPORT_EMAIL=bug_report,
|
||||
)
|
||||
src_lib = os.path.join(rnp_root, "src", "lib")
|
||||
version_h_in = os.path.join(src_lib, "version.h.in")
|
||||
version_h = os.path.join(src_lib, "version.h")
|
||||
- config_h_in = os.path.join(src_lib, "config.h.in")
|
||||
readme_rnp = os.path.join(rnp_root, "..", "README.rnp")
|
||||
|
||||
generate_version_h(version_h_in, version_h, defines)
|
||||
- mangle_config_h_in(config_h_in, defines)
|
||||
update_readme(readme_rnp, revision)
|
||||
|
||||
|
||||
def rnp_preprocess(tmpl, dest, defines):
|
||||
"""
|
||||
@@ -79,30 +75,10 @@ def generate_version_h(template, destina
|
||||
with open(template) as tmpl:
|
||||
with open(destination, "w") as dest:
|
||||
rnp_preprocess(tmpl, dest, defines)
|
||||
|
||||
|
||||
-def mangle_config_h_in(template, defines):
|
||||
- """
|
||||
- Mangle RNP's config.h.in so that it will work with CONFIGURE_DEFINE_FILES
|
||||
- :param string template: path to config.h.in
|
||||
- :param dict defines: result of get_defines()
|
||||
- """
|
||||
- with open(template) as tmpl:
|
||||
- tmp_string = StringIO()
|
||||
- rnp_preprocess(tmpl, tmp_string, defines)
|
||||
-
|
||||
- tmp_string.seek(0)
|
||||
-
|
||||
- with open(template, "w") as dest:
|
||||
- for line in tmp_string:
|
||||
- if line.startswith("#cmakedefine"):
|
||||
- line = line.replace("#cmakedefine", "#undef")
|
||||
- dest.write(line)
|
||||
- dest.write("\n")
|
||||
-
|
||||
-
|
||||
def update_readme(path, revision):
|
||||
"""
|
||||
Updates the commit hash in README.rnp
|
||||
:param string path: Path to README.rnp
|
||||
:param string revision: revision to insert
|
||||
diff --git a/comm/third_party/update_rnp.sh b/comm/third_party/update_rnp.sh
|
||||
--- a/comm/third_party/update_rnp.sh
|
||||
+++ b/comm/third_party/update_rnp.sh
|
||||
@@ -42,26 +42,23 @@ TAGLIST=$(git -C "${RNPgit}" tag --list
|
||||
|
||||
LATEST_VERSION=$($THIRDROC latest_version $TAGLIST)
|
||||
REVISION=$(git -C "${RNPgit}" rev-parse --verify HEAD)
|
||||
TIMESTAMP=$(git -C "${RNPgit}" show -s --format=%ct)
|
||||
|
||||
-BUGREPORT="https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"
|
||||
-
|
||||
# Cleanup rnp checkout
|
||||
rm -rf ${RNPgit}/{.git,.github,.cirrus.yml,.clang-format,.gitignore}
|
||||
rm -rf ${RNPgit}/{_config.yml,docker.sh,ci,cmake,git-hooks,travis.sh,vcpkg.txt}
|
||||
rm -rf ${RNPgit}/{Brewfile,CMakeLists.txt,CMakeSettings.json}
|
||||
|
||||
# Do the switch
|
||||
rm -rf rnp
|
||||
mv "${RNPgit}" rnp
|
||||
-# Build version.h/config.h.in
|
||||
+# Build version.h
|
||||
$THIRDROC rnp_source_update rnp/ \
|
||||
"${LATEST_VERSION}" \
|
||||
"${REVISION}" \
|
||||
- "${TIMESTAMP}" \
|
||||
- "${BUGREPORT}"
|
||||
+ "${TIMESTAMP}"
|
||||
|
||||
# Restore moz.build
|
||||
hg revert rnp/moz.build rnp/module.ver rnp/rnp.symbols rnp/src/lib/rnp/rnp_export.h \
|
||||
rnp/src/rnp/moz.build rnp/src/rnpkeys/moz.build
|
||||
|
185
SOURCES/backport-rnp-0.16.2-to-esr102-c-bug-1790446.patch
Normal file
185
SOURCES/backport-rnp-0.16.2-to-esr102-c-bug-1790446.patch
Normal file
@ -0,0 +1,185 @@
|
||||
# HG changeset patch
|
||||
# User Rob Lemley <rob@thunderbird.net>
|
||||
# Date 1662996529 0
|
||||
# Mon Sep 12 15:28:49 2022 +0000
|
||||
# Node ID c9e44c0a569253884961ad2e18fae23f5ed0f6dc
|
||||
# Parent 5dfb405f325609c62215f9d74e01dba029b84611
|
||||
Bug 1790446 - Add build script to preprocess CMake config.h templates. r=dandarnell
|
||||
|
||||
|
||||
|
||||
Right now config.h.in is rewritten when the RNP source is updated.
|
||||
This has caused problems when new lines are added to it.
|
||||
|
||||
Depends on D157151
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D157152
|
||||
|
||||
diff --git a/comm/python/rocbuild/process_cmake_define_files.py b/python/rocb/commuild/process_cmake_define_files.py
|
||||
new file mode 100644
|
||||
--- /dev/null
|
||||
+++ b/comm/python/rocbuild/process_cmake_define_files.py
|
||||
@@ -0,0 +1,103 @@
|
||||
+# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
+# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
+
|
||||
+from __future__ import absolute_import, print_function, unicode_literals
|
||||
+
|
||||
+import argparse
|
||||
+import os
|
||||
+import re
|
||||
+import sys
|
||||
+from buildconfig import topsrcdir, topobjdir
|
||||
+from mozbuild.backend.configenvironment import PartialConfigEnvironment
|
||||
+
|
||||
+
|
||||
+def define_type(string):
|
||||
+ vals = string.split("=", 1)
|
||||
+ if len(vals) == 1:
|
||||
+ vals.append(1)
|
||||
+ elif vals[1].isdecimal():
|
||||
+ vals[1] = int(vals[1])
|
||||
+ return tuple(vals)
|
||||
+
|
||||
+
|
||||
+def process_cmake_define_file(output, input_file, extra_defines):
|
||||
+ """Creates the given config header. A config header is generated by
|
||||
+ taking the corresponding source file and replacing some #define/#undef
|
||||
+ occurences:
|
||||
+ "#undef NAME" is turned into "#define NAME VALUE"
|
||||
+ "#cmakedefine NAME" is turned into "#define NAME VALUE"
|
||||
+ "#define NAME" is unchanged
|
||||
+ "#define NAME ORIGINAL_VALUE" is turned into "#define NAME VALUE"
|
||||
+ "#undef UNKNOWN_NAME" is turned into "/* #undef UNKNOWN_NAME */"
|
||||
+ "#cmakedefine UNKNOWN_NAME" is turned into "/* #undef UNKNOWN_NAME */"
|
||||
+ Whitespaces are preserved.
|
||||
+ """
|
||||
+
|
||||
+ path = os.path.abspath(input_file)
|
||||
+
|
||||
+ config = PartialConfigEnvironment(topobjdir)
|
||||
+
|
||||
+ defines = dict(config.defines.iteritems())
|
||||
+ defines.update(extra_defines)
|
||||
+
|
||||
+ with open(path, "r") as input_file:
|
||||
+ r = re.compile(
|
||||
+ r'^\s*#\s*(?P<cmd>[a-z]+)(?:\s+(?P<name>\S+)(?:\s+(?P<value>("[^"]+"|\S+)))?)?',
|
||||
+ re.U,
|
||||
+ )
|
||||
+ for line in input_file:
|
||||
+ m = r.match(line)
|
||||
+ if m:
|
||||
+ cmd = m.group("cmd")
|
||||
+ name = m.group("name")
|
||||
+ value = m.group("value")
|
||||
+ if name:
|
||||
+ if cmd == "define":
|
||||
+ if value and name in defines:
|
||||
+ line = (
|
||||
+ line[: m.start("value")]
|
||||
+ + str(defines[name])
|
||||
+ + line[m.end("value") :]
|
||||
+ )
|
||||
+ elif cmd in ("undef", "cmakedefine"):
|
||||
+ if name in defines:
|
||||
+ line = (
|
||||
+ line[: m.start("cmd")]
|
||||
+ + "define"
|
||||
+ + line[m.end("cmd") : m.end("name")]
|
||||
+ + " "
|
||||
+ + str(defines[name])
|
||||
+ + line[m.end("name") :]
|
||||
+ )
|
||||
+ else:
|
||||
+ line = (
|
||||
+ "/* #undef "
|
||||
+ + line[m.start("name") : m.end("name")]
|
||||
+ + " */"
|
||||
+ + line[m.end("name") :]
|
||||
+ )
|
||||
+
|
||||
+ output.write(line)
|
||||
+
|
||||
+
|
||||
+def main(output, *argv):
|
||||
+ parser = argparse.ArgumentParser(description="Process define files.")
|
||||
+
|
||||
+ parser.add_argument("input", help="Input define file.")
|
||||
+ parser.add_argument(
|
||||
+ "-D",
|
||||
+ type=define_type,
|
||||
+ action="append",
|
||||
+ dest="extra_defines",
|
||||
+ default=[],
|
||||
+ help="Additional defines not set at configure time.",
|
||||
+ )
|
||||
+
|
||||
+ args = parser.parse_args(argv)
|
||||
+
|
||||
+ return process_cmake_define_file(output, args.input, args.extra_defines)
|
||||
+
|
||||
+
|
||||
+if __name__ == "__main__":
|
||||
+ sys.exit(main(*sys.argv))
|
||||
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
||||
--- a/comm/third_party/rnp/moz.build
|
||||
+++ b/comm/third_party/rnp/moz.build
|
||||
@@ -34,19 +34,27 @@ COMPILE_FLAGS["WARNINGS_CFLAGS"] += [
|
||||
if CONFIG["CC_TYPE"] == "clang-cl":
|
||||
CXXFLAGS += [
|
||||
"/EHs",
|
||||
]
|
||||
|
||||
-DEFINES["_GNU_SOURCE"] = True
|
||||
-
|
||||
-DEFINES["HAVE_BZLIB_H"] = True
|
||||
-DEFINES["HAVE_ZLIB_H"] = True
|
||||
-DEFINES["MOZ_RNP_DIST_INFO"] = rnp_dist_info
|
||||
-
|
||||
-CONFIGURE_DEFINE_FILES += [
|
||||
+rnp_defines = {
|
||||
+ "HAVE_BZLIB_H": True,
|
||||
+ "HAVE_ZLIB_H": True,
|
||||
+ "CRYPTO_BACKEND_BOTAN": True,
|
||||
+ "ENABLE_AEAD": True,
|
||||
+ "ENABLE_TWOFISH": True,
|
||||
+ "ENABLE_BRAINPOOL": True,
|
||||
+}
|
||||
+GeneratedFile(
|
||||
"src/lib/config.h",
|
||||
-]
|
||||
+ script="/comm/python/rocbuild/process_cmake_define_files.py",
|
||||
+ inputs=["src/lib/config.h.in"],
|
||||
+ flags=[
|
||||
+ "-D%s=%s" % (k, "1" if v is True else v)
|
||||
+ for k, v in rnp_defines.items()
|
||||
+ ],
|
||||
+)
|
||||
|
||||
LOCAL_INCLUDES = [
|
||||
"include",
|
||||
"src",
|
||||
"src/common",
|
||||
diff --git a/comm/third_party/rnpdefs.mozbuild b/third_party/rnpdefs.mozb/commuild
|
||||
--- a/comm/third_party/rnpdefs.mozbuild
|
||||
+++ b/comm/third_party/rnpdefs.mozbuild
|
||||
@@ -16,17 +16,10 @@ rnp_dist_info = "{} {} rnp".format(
|
||||
COMPILE_FLAGS["OS_CFLAGS"] = []
|
||||
COMPILE_FLAGS["OS_CXXFLAGS"] = []
|
||||
COMPILE_FLAGS["OS_INCLUDES"] = []
|
||||
COMPILE_FLAGS["CLANG_PLUGIN"] = []
|
||||
|
||||
-DEFINES["RNP_NO_DEPRECATED"] = True
|
||||
-DEFINES["CRYPTO_BACKEND_BOTAN"] = True
|
||||
-DEFINES["ENABLE_AEAD"] = True
|
||||
-DEFINES["ENABLE_TWOFISH"] = True
|
||||
-DEFINES["ENABLE_BRAINPOOL"] = True
|
||||
-
|
||||
-
|
||||
if CONFIG["COMPILE_ENVIRONMENT"]:
|
||||
COMPILE_FLAGS["MOZ_HARDENING_CFLAGS"] = []
|
||||
|
||||
if CONFIG["CC_TYPE"] == "clang-cl":
|
||||
CFLAGS += [
|
77
SOURCES/backport-rnp-0.16.2-to-esr102-d-bug-1790446.patch
Normal file
77
SOURCES/backport-rnp-0.16.2-to-esr102-d-bug-1790446.patch
Normal file
@ -0,0 +1,77 @@
|
||||
# HG changeset patch
|
||||
# User Rob Lemley <rob@thunderbird.net>
|
||||
# Date 1662997034 0
|
||||
# Mon Sep 12 15:37:14 2022 +0000
|
||||
# Node ID 17dc6bb322b5d40299bba0a90d59c0593137d4f6
|
||||
# Parent c9e44c0a569253884961ad2e18fae23f5ed0f6dc
|
||||
Bug 1790446 - Get RNP version during configure and set in config.h. r=dandarnell
|
||||
|
||||
|
||||
|
||||
|
||||
Depends on D157152
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D157153
|
||||
|
||||
diff --git a/comm/third_party/openpgp.configure b/comm/third_party/openpgp.configure
|
||||
--- a/comm/third_party/openpgp.configure
|
||||
+++ b/comm/third_party/openpgp.configure
|
||||
@@ -86,10 +86,42 @@ with only_when("--enable-compile-environ
|
||||
set_config("MZLA_LIBRNP", depends_if(in_tree_librnp)(lambda _: True))
|
||||
set_define("MZLA_LIBRNP", depends_if(in_tree_librnp)(lambda _: True))
|
||||
|
||||
|
||||
with only_when(in_tree_librnp):
|
||||
+
|
||||
+ @depends(build_environment, c_compiler)
|
||||
+ @imports(_from="textwrap", _import="dedent")
|
||||
+ @imports(_from="os.path", _import="join")
|
||||
+ def rnp_version_string(build_env, compiler):
|
||||
+ log.info("Determining librnp version from version.h.")
|
||||
+ include_path = join(
|
||||
+ build_env.topsrcdir, "comm", "third_party", "rnp", "src", "lib"
|
||||
+ )
|
||||
+ check = dedent(
|
||||
+ """\
|
||||
+ #include "version.h"
|
||||
+ RNP_VERSION_STRING_FULL
|
||||
+ """
|
||||
+ )
|
||||
+ result = try_preprocess(
|
||||
+ compiler.wrapper
|
||||
+ + [compiler.compiler]
|
||||
+ + compiler.flags
|
||||
+ + ["-I", include_path],
|
||||
+ "C",
|
||||
+ check,
|
||||
+ )
|
||||
+ if result:
|
||||
+ rnp_version = result.splitlines()[-1]
|
||||
+ rnp_version = rnp_version.replace('"', "")
|
||||
+ else:
|
||||
+ raise FatalCheckError("Unable to determine RNP version string.")
|
||||
+ return rnp_version
|
||||
+
|
||||
+ set_config("MZLA_LIBRNP_FULL_VERSION", rnp_version_string)
|
||||
+
|
||||
# JSON-C --with-system-json
|
||||
system_lib_option(
|
||||
"--with-system-jsonc",
|
||||
help="Use system JSON-C for librnp (located with pkgconfig)",
|
||||
)
|
||||
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
||||
--- a/comm/third_party/rnp/moz.build
|
||||
+++ b/comm/third_party/rnp/moz.build
|
||||
@@ -41,10 +41,12 @@ rnp_defines = {
|
||||
"HAVE_ZLIB_H": True,
|
||||
"CRYPTO_BACKEND_BOTAN": True,
|
||||
"ENABLE_AEAD": True,
|
||||
"ENABLE_TWOFISH": True,
|
||||
"ENABLE_BRAINPOOL": True,
|
||||
+ "PACKAGE_BUGREPORT": '"https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"',
|
||||
+ "PACKAGE_STRING": '"rnp {}"'.format(CONFIG["MZLA_LIBRNP_FULL_VERSION"])
|
||||
}
|
||||
GeneratedFile(
|
||||
"src/lib/config.h",
|
||||
script="/comm/python/rocbuild/process_cmake_define_files.py",
|
||||
inputs=["src/lib/config.h.in"],
|
58
SOURCES/backport-rnp-0.16.2-to-esr102-e-bug-1790116.patch
Normal file
58
SOURCES/backport-rnp-0.16.2-to-esr102-e-bug-1790116.patch
Normal file
@ -0,0 +1,58 @@
|
||||
# HG changeset patch
|
||||
# User Rob Lemley <rob@thunderbird.net>
|
||||
# Date 1663866047 14400
|
||||
# Thu Sep 22 13:00:47 2022 -0400
|
||||
# Node ID 8c718243f4e83fc18dfc88bf5d817c5c18f13937
|
||||
# Parent 17dc6bb322b5d40299bba0a90d59c0593137d4f6
|
||||
Bug 1790116 - update_rnp.sh changes for RNP v0.16.2. r=kaie
|
||||
|
||||
The changes in bug_1768424.patch are now included upstream in
|
||||
https://github.com/rnpgp/rnp/commit/ac6f58ef7ccea270b735b53f87da2c3ca5b34290.
|
||||
|
||||
bug_1763641.patch removed per bug 1790116 comment 26.
|
||||
|
||||
disable_obsolete_ciphers.patch no longer needed, use security rules instead.
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D157010
|
||||
|
||||
diff --git a/comm/third_party/update_rnp.sh b/comm/third_party/update_rnp.sh
|
||||
--- a/comm/third_party/update_rnp.sh
|
||||
+++ b/comm/third_party/update_rnp.sh
|
||||
@@ -43,11 +43,11 @@ TAGLIST=$(git -C "${RNPgit}" tag --list
|
||||
LATEST_VERSION=$($THIRDROC latest_version $TAGLIST)
|
||||
REVISION=$(git -C "${RNPgit}" rev-parse --verify HEAD)
|
||||
TIMESTAMP=$(git -C "${RNPgit}" show -s --format=%ct)
|
||||
|
||||
# Cleanup rnp checkout
|
||||
-rm -rf ${RNPgit}/{.git,.github,.cirrus.yml,.clang-format,.gitignore}
|
||||
+rm -rf ${RNPgit}/{.git,.github,.cirrus.yml,.clang-format,.gitignore,.codespellrc}
|
||||
rm -rf ${RNPgit}/{_config.yml,docker.sh,ci,cmake,git-hooks,travis.sh,vcpkg.txt}
|
||||
rm -rf ${RNPgit}/{Brewfile,CMakeLists.txt,CMakeSettings.json}
|
||||
|
||||
# Do the switch
|
||||
rm -rf rnp
|
||||
@@ -60,17 +60,17 @@ mv "${RNPgit}" rnp
|
||||
|
||||
# Restore moz.build
|
||||
hg revert rnp/moz.build rnp/module.ver rnp/rnp.symbols rnp/src/lib/rnp/rnp_export.h \
|
||||
rnp/src/rnp/moz.build rnp/src/rnpkeys/moz.build
|
||||
|
||||
-# Reapply Thunderbird patch to disable obsolete ciphers
|
||||
-PATCH_FILES=("patches/rnp/disable_obsolete_ciphers.patch" \
|
||||
- "patches/rnp/bug_1763641.patch" \
|
||||
- "patches/rnp/bug_1768424.patch")
|
||||
-for PATCH_FILE in "${PATCH_FILES[@]}"; do
|
||||
- patch -p2 -i "${PATCH_FILE}" -N -r "${MY_TEMP_DIR}/${PATCH_FILE}.rej"
|
||||
-done
|
||||
+# Patch librnp - currently not needed
|
||||
+#PATCH_FILES=("patches/rnp/disable_obsolete_ciphers.patch")
|
||||
+#for PATCH_FILE in "${PATCH_FILES[@]}"; do
|
||||
+# # shellcheck disable=SC2086
|
||||
+# echo "Applying patch $(basename ${PATCH_FILE})"
|
||||
+# patch -p2 -i "${PATCH_FILE}" -N -r "${MY_TEMP_DIR}/${PATCH_FILE}.rej"
|
||||
+#done
|
||||
|
||||
# Patch sometimes creates backup files that are not wanted.
|
||||
find rnp -name '*.orig' -exec rm -f '{}' \;
|
||||
|
||||
rm -rf "${MY_TEMP_DIR}"
|
34760
SOURCES/backport-rnp-0.16.2-to-esr102-f-bug-1790116.patch
Normal file
34760
SOURCES/backport-rnp-0.16.2-to-esr102-f-bug-1790116.patch
Normal file
File diff suppressed because one or more lines are too long
77
SOURCES/backport-rnp-0.16.2-to-esr102-g-bug-1790116.patch
Normal file
77
SOURCES/backport-rnp-0.16.2-to-esr102-g-bug-1790116.patch
Normal file
@ -0,0 +1,77 @@
|
||||
# HG changeset patch
|
||||
# User Rob Lemley <rob@thunderbird.net>
|
||||
# Date 1663866531 14400
|
||||
# Thu Sep 22 13:08:51 2022 -0400
|
||||
# Node ID a863c22903a3fa4c71360920ed77ac31f1fa5d01
|
||||
# Parent 3625a887f020a9a3cb3ad96e5107bfeacd54386e
|
||||
Bug 1790116 - Update rnp_export.h. r=kaie
|
||||
|
||||
The CMake code that generates this file changed with RNP 0.16. The local copy
|
||||
needs to be regenerated.
|
||||
|
||||
File generated with CMake using clang.
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D157053
|
||||
|
||||
diff --git a/comm/third_party/rnp/src/lib/rnp/rnp_export.h b/third_party/rnp/src/lib/comm/rnp/rnp_export.h
|
||||
--- a/comm/third_party/rnp/src/lib/rnp/rnp_export.h
|
||||
+++ b/comm/third_party/rnp/src/lib/rnp/rnp_export.h
|
||||
@@ -1,42 +1,42 @@
|
||||
|
||||
-#ifndef RNP_API_H
|
||||
-#define RNP_API_H
|
||||
+#ifndef RNP_EXPORT
|
||||
+#define RNP_EXPORT
|
||||
|
||||
#ifdef RNP_STATIC
|
||||
# define RNP_API
|
||||
-# define RNP_RNP_NO_EXPORT
|
||||
+# define RNP_NO_EXPORT
|
||||
#else
|
||||
# ifndef RNP_API
|
||||
# ifdef librnp_EXPORTS
|
||||
/* We are building this library */
|
||||
-# define RNP_API __attribute__((visibility("default")))
|
||||
+# define RNP_API
|
||||
# else
|
||||
/* We are using this library */
|
||||
-# define RNP_API __attribute__((visibility("default")))
|
||||
+# define RNP_API
|
||||
# endif
|
||||
# endif
|
||||
|
||||
-# ifndef RNP_RNP_NO_EXPORT
|
||||
-# define RNP_RNP_NO_EXPORT __attribute__((visibility("hidden")))
|
||||
+# ifndef RNP_NO_EXPORT
|
||||
+# define RNP_NO_EXPORT
|
||||
# endif
|
||||
#endif
|
||||
|
||||
-#ifndef RNP_RNP_DEPRECATED
|
||||
-# define RNP_RNP_DEPRECATED __attribute__ ((__deprecated__))
|
||||
+#ifndef RNP_DEPRECATED
|
||||
+# define RNP_DEPRECATED __attribute__ ((__deprecated__))
|
||||
#endif
|
||||
|
||||
-#ifndef RNP_RNP_DEPRECATED_EXPORT
|
||||
-# define RNP_RNP_DEPRECATED_EXPORT RNP_API RNP_RNP_DEPRECATED
|
||||
+#ifndef RNP_DEPRECATED_EXPORT
|
||||
+# define RNP_DEPRECATED_EXPORT RNP_API RNP_DEPRECATED
|
||||
#endif
|
||||
|
||||
-#ifndef RNP_RNP_DEPRECATED_NO_EXPORT
|
||||
-# define RNP_RNP_DEPRECATED_NO_EXPORT RNP_RNP_NO_EXPORT RNP_RNP_DEPRECATED
|
||||
+#ifndef RNP_DEPRECATED_NO_EXPORT
|
||||
+# define RNP_DEPRECATED_NO_EXPORT RNP_NO_EXPORT RNP_DEPRECATED
|
||||
#endif
|
||||
|
||||
#if 0 /* DEFINE_NO_DEPRECATED */
|
||||
-# ifndef RNP_RNP_NO_DEPRECATED
|
||||
-# define RNP_RNP_NO_DEPRECATED
|
||||
+# ifndef RNP_NO_DEPRECATED
|
||||
+# define RNP_NO_DEPRECATED
|
||||
# endif
|
||||
#endif
|
||||
|
||||
-#endif /* RNP_API_H */
|
||||
+#endif /* RNP_EXPORT */
|
34
SOURCES/backport-rnp-0.16.2-to-esr102-h-bug-1790116.patch
Normal file
34
SOURCES/backport-rnp-0.16.2-to-esr102-h-bug-1790116.patch
Normal file
@ -0,0 +1,34 @@
|
||||
# HG changeset patch
|
||||
# User Rob Lemley <rob@thunderbird.net>
|
||||
# Date 1663866531 14400
|
||||
# Thu Sep 22 13:08:51 2022 -0400
|
||||
# Node ID 0798506e89ab0ad98d5826effe2087c2e2560d0b
|
||||
# Parent a863c22903a3fa4c71360920ed77ac31f1fa5d01
|
||||
Bug 1790116 - Do not compile SM2 crypto with librnp. r=kaie
|
||||
|
||||
|
||||
|
||||
The CMake configuration in rnp/src/lib/CMakeLists.txt does not include
|
||||
src/lib/crypto/sm2.cpp unless ENABLE_SM2 is defined.
|
||||
Thunderbird builds do not set ENABLE_SM2, so there's no need to build this
|
||||
file.
|
||||
|
||||
Depends on D157053
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D157154
|
||||
|
||||
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
||||
--- a/comm/third_party/rnp/moz.build
|
||||
+++ b/comm/third_party/rnp/moz.build
|
||||
@@ -128,11 +128,10 @@ SOURCES += [
|
||||
"src/lib/crypto/s2k.cpp",
|
||||
"src/lib/crypto/sha1cd/hash_sha1cd.cpp",
|
||||
"src/lib/crypto/sha1cd/sha1.c",
|
||||
"src/lib/crypto/sha1cd/ubc_check.c",
|
||||
"src/lib/crypto/signatures.cpp",
|
||||
- "src/lib/crypto/sm2.cpp",
|
||||
"src/lib/crypto/symmetric.cpp",
|
||||
"src/lib/fingerprint.cpp",
|
||||
"src/lib/generate-key.cpp",
|
||||
"src/lib/json-utils.cpp",
|
||||
"src/lib/key-provider.cpp",
|
262
SOURCES/backport-rnp-0.16.2-to-esr102-i-bug-1790116.patch
Normal file
262
SOURCES/backport-rnp-0.16.2-to-esr102-i-bug-1790116.patch
Normal file
@ -0,0 +1,262 @@
|
||||
# HG changeset patch
|
||||
# User Rob Lemley <rob@thunderbird.net>
|
||||
# Date 1663866557 14400
|
||||
# Thu Sep 22 13:09:17 2022 -0400
|
||||
# Node ID 121afb4ed9b0e282cf6690736ffadf1498578434
|
||||
# Parent 0798506e89ab0ad98d5826effe2087c2e2560d0b
|
||||
Bug 1790116 - mozbuild changes for RNP v0.16.2. r=kaie
|
||||
hash_sha1cd.cpp moved up to its parent directory.
|
||||
|
||||
ENABLE_IDEA needs to be set to keep support enabled.
|
||||
https://github.com/rnpgp/rnp/commit/17972d0238919d4abf88b04debce95844be4716d
|
||||
|
||||
Update rnp_symbols.py to not include deprecated functions.
|
||||
Added new symbols to rnp.symbols for export.
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D157012
|
||||
|
||||
diff --git a/comm/python/thirdroc/thirdroc/rnp_symbols.py b/python/thirdroc/thirdroc/rnp_symb/commols.py
|
||||
--- a/comm/python/thirdroc/thirdroc/rnp_symbols.py
|
||||
+++ b/comm/python/thirdroc/thirdroc/rnp_symbols.py
|
||||
@@ -14,30 +14,75 @@ the third_party/rnp/include/rnp/rnp.h fo
|
||||
Also note that APIs that are marked deprecated are not checked for.
|
||||
|
||||
Dependencies: Only Python 3
|
||||
|
||||
Running:
|
||||
- python3 rnp_symbols.py
|
||||
+ python3 rnp_symbols.py [-h] [rnp.h path] [rnp.symbols path]
|
||||
|
||||
-Output will be on stdout, this is to give the developer the opportunity to compare the old and
|
||||
-new versions and check for accuracy.
|
||||
+Both file path arguments are optional. By default, the header file will be
|
||||
+read from "comm/third_party/rnp/include/rnp/rnp.h" and the symbols file will
|
||||
+be written to "comm/third_party/rnp/rnp.symbols".
|
||||
+
|
||||
+Path arguments are relative to the current working directory, the defaults
|
||||
+will be determined based on the location of this script.
|
||||
+
|
||||
+Either path argument can be '-' to use stdin or stdout respectively.
|
||||
"""
|
||||
|
||||
-from __future__ import absolute_import, print_function
|
||||
-
|
||||
+import argparse
|
||||
import sys
|
||||
import os
|
||||
import re
|
||||
|
||||
HERE = os.path.dirname(__file__)
|
||||
TOPSRCDIR = os.path.abspath(os.path.join(HERE, "../../../../"))
|
||||
-RNPSRCDIR = os.path.join(TOPSRCDIR, "comm/third_party/rnp")
|
||||
+THIRD_SRCDIR = os.path.join(TOPSRCDIR, "comm/third_party")
|
||||
+HEADER_FILE_REL = "rnp/include/rnp/rnp.h"
|
||||
+HEADER_FILE = os.path.join(THIRD_SRCDIR, HEADER_FILE_REL)
|
||||
+SYMBOLS_FILE_REL = "rnp/rnp.symbols"
|
||||
+SYMBOLS_FILE = os.path.join(THIRD_SRCDIR, SYMBOLS_FILE_REL)
|
||||
|
||||
|
||||
FUNC_DECL_RE = re.compile(r"^RNP_API\s+.*?([a-zA-Z0-9_]+)\(.*$")
|
||||
|
||||
|
||||
+class FileArg:
|
||||
+ """Based on argparse.FileType from the Python standard library.
|
||||
+ Modified to not open the filehandles until the open() method is
|
||||
+ called.
|
||||
+ """
|
||||
+
|
||||
+ def __init__(self, mode="r"):
|
||||
+ self._mode = mode
|
||||
+ self._fp = None
|
||||
+ self._file = None
|
||||
+
|
||||
+ def __call__(self, string):
|
||||
+ # the special argument "-" means sys.std{in,out}
|
||||
+ if string == "-":
|
||||
+ if "r" in self._mode:
|
||||
+ self._fp = sys.stdin.buffer if "b" in self._mode else sys.stdin
|
||||
+ elif "w" in self._mode:
|
||||
+ self._fp = sys.stdout.buffer if "b" in self._mode else sys.stdout
|
||||
+ else:
|
||||
+ raise ValueError(f"Invalid mode {self._mode} for stdin/stdout")
|
||||
+ else:
|
||||
+ if "r" in self._mode:
|
||||
+ if not os.path.isfile(string):
|
||||
+ raise ValueError(f"Cannot read file {string}, does not exist.")
|
||||
+ elif "w" in self._mode:
|
||||
+ if not os.access(string, os.W_OK):
|
||||
+ raise ValueError(f"Cannot write file {string}, permission denied.")
|
||||
+ self._file = string
|
||||
+ return self
|
||||
+
|
||||
+ def open(self):
|
||||
+ if self._fp:
|
||||
+ return self._fp
|
||||
+ return open(self._file, self._mode)
|
||||
+
|
||||
+
|
||||
def get_func_name(line):
|
||||
"""
|
||||
Extract the function name from a RNP_API function declaration.
|
||||
Examples:
|
||||
RNP_API rnp_result_t rnp_enable_debug(const char *file);
|
||||
@@ -46,24 +91,41 @@ def get_func_name(line):
|
||||
"""
|
||||
m = FUNC_DECL_RE.match(line)
|
||||
return m.group(1)
|
||||
|
||||
|
||||
-def extract_func_defs(filename):
|
||||
+def extract_func_defs(filearg):
|
||||
"""
|
||||
Look for RNP_API in the header file to find the names of the symbols that should be exported
|
||||
"""
|
||||
- with open(filename) as fp:
|
||||
+ with filearg.open() as fp:
|
||||
for line in fp:
|
||||
- if line.startswith("RNP_API"):
|
||||
+ if line.startswith("RNP_API") and "RNP_DEPRECATED" not in line:
|
||||
func_name = get_func_name(line)
|
||||
yield func_name
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
- if len(sys.argv) > 1:
|
||||
- FILENAME = sys.argv[1]
|
||||
- else:
|
||||
- FILENAME = os.path.join(RNPSRCDIR, "include/rnp/rnp.h")
|
||||
+ parser = argparse.ArgumentParser(
|
||||
+ description="Update rnp.symbols file from rnp.h",
|
||||
+ epilog="To use stdin or stdout pass '-' for the argument.",
|
||||
+ )
|
||||
+ parser.add_argument(
|
||||
+ "header_file",
|
||||
+ default=HEADER_FILE,
|
||||
+ type=FileArg("r"),
|
||||
+ nargs="?",
|
||||
+ help=f"input path to rnp.h header file (default: {HEADER_FILE_REL})",
|
||||
+ )
|
||||
+ parser.add_argument(
|
||||
+ "symbols_file",
|
||||
+ default=SYMBOLS_FILE,
|
||||
+ type=FileArg("w"),
|
||||
+ nargs="?",
|
||||
+ help=f"output path to symbols file (default: {SYMBOLS_FILE_REL})",
|
||||
+ )
|
||||
|
||||
- for f in sorted(list(extract_func_defs(FILENAME))):
|
||||
- print(f)
|
||||
+ args = parser.parse_args()
|
||||
+
|
||||
+ with args.symbols_file.open() as out_fp:
|
||||
+ for symbol in sorted(list(extract_func_defs(args.header_file))):
|
||||
+ out_fp.write(f"{symbol}\n")
|
||||
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
||||
--- a/comm/third_party/rnp/moz.build
|
||||
+++ b/comm/third_party/rnp/moz.build
|
||||
@@ -41,10 +41,11 @@ rnp_defines = {
|
||||
"HAVE_ZLIB_H": True,
|
||||
"CRYPTO_BACKEND_BOTAN": True,
|
||||
"ENABLE_AEAD": True,
|
||||
"ENABLE_TWOFISH": True,
|
||||
"ENABLE_BRAINPOOL": True,
|
||||
+ "ENABLE_IDEA": True,
|
||||
"PACKAGE_BUGREPORT": '"https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"',
|
||||
"PACKAGE_STRING": '"rnp {}"'.format(CONFIG["MZLA_LIBRNP_FULL_VERSION"])
|
||||
}
|
||||
GeneratedFile(
|
||||
"src/lib/config.h",
|
||||
@@ -119,16 +120,16 @@ SOURCES += [
|
||||
"src/lib/crypto/ecdsa.cpp",
|
||||
"src/lib/crypto/eddsa.cpp",
|
||||
"src/lib/crypto/elgamal.cpp",
|
||||
"src/lib/crypto/hash.cpp",
|
||||
"src/lib/crypto/hash_common.cpp",
|
||||
+ "src/lib/crypto/hash_sha1cd.cpp",
|
||||
"src/lib/crypto/mem.cpp",
|
||||
"src/lib/crypto/mpi.cpp",
|
||||
"src/lib/crypto/rng.cpp",
|
||||
"src/lib/crypto/rsa.cpp",
|
||||
"src/lib/crypto/s2k.cpp",
|
||||
- "src/lib/crypto/sha1cd/hash_sha1cd.cpp",
|
||||
"src/lib/crypto/sha1cd/sha1.c",
|
||||
"src/lib/crypto/sha1cd/ubc_check.c",
|
||||
"src/lib/crypto/signatures.cpp",
|
||||
"src/lib/crypto/symmetric.cpp",
|
||||
"src/lib/fingerprint.cpp",
|
||||
diff --git a/comm/third_party/rnp/rnp.symbols b/third_party/rnp/rnp.symb/commols
|
||||
--- a/comm/third_party/rnp/rnp.symbols
|
||||
+++ b/comm/third_party/rnp/rnp.symbols
|
||||
@@ -37,10 +37,11 @@ rnp_import_keys
|
||||
rnp_import_signatures
|
||||
rnp_input_destroy
|
||||
rnp_input_from_callback
|
||||
rnp_input_from_memory
|
||||
rnp_input_from_path
|
||||
+rnp_input_from_stdin
|
||||
rnp_key_25519_bits_tweak
|
||||
rnp_key_25519_bits_tweaked
|
||||
rnp_key_add_uid
|
||||
rnp_key_allows_usage
|
||||
rnp_key_export
|
||||
@@ -75,10 +76,11 @@ rnp_key_get_uid_count
|
||||
rnp_key_get_uid_handle_at
|
||||
rnp_key_handle_destroy
|
||||
rnp_key_have_public
|
||||
rnp_key_have_secret
|
||||
rnp_key_is_compromised
|
||||
+rnp_key_is_expired
|
||||
rnp_key_is_locked
|
||||
rnp_key_is_primary
|
||||
rnp_key_is_protected
|
||||
rnp_key_is_retired
|
||||
rnp_key_is_revoked
|
||||
@@ -112,10 +114,11 @@ rnp_op_encrypt_set_cipher
|
||||
rnp_op_encrypt_set_compression
|
||||
rnp_op_encrypt_set_creation_time
|
||||
rnp_op_encrypt_set_expiration_time
|
||||
rnp_op_encrypt_set_file_mtime
|
||||
rnp_op_encrypt_set_file_name
|
||||
+rnp_op_encrypt_set_flags
|
||||
rnp_op_encrypt_set_hash
|
||||
rnp_op_generate_add_pref_cipher
|
||||
rnp_op_generate_add_pref_compression
|
||||
rnp_op_generate_add_pref_hash
|
||||
rnp_op_generate_add_usage
|
||||
@@ -169,10 +172,11 @@ rnp_op_verify_get_signature_at
|
||||
rnp_op_verify_get_signature_count
|
||||
rnp_op_verify_get_symenc_at
|
||||
rnp_op_verify_get_symenc_count
|
||||
rnp_op_verify_get_used_recipient
|
||||
rnp_op_verify_get_used_symenc
|
||||
+rnp_op_verify_set_flags
|
||||
rnp_op_verify_signature_get_handle
|
||||
rnp_op_verify_signature_get_hash
|
||||
rnp_op_verify_signature_get_key
|
||||
rnp_op_verify_signature_get_status
|
||||
rnp_op_verify_signature_get_times
|
||||
@@ -185,21 +189,24 @@ rnp_output_to_armor
|
||||
rnp_output_to_callback
|
||||
rnp_output_to_file
|
||||
rnp_output_to_memory
|
||||
rnp_output_to_null
|
||||
rnp_output_to_path
|
||||
+rnp_output_to_stdout
|
||||
rnp_output_write
|
||||
rnp_recipient_get_alg
|
||||
rnp_recipient_get_keyid
|
||||
rnp_remove_security_rule
|
||||
rnp_request_password
|
||||
rnp_result_to_string
|
||||
rnp_save_keys
|
||||
+rnp_set_timestamp
|
||||
rnp_signature_get_alg
|
||||
rnp_signature_get_creation
|
||||
rnp_signature_get_expiration
|
||||
rnp_signature_get_hash_alg
|
||||
+rnp_signature_get_key_fprint
|
||||
rnp_signature_get_keyid
|
||||
rnp_signature_get_signer
|
||||
rnp_signature_get_type
|
||||
rnp_signature_handle_destroy
|
||||
rnp_signature_is_valid
|
32
SOURCES/backport-rnp-0.16.2-to-esr102-j-bug-1790662.patch
Normal file
32
SOURCES/backport-rnp-0.16.2-to-esr102-j-bug-1790662.patch
Normal file
@ -0,0 +1,32 @@
|
||||
# HG changeset patch
|
||||
# User Rob Lemley <rob@thunderbird.net>
|
||||
# Date 1663091141 0
|
||||
# Tue Sep 13 17:45:41 2022 +0000
|
||||
# Node ID fbc2cf15893e40959b04d22c9efa4d424aeb5c4f
|
||||
# Parent 121afb4ed9b0e282cf6690736ffadf1498578434
|
||||
Bug 1790662 - Update librnp compiler include path for new location of json-c's json.h r=dandarnell
|
||||
|
||||
|
||||
json.h from json-c is now a preprocessed file and is found in the object directory
|
||||
rather than the source directory.
|
||||
|
||||
Depends on D157961
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D157962
|
||||
|
||||
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
||||
--- a/comm/third_party/rnp/moz.build
|
||||
+++ b/comm/third_party/rnp/moz.build
|
||||
@@ -81,11 +81,11 @@ else:
|
||||
|
||||
if CONFIG["MZLA_SYSTEM_JSONC"]:
|
||||
CXXFLAGS += CONFIG["MZLA_JSONC_CFLAGS"]
|
||||
else:
|
||||
IQuote("{}/../json-c".format(OBJDIR))
|
||||
- LOCAL_INCLUDES += ["../json-c"]
|
||||
+ LOCAL_INCLUDES += ["!../json-c", "../json-c"]
|
||||
|
||||
if CONFIG["MZLA_SYSTEM_BZIP2"]:
|
||||
CXXFLAGS += CONFIG["MZLA_BZIP2_CFLAGS"]
|
||||
else:
|
||||
LOCAL_INCLUDES += ["../bzip2"]
|
3188
SOURCES/backport-rnp-0.16.2-to-esr102-k-bug-1790662.patch
Normal file
3188
SOURCES/backport-rnp-0.16.2-to-esr102-k-bug-1790662.patch
Normal file
File diff suppressed because it is too large
Load Diff
450
SOURCES/backport-rnp-0.16.2-to-esr102-l-bug-1791195.patch
Normal file
450
SOURCES/backport-rnp-0.16.2-to-esr102-l-bug-1791195.patch
Normal file
@ -0,0 +1,450 @@
|
||||
# HG changeset patch
|
||||
# User Kai Engert <kaie@kuix.de>
|
||||
# Date 1666897160 -7200
|
||||
# Thu Oct 27 20:59:20 2022 +0200
|
||||
# Node ID af0b1f5e4c7710f824c6141103e516ca60bc78aa
|
||||
# Parent adfbf6378df82c8b2e087427a48ddc5cbe13aadd
|
||||
Bug 1791195 - Add RNP security rules to obsolete our patches to RNP. r=mkmelin,o.nickolay
|
||||
|
||||
diff --git a/comm/mail/extensions/openpgp/content/modules/RNP.jsm b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
||||
--- a/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
||||
+++ b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
||||
@@ -1863,12 +1863,12 @@ var RNP = {
|
||||
|
||||
if (keyBlockStr.length > RNP.maxImportKeyBlockSize) {
|
||||
throw new Error("rejecting big keyblock");
|
||||
}
|
||||
|
||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||
+ let tempFFI = RNPLib.prepare_ffi();
|
||||
+ if (!tempFFI) {
|
||||
throw new Error("Couldn't initialize librnp.");
|
||||
}
|
||||
|
||||
let pubKey;
|
||||
if (!this.importToFFI(tempFFI, keyBlockStr, true, false, permissive)) {
|
||||
@@ -1892,12 +1892,12 @@ var RNP = {
|
||||
|
||||
if (keyBlockStr.length > RNP.maxImportKeyBlockSize) {
|
||||
throw new Error("rejecting big keyblock");
|
||||
}
|
||||
|
||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||
+ let tempFFI = RNPLib.prepare_ffi();
|
||||
+ if (!tempFFI) {
|
||||
throw new Error("Couldn't initialize librnp.");
|
||||
}
|
||||
|
||||
let keyList = null;
|
||||
if (!this.importToFFI(tempFFI, keyBlockStr, pubkey, seckey, permissive)) {
|
||||
@@ -1929,12 +1929,12 @@ var RNP = {
|
||||
async mergePublicKeyBlocks(fingerprint, ...keyBlocks) {
|
||||
if (keyBlocks.some(b => b.length > RNP.maxImportKeyBlockSize)) {
|
||||
throw new Error("keyBlock too big");
|
||||
}
|
||||
|
||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||
+ let tempFFI = RNPLib.prepare_ffi();
|
||||
+ if (!tempFFI) {
|
||||
throw new Error("Couldn't initialize librnp.");
|
||||
}
|
||||
|
||||
const pubkey = true;
|
||||
const seckey = false;
|
||||
@@ -2067,12 +2067,12 @@ var RNP = {
|
||||
let result = {};
|
||||
result.exitCode = -1;
|
||||
result.importedKeys = [];
|
||||
result.errorMsg = "";
|
||||
|
||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||
+ let tempFFI = RNPLib.prepare_ffi();
|
||||
+ if (!tempFFI) {
|
||||
throw new Error("Couldn't initialize librnp.");
|
||||
}
|
||||
|
||||
// TODO: check result
|
||||
if (this.importToFFI(tempFFI, keyBlockStr, pubkey, seckey, permissive)) {
|
||||
@@ -3115,12 +3115,12 @@ var RNP = {
|
||||
*
|
||||
*/
|
||||
export_pubkey_strip_sigs_uids(expKey, keepUserIDs, out_binary) {
|
||||
let expKeyId = this.getKeyIDFromHandle(expKey);
|
||||
|
||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||
+ let tempFFI = RNPLib.prepare_ffi();
|
||||
+ if (!tempFFI) {
|
||||
throw new Error("Couldn't initialize librnp.");
|
||||
}
|
||||
|
||||
let exportFlags =
|
||||
RNPLib.RNP_KEY_EXPORT_SUBKEYS | RNPLib.RNP_KEY_EXPORT_PUBLIC;
|
||||
@@ -3399,12 +3399,12 @@ var RNP = {
|
||||
))
|
||||
) {
|
||||
throw new Error("rnp_output_to_armor failed:" + rv);
|
||||
}
|
||||
|
||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||
+ let tempFFI = RNPLib.prepare_ffi();
|
||||
+ if (!tempFFI) {
|
||||
throw new Error("Couldn't initialize librnp.");
|
||||
}
|
||||
|
||||
let internalPassword = await OpenPGPMasterpass.retrieveOpenPGPPassword();
|
||||
|
||||
diff --git a/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm b/mail/extensions/openpgp/content/modules/RNPLib/comm.jsm
|
||||
--- a/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm
|
||||
+++ b/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm
|
||||
@@ -13,11 +13,11 @@ XPCOMUtils.defineLazyModuleGetters(this,
|
||||
OpenPGPMasterpass: "chrome://openpgp/content/modules/masterpass.jsm",
|
||||
Services: "resource://gre/modules/Services.jsm",
|
||||
setTimeout: "resource://gre/modules/Timer.jsm",
|
||||
});
|
||||
|
||||
-const MIN_RNP_VERSION = [0, 16, 0];
|
||||
+const MIN_RNP_VERSION = [0, 16, 2];
|
||||
|
||||
var systemOS = Services.appinfo.OS.toLowerCase();
|
||||
var abi = ctypes.default_abi;
|
||||
|
||||
// Open librnp. Determine the path to the chrome directory and look for it
|
||||
@@ -149,10 +149,12 @@ function enableRNPLibJS() {
|
||||
// this must be delayed until after "librnp" is initialized
|
||||
|
||||
RNPLib = {
|
||||
path: librnpPath,
|
||||
|
||||
+ // Handle to the RNP library and primary key data store.
|
||||
+ // Kept at null if init fails.
|
||||
ffi: null,
|
||||
|
||||
// returns rnp_input_t, destroy using rnp_input_destroy
|
||||
async createInputFromPath(path) {
|
||||
// IOUtils.read always returns an array.
|
||||
@@ -265,13 +267,204 @@ function enableRNPLibJS() {
|
||||
const min_version = this.rnp_version_for(...MIN_RNP_VERSION);
|
||||
const this_version = this.rnp_version();
|
||||
return Boolean(this_version >= min_version);
|
||||
},
|
||||
|
||||
+ /**
|
||||
+ * Prepare an RNP library handle, and in addition set all the
|
||||
+ * application's preferences for library behavior.
|
||||
+ *
|
||||
+ * Other application code should NOT call rnp_ffi_create directly,
|
||||
+ * but obtain an RNP library handle from this function.
|
||||
+ */
|
||||
+ prepare_ffi() {
|
||||
+ let ffi = new rnp_ffi_t();
|
||||
+ if (this._rnp_ffi_create(ffi.address(), "GPG", "GPG")) {
|
||||
+ return null;
|
||||
+ }
|
||||
+
|
||||
+ // Treat MD5 as insecure.
|
||||
+ if (
|
||||
+ this.rnp_add_security_rule(
|
||||
+ ffi,
|
||||
+ this.RNP_FEATURE_HASH_ALG,
|
||||
+ this.RNP_ALGNAME_MD5,
|
||||
+ this.RNP_SECURITY_OVERRIDE,
|
||||
+ 0,
|
||||
+ this.RNP_SECURITY_INSECURE
|
||||
+ )
|
||||
+ ) {
|
||||
+ return null;
|
||||
+ }
|
||||
+
|
||||
+ // Use RNP's default rule for SHA1 used with data signatures,
|
||||
+ // and use our override to allow it for key signatures.
|
||||
+ if (
|
||||
+ this.rnp_add_security_rule(
|
||||
+ ffi,
|
||||
+ this.RNP_FEATURE_HASH_ALG,
|
||||
+ this.RNP_ALGNAME_SHA1,
|
||||
+ this.RNP_SECURITY_VERIFY_KEY | this.RNP_SECURITY_OVERRIDE,
|
||||
+ 0,
|
||||
+ this.RNP_SECURITY_DEFAULT
|
||||
+ )
|
||||
+ ) {
|
||||
+ return null;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ // Security rules API does not yet support PK and SYMM algs.
|
||||
+ //
|
||||
+ // If a hash algorithm is already disabled at build time,
|
||||
+ // and an attempt is made to set a security rule for that
|
||||
+ // algorithm, then RNP returns a failure.
|
||||
+ //
|
||||
+ // Ideally, RNP should allow these calls (regardless of build time
|
||||
+ // settings) to define an application security rule, that is
|
||||
+ // independent of the configuration used for building the
|
||||
+ // RNP library.
|
||||
+
|
||||
+ if (
|
||||
+ this.rnp_add_security_rule(
|
||||
+ ffi,
|
||||
+ this.RNP_FEATURE_HASH_ALG,
|
||||
+ this.RNP_ALGNAME_SM3,
|
||||
+ this.RNP_SECURITY_OVERRIDE,
|
||||
+ 0,
|
||||
+ this.RNP_SECURITY_PROHIBITED
|
||||
+ )
|
||||
+ ) {
|
||||
+ return null;
|
||||
+ }
|
||||
+
|
||||
+ if (
|
||||
+ this.rnp_add_security_rule(
|
||||
+ ffi,
|
||||
+ this.RNP_FEATURE_PK_ALG,
|
||||
+ this.RNP_ALGNAME_SM2,
|
||||
+ this.RNP_SECURITY_OVERRIDE,
|
||||
+ 0,
|
||||
+ this.RNP_SECURITY_PROHIBITED
|
||||
+ )
|
||||
+ ) {
|
||||
+ return null;
|
||||
+ }
|
||||
+
|
||||
+ if (
|
||||
+ this.rnp_add_security_rule(
|
||||
+ ffi,
|
||||
+ this.RNP_FEATURE_SYMM_ALG,
|
||||
+ this.RNP_ALGNAME_SM4,
|
||||
+ this.RNP_SECURITY_OVERRIDE,
|
||||
+ 0,
|
||||
+ this.RNP_SECURITY_PROHIBITED
|
||||
+ )
|
||||
+ ) {
|
||||
+ return null;
|
||||
+ }
|
||||
+ */
|
||||
+
|
||||
+ return ffi;
|
||||
+ },
|
||||
+
|
||||
+ /**
|
||||
+ * Test the correctness of security rules, in particular, test
|
||||
+ * if the given hash algorithm is allowed at the given time.
|
||||
+ *
|
||||
+ * This is an application consistency test. If the behavior isn't
|
||||
+ * according to the expectation, the function throws an error.
|
||||
+ *
|
||||
+ * @param {string} hashAlg - Test this hash algorithm
|
||||
+ * @param {time_t} time - Test status at this timestamp
|
||||
+ * @param {boolean} keySigAllowed - Test if using the hash algorithm
|
||||
+ * is allowed for signatures found inside OpenPGP keys.
|
||||
+ * @param {boolean} dataSigAllowed - Test if using the hash algorithm
|
||||
+ * is allowed for signatures on data.
|
||||
+ */
|
||||
+ _confirmSecurityRule(hashAlg, time, keySigAllowed, dataSigAllowed) {
|
||||
+ let level = new ctypes.uint32_t();
|
||||
+ let flag = new ctypes.uint32_t();
|
||||
+
|
||||
+ flag.value = this.RNP_SECURITY_VERIFY_DATA;
|
||||
+ let testDataSuccess = false;
|
||||
+ if (
|
||||
+ !RNPLib.rnp_get_security_rule(
|
||||
+ this.ffi,
|
||||
+ this.RNP_FEATURE_HASH_ALG,
|
||||
+ hashAlg,
|
||||
+ time,
|
||||
+ flag.address(),
|
||||
+ null,
|
||||
+ level.address()
|
||||
+ )
|
||||
+ ) {
|
||||
+ if (dataSigAllowed) {
|
||||
+ testDataSuccess = level.value == RNPLib.RNP_SECURITY_DEFAULT;
|
||||
+ } else {
|
||||
+ testDataSuccess = level.value < RNPLib.RNP_SECURITY_DEFAULT;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!testDataSuccess) {
|
||||
+ throw new Error("security configuration for data signatures failed");
|
||||
+ }
|
||||
+
|
||||
+ flag.value = this.RNP_SECURITY_VERIFY_KEY;
|
||||
+ let testKeySuccess = false;
|
||||
+ if (
|
||||
+ !RNPLib.rnp_get_security_rule(
|
||||
+ this.ffi,
|
||||
+ this.RNP_FEATURE_HASH_ALG,
|
||||
+ hashAlg,
|
||||
+ time,
|
||||
+ flag.address(),
|
||||
+ null,
|
||||
+ level.address()
|
||||
+ )
|
||||
+ ) {
|
||||
+ if (keySigAllowed) {
|
||||
+ testKeySuccess = level.value == RNPLib.RNP_SECURITY_DEFAULT;
|
||||
+ } else {
|
||||
+ testKeySuccess = level.value < RNPLib.RNP_SECURITY_DEFAULT;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!testKeySuccess) {
|
||||
+ throw new Error("security configuration for key signatures failed");
|
||||
+ }
|
||||
+ },
|
||||
+
|
||||
+ /**
|
||||
+ * Perform tests that the RNP library behaves according to the
|
||||
+ * defined security rules.
|
||||
+ * If a problem is found, the function throws an error.
|
||||
+ */
|
||||
+ _sanityCheckSecurityRules() {
|
||||
+ let time_t_now = Math.round(Date.now() / 1000);
|
||||
+ let ten_years_in_seconds = 10 * 365 * 24 * 60 * 60;
|
||||
+ let ten_years_future = time_t_now + ten_years_in_seconds;
|
||||
+
|
||||
+ this._confirmSecurityRule(this.RNP_ALGNAME_MD5, time_t_now, false, false);
|
||||
+ this._confirmSecurityRule(
|
||||
+ this.RNP_ALGNAME_MD5,
|
||||
+ ten_years_future,
|
||||
+ false,
|
||||
+ false
|
||||
+ );
|
||||
+
|
||||
+ this._confirmSecurityRule(this.RNP_ALGNAME_SHA1, time_t_now, true, false);
|
||||
+ this._confirmSecurityRule(
|
||||
+ this.RNP_ALGNAME_SHA1,
|
||||
+ ten_years_future,
|
||||
+ true,
|
||||
+ false
|
||||
+ );
|
||||
+ },
|
||||
+
|
||||
async init() {
|
||||
- this.ffi = new rnp_ffi_t();
|
||||
- if (this.rnp_ffi_create(this.ffi.address(), "GPG", "GPG")) {
|
||||
+ this.ffi = this.prepare_ffi();
|
||||
+ if (!this.ffi) {
|
||||
throw new Error("Couldn't initialize librnp.");
|
||||
}
|
||||
|
||||
this.rnp_ffi_set_log_fd(this.ffi, 2); // stderr
|
||||
|
||||
@@ -286,10 +479,18 @@ function enableRNPLibJS() {
|
||||
null
|
||||
);
|
||||
|
||||
let { pubRingPath, secRingPath } = this.getFilenames();
|
||||
|
||||
+ try {
|
||||
+ this._sanityCheckSecurityRules();
|
||||
+ } catch (e) {
|
||||
+ // Disable all RNP operation
|
||||
+ this.ffi = null;
|
||||
+ throw e;
|
||||
+ }
|
||||
+
|
||||
await this.loadWithFallback(pubRingPath, this.RNP_LOAD_SAVE_PUBLIC_KEYS);
|
||||
await this.loadWithFallback(secRingPath, this.RNP_LOAD_SAVE_SECRET_KEYS);
|
||||
|
||||
let pubnum = new ctypes.size_t();
|
||||
this.rnp_get_public_key_count(this.ffi, pubnum.address());
|
||||
@@ -481,10 +682,14 @@ function enableRNPLibJS() {
|
||||
* @param {string} path - The file path to save to.
|
||||
* @param {number} keyRingFlag - RNP_LOAD_SAVE_PUBLIC_KEYS or
|
||||
* RNP_LOAD_SAVE_SECRET_KEYS.
|
||||
*/
|
||||
async saveKeyRing(path, keyRingFlag) {
|
||||
+ if (!this.ffi) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
let oldPath = path + ".old";
|
||||
|
||||
// Ignore failure, oldPath might not exist yet.
|
||||
await IOUtils.copy(path, oldPath).catch(() => {});
|
||||
|
||||
@@ -540,10 +745,13 @@ function enableRNPLibJS() {
|
||||
tmpPath: path + ".tmp-new",
|
||||
});
|
||||
},
|
||||
|
||||
async saveKeys() {
|
||||
+ if (!this.ffi) {
|
||||
+ return;
|
||||
+ }
|
||||
let { pubRingPath, secRingPath } = this.getFilenames();
|
||||
|
||||
let saveThem = async () => {
|
||||
await this.saveKeyRing(pubRingPath, this.RNP_LOAD_SAVE_PUBLIC_KEYS);
|
||||
await this.saveKeyRing(secRingPath, this.RNP_LOAD_SAVE_SECRET_KEYS);
|
||||
@@ -600,11 +808,13 @@ function enableRNPLibJS() {
|
||||
abi,
|
||||
ctypes.char.ptr
|
||||
),
|
||||
|
||||
// Get a RNP library handle.
|
||||
- rnp_ffi_create: librnp.declare(
|
||||
+ // Mark with leading underscore, to clarify that this function
|
||||
+ // shouldn't be called directly - you should call prepare_ffi().
|
||||
+ _rnp_ffi_create: librnp.declare(
|
||||
"rnp_ffi_create",
|
||||
abi,
|
||||
rnp_result_t,
|
||||
rnp_ffi_t.ptr,
|
||||
ctypes.char.ptr,
|
||||
@@ -1713,10 +1923,22 @@ function enableRNPLibJS() {
|
||||
ctypes.uint32_t.ptr,
|
||||
ctypes.uint64_t.ptr,
|
||||
ctypes.uint32_t.ptr
|
||||