Closed Bug 1828465 Opened 2 years ago Closed 2 years ago

Update RNP to 0.16.3

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

enhancement

Tracking

(thunderbird_esr102 fixed)

RESOLVED FIXED
114 Branch
Tracking Status
thunderbird_esr102 --- fixed

People

(Reporter: rjl, Assigned: rjl)

References

Details

(Whiteboard: [snnot3p])

Attachments

(2 files)

As discussed in Matrix, now that RNP 0.16.3 is out, update the in-tree copy so it's on a properly released version.

Might try getting it to work with mach vendor as well.

Assignee: nobody → rob
Whiteboard: [snnot]
Whiteboard: [snnot] → [snnot3p]

We should accelerate this task.

In the meantime, v0.17.0 was released.
I would like comm-central to use v0.17.0 soon, but for the 102.x branch, I would prefer to remain at v0.16.x

We should start by using 0.16.3 on c-c as a first step, so it gets tested, then uplift to esr102, and then in another step, upgrade c-c to 0.17.0

Something is still wrong with the update_rnp.sh script.
It still fails on the first run, second run works.

However, when running "update_rnp.sh v0.16.3" twice, I get a wrong version number.
File third_party/rnp/src/lib/version.h is changed to version number 0.17.0 which is version used on the github tip.

I suspect the update script doesn't use the version number parameter for all operations, but might use the tip sometimes.

The other identifiers (github commit id) seem to be correct.
https://github.com/rnpgp/rnp/releases/tag/v0.16.3
2f2bab6

And the code in the thunderbird tree matches the code from that tag.

I'll manually fix version.h and attach that for review.

Blocks: 1830858

We should also update the minimum version check to require this version.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 114 Branch

(In reply to Kai Engert (:KaiE:) from comment #5)

We should also update the minimum version check to require this version.

Reopening to track this.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Pushed by alessandro@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/1f1e7030c02a
Upgrade minimum RNP version to 0.16.3. r=rjl

Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED

Comment on attachment 9331108 [details]
Bug 1828465 - Update to RNP version v0.16.3 . r=rjl

We should pick up this updated library version, which contains security fixes. We have already cherry-picked on fix, but the library contains an additional fix, which currently has only minor relevance because of our current OpenPGP implementation.

Nevertheless, having the full update is better for consistency. And changing the minimum library version expected will help distributors learn what we're expect them to, should they distribute RNP as a separate library.

[Approval Request Comment]
Regression caused by (bug #): no
User impact if declined: none
Testing completed (on c-c, etc.): yes
Risk to taking this patch (and alternatives if risky): low

Attachment #9331108 - Flags: approval-comm-esr102?
Attachment #9331387 - Flags: approval-comm-esr102?

Comment on attachment 9331108 [details]
Bug 1828465 - Update to RNP version v0.16.3 . r=rjl

[Triage Comment]
Approved for esr102

Attachment #9331108 - Flags: approval-comm-esr102? → approval-comm-esr102+

Comment on attachment 9331387 [details]
Bug 1828465 - Upgrade minimum RNP version to 0.16.3. r=rjl

[Triage Comment]
Approved for esr102

Attachment #9331387 - Flags: approval-comm-esr102? → approval-comm-esr102+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: