The NetBSD Project

CVS log for pkgsrc/mail/thunderbird/PLIST.lightning

[BACK] Up to [] / pkgsrc / mail / thunderbird

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.28 / (download) - annotate - [select for diffs], Sat Sep 21 10:55:16 2019 UTC (2 months, 3 weeks ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, HEAD
Changes since 1.27: +21 -36 lines
Diff to previous 1.27 (colored)

Update to 68.1.0

    Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative.

    Edit tag not working

    Write window: "Insert > Characters and Symbols" not working

    Moving/dragging messages from "Search Messages" result dialog not working

    Command line -compose "attachment=" not working

    Custom views not working

    Issues with list of content types/actions for incoming attachments

    "Learn More" links in Error Console not working

    Visual glitches: Quick Filter Bar tag buttons too tall, missing scroll
      bar on Connection Setting subdialog, LDAP server selection after "New",
      "Edit" and "Delete"

    Calendar: Parts of CalDAV dialog not working

    Various security fixes

Security fixes:
CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9

Revision 1.27 / (download) - annotate - [select for diffs], Sun Dec 16 08:12:15 2018 UTC (11 months, 3 weeks ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.26: +77 -500 lines
Diff to previous 1.26 (colored)

Update to 60.3.3

    Thunderbird 60 will migrate security databases (key3.db, cert8.db to
    key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault
    that potentially deleted saved passwords and private certificate keys
    for users using a master password. Version 60.3.3 will prevent the loss
    of data; affected users who have already upgraded to version 60.3.2 or
    earlier can restore the deleted key3.db file from backup to complete
    the migration.

    Address book search and auto-complete slowness introduced in
      Thunderbird 60.3.2
    Plain text markup with * for bold, / for italics, _ for underline and |
      for code did not work when the enclosed text contained non-ASCII
    While composing a message, a link not removed when link location was
      removed in the link properties panel

    Under some circumstances Thunderbird on Mac will send attachments using
      the so-called AppleDouble format which can lead to problems with mail
      servers and recipients
    Encoding problems when exporting address books or messages using the
      system charset. Messages are now always exported using the UTF-8 encoding.
    If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was
      displayed. Now using date from "Received" header instead.
    Body search/filtering didn't reliably ignore content of tags
    Inappropriate warning "Thunderbird prevented the site
      ( from asking you to install software on your
      computer" when installing add-ons
    Incorrect display of correspondents column since own email address was
      not always detected
 (encoded newline) inserted into drafts and sent email
    New email not inserted in correct sort order in threaded unified view
      or search folder

    Double-clicking on a word in the Write window sometimes launched the
      Advanced Property Editor or Link Properties dialog
    Cookie removal (not working since Thunderbird version 52)
    "Download rest of message" not working if global inbox was used
    Encoding problems for users (especially in Poland) when a file was sent
      via a folder using "Sent to > Mail recipient" due to a problem in the
      Thunderbird MAPI interface
    According to RFC 4616 and RFC 5721, passwords containing non-ASCII
      characters are encoded using UTF-8 which can lead to problems with
      non-compliant providers, for example The SMTP LOGIN
      and POP3 USER/PASS authentication methods are now using a Latin-1
      encoding again to work around this issue.
    Shutdown crash/hang after entering an empty IMAP password

    Various Theme fixes where incorrect colors, backgrounds, etc. were
    Add-on Options menu not working on Mac
    Shift+PageUp/PageDown in Write window
    Saving content of Write windows didn't overwrite existing file
    Issues related to "Edit Template" command
    Gloda attachment filtering
    Mailing list address auto-complete enter/return handling
    Thunderbird hung if HTML signature references non-existent image
    Filters not working for headers that appear more than once
    Various security fixes

Secirity fixes:
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3

    Calendar: Default values for the first day of the week and working days
      are now derived from the selected datetime formatting locale (restart
      after changing locale in the OS required)
    Calendar: Switch to a Photon-style icon set for all platforms
    Multiple requests for master password when Google Mail or Calendar
      OAuth2 is enabled
    Scrollbar of the address entry auto-complete popup does not work
    Security info dialog in compose window does not show certificate status
    Links in the Add-on Manager's search results and theme browsing tabs
      open in external browser
    Localized versions of Thunderbird didn't show a localized name for
      the "Drafts" and "Sent" folders for certain IMAP providers
      (particularly in France)
    Replying to a message with an empty subject inserted Re: twice (not
      working in Thunderbird 60.0)
    Spellcheck marks disappeared erroneously for words with an apostrophe
      (not working in Thunderbird 60.0)
    Calendar: First day of the week cannot be set
    Calendar: Several fixes related to cutting/deleting of events and email
    Various security fixes

Security fixes:
#CVE-2018-12377: Use-after-free in refresh driver timers
#CVE-2018-12378: Use-after-free in IndexedDB
#CVE-2018-12379: Out-of-bounds write with malicious MAR file
#CVE-2017-16541: Proxy bypass using automount and autofs
#CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
#CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
#CVE-2018-12376: Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1

    When writing a message, a delete button now allows the removal of a
      recipient. This delete button is displayed when hovering the To/Cc/Bcc
    Many improvements to attachments handling during compose: Attachments
      can now be reordered using a dialog, keyboard shortcuts, or drag and
      drop. The "Attach" button moved to the right to be above the attachment
      pane. The access key of the attachment pane (e.g. Alt+M, may vary
      depending on localization, Ctrl+M on Mac) now also works to show or
      hide the pane. The attachment pane can also be shown initially when
      composing a new message. Right-click on the header to enable this
      option. Hiding a non-empty attachment pane will now show a placeholder
      paperclip to indicate the presence of attachments and avoid sending
      them accidentally.
    "Edit Template" command. This also solves various problems when saving
      as template (duplicates created, message ID lost).
    "New Message from Template" command
    Allow changing the Spellcheck Language from status bar
    Light and Dark themes
    WebExtension themes are now enabled in Thunderbird
    A default startup directory in the address book window can now be
    Individual feed update interval
    An option under "Tools > Options, Advanced, General" now allows to
      select whether date/time display will follow the application locale
      (adjusted by operating system's format settings for that locale) or
      the locale selected in the operating system's regional settings.
      In other words, an US English Thunderbird can use, for example,
      German formats.
    OAuth2 authentication for Yahoo and AOL
    FIDO U2F support
    Thunderbird now allows the conversion of folders from mbox to maildir
      format and vice versa. This is an experimental feature that needs to
      be enabled by setting the preference mail.store_conversion_enabled.
      Note that this functionality does not not work if the option "Allow
      Windows Search/Spotlight to search messages" is selected.
    Calendar: Allow copying, cutting or deleting of a selected occurrence
      or the entire series for recurring events
    Calendar: Provide an option to display locations for events in calendar
      day and week views
    Calendar: Provide the ability for sending/not sending meeting
      notifications directly instead of showing a popup
    Calendar: Option to select the target calendar when pasting an event
      or task
    Calendar: Allow email scheduling for CalDAV servers supporting
      server-side scheduling
    Thunderbird Chat now contains multiple built-in message themes

    IMPORTANT: Add-ons not marked as compatible with Thunderbird 60
      by their authors will be disabled (this can be reverted via preference
    IMAP: When after sending a message storing that sent message fails,
      the message can now be stored in a local folder
    Add-on options can no longer be configured from the Add-on Manager page.
      A new menu item "Add-on Options" is now available on the Tools menu.
    When messages are composed in paragraph format, "body text" and split
      mail quotes are converted to paragraphs when pressing the enter key
    "Edit As New Message" will now use the account's default compose format,
      either HTML or plain text ignoring the format of the message. Plain
      text messages will be converted to HTML and vice versa. Then using
      the modifier, the format choice will be reverted.
    The "Edit Draft" command now also honors the use of the shift key to
      convert HTML to plain text or vice versa when editing a draft
    The plain text to HTML conversion has been improved where such a
      conversion is necessary for "Edit As New Message" or when the shift
      modifier is used for "Edit Draft" or "New Message from Template".
    During address entry, the matching part of the address is now shown in
      bold. Preference mail.autoComplete.commentColumn allows to display
      the address book where the address is stored.
    When attaching a message via drag and drop, the subject of the message
      is now used as attachment name instead of "Attached Message"
    Better address book photo handling: Photos can be added by drag and
      drop and a copy of all photos will be stored in the Thunderbird profile
    On first start, Thunderbird now shows the account setup dialog, no longer
      the account provisioner dialog
    Thunderbird follows Firefox' Photon design with rectangular tabs and
      many other theme improvements
    When customizing the From: address, Thunderbird will now use this address
      for the SMTP "MAIL FROM" command. Previously the address configured
      in the identity was used. The preference
      mail.smtp.useSenderForSmtpMailFrom allows return to the previous
    Native notifications on Linux are now re-enabled
    Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy
      now supported)
    Thunderbird now uses the latest Rust-based Mozilla technology, including
      Quantum's CSS engine (based on Servo) and encoding_rs, for displaying
      and encoding messages
    All certificates issued by Symantec roots before 2016-06-01 are
      distrusted for use in TLS secured traffic in Thunderbird 60 and above.
      This applies to all brands Symantec operated: Thawte, RapidSSL,
      GeoTrust, Verisign, and Symantec. For usage in S/MIME the certificates
      remain valid. Details here.
    Calendar: Removal of capability to send email invitations compatible
      to Outlook 2002 and earlier
    Calendar: Reminders on read-only calendars can now be dismissed, while
      reminders for missed events will now only be displayed for writable
      calendars if option "Show missed reminders for writable calendars" is
    Thunderbird Chat: Nicknames inside of messages are colored to match
      the participants list

    When many Thunderbird clients or other email clients accessed the same
      IMAP draft folder, messages were sometimes sent with the wrong
      identity. This has been corrected and the user will be notified if
      none of their identities matches the draft.
    Various problems related to handling the IMAP trash folder: Under
      certain circumstances the selection of the trash folder didn't persist,
      for example when the name contained non-ASCII characters, or in
      localized versions of Thunderbird. At times unwanted adtext menu behavior
    Better error handling for Gmail authentication to avoid re-downloading
      of folders
    Thunderbird used a stale cached password after user edited a saved
    Calendar: Wrong time formatting for some time zones
    Calendar: Can't copy information from event dialog for received invitations
    Various security fixes

Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60
#CVE-2018-5188: Memory sa60

Revision 1.26 / (download) - annotate - [select for diffs], Thu Apr 27 13:32:40 2017 UTC (2 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-
Changes since 1.25: +49 -41 lines
Diff to previous 1.25 (colored)

Update to 52.0.1


    Clicking on a link in an email may not open this link in the external browser.
    Crash due to incompatibility with McAfee Anti-SPAM add-on. Add-on is blocked in 52.0.1


    Folder pane toolbar and folder view selector (replacement for folder view arrows)
    Optionally remove corresponding data files when removing an account from Thunderbird
    Import settings from Becky! Internet Mail
    Possibility to copy message filter
    Dictionary setting is restored when editing a draft. Content-Language header (RFC 3282) transmitted with message
    Calendar: Event can now be created and edited in a tab
    Calendar: Processing of received invitation counter proposals
    Chat: Support Twitter Direct Messages
    Chat: Liking and favoriting in Twitter
    Chat: XMPP: Support SASL SCRAM authentication mechanism
    Chat: Support Jabber/XMPP Message Carbons (XEP-280)


    IMPORTANT: The way images are included in a compose window has changed. Images are now included as data URIs and not as references to parts of other messages or operating system files. This allows better interoperability with office packages such as MS Office or LibreOffice. Images linked from locations on the internet will no longer be downloaded and attached to the message automatically. This can be changed for each image individually via the Image Properties dialog or globally by setting the preference mail.compose.attach_http_images.
    Correspondents column now default for all new folders, can be switched off with preference mail.threadpane.use_correspondents
    When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header
    On Linux PulseAudio is now required to play sound
    Formatting toolbar is now left in place when delivery format is switched to plain text only
    Messages in IMAP folders read on external device are now filtered by default
    Folders backed by mbox storage larger than 4GB are supported without warning (unless preference mailnews.allowMboxOver4GB is set to false)
    IMAP caching now uses Mozilla's latest caching technology
    The keyboard shortcut to insert hyperlinks into a compose window was changed from CTRL+L to CTRL+K to align with Office applications
    Chat: Removed Yahoo! Messenger support (since Yahoo removed support)


    Message preview pane non-functional after IMAP folder was renamed or moved
    Editing in paragraph format: Pressing Shift+Enter sometimes doesn't move the cursor to the next line
    Various corrections when composing messages in paragraph format
    Paste as quotation doesn't always work
    Long lines in plain text replies not properly wrapped
    Undesired white-space before signature in paragraph mode
    When attachment unavailable, compose shows endless "Attaching..." message instead of error
    Text encoding of reply sometimes incorrect (uses encoding of last viewed message)
    Text encoding of message display, reply or forwarded message sometimes incorrect (uses encoding of attachment)
    Delivery Format not preserved for saved drafts (Auto-Detect|Plaintext|HTML|Both)
    Reply to own e-mail does not reply with the correct identity
    IMAP message part caching
    Links with escaped non-ASCII (international) characters can't be clicked
    Calendar: Events specified in timezone "local time" generate alerts in UTC time
    Chat: XMPP Resource collisions
    Various security fixes

Security fixes:
 #CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
 #CVE-2017-5401: Memory Corruption when handling ErrorResult
 #CVE-2017-5402: Use-after-free working with events in FontFace objects
 #CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
 #CVE-2017-5404: Use-after-free working with ranges in selections
 #CVE-2017-5406: Segmentation fault in Skia with canvas operations
 #CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
 #CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
 #CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
 #CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
 #CVE-2017-5412: Buffer overflow read in SVG filters
 #CVE-2017-5413: Segmentation fault during bidirectional operations
 #CVE-2017-5414: File picker can choose incorrect default directory
 #CVE-2017-5416: Null dereference crash in HttpChannel
 #CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
 #CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
 #CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
 #CVE-2017-5419: Repeated authentication prompts lead to DOS attack
 #CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
 #CVE-2017-5421: Print preview spoofing
 #CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
 #CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
 #CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8

Revision 1.25 / (download) - annotate - [select for diffs], Sat May 21 23:22:16 2016 UTC (3 years, 6 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.24: +1 -3 lines
Diff to previous 1.24 (colored)

Update to 45.1.0

Fixed in Thunderbird 45.1
    2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

Christian Holler, Tyson Smith, and Phil Ringalda reported memory safety problems and crashes that are fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46.
    Memory safety bugs fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46 (CVE-2016-2807)

Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, and Randell Jesup reported memory safety problems and crashes that are fixed in Firefox ESR 45.1 and Firefox 46.
    Memory safety bugs fixed in Firefox ESR 45.1 and Firefox 46 (CVE-2016-2806)

Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes that are fixed in Firefox 46.
    Memory safety bugs fixed in Firefox 46 (CVE-2016-2804)

Christian Holler reported a memory safety problem that is fixed in Firefox ESR 38.8.
    Memory safety bug fixed in Firefox ESR 38.8 (CVE-2016-2805)

Revision 1.24 / (download) - annotate - [select for diffs], Sun Apr 17 18:33:50 2016 UTC (3 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.23: +33 -130 lines
Diff to previous 1.23 (colored)

Update to 45.0

* Regen patch names

    New Add a Correspondents column combining Sender and Recipient
    New Much better support for XMPP chatrooms and commands.
    New Remote content exceptions: Improved options to add exceptions.
    New Implement option to always use HTML formatting to prevent unexpected format loss when converting messages to plain text.
    New Use OpenStreetmap for maps (even allow the user to choose from list of map services)
    New Allow spell checking and dictionary selection in the subject line
    New Add dropdown in compose to allow specific setting of font size.
    New Return/Enter in composer will now insert a new paragraph by default (shift-Enter will insert a line break)
    New supports OAuth authentication.
    New Allow copying of name and email address from the message header of an email
    New Allow editing of From when composing a message.
    Fixed Fixed: When sending e-mail which was composed using Chinese, Japanese or Korean characters, unwanted extra spaces were inserted within the text.
    Fixed Spell checker checked spelling in invisible HTML parts of the message.
    Fixed When saving a draft that is edited as new message, original draft was overwritten.
    Fixed External images not displayed in reply/forward
    Fixed Properly preserve pre-formatted blocks in message replies.
    Fixed Crashed in some cases while parsing IMAP messages.
    Fixed Copy/paste from a plain text editor lost white-space (multiple spaces/blanks, tabs, newlines)
    Fixed "Open Draft"/"Forward"/"Edit As New"/"Reply" created message composition with incorrect character encoding.
    Fixed Fixed: Grouped By view sort direction change was broken, plus enabled custom column grouping.
    Fixed Fixed: New emails into a mailbox did not adhere to sort order by received.
    Fixed Fixed: attachments failed to upload.
    Fixed Fixed: Drag and drop of multiple attachments failed to OS file folder.
    Fixed XMPP had connection problems for users with large rosters

Security bugs:
Fixed in Thunderbird 45
    2016-37 Font vulnerabilities in the Graphite 2 library
    2016-36 Use-after-free during processing of DER encoded keys in NSS
    2016-35 Buffer overflow during ASN.1 decoding in NSS
    2016-34 Out-of-bounds read in HTML parser following a failed allocation
    2016-27 Use-after-free during XML transformations
    2016-24 Use-after-free in SetBody
    2016-23 Use-after-free in HTML5 string parser
    2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
    2016-19 Linux video memory DOS with Intel drivers
    2016-18 CSP reports fail to strip location information for embedded iframe pages
    2016-17 Local file overwriting and potential privilege escalation through CSP reports
    2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

Revision 1.23 / (download) - annotate - [select for diffs], Thu Sep 3 14:41:32 2015 UTC (4 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.22: +3 -3 lines
Diff to previous 1.22 (colored)

Fix PLIST for lightning (as found in local build and reported by joerg).

Revision 1.22 / (download) - annotate - [select for diffs], Thu Jul 9 15:17:34 2015 UTC (4 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.21: +512 -19 lines
Diff to previous 1.21 (colored)

Update to 38.0.1

What's New
    New GMail supports OAuth2 authentication, removing the need to manually select "allow less secure applications" in Google options for the account. (bug 849540)
    New Ship Lightning calendar addon with Thunderbird and enable with an opt-out dialog (bug 1113183)
    New Filter sent messages (bug 11039)
    New Filter messages when archived (bug 479823)
    New Enable search in multiple/all address books (bug 170270)
    New Add support for Yahoo Messenger in Chat (bug 955574)
    New Support Internationalized domain name URLs for RSS feeds (Bug 1018589)
    New Show expanded columns in folder pane (bug 464973)
    New Allow file-per-message (maildir) local message storage (bug 845952)
    New Add a Learn more link to the support page in feeds subscribe dialog (bug 1053782)
    New Add reading position marker line to conversations (bug 760762)
    New The editor for twitter should show inputtable character count (bug 736002)
    Changed Thunderbird will no longer use SHA-1 to sign messages (bug 1018259)
    Changed Removed rarely used character sets: T.61-8bit, non-encoding Mac encoders, VISCII, x-viet-tcvn5712, x-viet-vps x-johab, ARMSCII8 , map us-ascii to windows-1252, ISO-8859-6-I and -E and ISO-8859-8-E, (bug 1068505 and others.)
    Changed Disable CONDSTORE support for IMAP to prevent discrepancies in IMAP message status (deleted, unread) on some servers (bug 912216)
    Changed Make OpenSearch queries open in the user's default browser (bug 1120777)
    Changed Default to using SSL for XMPP and IRC. This might cause issues for self-signed certificates (bug 1122567, bug 1122666)
    Fixed Replied/forwarded icons disappear after folder repair, detach/delete (bug 840418)
    Fixed Attachment "Save As" files are displayed in Tools/Saved Files (bug 914517)
    Fixed Adding unknown email addresses to Mailing list, then deleting ghost duplicate entries from contacts pane, caused dataloss in mailing list (bug 628035)
    Fixed Web site from RSS feed was not rendered correctly (bug 662907)
    Fixed Email address with leading/trailing whitespace displayed wrongly with added quotes when composing ["foo"] (bug 286760)
    Fixed Force display of Sender header if S/MIME sender is the signer (bug 332639)
    Fixed Addressing autocomplete widget: Typed text in red despite results/matches found if suggestions change by last input (bug 1042561)
    Fixed Status bar not accessible (bug 934875)
    Fixed Wrong folder may be deleted when requesting junk delete (bug 1018960)
    Fixed Severe UI stutter or freezes getting new mail for very large folders (bug 870556)
    Fixed Automatically rejoin multi-user conversations on reconnect for XMPP (bug 1014472)
    Fixed Various improvements when using IRC on moznet (bug 1083768 and others)
    Fixed Significantly improve XMPP support (bug 1085022 and others)
    Fixed Fixes for connecting to non-standard IRC networks (bug 870556 and others)
    Fixed Automatically reclaim IRC nicks during a reconnect (bug 1087566)
    Fixed Changing location in editor doesn't preserve the font when returning to end of text/line (bug 756984)
    Fixed Inline spell checker loses red underlines after a backspace is used (bug 1100966)

Known Issues
    unresolved Automatic addon compatibility update checks were not completed, so existing addon compatibilities may not be accurate.
    unresolved Copy/Paste into plain text editor deletes newlines from quoted text (bug 1143570)
    unresolved Importing data from Outlook or Eudora crashes (bug 917961)

Fixed in Thunderbird 38.0.1
    2015-58 Mozilla Windows updater can be run outside of application directory
    2015-57 Privilege escalation through IPC channel messages
    2015-54 Buffer overflow when parsing compressed XML
    2015-51 Use-after-free during text processing with vertical text enabled
    2015-48 Buffer overflow with SVG content and CSS
    2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
    2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

Revision 1.21 / (download) - annotate - [select for diffs], Sun Jul 27 20:04:59 2014 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3
Changes since 1.20: +191 -182 lines
Diff to previous 1.20 (colored)

Update to 31.0

* Update enigmail to 1.7

    Autocompleting email addresses now matches against any part of the name or email (bug 529584)

    Composing a mail to a newsgroup will now autocomplete newsgroup names (bug 61491)

    Insecure NTLM (pre-NTLMv2) authentication disabled (see 828183)

Fixed in Thunderbird 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)

Revision 1.20 / (download) - annotate - [select for diffs], Wed May 7 20:26:12 2014 UTC (5 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.19: +1 -5086 lines
Diff to previous 1.19 (colored)

Fix build with for 24.5.0
Fix PLIST* (remove duplicated entries etc.)

Revision 1.19 / (download) - annotate - [select for diffs], Tue Dec 3 12:39:27 2013 UTC (6 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.18: +3 -2 lines
Diff to previous 1.18 (colored)

Fix non-Solaris packaging after the update to 24.1.1.

Revision 1.18 / (download) - annotate - [select for diffs], Mon Dec 2 15:01:04 2013 UTC (6 years ago) by richard
Branch: MAIN
Changes since 1.17: +4 -2 lines
Diff to previous 1.17 (colored)

Update to Thunderbird and Thunderbird-l10n 24.1.1.

Fixed in Thunderbird 24.1.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities

TODO: put sdk common files into their own PLIST in order to simplify updates to
PLIST.enigmail and PLIST.lightning.

Revision 1.17 / (download) - annotate - [select for diffs], Fri Nov 29 17:17:25 2013 UTC (6 years ago) by wiz
Branch: MAIN
Changes since 1.16: +1 -0 lines
Diff to previous 1.16 (colored)

Add RCS Ids.

Revision 1.16 / (download) - annotate - [select for diffs], Tue Nov 12 20:50:51 2013 UTC (6 years, 1 month ago) by ryoon
Branch: MAIN
Changes since 1.15: +5102 -11 lines
Diff to previous 1.15 (colored)

Update to 24.1.0

    Fixed an issue where signatures were shown in too lighter grey making them difficult to read (bug 917906)
    Fixed an issue where Auto CC for reply might not work if the cc address is the same as the sending address (bug 917231)
    Security fixes can be found here

Fixed in Thunderbird 24.0
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

    Message threads can now be ignored or watched
    Emails can now be sent to IDN based email addresses
    Zoom functionality is now available in the compose window
    In the Compose window, ctrl/cmd + and ctrl/cmd - now change the zoom setting rather than the font size
    In Twitter, replying to a tweet now replies to all users, just like on the Twitter website
    Interactions in the filter list dialogs have been improved
    In Chat user nicknames are now highlighted when mentioned
    In IRC, long messages will now be sent in multiple parts instead of being cut off
    Various security fixes

Fixed in Thunderbird 24.1
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

Revision 1.15 / (download) - annotate - [select for diffs], Fri Nov 23 11:08:05 2012 UTC (7 years ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.14: +2 -1 lines
Diff to previous 1.14 (colored)

Fix build

* Add missing include file to PLIST.lightning
* Fix xulrunner pathes

Revision 1.14 / (download) - annotate - [select for diffs], Fri Nov 23 07:17:53 2012 UTC (7 years ago) by ryoon
Branch: MAIN
Changes since 1.13: +7 -3 lines
Diff to previous 1.13 (colored)

Update to 17.0

    A Menu Button is now shown to new users by default
    Tabs are now drawn in the title bar on Windows
    An issue causing spell-checking only parts of words in Thunderbird 16 is now fixed (790475)
    An issue causing Thunderbird 16 to repeatedly download emails is now fixed (806760)
    RSS feeds can now be viewed in the Wide View Layout (531397)
    Various fixes and performance improvements
    Various security fixes
    Mac OS X 10.5 is no longer supported

Security fixes:
Fixed in Thunderbird 17
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

Revision 1.13 / (download) - annotate - [select for diffs], Fri Oct 12 18:28:58 2012 UTC (7 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 (colored)

Update to 16.0.1

    16.0.1: Vulnerability outlined here
    We have now added to the list of online storage services that are available for use with Thunderbird Filelink
    Silent, background updates. Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up.
    Various fixes and performance improvements
    Various security fixes
Fixed in Thunderbird 16.0.1
MFSA 2012-89 defaultValue security checks not applied
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

Fixed in Thunderbird 16
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-80 Crash with invalid cast when using instanceof operator
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 Continued access to initial origin after setting document.domain
MFSA 2012-75 select element persistance allows for attacks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

Revision 1.12 / (download) - annotate - [select for diffs], Sun Sep 2 06:43:39 2012 UTC (7 years, 3 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3
Changes since 1.11: +8 -1 lines
Diff to previous 1.11 (colored)

Update to 15.0

* Update Mozilla Lightning to 1.7
* Update Enigmail to 1.4.4 (functionality is not tested yet; should
  be updated)
* Regen patches

    NEW Multi-Channel Chat: You now can enjoy real time conversation with your contacts, right from your favorite messaging application.
    NEW Do Not Track: This option has been implemented as an addition to Search the Web.
    NEW Ubuntu One is now supported in Filelink - the option to upload large attachments to online storage services.
    NEW New User Interface: Thunderbird is replicating the new look and feel of Mozilla Firefox in an effort to provide a similar user experience across all Mozilla software desktop or mobile and all platforms.
    FIXED Various fixes and performance improvements
    FIXED Various security fixes
MFSA 2012-72 Web console eval capable of executing chrome-privileged code
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-67 Installer will launch incorrect executable following new installation
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)

Revision 1.11 / (download) - annotate - [select for diffs], Thu Jul 19 17:57:30 2012 UTC (7 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)

Update to 14.0

* Use Lightning 1.6 release
* Enigmail is not tested fully

Changelog: from
    Various fixes and performance improvements
    Various security fixes

Revision 1.10 / (download) - annotate - [select for diffs], Tue Jun 12 19:37:48 2012 UTC (7 years, 6 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.9: +20 -10 lines
Diff to previous 1.9 (colored)

Update to 13.0

* Update enigmail to 1.4.2
* Update Lightning to 1.5

* Filelink: Upload your files to an online storage service and send links
  to your friends, avoiding bounce back due to large attachments. We have
  partnered with YouSendIt to bring this feature, but additional partners
  will be added in the near future.
* In partnership with Gandi and Hover, you can now sign up for a
  personalized email address from within Thunderbird. Along with your new
  email address, Thunderbird will be automatically set up and ready to
  send and receive messages. We are working with additional suppliers to
  cover more areas of the world and to provide more options in the future.
* Various security fixes
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards
* The minimum system requirements for Windows are now Windows XP Service
  Pack 2 or later.

Revision 1.9 / (download) - annotate - [select for diffs], Sat Apr 28 16:56:58 2012 UTC (7 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)

Update to 12.0

* Remove unused option.
* Update enigmail to 1.4.1

* Global Search results now include message extracts in the results
* Various security fixes
* Various improvements to RSS feed subscription and general feed handling
* Thunderbird now supports add-ons that provide different types of
  local mail storage

Revision 1.8 / (download) - annotate - [select for diffs], Thu Mar 15 08:52:34 2012 UTC (7 years, 8 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.7: +5 -3 lines
Diff to previous 1.7 (colored)

Update to 11.0

* enigmail source is not provided for this version now.
* Switch to xulrunner 11 branch
* Fix security bugs
* Improve stability
* Many bug fixes

Revision 1.7 / (download) - annotate - [select for diffs], Sat Mar 10 11:42:38 2012 UTC (7 years, 9 months ago) by ryoon
Branch: MAIN
Changes since 1.6: +5 -1 lines
Diff to previous 1.6 (colored)

Update to 10.0.2

* Add new features.
* Fix security bugs
* See

Revision 1.6 / (download) - annotate - [select for diffs], Sun Nov 13 16:59:58 2011 UTC (8 years, 1 month ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.5: +8 -9 lines
Diff to previous 1.5 (colored)

Update to thunderbird-8.0 and enigmail-1.3.3.

8.0 changes:
    Thunderbird is based on the new Mozilla Gecko 8 engine
    Add-ons installed by third party programs are now disabled by default
    New Search and Find Shortcuts
    Improved accessibility of the attachment list
    Folder switching pane widget has been removed, can be added back with the
      Folder Pane View Switcher Add-on
    Numerous platform fixes to stability
    Fixed several security issues

7.0 changes:
    Thunderbird is based on the new Mozilla Gecko 7 engine
    Several user interface fixes and improvements
    Several fixes to attachment handling
    Ability to print a summary of selected email messages
    Platform improvements to Address Book
    Fixed several security issues
    Numerous platform fixes that improve speed, performance and stability

Revision 1.5 / (download) - annotate - [select for diffs], Fri Aug 19 14:39:09 2011 UTC (8 years, 3 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3
Changes since 1.4: +333 -29 lines
Diff to previous 1.4 (colored)

Update to thunderbird-6.0 and enigmail-1.2.1.

Release notes for 6.0:
  Thunderbird is based on the new Mozilla Gecko 6 engine
  Several theme improvements for Windows 7
  Support for Windows 7 Jump lists
  Several fixes when importing email from Microsoft Outlook
  Default mail client check now works with newer Linux distributions
  Various other user interface fixes and improvements
  Numerous platform fixes that improve speed, performance, stability and security

Release notes for 5.0:
  More responsive and faster to start up and use
  Thunderbird is based on the new Mozilla Gecko 5 engine
  New Add-ons Manager
  Revised account creation wizard to improve email setup
  New Troubleshooting Information page
  Tabs can now be reordered and dragged to different windows
  Attachment sizes now displayed along with attachments
  Plugins can now be loaded in RSS feeds by default
  There are several theme fixes for Windows Vista and Windows 7
  Support for Mac 32/64 bit Universal builds (Thunderbird no longer supports PowerPC on Mac)
  Over 390 platform fixes that improve speed, performance, stability and security

Revision 1.4 / (download) - annotate - [select for diffs], Tue May 3 13:17:11 2011 UTC (8 years, 7 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)

Security and stability update of thunderbird to 3.1.10.

MFSA 2011-16 Directory traversal in resource: protocol
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/

Revision 1.3 / (download) - annotate - [select for diffs], Mon Jul 12 16:49:21 2010 UTC (9 years, 5 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3
Changes since 1.2: +24 -17 lines
Diff to previous 1.2 (colored)

- Update to thunderbird-3.1
- Update bundled enigmail to 1.1.2
- Update mozilla branch patches to 1.9.2 (from devel/xulrunner)
- While here fix PR pkg/43598 PLIST problem w/ enigmail

Thunderbird 3.1 is based on the Gecko 1.9.2 platform to provide improved
performance, stability, web compatibility, and code simplification and

New features include:
Faster Search Results and Quick Filter Toolbar
 * Faster Search Results
 * Quick Filter Toolbar
User Experience Improvements
 * New Migration Assistant
 * Saved Files Manager
 * Mail Account Setup Wizard
Performance Improvements
  * Improvements to Stability, Memory, and Password Handling

Revision 1.2 / (download) - annotate - [select for diffs], Wed May 19 09:21:43 2010 UTC (9 years, 6 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base, pkgsrc-2010Q2
Changes since 1.1: +12 -1 lines
Diff to previous 1.1 (colored)

Install the gdata provider when lightning is enabled. This allows you to
bidirectionally access your Google Calendar from within lightning.
For more information:

Revision 1.1 / (download) - annotate - [select for diffs], Wed Apr 21 13:33:26 2010 UTC (9 years, 7 months ago) by tnn
Branch: MAIN

Add "mozilla-lightning" option which enables the calendar extension.
This is enabled by default. If you don't want to run lightning it can be
disabled under tools -> add-ons -> Extensions.


This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>