Open Bug 1848104 Opened 2 years ago Updated 13 days ago

Upgrade Thunderbird to use Botan version 3 (Botan 2 is EOL)

Categories

(MailNews Core :: Security: OpenPGP, task, P1)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
task

Tracking

(Not tracked)

People

(Reporter: KaiE, Assigned: rjl)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

WIP: Bug 1848104 - botan 3 import
48 bytes, text/x-phabricator-request
Details | Review
WIP: Bug 1848104 - Add Botan moz.yaml for vendoring.
48 bytes, text/x-phabricator-request
Details | Review

Eventually it will be necessary to upgrade Thunderbird to use version 3.x of the Botan library.

Timing is currently unknown.

Botan-2 reached EOL at the end of 2024. So this will definitely need to be worked on in the next few months.

Hit a snag.
Botan 3 uses c++20 standard. Unfortunately, the Linux builds currently are on gcc 8 with its libstdc++ (#include <span> came up first when compiling)... <span> is not available until gcc-10.1

Easiest option is to update the sysroot used to compile Thunderbird. That would mean dropping support for older Linux distributions.

Notably:

Ubuntu 20.04LTS - 2025-04
Rocky 8 - 2024-04
OpenSUSE Leap 15 (uses gcc-7!!)

(In reply to Rob Lemley [:rjl] from comment #2)

Botan-2 reached EOL at the end of 2024. So this will definitely need to be worked on in the next few months.

Given this EOL plan, we should upgrade Daily to Botan 3 soon.

Distributions will have to find ways to build.
They might be able to bring in a more modern compiler, using an optional package, for building Botan.

I have Botan 3.5 building with an updated Linux sysroot based on Debian Bullseye. The sysroot is not final yet, but it's not needed for local builds. I have a little more to sort out tomorrow with my patches. The Botan patch is too big for phab; I need to trim it down more and split it up first.

https://botan.randombit.net/#botan2 is EOL now. Seems we need to urgently update our version.

Priority: -- → P1
Summary: Upgrade Thunderbird to use Botan version 3 → Upgrade Thunderbird to use Botan version 3 (Botan 2 is EOL)
Type: enhancement → task
Duplicate of this bug: 1847872

Rob, is it possible to give this a higher priority?
Based on comment 6 I understand you're already working on it, so assigning it to you.

Assignee: nobody → rob
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: