Closed Bug 1805215 Opened 2 years ago Closed 2 years ago

Require openssl >= 1.1.1e in the openpgp.configure

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(thunderbird_esr102 fixed, thunderbird109 fixed)

Status:
RESOLVED FIXED
Milestone:
110 Branch
Tracking Flags:
Tracking Status
thunderbird_esr102 --- fixed
thunderbird109 --- fixed

People

(Reporter: jhorak, Assigned: jhorak)

References

(Blocks 1 open bug)

Details

(Whiteboard: [TM:102.7.1])

Attachments

(1 file)

Bug 1805215 - Require openssl >= 1.1.1e. r=kaie
48 bytes, text/x-phabricator-request
wsmwk
: approval-comm-beta+
wsmwk
: approval-comm-esr102+
Details | Review

The EVP_PKEY_CTX_set_dsa_paramgen_q_bits not declared while building comm/third_party/rnp/src/lib/crypto/dsa_ossl.cpp. It seems to appear in 1.1.1e and later: https://github.com/nodejs/node/pull/44561 so we probably need to specify the 'e' version for the pkg-config too.

The EVP_PKEY_CTX_set_dsa_paramgen_q_bits is declared only in >= 1.1.1e.

Thanks for spotting this, created issue on RNP side as well: https://github.com/rnpgp/rnp/issues/1951
Jan, could you please specify which systems ship pre-1.1.1e (but 1.1.1) OpenSSL? I.e. does it make sense to workaround this in any way?

Fine with me, but we should make Rob aware!

Rob, is this safe to apply?

Flags: needinfo?(rob)
Attachment #9307838 - Attachment description: Bug 1805215 Require openssl >= 1.1.1e; r=kaie → Bug 1805215 - Require openssl >= 1.1.1e. r=kaie

feedback+ with the changes I added.

Thanks for catching that Jan!

Flags: needinfo?(rob)
Status: NEW → ASSIGNED
status-thunderbird_esr102: --- → unaffected
Target Milestone: --- → 110 Branch

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/59ec68eaede3
Require openssl >= 1.1.1e. r=kaie

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED
Pushed by mkmelin@iki.fi: https://hg.mozilla.org/comm-central/rev/62e4325b05cb follow-up, fix linting. rs=black-lint DONTBUILD

Comment on attachment 9307838 [details]
Bug 1805215 - Require openssl >= 1.1.1e. r=kaie

[Approval Request Comment]
Regression caused by (bug #): N/A
User impact if declined: Probably not
Testing completed (on c-c, etc.): local build testing on c-c
Risk to taking this patch (and alternatives if risky): Low risk. Official builds do not build librnp against OpenSSL. This is a correctness fix that simply sets the required version correctly at configure time.

Attachment #9307838 - Flags: approval-comm-beta?

Comment on attachment 9307838 [details]
Bug 1805215 - Require openssl >= 1.1.1e. r=kaie

[Triage Comment]
Approved for beta

Attachment #9307838 - Flags: approval-comm-beta? → approval-comm-beta+

If bug 1799123 is uplifted, this must go with it.

status-thunderbird_esr102: unaffectedaffected
Blocks: tb-linuxdistro

Comment on attachment 9307838 [details]
Bug 1805215 - Require openssl >= 1.1.1e. r=kaie

[Approval Request Comment]
Regression caused by (bug #): 1799123
User impact if declined: N/A
Testing completed (on c-c, etc.): beta
Risk to taking this patch (and alternatives if risky):
Goes with bug 1799123 to fix a version check error at build time. Does not affect official builds.

Attachment #9307838 - Flags: approval-comm-esr102?
Whiteboard: [TM:102.7.1]

Comment on attachment 9307838 [details]
Bug 1805215 - Require openssl >= 1.1.1e. r=kaie

[Triage Comment]
Approved for esr102

Attachment #9307838 - Flags: approval-comm-esr102? → approval-comm-esr102+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: