Local changes
=============
Cherry-pick a pending patch to fix build with the recent rust version (1.38.0).
esr68 branch fails to build with rust 1.38
https://bugzilla.mozilla.org/show_bug.cgi?id=1585099
Cherry-pick patch from:
https://marc.info/?l=openbsd-ports&m=156984549605237&w=2
Upstream changelog
==================
What's New
fixed Visual glitches: Missing context menu in filter, downloads, password manager and Config Editor search boxes, unwanted scrollbars and cut-off text in Account Manager, incorrect colors in Calendar agenda scrollbars, theme issues on Windows 7
fixed Some attachments couldn't be opened in messages originating from MS Outlook 2016
fixed Address book import form CSV
fixed Performance problem in message body search
fixed Ctrl+Enter to send a message would open an attachment if the attachment pane had focus
fixed Calendar: Issues with "Today Pane" start-up
fixed Calendar: Glitches with custom repeat and reminder number input
fixed Calendar: Problems with WCAP provider
https://www.thunderbird.net/en-US/thunderbird/68.1.2/releasenotes/
2.1.2
This release fixes a regression bug that duplicates the subject with encrypted mails. In addition, several localizations were updated.
2.1.1
This release improves compatibility with Thunderbird 68. In addition, many translations were updated and some defects were fixed.
Bugs fixed:
• When creating encrypted messages with hidden subjects, the subject cannot be restored anymore
• Importing keys attached to emails does not work
• Reading keys from Autocrypt Key Gossip not possible for plaintext emails
• Dark theme / some text hard to read
2.1
Notable Changes
• A new simplified setup wizard will first try to find out if you already used encrypted emails before, and then proceed in the most suitable way.
• On Windows and macOS, there is an automatic check for updates to GnuPG.
• Autocrypt: implemented key-gossip and updates to known keys
• If GnuPG 2.1 or newer are used, then key creation will default to ECC keys
• Interaction with keyservers has been rewritten from scratch, using Thunderbird-internal functions to access the keyservers.
• Full support for keys.openpgp.org, which is used as default keyserver.
Bugs fixed:
A notable number of defects has been fixed for this release. Please check the list of fixed defects for details.
Changelog:
### GMime 3.2.4
* Replaced calls to g_memmove with memmove.
It seems that the latest versions of glib have deprecated g_memmove
in favor of having developers use libc's memmove() function directly.
This change reduces the number of compiler warnings during the gmime
build process.
* Added a new GMIME_DECRYPT_NO_VERIFY flag that disables signature verification.
For cases where it is not necessary to verify the signatures (or it is known
that there are no signatures), making use of this flag can significantly
improve the performance of decrypting OpenPGP content.
* Modified GMimeParser to not set the OpenPGP state for base64/uuencoded content.
While the GMimeParser is parsing a MIME message (or other MIME entity), it will
normally attempt to identify OpenPGP markers in the content of GMimeParts.
However, when the content is base64 or uu-encoded, the parser is unable to
accurately detect these markers and so in previous versions, it was falsely
claiming that such MIME parts had no OpenPGP content even though it was possible,
after decoding their content, that they did in fact have OpenPGP content.
For more details about this bug, see issue #60.
* Added reporting of RFC 5322 addr-spec syntax violations to the GMimeParserWarning API.
* Fixed a stack underflow error in the uudecode.c sample.
* Improved Vala bindings.
- Use correct symbol prefixes which avoid loads of cname attributes.
- Unhide FilterBest.charset() method which conflicts with charset field.
- Object.write_to_stream conflicts with function pointer with the same name
but with a different signature.
Fixes https://gitlab.gnome.org/GNOME/gmime/issues/2
Fixes https://gitlab.gnome.org/GNOME/gmime/issues/3
kim@ approved and Roland reviewed. Thanks to them!
pkgsrc changes
--------------
* Some cosmetics
* Add missing CSS file
* Change SUBST_SED to patch+SUBST_VARS
Changelog:
fixed Issues with attachments in IMAP messages
fixed Gmail accounts ignored a non-standard trash folder
selection. Note: If non-standard trash folder was selected
previously in the account settings, this setting will now take
effect which may be unexpected.
fixed Entering/pasting lists of recipients into the addressing
widget or mailing list not working reliably, especially when
lists contained multiple commas or semicolons
fixed Edit mailing list not working
fixed Various theme fixes, especially dark theme improvements
for Calendar
fixed Contrast between tag label and background not optimal
fixed Account Central pane always loaded at start-up
fixed "Config Editor" button not removed if blocked by policy
fixed Calendar: Free/busy information in attendees dialog not
scrolled correctly. Note: Scroll arrows still not behaving
correctly.
fixed Various security fixes
#CVE-2019-11755: Spoofing a message author via a crafted S/MIME
message
Disable ntlm plugin. It is not built by default on NetBSD 9.0.
I read the configure output and script and couldn't determine
the problem. This makes the build succeed again, and someone
who is more interested in ntlm support can fix it.
For perspective, last update in 2010 and no upstream available.
Some pkglint cleanup while here.
upstream changes:
-----------------
* Robustness: the tlsproxy(8) daemon could go into a loop, logging a flood of
error messages. Problem reported by Andreas Schulze after enabling SMTP/TLS
connection reuse.
* Workaround: OpenSSL changed an SSL_Shutdown() non-error result value into an
error result value, causing logfile noise.
* Configuration: the new 'TLS fast shutdown' parameter name was implemented
incorrectly. The documentation said "tls_fast_shutdown_enable", but the code
said "tls_fast_shutdown". This was fixed by changing the code, because no-one
is expected to override the default.
* Performance: workaround for poor TCP loopback performance on LINUX, where
getsockopt(..., TCP_MAXSEG, ...) reports a bogus TCP maximal segment size that
is 1/2 to 1/3 of the real MSS. To avoid client-side Nagle delays or
server-side delayed ACKs caused by multiple smaller-than-MSS writes, Postfix
chooses a VSTREAM buffer size that is a small multiple of the reported bogus
MSS. This workaround increases the multiplier from 2x to 4x.
* Robustness: the Postfix Dovecot client could segfault (null pointer read) or
cause an SMTP server assertion to fail when talking to a fake Dovecot server.
The Postfix Dovecot client now logs a proper error instead. Problem reported
by Tim Düsterhus.
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
This package provides Thunderbird 60 ESR.
Changelog:
new
Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative.
fixed
Edit tag not working
fixed
Write window: "Insert > Characters and Symbols" not working
fixed
Moving/dragging messages from "Search Messages" result dialog not working
fixed
Command line -compose "attachment=" not working
fixed
Custom views not working
fixed
Issues with list of content types/actions for incoming attachments
fixed
"Learn More" links in Error Console not working
fixed
Visual glitches: Quick Filter Bar tag buttons too tall, missing scroll
bar on Connection Setting subdialog, LDAP server selection after "New",
"Edit" and "Delete"
fixed
Calendar: Parts of CalDAV dialog not working
fixed
Various security fixes
Security fixes:
CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
From release notes:
This version resolves the following CVEs:
* CVE-2017-9470
* CVE-2017-9471
* CVE-2017-9474
* CVE-2017-9058
* CVE-2017-12142
* CVE-2017-12141
* CVE-2017-12144
* Catch and warn for invalid Content-Types
* Add a manually extracted list of config options to r2e.1
* Add a redirect post-process module
* Follow symlinks of datafiles
* Add zsh completion
* Add support for maildir
* Fix `r2e new` overwriting an existing config
* Add new `feed-name` and `feed-url` attributes for the `name-format` setting
* Change logging format
* Allow multiple SMTP recipients
* Fix SMTP security issues
* Fix test suite
* Drop support for Python 3.2 and 3.3
* Remove `__contributors__` from the `rss2email` module
* Stop using deprecated `html2text.unescape`
* Fix locking issues when data file is on NFS
* Add `same-server-fetch-interval` setting for rate-limiting fetches to a server
* Update setup.py to setuptools
pkgsrc changes: simplify GITHUB_*, from leot@.
Requested in joyent/pkgsrc#214. We can't yet upgrade to postgrey 1.37 as there
is no working distribution patch for the postgrey-targrey option, hence the
backport rather than upgrade. Bump PKGREVISION.
1.2.0:
+ Added ability to include DMARC policy in DMARC results
* Updated references for new RFCs, ARC no longer experimental
* Converted http references to https
RELEASE 1.3.10
--------------
- Enigma: Fix bug where revoked users/keys were not greyed out in key info
- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
RELEASE 1.3.10
--------------
- Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723)
- Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785)
- Fix bug where bmp images couldn't be displayed on some systems (#6728)
- Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
- Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
- Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746)
- Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793)
- Fix bug where selection of columns on messages list wasn't working
- Fix bug in converting multi-page Tiff images to Jpeg (#6824)
- Fix wrong messages order after returning to a multi-folder search result (#6836)
- Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866)
- Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898)
- Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)
- Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)
- Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)
