Commit graph

422 commits

Author SHA1 Message Date
adam
b6d9bd86bc revbump for icu and libffi 2021-12-08 16:01:42 +00:00
nia
f413f7fded mail: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched
conditionally?):

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
2021-10-26 10:53:53 +00:00
nia
be020196fe mail: Remove SHA1 hashes for distfiles 2021-10-07 14:25:11 +00:00
ryoon
ce5e37658b *: Recursive revbump from audio/pulseaudio-15.0 2021-07-30 12:26:37 +00:00
ryoon
8a5c6883ef thunderbird: Update to 78.12.0
Changelog:
Fixes:

Sending an email containing HTML links with spaces in the URL sometimes
resulted in broken links

Folder Pane display theme fixes for macOS

Chat account settings did not always save as expected

RSS feed subscriptions sometimes lost

Calendar: A parsing error for alarm triggers of type "DURATION" caused sync
problems for some users

Various security fixes

Security fixes:
#CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could
 be processed
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12
2021-07-15 16:26:29 +00:00
ryoon
a4f373683a thunderbird: Update to 78.11.0
Changelog:
Fixes
OpenPGP could not be disabled for an account if a key was previously configured

Recipients were unable to decrypt some messages when the sender had changed the
message encryption from OpenPGP to S/MIME

Contacts moved between CardDAV address books were not synced to the new server

CardDAV compatibility fixes for Google Contacts

Folder pane had no clear indication of focus on macOS

Windows theme improvements

Various security fixes

Security fixes:
#CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
#CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11
2021-07-13 15:08:55 +00:00
nia
cca7dedfc2 thunderbird: explicitly use autoconf-2.13 2021-06-18 18:56:59 +00:00
ryoon
26ba1aeefe thunderbird: Update to 78.10.1
Changelog:
78.10.2
What's New

Added support for importing OpenPGP keys without a primary secret key

Add-ons manager displays a preferences icon for mail extensions that include an
options page

Fixes

OpenPGP messages with a high compression ratio (over 10x) could not be
decrypted

Selected OpenPGP key was lost after opening the Key Properties dialog in
Account Settings

Parsing some OpenPGP user IDs failed

Various improvements to OpenPGP partial encryption reminders

Troubleshooting information page did not display row labels on macOS

Mail toolbar buttons were too big when displaying both icons and text

Various security fixes

Security fixes:
#CVE-2021-29957: Partial protection of inline OpenPGP message not indicated
#CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master password
 protection

78.10.1
Changes

Removed the fix for bug 1689804 introduced in Thunderbird 78.9.0, restoring the
previous behavior

Fixes

Various security fixes

Security fixes:
#CVE-2021-29951: Thunderbird Maintenance Service could have been started or
 stopped by domain users
2021-05-23 06:48:13 +00:00
ryoon
9fb8623533 thunderbird: Update t o 78.10.0
Changelog:
Fixes:
Usability & theme improvements on Windows
Various security fixes

Security fixes:
#CVE-2021-23994: Out of bound write due to lazy initialization
#CVE-2021-23995: Use-after-free in Responsive Design Mode
#CVE-2021-23998: Secure Lock icon could have been spoofed
#CVE-2021-23961: More internal network hosts could have been probed by a
 malicious webpage
#CVE-2021-23999: Blob URLs may have been granted additional privileges
#CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an
 encoded URL
#CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to
 null-reads
#CVE-2021-29948: Race condition when reading from disk while verifying
 signatures
2021-04-26 14:30:03 +00:00
ryoon
094d3e7eab thunderbird: Update to 78.9.0
Changelog:
Fixes
New mail notification displayed old messages that were unread

Spaces following soft line breaks in messages using quoted-printable and format
=flowed were incorrectly encoded; existing messages which were previously
incorrectly encoded may now display with some words not separated by a space

Some fields were unreadable in the Dark theme in the General preferences panel

Sending a message containing an anchor tag with an invalid data URI failed

When switching tabs, input focus was not moved to the new tab

Address Book: Syncing a read-only Google address book via CardDAV failed

Address Book: Importing VCards with non-ascii characters would fail

Address Book: Some values may not have been parsed when syncing from Google
address books.

Add-ons Manager did not show if an addon used experiment APIs

Calendar: Removing a recurring task was not possible

Various security fixes

Security fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
 out-of-bound read
#MOZ-2021-0002: Angle graphics library out of date
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
 webpage
#CVE-2021-23984: Malicious extensions could have spoofed popup information
2021-03-25 15:46:54 +00:00
ryoon
2708d22a53 thunderbird: Update to 78.8.1
Changelog:
Fixes
New mail notification did not occur for newly arrived messages if previously
received mail was unread

Directory for saving multiple attachments was not remembered between saves

Opening a message from the command-line using "-mail <URL>" failed

Automatic account setup did not use the provider email and display name

Newly-added identities were not listed in the account manager until it was
closed and reopened

Account provisioner did not properly handle UTF-8 data

Copying a large message to an IMAP server would sometimes prematurely display a
time-out error

OpenPGP: Various errors when importing keys

OpenPGP: Public keys attached to an outgoing email did not have
"Content-Description" set

Address Book: CardDAV sync errors did not retry until Thunderbird was restarted

Calendar: Changing the cache mode of a CalDAV calendar connection would lose
the username of the account

Calendar: Add-on calendars were sometimes not visible after restarting

Calendar: The preview for a recurring task did not use all available space in
the dialog window

Installer: Option to keep distribution directory on upgrade did not work
2021-03-12 14:37:02 +00:00
wiz
4170bf183d *: remove unneeded patch after nss header install location change 2021-03-09 13:31:47 +00:00
ryoon
8ccf578de6 thunderbird: Update to 78.8.0
Changelog:
Fixes
Importing an address book from a CSV file always reported an error

Security information for S/MIME messages was not displayed correctly prior to a
draft being saved

Calendar: FileLink UI fixes for Caldav calendars

Recurring tasks were always marked incomplete; unable to use filters

Various UI widgets not working

Dark theme improvements

Extension manager was missing link to addon support web page

Various security fixes

Security fixes:
#CVE-2021-23969: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23968: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23973: MediaError message property could have leaked information
about cross-origin resources
#CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8
2021-02-26 15:35:12 +00:00
markd
9341ed2d2a thunderbird: make the .desktop file slightly nicer 2021-02-18 10:11:48 +00:00
ryoon
7eb7520a8f thunderbird: Update to 78.7.1
Changelog:
What's New
CardDAV address books now support OAuth2 and Google Contacts.

Changes
Thunderbird will no longer allow installation of addons that use the legacy API

Fixes
Send message button sometimes remained enabled when it should be disabled
Pressing command+enter to send a message on macOS did not work
OpenPGP: Failed to save attachments that contained binary data after decryption
Global search UI fixes
Various theme and color fixes to improve ease of use
2021-02-09 12:34:26 +00:00
ryoon
bee3953c45 *: Recursive revbump from audio/pulseaudio-14.2.nb1 2021-02-07 06:30:06 +00:00
ryoon
3a0fe1152f thunderbird: Update to 78.7.0
Changelog:
What's New
Extension API: Compose API now supports editing messages and templates as new
messages

Extension API: composeHtml is now exposed in MailIdentity

Extension API: windows.update and windows.create now support titlePreface

Extension API: new Accounts API functions: accounts.getDefault() and
accounts.getDefaultIdentity(accountId)

Changes
Extension API: body and plainTextBody are now used as compose mode selectors in
setComposeDetails and begin* functions in Compose API

Theme: removed the double border around the task description field on the Tasks
tab

Fixes
Account Manager: When deleting the last remaining account, the default account
was not getting cleared and still pointed to the no-longer-existing account

OpenPGP: Verification of an inline signed message would fail if it contained
leading whitespace

OpenPGP: Various other minor bug and stability fixes

Mail Window: Quickfilter bar buttons disappear when hovered on Windows 10 High
Contrast Black theme

Theme: folder properties dialog contained black text on a black background in
dark mode

Theme: recipient pills in compose window were not visible in high contrast dark
theme on Windows 10

Extension API: browserAction buttons were not restored after restart if they
were moved outside the default toolbar

Extension API: browser.compose.beginNew could not override identity plaintext
setting

Extension API: browser.compose.beginForward was ignoring ComposeDetails

Extension API: browser.compose.setComposeDetails did not properly handle
Windows-style line endings

Various security fixes

Security fixes:
#CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
#CVE-2021-23954: Type confusion when using logical assignment operators in
 JavaScript switch statements
#CVE-2020-15685: IMAP Response Injection when using STARTTLS
#CVE-2020-26976: HTTPS pages could have been intercepted by a registered
 service worker when they should not have been
#CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript
 variables during GC
#CVE-2021-23964: Memory safety bugs fixed in Thunderbird 78.7
2021-01-28 12:55:43 +00:00
ryoon
dc1c5b5e6f thunderbird: Update to 78.6.0
* Fix build with devel/cbindgen-0.16.0.

Changelog:
New
MailExtensions: Added browser.windows.openDefaultBrowser()

Changes
Thunderbird now only shows quota exceeded indications on the main window
MailExtensions: menus API enabled in messages being composed
MailExtensions: Honor allowScriptsToClose argument in windows.create API
function
MailExtensions: APIs that returned an accountId will reflect the account the
message belongs to, not what is stored in message headers

Fixes
Keyboard shortcut for toggling message "read" status not shown in menus
OpenPGP: After importing a secret key, Key Manager displayed properties of the
wrong key
OpenPGP: Inline PGP parsing improvements
OpenPGP: Discovering keys online via Key Manager sometimes failed on Linux
OpenPGP: Encrypted attachment "Decrypt and Open/Save As" did not work
OpenPGP: Importing keys failed on macOS
OpenPGP: Verification of clear signed UTF-8 text failed
Address book: Some columns incorrectly displayed no data
Address book: The address book view did not update after changing the name
format in the menu
Calendar: Could not import an ICS file into a CalDAV calendar
Calendar: Two "Home" calendars were visible on a new profile
Calendar: Dark theme was incomplete on Linux
Dark theme did not apply to new mail notification popups
Folder icon, message list, and contact side bar visual improvements
MailExtensions: HTTP refresh in browser content tabs did not work
MailExtensions: messageDisplayScripts failed to run in main window
Various security fixes

Security fixes:
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
#CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Thunderbird 78.6
2021-01-01 12:58:32 +00:00
ryoon
bfac3f1b42 *: Recursive revbump from audio/pulseaudio-14.0 2021-01-01 09:52:09 +00:00
nia
a3d92cd536 Remove now-actively-harmful 32-bit ARM hack from Mozilla packages. 2020-12-26 10:35:16 +00:00
ryoon
90c50c11ab thunderbird: Update to 78.5.1
Changelog:
What's New
OpenPGP: Added option to disable email subject encryption

Changes
OpenPGP public key import now supports multi-file selection and bulk accepting imported keys
MailExtensions: getComposeDetails will wait for "compose-editor-ready" event

Fixes
New mail icon was not removed from the system tray at shutdown
"Place replies in the folder of the message being replied to" did not work when using "Reply to List"
Thunderbird did not honor the "Run search on server" option when searching messages
Highlight color for folders with unread messages wasn't visible in dark theme
OpenPGP: Key were missing from Key Manager
OpenPGP: Option to import keys from clipboard always disabled
The "Link" button on the large attachments info bar failed to open up Filelink section in Options if the user had not yet configured Filelink
Address book: Printing members of a mailing list resulted in incorrect output
Unable to connect to LDAP servers configured with a self-signed SSL certificate
Autoconfig via LDAP did not work as expected
Calendar: Pressing Ctrl-Enter in the new event dialog would create duplicate events
Various security fixes

Security fixes:
#CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes
2020-12-07 12:30:56 +00:00
wiz
d7dfbd392e thunderbird: Fix typo in PLIST 2020-11-21 12:28:43 +00:00
ryoon
a08ead40d5 thunderbird: Update to 78.5.0
* Fix build with lang/rust-1.47.0.

Changelog:
78.5.0
What's New
OpenPGP: Added option to disable attaching the public key to a signed message
MailExtensions: "compose_attachments" context added to Menus API
MailExtensions: Menus API now available on displayed messages

Changes
MailExtensions: browser.tabs.create will now wait for "mail-delayed-startup-finished" event

Fixes
OpenPGP: Support for inline PGP messages improved
OpenPGP: Message security dialog showed unverified keys as unavailable
Chat: New chat contact menu item did not function
Various theme and usability improvements
Various security fixes

#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5


78.4.3
Fixes
User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme
Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme

78.4.2
Fixes
Security fix
#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

78.4.1
What's New
Thunderbird prompts for an address to use when starting an email from an address book entry with multiple addresses

Fixes
Searching global search results did not work
Link location was not focused by default when adding a hyperlink in message composer
Advanced address book search dialog was unusable
Encrypted draft reply emails lost "Re:" prefix
Replying to a newsgroup message did not open the compose window
Unable to delete multiple newsgroup messages
Appmenu displayed visual glitches
Visual glitches when selecting multiple messages in the message pane and using Ctrl+click
Switching between dark and light mode could lead to unreadable text on macOS


78.4.0
What's New
MailExtensions: browser.tabs.sendMessage API added
MailExtensions: messageDisplayScripts API added

Changes
Yahoo and AOL mail users using password authentication will be migrated to OAuth2
MailExtensions: messageDisplay APIs extended to support multiple selected messages
MailExtensions: compose.begin functions now support creating a message with attachments

Fixes
Thunderbird could freeze when updating global search index
Multiple issues with handling of self-signed SSL certificates addressed
Recipient address fields in compose window could expand to fill all available space
Inserting emoji characters in message compose window caused unexpected behavior
Button to restore default folder icon color was not keyboard accessible
Various keyboard navigation fixes
Various color-related theme fixes
MailExtensions: Updating attachments with onBeforeSend.addListener() did not work
Various security fixes

Security fixes:
#CVE-2020-15969: Use-after-free in usersctp
#CVE-2020-15683: Memory safety bugs fixed in Thunderbird 78.4


78.3.3
Fixes
OpenPGP: Improved support for encrypting with subkeys
OpenPGP message status icons were not visible in message header pane
OpenPGP Key Manager was missing from Tools menu on macOS
Creating a new calendar event did not require an event title


78.3.2
Changes
Thunderbird will no longer automatically install updates when Preferences tab is opened

Fixed
OpenPGP: Improved support for encrypting with subkeys
OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly
Single-click deletion of recipient pills with middle mouse button restored
Searching an address book list did not display results
Windows installer was unreadable with Windows in high contrast mode
Dark mode, high contrast, and Windows theming fixes
2020-11-19 14:29:55 +00:00
ryoon
463d0c8298 thunderbird: Update to 78.3.2
Changelog:
Changes

Thunderbird will no longer automatically install updates when Preferences tab is opened

Fixes

OpenPGP: Improved support for encrypting with subkeys

OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly

Single-click deletion of recipient pills with middle mouse button restored

Searching an address book list did not display results

Windows installer was unreadable with Windows in high contrast mode

Dark mode, high contrast, and Windows theming fixes
2020-10-09 16:13:49 +00:00
ryoon
8733d60c79 thunderbird: Update to 78.3.1
Changelog:
78.3.1
Fixes
Thunderbird crashed after updating to 78.3.0


78.3.0
Changes
OpenPGP: Improved decryption performance with large messages

OpenPGP: Do not show external key UI when disabled by preference

Account setup wizard will now open a popup when connecting to a server with a
self-signed SSL/TLS certificate

Installation of "legacy" MailExtensions now disabled

Reply-To header moved in compose window; now appears under From header

Calendar: Sidebar UI improvements

Fixes
Selecting "Cancel" on the Master Password prompt at startup incorrectly
reported corrupted OpenPGP data

OpenPGP: Creating a new key pair did not automatically select it for use

Dragging & Dropping recipient pills resulted in lost pills when an error was
present

Spellcheck suggestions were unreadable in dark theme

Calendar: Multiple password prompts opened

Linux Distributions: UI was not rendered completely when built without updater

MailExtensions: browser.folders.delete failed on IMAP folders

Various security fixes

Security fixes:
Mozilla Foundation Security Advisory 2020-44
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into
a contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Thunderbird 78.3
2020-09-28 14:11:25 +00:00
wiz
c235549e94 thunderbird: fix branding option PLIST 2020-09-15 12:54:37 +00:00
ryoon
89dc7fb13e thunderbird: Update to 78.2.2
* Runtime depend on chat/libotr.

Changelog:
What's New
new Drag and Drop reordering of recipient pills now supported

Changes
changed OpenPGP: Some signature states reported as "mismatch" now report "unknown"
changed Privacy policy now displayed in a tab when updated
changed Chat: Non-functional Twitter support removed

Fixes
fixed OpenPGP: Improvements to key importing when failures occur
fixed OpenPGP: Decryption did not work with certain HTTP proxy configurations
fixed OpenPGP: "Discover keys online" option did not work when searching for an email address
fixed Email filters reported failure when moving a message to original folder
fixed Message filters: Filters shown as enabled in configuration dialog were not always enabled
fixed vCard 2.1 attachments not handled properly
fixed Sending messages sometimes failed when recipients were in LDAP address book
fixed Non-functional help menu items removed
fixed Adding custom headers in the addressing widget (preference mail.compose.other.header) did not work
fixed Calendar: Event reminder details were unreadable
fixed Windows 10 high-contrast theme fixes
fixed More theme fixes and improvements
2020-09-13 10:51:03 +00:00
wiz
7f74bed877 thunderbird: fix PLIST for branding option 2020-09-05 12:28:09 +00:00
wiz
6009bad99c thunderbird: add workaround for llvm compiler bug, same as for www/firefox 2020-09-05 12:27:43 +00:00
ryoon
4c9dd7b2bf thunderbird: Update to 78.2.1
* Lightning cannot be disabled by users in build time.
  Remove mozilla-lightning option.

Changelog:
78.2.1
Changes
changed OpenPGP enabled by default
changed OpenPGP: Disabled the use of MD5/SM2/SM3 algorithms

Fixes
fixed OpenPGP: Users with sub-identities were unable to encrypt or sign messages when switching identities
fixed OpenPGP message security window did not support dark mode

78.2.0
Changes
changed OpenPGP Key generation now disabled when there is no default mail account configured
changed OpenPGP: Encrypt saved drafts when OpenPGP is enabled
changed Twitter search removed
changed Calendar: Event summary dialog is now themeable
changed MailExtensions: Some APIs now use defineLazyPreferenceGetter in order to benefit from caching

Fixes
fixed OpenPGP Key Manager search function did not work
fixed OpenPGP Key Properties dialog was sometimes too small
fixed OpenPGP: Encrypted email would not send if address contained uppercase characters
fixed OpenPGP: "Key ID" column could not be resized in Key Manage
fixed OpenPGP: Keys containing invalid UTF-8 strings could not be imported
fixed OpenPGP: Enable automatic signing for encrypted messages in additional scenarios
fixed Many more OpenPGP bug fixes and improvements
fixed IMAP fetch chunk size was always 65536 bytes
fixed IMAP server capabilities were not rechecked after upgrading to SSL/TLS connection
fixed Message Composer: Order of attachments could not be modified using drag & drop
fixed Composing messages with a "fixed width" font did not work
fixed Drag and drop of address book contacts did not work in some situations
fixed Address book migration failed when there was a dot in the file name
fixed Address book: "Always prefer display name over message header" was always checked when editing a contact
fixed Address book performance optimizations
fixed Dialog to add a new mail account from "Account Settings" did not open
fixed "Select All" (Ctrl+A) in message source did not work until focused with a mouse click
fixed Ctrl+scroll wheel not zooming in message reader
fixed Setting/changing a signature from a file lost when closing account settings
fixed Adaptive Junk Mail settings could not be disabled
fixed Message filter dialog fixes: Missing scrollbar, drop-down list not wide enough
fixed Various UX and theme improvements

78.1.1
Changes
changed Building OpenPGP shared library linked to system libraries now supported
changed MailExtension errors now shown in Developer Tools console by default
changed MailExtensions: Dynamic registration of calendar providers now supported

Fixesr
fixed OpenPGP improvements
fixed Message preview was sometimes blank after upgrading from Thunderbird 68
fixed Email addresses whitelisted for remote content not displayed in preferences
fixed Importing data from Seamonkey did not work
fixed Renaming a mail list did not update the side bar
fixed MailExtensions: messenger.* namespace was undefined

78.1.0
What's New
new OpenPGP support is now feature complete. Improvements: new Key Wizard, online searching for OpenPGP keys, and more
new The preferences tab now has a search field

Changes
changed Dark background in message reader is now disabled

Fixes
fixed Thunderbird startup was slow when using folder color customizations with many folders. Previously configured colors will not be migrated.
fixed Mail quota usage in status bar did not support terabyte folder sizes
fixed Changing Junk mail settings with keyboard toggled wrong setting
fixed Advanced IMAP server preferences not saved in Account Manager
fixed Address book migration updates and fixes
fixed Address book: Last Modified Date was not updated
fixed Dark mode improvements
fixed Various security fixes

Security fixes:
#CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
#CVE-2020-6514: WebRTC data channel leaks internal address to peer
#CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
#CVE-2020-15653: Bypassing iframe sandbox when allowing popups
#CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
#CVE-2020-15656: Type confusion for special arguments in IonMonkey
#CVE-2020-15658: Overriding file type when saving to disk
#CVE-2020-15657: DLL hijacking due to incorrect loading path
#CVE-2020-15654: Custom cursor can overlay user interface
#CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1

78.0.1
What's New
new OpenPGP: Key revocation, extending key expiration, and secret key backup

Fixes
fixed Drag & Drop multiple attachments to macOS Finder created duplicate files
fixed Faceted search date and relevance settings not saved
fixed FileLink attachments included as a link and file when added from a network drive via drag & drop
fixed About Thunderbird dialog keyboard shortcuts did not work
fixed CC'd recipients sometimes displayed collapsed in header pane
fixed Incremental search in contacts sidebar did not always display local results when an LDAP server was also in use
fixed Contacts sidebar search results cleared after removing a contact
fixed OpenPGP: Messages with long Armor Header lines did not display
fixed OpenPGP: Messages containing non-UTF-8 text were not supported
fixed Various UI and theming fixes
fixed Chat: Participants list did not display operator flags
2020-09-03 15:26:22 +00:00
wiz
6c2ff5bf8a thunderbird: fix build with latest rust using patch from firefox68 2020-08-22 23:12:51 +00:00
leot
b13a568190 *: revbump for libsndfile 2020-08-18 17:57:24 +00:00
ryoon
6c08394a83 thunderbird: Update to 68.10.0
Changelog:
Fixes

fixed Chat: Topics displayed some characters improperly
fixed Calendar: Filtering tasks did not work when "Incomplete Tasks" was selected

Security fixes:
CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
#CVE-2020-12418: Information disclosure due to manipulated URL object
#CVE-2020-12419: Use-after-free in nsGlobalWindowInner
#CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
#MFSA-2020-0001: Automatic account setup leaks Microsoft Exchange login credentials
#CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
2020-07-04 05:11:25 +00:00
nia
0982bc8b2f thunderbird: Remove cargo SUBSTs, there's no clear patches for rust crates 2020-07-01 09:19:13 +00:00
rillig
1deaf712fa mail/thunderbird: remove commented-out SUBST block 2020-07-01 07:18:14 +00:00
nia
af5d6328f9 Detect if gtk3 was built with Wayland properly in Mozilla packages.
thanks jperkin for the hint.
2020-06-29 11:53:09 +00:00
nia
52cb390e86 thunderbird: Remove patches for NetBSD 7, rust dropped support for NetBSD 7 2020-06-17 18:00:09 +00:00
nia
fc6a67c089 thunderbird: Sync with firefox68
- Re-enable multiprocess mode
- Drop hacks for crossprocess semaphores on NetBSD
- Drop OSS support
- Drop unused gnome option

Bump PKGREVISION
2020-06-15 15:44:22 +00:00
nia
dd88971af3 thunderbird: sync cargo cksum bits with lang/rust 2020-06-15 08:31:19 +00:00
nia
ff834919fb thunderbird: Add SUPERSEDES 2020-06-07 10:30:38 +00:00
ryoon
8a51ed84a6 thunderbird: Update to 68.9.0
Changelog:
Fixes
fixed Custom headers added for searching or filtering could not be removed
fixed Calendar: Today Pane updated prior to loading all data
fixed Stability improvements
fixed Various security fixes

Security fixes:
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
#CVE-2020-12405: Use-after-free in SharedWorkerService
#CVE-2020-12406: JavaScript Type confusion with NativeTypes
#CVE-2020-12410: Memory safety bugs fixed in Thunderbird 68.9.0
#CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to information leakage
2020-06-05 03:57:58 +00:00
ryoon
6f7a90b6a9 thunderbird: Update to 68.8.1
Changelog:
Fixes:
fixed IMAP stability improvements
fixed HTML tags in IRC topic changes were rendered incorrectly
fixed MailExtensions: Websockets could not be used
2020-05-27 11:40:29 +00:00
nia
4a748ecdc0 thunderbird: Sync DESCR with reality.
Thunderbird is no longer Mozilla-branded. It no longer uses gtk2.

Future versions of Thunderbird will not have ESR releases because
every Thunderbird release is now an ESR release.
2020-05-14 14:12:46 +00:00
ryoon
7b6a9643a6 thunderbird: Update to 68.8.0
Changelog:
Fixes
Account Manager: text fields were too small in some cases
Account Manager: Authentication method did not update when selecting an SMTP server
Links with embedded credentials did not open on Windows
Messages were sometimes sent with a badly formed address when filled from the address book
Accessibility: Screen readers were reporting too many activities from the status bar
MailExtensions: Setting IMAP messages as read with browser.messages.updated failed to persist
Various security fixes

Security fixes:
#CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode characters
#CVE-2020-12387: Use-after-free during worker shutdown
#CVE-2020-6831: Buffer overflow in SCTP chunk input validation
#CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
#CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0
2020-05-14 12:14:39 +00:00
ryoon
01a2a2232c thunderbird: Update to 68.7.0
Changelog:
What's New
new MailExtensions: Raw message source available to MailExtensions

Changes
changed MailExtensions: messages.update function extended to mark messages as junk or not junk
changed MailExtensions: browser.compose.begin functions no longer expand mailing lists

Fixes
fixed Various improvements to account setup when connecting to an Exchange server
fixed Thread collapsed when opening news message in a new window
fixed Addons not automatically updated to compatible version after upgrade from Thunderbird 60
fixed Updating addons did not prompt when requesting new permissions
fixed Extra recipients panel not keyboard-accessible
fixed Accessibility: Status bar was not detected by screenreaders
fixed MailExtensions: messages.query by folder name did not require accountsRead permission
fixed Calendar: Invitations with embedded null bytes did not always decode correctly
fixed Calendar: Cancelled events didn't show with a line-through
fixed Various security fixes

Security fixes:
#CVE-2020-6819: Use-after-free while running the nsDocShell destructor
#CVE-2020-6820: Use-after-free when handling a ReadableStream
#CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method
#CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images
#CVE-2020-6825: Memory safety bugs fixed in Thunderbird 68.7.0
2020-04-24 21:48:46 +00:00
joerg
7289f60ae0 Fix build with libc++ by making the template wrapper do what it is
supposed to do. Don't mess with math.h internals. Honor ressource limit
changes during build.
2020-03-30 19:46:01 +00:00
ryoon
eb01e0a27f thunderbird: Update to 68.6.0
CVhangelog:
68.6.0
new
Thunderbird now displays a popup window when starting up on a new
profile

changed
Thunderbird now provides partial updates resulting in smaller
downloads

fixed
Searching in message bodies led to false negatives under some
circumstances in quoted-printable encoded HTML bodies

"Get New Messages for All Accounts" not working for OAuth2-authenticated
IMAP accounts

Various security fixes
#CVE-2020-6805: Use-after-free when removing data about origins
#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
#CVE-2020-6807: Use-after-free in cubeb during stream destruction
#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
#CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
#CVE-2020-6814: Memory safety bugs fixed in Thunderbird 68.6


68.0.5
new
Support for Client Identity IMAP/SMTP Service Extension

Support for OAuth 2.0 authentication for POP3 accounts

fixed
Status area goes blank during account setup

Calendar: Could not remove color for default categories

Calendar: Prevent calendar component loading multiple times

Calendar: Today pane did not retain width between sessions

Various security fixes
#CVE-2020-6793: Out-of-bounds read when processing certain email messages
#CVE-2020-6794: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords
#CVE-2020-6795: Crash processing S/MIME messages with multiple signatures
#CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
#CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
#CVE-2020-6792: Message ID calculcation was based on uninitialized data
#CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5
2020-03-15 13:28:51 +00:00
wiz
f669fda471 *: recursive bump for libffi 2020-03-08 16:47:24 +00:00
kamil
bd4dda449b thunderbird: Workaround broken pthread_equal() usage
Switch to an internal version of pthread_equal() without sanity checks.

Problems detected on NetBSD 9.99.46.
2020-02-08 22:36:24 +00:00
ryoon
cbfc66a56a thunderbird: Update to 68.4.2
Changelog:
changed
Calendar: Task and Event tree colours adjusted for the dark theme

fixed
Retrieval of S/MIME certificates from LDAP failed
Address-parsing crash on some IMAP servers when preference mail.imap.use_envelope_cmd was set
Incorrect forwarding of HTML messages caused SMTP servers to respond with a timeout
Calendar: Various parts of the calendar UI stopped working when a second Thunderbird window opened
2020-02-05 14:29:56 +00:00