Update RNP to 0.16.3
Categories
(MailNews Core :: Security: OpenPGP, enhancement)
Tracking
(thunderbird_esr102 fixed)
Tracking | Status | |
---|---|---|
thunderbird_esr102 | --- | fixed |
People
(Reporter: rjl, Assigned: rjl)
References
Details
(Whiteboard: [snnot3p])
Attachments
(2 files)
48 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-esr102+
|
Details | Review |
48 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-esr102+
|
Details | Review |
As discussed in Matrix, now that RNP 0.16.3 is out, update the in-tree copy so it's on a properly released version.
Might try getting it to work with mach vendor
as well.
Assignee | ||
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Comment 1•2 years ago
|
||
We should accelerate this task.
In the meantime, v0.17.0 was released.
I would like comm-central to use v0.17.0 soon, but for the 102.x branch, I would prefer to remain at v0.16.x
We should start by using 0.16.3 on c-c as a first step, so it gets tested, then uplift to esr102, and then in another step, upgrade c-c to 0.17.0
Comment 2•2 years ago
|
||
Something is still wrong with the update_rnp.sh script.
It still fails on the first run, second run works.
However, when running "update_rnp.sh v0.16.3" twice, I get a wrong version number.
File third_party/rnp/src/lib/version.h is changed to version number 0.17.0 which is version used on the github tip.
I suspect the update script doesn't use the version number parameter for all operations, but might use the tip sometimes.
Comment 3•2 years ago
|
||
The other identifiers (github commit id) seem to be correct.
https://github.com/rnpgp/rnp/releases/tag/v0.16.3
2f2bab6
And the code in the thunderbird tree matches the code from that tag.
I'll manually fix version.h and attach that for review.
Comment 4•2 years ago
|
||
Comment 5•2 years ago
|
||
We should also update the minimum version check to require this version.
Comment 6•2 years ago
|
||
Comment 7•2 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #5)
We should also update the minimum version check to require this version.
Reopening to track this.
Comment 8•2 years ago
|
||
Updated•2 years ago
|
Pushed by alessandro@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/1f1e7030c02a
Upgrade minimum RNP version to 0.16.3. r=rjl
Comment 10•2 years ago
|
||
Comment on attachment 9331108 [details]
Bug 1828465 - Update to RNP version v0.16.3 . r=rjl
We should pick up this updated library version, which contains security fixes. We have already cherry-picked on fix, but the library contains an additional fix, which currently has only minor relevance because of our current OpenPGP implementation.
Nevertheless, having the full update is better for consistency. And changing the minimum library version expected will help distributors learn what we're expect them to, should they distribute RNP as a separate library.
[Approval Request Comment]
Regression caused by (bug #): no
User impact if declined: none
Testing completed (on c-c, etc.): yes
Risk to taking this patch (and alternatives if risky): low
Updated•2 years ago
|
Comment 11•2 years ago
|
||
Comment on attachment 9331108 [details]
Bug 1828465 - Update to RNP version v0.16.3 . r=rjl
[Triage Comment]
Approved for esr102
Comment 12•2 years ago
|
||
Comment on attachment 9331387 [details]
Bug 1828465 - Upgrade minimum RNP version to 0.16.3. r=rjl
[Triage Comment]
Approved for esr102
Assignee | ||
Comment 13•2 years ago
|
||
bugherder uplift |
Description
•