Merge branch 'a9' into a9-plus
This commit is contained in:
commit
e277d18507
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,6 +1,6 @@
|
|||||||
SOURCES/cbindgen-vendor.tar.xz
|
SOURCES/cbindgen-vendor.tar.xz
|
||||||
SOURCES/nspr-4.34.0-3.el8_1.src.rpm
|
SOURCES/nspr-4.34.0-3.el8_1.src.rpm
|
||||||
SOURCES/nss-3.79.0-6.el8_1.src.rpm
|
SOURCES/nss-3.79.0-6.el8_1.src.rpm
|
||||||
SOURCES/thunderbird-102.5.0.processed-source.tar.xz
|
SOURCES/thunderbird-102.6.0.processed-source.tar.xz
|
||||||
SOURCES/thunderbird-langpacks-102.5.0-20221115.tar.xz
|
SOURCES/thunderbird-langpacks-102.6.0-20221213.tar.xz
|
||||||
SOURCES/thunderbird-symbolic.svg
|
SOURCES/thunderbird-symbolic.svg
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
2a430d6252dbea45482ba316a6e9fa605c15e747 SOURCES/cbindgen-vendor.tar.xz
|
2a430d6252dbea45482ba316a6e9fa605c15e747 SOURCES/cbindgen-vendor.tar.xz
|
||||||
af58b3c87a8b5491dde63b07efaeb3d7f1ec56c1 SOURCES/nspr-4.34.0-3.el8_1.src.rpm
|
af58b3c87a8b5491dde63b07efaeb3d7f1ec56c1 SOURCES/nspr-4.34.0-3.el8_1.src.rpm
|
||||||
fc5297c6830f0a1e88f84b94b0b066487664061b SOURCES/nss-3.79.0-6.el8_1.src.rpm
|
fc5297c6830f0a1e88f84b94b0b066487664061b SOURCES/nss-3.79.0-6.el8_1.src.rpm
|
||||||
9aa205e4b8d075f7292d9b1941ca70f7f17ca914 SOURCES/thunderbird-102.5.0.processed-source.tar.xz
|
2e5705870dd47decb800757a4e26d288b24b61b1 SOURCES/thunderbird-102.6.0.processed-source.tar.xz
|
||||||
cd691f3bb1cd19e1102bca10a3bac61e013f9e03 SOURCES/thunderbird-langpacks-102.5.0-20221115.tar.xz
|
d28522497a56117469dbabbde833b69619d8e090 SOURCES/thunderbird-langpacks-102.6.0-20221213.tar.xz
|
||||||
42e80b86948cdba0f69af5b15a69bc6a1274d938 SOURCES/thunderbird-symbolic.svg
|
42e80b86948cdba0f69af5b15a69bc6a1274d938 SOURCES/thunderbird-symbolic.svg
|
||||||
|
322
SOURCES/D161379.diff
Normal file
322
SOURCES/D161379.diff
Normal file
@ -0,0 +1,322 @@
|
|||||||
|
diff -up comm/third_party/moz.build.D161379.diff comm/third_party/moz.build
|
||||||
|
--- comm/third_party/moz.build.D161379.diff 2022-10-14 21:45:15.000000000 +0200
|
||||||
|
+++ comm/third_party/moz.build 2022-11-10 11:49:44.194016978 +0100
|
||||||
|
@@ -11,9 +11,11 @@ if CONFIG["TB_LIBOTR_PREBUILT"]:
|
||||||
|
|
||||||
|
if CONFIG["MZLA_LIBRNP"]:
|
||||||
|
DIRS += [
|
||||||
|
- "botan",
|
||||||
|
"bzip2",
|
||||||
|
"json-c",
|
||||||
|
"rnp",
|
||||||
|
"zlib",
|
||||||
|
]
|
||||||
|
+ if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
|
||||||
|
+ DIRS += [ "botan" ]
|
||||||
|
+
|
||||||
|
diff -up comm/third_party/openpgp.configure.D161379.diff comm/third_party/openpgp.configure
|
||||||
|
--- comm/third_party/openpgp.configure.D161379.diff 2022-11-10 11:49:37.605024129 +0100
|
||||||
|
+++ comm/third_party/openpgp.configure 2022-11-10 11:49:44.194016978 +0100
|
||||||
|
@@ -199,16 +199,136 @@ with only_when(in_tree_librnp):
|
||||||
|
set_config("MZLA_BZIP2_CFLAGS", bzip2_flags.cflags)
|
||||||
|
set_config("MZLA_BZIP2_LIBS", bzip2_flags.ldflags)
|
||||||
|
|
||||||
|
- # BOTAN --with-system-botan
|
||||||
|
- system_lib_option(
|
||||||
|
- "--with-system-botan",
|
||||||
|
- help="Use system Botan for librnp (located with pkgconfig)",
|
||||||
|
- )
|
||||||
|
-
|
||||||
|
- botan_pkg = pkg_check_modules(
|
||||||
|
- "MZLA_BOTAN", "botan-2 >= 2.8.0", when="--with-system-botan"
|
||||||
|
- )
|
||||||
|
- set_config("MZLA_SYSTEM_BOTAN", depends_if(botan_pkg)(lambda _: True))
|
||||||
|
+ # librnp crypto backend selection
|
||||||
|
+ option("--with-librnp-backend",
|
||||||
|
+ help="Build librnp with the selected backend: {botan, openssl}",
|
||||||
|
+ default="botan")
|
||||||
|
+
|
||||||
|
+ @depends("--with-librnp-backend")
|
||||||
|
+ def librnp_backend(backend):
|
||||||
|
+ allowed = ("botan", "openssl")
|
||||||
|
+ if backend[0] in allowed:
|
||||||
|
+ return backend[0]
|
||||||
|
+ else:
|
||||||
|
+ die(f"Unsupported librnp backend {backend[0]}.")
|
||||||
|
+
|
||||||
|
+ set_config("MZLA_LIBRNP_BACKEND", librnp_backend)
|
||||||
|
+
|
||||||
|
+ @depends(librnp_backend)
|
||||||
|
+ def rnp_botan(backend):
|
||||||
|
+ return backend == "botan"
|
||||||
|
+
|
||||||
|
+ @depends(librnp_backend)
|
||||||
|
+ def rnp_openssl(backend):
|
||||||
|
+ return backend == "openssl"
|
||||||
|
+
|
||||||
|
+ # Botan backend (--with-system-botan)
|
||||||
|
+ with only_when(rnp_botan):
|
||||||
|
+ system_lib_option(
|
||||||
|
+ "--with-system-botan",
|
||||||
|
+ help="Use system Botan for librnp (located with pkgconfig)",
|
||||||
|
+ )
|
||||||
|
+
|
||||||
|
+ botan_pkg = pkg_check_modules(
|
||||||
|
+ "MZLA_BOTAN", "botan-2 >= 2.8.0", when="--with-system-botan"
|
||||||
|
+ )
|
||||||
|
+ set_config("MZLA_SYSTEM_BOTAN", depends_if(botan_pkg)(lambda _: True))
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ # OpenSSL backend
|
||||||
|
+ with only_when(rnp_openssl):
|
||||||
|
+ option(
|
||||||
|
+ "--with-openssl",
|
||||||
|
+ nargs=1,
|
||||||
|
+ help="OpenSSL library prefix (when not found by pkgconfig)"
|
||||||
|
+ )
|
||||||
|
+ openssl_pkg = pkg_check_modules(
|
||||||
|
+ "MZLA_LIBRNP_OPENSSL",
|
||||||
|
+ "openssl > 1.1.1",
|
||||||
|
+ allow_missing=True,
|
||||||
|
+ config=False
|
||||||
|
+ )
|
||||||
|
+ @depends_if("--with-openssl", openssl_pkg)
|
||||||
|
+ @imports(_from="os.path", _import="isdir")
|
||||||
|
+ @imports(_from="os.path", _import="join")
|
||||||
|
+ def openssl_flags(openssl_prefix, openssl_pkg):
|
||||||
|
+ if openssl_prefix:
|
||||||
|
+ openssl_prefix = openssl_prefix[0]
|
||||||
|
+ include = join(openssl_prefix, "include")
|
||||||
|
+ lib = join(openssl_prefix, "lib")
|
||||||
|
+ if not isdir(lib):
|
||||||
|
+ lib = join(openssl_prefix, "lib64")
|
||||||
|
+ if isdir(include) and isdir(lib):
|
||||||
|
+ log.info(f"Using OpenSSL at {openssl_prefix}.")
|
||||||
|
+ return namespace(
|
||||||
|
+ cflags=(f"-I{include}",),
|
||||||
|
+ ldflags=(f"-L{lib}", "-lssl", "-lcrypto"),
|
||||||
|
+ )
|
||||||
|
+ if openssl_pkg:
|
||||||
|
+ return namespace(
|
||||||
|
+ cflags=openssl_pkg.cflags,
|
||||||
|
+ ldflags=openssl_pkg.libs,
|
||||||
|
+ )
|
||||||
|
+ set_config("MZLA_LIBRNP_OPENSSL_CFLAGS", openssl_flags.cflags)
|
||||||
|
+ set_config("MZLA_LIBRNP_OPENSSL_LIBS", openssl_flags.ldflags)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ @depends(c_compiler, openssl_flags)
|
||||||
|
+ @imports(_from="textwrap", _import="dedent")
|
||||||
|
+ def openssl_version(compiler, openssl_flags):
|
||||||
|
+ log.info("Checking for OpenSSL >= 1.1.1")
|
||||||
|
+ if openssl_flags is None:
|
||||||
|
+ die("OpenSSL not found. Must be locatable with pkg-config or use --with-openssl.")
|
||||||
|
+
|
||||||
|
+ def ossl_hexver(hex_str):
|
||||||
|
+ # See opensshlv.h for description of OPENSSL_VERSION_NUMBER
|
||||||
|
+ MIN_OSSL_VER = 0x1010100f # Version 1.1.1
|
||||||
|
+ ver_as_int = int(hex_str[:-1], 16)
|
||||||
|
+ ossl_major = (ver_as_int & 0xf0000000) >> 28
|
||||||
|
+ ossl_minor = (ver_as_int & 0x0ff00000) >> 20
|
||||||
|
+ ossl_fix = (ver_as_int & 0x000ff000) >> 12
|
||||||
|
+ ossl_patch = chr(96 + (ver_as_int & 0x00000ff0) >> 4) # as a letter a-z
|
||||||
|
+ ver_as_str = f"{ossl_major}.{ossl_minor}.{ossl_fix}{ossl_patch}"
|
||||||
|
+ if ver_as_int < MIN_OSSL_VER:
|
||||||
|
+ die(f"OpenSSL version {ver_as_str} is too old.")
|
||||||
|
+ return ver_as_str
|
||||||
|
+
|
||||||
|
+ check = dedent(
|
||||||
|
+ """\
|
||||||
|
+ #include <openssl/opensslv.h>
|
||||||
|
+ #ifdef OPENSSL_VERSION_STR
|
||||||
|
+ OPENSSL_VERSION_STR
|
||||||
|
+ #elif defined(OPENSSL_VERSION_NUMBER)
|
||||||
|
+ OPENSSL_VERSION_NUMBER
|
||||||
|
+ #else
|
||||||
|
+ #error Unable to determine OpenSSL version.
|
||||||
|
+ #endif
|
||||||
|
+ """
|
||||||
|
+ )
|
||||||
|
+ result = try_preprocess(
|
||||||
|
+ compiler.wrapper
|
||||||
|
+ + [compiler.compiler]
|
||||||
|
+ + compiler.flags
|
||||||
|
+ + list(openssl_flags.cflags),
|
||||||
|
+ "C",
|
||||||
|
+ check
|
||||||
|
+ )
|
||||||
|
+ if result:
|
||||||
|
+ openssl_ver = result.splitlines()[-1]
|
||||||
|
+ if openssl_ver.startswith("0x"):
|
||||||
|
+ # OpenSSL 1.x.x - like 0x1010107fL
|
||||||
|
+ openssl_ver = ossl_hexver(openssl_ver)
|
||||||
|
+ else:
|
||||||
|
+ # OpenSSL 3.x.x - quoted version like "3.0.7"
|
||||||
|
+ openssl_ver = openssl_ver.replace('"', "")
|
||||||
|
+ major_version = openssl_ver.split(".")[0]
|
||||||
|
+ if major_version != "3":
|
||||||
|
+ die("Unrecognized OpenSSL version {openssl_version} found. Require >= 1.1.1 or 3.x.x")
|
||||||
|
+
|
||||||
|
+ log.info(f"Found OpenSSL {openssl_ver}.")
|
||||||
|
+ return openssl_ver
|
||||||
|
+
|
||||||
|
+ set_config("MZLA_LIBRNP_OPENSSL_VERSION", openssl_version)
|
||||||
|
|
||||||
|
# Checks for building librnp itself
|
||||||
|
# =================================
|
||||||
|
diff -up comm/third_party/rnp/moz.build.D161379.diff comm/third_party/rnp/moz.build
|
||||||
|
--- comm/third_party/rnp/moz.build.D161379.diff 2022-11-10 11:49:43.682017534 +0100
|
||||||
|
+++ comm/third_party/rnp/moz.build 2022-11-10 11:51:22.878909880 +0100
|
||||||
|
@@ -36,17 +36,53 @@ if CONFIG["CC_TYPE"] == "clang-cl":
|
||||||
|
"/EHs",
|
||||||
|
]
|
||||||
|
|
||||||
|
+LOCAL_INCLUDES = [
|
||||||
|
+ "include",
|
||||||
|
+ "src",
|
||||||
|
+ "src/common",
|
||||||
|
+ "src/lib",
|
||||||
|
+]
|
||||||
|
+
|
||||||
|
+IQuote(
|
||||||
|
+ "{}/src/lib".format(OBJDIR),
|
||||||
|
+ "{}/src/lib".format(SRCDIR),
|
||||||
|
+)
|
||||||
|
+
|
||||||
|
+# Set up defines for src/lib/config.h
|
||||||
|
rnp_defines = {
|
||||||
|
"HAVE_BZLIB_H": True,
|
||||||
|
"HAVE_ZLIB_H": True,
|
||||||
|
- "CRYPTO_BACKEND_OPENSSL": True,
|
||||||
|
- "ENABLE_AEAD": True,
|
||||||
|
- "ENABLE_TWOFISH": True,
|
||||||
|
- "ENABLE_BRAINPOOL": True,
|
||||||
|
"ENABLE_IDEA": True,
|
||||||
|
"PACKAGE_BUGREPORT": '"https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"',
|
||||||
|
"PACKAGE_STRING": '"rnp {}"'.format(CONFIG["MZLA_LIBRNP_FULL_VERSION"])
|
||||||
|
}
|
||||||
|
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
|
||||||
|
+ LOCAL_INCLUDES += ["!../botan/build/include"]
|
||||||
|
+ if CONFIG["MZLA_SYSTEM_BOTAN"]:
|
||||||
|
+ CXXFLAGS += CONFIG["MZLA_BOTAN_CFLAGS"]
|
||||||
|
+
|
||||||
|
+ rnp_defines.update({
|
||||||
|
+ "CRYPTO_BACKEND_BOTAN": True,
|
||||||
|
+ "ENABLE_AEAD": True,
|
||||||
|
+ "ENABLE_TWOFISH": True,
|
||||||
|
+ "ENABLE_BRAINPOOL": True,
|
||||||
|
+ })
|
||||||
|
+elif CONFIG["MZLA_LIBRNP_BACKEND"] == "openssl":
|
||||||
|
+ CXXFLAGS += CONFIG["MZLA_LIBRNP_OPENSSL_CFLAGS"]
|
||||||
|
+ OS_LIBS += CONFIG["MZLA_LIBRNP_OPENSSL_LIBS"]
|
||||||
|
+
|
||||||
|
+ rnp_defines.update({
|
||||||
|
+ "CRYPTO_BACKEND_OPENSSL": True,
|
||||||
|
+ # Not supported with RNP+OpenSSL https://github.com/rnpgp/rnp/issues/1642
|
||||||
|
+ "ENABLE_AEAD": False,
|
||||||
|
+ # Not supported by OpenSSL https://github.com/openssl/openssl/issues/2046
|
||||||
|
+ "ENABLE_TWOFISH": False,
|
||||||
|
+ # Supported, but not with RHEL's OpenSSL, disabled for now;
|
||||||
|
+ "ENABLE_BRAINPOOL": False,
|
||||||
|
+ })
|
||||||
|
+ if CONFIG["MZLA_LIBRNP_OPENSSL_VERSION"][0] == "3":
|
||||||
|
+ rnp_defines["CRYPTO_BACKEND_OPENSSL3"] = True
|
||||||
|
+
|
||||||
|
GeneratedFile(
|
||||||
|
"src/lib/config.h",
|
||||||
|
script="/comm/python/rocbuild/process_cmake_define_files.py",
|
||||||
|
@@ -57,23 +93,6 @@ GeneratedFile(
|
||||||
|
],
|
||||||
|
)
|
||||||
|
|
||||||
|
-LOCAL_INCLUDES = [
|
||||||
|
- "include",
|
||||||
|
- "src",
|
||||||
|
- "src/common",
|
||||||
|
- "src/lib",
|
||||||
|
-]
|
||||||
|
-
|
||||||
|
-IQuote(
|
||||||
|
- "{}/src/lib".format(OBJDIR),
|
||||||
|
- "{}/src/lib".format(SRCDIR),
|
||||||
|
-)
|
||||||
|
-
|
||||||
|
-if CONFIG["MZLA_SYSTEM_BOTAN"]:
|
||||||
|
- CXXFLAGS += CONFIG["MZLA_BOTAN_CFLAGS"]
|
||||||
|
-else:
|
||||||
|
- LOCAL_INCLUDES += ["!../botan/build/include"]
|
||||||
|
-
|
||||||
|
if CONFIG["MOZ_SYSTEM_ZLIB"]:
|
||||||
|
CXXFLAGS += CONFIG["MOZ_ZLIB_CFLAGS"]
|
||||||
|
else:
|
||||||
|
@@ -109,29 +128,16 @@ SOURCES += [
|
||||||
|
"src/common/time-utils.cpp",
|
||||||
|
"src/lib/crypto.cpp",
|
||||||
|
"src/lib/crypto/backend_version.cpp",
|
||||||
|
- "src/lib/crypto/bn.cpp",
|
||||||
|
"src/lib/crypto/cipher.cpp",
|
||||||
|
- "src/lib/crypto/cipher_botan.cpp",
|
||||||
|
- "src/lib/crypto/dsa.cpp",
|
||||||
|
- "src/lib/crypto/ec.cpp",
|
||||||
|
"src/lib/crypto/ec_curves.cpp",
|
||||||
|
- "src/lib/crypto/ecdh.cpp",
|
||||||
|
"src/lib/crypto/ecdh_utils.cpp",
|
||||||
|
- "src/lib/crypto/ecdsa.cpp",
|
||||||
|
- "src/lib/crypto/eddsa.cpp",
|
||||||
|
- "src/lib/crypto/elgamal.cpp",
|
||||||
|
- "src/lib/crypto/hash.cpp",
|
||||||
|
"src/lib/crypto/hash_common.cpp",
|
||||||
|
"src/lib/crypto/hash_sha1cd.cpp",
|
||||||
|
- "src/lib/crypto/mem.cpp",
|
||||||
|
"src/lib/crypto/mpi.cpp",
|
||||||
|
- "src/lib/crypto/rng.cpp",
|
||||||
|
- "src/lib/crypto/rsa.cpp",
|
||||||
|
"src/lib/crypto/s2k.cpp",
|
||||||
|
"src/lib/crypto/sha1cd/sha1.c",
|
||||||
|
"src/lib/crypto/sha1cd/ubc_check.c",
|
||||||
|
"src/lib/crypto/signatures.cpp",
|
||||||
|
- "src/lib/crypto/symmetric.cpp",
|
||||||
|
"src/lib/fingerprint.cpp",
|
||||||
|
"src/lib/generate-key.cpp",
|
||||||
|
"src/lib/json-utils.cpp",
|
||||||
|
@@ -159,4 +165,40 @@ SOURCES += [
|
||||||
|
"src/librepgp/stream-write.cpp",
|
||||||
|
]
|
||||||
|
|
||||||
|
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "botan":
|
||||||
|
+ SOURCES += [
|
||||||
|
+ "src/lib/crypto/bn.cpp",
|
||||||
|
+ "src/lib/crypto/cipher_botan.cpp",
|
||||||
|
+ "src/lib/crypto/dsa.cpp",
|
||||||
|
+ "src/lib/crypto/ec.cpp",
|
||||||
|
+ "src/lib/crypto/ecdh.cpp",
|
||||||
|
+ "src/lib/crypto/ecdsa.cpp",
|
||||||
|
+ "src/lib/crypto/eddsa.cpp",
|
||||||
|
+ "src/lib/crypto/elgamal.cpp",
|
||||||
|
+ "src/lib/crypto/hash.cpp",
|
||||||
|
+ "src/lib/crypto/mem.cpp",
|
||||||
|
+ "src/lib/crypto/rng.cpp",
|
||||||
|
+ "src/lib/crypto/rsa.cpp",
|
||||||
|
+ "src/lib/crypto/symmetric.cpp",
|
||||||
|
+ ]
|
||||||
|
+if CONFIG["MZLA_LIBRNP_BACKEND"] == "openssl":
|
||||||
|
+ SOURCES += [
|
||||||
|
+ "src/lib/crypto/bn_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/cipher_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/dl_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/dsa_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/ec_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/ecdh_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/ecdsa_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/eddsa_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/elgamal_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/hash_crc24.cpp",
|
||||||
|
+ "src/lib/crypto/hash_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/mem_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/rng_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/rsa_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/s2k_ossl.cpp",
|
||||||
|
+ "src/lib/crypto/symmetric_ossl.cpp",
|
||||||
|
+ ]
|
||||||
|
+
|
||||||
|
DIRS += ["src/rnp", "src/rnpkeys"]
|
49
SOURCES/D161895.diff
Normal file
49
SOURCES/D161895.diff
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
diff --git a/third_party/openpgp.configure b/third_party/openpgp.configure
|
||||||
|
--- a/third_party/openpgp.configure
|
||||||
|
+++ b/third_party/openpgp.configure
|
||||||
|
@@ -198,21 +198,27 @@
|
||||||
|
)
|
||||||
|
set_config("MZLA_BZIP2_CFLAGS", bzip2_flags.cflags)
|
||||||
|
set_config("MZLA_BZIP2_LIBS", bzip2_flags.ldflags)
|
||||||
|
|
||||||
|
# librnp crypto backend selection
|
||||||
|
+ @depends(target_is_linux)
|
||||||
|
+ def librnp_backend_choices(is_linux):
|
||||||
|
+ if is_linux:
|
||||||
|
+ return ("botan", "openssl")
|
||||||
|
+ else:
|
||||||
|
+ return ("botan",)
|
||||||
|
+
|
||||||
|
option("--with-librnp-backend",
|
||||||
|
- help="Build librnp with the selected backend: {botan, openssl}",
|
||||||
|
+ help="Build librnp with the selected backend",
|
||||||
|
+ choices=librnp_backend_choices,
|
||||||
|
+ nargs=1,
|
||||||
|
default="botan")
|
||||||
|
|
||||||
|
@depends("--with-librnp-backend")
|
||||||
|
def librnp_backend(backend):
|
||||||
|
- allowed = ("botan", "openssl")
|
||||||
|
- if backend[0] in allowed:
|
||||||
|
+ if backend:
|
||||||
|
return backend[0]
|
||||||
|
- else:
|
||||||
|
- die(f"Unsupported librnp backend {backend[0]}.")
|
||||||
|
|
||||||
|
set_config("MZLA_LIBRNP_BACKEND", librnp_backend)
|
||||||
|
|
||||||
|
@depends(librnp_backend)
|
||||||
|
def rnp_botan(backend):
|
||||||
|
@@ -273,10 +279,11 @@
|
||||||
|
set_config("MZLA_LIBRNP_OPENSSL_LIBS", openssl_flags.ldflags)
|
||||||
|
|
||||||
|
|
||||||
|
@depends(c_compiler, openssl_flags)
|
||||||
|
@imports(_from="textwrap", _import="dedent")
|
||||||
|
+ @imports(_from="__builtin__", _import="chr")
|
||||||
|
def openssl_version(compiler, openssl_flags):
|
||||||
|
log.info("Checking for OpenSSL >= 1.1.1")
|
||||||
|
if openssl_flags is None:
|
||||||
|
die("OpenSSL not found. Must be locatable with pkg-config or use --with-openssl.")
|
||||||
|
|
||||||
|
|
81
SOURCES/backport-rnp-0.16.2-to-esr102-a-bug-1753683.patch
Normal file
81
SOURCES/backport-rnp-0.16.2-to-esr102-a-bug-1753683.patch
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Daniel <daniel@thunderbird.net>
|
||||||
|
# Date 1658184582 0
|
||||||
|
# Mon Jul 18 22:49:42 2022 +0000
|
||||||
|
# Node ID 9998ed5c2bcee289b03828eba670053614fa26da
|
||||||
|
# Parent e572bc3cfa07492189aec439e98378b0811ae3bb
|
||||||
|
Bug 1753683 - Replace distutils (deprecated) with packaging. r=rjl
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D152123
|
||||||
|
|
||||||
|
diff --git a/comm/python/thirdroc/thirdroc/__init__.py b/comm/python/thirdroc/thirdroc/__init__.py
|
||||||
|
--- a/comm/python/thirdroc/thirdroc/__init__.py
|
||||||
|
+++ b/comm/python/thirdroc/thirdroc/__init__.py
|
||||||
|
@@ -3,11 +3,11 @@
|
||||||
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||||
|
|
||||||
|
from __future__ import print_function, absolute_import
|
||||||
|
|
||||||
|
import re
|
||||||
|
-from distutils.version import StrictVersion
|
||||||
|
+from packaging.version import parse
|
||||||
|
|
||||||
|
VTAG_RE = re.compile(r"^v\d+\.\d+\.\d+$")
|
||||||
|
|
||||||
|
|
||||||
|
def tag2version(tag):
|
||||||
|
@@ -22,16 +22,16 @@ def tag2version(tag):
|
||||||
|
raise Exception("Invalid tag {}".format(tag))
|
||||||
|
|
||||||
|
|
||||||
|
def get_latest_version(*versions):
|
||||||
|
"""
|
||||||
|
- Given a list of versions (that must parse with distutils.version.StrictVersion,
|
||||||
|
+ Given a list of versions (that must parse with packaging.version.parse),
|
||||||
|
return the latest/newest version.
|
||||||
|
:param list versions:
|
||||||
|
- :return StrictVersion:
|
||||||
|
+ :return Version:
|
||||||
|
"""
|
||||||
|
- version_list = [StrictVersion(tag2version(v)) for v in versions]
|
||||||
|
+ version_list = [parse(tag2version(v)) for v in versions]
|
||||||
|
version_list.sort()
|
||||||
|
return version_list[-1]
|
||||||
|
|
||||||
|
|
||||||
|
def latest_version(*versions):
|
||||||
|
diff --git a/comm/python/thirdroc/thirdroc/rnp.py b/comm/python/thirdroc/thirdroc/rnp.py
|
||||||
|
--- a/comm/python/thirdroc/thirdroc/rnp.py
|
||||||
|
+++ b/comm/python/thirdroc/thirdroc/rnp.py
|
||||||
|
@@ -6,11 +6,11 @@ from __future__ import absolute_import
|
||||||
|
|
||||||
|
import os
|
||||||
|
from io import StringIO
|
||||||
|
from datetime import date
|
||||||
|
import re
|
||||||
|
-from distutils.version import StrictVersion
|
||||||
|
+from packaging.version import parse
|
||||||
|
|
||||||
|
from mozbuild.preprocessor import Preprocessor
|
||||||
|
|
||||||
|
|
||||||
|
def rnp_source_update(rnp_root, version_str, revision, timestamp, bug_report):
|
||||||
|
@@ -21,14 +21,14 @@ def rnp_source_update(rnp_root, version_
|
||||||
|
:param string version_str: latest version
|
||||||
|
:param string revision: revision hash (short form)
|
||||||
|
:param float timestamp: UNIX timestamp from revision
|
||||||
|
:param string bug_report: where to report bugs for this RNP build
|
||||||
|
"""
|
||||||
|
- version = StrictVersion(version_str)
|
||||||
|
- version_major = version.version[0]
|
||||||
|
- version_minor = version.version[1]
|
||||||
|
- version_patch = version.version[2]
|
||||||
|
+ version = parse(version_str)
|
||||||
|
+ version_major = version.major
|
||||||
|
+ version_minor = version.minor
|
||||||
|
+ version_patch = version.micro
|
||||||
|
date_str = date.fromtimestamp(float(timestamp)).strftime("%Y%m%d")
|
||||||
|
revision_short = revision[:8]
|
||||||
|
version_full = "{}+git{}.{}.MZLA".format(version_str, date_str, revision_short)
|
||||||
|
|
||||||
|
defines = dict(
|
118
SOURCES/backport-rnp-0.16.2-to-esr102-b-bug-1790446.patch
Normal file
118
SOURCES/backport-rnp-0.16.2-to-esr102-b-bug-1790446.patch
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Rob Lemley <rob@thunderbird.net>
|
||||||
|
# Date 1662996130 0
|
||||||
|
# Mon Sep 12 15:22:10 2022 +0000
|
||||||
|
# Node ID 5dfb405f325609c62215f9d74e01dba029b84611
|
||||||
|
# Parent 9998ed5c2bcee289b03828eba670053614fa26da
|
||||||
|
Bug 1790446 - Stop rewriting RNP config.h.in when updating the source from upstream. r=dandarnell
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D157151
|
||||||
|
|
||||||
|
diff --git a/comm/python/thirdroc/thirdroc/rnp.py b/comm/python/thirdroc/thirdroc/rnp.py
|
||||||
|
--- a/comm/python/thirdroc/thirdroc/rnp.py
|
||||||
|
+++ b/comm/python/thirdroc/thirdroc/rnp.py
|
||||||
|
@@ -11,19 +11,18 @@ import re
|
||||||
|
from packaging.version import parse
|
||||||
|
|
||||||
|
from mozbuild.preprocessor import Preprocessor
|
||||||
|
|
||||||
|
|
||||||
|
-def rnp_source_update(rnp_root, version_str, revision, timestamp, bug_report):
|
||||||
|
+def rnp_source_update(rnp_root, version_str, revision, timestamp):
|
||||||
|
"""
|
||||||
|
Update RNP source files: generate version.h and mangle config.h.in
|
||||||
|
:param rnp_root:
|
||||||
|
:type rnp_root:
|
||||||
|
:param string version_str: latest version
|
||||||
|
:param string revision: revision hash (short form)
|
||||||
|
:param float timestamp: UNIX timestamp from revision
|
||||||
|
- :param string bug_report: where to report bugs for this RNP build
|
||||||
|
"""
|
||||||
|
version = parse(version_str)
|
||||||
|
version_major = version.major
|
||||||
|
version_minor = version.minor
|
||||||
|
version_patch = version.micro
|
||||||
|
@@ -36,20 +35,17 @@ def rnp_source_update(rnp_root, version_
|
||||||
|
RNP_VERSION_MINOR=version_minor,
|
||||||
|
RNP_VERSION_PATCH=version_patch,
|
||||||
|
RNP_VERSION=version_str,
|
||||||
|
RNP_VERSION_FULL=version_full,
|
||||||
|
RNP_VERSION_COMMIT_TIMESTAMP=str(timestamp),
|
||||||
|
- BUGREPORT_EMAIL=bug_report,
|
||||||
|
)
|
||||||
|
src_lib = os.path.join(rnp_root, "src", "lib")
|
||||||
|
version_h_in = os.path.join(src_lib, "version.h.in")
|
||||||
|
version_h = os.path.join(src_lib, "version.h")
|
||||||
|
- config_h_in = os.path.join(src_lib, "config.h.in")
|
||||||
|
readme_rnp = os.path.join(rnp_root, "..", "README.rnp")
|
||||||
|
|
||||||
|
generate_version_h(version_h_in, version_h, defines)
|
||||||
|
- mangle_config_h_in(config_h_in, defines)
|
||||||
|
update_readme(readme_rnp, revision)
|
||||||
|
|
||||||
|
|
||||||
|
def rnp_preprocess(tmpl, dest, defines):
|
||||||
|
"""
|
||||||
|
@@ -79,30 +75,10 @@ def generate_version_h(template, destina
|
||||||
|
with open(template) as tmpl:
|
||||||
|
with open(destination, "w") as dest:
|
||||||
|
rnp_preprocess(tmpl, dest, defines)
|
||||||
|
|
||||||
|
|
||||||
|
-def mangle_config_h_in(template, defines):
|
||||||
|
- """
|
||||||
|
- Mangle RNP's config.h.in so that it will work with CONFIGURE_DEFINE_FILES
|
||||||
|
- :param string template: path to config.h.in
|
||||||
|
- :param dict defines: result of get_defines()
|
||||||
|
- """
|
||||||
|
- with open(template) as tmpl:
|
||||||
|
- tmp_string = StringIO()
|
||||||
|
- rnp_preprocess(tmpl, tmp_string, defines)
|
||||||
|
-
|
||||||
|
- tmp_string.seek(0)
|
||||||
|
-
|
||||||
|
- with open(template, "w") as dest:
|
||||||
|
- for line in tmp_string:
|
||||||
|
- if line.startswith("#cmakedefine"):
|
||||||
|
- line = line.replace("#cmakedefine", "#undef")
|
||||||
|
- dest.write(line)
|
||||||
|
- dest.write("\n")
|
||||||
|
-
|
||||||
|
-
|
||||||
|
def update_readme(path, revision):
|
||||||
|
"""
|
||||||
|
Updates the commit hash in README.rnp
|
||||||
|
:param string path: Path to README.rnp
|
||||||
|
:param string revision: revision to insert
|
||||||
|
diff --git a/comm/third_party/update_rnp.sh b/comm/third_party/update_rnp.sh
|
||||||
|
--- a/comm/third_party/update_rnp.sh
|
||||||
|
+++ b/comm/third_party/update_rnp.sh
|
||||||
|
@@ -42,26 +42,23 @@ TAGLIST=$(git -C "${RNPgit}" tag --list
|
||||||
|
|
||||||
|
LATEST_VERSION=$($THIRDROC latest_version $TAGLIST)
|
||||||
|
REVISION=$(git -C "${RNPgit}" rev-parse --verify HEAD)
|
||||||
|
TIMESTAMP=$(git -C "${RNPgit}" show -s --format=%ct)
|
||||||
|
|
||||||
|
-BUGREPORT="https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"
|
||||||
|
-
|
||||||
|
# Cleanup rnp checkout
|
||||||
|
rm -rf ${RNPgit}/{.git,.github,.cirrus.yml,.clang-format,.gitignore}
|
||||||
|
rm -rf ${RNPgit}/{_config.yml,docker.sh,ci,cmake,git-hooks,travis.sh,vcpkg.txt}
|
||||||
|
rm -rf ${RNPgit}/{Brewfile,CMakeLists.txt,CMakeSettings.json}
|
||||||
|
|
||||||
|
# Do the switch
|
||||||
|
rm -rf rnp
|
||||||
|
mv "${RNPgit}" rnp
|
||||||
|
-# Build version.h/config.h.in
|
||||||
|
+# Build version.h
|
||||||
|
$THIRDROC rnp_source_update rnp/ \
|
||||||
|
"${LATEST_VERSION}" \
|
||||||
|
"${REVISION}" \
|
||||||
|
- "${TIMESTAMP}" \
|
||||||
|
- "${BUGREPORT}"
|
||||||
|
+ "${TIMESTAMP}"
|
||||||
|
|
||||||
|
# Restore moz.build
|
||||||
|
hg revert rnp/moz.build rnp/module.ver rnp/rnp.symbols rnp/src/lib/rnp/rnp_export.h \
|
||||||
|
rnp/src/rnp/moz.build rnp/src/rnpkeys/moz.build
|
||||||
|
|
185
SOURCES/backport-rnp-0.16.2-to-esr102-c-bug-1790446.patch
Normal file
185
SOURCES/backport-rnp-0.16.2-to-esr102-c-bug-1790446.patch
Normal file
@ -0,0 +1,185 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Rob Lemley <rob@thunderbird.net>
|
||||||
|
# Date 1662996529 0
|
||||||
|
# Mon Sep 12 15:28:49 2022 +0000
|
||||||
|
# Node ID c9e44c0a569253884961ad2e18fae23f5ed0f6dc
|
||||||
|
# Parent 5dfb405f325609c62215f9d74e01dba029b84611
|
||||||
|
Bug 1790446 - Add build script to preprocess CMake config.h templates. r=dandarnell
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Right now config.h.in is rewritten when the RNP source is updated.
|
||||||
|
This has caused problems when new lines are added to it.
|
||||||
|
|
||||||
|
Depends on D157151
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D157152
|
||||||
|
|
||||||
|
diff --git a/comm/python/rocbuild/process_cmake_define_files.py b/python/rocb/commuild/process_cmake_define_files.py
|
||||||
|
new file mode 100644
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/comm/python/rocbuild/process_cmake_define_files.py
|
||||||
|
@@ -0,0 +1,103 @@
|
||||||
|
+# This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
|
+# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||||
|
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||||
|
+
|
||||||
|
+from __future__ import absolute_import, print_function, unicode_literals
|
||||||
|
+
|
||||||
|
+import argparse
|
||||||
|
+import os
|
||||||
|
+import re
|
||||||
|
+import sys
|
||||||
|
+from buildconfig import topsrcdir, topobjdir
|
||||||
|
+from mozbuild.backend.configenvironment import PartialConfigEnvironment
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+def define_type(string):
|
||||||
|
+ vals = string.split("=", 1)
|
||||||
|
+ if len(vals) == 1:
|
||||||
|
+ vals.append(1)
|
||||||
|
+ elif vals[1].isdecimal():
|
||||||
|
+ vals[1] = int(vals[1])
|
||||||
|
+ return tuple(vals)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+def process_cmake_define_file(output, input_file, extra_defines):
|
||||||
|
+ """Creates the given config header. A config header is generated by
|
||||||
|
+ taking the corresponding source file and replacing some #define/#undef
|
||||||
|
+ occurences:
|
||||||
|
+ "#undef NAME" is turned into "#define NAME VALUE"
|
||||||
|
+ "#cmakedefine NAME" is turned into "#define NAME VALUE"
|
||||||
|
+ "#define NAME" is unchanged
|
||||||
|
+ "#define NAME ORIGINAL_VALUE" is turned into "#define NAME VALUE"
|
||||||
|
+ "#undef UNKNOWN_NAME" is turned into "/* #undef UNKNOWN_NAME */"
|
||||||
|
+ "#cmakedefine UNKNOWN_NAME" is turned into "/* #undef UNKNOWN_NAME */"
|
||||||
|
+ Whitespaces are preserved.
|
||||||
|
+ """
|
||||||
|
+
|
||||||
|
+ path = os.path.abspath(input_file)
|
||||||
|
+
|
||||||
|
+ config = PartialConfigEnvironment(topobjdir)
|
||||||
|
+
|
||||||
|
+ defines = dict(config.defines.iteritems())
|
||||||
|
+ defines.update(extra_defines)
|
||||||
|
+
|
||||||
|
+ with open(path, "r") as input_file:
|
||||||
|
+ r = re.compile(
|
||||||
|
+ r'^\s*#\s*(?P<cmd>[a-z]+)(?:\s+(?P<name>\S+)(?:\s+(?P<value>("[^"]+"|\S+)))?)?',
|
||||||
|
+ re.U,
|
||||||
|
+ )
|
||||||
|
+ for line in input_file:
|
||||||
|
+ m = r.match(line)
|
||||||
|
+ if m:
|
||||||
|
+ cmd = m.group("cmd")
|
||||||
|
+ name = m.group("name")
|
||||||
|
+ value = m.group("value")
|
||||||
|
+ if name:
|
||||||
|
+ if cmd == "define":
|
||||||
|
+ if value and name in defines:
|
||||||
|
+ line = (
|
||||||
|
+ line[: m.start("value")]
|
||||||
|
+ + str(defines[name])
|
||||||
|
+ + line[m.end("value") :]
|
||||||
|
+ )
|
||||||
|
+ elif cmd in ("undef", "cmakedefine"):
|
||||||
|
+ if name in defines:
|
||||||
|
+ line = (
|
||||||
|
+ line[: m.start("cmd")]
|
||||||
|
+ + "define"
|
||||||
|
+ + line[m.end("cmd") : m.end("name")]
|
||||||
|
+ + " "
|
||||||
|
+ + str(defines[name])
|
||||||
|
+ + line[m.end("name") :]
|
||||||
|
+ )
|
||||||
|
+ else:
|
||||||
|
+ line = (
|
||||||
|
+ "/* #undef "
|
||||||
|
+ + line[m.start("name") : m.end("name")]
|
||||||
|
+ + " */"
|
||||||
|
+ + line[m.end("name") :]
|
||||||
|
+ )
|
||||||
|
+
|
||||||
|
+ output.write(line)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+def main(output, *argv):
|
||||||
|
+ parser = argparse.ArgumentParser(description="Process define files.")
|
||||||
|
+
|
||||||
|
+ parser.add_argument("input", help="Input define file.")
|
||||||
|
+ parser.add_argument(
|
||||||
|
+ "-D",
|
||||||
|
+ type=define_type,
|
||||||
|
+ action="append",
|
||||||
|
+ dest="extra_defines",
|
||||||
|
+ default=[],
|
||||||
|
+ help="Additional defines not set at configure time.",
|
||||||
|
+ )
|
||||||
|
+
|
||||||
|
+ args = parser.parse_args(argv)
|
||||||
|
+
|
||||||
|
+ return process_cmake_define_file(output, args.input, args.extra_defines)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+if __name__ == "__main__":
|
||||||
|
+ sys.exit(main(*sys.argv))
|
||||||
|
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
||||||
|
--- a/comm/third_party/rnp/moz.build
|
||||||
|
+++ b/comm/third_party/rnp/moz.build
|
||||||
|
@@ -34,19 +34,27 @@ COMPILE_FLAGS["WARNINGS_CFLAGS"] += [
|
||||||
|
if CONFIG["CC_TYPE"] == "clang-cl":
|
||||||
|
CXXFLAGS += [
|
||||||
|
"/EHs",
|
||||||
|
]
|
||||||
|
|
||||||
|
-DEFINES["_GNU_SOURCE"] = True
|
||||||
|
-
|
||||||
|
-DEFINES["HAVE_BZLIB_H"] = True
|
||||||
|
-DEFINES["HAVE_ZLIB_H"] = True
|
||||||
|
-DEFINES["MOZ_RNP_DIST_INFO"] = rnp_dist_info
|
||||||
|
-
|
||||||
|
-CONFIGURE_DEFINE_FILES += [
|
||||||
|
+rnp_defines = {
|
||||||
|
+ "HAVE_BZLIB_H": True,
|
||||||
|
+ "HAVE_ZLIB_H": True,
|
||||||
|
+ "CRYPTO_BACKEND_BOTAN": True,
|
||||||
|
+ "ENABLE_AEAD": True,
|
||||||
|
+ "ENABLE_TWOFISH": True,
|
||||||
|
+ "ENABLE_BRAINPOOL": True,
|
||||||
|
+}
|
||||||
|
+GeneratedFile(
|
||||||
|
"src/lib/config.h",
|
||||||
|
-]
|
||||||
|
+ script="/comm/python/rocbuild/process_cmake_define_files.py",
|
||||||
|
+ inputs=["src/lib/config.h.in"],
|
||||||
|
+ flags=[
|
||||||
|
+ "-D%s=%s" % (k, "1" if v is True else v)
|
||||||
|
+ for k, v in rnp_defines.items()
|
||||||
|
+ ],
|
||||||
|
+)
|
||||||
|
|
||||||
|
LOCAL_INCLUDES = [
|
||||||
|
"include",
|
||||||
|
"src",
|
||||||
|
"src/common",
|
||||||
|
diff --git a/comm/third_party/rnpdefs.mozbuild b/third_party/rnpdefs.mozb/commuild
|
||||||
|
--- a/comm/third_party/rnpdefs.mozbuild
|
||||||
|
+++ b/comm/third_party/rnpdefs.mozbuild
|
||||||
|
@@ -16,17 +16,10 @@ rnp_dist_info = "{} {} rnp".format(
|
||||||
|
COMPILE_FLAGS["OS_CFLAGS"] = []
|
||||||
|
COMPILE_FLAGS["OS_CXXFLAGS"] = []
|
||||||
|
COMPILE_FLAGS["OS_INCLUDES"] = []
|
||||||
|
COMPILE_FLAGS["CLANG_PLUGIN"] = []
|
||||||
|
|
||||||
|
-DEFINES["RNP_NO_DEPRECATED"] = True
|
||||||
|
-DEFINES["CRYPTO_BACKEND_BOTAN"] = True
|
||||||
|
-DEFINES["ENABLE_AEAD"] = True
|
||||||
|
-DEFINES["ENABLE_TWOFISH"] = True
|
||||||
|
-DEFINES["ENABLE_BRAINPOOL"] = True
|
||||||
|
-
|
||||||
|
-
|
||||||
|
if CONFIG["COMPILE_ENVIRONMENT"]:
|
||||||
|
COMPILE_FLAGS["MOZ_HARDENING_CFLAGS"] = []
|
||||||
|
|
||||||
|
if CONFIG["CC_TYPE"] == "clang-cl":
|
||||||
|
CFLAGS += [
|
77
SOURCES/backport-rnp-0.16.2-to-esr102-d-bug-1790446.patch
Normal file
77
SOURCES/backport-rnp-0.16.2-to-esr102-d-bug-1790446.patch
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Rob Lemley <rob@thunderbird.net>
|
||||||
|
# Date 1662997034 0
|
||||||
|
# Mon Sep 12 15:37:14 2022 +0000
|
||||||
|
# Node ID 17dc6bb322b5d40299bba0a90d59c0593137d4f6
|
||||||
|
# Parent c9e44c0a569253884961ad2e18fae23f5ed0f6dc
|
||||||
|
Bug 1790446 - Get RNP version during configure and set in config.h. r=dandarnell
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Depends on D157152
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D157153
|
||||||
|
|
||||||
|
diff --git a/comm/third_party/openpgp.configure b/comm/third_party/openpgp.configure
|
||||||
|
--- a/comm/third_party/openpgp.configure
|
||||||
|
+++ b/comm/third_party/openpgp.configure
|
||||||
|
@@ -86,10 +86,42 @@ with only_when("--enable-compile-environ
|
||||||
|
set_config("MZLA_LIBRNP", depends_if(in_tree_librnp)(lambda _: True))
|
||||||
|
set_define("MZLA_LIBRNP", depends_if(in_tree_librnp)(lambda _: True))
|
||||||
|
|
||||||
|
|
||||||
|
with only_when(in_tree_librnp):
|
||||||
|
+
|
||||||
|
+ @depends(build_environment, c_compiler)
|
||||||
|
+ @imports(_from="textwrap", _import="dedent")
|
||||||
|
+ @imports(_from="os.path", _import="join")
|
||||||
|
+ def rnp_version_string(build_env, compiler):
|
||||||
|
+ log.info("Determining librnp version from version.h.")
|
||||||
|
+ include_path = join(
|
||||||
|
+ build_env.topsrcdir, "comm", "third_party", "rnp", "src", "lib"
|
||||||
|
+ )
|
||||||
|
+ check = dedent(
|
||||||
|
+ """\
|
||||||
|
+ #include "version.h"
|
||||||
|
+ RNP_VERSION_STRING_FULL
|
||||||
|
+ """
|
||||||
|
+ )
|
||||||
|
+ result = try_preprocess(
|
||||||
|
+ compiler.wrapper
|
||||||
|
+ + [compiler.compiler]
|
||||||
|
+ + compiler.flags
|
||||||
|
+ + ["-I", include_path],
|
||||||
|
+ "C",
|
||||||
|
+ check,
|
||||||
|
+ )
|
||||||
|
+ if result:
|
||||||
|
+ rnp_version = result.splitlines()[-1]
|
||||||
|
+ rnp_version = rnp_version.replace('"', "")
|
||||||
|
+ else:
|
||||||
|
+ raise FatalCheckError("Unable to determine RNP version string.")
|
||||||
|
+ return rnp_version
|
||||||
|
+
|
||||||
|
+ set_config("MZLA_LIBRNP_FULL_VERSION", rnp_version_string)
|
||||||
|
+
|
||||||
|
# JSON-C --with-system-json
|
||||||
|
system_lib_option(
|
||||||
|
"--with-system-jsonc",
|
||||||
|
help="Use system JSON-C for librnp (located with pkgconfig)",
|
||||||
|
)
|
||||||
|
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
||||||
|
--- a/comm/third_party/rnp/moz.build
|
||||||
|
+++ b/comm/third_party/rnp/moz.build
|
||||||
|
@@ -41,10 +41,12 @@ rnp_defines = {
|
||||||
|
"HAVE_ZLIB_H": True,
|
||||||
|
"CRYPTO_BACKEND_BOTAN": True,
|
||||||
|
"ENABLE_AEAD": True,
|
||||||
|
"ENABLE_TWOFISH": True,
|
||||||
|
"ENABLE_BRAINPOOL": True,
|
||||||
|
+ "PACKAGE_BUGREPORT": '"https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"',
|
||||||
|
+ "PACKAGE_STRING": '"rnp {}"'.format(CONFIG["MZLA_LIBRNP_FULL_VERSION"])
|
||||||
|
}
|
||||||
|
GeneratedFile(
|
||||||
|
"src/lib/config.h",
|
||||||
|
script="/comm/python/rocbuild/process_cmake_define_files.py",
|
||||||
|
inputs=["src/lib/config.h.in"],
|
58
SOURCES/backport-rnp-0.16.2-to-esr102-e-bug-1790116.patch
Normal file
58
SOURCES/backport-rnp-0.16.2-to-esr102-e-bug-1790116.patch
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Rob Lemley <rob@thunderbird.net>
|
||||||
|
# Date 1663866047 14400
|
||||||
|
# Thu Sep 22 13:00:47 2022 -0400
|
||||||
|
# Node ID 8c718243f4e83fc18dfc88bf5d817c5c18f13937
|
||||||
|
# Parent 17dc6bb322b5d40299bba0a90d59c0593137d4f6
|
||||||
|
Bug 1790116 - update_rnp.sh changes for RNP v0.16.2. r=kaie
|
||||||
|
|
||||||
|
The changes in bug_1768424.patch are now included upstream in
|
||||||
|
https://github.com/rnpgp/rnp/commit/ac6f58ef7ccea270b735b53f87da2c3ca5b34290.
|
||||||
|
|
||||||
|
bug_1763641.patch removed per bug 1790116 comment 26.
|
||||||
|
|
||||||
|
disable_obsolete_ciphers.patch no longer needed, use security rules instead.
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D157010
|
||||||
|
|
||||||
|
diff --git a/comm/third_party/update_rnp.sh b/comm/third_party/update_rnp.sh
|
||||||
|
--- a/comm/third_party/update_rnp.sh
|
||||||
|
+++ b/comm/third_party/update_rnp.sh
|
||||||
|
@@ -43,11 +43,11 @@ TAGLIST=$(git -C "${RNPgit}" tag --list
|
||||||
|
LATEST_VERSION=$($THIRDROC latest_version $TAGLIST)
|
||||||
|
REVISION=$(git -C "${RNPgit}" rev-parse --verify HEAD)
|
||||||
|
TIMESTAMP=$(git -C "${RNPgit}" show -s --format=%ct)
|
||||||
|
|
||||||
|
# Cleanup rnp checkout
|
||||||
|
-rm -rf ${RNPgit}/{.git,.github,.cirrus.yml,.clang-format,.gitignore}
|
||||||
|
+rm -rf ${RNPgit}/{.git,.github,.cirrus.yml,.clang-format,.gitignore,.codespellrc}
|
||||||
|
rm -rf ${RNPgit}/{_config.yml,docker.sh,ci,cmake,git-hooks,travis.sh,vcpkg.txt}
|
||||||
|
rm -rf ${RNPgit}/{Brewfile,CMakeLists.txt,CMakeSettings.json}
|
||||||
|
|
||||||
|
# Do the switch
|
||||||
|
rm -rf rnp
|
||||||
|
@@ -60,17 +60,17 @@ mv "${RNPgit}" rnp
|
||||||
|
|
||||||
|
# Restore moz.build
|
||||||
|
hg revert rnp/moz.build rnp/module.ver rnp/rnp.symbols rnp/src/lib/rnp/rnp_export.h \
|
||||||
|
rnp/src/rnp/moz.build rnp/src/rnpkeys/moz.build
|
||||||
|
|
||||||
|
-# Reapply Thunderbird patch to disable obsolete ciphers
|
||||||
|
-PATCH_FILES=("patches/rnp/disable_obsolete_ciphers.patch" \
|
||||||
|
- "patches/rnp/bug_1763641.patch" \
|
||||||
|
- "patches/rnp/bug_1768424.patch")
|
||||||
|
-for PATCH_FILE in "${PATCH_FILES[@]}"; do
|
||||||
|
- patch -p2 -i "${PATCH_FILE}" -N -r "${MY_TEMP_DIR}/${PATCH_FILE}.rej"
|
||||||
|
-done
|
||||||
|
+# Patch librnp - currently not needed
|
||||||
|
+#PATCH_FILES=("patches/rnp/disable_obsolete_ciphers.patch")
|
||||||
|
+#for PATCH_FILE in "${PATCH_FILES[@]}"; do
|
||||||
|
+# # shellcheck disable=SC2086
|
||||||
|
+# echo "Applying patch $(basename ${PATCH_FILE})"
|
||||||
|
+# patch -p2 -i "${PATCH_FILE}" -N -r "${MY_TEMP_DIR}/${PATCH_FILE}.rej"
|
||||||
|
+#done
|
||||||
|
|
||||||
|
# Patch sometimes creates backup files that are not wanted.
|
||||||
|
find rnp -name '*.orig' -exec rm -f '{}' \;
|
||||||
|
|
||||||
|
rm -rf "${MY_TEMP_DIR}"
|
34760
SOURCES/backport-rnp-0.16.2-to-esr102-f-bug-1790116.patch
Normal file
34760
SOURCES/backport-rnp-0.16.2-to-esr102-f-bug-1790116.patch
Normal file
File diff suppressed because one or more lines are too long
77
SOURCES/backport-rnp-0.16.2-to-esr102-g-bug-1790116.patch
Normal file
77
SOURCES/backport-rnp-0.16.2-to-esr102-g-bug-1790116.patch
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Rob Lemley <rob@thunderbird.net>
|
||||||
|
# Date 1663866531 14400
|
||||||
|
# Thu Sep 22 13:08:51 2022 -0400
|
||||||
|
# Node ID a863c22903a3fa4c71360920ed77ac31f1fa5d01
|
||||||
|
# Parent 3625a887f020a9a3cb3ad96e5107bfeacd54386e
|
||||||
|
Bug 1790116 - Update rnp_export.h. r=kaie
|
||||||
|
|
||||||
|
The CMake code that generates this file changed with RNP 0.16. The local copy
|
||||||
|
needs to be regenerated.
|
||||||
|
|
||||||
|
File generated with CMake using clang.
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D157053
|
||||||
|
|
||||||
|
diff --git a/comm/third_party/rnp/src/lib/rnp/rnp_export.h b/third_party/rnp/src/lib/comm/rnp/rnp_export.h
|
||||||
|
--- a/comm/third_party/rnp/src/lib/rnp/rnp_export.h
|
||||||
|
+++ b/comm/third_party/rnp/src/lib/rnp/rnp_export.h
|
||||||
|
@@ -1,42 +1,42 @@
|
||||||
|
|
||||||
|
-#ifndef RNP_API_H
|
||||||
|
-#define RNP_API_H
|
||||||
|
+#ifndef RNP_EXPORT
|
||||||
|
+#define RNP_EXPORT
|
||||||
|
|
||||||
|
#ifdef RNP_STATIC
|
||||||
|
# define RNP_API
|
||||||
|
-# define RNP_RNP_NO_EXPORT
|
||||||
|
+# define RNP_NO_EXPORT
|
||||||
|
#else
|
||||||
|
# ifndef RNP_API
|
||||||
|
# ifdef librnp_EXPORTS
|
||||||
|
/* We are building this library */
|
||||||
|
-# define RNP_API __attribute__((visibility("default")))
|
||||||
|
+# define RNP_API
|
||||||
|
# else
|
||||||
|
/* We are using this library */
|
||||||
|
-# define RNP_API __attribute__((visibility("default")))
|
||||||
|
+# define RNP_API
|
||||||
|
# endif
|
||||||
|
# endif
|
||||||
|
|
||||||
|
-# ifndef RNP_RNP_NO_EXPORT
|
||||||
|
-# define RNP_RNP_NO_EXPORT __attribute__((visibility("hidden")))
|
||||||
|
+# ifndef RNP_NO_EXPORT
|
||||||
|
+# define RNP_NO_EXPORT
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#ifndef RNP_RNP_DEPRECATED
|
||||||
|
-# define RNP_RNP_DEPRECATED __attribute__ ((__deprecated__))
|
||||||
|
+#ifndef RNP_DEPRECATED
|
||||||
|
+# define RNP_DEPRECATED __attribute__ ((__deprecated__))
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#ifndef RNP_RNP_DEPRECATED_EXPORT
|
||||||
|
-# define RNP_RNP_DEPRECATED_EXPORT RNP_API RNP_RNP_DEPRECATED
|
||||||
|
+#ifndef RNP_DEPRECATED_EXPORT
|
||||||
|
+# define RNP_DEPRECATED_EXPORT RNP_API RNP_DEPRECATED
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#ifndef RNP_RNP_DEPRECATED_NO_EXPORT
|
||||||
|
-# define RNP_RNP_DEPRECATED_NO_EXPORT RNP_RNP_NO_EXPORT RNP_RNP_DEPRECATED
|
||||||
|
+#ifndef RNP_DEPRECATED_NO_EXPORT
|
||||||
|
+# define RNP_DEPRECATED_NO_EXPORT RNP_NO_EXPORT RNP_DEPRECATED
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if 0 /* DEFINE_NO_DEPRECATED */
|
||||||
|
-# ifndef RNP_RNP_NO_DEPRECATED
|
||||||
|
-# define RNP_RNP_NO_DEPRECATED
|
||||||
|
+# ifndef RNP_NO_DEPRECATED
|
||||||
|
+# define RNP_NO_DEPRECATED
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#endif /* RNP_API_H */
|
||||||
|
+#endif /* RNP_EXPORT */
|
34
SOURCES/backport-rnp-0.16.2-to-esr102-h-bug-1790116.patch
Normal file
34
SOURCES/backport-rnp-0.16.2-to-esr102-h-bug-1790116.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Rob Lemley <rob@thunderbird.net>
|
||||||
|
# Date 1663866531 14400
|
||||||
|
# Thu Sep 22 13:08:51 2022 -0400
|
||||||
|
# Node ID 0798506e89ab0ad98d5826effe2087c2e2560d0b
|
||||||
|
# Parent a863c22903a3fa4c71360920ed77ac31f1fa5d01
|
||||||
|
Bug 1790116 - Do not compile SM2 crypto with librnp. r=kaie
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
The CMake configuration in rnp/src/lib/CMakeLists.txt does not include
|
||||||
|
src/lib/crypto/sm2.cpp unless ENABLE_SM2 is defined.
|
||||||
|
Thunderbird builds do not set ENABLE_SM2, so there's no need to build this
|
||||||
|
file.
|
||||||
|
|
||||||
|
Depends on D157053
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D157154
|
||||||
|
|
||||||
|
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
||||||
|
--- a/comm/third_party/rnp/moz.build
|
||||||
|
+++ b/comm/third_party/rnp/moz.build
|
||||||
|
@@ -128,11 +128,10 @@ SOURCES += [
|
||||||
|
"src/lib/crypto/s2k.cpp",
|
||||||
|
"src/lib/crypto/sha1cd/hash_sha1cd.cpp",
|
||||||
|
"src/lib/crypto/sha1cd/sha1.c",
|
||||||
|
"src/lib/crypto/sha1cd/ubc_check.c",
|
||||||
|
"src/lib/crypto/signatures.cpp",
|
||||||
|
- "src/lib/crypto/sm2.cpp",
|
||||||
|
"src/lib/crypto/symmetric.cpp",
|
||||||
|
"src/lib/fingerprint.cpp",
|
||||||
|
"src/lib/generate-key.cpp",
|
||||||
|
"src/lib/json-utils.cpp",
|
||||||
|
"src/lib/key-provider.cpp",
|
262
SOURCES/backport-rnp-0.16.2-to-esr102-i-bug-1790116.patch
Normal file
262
SOURCES/backport-rnp-0.16.2-to-esr102-i-bug-1790116.patch
Normal file
@ -0,0 +1,262 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Rob Lemley <rob@thunderbird.net>
|
||||||
|
# Date 1663866557 14400
|
||||||
|
# Thu Sep 22 13:09:17 2022 -0400
|
||||||
|
# Node ID 121afb4ed9b0e282cf6690736ffadf1498578434
|
||||||
|
# Parent 0798506e89ab0ad98d5826effe2087c2e2560d0b
|
||||||
|
Bug 1790116 - mozbuild changes for RNP v0.16.2. r=kaie
|
||||||
|
hash_sha1cd.cpp moved up to its parent directory.
|
||||||
|
|
||||||
|
ENABLE_IDEA needs to be set to keep support enabled.
|
||||||
|
https://github.com/rnpgp/rnp/commit/17972d0238919d4abf88b04debce95844be4716d
|
||||||
|
|
||||||
|
Update rnp_symbols.py to not include deprecated functions.
|
||||||
|
Added new symbols to rnp.symbols for export.
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D157012
|
||||||
|
|
||||||
|
diff --git a/comm/python/thirdroc/thirdroc/rnp_symbols.py b/python/thirdroc/thirdroc/rnp_symb/commols.py
|
||||||
|
--- a/comm/python/thirdroc/thirdroc/rnp_symbols.py
|
||||||
|
+++ b/comm/python/thirdroc/thirdroc/rnp_symbols.py
|
||||||
|
@@ -14,30 +14,75 @@ the third_party/rnp/include/rnp/rnp.h fo
|
||||||
|
Also note that APIs that are marked deprecated are not checked for.
|
||||||
|
|
||||||
|
Dependencies: Only Python 3
|
||||||
|
|
||||||
|
Running:
|
||||||
|
- python3 rnp_symbols.py
|
||||||
|
+ python3 rnp_symbols.py [-h] [rnp.h path] [rnp.symbols path]
|
||||||
|
|
||||||
|
-Output will be on stdout, this is to give the developer the opportunity to compare the old and
|
||||||
|
-new versions and check for accuracy.
|
||||||
|
+Both file path arguments are optional. By default, the header file will be
|
||||||
|
+read from "comm/third_party/rnp/include/rnp/rnp.h" and the symbols file will
|
||||||
|
+be written to "comm/third_party/rnp/rnp.symbols".
|
||||||
|
+
|
||||||
|
+Path arguments are relative to the current working directory, the defaults
|
||||||
|
+will be determined based on the location of this script.
|
||||||
|
+
|
||||||
|
+Either path argument can be '-' to use stdin or stdout respectively.
|
||||||
|
"""
|
||||||
|
|
||||||
|
-from __future__ import absolute_import, print_function
|
||||||
|
-
|
||||||
|
+import argparse
|
||||||
|
import sys
|
||||||
|
import os
|
||||||
|
import re
|
||||||
|
|
||||||
|
HERE = os.path.dirname(__file__)
|
||||||
|
TOPSRCDIR = os.path.abspath(os.path.join(HERE, "../../../../"))
|
||||||
|
-RNPSRCDIR = os.path.join(TOPSRCDIR, "comm/third_party/rnp")
|
||||||
|
+THIRD_SRCDIR = os.path.join(TOPSRCDIR, "comm/third_party")
|
||||||
|
+HEADER_FILE_REL = "rnp/include/rnp/rnp.h"
|
||||||
|
+HEADER_FILE = os.path.join(THIRD_SRCDIR, HEADER_FILE_REL)
|
||||||
|
+SYMBOLS_FILE_REL = "rnp/rnp.symbols"
|
||||||
|
+SYMBOLS_FILE = os.path.join(THIRD_SRCDIR, SYMBOLS_FILE_REL)
|
||||||
|
|
||||||
|
|
||||||
|
FUNC_DECL_RE = re.compile(r"^RNP_API\s+.*?([a-zA-Z0-9_]+)\(.*$")
|
||||||
|
|
||||||
|
|
||||||
|
+class FileArg:
|
||||||
|
+ """Based on argparse.FileType from the Python standard library.
|
||||||
|
+ Modified to not open the filehandles until the open() method is
|
||||||
|
+ called.
|
||||||
|
+ """
|
||||||
|
+
|
||||||
|
+ def __init__(self, mode="r"):
|
||||||
|
+ self._mode = mode
|
||||||
|
+ self._fp = None
|
||||||
|
+ self._file = None
|
||||||
|
+
|
||||||
|
+ def __call__(self, string):
|
||||||
|
+ # the special argument "-" means sys.std{in,out}
|
||||||
|
+ if string == "-":
|
||||||
|
+ if "r" in self._mode:
|
||||||
|
+ self._fp = sys.stdin.buffer if "b" in self._mode else sys.stdin
|
||||||
|
+ elif "w" in self._mode:
|
||||||
|
+ self._fp = sys.stdout.buffer if "b" in self._mode else sys.stdout
|
||||||
|
+ else:
|
||||||
|
+ raise ValueError(f"Invalid mode {self._mode} for stdin/stdout")
|
||||||
|
+ else:
|
||||||
|
+ if "r" in self._mode:
|
||||||
|
+ if not os.path.isfile(string):
|
||||||
|
+ raise ValueError(f"Cannot read file {string}, does not exist.")
|
||||||
|
+ elif "w" in self._mode:
|
||||||
|
+ if not os.access(string, os.W_OK):
|
||||||
|
+ raise ValueError(f"Cannot write file {string}, permission denied.")
|
||||||
|
+ self._file = string
|
||||||
|
+ return self
|
||||||
|
+
|
||||||
|
+ def open(self):
|
||||||
|
+ if self._fp:
|
||||||
|
+ return self._fp
|
||||||
|
+ return open(self._file, self._mode)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
def get_func_name(line):
|
||||||
|
"""
|
||||||
|
Extract the function name from a RNP_API function declaration.
|
||||||
|
Examples:
|
||||||
|
RNP_API rnp_result_t rnp_enable_debug(const char *file);
|
||||||
|
@@ -46,24 +91,41 @@ def get_func_name(line):
|
||||||
|
"""
|
||||||
|
m = FUNC_DECL_RE.match(line)
|
||||||
|
return m.group(1)
|
||||||
|
|
||||||
|
|
||||||
|
-def extract_func_defs(filename):
|
||||||
|
+def extract_func_defs(filearg):
|
||||||
|
"""
|
||||||
|
Look for RNP_API in the header file to find the names of the symbols that should be exported
|
||||||
|
"""
|
||||||
|
- with open(filename) as fp:
|
||||||
|
+ with filearg.open() as fp:
|
||||||
|
for line in fp:
|
||||||
|
- if line.startswith("RNP_API"):
|
||||||
|
+ if line.startswith("RNP_API") and "RNP_DEPRECATED" not in line:
|
||||||
|
func_name = get_func_name(line)
|
||||||
|
yield func_name
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
- if len(sys.argv) > 1:
|
||||||
|
- FILENAME = sys.argv[1]
|
||||||
|
- else:
|
||||||
|
- FILENAME = os.path.join(RNPSRCDIR, "include/rnp/rnp.h")
|
||||||
|
+ parser = argparse.ArgumentParser(
|
||||||
|
+ description="Update rnp.symbols file from rnp.h",
|
||||||
|
+ epilog="To use stdin or stdout pass '-' for the argument.",
|
||||||
|
+ )
|
||||||
|
+ parser.add_argument(
|
||||||
|
+ "header_file",
|
||||||
|
+ default=HEADER_FILE,
|
||||||
|
+ type=FileArg("r"),
|
||||||
|
+ nargs="?",
|
||||||
|
+ help=f"input path to rnp.h header file (default: {HEADER_FILE_REL})",
|
||||||
|
+ )
|
||||||
|
+ parser.add_argument(
|
||||||
|
+ "symbols_file",
|
||||||
|
+ default=SYMBOLS_FILE,
|
||||||
|
+ type=FileArg("w"),
|
||||||
|
+ nargs="?",
|
||||||
|
+ help=f"output path to symbols file (default: {SYMBOLS_FILE_REL})",
|
||||||
|
+ )
|
||||||
|
|
||||||
|
- for f in sorted(list(extract_func_defs(FILENAME))):
|
||||||
|
- print(f)
|
||||||
|
+ args = parser.parse_args()
|
||||||
|
+
|
||||||
|
+ with args.symbols_file.open() as out_fp:
|
||||||
|
+ for symbol in sorted(list(extract_func_defs(args.header_file))):
|
||||||
|
+ out_fp.write(f"{symbol}\n")
|
||||||
|
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
||||||
|
--- a/comm/third_party/rnp/moz.build
|
||||||
|
+++ b/comm/third_party/rnp/moz.build
|
||||||
|
@@ -41,10 +41,11 @@ rnp_defines = {
|
||||||
|
"HAVE_ZLIB_H": True,
|
||||||
|
"CRYPTO_BACKEND_BOTAN": True,
|
||||||
|
"ENABLE_AEAD": True,
|
||||||
|
"ENABLE_TWOFISH": True,
|
||||||
|
"ENABLE_BRAINPOOL": True,
|
||||||
|
+ "ENABLE_IDEA": True,
|
||||||
|
"PACKAGE_BUGREPORT": '"https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"',
|
||||||
|
"PACKAGE_STRING": '"rnp {}"'.format(CONFIG["MZLA_LIBRNP_FULL_VERSION"])
|
||||||
|
}
|
||||||
|
GeneratedFile(
|
||||||
|
"src/lib/config.h",
|
||||||
|
@@ -119,16 +120,16 @@ SOURCES += [
|
||||||
|
"src/lib/crypto/ecdsa.cpp",
|
||||||
|
"src/lib/crypto/eddsa.cpp",
|
||||||
|
"src/lib/crypto/elgamal.cpp",
|
||||||
|
"src/lib/crypto/hash.cpp",
|
||||||
|
"src/lib/crypto/hash_common.cpp",
|
||||||
|
+ "src/lib/crypto/hash_sha1cd.cpp",
|
||||||
|
"src/lib/crypto/mem.cpp",
|
||||||
|
"src/lib/crypto/mpi.cpp",
|
||||||
|
"src/lib/crypto/rng.cpp",
|
||||||
|
"src/lib/crypto/rsa.cpp",
|
||||||
|
"src/lib/crypto/s2k.cpp",
|
||||||
|
- "src/lib/crypto/sha1cd/hash_sha1cd.cpp",
|
||||||
|
"src/lib/crypto/sha1cd/sha1.c",
|
||||||
|
"src/lib/crypto/sha1cd/ubc_check.c",
|
||||||
|
"src/lib/crypto/signatures.cpp",
|
||||||
|
"src/lib/crypto/symmetric.cpp",
|
||||||
|
"src/lib/fingerprint.cpp",
|
||||||
|
diff --git a/comm/third_party/rnp/rnp.symbols b/third_party/rnp/rnp.symb/commols
|
||||||
|
--- a/comm/third_party/rnp/rnp.symbols
|
||||||
|
+++ b/comm/third_party/rnp/rnp.symbols
|
||||||
|
@@ -37,10 +37,11 @@ rnp_import_keys
|
||||||
|
rnp_import_signatures
|
||||||
|
rnp_input_destroy
|
||||||
|
rnp_input_from_callback
|
||||||
|
rnp_input_from_memory
|
||||||
|
rnp_input_from_path
|
||||||
|
+rnp_input_from_stdin
|
||||||
|
rnp_key_25519_bits_tweak
|
||||||
|
rnp_key_25519_bits_tweaked
|
||||||
|
rnp_key_add_uid
|
||||||
|
rnp_key_allows_usage
|
||||||
|
rnp_key_export
|
||||||
|
@@ -75,10 +76,11 @@ rnp_key_get_uid_count
|
||||||
|
rnp_key_get_uid_handle_at
|
||||||
|
rnp_key_handle_destroy
|
||||||
|
rnp_key_have_public
|
||||||
|
rnp_key_have_secret
|
||||||
|
rnp_key_is_compromised
|
||||||
|
+rnp_key_is_expired
|
||||||
|
rnp_key_is_locked
|
||||||
|
rnp_key_is_primary
|
||||||
|
rnp_key_is_protected
|
||||||
|
rnp_key_is_retired
|
||||||
|
rnp_key_is_revoked
|
||||||
|
@@ -112,10 +114,11 @@ rnp_op_encrypt_set_cipher
|
||||||
|
rnp_op_encrypt_set_compression
|
||||||
|
rnp_op_encrypt_set_creation_time
|
||||||
|
rnp_op_encrypt_set_expiration_time
|
||||||
|
rnp_op_encrypt_set_file_mtime
|
||||||
|
rnp_op_encrypt_set_file_name
|
||||||
|
+rnp_op_encrypt_set_flags
|
||||||
|
rnp_op_encrypt_set_hash
|
||||||
|
rnp_op_generate_add_pref_cipher
|
||||||
|
rnp_op_generate_add_pref_compression
|
||||||
|
rnp_op_generate_add_pref_hash
|
||||||
|
rnp_op_generate_add_usage
|
||||||
|
@@ -169,10 +172,11 @@ rnp_op_verify_get_signature_at
|
||||||
|
rnp_op_verify_get_signature_count
|
||||||
|
rnp_op_verify_get_symenc_at
|
||||||
|
rnp_op_verify_get_symenc_count
|
||||||
|
rnp_op_verify_get_used_recipient
|
||||||
|
rnp_op_verify_get_used_symenc
|
||||||
|
+rnp_op_verify_set_flags
|
||||||
|
rnp_op_verify_signature_get_handle
|
||||||
|
rnp_op_verify_signature_get_hash
|
||||||
|
rnp_op_verify_signature_get_key
|
||||||
|
rnp_op_verify_signature_get_status
|
||||||
|
rnp_op_verify_signature_get_times
|
||||||
|
@@ -185,21 +189,24 @@ rnp_output_to_armor
|
||||||
|
rnp_output_to_callback
|
||||||
|
rnp_output_to_file
|
||||||
|
rnp_output_to_memory
|
||||||
|
rnp_output_to_null
|
||||||
|
rnp_output_to_path
|
||||||
|
+rnp_output_to_stdout
|
||||||
|
rnp_output_write
|
||||||
|
rnp_recipient_get_alg
|
||||||
|
rnp_recipient_get_keyid
|
||||||
|
rnp_remove_security_rule
|
||||||
|
rnp_request_password
|
||||||
|
rnp_result_to_string
|
||||||
|
rnp_save_keys
|
||||||
|
+rnp_set_timestamp
|
||||||
|
rnp_signature_get_alg
|
||||||
|
rnp_signature_get_creation
|
||||||
|
rnp_signature_get_expiration
|
||||||
|
rnp_signature_get_hash_alg
|
||||||
|
+rnp_signature_get_key_fprint
|
||||||
|
rnp_signature_get_keyid
|
||||||
|
rnp_signature_get_signer
|
||||||
|
rnp_signature_get_type
|
||||||
|
rnp_signature_handle_destroy
|
||||||
|
rnp_signature_is_valid
|
32
SOURCES/backport-rnp-0.16.2-to-esr102-j-bug-1790662.patch
Normal file
32
SOURCES/backport-rnp-0.16.2-to-esr102-j-bug-1790662.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Rob Lemley <rob@thunderbird.net>
|
||||||
|
# Date 1663091141 0
|
||||||
|
# Tue Sep 13 17:45:41 2022 +0000
|
||||||
|
# Node ID fbc2cf15893e40959b04d22c9efa4d424aeb5c4f
|
||||||
|
# Parent 121afb4ed9b0e282cf6690736ffadf1498578434
|
||||||
|
Bug 1790662 - Update librnp compiler include path for new location of json-c's json.h r=dandarnell
|
||||||
|
|
||||||
|
|
||||||
|
json.h from json-c is now a preprocessed file and is found in the object directory
|
||||||
|
rather than the source directory.
|
||||||
|
|
||||||
|
Depends on D157961
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D157962
|
||||||
|
|
||||||
|
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
||||||
|
--- a/comm/third_party/rnp/moz.build
|
||||||
|
+++ b/comm/third_party/rnp/moz.build
|
||||||
|
@@ -81,11 +81,11 @@ else:
|
||||||
|
|
||||||
|
if CONFIG["MZLA_SYSTEM_JSONC"]:
|
||||||
|
CXXFLAGS += CONFIG["MZLA_JSONC_CFLAGS"]
|
||||||
|
else:
|
||||||
|
IQuote("{}/../json-c".format(OBJDIR))
|
||||||
|
- LOCAL_INCLUDES += ["../json-c"]
|
||||||
|
+ LOCAL_INCLUDES += ["!../json-c", "../json-c"]
|
||||||
|
|
||||||
|
if CONFIG["MZLA_SYSTEM_BZIP2"]:
|
||||||
|
CXXFLAGS += CONFIG["MZLA_BZIP2_CFLAGS"]
|
||||||
|
else:
|
||||||
|
LOCAL_INCLUDES += ["../bzip2"]
|
3188
SOURCES/backport-rnp-0.16.2-to-esr102-k-bug-1790662.patch
Normal file
3188
SOURCES/backport-rnp-0.16.2-to-esr102-k-bug-1790662.patch
Normal file
File diff suppressed because it is too large
Load Diff
450
SOURCES/backport-rnp-0.16.2-to-esr102-l-bug-1791195.patch
Normal file
450
SOURCES/backport-rnp-0.16.2-to-esr102-l-bug-1791195.patch
Normal file
@ -0,0 +1,450 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Kai Engert <kaie@kuix.de>
|
||||||
|
# Date 1666897160 -7200
|
||||||
|
# Thu Oct 27 20:59:20 2022 +0200
|
||||||
|
# Node ID af0b1f5e4c7710f824c6141103e516ca60bc78aa
|
||||||
|
# Parent adfbf6378df82c8b2e087427a48ddc5cbe13aadd
|
||||||
|
Bug 1791195 - Add RNP security rules to obsolete our patches to RNP. r=mkmelin,o.nickolay
|
||||||
|
|
||||||
|
diff --git a/comm/mail/extensions/openpgp/content/modules/RNP.jsm b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
||||||
|
--- a/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
||||||
|
+++ b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
||||||
|
@@ -1863,12 +1863,12 @@ var RNP = {
|
||||||
|
|
||||||
|
if (keyBlockStr.length > RNP.maxImportKeyBlockSize) {
|
||||||
|
throw new Error("rejecting big keyblock");
|
||||||
|
}
|
||||||
|
|
||||||
|
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||||
|
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||||
|
+ let tempFFI = RNPLib.prepare_ffi();
|
||||||
|
+ if (!tempFFI) {
|
||||||
|
throw new Error("Couldn't initialize librnp.");
|
||||||
|
}
|
||||||
|
|
||||||
|
let pubKey;
|
||||||
|
if (!this.importToFFI(tempFFI, keyBlockStr, true, false, permissive)) {
|
||||||
|
@@ -1892,12 +1892,12 @@ var RNP = {
|
||||||
|
|
||||||
|
if (keyBlockStr.length > RNP.maxImportKeyBlockSize) {
|
||||||
|
throw new Error("rejecting big keyblock");
|
||||||
|
}
|
||||||
|
|
||||||
|
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||||
|
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||||
|
+ let tempFFI = RNPLib.prepare_ffi();
|
||||||
|
+ if (!tempFFI) {
|
||||||
|
throw new Error("Couldn't initialize librnp.");
|
||||||
|
}
|
||||||
|
|
||||||
|
let keyList = null;
|
||||||
|
if (!this.importToFFI(tempFFI, keyBlockStr, pubkey, seckey, permissive)) {
|
||||||
|
@@ -1929,12 +1929,12 @@ var RNP = {
|
||||||
|
async mergePublicKeyBlocks(fingerprint, ...keyBlocks) {
|
||||||
|
if (keyBlocks.some(b => b.length > RNP.maxImportKeyBlockSize)) {
|
||||||
|
throw new Error("keyBlock too big");
|
||||||
|
}
|
||||||
|
|
||||||
|
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||||
|
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||||
|
+ let tempFFI = RNPLib.prepare_ffi();
|
||||||
|
+ if (!tempFFI) {
|
||||||
|
throw new Error("Couldn't initialize librnp.");
|
||||||
|
}
|
||||||
|
|
||||||
|
const pubkey = true;
|
||||||
|
const seckey = false;
|
||||||
|
@@ -2067,12 +2067,12 @@ var RNP = {
|
||||||
|
let result = {};
|
||||||
|
result.exitCode = -1;
|
||||||
|
result.importedKeys = [];
|
||||||
|
result.errorMsg = "";
|
||||||
|
|
||||||
|
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||||
|
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||||
|
+ let tempFFI = RNPLib.prepare_ffi();
|
||||||
|
+ if (!tempFFI) {
|
||||||
|
throw new Error("Couldn't initialize librnp.");
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: check result
|
||||||
|
if (this.importToFFI(tempFFI, keyBlockStr, pubkey, seckey, permissive)) {
|
||||||
|
@@ -3115,12 +3115,12 @@ var RNP = {
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
export_pubkey_strip_sigs_uids(expKey, keepUserIDs, out_binary) {
|
||||||
|
let expKeyId = this.getKeyIDFromHandle(expKey);
|
||||||
|
|
||||||
|
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||||
|
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||||
|
+ let tempFFI = RNPLib.prepare_ffi();
|
||||||
|
+ if (!tempFFI) {
|
||||||
|
throw new Error("Couldn't initialize librnp.");
|
||||||
|
}
|
||||||
|
|
||||||
|
let exportFlags =
|
||||||
|
RNPLib.RNP_KEY_EXPORT_SUBKEYS | RNPLib.RNP_KEY_EXPORT_PUBLIC;
|
||||||
|
@@ -3399,12 +3399,12 @@ var RNP = {
|
||||||
|
))
|
||||||
|
) {
|
||||||
|
throw new Error("rnp_output_to_armor failed:" + rv);
|
||||||
|
}
|
||||||
|
|
||||||
|
- let tempFFI = new RNPLib.rnp_ffi_t();
|
||||||
|
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
||||||
|
+ let tempFFI = RNPLib.prepare_ffi();
|
||||||
|
+ if (!tempFFI) {
|
||||||
|
throw new Error("Couldn't initialize librnp.");
|
||||||
|
}
|
||||||
|
|
||||||
|
let internalPassword = await OpenPGPMasterpass.retrieveOpenPGPPassword();
|
||||||
|
|
||||||
|
diff --git a/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm b/mail/extensions/openpgp/content/modules/RNPLib/comm.jsm
|
||||||
|
--- a/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm
|
||||||
|
+++ b/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm
|
||||||
|
@@ -13,11 +13,11 @@ XPCOMUtils.defineLazyModuleGetters(this,
|
||||||
|
OpenPGPMasterpass: "chrome://openpgp/content/modules/masterpass.jsm",
|
||||||
|
Services: "resource://gre/modules/Services.jsm",
|
||||||
|
setTimeout: "resource://gre/modules/Timer.jsm",
|
||||||
|
});
|
||||||
|
|
||||||
|
-const MIN_RNP_VERSION = [0, 16, 0];
|
||||||
|
+const MIN_RNP_VERSION = [0, 16, 2];
|
||||||
|
|
||||||
|
var systemOS = Services.appinfo.OS.toLowerCase();
|
||||||
|
var abi = ctypes.default_abi;
|
||||||
|
|
||||||
|
// Open librnp. Determine the path to the chrome directory and look for it
|
||||||
|
@@ -149,10 +149,12 @@ function enableRNPLibJS() {
|
||||||
|
// this must be delayed until after "librnp" is initialized
|
||||||
|
|
||||||
|
RNPLib = {
|
||||||
|
path: librnpPath,
|
||||||
|
|
||||||
|
+ // Handle to the RNP library and primary key data store.
|
||||||
|
+ // Kept at null if init fails.
|
||||||
|
ffi: null,
|
||||||
|
|
||||||
|
// returns rnp_input_t, destroy using rnp_input_destroy
|
||||||
|
async createInputFromPath(path) {
|
||||||
|
// IOUtils.read always returns an array.
|
||||||
|
@@ -265,13 +267,204 @@ function enableRNPLibJS() {
|
||||||
|
const min_version = this.rnp_version_for(...MIN_RNP_VERSION);
|
||||||
|
const this_version = this.rnp_version();
|
||||||
|
return Boolean(this_version >= min_version);
|
||||||
|
},
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * Prepare an RNP library handle, and in addition set all the
|
||||||
|
+ * application's preferences for library behavior.
|
||||||
|
+ *
|
||||||
|
+ * Other application code should NOT call rnp_ffi_create directly,
|
||||||
|
+ * but obtain an RNP library handle from this function.
|
||||||
|
+ */
|
||||||
|
+ prepare_ffi() {
|
||||||
|
+ let ffi = new rnp_ffi_t();
|
||||||
|
+ if (this._rnp_ffi_create(ffi.address(), "GPG", "GPG")) {
|
||||||
|
+ return null;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ // Treat MD5 as insecure.
|
||||||
|
+ if (
|
||||||
|
+ this.rnp_add_security_rule(
|
||||||
|
+ ffi,
|
||||||
|
+ this.RNP_FEATURE_HASH_ALG,
|
||||||
|
+ this.RNP_ALGNAME_MD5,
|
||||||
|
+ this.RNP_SECURITY_OVERRIDE,
|
||||||
|
+ 0,
|
||||||
|
+ this.RNP_SECURITY_INSECURE
|
||||||
|
+ )
|
||||||
|
+ ) {
|
||||||
|
+ return null;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ // Use RNP's default rule for SHA1 used with data signatures,
|
||||||
|
+ // and use our override to allow it for key signatures.
|
||||||
|
+ if (
|
||||||
|
+ this.rnp_add_security_rule(
|
||||||
|
+ ffi,
|
||||||
|
+ this.RNP_FEATURE_HASH_ALG,
|
||||||
|
+ this.RNP_ALGNAME_SHA1,
|
||||||
|
+ this.RNP_SECURITY_VERIFY_KEY | this.RNP_SECURITY_OVERRIDE,
|
||||||
|
+ 0,
|
||||||
|
+ this.RNP_SECURITY_DEFAULT
|
||||||
|
+ )
|
||||||
|
+ ) {
|
||||||
|
+ return null;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ // Security rules API does not yet support PK and SYMM algs.
|
||||||
|
+ //
|
||||||
|
+ // If a hash algorithm is already disabled at build time,
|
||||||
|
+ // and an attempt is made to set a security rule for that
|
||||||
|
+ // algorithm, then RNP returns a failure.
|
||||||
|
+ //
|
||||||
|
+ // Ideally, RNP should allow these calls (regardless of build time
|
||||||
|
+ // settings) to define an application security rule, that is
|
||||||
|
+ // independent of the configuration used for building the
|
||||||
|
+ // RNP library.
|
||||||
|
+
|
||||||
|
+ if (
|
||||||
|
+ this.rnp_add_security_rule(
|
||||||
|
+ ffi,
|
||||||
|
+ this.RNP_FEATURE_HASH_ALG,
|
||||||
|
+ this.RNP_ALGNAME_SM3,
|
||||||
|
+ this.RNP_SECURITY_OVERRIDE,
|
||||||
|
+ 0,
|
||||||
|
+ this.RNP_SECURITY_PROHIBITED
|
||||||
|
+ )
|
||||||
|
+ ) {
|
||||||
|
+ return null;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (
|
||||||
|
+ this.rnp_add_security_rule(
|
||||||
|
+ ffi,
|
||||||
|
+ this.RNP_FEATURE_PK_ALG,
|
||||||
|
+ this.RNP_ALGNAME_SM2,
|
||||||
|
+ this.RNP_SECURITY_OVERRIDE,
|
||||||
|
+ 0,
|
||||||
|
+ this.RNP_SECURITY_PROHIBITED
|
||||||
|
+ )
|
||||||
|
+ ) {
|
||||||
|
+ return null;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (
|
||||||
|
+ this.rnp_add_security_rule(
|
||||||
|
+ ffi,
|
||||||
|
+ this.RNP_FEATURE_SYMM_ALG,
|
||||||
|
+ this.RNP_ALGNAME_SM4,
|
||||||
|
+ this.RNP_SECURITY_OVERRIDE,
|
||||||
|
+ 0,
|
||||||
|
+ this.RNP_SECURITY_PROHIBITED
|
||||||
|
+ )
|
||||||
|
+ ) {
|
||||||
|
+ return null;
|
||||||
|
+ }
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ return ffi;
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * Test the correctness of security rules, in particular, test
|
||||||
|
+ * if the given hash algorithm is allowed at the given time.
|
||||||
|
+ *
|
||||||
|
+ * This is an application consistency test. If the behavior isn't
|
||||||
|
+ * according to the expectation, the function throws an error.
|
||||||
|
+ *
|
||||||
|
+ * @param {string} hashAlg - Test this hash algorithm
|
||||||
|
+ * @param {time_t} time - Test status at this timestamp
|
||||||
|
+ * @param {boolean} keySigAllowed - Test if using the hash algorithm
|
||||||
|
+ * is allowed for signatures found inside OpenPGP keys.
|
||||||
|
+ * @param {boolean} dataSigAllowed - Test if using the hash algorithm
|
||||||
|
+ * is allowed for signatures on data.
|
||||||
|
+ */
|
||||||
|
+ _confirmSecurityRule(hashAlg, time, keySigAllowed, dataSigAllowed) {
|
||||||
|
+ let level = new ctypes.uint32_t();
|
||||||
|
+ let flag = new ctypes.uint32_t();
|
||||||
|
+
|
||||||
|
+ flag.value = this.RNP_SECURITY_VERIFY_DATA;
|
||||||
|
+ let testDataSuccess = false;
|
||||||
|
+ if (
|
||||||
|
+ !RNPLib.rnp_get_security_rule(
|
||||||
|
+ this.ffi,
|
||||||
|
+ this.RNP_FEATURE_HASH_ALG,
|
||||||
|
+ hashAlg,
|
||||||
|
+ time,
|
||||||
|
+ flag.address(),
|
||||||
|
+ null,
|
||||||
|
+ level.address()
|
||||||
|
+ )
|
||||||
|
+ ) {
|
||||||
|
+ if (dataSigAllowed) {
|
||||||
|
+ testDataSuccess = level.value == RNPLib.RNP_SECURITY_DEFAULT;
|
||||||
|
+ } else {
|
||||||
|
+ testDataSuccess = level.value < RNPLib.RNP_SECURITY_DEFAULT;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!testDataSuccess) {
|
||||||
|
+ throw new Error("security configuration for data signatures failed");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ flag.value = this.RNP_SECURITY_VERIFY_KEY;
|
||||||
|
+ let testKeySuccess = false;
|
||||||
|
+ if (
|
||||||
|
+ !RNPLib.rnp_get_security_rule(
|
||||||
|
+ this.ffi,
|
||||||
|
+ this.RNP_FEATURE_HASH_ALG,
|
||||||
|
+ hashAlg,
|
||||||
|
+ time,
|
||||||
|
+ flag.address(),
|
||||||
|
+ null,
|
||||||
|
+ level.address()
|
||||||
|
+ )
|
||||||
|
+ ) {
|
||||||
|
+ if (keySigAllowed) {
|
||||||
|
+ testKeySuccess = level.value == RNPLib.RNP_SECURITY_DEFAULT;
|
||||||
|
+ } else {
|
||||||
|
+ testKeySuccess = level.value < RNPLib.RNP_SECURITY_DEFAULT;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!testKeySuccess) {
|
||||||
|
+ throw new Error("security configuration for key signatures failed");
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * Perform tests that the RNP library behaves according to the
|
||||||
|
+ * defined security rules.
|
||||||
|
+ * If a problem is found, the function throws an error.
|
||||||
|
+ */
|
||||||
|
+ _sanityCheckSecurityRules() {
|
||||||
|
+ let time_t_now = Math.round(Date.now() / 1000);
|
||||||
|
+ let ten_years_in_seconds = 10 * 365 * 24 * 60 * 60;
|
||||||
|
+ let ten_years_future = time_t_now + ten_years_in_seconds;
|
||||||
|
+
|
||||||
|
+ this._confirmSecurityRule(this.RNP_ALGNAME_MD5, time_t_now, false, false);
|
||||||
|
+ this._confirmSecurityRule(
|
||||||
|
+ this.RNP_ALGNAME_MD5,
|
||||||
|
+ ten_years_future,
|
||||||
|
+ false,
|
||||||
|
+ false
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+ this._confirmSecurityRule(this.RNP_ALGNAME_SHA1, time_t_now, true, false);
|
||||||
|
+ this._confirmSecurityRule(
|
||||||
|
+ this.RNP_ALGNAME_SHA1,
|
||||||
|
+ ten_years_future,
|
||||||
|
+ true,
|
||||||
|
+ false
|
||||||
|
+ );
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
async init() {
|
||||||
|
- this.ffi = new rnp_ffi_t();
|
||||||
|
- if (this.rnp_ffi_create(this.ffi.address(), "GPG", "GPG")) {
|
||||||
|
+ this.ffi = this.prepare_ffi();
|
||||||
|
+ if (!this.ffi) {
|
||||||
|
throw new Error("Couldn't initialize librnp.");
|
||||||
|
}
|
||||||
|
|
||||||
|
this.rnp_ffi_set_log_fd(this.ffi, 2); // stderr
|
||||||
|
|
||||||
|
@@ -286,10 +479,18 @@ function enableRNPLibJS() {
|
||||||
|
null
|
||||||
|
);
|
||||||
|
|
||||||
|
let { pubRingPath, secRingPath } = this.getFilenames();
|
||||||
|
|
||||||
|
+ try {
|
||||||
|
+ this._sanityCheckSecurityRules();
|
||||||
|
+ } catch (e) {
|
||||||
|
+ // Disable all RNP operation
|
||||||
|
+ this.ffi = null;
|
||||||
|
+ throw e;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
await this.loadWithFallback(pubRingPath, this.RNP_LOAD_SAVE_PUBLIC_KEYS);
|
||||||
|
await this.loadWithFallback(secRingPath, this.RNP_LOAD_SAVE_SECRET_KEYS);
|
||||||
|
|
||||||
|
let pubnum = new ctypes.size_t();
|
||||||
|
this.rnp_get_public_key_count(this.ffi, pubnum.address());
|
||||||
|
@@ -481,10 +682,14 @@ function enableRNPLibJS() {
|
||||||
|
* @param {string} path - The file path to save to.
|
||||||
|
* @param {number} keyRingFlag - RNP_LOAD_SAVE_PUBLIC_KEYS or
|
||||||
|
* RNP_LOAD_SAVE_SECRET_KEYS.
|
||||||
|
*/
|
||||||
|
async saveKeyRing(path, keyRingFlag) {
|
||||||
|
+ if (!this.ffi) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
let oldPath = path + ".old";
|
||||||
|
|
||||||
|
// Ignore failure, oldPath might not exist yet.
|
||||||
|
await IOUtils.copy(path, oldPath).catch(() => {});
|
||||||
|
|
||||||
|
@@ -540,10 +745,13 @@ function enableRNPLibJS() {
|
||||||
|
tmpPath: path + ".tmp-new",
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
|
async saveKeys() {
|
||||||
|
+ if (!this.ffi) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
let { pubRingPath, secRingPath } = this.getFilenames();
|
||||||
|
|
||||||
|
let saveThem = async () => {
|
||||||
|
await this.saveKeyRing(pubRingPath, this.RNP_LOAD_SAVE_PUBLIC_KEYS);
|
||||||
|
await this.saveKeyRing(secRingPath, this.RNP_LOAD_SAVE_SECRET_KEYS);
|
||||||
|
@@ -600,11 +808,13 @@ function enableRNPLibJS() {
|
||||||
|
abi,
|
||||||
|
ctypes.char.ptr
|
||||||
|
),
|
||||||
|
|
||||||
|
// Get a RNP library handle.
|
||||||
|
- rnp_ffi_create: librnp.declare(
|
||||||
|
+ // Mark with leading underscore, to clarify that this function
|
||||||
|
+ // shouldn't be called directly - you should call prepare_ffi().
|
||||||
|
+ _rnp_ffi_create: librnp.declare(
|
||||||
|
"rnp_ffi_create",
|
||||||
|
abi,
|
||||||
|
rnp_result_t,
|
||||||
|
rnp_ffi_t.ptr,
|
||||||
|
ctypes.char.ptr,
|
||||||
|
@@ -1713,10 +1923,22 @@ function enableRNPLibJS() {
|
||||||
|
ctypes.uint32_t.ptr,
|
||||||
|
ctypes.uint64_t.ptr,
|
||||||
|
ctypes.uint32_t.ptr
|
||||||
|
),
|
||||||
|
|
||||||
|
+ rnp_add_security_rule: librnp.declare(
|
||||||
|
+ "rnp_add_security_rule",
|
||||||
|
+ abi,
|
||||||
|
+ rnp_result_t,
|
||||||
|
+ rnp_ffi_t,
|
||||||
|
+ ctypes.char.ptr,
|
||||||
|
+ ctypes.char.ptr,
|
||||||
|
+ ctypes.uint32_t,
|
||||||
|
+ ctypes.uint64_t,
|
||||||
|
+ ctypes.uint32_t
|
||||||
|
+ ),
|
||||||
|
+
|
||||||
|
rnp_result_t,
|
||||||
|
rnp_ffi_t,
|
||||||
|
rnp_password_cb_t,
|
||||||
|
rnp_input_t,
|
||||||
|
rnp_output_t,
|
||||||
|
@@ -1748,11 +1970,26 @@ function enableRNPLibJS() {
|
||||||
|
|
||||||
|
RNP_KEY_SIGNATURE_NON_SELF_SIG: 4,
|
||||||
|
|
||||||
|
RNP_SUCCESS: 0x00000000,
|
||||||
|
|
||||||
|
+ RNP_FEATURE_SYMM_ALG: "symmetric algorithm",
|
||||||
|
RNP_FEATURE_HASH_ALG: "hash algorithm",
|
||||||
|
+ RNP_FEATURE_PK_ALG: "public key algorithm",
|
||||||
|
+ RNP_ALGNAME_MD5: "MD5",
|
||||||
|
+ RNP_ALGNAME_SHA1: "SHA1",
|
||||||
|
+ RNP_ALGNAME_SM2: "SM2",
|
||||||
|
+ RNP_ALGNAME_SM3: "SM3",
|
||||||
|
+ RNP_ALGNAME_SM4: "SM4",
|
||||||
|
+
|
||||||
|
+ RNP_SECURITY_OVERRIDE: 1,
|
||||||
|
+ RNP_SECURITY_VERIFY_KEY: 2,
|
||||||
|
+ RNP_SECURITY_VERIFY_DATA: 4,
|
||||||
|
+ RNP_SECURITY_REMOVE_ALL: 65536,
|
||||||
|
+
|
||||||
|
+ RNP_SECURITY_PROHIBITED: 0,
|
||||||
|
+ RNP_SECURITY_INSECURE: 1,
|
||||||
|
RNP_SECURITY_DEFAULT: 2,
|
||||||
|
|
||||||
|
/* Common error codes */
|
||||||
|
RNP_ERROR_GENERIC: 0x10000000, // 268435456
|
||||||
|
RNP_ERROR_BAD_FORMAT: 0x10000001, // 268435457
|
85
SOURCES/backport-rnp-0.16.2-to-esr102-m-bug-1791195.patch
Normal file
85
SOURCES/backport-rnp-0.16.2-to-esr102-m-bug-1791195.patch
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Kai Engert <kaie@kuix.de>
|
||||||
|
# Date 1664378971 0
|
||||||
|
# Wed Sep 28 15:29:31 2022 +0000
|
||||||
|
# Node ID 98bde42cf14e966da1cdf098e2d0917032c0f327
|
||||||
|
# Parent af0b1f5e4c7710f824c6141103e516ca60bc78aa
|
||||||
|
Bug 1791195 - Adjust OpenPGP signature handling for RNP >= 0.16.2. r=mkmelin
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D158270
|
||||||
|
|
||||||
|
diff --git a/comm/mail/extensions/openpgp/content/modules/RNP.jsm b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
||||||
|
--- a/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
||||||
|
+++ b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
||||||
|
@@ -1150,22 +1150,25 @@ var RNP = {
|
||||||
|
|
||||||
|
result.exitCode = RNPLib.rnp_op_verify_execute(verify_op);
|
||||||
|
|
||||||
|
let rnpCannotDecrypt = false;
|
||||||
|
let queryAllEncryptionRecipients = false;
|
||||||
|
+ let stillUndecidedIfSignatureIsBad = false;
|
||||||
|
|
||||||
|
let useDecodedData;
|
||||||
|
let processSignature;
|
||||||
|
switch (result.exitCode) {
|
||||||
|
case RNPLib.RNP_SUCCESS:
|
||||||
|
useDecodedData = true;
|
||||||
|
processSignature = true;
|
||||||
|
break;
|
||||||
|
case RNPLib.RNP_ERROR_SIGNATURE_INVALID:
|
||||||
|
- result.statusFlags |= EnigmailConstants.BAD_SIGNATURE;
|
||||||
|
+ // Either the signing key is unavailable, or the signature is
|
||||||
|
+ // indeed bad. Must check signature status below.
|
||||||
|
+ stillUndecidedIfSignatureIsBad = true;
|
||||||
|
useDecodedData = true;
|
||||||
|
- processSignature = false;
|
||||||
|
+ processSignature = true;
|
||||||
|
break;
|
||||||
|
case RNPLib.RNP_ERROR_SIGNATURE_EXPIRED:
|
||||||
|
useDecodedData = true;
|
||||||
|
processSignature = false;
|
||||||
|
result.statusFlags |= EnigmailConstants.EXPIRED_SIGNATURE;
|
||||||
|
@@ -1320,13 +1323,30 @@ var RNP = {
|
||||||
|
options.fromAddr,
|
||||||
|
options.msgDate,
|
||||||
|
verify_op,
|
||||||
|
result
|
||||||
|
);
|
||||||
|
+
|
||||||
|
+ if (
|
||||||
|
+ (result.statusFlags &
|
||||||
|
+ (EnigmailConstants.GOOD_SIGNATURE |
|
||||||
|
+ EnigmailConstants.UNCERTAIN_SIGNATURE |
|
||||||
|
+ EnigmailConstants.EXPIRED_SIGNATURE |
|
||||||
|
+ EnigmailConstants.BAD_SIGNATURE)) !=
|
||||||
|
+ 0
|
||||||
|
+ ) {
|
||||||
|
+ // A decision was already made.
|
||||||
|
+ stillUndecidedIfSignatureIsBad = false;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (stillUndecidedIfSignatureIsBad) {
|
||||||
|
+ // We didn't find more details above, so conclude it's bad.
|
||||||
|
+ result.statusFlags |= EnigmailConstants.BAD_SIGNATURE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
RNPLib.rnp_input_destroy(input_from_memory);
|
||||||
|
RNPLib.rnp_output_destroy(output_to_memory);
|
||||||
|
RNPLib.rnp_op_verify_destroy(verify_op);
|
||||||
|
|
||||||
|
if (
|
||||||
|
@@ -1458,10 +1478,12 @@ var RNP = {
|
||||||
|
let have_signer_key = false;
|
||||||
|
let use_signer_key = false;
|
||||||
|
|
||||||
|
if (query_signer) {
|
||||||
|
if (RNPLib.rnp_op_verify_signature_get_key(sig, signer_key.address())) {
|
||||||
|
+ // If sig_status isn't RNP_ERROR_KEY_NOT_FOUND then we must
|
||||||
|
+ // be able to obtain the signer key.
|
||||||
|
throw new Error("rnp_op_verify_signature_get_key");
|
||||||
|
}
|
||||||
|
|
||||||
|
have_signer_key = true;
|
||||||
|
use_signer_key = !this.isBadKey(signer_key);
|
12
SOURCES/backport-rnp-use-openssl.patch
Normal file
12
SOURCES/backport-rnp-use-openssl.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up thunderbird-102.4.0/comm/third_party/rnp/moz.build.rnp-openssl thunderbird-102.4.0/comm/third_party/rnp/moz.build
|
||||||
|
--- thunderbird-102.4.0/comm/third_party/rnp/moz.build.rnp-openssl 2022-11-01 14:36:02.940726858 +0100
|
||||||
|
+++ thunderbird-102.4.0/comm/third_party/rnp/moz.build 2022-11-01 14:36:23.091726917 +0100
|
||||||
|
@@ -39,7 +39,7 @@ if CONFIG["CC_TYPE"] == "clang-cl":
|
||||||
|
rnp_defines = {
|
||||||
|
"HAVE_BZLIB_H": True,
|
||||||
|
"HAVE_ZLIB_H": True,
|
||||||
|
- "CRYPTO_BACKEND_BOTAN": True,
|
||||||
|
+ "CRYPTO_BACKEND_OPENSSL": True,
|
||||||
|
"ENABLE_AEAD": True,
|
||||||
|
"ENABLE_TWOFISH": True,
|
||||||
|
"ENABLE_BRAINPOOL": True,
|
@ -1,11 +0,0 @@
|
|||||||
diff -up thunderbird-102.1.0/gfx/webrender_bindings/webrender_ffi.h.cbindgen-covers thunderbird-102.1.0/gfx/webrender_bindings/webrender_ffi.h
|
|
||||||
--- thunderbird-102.1.0/gfx/webrender_bindings/webrender_ffi.h.cbindgen-covers 2022-08-04 12:47:06.970587140 +0200
|
|
||||||
+++ thunderbird-102.1.0/gfx/webrender_bindings/webrender_ffi.h 2022-08-04 12:47:13.642579587 +0200
|
|
||||||
@@ -73,7 +73,6 @@ struct WrPipelineInfo;
|
|
||||||
struct WrPipelineIdAndEpoch;
|
|
||||||
using WrPipelineIdEpochs = nsTArray<WrPipelineIdAndEpoch>;
|
|
||||||
|
|
||||||
-const uint64_t ROOT_CLIP_CHAIN = ~0;
|
|
||||||
|
|
||||||
} // namespace wr
|
|
||||||
} // namespace mozilla
|
|
@ -1,13 +1,11 @@
|
|||||||
diff -up firefox-102.2.0/build/moz.configure/nss.configure.nss-version firefox-102.2.0/build/moz.configure/nss.configure
|
--- thunderbird-102.6.0/build/moz.configure/nss.configure.firefox-nss-version 2022-12-09 19:00:45.849518718 +0100
|
||||||
--- firefox-102.2.0/build/moz.configure/nss.configure.nss-version 2022-08-23 18:17:14.699869558 +0200
|
+++ thunderbird-102.6.0/build/moz.configure/nss.configure 2022-12-09 19:02:47.739198796 +0100
|
||||||
+++ firefox-102.2.0/build/moz.configure/nss.configure 2022-08-23 18:15:33.790051448 +0200
|
|
||||||
@@ -9,7 +9,7 @@ system_lib_option("--with-system-nss", h
|
@@ -9,7 +9,7 @@ system_lib_option("--with-system-nss", h
|
||||||
imply_option("--with-system-nspr", True, when="--with-system-nss")
|
imply_option("--with-system-nspr", True, when="--with-system-nss")
|
||||||
|
|
||||||
nss_pkg = pkg_check_modules(
|
nss_pkg = pkg_check_modules(
|
||||||
- "NSS", "nss >= 3.79.1", when="--with-system-nss", config=False
|
- "NSS", "nss >= 3.79.2", when="--with-system-nss", config=False
|
||||||
+ "NSS", "nss >= 3.79", when="--with-system-nss", config=False
|
+ "NSS", "nss >= 3.79", when="--with-system-nss", config=False
|
||||||
)
|
)
|
||||||
|
|
||||||
set_config("MOZ_SYSTEM_NSS", True, when="--with-system-nss")
|
set_config("MOZ_SYSTEM_NSS", True, when="--with-system-nss")
|
||||||
diff -up firefox-102.2.0/.nss-version firefox-102.2.0/
|
|
||||||
|
@ -139,7 +139,4 @@ fi
|
|||||||
NSS_SSL_CBC_RANDOM_IV=${NSS_SSL_CBC_RANDOM_IV-1}
|
NSS_SSL_CBC_RANDOM_IV=${NSS_SSL_CBC_RANDOM_IV-1}
|
||||||
export NSS_SSL_CBC_RANDOM_IV
|
export NSS_SSL_CBC_RANDOM_IV
|
||||||
|
|
||||||
# Linux version specific environment variables
|
|
||||||
%RHEL_ENV_VARS%
|
|
||||||
|
|
||||||
exec $MOZ_PROGRAM "$@"
|
exec $MOZ_PROGRAM "$@"
|
||||||
|
@ -34,6 +34,13 @@ end}
|
|||||||
%global bundle_nss 0
|
%global bundle_nss 0
|
||||||
%global build_langpacks 1
|
%global build_langpacks 1
|
||||||
|
|
||||||
|
# librnp with openssl support, not available in RHEL7 because it requires openssl >= 1.1.1e,
|
||||||
|
# nor in rhel-8.1.0 or rhel-8.2.0
|
||||||
|
%global use_openssl_for_librnp 1
|
||||||
|
%if 0%{?rhel} == 7 || (0%{?rhel} == 8 && %{rhel_minor_version} < 4)
|
||||||
|
%global use_openssl_for_librnp 0
|
||||||
|
%endif
|
||||||
|
|
||||||
%if 0%{?rhel} == 8
|
%if 0%{?rhel} == 8
|
||||||
%if %{rhel_minor_version} <= 4
|
%if %{rhel_minor_version} <= 4
|
||||||
%global bundle_nss 1
|
%global bundle_nss 1
|
||||||
@ -158,7 +165,7 @@ end}
|
|||||||
|
|
||||||
Summary: Mozilla Thunderbird mail/newsgroup client
|
Summary: Mozilla Thunderbird mail/newsgroup client
|
||||||
Name: thunderbird
|
Name: thunderbird
|
||||||
Version: 102.5.0
|
Version: 102.6.0
|
||||||
Release: 2%{?dist}.alma.plus
|
Release: 2%{?dist}.alma.plus
|
||||||
URL: http://www.mozilla.org/projects/thunderbird/
|
URL: http://www.mozilla.org/projects/thunderbird/
|
||||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||||
@ -180,7 +187,7 @@ ExcludeArch: aarch64 s390 ppc
|
|||||||
#Source0: https://archive.mozilla.org/pub/thunderbird/releases/%{version}%{?pre_version}/source/thunderbird-%{version}%{?pre_version}.processed-source.tar.xz
|
#Source0: https://archive.mozilla.org/pub/thunderbird/releases/%{version}%{?pre_version}/source/thunderbird-%{version}%{?pre_version}.processed-source.tar.xz
|
||||||
Source0: thunderbird-%{version}%{?pre_version}.processed-source.tar.xz
|
Source0: thunderbird-%{version}%{?pre_version}.processed-source.tar.xz
|
||||||
%if %{build_langpacks}
|
%if %{build_langpacks}
|
||||||
Source1: thunderbird-langpacks-%{version}-20221115.tar.xz
|
Source1: thunderbird-langpacks-%{version}-20221213.tar.xz
|
||||||
%endif
|
%endif
|
||||||
Source2: cbindgen-vendor.tar.xz
|
Source2: cbindgen-vendor.tar.xz
|
||||||
Source3: process-official-tarball
|
Source3: process-official-tarball
|
||||||
@ -225,7 +232,6 @@ Patch226: rhbz-1354671.patch
|
|||||||
Patch228: disable-openh264-download.patch
|
Patch228: disable-openh264-download.patch
|
||||||
Patch229: firefox-nss-addon-hack.patch
|
Patch229: firefox-nss-addon-hack.patch
|
||||||
# Patch230: disable-openpgp-in-thunderbird.patch
|
# Patch230: disable-openpgp-in-thunderbird.patch
|
||||||
Patch231: cbindgen-already-covers.patch
|
|
||||||
|
|
||||||
# Upstream patches
|
# Upstream patches
|
||||||
Patch415: mozilla-1670333.patch
|
Patch415: mozilla-1670333.patch
|
||||||
@ -239,6 +245,22 @@ Patch422: mozilla-s390x-skia-gradient.patch
|
|||||||
Patch423: one_swizzle_to_rule_them_all.patch
|
Patch423: one_swizzle_to_rule_them_all.patch
|
||||||
Patch424: svg-rendering.patch
|
Patch424: svg-rendering.patch
|
||||||
Patch425: D158770.diff
|
Patch425: D158770.diff
|
||||||
|
Patch5426: backport-rnp-0.16.2-to-esr102-a-bug-1753683.patch
|
||||||
|
Patch5427: backport-rnp-0.16.2-to-esr102-b-bug-1790446.patch
|
||||||
|
Patch5428: backport-rnp-0.16.2-to-esr102-c-bug-1790446.patch
|
||||||
|
Patch5429: backport-rnp-0.16.2-to-esr102-d-bug-1790446.patch
|
||||||
|
Patch5430: backport-rnp-0.16.2-to-esr102-e-bug-1790116.patch
|
||||||
|
Patch5431: backport-rnp-0.16.2-to-esr102-f-bug-1790116.patch
|
||||||
|
Patch5432: backport-rnp-0.16.2-to-esr102-g-bug-1790116.patch
|
||||||
|
Patch5433: backport-rnp-0.16.2-to-esr102-h-bug-1790116.patch
|
||||||
|
Patch5434: backport-rnp-0.16.2-to-esr102-i-bug-1790116.patch
|
||||||
|
Patch5435: backport-rnp-0.16.2-to-esr102-j-bug-1790662.patch
|
||||||
|
Patch5436: backport-rnp-0.16.2-to-esr102-k-bug-1790662.patch
|
||||||
|
Patch5437: backport-rnp-0.16.2-to-esr102-l-bug-1791195.patch
|
||||||
|
Patch5438: backport-rnp-0.16.2-to-esr102-m-bug-1791195.patch
|
||||||
|
Patch5439: backport-rnp-use-openssl.patch
|
||||||
|
Patch5479: D161379.diff
|
||||||
|
Patch5480: D161895.diff
|
||||||
|
|
||||||
# PGO/LTO patches
|
# PGO/LTO patches
|
||||||
Patch600: pgo.patch
|
Patch600: pgo.patch
|
||||||
@ -274,6 +296,9 @@ BuildRequires: pkgconfig(libnotify) >= %{libnotify_version}
|
|||||||
BuildRequires: pkgconfig(dri)
|
BuildRequires: pkgconfig(dri)
|
||||||
BuildRequires: pkgconfig(libcurl)
|
BuildRequires: pkgconfig(libcurl)
|
||||||
BuildRequires: pkgconfig(alsa)
|
BuildRequires: pkgconfig(alsa)
|
||||||
|
%if %{?use_openssl_for_librnp}
|
||||||
|
BuildRequires: pkgconfig(openssl)
|
||||||
|
%endif
|
||||||
BuildRequires: libstdc++-devel
|
BuildRequires: libstdc++-devel
|
||||||
BuildRequires: libstdc++-static
|
BuildRequires: libstdc++-static
|
||||||
BuildRequires: dbus-glib-devel
|
BuildRequires: dbus-glib-devel
|
||||||
@ -554,7 +579,6 @@ echo "use_rustts %{?use_rustts}"
|
|||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
# Build patches
|
# Build patches
|
||||||
#MISSING% patch9 -p2 -b .arm
|
|
||||||
%ifarch s390
|
%ifarch s390
|
||||||
%patch25 -p1 -b .rhbz-1219542-s390
|
%patch25 -p1 -b .rhbz-1219542-s390
|
||||||
%endif
|
%endif
|
||||||
@ -593,8 +617,6 @@ echo "use_rustts %{?use_rustts}"
|
|||||||
%endif
|
%endif
|
||||||
%patch228 -p1 -b .disable-openh264-download
|
%patch228 -p1 -b .disable-openh264-download
|
||||||
%patch229 -p1 -b .firefox-nss-addon-hack
|
%patch229 -p1 -b .firefox-nss-addon-hack
|
||||||
#patch230 -p1 -b .disable-openpgp-in-thunderbird
|
|
||||||
%patch231 -p1 -b .cbindgen-already-covers
|
|
||||||
|
|
||||||
%patch415 -p1 -b .1670333
|
%patch415 -p1 -b .1670333
|
||||||
%patch416 -p1 -b .mozilla-bmo1005535
|
%patch416 -p1 -b .mozilla-bmo1005535
|
||||||
@ -608,6 +630,29 @@ echo "use_rustts %{?use_rustts}"
|
|||||||
%patch424 -p1 -b .svg-rendering
|
%patch424 -p1 -b .svg-rendering
|
||||||
%patch425 -p1 -b .D158770.diff
|
%patch425 -p1 -b .D158770.diff
|
||||||
|
|
||||||
|
%if %{?use_openssl_for_librnp}
|
||||||
|
%patch5426 -p1 -b .backport-rnp-0.16.2-to-esr102-a-bug-1753683
|
||||||
|
%patch5427 -p1 -b .backport-rnp-0.16.2-to-esr102-b-bug-1790446
|
||||||
|
%patch5428 -p1 -b .backport-rnp-0.16.2-to-esr102-c-bug-1790446
|
||||||
|
%patch5429 -p1 -b .backport-rnp-0.16.2-to-esr102-d-bug-1790446
|
||||||
|
%patch5430 -p1 -b .backport-rnp-0.16.2-to-esr102-e-bug-1790116
|
||||||
|
%patch5431 -p1 -b .backport-rnp-0.16.2-to-esr102-f-bug-1790116
|
||||||
|
%patch5432 -p1 -b .backport-rnp-0.16.2-to-esr102-g-bug-1790116
|
||||||
|
%patch5433 -p1 -b .backport-rnp-0.16.2-to-esr102-h-bug-1790116
|
||||||
|
%patch5434 -p1 -b .backport-rnp-0.16.2-to-esr102-i-bug-1790116
|
||||||
|
%patch5435 -p1 -b .backport-rnp-0.16.2-to-esr102-j-bug-1790662
|
||||||
|
%patch5436 -p1 -b .backport-rnp-0.16.2-to-esr102-k-bug-1790662
|
||||||
|
%patch5437 -p1 -b .backport-rnp-0.16.2-to-esr102-l-bug-1791195
|
||||||
|
%patch5438 -p1 -b .backport-rnp-0.16.2-to-esr102-m-bug-1791195
|
||||||
|
%patch5439 -p1 -b .backport-rnp-use-openssl
|
||||||
|
pushd comm
|
||||||
|
%patch5479 -p1 -b .D161379.diff
|
||||||
|
%patch5480 -p1 -b .D161895.diff
|
||||||
|
popd
|
||||||
|
%else
|
||||||
|
%patch230 -p1 -b .disable-openpgp-in-thunderbird
|
||||||
|
%endif
|
||||||
|
|
||||||
# PGO patches
|
# PGO patches
|
||||||
%if %{build_with_pgo}
|
%if %{build_with_pgo}
|
||||||
%if !%{build_with_clang}
|
%if !%{build_with_clang}
|
||||||
@ -708,6 +753,9 @@ echo "ac_add_options --disable-jemalloc" >> .mozconfig
|
|||||||
%if !%{enable_mozilla_crashreporter}
|
%if !%{enable_mozilla_crashreporter}
|
||||||
echo "ac_add_options --disable-crashreporter" >> .mozconfig
|
echo "ac_add_options --disable-crashreporter" >> .mozconfig
|
||||||
%endif
|
%endif
|
||||||
|
%if %{?use_openssl_for_librnp}
|
||||||
|
echo "ac_add_options --with-librnp-backend=openssl" >> .mozconfig
|
||||||
|
%endif
|
||||||
|
|
||||||
# AV1 requires newer nasm that was rebased in 8.4
|
# AV1 requires newer nasm that was rebased in 8.4
|
||||||
%if 0%{?rhel} == 7 || (0%{?rhel} == 8 && %{rhel_minor_version} < 4)
|
%if 0%{?rhel} == 7 || (0%{?rhel} == 8 && %{rhel_minor_version} < 4)
|
||||||
@ -1127,8 +1175,11 @@ touch $RPM_BUILD_ROOT%{mozappdir}/components/xpti.dat
|
|||||||
%{__cp} %{objdir}/dist/%{symbols_file_name} $RPM_BUILD_ROOT/%{moz_debug_dir}
|
%{__cp} %{objdir}/dist/%{symbols_file_name} $RPM_BUILD_ROOT/%{moz_debug_dir}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Removing librnp.so - we cannot deliver that in RHELs
|
# Removing librnp.so - we cannot deliver librnp with botan crypto backend RHELs
|
||||||
|
# %if !%{?use_openssl_for_librnp}
|
||||||
# %{__rm} -rf %{buildroot}%{mozappdir}/librnp.so %{buildroot}%{mozappdir}/rnp-cli %{buildroot}%{mozappdir}/rnpkeys
|
# %{__rm} -rf %{buildroot}%{mozappdir}/librnp.so %{buildroot}%{mozappdir}/rnp-cli %{buildroot}%{mozappdir}/rnpkeys
|
||||||
|
# %endif
|
||||||
|
|
||||||
# Register as an application to be visible in the software center
|
# Register as an application to be visible in the software center
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/metainfo
|
mkdir -p $RPM_BUILD_ROOT%{_datadir}/metainfo
|
||||||
%{__cp} -p comm/mail/branding/%{name}/net.thunderbird.Thunderbird.appdata.xml $RPM_BUILD_ROOT%{_datadir}/metainfo/thunderbird.appdata.xml
|
%{__cp} -p comm/mail/branding/%{name}/net.thunderbird.Thunderbird.appdata.xml $RPM_BUILD_ROOT%{_datadir}/metainfo/thunderbird.appdata.xml
|
||||||
@ -1211,6 +1262,11 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
|||||||
%{mozappdir}/dependentlibs.list
|
%{mozappdir}/dependentlibs.list
|
||||||
%{mozappdir}/fonts
|
%{mozappdir}/fonts
|
||||||
%{mozappdir}/pingsender
|
%{mozappdir}/pingsender
|
||||||
|
%if %{?use_openssl_for_librnp}
|
||||||
|
%{mozappdir}/librnp.so
|
||||||
|
%{mozappdir}/rnp-cli
|
||||||
|
%{mozappdir}/rnpkeys
|
||||||
|
%endif
|
||||||
|
|
||||||
%if 0%{?bundle_nss}
|
%if 0%{?bundle_nss}
|
||||||
%{mozappdir}/bundled/%{_lib}/libfreebl*
|
%{mozappdir}/bundled/%{_lib}/libfreebl*
|
||||||
@ -1228,12 +1284,20 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
|||||||
#===============================================================================
|
#===============================================================================
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Nov 21 2022 Eduard Abdullin <eabdullin@almalinux.org> - 102.5.0-2.alma.plus
|
* Thu Dec 15 2022 Eduard Abdullin <eabdullin@almalinux.org> - 102.6.0-2.alma.plus
|
||||||
- Enable openpgp
|
- Enable openpgp
|
||||||
|
|
||||||
* Mon Nov 21 2022 Eduard Abdullin <eabdullin@almalinux.org> - 102.5.0-2.alma
|
* Thu Dec 15 2022 Eduard Abdullin <eabdullin@almalinux.org> - 102.6.0-2.alma
|
||||||
- Debrand for AlmaLinux
|
- Debrand for AlmaLinux
|
||||||
|
|
||||||
|
* Tue Dec 13 2022 Eike Rathke <erack@redhat.com> - 102.6.0-2
|
||||||
|
- Update to 102.6.0 build2
|
||||||
|
* Fri Dec 09 2022 Eike Rathke <erack@redhat.com> - 102.6.0-1
|
||||||
|
- Update to 102.6.0 build1
|
||||||
|
|
||||||
|
* Tue Nov 29 2022 Jan Horak <jhorak@redhat.com> - 102.5.0-3
|
||||||
|
- Use openssl for the librnp crypto backend to enable the openpgp encryption
|
||||||
|
|
||||||
* Tue Nov 15 2022 Eike Rathke <erack@redhat.com> - 102.5.0-2
|
* Tue Nov 15 2022 Eike Rathke <erack@redhat.com> - 102.5.0-2
|
||||||
- Update to 102.5.0 build2
|
- Update to 102.5.0 build2
|
||||||
* Fri Nov 11 2022 Eike Rathke <erack@redhat.com> - 102.5.0-1
|
* Fri Nov 11 2022 Eike Rathke <erack@redhat.com> - 102.5.0-1
|
||||||
|
Loading…
Reference in New Issue
Block a user