parent
ba49b4156a
commit
e255f58944
@ -1,6 +1,6 @@
|
|||||||
SOURCES/cbindgen-vendor.tar.xz
|
SOURCES/cbindgen-vendor.tar.xz
|
||||||
SOURCES/nspr-4.34.0-3.el8_1.src.rpm
|
SOURCES/nspr-4.34.0-3.el8_1.src.rpm
|
||||||
SOURCES/nss-3.79.0-6.el8_1.src.rpm
|
SOURCES/nss-3.79.0-6.el8_1.src.rpm
|
||||||
SOURCES/thunderbird-102.6.0.processed-source.tar.xz
|
SOURCES/thunderbird-102.7.1.processed-source.tar.xz
|
||||||
SOURCES/thunderbird-langpacks-102.6.0-20221213.tar.xz
|
SOURCES/thunderbird-langpacks-102.7.1-20230124.tar.xz
|
||||||
SOURCES/thunderbird-symbolic.svg
|
SOURCES/thunderbird-symbolic.svg
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
2a430d6252dbea45482ba316a6e9fa605c15e747 SOURCES/cbindgen-vendor.tar.xz
|
2a430d6252dbea45482ba316a6e9fa605c15e747 SOURCES/cbindgen-vendor.tar.xz
|
||||||
af58b3c87a8b5491dde63b07efaeb3d7f1ec56c1 SOURCES/nspr-4.34.0-3.el8_1.src.rpm
|
af58b3c87a8b5491dde63b07efaeb3d7f1ec56c1 SOURCES/nspr-4.34.0-3.el8_1.src.rpm
|
||||||
fc5297c6830f0a1e88f84b94b0b066487664061b SOURCES/nss-3.79.0-6.el8_1.src.rpm
|
fc5297c6830f0a1e88f84b94b0b066487664061b SOURCES/nss-3.79.0-6.el8_1.src.rpm
|
||||||
2e5705870dd47decb800757a4e26d288b24b61b1 SOURCES/thunderbird-102.6.0.processed-source.tar.xz
|
f3d1a5cd1ec83e04dd206115f01df923858f9aa6 SOURCES/thunderbird-102.7.1.processed-source.tar.xz
|
||||||
d28522497a56117469dbabbde833b69619d8e090 SOURCES/thunderbird-langpacks-102.6.0-20221213.tar.xz
|
a4191c25a416a790b49f79c12bb559e67bd8d40a SOURCES/thunderbird-langpacks-102.7.1-20230124.tar.xz
|
||||||
42e80b86948cdba0f69af5b15a69bc6a1274d938 SOURCES/thunderbird-symbolic.svg
|
42e80b86948cdba0f69af5b15a69bc6a1274d938 SOURCES/thunderbird-symbolic.svg
|
||||||
|
@ -1,81 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Daniel <daniel@thunderbird.net>
|
|
||||||
# Date 1658184582 0
|
|
||||||
# Mon Jul 18 22:49:42 2022 +0000
|
|
||||||
# Node ID 9998ed5c2bcee289b03828eba670053614fa26da
|
|
||||||
# Parent e572bc3cfa07492189aec439e98378b0811ae3bb
|
|
||||||
Bug 1753683 - Replace distutils (deprecated) with packaging. r=rjl
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D152123
|
|
||||||
|
|
||||||
diff --git a/comm/python/thirdroc/thirdroc/__init__.py b/comm/python/thirdroc/thirdroc/__init__.py
|
|
||||||
--- a/comm/python/thirdroc/thirdroc/__init__.py
|
|
||||||
+++ b/comm/python/thirdroc/thirdroc/__init__.py
|
|
||||||
@@ -3,11 +3,11 @@
|
|
||||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
||||||
|
|
||||||
from __future__ import print_function, absolute_import
|
|
||||||
|
|
||||||
import re
|
|
||||||
-from distutils.version import StrictVersion
|
|
||||||
+from packaging.version import parse
|
|
||||||
|
|
||||||
VTAG_RE = re.compile(r"^v\d+\.\d+\.\d+$")
|
|
||||||
|
|
||||||
|
|
||||||
def tag2version(tag):
|
|
||||||
@@ -22,16 +22,16 @@ def tag2version(tag):
|
|
||||||
raise Exception("Invalid tag {}".format(tag))
|
|
||||||
|
|
||||||
|
|
||||||
def get_latest_version(*versions):
|
|
||||||
"""
|
|
||||||
- Given a list of versions (that must parse with distutils.version.StrictVersion,
|
|
||||||
+ Given a list of versions (that must parse with packaging.version.parse),
|
|
||||||
return the latest/newest version.
|
|
||||||
:param list versions:
|
|
||||||
- :return StrictVersion:
|
|
||||||
+ :return Version:
|
|
||||||
"""
|
|
||||||
- version_list = [StrictVersion(tag2version(v)) for v in versions]
|
|
||||||
+ version_list = [parse(tag2version(v)) for v in versions]
|
|
||||||
version_list.sort()
|
|
||||||
return version_list[-1]
|
|
||||||
|
|
||||||
|
|
||||||
def latest_version(*versions):
|
|
||||||
diff --git a/comm/python/thirdroc/thirdroc/rnp.py b/comm/python/thirdroc/thirdroc/rnp.py
|
|
||||||
--- a/comm/python/thirdroc/thirdroc/rnp.py
|
|
||||||
+++ b/comm/python/thirdroc/thirdroc/rnp.py
|
|
||||||
@@ -6,11 +6,11 @@ from __future__ import absolute_import
|
|
||||||
|
|
||||||
import os
|
|
||||||
from io import StringIO
|
|
||||||
from datetime import date
|
|
||||||
import re
|
|
||||||
-from distutils.version import StrictVersion
|
|
||||||
+from packaging.version import parse
|
|
||||||
|
|
||||||
from mozbuild.preprocessor import Preprocessor
|
|
||||||
|
|
||||||
|
|
||||||
def rnp_source_update(rnp_root, version_str, revision, timestamp, bug_report):
|
|
||||||
@@ -21,14 +21,14 @@ def rnp_source_update(rnp_root, version_
|
|
||||||
:param string version_str: latest version
|
|
||||||
:param string revision: revision hash (short form)
|
|
||||||
:param float timestamp: UNIX timestamp from revision
|
|
||||||
:param string bug_report: where to report bugs for this RNP build
|
|
||||||
"""
|
|
||||||
- version = StrictVersion(version_str)
|
|
||||||
- version_major = version.version[0]
|
|
||||||
- version_minor = version.version[1]
|
|
||||||
- version_patch = version.version[2]
|
|
||||||
+ version = parse(version_str)
|
|
||||||
+ version_major = version.major
|
|
||||||
+ version_minor = version.minor
|
|
||||||
+ version_patch = version.micro
|
|
||||||
date_str = date.fromtimestamp(float(timestamp)).strftime("%Y%m%d")
|
|
||||||
revision_short = revision[:8]
|
|
||||||
version_full = "{}+git{}.{}.MZLA".format(version_str, date_str, revision_short)
|
|
||||||
|
|
||||||
defines = dict(
|
|
@ -1,118 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Rob Lemley <rob@thunderbird.net>
|
|
||||||
# Date 1662996130 0
|
|
||||||
# Mon Sep 12 15:22:10 2022 +0000
|
|
||||||
# Node ID 5dfb405f325609c62215f9d74e01dba029b84611
|
|
||||||
# Parent 9998ed5c2bcee289b03828eba670053614fa26da
|
|
||||||
Bug 1790446 - Stop rewriting RNP config.h.in when updating the source from upstream. r=dandarnell
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D157151
|
|
||||||
|
|
||||||
diff --git a/comm/python/thirdroc/thirdroc/rnp.py b/comm/python/thirdroc/thirdroc/rnp.py
|
|
||||||
--- a/comm/python/thirdroc/thirdroc/rnp.py
|
|
||||||
+++ b/comm/python/thirdroc/thirdroc/rnp.py
|
|
||||||
@@ -11,19 +11,18 @@ import re
|
|
||||||
from packaging.version import parse
|
|
||||||
|
|
||||||
from mozbuild.preprocessor import Preprocessor
|
|
||||||
|
|
||||||
|
|
||||||
-def rnp_source_update(rnp_root, version_str, revision, timestamp, bug_report):
|
|
||||||
+def rnp_source_update(rnp_root, version_str, revision, timestamp):
|
|
||||||
"""
|
|
||||||
Update RNP source files: generate version.h and mangle config.h.in
|
|
||||||
:param rnp_root:
|
|
||||||
:type rnp_root:
|
|
||||||
:param string version_str: latest version
|
|
||||||
:param string revision: revision hash (short form)
|
|
||||||
:param float timestamp: UNIX timestamp from revision
|
|
||||||
- :param string bug_report: where to report bugs for this RNP build
|
|
||||||
"""
|
|
||||||
version = parse(version_str)
|
|
||||||
version_major = version.major
|
|
||||||
version_minor = version.minor
|
|
||||||
version_patch = version.micro
|
|
||||||
@@ -36,20 +35,17 @@ def rnp_source_update(rnp_root, version_
|
|
||||||
RNP_VERSION_MINOR=version_minor,
|
|
||||||
RNP_VERSION_PATCH=version_patch,
|
|
||||||
RNP_VERSION=version_str,
|
|
||||||
RNP_VERSION_FULL=version_full,
|
|
||||||
RNP_VERSION_COMMIT_TIMESTAMP=str(timestamp),
|
|
||||||
- BUGREPORT_EMAIL=bug_report,
|
|
||||||
)
|
|
||||||
src_lib = os.path.join(rnp_root, "src", "lib")
|
|
||||||
version_h_in = os.path.join(src_lib, "version.h.in")
|
|
||||||
version_h = os.path.join(src_lib, "version.h")
|
|
||||||
- config_h_in = os.path.join(src_lib, "config.h.in")
|
|
||||||
readme_rnp = os.path.join(rnp_root, "..", "README.rnp")
|
|
||||||
|
|
||||||
generate_version_h(version_h_in, version_h, defines)
|
|
||||||
- mangle_config_h_in(config_h_in, defines)
|
|
||||||
update_readme(readme_rnp, revision)
|
|
||||||
|
|
||||||
|
|
||||||
def rnp_preprocess(tmpl, dest, defines):
|
|
||||||
"""
|
|
||||||
@@ -79,30 +75,10 @@ def generate_version_h(template, destina
|
|
||||||
with open(template) as tmpl:
|
|
||||||
with open(destination, "w") as dest:
|
|
||||||
rnp_preprocess(tmpl, dest, defines)
|
|
||||||
|
|
||||||
|
|
||||||
-def mangle_config_h_in(template, defines):
|
|
||||||
- """
|
|
||||||
- Mangle RNP's config.h.in so that it will work with CONFIGURE_DEFINE_FILES
|
|
||||||
- :param string template: path to config.h.in
|
|
||||||
- :param dict defines: result of get_defines()
|
|
||||||
- """
|
|
||||||
- with open(template) as tmpl:
|
|
||||||
- tmp_string = StringIO()
|
|
||||||
- rnp_preprocess(tmpl, tmp_string, defines)
|
|
||||||
-
|
|
||||||
- tmp_string.seek(0)
|
|
||||||
-
|
|
||||||
- with open(template, "w") as dest:
|
|
||||||
- for line in tmp_string:
|
|
||||||
- if line.startswith("#cmakedefine"):
|
|
||||||
- line = line.replace("#cmakedefine", "#undef")
|
|
||||||
- dest.write(line)
|
|
||||||
- dest.write("\n")
|
|
||||||
-
|
|
||||||
-
|
|
||||||
def update_readme(path, revision):
|
|
||||||
"""
|
|
||||||
Updates the commit hash in README.rnp
|
|
||||||
:param string path: Path to README.rnp
|
|
||||||
:param string revision: revision to insert
|
|
||||||
diff --git a/comm/third_party/update_rnp.sh b/comm/third_party/update_rnp.sh
|
|
||||||
--- a/comm/third_party/update_rnp.sh
|
|
||||||
+++ b/comm/third_party/update_rnp.sh
|
|
||||||
@@ -42,26 +42,23 @@ TAGLIST=$(git -C "${RNPgit}" tag --list
|
|
||||||
|
|
||||||
LATEST_VERSION=$($THIRDROC latest_version $TAGLIST)
|
|
||||||
REVISION=$(git -C "${RNPgit}" rev-parse --verify HEAD)
|
|
||||||
TIMESTAMP=$(git -C "${RNPgit}" show -s --format=%ct)
|
|
||||||
|
|
||||||
-BUGREPORT="https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"
|
|
||||||
-
|
|
||||||
# Cleanup rnp checkout
|
|
||||||
rm -rf ${RNPgit}/{.git,.github,.cirrus.yml,.clang-format,.gitignore}
|
|
||||||
rm -rf ${RNPgit}/{_config.yml,docker.sh,ci,cmake,git-hooks,travis.sh,vcpkg.txt}
|
|
||||||
rm -rf ${RNPgit}/{Brewfile,CMakeLists.txt,CMakeSettings.json}
|
|
||||||
|
|
||||||
# Do the switch
|
|
||||||
rm -rf rnp
|
|
||||||
mv "${RNPgit}" rnp
|
|
||||||
-# Build version.h/config.h.in
|
|
||||||
+# Build version.h
|
|
||||||
$THIRDROC rnp_source_update rnp/ \
|
|
||||||
"${LATEST_VERSION}" \
|
|
||||||
"${REVISION}" \
|
|
||||||
- "${TIMESTAMP}" \
|
|
||||||
- "${BUGREPORT}"
|
|
||||||
+ "${TIMESTAMP}"
|
|
||||||
|
|
||||||
# Restore moz.build
|
|
||||||
hg revert rnp/moz.build rnp/module.ver rnp/rnp.symbols rnp/src/lib/rnp/rnp_export.h \
|
|
||||||
rnp/src/rnp/moz.build rnp/src/rnpkeys/moz.build
|
|
||||||
|
|
@ -1,185 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Rob Lemley <rob@thunderbird.net>
|
|
||||||
# Date 1662996529 0
|
|
||||||
# Mon Sep 12 15:28:49 2022 +0000
|
|
||||||
# Node ID c9e44c0a569253884961ad2e18fae23f5ed0f6dc
|
|
||||||
# Parent 5dfb405f325609c62215f9d74e01dba029b84611
|
|
||||||
Bug 1790446 - Add build script to preprocess CMake config.h templates. r=dandarnell
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Right now config.h.in is rewritten when the RNP source is updated.
|
|
||||||
This has caused problems when new lines are added to it.
|
|
||||||
|
|
||||||
Depends on D157151
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D157152
|
|
||||||
|
|
||||||
diff --git a/comm/python/rocbuild/process_cmake_define_files.py b/python/rocb/commuild/process_cmake_define_files.py
|
|
||||||
new file mode 100644
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/comm/python/rocbuild/process_cmake_define_files.py
|
|
||||||
@@ -0,0 +1,103 @@
|
|
||||||
+# This Source Code Form is subject to the terms of the Mozilla Public
|
|
||||||
+# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
||||||
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
||||||
+
|
|
||||||
+from __future__ import absolute_import, print_function, unicode_literals
|
|
||||||
+
|
|
||||||
+import argparse
|
|
||||||
+import os
|
|
||||||
+import re
|
|
||||||
+import sys
|
|
||||||
+from buildconfig import topsrcdir, topobjdir
|
|
||||||
+from mozbuild.backend.configenvironment import PartialConfigEnvironment
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+def define_type(string):
|
|
||||||
+ vals = string.split("=", 1)
|
|
||||||
+ if len(vals) == 1:
|
|
||||||
+ vals.append(1)
|
|
||||||
+ elif vals[1].isdecimal():
|
|
||||||
+ vals[1] = int(vals[1])
|
|
||||||
+ return tuple(vals)
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+def process_cmake_define_file(output, input_file, extra_defines):
|
|
||||||
+ """Creates the given config header. A config header is generated by
|
|
||||||
+ taking the corresponding source file and replacing some #define/#undef
|
|
||||||
+ occurences:
|
|
||||||
+ "#undef NAME" is turned into "#define NAME VALUE"
|
|
||||||
+ "#cmakedefine NAME" is turned into "#define NAME VALUE"
|
|
||||||
+ "#define NAME" is unchanged
|
|
||||||
+ "#define NAME ORIGINAL_VALUE" is turned into "#define NAME VALUE"
|
|
||||||
+ "#undef UNKNOWN_NAME" is turned into "/* #undef UNKNOWN_NAME */"
|
|
||||||
+ "#cmakedefine UNKNOWN_NAME" is turned into "/* #undef UNKNOWN_NAME */"
|
|
||||||
+ Whitespaces are preserved.
|
|
||||||
+ """
|
|
||||||
+
|
|
||||||
+ path = os.path.abspath(input_file)
|
|
||||||
+
|
|
||||||
+ config = PartialConfigEnvironment(topobjdir)
|
|
||||||
+
|
|
||||||
+ defines = dict(config.defines.iteritems())
|
|
||||||
+ defines.update(extra_defines)
|
|
||||||
+
|
|
||||||
+ with open(path, "r") as input_file:
|
|
||||||
+ r = re.compile(
|
|
||||||
+ r'^\s*#\s*(?P<cmd>[a-z]+)(?:\s+(?P<name>\S+)(?:\s+(?P<value>("[^"]+"|\S+)))?)?',
|
|
||||||
+ re.U,
|
|
||||||
+ )
|
|
||||||
+ for line in input_file:
|
|
||||||
+ m = r.match(line)
|
|
||||||
+ if m:
|
|
||||||
+ cmd = m.group("cmd")
|
|
||||||
+ name = m.group("name")
|
|
||||||
+ value = m.group("value")
|
|
||||||
+ if name:
|
|
||||||
+ if cmd == "define":
|
|
||||||
+ if value and name in defines:
|
|
||||||
+ line = (
|
|
||||||
+ line[: m.start("value")]
|
|
||||||
+ + str(defines[name])
|
|
||||||
+ + line[m.end("value") :]
|
|
||||||
+ )
|
|
||||||
+ elif cmd in ("undef", "cmakedefine"):
|
|
||||||
+ if name in defines:
|
|
||||||
+ line = (
|
|
||||||
+ line[: m.start("cmd")]
|
|
||||||
+ + "define"
|
|
||||||
+ + line[m.end("cmd") : m.end("name")]
|
|
||||||
+ + " "
|
|
||||||
+ + str(defines[name])
|
|
||||||
+ + line[m.end("name") :]
|
|
||||||
+ )
|
|
||||||
+ else:
|
|
||||||
+ line = (
|
|
||||||
+ "/* #undef "
|
|
||||||
+ + line[m.start("name") : m.end("name")]
|
|
||||||
+ + " */"
|
|
||||||
+ + line[m.end("name") :]
|
|
||||||
+ )
|
|
||||||
+
|
|
||||||
+ output.write(line)
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+def main(output, *argv):
|
|
||||||
+ parser = argparse.ArgumentParser(description="Process define files.")
|
|
||||||
+
|
|
||||||
+ parser.add_argument("input", help="Input define file.")
|
|
||||||
+ parser.add_argument(
|
|
||||||
+ "-D",
|
|
||||||
+ type=define_type,
|
|
||||||
+ action="append",
|
|
||||||
+ dest="extra_defines",
|
|
||||||
+ default=[],
|
|
||||||
+ help="Additional defines not set at configure time.",
|
|
||||||
+ )
|
|
||||||
+
|
|
||||||
+ args = parser.parse_args(argv)
|
|
||||||
+
|
|
||||||
+ return process_cmake_define_file(output, args.input, args.extra_defines)
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+if __name__ == "__main__":
|
|
||||||
+ sys.exit(main(*sys.argv))
|
|
||||||
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
|
||||||
--- a/comm/third_party/rnp/moz.build
|
|
||||||
+++ b/comm/third_party/rnp/moz.build
|
|
||||||
@@ -34,19 +34,27 @@ COMPILE_FLAGS["WARNINGS_CFLAGS"] += [
|
|
||||||
if CONFIG["CC_TYPE"] == "clang-cl":
|
|
||||||
CXXFLAGS += [
|
|
||||||
"/EHs",
|
|
||||||
]
|
|
||||||
|
|
||||||
-DEFINES["_GNU_SOURCE"] = True
|
|
||||||
-
|
|
||||||
-DEFINES["HAVE_BZLIB_H"] = True
|
|
||||||
-DEFINES["HAVE_ZLIB_H"] = True
|
|
||||||
-DEFINES["MOZ_RNP_DIST_INFO"] = rnp_dist_info
|
|
||||||
-
|
|
||||||
-CONFIGURE_DEFINE_FILES += [
|
|
||||||
+rnp_defines = {
|
|
||||||
+ "HAVE_BZLIB_H": True,
|
|
||||||
+ "HAVE_ZLIB_H": True,
|
|
||||||
+ "CRYPTO_BACKEND_BOTAN": True,
|
|
||||||
+ "ENABLE_AEAD": True,
|
|
||||||
+ "ENABLE_TWOFISH": True,
|
|
||||||
+ "ENABLE_BRAINPOOL": True,
|
|
||||||
+}
|
|
||||||
+GeneratedFile(
|
|
||||||
"src/lib/config.h",
|
|
||||||
-]
|
|
||||||
+ script="/comm/python/rocbuild/process_cmake_define_files.py",
|
|
||||||
+ inputs=["src/lib/config.h.in"],
|
|
||||||
+ flags=[
|
|
||||||
+ "-D%s=%s" % (k, "1" if v is True else v)
|
|
||||||
+ for k, v in rnp_defines.items()
|
|
||||||
+ ],
|
|
||||||
+)
|
|
||||||
|
|
||||||
LOCAL_INCLUDES = [
|
|
||||||
"include",
|
|
||||||
"src",
|
|
||||||
"src/common",
|
|
||||||
diff --git a/comm/third_party/rnpdefs.mozbuild b/third_party/rnpdefs.mozb/commuild
|
|
||||||
--- a/comm/third_party/rnpdefs.mozbuild
|
|
||||||
+++ b/comm/third_party/rnpdefs.mozbuild
|
|
||||||
@@ -16,17 +16,10 @@ rnp_dist_info = "{} {} rnp".format(
|
|
||||||
COMPILE_FLAGS["OS_CFLAGS"] = []
|
|
||||||
COMPILE_FLAGS["OS_CXXFLAGS"] = []
|
|
||||||
COMPILE_FLAGS["OS_INCLUDES"] = []
|
|
||||||
COMPILE_FLAGS["CLANG_PLUGIN"] = []
|
|
||||||
|
|
||||||
-DEFINES["RNP_NO_DEPRECATED"] = True
|
|
||||||
-DEFINES["CRYPTO_BACKEND_BOTAN"] = True
|
|
||||||
-DEFINES["ENABLE_AEAD"] = True
|
|
||||||
-DEFINES["ENABLE_TWOFISH"] = True
|
|
||||||
-DEFINES["ENABLE_BRAINPOOL"] = True
|
|
||||||
-
|
|
||||||
-
|
|
||||||
if CONFIG["COMPILE_ENVIRONMENT"]:
|
|
||||||
COMPILE_FLAGS["MOZ_HARDENING_CFLAGS"] = []
|
|
||||||
|
|
||||||
if CONFIG["CC_TYPE"] == "clang-cl":
|
|
||||||
CFLAGS += [
|
|
@ -1,77 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Rob Lemley <rob@thunderbird.net>
|
|
||||||
# Date 1662997034 0
|
|
||||||
# Mon Sep 12 15:37:14 2022 +0000
|
|
||||||
# Node ID 17dc6bb322b5d40299bba0a90d59c0593137d4f6
|
|
||||||
# Parent c9e44c0a569253884961ad2e18fae23f5ed0f6dc
|
|
||||||
Bug 1790446 - Get RNP version during configure and set in config.h. r=dandarnell
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Depends on D157152
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D157153
|
|
||||||
|
|
||||||
diff --git a/comm/third_party/openpgp.configure b/comm/third_party/openpgp.configure
|
|
||||||
--- a/comm/third_party/openpgp.configure
|
|
||||||
+++ b/comm/third_party/openpgp.configure
|
|
||||||
@@ -86,10 +86,42 @@ with only_when("--enable-compile-environ
|
|
||||||
set_config("MZLA_LIBRNP", depends_if(in_tree_librnp)(lambda _: True))
|
|
||||||
set_define("MZLA_LIBRNP", depends_if(in_tree_librnp)(lambda _: True))
|
|
||||||
|
|
||||||
|
|
||||||
with only_when(in_tree_librnp):
|
|
||||||
+
|
|
||||||
+ @depends(build_environment, c_compiler)
|
|
||||||
+ @imports(_from="textwrap", _import="dedent")
|
|
||||||
+ @imports(_from="os.path", _import="join")
|
|
||||||
+ def rnp_version_string(build_env, compiler):
|
|
||||||
+ log.info("Determining librnp version from version.h.")
|
|
||||||
+ include_path = join(
|
|
||||||
+ build_env.topsrcdir, "comm", "third_party", "rnp", "src", "lib"
|
|
||||||
+ )
|
|
||||||
+ check = dedent(
|
|
||||||
+ """\
|
|
||||||
+ #include "version.h"
|
|
||||||
+ RNP_VERSION_STRING_FULL
|
|
||||||
+ """
|
|
||||||
+ )
|
|
||||||
+ result = try_preprocess(
|
|
||||||
+ compiler.wrapper
|
|
||||||
+ + [compiler.compiler]
|
|
||||||
+ + compiler.flags
|
|
||||||
+ + ["-I", include_path],
|
|
||||||
+ "C",
|
|
||||||
+ check,
|
|
||||||
+ )
|
|
||||||
+ if result:
|
|
||||||
+ rnp_version = result.splitlines()[-1]
|
|
||||||
+ rnp_version = rnp_version.replace('"', "")
|
|
||||||
+ else:
|
|
||||||
+ raise FatalCheckError("Unable to determine RNP version string.")
|
|
||||||
+ return rnp_version
|
|
||||||
+
|
|
||||||
+ set_config("MZLA_LIBRNP_FULL_VERSION", rnp_version_string)
|
|
||||||
+
|
|
||||||
# JSON-C --with-system-json
|
|
||||||
system_lib_option(
|
|
||||||
"--with-system-jsonc",
|
|
||||||
help="Use system JSON-C for librnp (located with pkgconfig)",
|
|
||||||
)
|
|
||||||
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
|
||||||
--- a/comm/third_party/rnp/moz.build
|
|
||||||
+++ b/comm/third_party/rnp/moz.build
|
|
||||||
@@ -41,10 +41,12 @@ rnp_defines = {
|
|
||||||
"HAVE_ZLIB_H": True,
|
|
||||||
"CRYPTO_BACKEND_BOTAN": True,
|
|
||||||
"ENABLE_AEAD": True,
|
|
||||||
"ENABLE_TWOFISH": True,
|
|
||||||
"ENABLE_BRAINPOOL": True,
|
|
||||||
+ "PACKAGE_BUGREPORT": '"https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"',
|
|
||||||
+ "PACKAGE_STRING": '"rnp {}"'.format(CONFIG["MZLA_LIBRNP_FULL_VERSION"])
|
|
||||||
}
|
|
||||||
GeneratedFile(
|
|
||||||
"src/lib/config.h",
|
|
||||||
script="/comm/python/rocbuild/process_cmake_define_files.py",
|
|
||||||
inputs=["src/lib/config.h.in"],
|
|
@ -1,58 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Rob Lemley <rob@thunderbird.net>
|
|
||||||
# Date 1663866047 14400
|
|
||||||
# Thu Sep 22 13:00:47 2022 -0400
|
|
||||||
# Node ID 8c718243f4e83fc18dfc88bf5d817c5c18f13937
|
|
||||||
# Parent 17dc6bb322b5d40299bba0a90d59c0593137d4f6
|
|
||||||
Bug 1790116 - update_rnp.sh changes for RNP v0.16.2. r=kaie
|
|
||||||
|
|
||||||
The changes in bug_1768424.patch are now included upstream in
|
|
||||||
https://github.com/rnpgp/rnp/commit/ac6f58ef7ccea270b735b53f87da2c3ca5b34290.
|
|
||||||
|
|
||||||
bug_1763641.patch removed per bug 1790116 comment 26.
|
|
||||||
|
|
||||||
disable_obsolete_ciphers.patch no longer needed, use security rules instead.
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D157010
|
|
||||||
|
|
||||||
diff --git a/comm/third_party/update_rnp.sh b/comm/third_party/update_rnp.sh
|
|
||||||
--- a/comm/third_party/update_rnp.sh
|
|
||||||
+++ b/comm/third_party/update_rnp.sh
|
|
||||||
@@ -43,11 +43,11 @@ TAGLIST=$(git -C "${RNPgit}" tag --list
|
|
||||||
LATEST_VERSION=$($THIRDROC latest_version $TAGLIST)
|
|
||||||
REVISION=$(git -C "${RNPgit}" rev-parse --verify HEAD)
|
|
||||||
TIMESTAMP=$(git -C "${RNPgit}" show -s --format=%ct)
|
|
||||||
|
|
||||||
# Cleanup rnp checkout
|
|
||||||
-rm -rf ${RNPgit}/{.git,.github,.cirrus.yml,.clang-format,.gitignore}
|
|
||||||
+rm -rf ${RNPgit}/{.git,.github,.cirrus.yml,.clang-format,.gitignore,.codespellrc}
|
|
||||||
rm -rf ${RNPgit}/{_config.yml,docker.sh,ci,cmake,git-hooks,travis.sh,vcpkg.txt}
|
|
||||||
rm -rf ${RNPgit}/{Brewfile,CMakeLists.txt,CMakeSettings.json}
|
|
||||||
|
|
||||||
# Do the switch
|
|
||||||
rm -rf rnp
|
|
||||||
@@ -60,17 +60,17 @@ mv "${RNPgit}" rnp
|
|
||||||
|
|
||||||
# Restore moz.build
|
|
||||||
hg revert rnp/moz.build rnp/module.ver rnp/rnp.symbols rnp/src/lib/rnp/rnp_export.h \
|
|
||||||
rnp/src/rnp/moz.build rnp/src/rnpkeys/moz.build
|
|
||||||
|
|
||||||
-# Reapply Thunderbird patch to disable obsolete ciphers
|
|
||||||
-PATCH_FILES=("patches/rnp/disable_obsolete_ciphers.patch" \
|
|
||||||
- "patches/rnp/bug_1763641.patch" \
|
|
||||||
- "patches/rnp/bug_1768424.patch")
|
|
||||||
-for PATCH_FILE in "${PATCH_FILES[@]}"; do
|
|
||||||
- patch -p2 -i "${PATCH_FILE}" -N -r "${MY_TEMP_DIR}/${PATCH_FILE}.rej"
|
|
||||||
-done
|
|
||||||
+# Patch librnp - currently not needed
|
|
||||||
+#PATCH_FILES=("patches/rnp/disable_obsolete_ciphers.patch")
|
|
||||||
+#for PATCH_FILE in "${PATCH_FILES[@]}"; do
|
|
||||||
+# # shellcheck disable=SC2086
|
|
||||||
+# echo "Applying patch $(basename ${PATCH_FILE})"
|
|
||||||
+# patch -p2 -i "${PATCH_FILE}" -N -r "${MY_TEMP_DIR}/${PATCH_FILE}.rej"
|
|
||||||
+#done
|
|
||||||
|
|
||||||
# Patch sometimes creates backup files that are not wanted.
|
|
||||||
find rnp -name '*.orig' -exec rm -f '{}' \;
|
|
||||||
|
|
||||||
rm -rf "${MY_TEMP_DIR}"
|
|
File diff suppressed because one or more lines are too long
@ -1,77 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Rob Lemley <rob@thunderbird.net>
|
|
||||||
# Date 1663866531 14400
|
|
||||||
# Thu Sep 22 13:08:51 2022 -0400
|
|
||||||
# Node ID a863c22903a3fa4c71360920ed77ac31f1fa5d01
|
|
||||||
# Parent 3625a887f020a9a3cb3ad96e5107bfeacd54386e
|
|
||||||
Bug 1790116 - Update rnp_export.h. r=kaie
|
|
||||||
|
|
||||||
The CMake code that generates this file changed with RNP 0.16. The local copy
|
|
||||||
needs to be regenerated.
|
|
||||||
|
|
||||||
File generated with CMake using clang.
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D157053
|
|
||||||
|
|
||||||
diff --git a/comm/third_party/rnp/src/lib/rnp/rnp_export.h b/third_party/rnp/src/lib/comm/rnp/rnp_export.h
|
|
||||||
--- a/comm/third_party/rnp/src/lib/rnp/rnp_export.h
|
|
||||||
+++ b/comm/third_party/rnp/src/lib/rnp/rnp_export.h
|
|
||||||
@@ -1,42 +1,42 @@
|
|
||||||
|
|
||||||
-#ifndef RNP_API_H
|
|
||||||
-#define RNP_API_H
|
|
||||||
+#ifndef RNP_EXPORT
|
|
||||||
+#define RNP_EXPORT
|
|
||||||
|
|
||||||
#ifdef RNP_STATIC
|
|
||||||
# define RNP_API
|
|
||||||
-# define RNP_RNP_NO_EXPORT
|
|
||||||
+# define RNP_NO_EXPORT
|
|
||||||
#else
|
|
||||||
# ifndef RNP_API
|
|
||||||
# ifdef librnp_EXPORTS
|
|
||||||
/* We are building this library */
|
|
||||||
-# define RNP_API __attribute__((visibility("default")))
|
|
||||||
+# define RNP_API
|
|
||||||
# else
|
|
||||||
/* We are using this library */
|
|
||||||
-# define RNP_API __attribute__((visibility("default")))
|
|
||||||
+# define RNP_API
|
|
||||||
# endif
|
|
||||||
# endif
|
|
||||||
|
|
||||||
-# ifndef RNP_RNP_NO_EXPORT
|
|
||||||
-# define RNP_RNP_NO_EXPORT __attribute__((visibility("hidden")))
|
|
||||||
+# ifndef RNP_NO_EXPORT
|
|
||||||
+# define RNP_NO_EXPORT
|
|
||||||
# endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-#ifndef RNP_RNP_DEPRECATED
|
|
||||||
-# define RNP_RNP_DEPRECATED __attribute__ ((__deprecated__))
|
|
||||||
+#ifndef RNP_DEPRECATED
|
|
||||||
+# define RNP_DEPRECATED __attribute__ ((__deprecated__))
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-#ifndef RNP_RNP_DEPRECATED_EXPORT
|
|
||||||
-# define RNP_RNP_DEPRECATED_EXPORT RNP_API RNP_RNP_DEPRECATED
|
|
||||||
+#ifndef RNP_DEPRECATED_EXPORT
|
|
||||||
+# define RNP_DEPRECATED_EXPORT RNP_API RNP_DEPRECATED
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-#ifndef RNP_RNP_DEPRECATED_NO_EXPORT
|
|
||||||
-# define RNP_RNP_DEPRECATED_NO_EXPORT RNP_RNP_NO_EXPORT RNP_RNP_DEPRECATED
|
|
||||||
+#ifndef RNP_DEPRECATED_NO_EXPORT
|
|
||||||
+# define RNP_DEPRECATED_NO_EXPORT RNP_NO_EXPORT RNP_DEPRECATED
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if 0 /* DEFINE_NO_DEPRECATED */
|
|
||||||
-# ifndef RNP_RNP_NO_DEPRECATED
|
|
||||||
-# define RNP_RNP_NO_DEPRECATED
|
|
||||||
+# ifndef RNP_NO_DEPRECATED
|
|
||||||
+# define RNP_NO_DEPRECATED
|
|
||||||
# endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-#endif /* RNP_API_H */
|
|
||||||
+#endif /* RNP_EXPORT */
|
|
@ -1,34 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Rob Lemley <rob@thunderbird.net>
|
|
||||||
# Date 1663866531 14400
|
|
||||||
# Thu Sep 22 13:08:51 2022 -0400
|
|
||||||
# Node ID 0798506e89ab0ad98d5826effe2087c2e2560d0b
|
|
||||||
# Parent a863c22903a3fa4c71360920ed77ac31f1fa5d01
|
|
||||||
Bug 1790116 - Do not compile SM2 crypto with librnp. r=kaie
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
The CMake configuration in rnp/src/lib/CMakeLists.txt does not include
|
|
||||||
src/lib/crypto/sm2.cpp unless ENABLE_SM2 is defined.
|
|
||||||
Thunderbird builds do not set ENABLE_SM2, so there's no need to build this
|
|
||||||
file.
|
|
||||||
|
|
||||||
Depends on D157053
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D157154
|
|
||||||
|
|
||||||
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
|
||||||
--- a/comm/third_party/rnp/moz.build
|
|
||||||
+++ b/comm/third_party/rnp/moz.build
|
|
||||||
@@ -128,11 +128,10 @@ SOURCES += [
|
|
||||||
"src/lib/crypto/s2k.cpp",
|
|
||||||
"src/lib/crypto/sha1cd/hash_sha1cd.cpp",
|
|
||||||
"src/lib/crypto/sha1cd/sha1.c",
|
|
||||||
"src/lib/crypto/sha1cd/ubc_check.c",
|
|
||||||
"src/lib/crypto/signatures.cpp",
|
|
||||||
- "src/lib/crypto/sm2.cpp",
|
|
||||||
"src/lib/crypto/symmetric.cpp",
|
|
||||||
"src/lib/fingerprint.cpp",
|
|
||||||
"src/lib/generate-key.cpp",
|
|
||||||
"src/lib/json-utils.cpp",
|
|
||||||
"src/lib/key-provider.cpp",
|
|
@ -1,262 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Rob Lemley <rob@thunderbird.net>
|
|
||||||
# Date 1663866557 14400
|
|
||||||
# Thu Sep 22 13:09:17 2022 -0400
|
|
||||||
# Node ID 121afb4ed9b0e282cf6690736ffadf1498578434
|
|
||||||
# Parent 0798506e89ab0ad98d5826effe2087c2e2560d0b
|
|
||||||
Bug 1790116 - mozbuild changes for RNP v0.16.2. r=kaie
|
|
||||||
hash_sha1cd.cpp moved up to its parent directory.
|
|
||||||
|
|
||||||
ENABLE_IDEA needs to be set to keep support enabled.
|
|
||||||
https://github.com/rnpgp/rnp/commit/17972d0238919d4abf88b04debce95844be4716d
|
|
||||||
|
|
||||||
Update rnp_symbols.py to not include deprecated functions.
|
|
||||||
Added new symbols to rnp.symbols for export.
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D157012
|
|
||||||
|
|
||||||
diff --git a/comm/python/thirdroc/thirdroc/rnp_symbols.py b/python/thirdroc/thirdroc/rnp_symb/commols.py
|
|
||||||
--- a/comm/python/thirdroc/thirdroc/rnp_symbols.py
|
|
||||||
+++ b/comm/python/thirdroc/thirdroc/rnp_symbols.py
|
|
||||||
@@ -14,30 +14,75 @@ the third_party/rnp/include/rnp/rnp.h fo
|
|
||||||
Also note that APIs that are marked deprecated are not checked for.
|
|
||||||
|
|
||||||
Dependencies: Only Python 3
|
|
||||||
|
|
||||||
Running:
|
|
||||||
- python3 rnp_symbols.py
|
|
||||||
+ python3 rnp_symbols.py [-h] [rnp.h path] [rnp.symbols path]
|
|
||||||
|
|
||||||
-Output will be on stdout, this is to give the developer the opportunity to compare the old and
|
|
||||||
-new versions and check for accuracy.
|
|
||||||
+Both file path arguments are optional. By default, the header file will be
|
|
||||||
+read from "comm/third_party/rnp/include/rnp/rnp.h" and the symbols file will
|
|
||||||
+be written to "comm/third_party/rnp/rnp.symbols".
|
|
||||||
+
|
|
||||||
+Path arguments are relative to the current working directory, the defaults
|
|
||||||
+will be determined based on the location of this script.
|
|
||||||
+
|
|
||||||
+Either path argument can be '-' to use stdin or stdout respectively.
|
|
||||||
"""
|
|
||||||
|
|
||||||
-from __future__ import absolute_import, print_function
|
|
||||||
-
|
|
||||||
+import argparse
|
|
||||||
import sys
|
|
||||||
import os
|
|
||||||
import re
|
|
||||||
|
|
||||||
HERE = os.path.dirname(__file__)
|
|
||||||
TOPSRCDIR = os.path.abspath(os.path.join(HERE, "../../../../"))
|
|
||||||
-RNPSRCDIR = os.path.join(TOPSRCDIR, "comm/third_party/rnp")
|
|
||||||
+THIRD_SRCDIR = os.path.join(TOPSRCDIR, "comm/third_party")
|
|
||||||
+HEADER_FILE_REL = "rnp/include/rnp/rnp.h"
|
|
||||||
+HEADER_FILE = os.path.join(THIRD_SRCDIR, HEADER_FILE_REL)
|
|
||||||
+SYMBOLS_FILE_REL = "rnp/rnp.symbols"
|
|
||||||
+SYMBOLS_FILE = os.path.join(THIRD_SRCDIR, SYMBOLS_FILE_REL)
|
|
||||||
|
|
||||||
|
|
||||||
FUNC_DECL_RE = re.compile(r"^RNP_API\s+.*?([a-zA-Z0-9_]+)\(.*$")
|
|
||||||
|
|
||||||
|
|
||||||
+class FileArg:
|
|
||||||
+ """Based on argparse.FileType from the Python standard library.
|
|
||||||
+ Modified to not open the filehandles until the open() method is
|
|
||||||
+ called.
|
|
||||||
+ """
|
|
||||||
+
|
|
||||||
+ def __init__(self, mode="r"):
|
|
||||||
+ self._mode = mode
|
|
||||||
+ self._fp = None
|
|
||||||
+ self._file = None
|
|
||||||
+
|
|
||||||
+ def __call__(self, string):
|
|
||||||
+ # the special argument "-" means sys.std{in,out}
|
|
||||||
+ if string == "-":
|
|
||||||
+ if "r" in self._mode:
|
|
||||||
+ self._fp = sys.stdin.buffer if "b" in self._mode else sys.stdin
|
|
||||||
+ elif "w" in self._mode:
|
|
||||||
+ self._fp = sys.stdout.buffer if "b" in self._mode else sys.stdout
|
|
||||||
+ else:
|
|
||||||
+ raise ValueError(f"Invalid mode {self._mode} for stdin/stdout")
|
|
||||||
+ else:
|
|
||||||
+ if "r" in self._mode:
|
|
||||||
+ if not os.path.isfile(string):
|
|
||||||
+ raise ValueError(f"Cannot read file {string}, does not exist.")
|
|
||||||
+ elif "w" in self._mode:
|
|
||||||
+ if not os.access(string, os.W_OK):
|
|
||||||
+ raise ValueError(f"Cannot write file {string}, permission denied.")
|
|
||||||
+ self._file = string
|
|
||||||
+ return self
|
|
||||||
+
|
|
||||||
+ def open(self):
|
|
||||||
+ if self._fp:
|
|
||||||
+ return self._fp
|
|
||||||
+ return open(self._file, self._mode)
|
|
||||||
+
|
|
||||||
+
|
|
||||||
def get_func_name(line):
|
|
||||||
"""
|
|
||||||
Extract the function name from a RNP_API function declaration.
|
|
||||||
Examples:
|
|
||||||
RNP_API rnp_result_t rnp_enable_debug(const char *file);
|
|
||||||
@@ -46,24 +91,41 @@ def get_func_name(line):
|
|
||||||
"""
|
|
||||||
m = FUNC_DECL_RE.match(line)
|
|
||||||
return m.group(1)
|
|
||||||
|
|
||||||
|
|
||||||
-def extract_func_defs(filename):
|
|
||||||
+def extract_func_defs(filearg):
|
|
||||||
"""
|
|
||||||
Look for RNP_API in the header file to find the names of the symbols that should be exported
|
|
||||||
"""
|
|
||||||
- with open(filename) as fp:
|
|
||||||
+ with filearg.open() as fp:
|
|
||||||
for line in fp:
|
|
||||||
- if line.startswith("RNP_API"):
|
|
||||||
+ if line.startswith("RNP_API") and "RNP_DEPRECATED" not in line:
|
|
||||||
func_name = get_func_name(line)
|
|
||||||
yield func_name
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
- if len(sys.argv) > 1:
|
|
||||||
- FILENAME = sys.argv[1]
|
|
||||||
- else:
|
|
||||||
- FILENAME = os.path.join(RNPSRCDIR, "include/rnp/rnp.h")
|
|
||||||
+ parser = argparse.ArgumentParser(
|
|
||||||
+ description="Update rnp.symbols file from rnp.h",
|
|
||||||
+ epilog="To use stdin or stdout pass '-' for the argument.",
|
|
||||||
+ )
|
|
||||||
+ parser.add_argument(
|
|
||||||
+ "header_file",
|
|
||||||
+ default=HEADER_FILE,
|
|
||||||
+ type=FileArg("r"),
|
|
||||||
+ nargs="?",
|
|
||||||
+ help=f"input path to rnp.h header file (default: {HEADER_FILE_REL})",
|
|
||||||
+ )
|
|
||||||
+ parser.add_argument(
|
|
||||||
+ "symbols_file",
|
|
||||||
+ default=SYMBOLS_FILE,
|
|
||||||
+ type=FileArg("w"),
|
|
||||||
+ nargs="?",
|
|
||||||
+ help=f"output path to symbols file (default: {SYMBOLS_FILE_REL})",
|
|
||||||
+ )
|
|
||||||
|
|
||||||
- for f in sorted(list(extract_func_defs(FILENAME))):
|
|
||||||
- print(f)
|
|
||||||
+ args = parser.parse_args()
|
|
||||||
+
|
|
||||||
+ with args.symbols_file.open() as out_fp:
|
|
||||||
+ for symbol in sorted(list(extract_func_defs(args.header_file))):
|
|
||||||
+ out_fp.write(f"{symbol}\n")
|
|
||||||
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
|
||||||
--- a/comm/third_party/rnp/moz.build
|
|
||||||
+++ b/comm/third_party/rnp/moz.build
|
|
||||||
@@ -41,10 +41,11 @@ rnp_defines = {
|
|
||||||
"HAVE_ZLIB_H": True,
|
|
||||||
"CRYPTO_BACKEND_BOTAN": True,
|
|
||||||
"ENABLE_AEAD": True,
|
|
||||||
"ENABLE_TWOFISH": True,
|
|
||||||
"ENABLE_BRAINPOOL": True,
|
|
||||||
+ "ENABLE_IDEA": True,
|
|
||||||
"PACKAGE_BUGREPORT": '"https://bugzilla.mozilla.org/enter_bug.cgi?product=Thunderbird"',
|
|
||||||
"PACKAGE_STRING": '"rnp {}"'.format(CONFIG["MZLA_LIBRNP_FULL_VERSION"])
|
|
||||||
}
|
|
||||||
GeneratedFile(
|
|
||||||
"src/lib/config.h",
|
|
||||||
@@ -119,16 +120,16 @@ SOURCES += [
|
|
||||||
"src/lib/crypto/ecdsa.cpp",
|
|
||||||
"src/lib/crypto/eddsa.cpp",
|
|
||||||
"src/lib/crypto/elgamal.cpp",
|
|
||||||
"src/lib/crypto/hash.cpp",
|
|
||||||
"src/lib/crypto/hash_common.cpp",
|
|
||||||
+ "src/lib/crypto/hash_sha1cd.cpp",
|
|
||||||
"src/lib/crypto/mem.cpp",
|
|
||||||
"src/lib/crypto/mpi.cpp",
|
|
||||||
"src/lib/crypto/rng.cpp",
|
|
||||||
"src/lib/crypto/rsa.cpp",
|
|
||||||
"src/lib/crypto/s2k.cpp",
|
|
||||||
- "src/lib/crypto/sha1cd/hash_sha1cd.cpp",
|
|
||||||
"src/lib/crypto/sha1cd/sha1.c",
|
|
||||||
"src/lib/crypto/sha1cd/ubc_check.c",
|
|
||||||
"src/lib/crypto/signatures.cpp",
|
|
||||||
"src/lib/crypto/symmetric.cpp",
|
|
||||||
"src/lib/fingerprint.cpp",
|
|
||||||
diff --git a/comm/third_party/rnp/rnp.symbols b/third_party/rnp/rnp.symb/commols
|
|
||||||
--- a/comm/third_party/rnp/rnp.symbols
|
|
||||||
+++ b/comm/third_party/rnp/rnp.symbols
|
|
||||||
@@ -37,10 +37,11 @@ rnp_import_keys
|
|
||||||
rnp_import_signatures
|
|
||||||
rnp_input_destroy
|
|
||||||
rnp_input_from_callback
|
|
||||||
rnp_input_from_memory
|
|
||||||
rnp_input_from_path
|
|
||||||
+rnp_input_from_stdin
|
|
||||||
rnp_key_25519_bits_tweak
|
|
||||||
rnp_key_25519_bits_tweaked
|
|
||||||
rnp_key_add_uid
|
|
||||||
rnp_key_allows_usage
|
|
||||||
rnp_key_export
|
|
||||||
@@ -75,10 +76,11 @@ rnp_key_get_uid_count
|
|
||||||
rnp_key_get_uid_handle_at
|
|
||||||
rnp_key_handle_destroy
|
|
||||||
rnp_key_have_public
|
|
||||||
rnp_key_have_secret
|
|
||||||
rnp_key_is_compromised
|
|
||||||
+rnp_key_is_expired
|
|
||||||
rnp_key_is_locked
|
|
||||||
rnp_key_is_primary
|
|
||||||
rnp_key_is_protected
|
|
||||||
rnp_key_is_retired
|
|
||||||
rnp_key_is_revoked
|
|
||||||
@@ -112,10 +114,11 @@ rnp_op_encrypt_set_cipher
|
|
||||||
rnp_op_encrypt_set_compression
|
|
||||||
rnp_op_encrypt_set_creation_time
|
|
||||||
rnp_op_encrypt_set_expiration_time
|
|
||||||
rnp_op_encrypt_set_file_mtime
|
|
||||||
rnp_op_encrypt_set_file_name
|
|
||||||
+rnp_op_encrypt_set_flags
|
|
||||||
rnp_op_encrypt_set_hash
|
|
||||||
rnp_op_generate_add_pref_cipher
|
|
||||||
rnp_op_generate_add_pref_compression
|
|
||||||
rnp_op_generate_add_pref_hash
|
|
||||||
rnp_op_generate_add_usage
|
|
||||||
@@ -169,10 +172,11 @@ rnp_op_verify_get_signature_at
|
|
||||||
rnp_op_verify_get_signature_count
|
|
||||||
rnp_op_verify_get_symenc_at
|
|
||||||
rnp_op_verify_get_symenc_count
|
|
||||||
rnp_op_verify_get_used_recipient
|
|
||||||
rnp_op_verify_get_used_symenc
|
|
||||||
+rnp_op_verify_set_flags
|
|
||||||
rnp_op_verify_signature_get_handle
|
|
||||||
rnp_op_verify_signature_get_hash
|
|
||||||
rnp_op_verify_signature_get_key
|
|
||||||
rnp_op_verify_signature_get_status
|
|
||||||
rnp_op_verify_signature_get_times
|
|
||||||
@@ -185,21 +189,24 @@ rnp_output_to_armor
|
|
||||||
rnp_output_to_callback
|
|
||||||
rnp_output_to_file
|
|
||||||
rnp_output_to_memory
|
|
||||||
rnp_output_to_null
|
|
||||||
rnp_output_to_path
|
|
||||||
+rnp_output_to_stdout
|
|
||||||
rnp_output_write
|
|
||||||
rnp_recipient_get_alg
|
|
||||||
rnp_recipient_get_keyid
|
|
||||||
rnp_remove_security_rule
|
|
||||||
rnp_request_password
|
|
||||||
rnp_result_to_string
|
|
||||||
rnp_save_keys
|
|
||||||
+rnp_set_timestamp
|
|
||||||
rnp_signature_get_alg
|
|
||||||
rnp_signature_get_creation
|
|
||||||
rnp_signature_get_expiration
|
|
||||||
rnp_signature_get_hash_alg
|
|
||||||
+rnp_signature_get_key_fprint
|
|
||||||
rnp_signature_get_keyid
|
|
||||||
rnp_signature_get_signer
|
|
||||||
rnp_signature_get_type
|
|
||||||
rnp_signature_handle_destroy
|
|
||||||
rnp_signature_is_valid
|
|
@ -1,32 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Rob Lemley <rob@thunderbird.net>
|
|
||||||
# Date 1663091141 0
|
|
||||||
# Tue Sep 13 17:45:41 2022 +0000
|
|
||||||
# Node ID fbc2cf15893e40959b04d22c9efa4d424aeb5c4f
|
|
||||||
# Parent 121afb4ed9b0e282cf6690736ffadf1498578434
|
|
||||||
Bug 1790662 - Update librnp compiler include path for new location of json-c's json.h r=dandarnell
|
|
||||||
|
|
||||||
|
|
||||||
json.h from json-c is now a preprocessed file and is found in the object directory
|
|
||||||
rather than the source directory.
|
|
||||||
|
|
||||||
Depends on D157961
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D157962
|
|
||||||
|
|
||||||
diff --git a/comm/third_party/rnp/moz.build b/third_party/rnp/moz.b/commuild
|
|
||||||
--- a/comm/third_party/rnp/moz.build
|
|
||||||
+++ b/comm/third_party/rnp/moz.build
|
|
||||||
@@ -81,11 +81,11 @@ else:
|
|
||||||
|
|
||||||
if CONFIG["MZLA_SYSTEM_JSONC"]:
|
|
||||||
CXXFLAGS += CONFIG["MZLA_JSONC_CFLAGS"]
|
|
||||||
else:
|
|
||||||
IQuote("{}/../json-c".format(OBJDIR))
|
|
||||||
- LOCAL_INCLUDES += ["../json-c"]
|
|
||||||
+ LOCAL_INCLUDES += ["!../json-c", "../json-c"]
|
|
||||||
|
|
||||||
if CONFIG["MZLA_SYSTEM_BZIP2"]:
|
|
||||||
CXXFLAGS += CONFIG["MZLA_BZIP2_CFLAGS"]
|
|
||||||
else:
|
|
||||||
LOCAL_INCLUDES += ["../bzip2"]
|
|
File diff suppressed because it is too large
Load Diff
@ -1,450 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Kai Engert <kaie@kuix.de>
|
|
||||||
# Date 1666897160 -7200
|
|
||||||
# Thu Oct 27 20:59:20 2022 +0200
|
|
||||||
# Node ID af0b1f5e4c7710f824c6141103e516ca60bc78aa
|
|
||||||
# Parent adfbf6378df82c8b2e087427a48ddc5cbe13aadd
|
|
||||||
Bug 1791195 - Add RNP security rules to obsolete our patches to RNP. r=mkmelin,o.nickolay
|
|
||||||
|
|
||||||
diff --git a/comm/mail/extensions/openpgp/content/modules/RNP.jsm b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
|
||||||
--- a/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
|
||||||
+++ b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
|
||||||
@@ -1863,12 +1863,12 @@ var RNP = {
|
|
||||||
|
|
||||||
if (keyBlockStr.length > RNP.maxImportKeyBlockSize) {
|
|
||||||
throw new Error("rejecting big keyblock");
|
|
||||||
}
|
|
||||||
|
|
||||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
|
||||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
|
||||||
+ let tempFFI = RNPLib.prepare_ffi();
|
|
||||||
+ if (!tempFFI) {
|
|
||||||
throw new Error("Couldn't initialize librnp.");
|
|
||||||
}
|
|
||||||
|
|
||||||
let pubKey;
|
|
||||||
if (!this.importToFFI(tempFFI, keyBlockStr, true, false, permissive)) {
|
|
||||||
@@ -1892,12 +1892,12 @@ var RNP = {
|
|
||||||
|
|
||||||
if (keyBlockStr.length > RNP.maxImportKeyBlockSize) {
|
|
||||||
throw new Error("rejecting big keyblock");
|
|
||||||
}
|
|
||||||
|
|
||||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
|
||||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
|
||||||
+ let tempFFI = RNPLib.prepare_ffi();
|
|
||||||
+ if (!tempFFI) {
|
|
||||||
throw new Error("Couldn't initialize librnp.");
|
|
||||||
}
|
|
||||||
|
|
||||||
let keyList = null;
|
|
||||||
if (!this.importToFFI(tempFFI, keyBlockStr, pubkey, seckey, permissive)) {
|
|
||||||
@@ -1929,12 +1929,12 @@ var RNP = {
|
|
||||||
async mergePublicKeyBlocks(fingerprint, ...keyBlocks) {
|
|
||||||
if (keyBlocks.some(b => b.length > RNP.maxImportKeyBlockSize)) {
|
|
||||||
throw new Error("keyBlock too big");
|
|
||||||
}
|
|
||||||
|
|
||||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
|
||||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
|
||||||
+ let tempFFI = RNPLib.prepare_ffi();
|
|
||||||
+ if (!tempFFI) {
|
|
||||||
throw new Error("Couldn't initialize librnp.");
|
|
||||||
}
|
|
||||||
|
|
||||||
const pubkey = true;
|
|
||||||
const seckey = false;
|
|
||||||
@@ -2067,12 +2067,12 @@ var RNP = {
|
|
||||||
let result = {};
|
|
||||||
result.exitCode = -1;
|
|
||||||
result.importedKeys = [];
|
|
||||||
result.errorMsg = "";
|
|
||||||
|
|
||||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
|
||||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
|
||||||
+ let tempFFI = RNPLib.prepare_ffi();
|
|
||||||
+ if (!tempFFI) {
|
|
||||||
throw new Error("Couldn't initialize librnp.");
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: check result
|
|
||||||
if (this.importToFFI(tempFFI, keyBlockStr, pubkey, seckey, permissive)) {
|
|
||||||
@@ -3115,12 +3115,12 @@ var RNP = {
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
export_pubkey_strip_sigs_uids(expKey, keepUserIDs, out_binary) {
|
|
||||||
let expKeyId = this.getKeyIDFromHandle(expKey);
|
|
||||||
|
|
||||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
|
||||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
|
||||||
+ let tempFFI = RNPLib.prepare_ffi();
|
|
||||||
+ if (!tempFFI) {
|
|
||||||
throw new Error("Couldn't initialize librnp.");
|
|
||||||
}
|
|
||||||
|
|
||||||
let exportFlags =
|
|
||||||
RNPLib.RNP_KEY_EXPORT_SUBKEYS | RNPLib.RNP_KEY_EXPORT_PUBLIC;
|
|
||||||
@@ -3399,12 +3399,12 @@ var RNP = {
|
|
||||||
))
|
|
||||||
) {
|
|
||||||
throw new Error("rnp_output_to_armor failed:" + rv);
|
|
||||||
}
|
|
||||||
|
|
||||||
- let tempFFI = new RNPLib.rnp_ffi_t();
|
|
||||||
- if (RNPLib.rnp_ffi_create(tempFFI.address(), "GPG", "GPG")) {
|
|
||||||
+ let tempFFI = RNPLib.prepare_ffi();
|
|
||||||
+ if (!tempFFI) {
|
|
||||||
throw new Error("Couldn't initialize librnp.");
|
|
||||||
}
|
|
||||||
|
|
||||||
let internalPassword = await OpenPGPMasterpass.retrieveOpenPGPPassword();
|
|
||||||
|
|
||||||
diff --git a/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm b/mail/extensions/openpgp/content/modules/RNPLib/comm.jsm
|
|
||||||
--- a/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm
|
|
||||||
+++ b/comm/mail/extensions/openpgp/content/modules/RNPLib.jsm
|
|
||||||
@@ -13,11 +13,11 @@ XPCOMUtils.defineLazyModuleGetters(this,
|
|
||||||
OpenPGPMasterpass: "chrome://openpgp/content/modules/masterpass.jsm",
|
|
||||||
Services: "resource://gre/modules/Services.jsm",
|
|
||||||
setTimeout: "resource://gre/modules/Timer.jsm",
|
|
||||||
});
|
|
||||||
|
|
||||||
-const MIN_RNP_VERSION = [0, 16, 0];
|
|
||||||
+const MIN_RNP_VERSION = [0, 16, 2];
|
|
||||||
|
|
||||||
var systemOS = Services.appinfo.OS.toLowerCase();
|
|
||||||
var abi = ctypes.default_abi;
|
|
||||||
|
|
||||||
// Open librnp. Determine the path to the chrome directory and look for it
|
|
||||||
@@ -149,10 +149,12 @@ function enableRNPLibJS() {
|
|
||||||
// this must be delayed until after "librnp" is initialized
|
|
||||||
|
|
||||||
RNPLib = {
|
|
||||||
path: librnpPath,
|
|
||||||
|
|
||||||
+ // Handle to the RNP library and primary key data store.
|
|
||||||
+ // Kept at null if init fails.
|
|
||||||
ffi: null,
|
|
||||||
|
|
||||||
// returns rnp_input_t, destroy using rnp_input_destroy
|
|
||||||
async createInputFromPath(path) {
|
|
||||||
// IOUtils.read always returns an array.
|
|
||||||
@@ -265,13 +267,204 @@ function enableRNPLibJS() {
|
|
||||||
const min_version = this.rnp_version_for(...MIN_RNP_VERSION);
|
|
||||||
const this_version = this.rnp_version();
|
|
||||||
return Boolean(this_version >= min_version);
|
|
||||||
},
|
|
||||||
|
|
||||||
+ /**
|
|
||||||
+ * Prepare an RNP library handle, and in addition set all the
|
|
||||||
+ * application's preferences for library behavior.
|
|
||||||
+ *
|
|
||||||
+ * Other application code should NOT call rnp_ffi_create directly,
|
|
||||||
+ * but obtain an RNP library handle from this function.
|
|
||||||
+ */
|
|
||||||
+ prepare_ffi() {
|
|
||||||
+ let ffi = new rnp_ffi_t();
|
|
||||||
+ if (this._rnp_ffi_create(ffi.address(), "GPG", "GPG")) {
|
|
||||||
+ return null;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Treat MD5 as insecure.
|
|
||||||
+ if (
|
|
||||||
+ this.rnp_add_security_rule(
|
|
||||||
+ ffi,
|
|
||||||
+ this.RNP_FEATURE_HASH_ALG,
|
|
||||||
+ this.RNP_ALGNAME_MD5,
|
|
||||||
+ this.RNP_SECURITY_OVERRIDE,
|
|
||||||
+ 0,
|
|
||||||
+ this.RNP_SECURITY_INSECURE
|
|
||||||
+ )
|
|
||||||
+ ) {
|
|
||||||
+ return null;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Use RNP's default rule for SHA1 used with data signatures,
|
|
||||||
+ // and use our override to allow it for key signatures.
|
|
||||||
+ if (
|
|
||||||
+ this.rnp_add_security_rule(
|
|
||||||
+ ffi,
|
|
||||||
+ this.RNP_FEATURE_HASH_ALG,
|
|
||||||
+ this.RNP_ALGNAME_SHA1,
|
|
||||||
+ this.RNP_SECURITY_VERIFY_KEY | this.RNP_SECURITY_OVERRIDE,
|
|
||||||
+ 0,
|
|
||||||
+ this.RNP_SECURITY_DEFAULT
|
|
||||||
+ )
|
|
||||||
+ ) {
|
|
||||||
+ return null;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ // Security rules API does not yet support PK and SYMM algs.
|
|
||||||
+ //
|
|
||||||
+ // If a hash algorithm is already disabled at build time,
|
|
||||||
+ // and an attempt is made to set a security rule for that
|
|
||||||
+ // algorithm, then RNP returns a failure.
|
|
||||||
+ //
|
|
||||||
+ // Ideally, RNP should allow these calls (regardless of build time
|
|
||||||
+ // settings) to define an application security rule, that is
|
|
||||||
+ // independent of the configuration used for building the
|
|
||||||
+ // RNP library.
|
|
||||||
+
|
|
||||||
+ if (
|
|
||||||
+ this.rnp_add_security_rule(
|
|
||||||
+ ffi,
|
|
||||||
+ this.RNP_FEATURE_HASH_ALG,
|
|
||||||
+ this.RNP_ALGNAME_SM3,
|
|
||||||
+ this.RNP_SECURITY_OVERRIDE,
|
|
||||||
+ 0,
|
|
||||||
+ this.RNP_SECURITY_PROHIBITED
|
|
||||||
+ )
|
|
||||||
+ ) {
|
|
||||||
+ return null;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (
|
|
||||||
+ this.rnp_add_security_rule(
|
|
||||||
+ ffi,
|
|
||||||
+ this.RNP_FEATURE_PK_ALG,
|
|
||||||
+ this.RNP_ALGNAME_SM2,
|
|
||||||
+ this.RNP_SECURITY_OVERRIDE,
|
|
||||||
+ 0,
|
|
||||||
+ this.RNP_SECURITY_PROHIBITED
|
|
||||||
+ )
|
|
||||||
+ ) {
|
|
||||||
+ return null;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (
|
|
||||||
+ this.rnp_add_security_rule(
|
|
||||||
+ ffi,
|
|
||||||
+ this.RNP_FEATURE_SYMM_ALG,
|
|
||||||
+ this.RNP_ALGNAME_SM4,
|
|
||||||
+ this.RNP_SECURITY_OVERRIDE,
|
|
||||||
+ 0,
|
|
||||||
+ this.RNP_SECURITY_PROHIBITED
|
|
||||||
+ )
|
|
||||||
+ ) {
|
|
||||||
+ return null;
|
|
||||||
+ }
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ return ffi;
|
|
||||||
+ },
|
|
||||||
+
|
|
||||||
+ /**
|
|
||||||
+ * Test the correctness of security rules, in particular, test
|
|
||||||
+ * if the given hash algorithm is allowed at the given time.
|
|
||||||
+ *
|
|
||||||
+ * This is an application consistency test. If the behavior isn't
|
|
||||||
+ * according to the expectation, the function throws an error.
|
|
||||||
+ *
|
|
||||||
+ * @param {string} hashAlg - Test this hash algorithm
|
|
||||||
+ * @param {time_t} time - Test status at this timestamp
|
|
||||||
+ * @param {boolean} keySigAllowed - Test if using the hash algorithm
|
|
||||||
+ * is allowed for signatures found inside OpenPGP keys.
|
|
||||||
+ * @param {boolean} dataSigAllowed - Test if using the hash algorithm
|
|
||||||
+ * is allowed for signatures on data.
|
|
||||||
+ */
|
|
||||||
+ _confirmSecurityRule(hashAlg, time, keySigAllowed, dataSigAllowed) {
|
|
||||||
+ let level = new ctypes.uint32_t();
|
|
||||||
+ let flag = new ctypes.uint32_t();
|
|
||||||
+
|
|
||||||
+ flag.value = this.RNP_SECURITY_VERIFY_DATA;
|
|
||||||
+ let testDataSuccess = false;
|
|
||||||
+ if (
|
|
||||||
+ !RNPLib.rnp_get_security_rule(
|
|
||||||
+ this.ffi,
|
|
||||||
+ this.RNP_FEATURE_HASH_ALG,
|
|
||||||
+ hashAlg,
|
|
||||||
+ time,
|
|
||||||
+ flag.address(),
|
|
||||||
+ null,
|
|
||||||
+ level.address()
|
|
||||||
+ )
|
|
||||||
+ ) {
|
|
||||||
+ if (dataSigAllowed) {
|
|
||||||
+ testDataSuccess = level.value == RNPLib.RNP_SECURITY_DEFAULT;
|
|
||||||
+ } else {
|
|
||||||
+ testDataSuccess = level.value < RNPLib.RNP_SECURITY_DEFAULT;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (!testDataSuccess) {
|
|
||||||
+ throw new Error("security configuration for data signatures failed");
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ flag.value = this.RNP_SECURITY_VERIFY_KEY;
|
|
||||||
+ let testKeySuccess = false;
|
|
||||||
+ if (
|
|
||||||
+ !RNPLib.rnp_get_security_rule(
|
|
||||||
+ this.ffi,
|
|
||||||
+ this.RNP_FEATURE_HASH_ALG,
|
|
||||||
+ hashAlg,
|
|
||||||
+ time,
|
|
||||||
+ flag.address(),
|
|
||||||
+ null,
|
|
||||||
+ level.address()
|
|
||||||
+ )
|
|
||||||
+ ) {
|
|
||||||
+ if (keySigAllowed) {
|
|
||||||
+ testKeySuccess = level.value == RNPLib.RNP_SECURITY_DEFAULT;
|
|
||||||
+ } else {
|
|
||||||
+ testKeySuccess = level.value < RNPLib.RNP_SECURITY_DEFAULT;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (!testKeySuccess) {
|
|
||||||
+ throw new Error("security configuration for key signatures failed");
|
|
||||||
+ }
|
|
||||||
+ },
|
|
||||||
+
|
|
||||||
+ /**
|
|
||||||
+ * Perform tests that the RNP library behaves according to the
|
|
||||||
+ * defined security rules.
|
|
||||||
+ * If a problem is found, the function throws an error.
|
|
||||||
+ */
|
|
||||||
+ _sanityCheckSecurityRules() {
|
|
||||||
+ let time_t_now = Math.round(Date.now() / 1000);
|
|
||||||
+ let ten_years_in_seconds = 10 * 365 * 24 * 60 * 60;
|
|
||||||
+ let ten_years_future = time_t_now + ten_years_in_seconds;
|
|
||||||
+
|
|
||||||
+ this._confirmSecurityRule(this.RNP_ALGNAME_MD5, time_t_now, false, false);
|
|
||||||
+ this._confirmSecurityRule(
|
|
||||||
+ this.RNP_ALGNAME_MD5,
|
|
||||||
+ ten_years_future,
|
|
||||||
+ false,
|
|
||||||
+ false
|
|
||||||
+ );
|
|
||||||
+
|
|
||||||
+ this._confirmSecurityRule(this.RNP_ALGNAME_SHA1, time_t_now, true, false);
|
|
||||||
+ this._confirmSecurityRule(
|
|
||||||
+ this.RNP_ALGNAME_SHA1,
|
|
||||||
+ ten_years_future,
|
|
||||||
+ true,
|
|
||||||
+ false
|
|
||||||
+ );
|
|
||||||
+ },
|
|
||||||
+
|
|
||||||
async init() {
|
|
||||||
- this.ffi = new rnp_ffi_t();
|
|
||||||
- if (this.rnp_ffi_create(this.ffi.address(), "GPG", "GPG")) {
|
|
||||||
+ this.ffi = this.prepare_ffi();
|
|
||||||
+ if (!this.ffi) {
|
|
||||||
throw new Error("Couldn't initialize librnp.");
|
|
||||||
}
|
|
||||||
|
|
||||||
this.rnp_ffi_set_log_fd(this.ffi, 2); // stderr
|
|
||||||
|
|
||||||
@@ -286,10 +479,18 @@ function enableRNPLibJS() {
|
|
||||||
null
|
|
||||||
);
|
|
||||||
|
|
||||||
let { pubRingPath, secRingPath } = this.getFilenames();
|
|
||||||
|
|
||||||
+ try {
|
|
||||||
+ this._sanityCheckSecurityRules();
|
|
||||||
+ } catch (e) {
|
|
||||||
+ // Disable all RNP operation
|
|
||||||
+ this.ffi = null;
|
|
||||||
+ throw e;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
await this.loadWithFallback(pubRingPath, this.RNP_LOAD_SAVE_PUBLIC_KEYS);
|
|
||||||
await this.loadWithFallback(secRingPath, this.RNP_LOAD_SAVE_SECRET_KEYS);
|
|
||||||
|
|
||||||
let pubnum = new ctypes.size_t();
|
|
||||||
this.rnp_get_public_key_count(this.ffi, pubnum.address());
|
|
||||||
@@ -481,10 +682,14 @@ function enableRNPLibJS() {
|
|
||||||
* @param {string} path - The file path to save to.
|
|
||||||
* @param {number} keyRingFlag - RNP_LOAD_SAVE_PUBLIC_KEYS or
|
|
||||||
* RNP_LOAD_SAVE_SECRET_KEYS.
|
|
||||||
*/
|
|
||||||
async saveKeyRing(path, keyRingFlag) {
|
|
||||||
+ if (!this.ffi) {
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
let oldPath = path + ".old";
|
|
||||||
|
|
||||||
// Ignore failure, oldPath might not exist yet.
|
|
||||||
await IOUtils.copy(path, oldPath).catch(() => {});
|
|
||||||
|
|
||||||
@@ -540,10 +745,13 @@ function enableRNPLibJS() {
|
|
||||||
tmpPath: path + ".tmp-new",
|
|
||||||
});
|
|
||||||
},
|
|
||||||
|
|
||||||
async saveKeys() {
|
|
||||||
+ if (!this.ffi) {
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
let { pubRingPath, secRingPath } = this.getFilenames();
|
|
||||||
|
|
||||||
let saveThem = async () => {
|
|
||||||
await this.saveKeyRing(pubRingPath, this.RNP_LOAD_SAVE_PUBLIC_KEYS);
|
|
||||||
await this.saveKeyRing(secRingPath, this.RNP_LOAD_SAVE_SECRET_KEYS);
|
|
||||||
@@ -600,11 +808,13 @@ function enableRNPLibJS() {
|
|
||||||
abi,
|
|
||||||
ctypes.char.ptr
|
|
||||||
),
|
|
||||||
|
|
||||||
// Get a RNP library handle.
|
|
||||||
- rnp_ffi_create: librnp.declare(
|
|
||||||
+ // Mark with leading underscore, to clarify that this function
|
|
||||||
+ // shouldn't be called directly - you should call prepare_ffi().
|
|
||||||
+ _rnp_ffi_create: librnp.declare(
|
|
||||||
"rnp_ffi_create",
|
|
||||||
abi,
|
|
||||||
rnp_result_t,
|
|
||||||
rnp_ffi_t.ptr,
|
|
||||||
ctypes.char.ptr,
|
|
||||||
@@ -1713,10 +1923,22 @@ function enableRNPLibJS() {
|
|
||||||
ctypes.uint32_t.ptr,
|
|
||||||
ctypes.uint64_t.ptr,
|
|
||||||
ctypes.uint32_t.ptr
|
|
||||||
),
|
|
||||||
|
|
||||||
+ rnp_add_security_rule: librnp.declare(
|
|
||||||
+ "rnp_add_security_rule",
|
|
||||||
+ abi,
|
|
||||||
+ rnp_result_t,
|
|
||||||
+ rnp_ffi_t,
|
|
||||||
+ ctypes.char.ptr,
|
|
||||||
+ ctypes.char.ptr,
|
|
||||||
+ ctypes.uint32_t,
|
|
||||||
+ ctypes.uint64_t,
|
|
||||||
+ ctypes.uint32_t
|
|
||||||
+ ),
|
|
||||||
+
|
|
||||||
rnp_result_t,
|
|
||||||
rnp_ffi_t,
|
|
||||||
rnp_password_cb_t,
|
|
||||||
rnp_input_t,
|
|
||||||
rnp_output_t,
|
|
||||||
@@ -1748,11 +1970,26 @@ function enableRNPLibJS() {
|
|
||||||
|
|
||||||
RNP_KEY_SIGNATURE_NON_SELF_SIG: 4,
|
|
||||||
|
|
||||||
RNP_SUCCESS: 0x00000000,
|
|
||||||
|
|
||||||
+ RNP_FEATURE_SYMM_ALG: "symmetric algorithm",
|
|
||||||
RNP_FEATURE_HASH_ALG: "hash algorithm",
|
|
||||||
+ RNP_FEATURE_PK_ALG: "public key algorithm",
|
|
||||||
+ RNP_ALGNAME_MD5: "MD5",
|
|
||||||
+ RNP_ALGNAME_SHA1: "SHA1",
|
|
||||||
+ RNP_ALGNAME_SM2: "SM2",
|
|
||||||
+ RNP_ALGNAME_SM3: "SM3",
|
|
||||||
+ RNP_ALGNAME_SM4: "SM4",
|
|
||||||
+
|
|
||||||
+ RNP_SECURITY_OVERRIDE: 1,
|
|
||||||
+ RNP_SECURITY_VERIFY_KEY: 2,
|
|
||||||
+ RNP_SECURITY_VERIFY_DATA: 4,
|
|
||||||
+ RNP_SECURITY_REMOVE_ALL: 65536,
|
|
||||||
+
|
|
||||||
+ RNP_SECURITY_PROHIBITED: 0,
|
|
||||||
+ RNP_SECURITY_INSECURE: 1,
|
|
||||||
RNP_SECURITY_DEFAULT: 2,
|
|
||||||
|
|
||||||
/* Common error codes */
|
|
||||||
RNP_ERROR_GENERIC: 0x10000000, // 268435456
|
|
||||||
RNP_ERROR_BAD_FORMAT: 0x10000001, // 268435457
|
|
@ -1,85 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User Kai Engert <kaie@kuix.de>
|
|
||||||
# Date 1664378971 0
|
|
||||||
# Wed Sep 28 15:29:31 2022 +0000
|
|
||||||
# Node ID 98bde42cf14e966da1cdf098e2d0917032c0f327
|
|
||||||
# Parent af0b1f5e4c7710f824c6141103e516ca60bc78aa
|
|
||||||
Bug 1791195 - Adjust OpenPGP signature handling for RNP >= 0.16.2. r=mkmelin
|
|
||||||
|
|
||||||
Differential Revision: https://phabricator.services.mozilla.com/D158270
|
|
||||||
|
|
||||||
diff --git a/comm/mail/extensions/openpgp/content/modules/RNP.jsm b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
|
||||||
--- a/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
|
||||||
+++ b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
|
||||||
@@ -1150,22 +1150,25 @@ var RNP = {
|
|
||||||
|
|
||||||
result.exitCode = RNPLib.rnp_op_verify_execute(verify_op);
|
|
||||||
|
|
||||||
let rnpCannotDecrypt = false;
|
|
||||||
let queryAllEncryptionRecipients = false;
|
|
||||||
+ let stillUndecidedIfSignatureIsBad = false;
|
|
||||||
|
|
||||||
let useDecodedData;
|
|
||||||
let processSignature;
|
|
||||||
switch (result.exitCode) {
|
|
||||||
case RNPLib.RNP_SUCCESS:
|
|
||||||
useDecodedData = true;
|
|
||||||
processSignature = true;
|
|
||||||
break;
|
|
||||||
case RNPLib.RNP_ERROR_SIGNATURE_INVALID:
|
|
||||||
- result.statusFlags |= EnigmailConstants.BAD_SIGNATURE;
|
|
||||||
+ // Either the signing key is unavailable, or the signature is
|
|
||||||
+ // indeed bad. Must check signature status below.
|
|
||||||
+ stillUndecidedIfSignatureIsBad = true;
|
|
||||||
useDecodedData = true;
|
|
||||||
- processSignature = false;
|
|
||||||
+ processSignature = true;
|
|
||||||
break;
|
|
||||||
case RNPLib.RNP_ERROR_SIGNATURE_EXPIRED:
|
|
||||||
useDecodedData = true;
|
|
||||||
processSignature = false;
|
|
||||||
result.statusFlags |= EnigmailConstants.EXPIRED_SIGNATURE;
|
|
||||||
@@ -1320,13 +1323,30 @@ var RNP = {
|
|
||||||
options.fromAddr,
|
|
||||||
options.msgDate,
|
|
||||||
verify_op,
|
|
||||||
result
|
|
||||||
);
|
|
||||||
+
|
|
||||||
+ if (
|
|
||||||
+ (result.statusFlags &
|
|
||||||
+ (EnigmailConstants.GOOD_SIGNATURE |
|
|
||||||
+ EnigmailConstants.UNCERTAIN_SIGNATURE |
|
|
||||||
+ EnigmailConstants.EXPIRED_SIGNATURE |
|
|
||||||
+ EnigmailConstants.BAD_SIGNATURE)) !=
|
|
||||||
+ 0
|
|
||||||
+ ) {
|
|
||||||
+ // A decision was already made.
|
|
||||||
+ stillUndecidedIfSignatureIsBad = false;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (stillUndecidedIfSignatureIsBad) {
|
|
||||||
+ // We didn't find more details above, so conclude it's bad.
|
|
||||||
+ result.statusFlags |= EnigmailConstants.BAD_SIGNATURE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
RNPLib.rnp_input_destroy(input_from_memory);
|
|
||||||
RNPLib.rnp_output_destroy(output_to_memory);
|
|
||||||
RNPLib.rnp_op_verify_destroy(verify_op);
|
|
||||||
|
|
||||||
if (
|
|
||||||
@@ -1458,10 +1478,12 @@ var RNP = {
|
|
||||||
let have_signer_key = false;
|
|
||||||
let use_signer_key = false;
|
|
||||||
|
|
||||||
if (query_signer) {
|
|
||||||
if (RNPLib.rnp_op_verify_signature_get_key(sig, signer_key.address())) {
|
|
||||||
+ // If sig_status isn't RNP_ERROR_KEY_NOT_FOUND then we must
|
|
||||||
+ // be able to obtain the signer key.
|
|
||||||
throw new Error("rnp_op_verify_signature_get_key");
|
|
||||||
}
|
|
||||||
|
|
||||||
have_signer_key = true;
|
|
||||||
use_signer_key = !this.isBadKey(signer_key);
|
|
Loading…
Reference in new issue