The NetBSD Project

CVS log for pkgsrc/mail/thunderbird/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / mail / thunderbird

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.279: download - view: text, markup, annotated - select for diffs
Mon Dec 9 13:57:53 2024 UTC (43 hours, 53 minutes ago) by ryoon
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.278: preferred, colored
Changes since revision 1.278: +4 -4 lines
mail/thunderbird: Update to 128.5.1

Changelog:
What's New

new
Add end of year donation appeal

What's Fixed

fixed
Total message count for favorite folders did not work consistently

Revision 1.278: download - view: text, markup, annotated - select for diffs
Thu Nov 28 19:32:40 2024 UTC (12 days, 14 hours ago) by ryoon
Branches: MAIN
Diff to: previous 1.277: preferred, colored
Changes since revision 1.277: +4 -4 lines
mail/thunderbird: Update to 128.5.0

Changelog:
128.5.0:
What's Fixed

fixed
IMAP could crash when reading cached messages

fixed
Enabling "Show Folder Size" on Maildir profile could render Thunderbird
unusable

fixed
Messages corrupted by folder compaction were only fixed by user intervention

fixed
Reading a message from past the end of an mbox file did not cause an error

fixed
View -> Folders had duplicate F access keys

fixed
Add-ons adding columns to the message list could fail and cause display issue

fixed
"Empty trash on exit" and "Expunge inbox on exit" did not always work

fixed
Selecting a display option in View -> Tasks did not apply in the Task interface

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-68
#CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL
#CVE-2024-11692: Select list elements could be shown over another site
#CVE-2024-11693: Download Protections were bypassed by .library-ms files on
 Windows
#CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims
#CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace
 Characters
#CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
#CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation
 Dialog
#CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on
 macOS
#CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Thunderbird 133,
 Firefox ESR 128.5, and Thunderbird 128.5


128.4.4:
What's Fixed

fixed
QR codes were not scannable by Android app when using most high-contrast themes

fixed
Primary password prompt cancellation during mobile export was confusing


128.4.3:
What's Fixed

fixed
Folder corruption could cause Thunderbird to freeze and become unusable

fixed
Message corruption could be propagated when reading mbox

fixed
Folder compaction was not abandoned on shutdown

fixed
Folder compaction did not clean up on failure

fixed
Collapsed NNTP thread incorrectly indicated there were unread messages

fixed
Navigating to next unread message did not wait for all messages to be loaded

fixed
Applying column view to folder and children could break if folder error
occurred

fixed
Remote content notifications were broken with encrypted messages

fixed
Updating criteria of a saved search resulted in poor search performance

fixed
Drop-downs may not work in some places

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-61
#CVE-2024-11159: Potential disclosure of plaintext in OpenPGP encrypted message


128.4.2:
What's Changed

changed
Increased the auto-compaction threshold to reduce frequency of compaction

What's Fixed

fixed
New profile creation caused console errors

fixed
Repair folder could result in older messages showing wrong date and time

fixed
Recently deleted messages could become undeleted if message compaction failed

fixed
Visual and UX improvements

fixed
Clicking on an HTML button could cause Thunderbird to freeze

fixed
Messages could not be selected for dragging

fixed
Could not open attached file in a MIME encrypted message

fixed
Account creation "Setup Documentation" link was broken

fixed
Unable to generate QR codes when exporting to mobile in some cases

fixed
Operating system reauthentication was missing when exporting QR codes for
mobile

fixed
Could not drag all-day events from one day to another in week view


128.4.1:
What's New

new
Add the 20 year donation appeal

Revision 1.277: download - view: text, markup, annotated - select for diffs
Thu Oct 31 12:34:32 2024 UTC (5 weeks, 5 days ago) by ryoon
Branches: MAIN
Diff to: previous 1.276: preferred, colored
Changes since revision 1.276: +4 -5 lines
mail/thunderbird: Update to 128.4.0

Changelog:
128.4.0:
What's New
new
Export Thunderbird account settings to Thunderbird Mobile via QRCode

What's Fixed
fixed
Unable to send an unencrypted response to an OpenPGP encrypted message

fixed
Thunderbird update did not update language pack version until another restart

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-58
#CVE-2024-10458: Permission leak via embed or object elements
#CVE-2024-10459: Use-after-free in layout with accessibility
#CVE-2024-10460: Confusing display of origin for external protocol handler
 prompt
#CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/
 x-mixed-replace response
#CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
#CVE-2024-10463: Cross origin video frame leak
#CVE-2024-10464: History interface could have been used to cause a Denial of
 Service condition in the browser
#CVE-2024-10465: Clipboard "paste" button persisted across tabs
#CVE-2024-10466: DOM push subscription message could hang Firefox
#CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132,
 Firefox ESR 128.4, and Thunderbird 128.4

Revision 1.276: download - view: text, markup, annotated - select for diffs
Sat Oct 26 16:15:16 2024 UTC (6 weeks, 3 days ago) by ryoon
Branches: MAIN
Diff to: previous 1.275: preferred, colored
Changes since revision 1.275: +4 -4 lines
mail/thunderbird: Update to 128.3.3

Changelog:
128.3.3:
What's Fixed

fixed
Files left over from failed folder compactions could use up disk space

fixed
Message list returned to selected message after action on another message

fixed
Some faulty messages were downloaded and never stored

fixed
Messages could become corrupted during folder compaction

fixed
Searching events by Location, Description, or URL failed

fixed
"Remove All Shown" saved passwords deleted all logins if filtered without
 results

fixed
Calendar event updates were not always sent to attendees

Revision 1.275: download - view: text, markup, annotated - select for diffs
Fri Oct 18 15:27:59 2024 UTC (7 weeks, 4 days ago) by ryoon
Branches: MAIN
Diff to: previous 1.274: preferred, colored
Changes since revision 1.274: +4 -4 lines
mail/thunderbird: Update to 128.3.2

Changelog:
128.3.2:
What's Changed

changed
Reinstated "All future events" to the calendar event filtering

What's Fixed

fixed
Ctrl+Drag moved messages instead of copying them when running on Wayland

fixed
Fixed startup crash related to mailbox parsing

fixed
Saving an EML file that was opened from a file did not work

fixed
Delete confirmation could appear twice when using shift+delete

fixed
Performance could be degraded when using cards view with tags

fixed
Stored draft messages were not encrypted when recipients were not specified

fixed
"Attach this image to the message" checkbox not checked when inserting image

fixed
Quick filter state was not reset when a special view was chosen

fixed
Drag and drop to collapsed folders resulted in incorrect collapsed state

fixed
RSS feed with invalid hostname broke the RSS feed folder

fixed
New Account creation could fail to add SMTP server

fixed
Could not drag and drop multiple contacts from address book to destination
fields

fixed
Delayed sending of message could fail when retrying copy to Sent folder

fixed
ICS calendar import could fail if it contained non-UTF-8 data

fixed
Searching with "Find Events Pane" failed if an event did not have a title

fixed
Visual and UX improvements

fixed
Could not import binary OpenPGP key file ending with whitespace

fixed
Thunderbird could crash on startup

Revision 1.274: download - view: text, markup, annotated - select for diffs
Sat Oct 12 09:07:01 2024 UTC (8 weeks, 4 days ago) by ryoon
Branches: MAIN
Diff to: previous 1.273: preferred, colored
Changes since revision 1.273: +16 -4 lines
mail/thunderbird: Update to 128.3.1

* Fix build with Python 3.13. Patches from www/firefox.

Changelog:
Security fixes:
Mozilla Foundation Security Advisory 2024-52
#CVE-2024-9680: Use-after-free in Animation timeline

Revision 1.273: download - view: text, markup, annotated - select for diffs
Tue Oct 8 05:48:25 2024 UTC (2 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.272: preferred, colored
Changes since revision 1.272: +4 -4 lines
mail/thunderbird: Remove nodejs kit part

* Thunderbird-128 does not support nodejs kit. Remove it.

Changelog:
128.3.0:
fixed
Opening an EML file with a 'mailto:' link did not work

fixed
Collapsed POP3 account folder was expanded after emptying trash on exit

fixed
"Mark Folder Read" on a cross-folder search marked all underlying folders read

fixed
Unable to open/view attached OpenPGP encrypted messages

fixed
Unable to "Decrypt and Open" an attached OpenPGP key file

fixed
Subject could disappear when replying to a message saved in an EML file

fixed
OAuth2 authentication method was not available when adding SMTP server

fixed
Unable to subscribe to .ics calendars in some situations

fixed
Visual and UX improvements

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-49
#CVE-2024-9392: Compromised content process can bypass site isolation
#CVE-2024-9393: Cross-origin access to PDF contents through multipart responses
#CVE-2024-9394: Cross-origin access to JSON contents through multipart
 responses
#CVE-2024-8900: Clipboard write permission bypass
#CVE-2024-9396: Potential memory corruption may occur when cloning certain
 objects
#CVE-2024-9397: Potential directory upload bypass via clickjacking
#CVE-2024-9398: External protocol handlers could be enumerated via popups
#CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of
 service
#CVE-2024-9400: Potential memory corruption during JIT compilation
#CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
 Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
#CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
 Thunderbird 131, and Thunderbird 128.3

Revision 1.272: download - view: text, markup, annotated - select for diffs
Tue Oct 1 15:01:27 2024 UTC (2 months, 1 week ago) by ryoon
Branches: MAIN
Diff to: previous 1.271: preferred, colored
Changes since revision 1.271: +39 -38 lines
mail/thunderbird: Update to 128.2.3

* Enable WebRTC.

Changelog:
128.2.3:
fixed
Reverted OAuth2 changes from 128.2.2esr due to authentication timeout after upgrade

128.2.2:
new
Account setup is updated to support OAuth2 granular permissions

fixed
Thunderbird could crash when using return receipt with OWL add-on
fixed

Folder pane display was blank due to invalid mail server hostname

fixed
Some users were unable to log in to Microsoft 365

fixed
Matrix end-to-end encryption tab in account settings could be shown for XMPP account

fixed
Participant and message were not populated when user left the room using XMPP

fixed
Visual and UX improvements

128.0:
fixed
Opening profile import tab then restarting Thunderbird caused import tab to malfunction

fixed
"Total" column did not display message count when using "Grouped by" sorting

fixed
Could not add events to CalDAV calendar when UID contained special characters

fixed
Visual and UX improvements

Revision 1.271: download - view: text, markup, annotated - select for diffs
Mon Sep 23 23:55:18 2024 UTC (2 months, 2 weeks ago) by gdt
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3
Diff to: previous 1.270: preferred, colored
Changes since revision 1.270: +3 -1 lines
mail/thunderbird: Remediate cbindgen instability

This commit cherry-picks two patches from www/firefox, which are
themselves cherry-picks from upstream mozilla.  The build gets vastly
further, and might even succeed.

Revision 1.270: download - view: text, markup, annotated - select for diffs
Tue Aug 20 14:11:52 2024 UTC (3 months, 3 weeks ago) by ryoon
Branches: MAIN
Diff to: previous 1.269: preferred, colored
Changes since revision 1.269: +7 -5 lines
mail/thunderbird: Fix build with lang/rust-1.79.0

* Fix build with patches from FreeBSD Ports.
* This package cannot be build under NetBSD/i386 for me because
  of out-of-memory.

Revision 1.269: download - view: text, markup, annotated - select for diffs
Thu Aug 1 15:27:50 2024 UTC (4 months, 1 week ago) by ryoon
Branches: MAIN
Diff to: previous 1.268: preferred, colored
Changes since revision 1.268: +7 -4 lines
mail/thunderbird: Update to 115.13.0

* Remove static_assert()s. This is not valid for NetBSD/i386 10 or later.
  This may be inconsistency between stddef.h and GCC's assumption.
* Force Clto=thin to reduce memory usage during build.
* Import some other changes from www/firefox115.

Changelog:
115.13.0:
fixed After starting Thunderbird, the message list position was sometimes set to an incorrect position

fixed Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-31
#CVE-2024-6600: Memory corruption in WebGL API
#CVE-2024-6601: Race condition in permission assignment
#CVE-2024-6602: Memory corruption in NSS
#CVE-2024-6603: Memory corruption in thread creation
#CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
 Thunderbird 128, and Thunderbird 115.13

Revision 1.267.2.1: download - view: text, markup, annotated - select for diffs
Sun Jul 14 16:57:19 2024 UTC (4 months, 4 weeks ago) by bsiegert
Branches: pkgsrc-2024Q2
Diff to: previous 1.267: preferred, colored; next MAIN 1.268: preferred, colored
Changes since revision 1.267: +4 -4 lines
Pullup ticket #6873 - requested by taca
mail/thunderbird: security fix
mail/thunderbird-l10n: dependent update

Revisions pulled up:
- mail/thunderbird-l10n/Makefile                                1.122
- mail/thunderbird-l10n/distinfo                                1.117
- mail/thunderbird/Makefile                                     1.319
- mail/thunderbird/distinfo                                     1.268

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Jun 28 13:46:52 UTC 2024

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   mail/thunderbird: Update to 115.12.2

   Changelog:
   115.12.2:
   What's Fixed

   fixed
   Annual Thunderbird Beta appeal intended for Thunderbird 115.12.0 did not open
   as expected

   115.12.1:
   What's Fixed

   fixed
   POP error messages from server were not displayed

   fixed
   Some OpenPGP messages were incorrectly reported as being partially signed or
   encrypted

   fixed
   Autocrypt header was missing from some encrypted messages due to case-sensitive
   email address matching

   fixed
   "Convert to Table" dialog content was formatted incorrectly

   fixed
   Opening Theme Settings reverted the current theme to the startup theme

   fixed
   Security fixes

   Security fixes:
   Mozilla Foundation Security Advisory 2024-28
   #CVE-2024-5702: Use-after-free in networking
   #CVE-2024-5688: Use-after-free in JavaScript object transplant
   #CVE-2024-5690: External protocol handlers leaked by timing attack
   #CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
   #CVE-2024-5692: Bypass of file name restrictions during saving
   #CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas
   #CVE-2024-5696: Memory Corruption in Text Fragments
   #CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
    and Thunderbird 115.12

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Jun 28 13:47:36 UTC 2024

   Modified Files:
   	pkgsrc/mail/thunderbird-l10n: Makefile distinfo

   Log Message:
   mail/thunderbird-l10n: Update to 115.12.2

   * Sync with mail/thunderbird-115.12.2.

Revision 1.268: download - view: text, markup, annotated - select for diffs
Fri Jun 28 13:46:52 2024 UTC (5 months, 1 week ago) by ryoon
Branches: MAIN
Diff to: previous 1.267: preferred, colored
Changes since revision 1.267: +4 -4 lines
mail/thunderbird: Update to 115.12.2

Changelog:
115.12.2:
What's Fixed

fixed
Annual Thunderbird Beta appeal intended for Thunderbird 115.12.0 did not open
as expected

115.12.1:
What's Fixed

fixed
POP error messages from server were not displayed

fixed
Some OpenPGP messages were incorrectly reported as being partially signed or
encrypted

fixed
Autocrypt header was missing from some encrypted messages due to case-sensitive
email address matching

fixed
"Convert to Table" dialog content was formatted incorrectly

fixed
Opening Theme Settings reverted the current theme to the startup theme

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-28
#CVE-2024-5702: Use-after-free in networking
#CVE-2024-5688: Use-after-free in JavaScript object transplant
#CVE-2024-5690: External protocol handlers leaked by timing attack
#CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to
 open a new window
#CVE-2024-5692: Bypass of file name restrictions during saving
#CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas
#CVE-2024-5696: Memory Corruption in Text Fragments
#CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
 and Thunderbird 115.12

Revision 1.267: download - view: text, markup, annotated - select for diffs
Tue Jun 18 03:12:25 2024 UTC (5 months, 3 weeks ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2024Q2-base
Branch point for: pkgsrc-2024Q2
Diff to: previous 1.266: preferred, colored
Changes since revision 1.266: +4 -4 lines
mail/thunderbird: Update to 115.12.0

* Drop gtk2 dependency.

Changelog:
What's Fixed

fixed
POP error messages from server were not displayed

fixed
Some OpenPGP messages were incorrectly reported as being partially signed or
encrypted

fixed
Autocrypt header was missing from some encrypted messages due to case-sensitive
email address matching

fixed
"Convert to Table" dialog content was formatted incorrectly

fixed
Opening Theme Settings reverted the current theme to the startup theme

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-28
#CVE-2024-5702: Use-after-free in networking
#CVE-2024-5688: Use-after-free in JavaScript object transplant
#CVE-2024-5690: External protocol handlers leaked by timing attack
#CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to
 open a new window
#CVE-2024-5692: Bypass of file name restrictions during saving
#CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas
#CVE-2024-5696: Memory Corruption in Text Fragments
#CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
 and Thunderbird 115.12

Revision 1.266: download - view: text, markup, annotated - select for diffs
Fri Jun 7 19:41:31 2024 UTC (6 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.265: preferred, colored
Changes since revision 1.265: +4 -4 lines
mail/thunderbird: Update to 115.11.1

Changelog:
What's New

new
Added a short anonymous survey that a small number of users will be randomly
asked to complete

Revision 1.265: download - view: text, markup, annotated - select for diffs
Sun May 19 11:33:17 2024 UTC (6 months, 3 weeks ago) by ryoon
Branches: MAIN
Diff to: previous 1.264: preferred, colored
Changes since revision 1.264: +4 -4 lines
mail/thunderbird: Update to 115.11.0

Changelog:
115.11.0:
What's Fixed
fixed
Splitter arrow between task list and task description did not behave as
expected

fixed
Calendar Event Attendees dialog had incorrectly sized rows

fixed
Security fixes
Mozilla Foundation Security Advisory 2024-23
#CVE-2024-4367: Arbitrary JavaScript execution in PDF.js
#CVE-2024-4767: IndexedDB files retained in private browsing mode
#CVE-2024-4768: Potential permissions request bypass via clickjacking
#CVE-2024-4769: Cross-origin responses could be distinguished between script
 and non-script content-types
#CVE-2024-4770: Use-after-free could occur when printing to PDF
#CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
 and Thunderbird 115.11

115.10.2:
What's Changed
changed
Update channel for Thunderbird 115 is now esr.

115.10.1:
What's Fixed
fixed
Thunderbird processes did not exit cleanly; user intervention was required via
task manager

115.9.0:
What's Fixed
fixed
Opened ignored messages in a message thread/subthread were not marked as read
in IMAP folders

fixed
Multi-language spellcheck sometimes skipped languages

fixed
Thread tree did not update when live language switching

fixed
Visual improvements to "Reorder Attachments" popup

fixed
Sort order was sometimes incorrect in Grouped By views

fixed
Selecting "Match all messages" in Filter Rules dialog did not disable all
search criteria

fixed
S/MIME-only signed messages sometimes incorrectly displayed signature as
invalid

fixed
OpenPGP keys uploaded to an HKP keyserver were sent with the wrong Content-Type
header

fixed
Keyboard navigation within search toolbar did not work

fixed
Flatpak builds only had the en-US spell check dictionary available

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-14
#CVE-2024-0743: Crash in NSS TLS method
#CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector
#CVE-2024-2607: JIT code failed to save return registers on Armv7-A
#CVE-2024-2608: Integer overflow could have led to out of bounds write
#CVE-2024-2616: Improve handling of out-of-memory conditions in ICU
#CVE-2023-5388: NSS susceptible to timing attack against RSA decryption
#CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce
 leakage
#CVE-2024-2611: Clickjacking vulnerability could have led to a user
 accidentally granting permissions
#CVE-2024-2612: Self referencing object could have potentially led to a
 use-after-free
#CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and
 Thunderbird 115.9

115.8.1:
What's Fixed
fixed
Settings: Updating tags failed if Automatic Updates were disabled

fixed
Size of collapsed folders in folder pane did not include size of subfolders

fixed
Reversing sort order of Grouped By views in quick search did not reverse

fixed
Removing threaded messages in a unified folder sometimes resulted in an
incorrect number of levels in the thread

fixed
Thread collapsing did not behave correctly when copying thread messages in
multi-folder view

fixed
S/MIME encryption failed to encrypt if unsupported certificate type was
encountered

fixed
Decrypting a copy of an S/MIME encrypted, opaque-signed message created an
unreadable message

fixed
Thunderbird sometimes changed the subject of messages selected while
simultaneously decrypting a large PGP-encrypted message

fixed
"Quote message" menu item in compose window did not work when replying to
message opened in separate tab

fixed
Toolbar customization window contents overflowed the window width

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-11
#CVE-2024-1936: Leaking of encrypted email subjects to other conversations

115.8.0:
What's New

new
Added option to show packet dump when OpenPGP fails to decrypt

What's Fixed

fixed
Thunderbird slowed down significantly when opening email files (.eml)

fixed
Inbox view intermittently reverted to default view after moving or deleting
messages

fixed
Size of collapsed folders in folder pane did not include size of subfolders

fixed
Hovering over folder does not always expand subfolders

fixed
Switching to thread pane of a folder using keyboard navigation did not focus
top message

fixed
Clicking "Sent unsent messages" in Outbox context menu while in offline mode
did not prompt user to go online

fixed
Mail tab-specific Unified Toolbar buttons received focus incorrectly

fixed
Quick Filter settings did not persist when Quick Filter bar was turned off

fixed
Quick Filters were unusually slow

fixed
OpenPGP Key Manager filtering did not work

fixed
OpenPGP sometimes attempted to decrypt message with incorrect key

fixed
Autoconfig failed on servers that did not support OAuth2

fixed
Opening different attachments with the same name in different messages could
cause attachment files to become conflated

fixed
Overflowed attachment list could not be scrolled

fixed
Passwords disappeared from password manager list after applying and clearing
filters

fixed
Cookies in cookie manager list disappeared after applying and then clearing
filters

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-07
#CVE-2024-1546: Out-of-bounds memory read in networking channels
#CVE-2024-1547: Alert dialog could have been spoofed on another site
#CVE-2024-1548: Fullscreen Notification could have been hidden by select
 element
#CVE-2024-1549: Custom cursor could obscure the permission dialog
#CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to
 unintended permission grants
#CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in
 response parts
#CVE-2024-1552: Incorrect code generation on 32-bit ARM devices
#CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and
 Thunderbird 115.8

Revision 1.264: download - view: text, markup, annotated - select for diffs
Fri May 10 09:14:06 2024 UTC (7 months ago) by jperkin
Branches: MAIN
Diff to: previous 1.263: preferred, colored
Changes since revision 1.263: +2 -1 lines
mozilla: Support illumos triple.

Revision 1.263: download - view: text, markup, annotated - select for diffs
Sun Feb 11 15:12:45 2024 UTC (9 months, 4 weeks ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2024Q1-base, pkgsrc-2024Q1
Diff to: previous 1.262: preferred, colored
Changes since revision 1.262: +4 -4 lines
mail/thunderbird: Update to 115.7.0

Changelog:
115.7.0:
What's New

new
Autocrypt Gossip key distribution added

Fixes
fixed
When starting Thunderbird, unread message count did not appear on collapsed
accounts

fixed
Blank window was sometimes displayed when starting Thunderbird

fixed
Thunderbird "--chrome" flag incorrectly opened extra messenger.xhtml

fixed
Add-ons did not start correctly when opening Thunderbird from other programs

fixed
Drag-and-drop installation of add-ons did not work if Add-ons Manager was
opened from Unified Toolbar

fixed
Double-clicking empty space in message pane incorrectly opened the currently
selected message

fixed
Canceling SMTP send before progress reached 100% did not stop message from
sending

fixed
PDF attachments open in a separate tab did not always restore correctly after
restarting Thunderbird

fixed
Some OpenPGP dialogs were too small for their contents

fixed
Account Manager did not work with hostnames entered as punycode

fixed
Downloading complete message from POP3 headers caused message tab/window to
close when "Close message window/tab on move or delete" was enabled

fixed
Some ECC GPG keys could not be exported

fixed
Contacts deleted from mailing list view still visible in Details view

fixed
After selecting contacts in Address Book and starting a new search, the search
results list did not update

fixed
Various UX and visual improvements

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2024-04
#CVE-2024-0741: Out of bounds write in ANGLE
#CVE-2024-0742: Failure to update user input timestamp
#CVE-2024-0746: Crash when listing printers on Linux
#CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline
 was set
#CVE-2024-0749: Phishing site popup could show local origin in address bar
#CVE-2024-0750: Potential permissions request bypass via clickjacking
#CVE-2024-0751: Privilege escalation through devtools
#CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
#CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and
 Thunderbird 115.7


115.6.1:
What's New

new
OAuth2 now supported for comcast.net

Fixes

fixed
High CPU usage sometimes occurred with IMAP CONDSTORE (conditional STORE)
enabled

fixed
Replying to a collapsed thread via keyboard shortcut (Ctrl+R/Cmd+R) opened a
reply for every message in the thread

fixed
Enabling Grouped By view after reversing sort order of column header caused
messages to be grouped incorrectly

fixed
Opening thread pane context menu via keyboard did not always scroll view to
selection

fixed
New mail indicator for POP3 accounts did not indicate new messages ready to be
downloaded

fixed
Messages could not be moved to folders using Message > Move To if text or a
link in the message had been clicked on first

fixed
MIME part boundaries were not properly terminated


115.6.0:
Fixes

fixed
Message selection misbehaved after selecting a sub-message in an expanded
thread, collapsing the thread, then pressing up/down to move selection

fixed
Thunderbird now attempts to reconnect on a new connection after SMTP 4xx errors

fixed
HTML FileLink attachments used the wrong encoding

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2023-55
#CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP signature
#CVE-2023-50761: S/MIME signature accepted despite mismatching message date
#CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced
 method with Mesa VM driver
#CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
#CVE-2023-6858: Heap buffer overflow in nsTextFragment
#CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer
#CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture
 validation
#CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in
 headless mode
#CVE-2023-6862: Use-after-free in nsDNSService
#CVE-2023-6863: Undefined behavior in ShutdownObserver()
#CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and
 Thunderbird 115.6


115.5.2:
Fixes

fixed
"Compact" option was missing from folder context menu for IMAP accounts using
maildir

fixed
Message list could not be properly read by screen readers in table view

fixed
Messages with slow-loading images were delayed being marked as read

fixed
Messages opened in background tab were incorrectly marked as read

fixed
Mark All Read did not work for virtual folders

fixed
Delete (trash icon) in message display did not work in Unified folders

fixed
Unified folders were missing "Mark Folder Read" option in context menu

fixed
"Reply to List" was incorrectly disabled in Unified Toolbar since Thunderbird
115.4.1

fixed
Sorting by column with "Grouped By" enabled then performing a quick filter
search caused blank message pane

fixed
Attachment list did not always appear if remote message content loaded slowly

fixed
Messages in outbox were not shown as unread by default

fixed
"Apply columns to" sometimes failed to apply columns to a root folder and its
descendants

fixed
Global search results displayed as a list did not allow threads to be collapsed

fixed
"Quick Filter" button on toolbar was disabled when viewing search results as a
list

fixed
Folder open hover delay was too short when using drag-and-drop

fixed
Parent folders with collapsed subfolders did not consistently display new mail
indicator or message count for subfolders

fixed
Message list scroll position could move randomly when switching folders

fixed
Undoing deletion of local messages required using "Undo" (Ctrl-Z) twice

fixed
IMAP messages deleted in Thunderbird still appeared in other email clients that
don't respect messages marked "\deleted"

fixed
IMAP folder discovery was slowed by status bar message updates

fixed
Servers with non-LDH (letters-digits-hyphens) hostnames, such as those
containing non-ASCII Unicode characters, could not be found

fixed
Images could not be copied and pasted from one message into another

fixed
Troubleshooting page (about:support) did not work on profiles with no outgoing
email server, such as news-only profiles

fixed
Minimize/maximize button order was incorrect when placing window titlebar
buttons on left-hand side

fixed
OpenPGP integraton with smartcard using latest version of Gpg4Win failed

fixed
Various accessibility improvements

fixed
Various UX and visual improvements

Revision 1.262: download - view: text, markup, annotated - select for diffs
Mon Dec 4 03:46:03 2023 UTC (12 months, 1 week ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4
Diff to: previous 1.261: preferred, colored
Changes since revision 1.261: +4 -4 lines
thunderbird: Update to 115.5.1

* Use ffmpeg6.

Changelog:
Fixes

fixed
Advanced GnuPG keys may be protected with an unexpected passphrase

fixed
OpenPGP signatures rejected due to mismatched signature timestamp now display
signature timestamp and clarifying message

fixed
Advanced address book search did not return results if display name was left
blank

fixed
Clicking on attendee when inviting attendees added the attendee twice

Revision 1.261: download - view: text, markup, annotated - select for diffs
Thu Nov 23 15:27:29 2023 UTC (12 months, 2 weeks ago) by ryoon
Branches: MAIN
Diff to: previous 1.260: preferred, colored
Changes since revision 1.260: +4 -4 lines
thunderbird: Update to 115.5.0

Changelog:
Fixes

fixed
Initial message was not automatically selected when opened in conversation

fixed
Newsgroup users using FQDN identity generated message ID headers with incorrect
domain name

fixed
Link previews had poor legibility in dark mode

fixed
Plasma's task switcher displayed the default icon when running the Thunderbird
Flatpak on Wayland

fixed
Link to Flatpak manifest was incorrect

fixed
Security fixes

security fixes:
Mozilla Foundation Security Advisory 2023-52
#CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
#CVE-2023-6205: Use-after-free in MessagePort::Entangled
#CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition
#CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
#CVE-2023-6208: Using Selection API would copy contents into X11 primary
 selection.
#CVE-2023-6209: Incorrect parsing of relative URLs starting with "///"
#CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and
 Thunderbird 115.5

Revision 1.260: download - view: text, markup, annotated - select for diffs
Tue Nov 21 21:32:51 2023 UTC (12 months, 2 weeks ago) by ryoon
Branches: MAIN
Diff to: previous 1.259: preferred, colored
Changes since revision 1.259: +4 -5 lines
thunderbird: Update to 115.4.3

* Use internal icu to fix the runtime errors in calendar.

Changelog:
115.4.3:
Fixes

fixed
Forwarding multiple messages as attachments failed

fixed
Message list scrolling fixes

fixed
Some text remained incorrectly visible in the message list when using "Grouped
By" sorting

fixed
Subject lines were excessively indented in "Grouped by" views

fixed
"Open Message in Conversation" was incorrectly enabled for selections of
multiple messages

fixed
States of collapsed and expanded threads were not maintained when switching
folders

fixed
Pressing "n" to move to the next unread message on an unread, collapsed thread
opened the thread and selected the second message instead of the first

fixed
Search Folders dialog improvements

fixed
"Read Messages" button in Account Central did not retrieve mail from POP
accounts

fixed
Events canceled by the organizer were incorrectly sent cancelation message


115.4.2:
Fixes

fixed
No messages or calendar items were displayed on startup

fixed
Toolbar & Folder View widget fixes

fixed
Insert image dialog was not properly sized on some localized builds

fixed
The "unencrypted subject" icon was always briefly displayed when replying to a
message

fixed
RSS feeds with lengthy attachment filenames cut off visible content

fixed
RSS feeds with no favicon displayed default icon in the folder color

fixed
NNTP messages that were previously downloaded were not displayed if the server
went offline

fixed
Vcard photos were not imported when using opening the file with Thunderbird

fixed
Publishing calendars to invalid URLs did not display a helpful error

fixed
Publishing calendar events via authenticated WebDAV failed

fixed
Converting a message to an event failed when the message pane was not displayed

fixed
Redirect dialog displayed for WebDAV calendars was too small

fixed
Visual and Theme improvements

115.4.1:
What's New

new
"Manage Newsgroups Subscription" now displayed on Account Central when using
newsgroups

Fixes

fixed
Manually configured authentication methods on accounts did not always persist

fixed
"Send Autocrypt key in header" preference was available on accounts with no
encryption key

fixed
SHA-1 certificates were not accepted in Thunderbird 115; acceptance of SHA-1
messages can now be enabled via optional preference

fixed
Various Flatpak enhancements

fixed
Opening folder in new tab by clicking scroll wheel/middle mouse button did not
work in Folder Pane

fixed
Message list did not automatically scroll to new messages when switching
folders

fixed
"Move/Copy to again" was sometimes displayed in the folder context menu when it
should not have been

fixed
Multiple message drafts or message templates could not be opened simultaneously
for editing

fixed
Tools > Filters dialog did not open in Unified Folder view if no messages were
selected

fixed
Printing dialog could be opened, even with no messages selected

fixed
"From" address was editable when creating a new message from a template if the
account identity contained Unicode characters

fixed
Opening a saved .eml file in compose window did not preserve message subject
from file

fixed
Replying to some plaintext messages with desired quote selected in original
message did not preserve formatting of quote

fixed
"Edit as New", "Reply", and "Redirect" could not be used on multiple messages
simultaneously

fixed
"Reply to List" option was always enabled, even with no list to reply to

fixed
"Archive" button in message pane was enabled on messages that could not be
archived

fixed
"Followup-To" label was incorrectly labeled as "Newsgroups"

fixed
"Save image as" option did not work for RSS feed items displayed as a webpage

fixed
OTR verification dialog was blank, preventing verification of OTR chat sessions

fixed
Calendar event import failed for some ICS files

fixed
Permission description strings were missing from Add-Ons Manager

fixed
Various visual fixes

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2023-47
#CVE-2023-5721: Queued up rendering could have allowed websites to clickjack
#CVE-2023-5732: Address bar spoofing via bidirectional characters
#CVE-2023-5724: Large WebGL draw could have led to a crash
#CVE-2023-5725: WebExtensions could open arbitrary URLs
#CVE-2023-5726: Full screen notification obscured by file open dialog on macOS
#CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle,
 .appx, and .appxbundle files on Windows
#CVE-2023-5728: Improper object tracking during GC in the JavaScript engine
 could have led to a crash.
#CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and
 Thunderbird 115.4.1

115.3.3:
Fixes

fixed
Modifier keys did not work as expected when dragging a message over the folder
tree on macOS

fixed
"Folder Location" toolbar button did not work for local folders

fixed
"Copy to again" option disappeared from context menu after copying to Gmail
folder with non-ASCII name

fixed
Default reply identity did not use "Delivered-To" address when catch-all was
active

fixed
"View Headers All" did not work when selected in standalone message window

fixed
Viewing the mail filter log displayed an error if no log file was present

115.3.2:
Fixes

fixed
"Open in conversation" did not open messages in a thread view

fixed
News messsage with non-ASCII author name were incorrectly canceled

fixed
Localized "Re: " prefix was not stripped from news messages

fixed
Thunderbird attempted to load accounts missing server hostname, causing blank
3-pane window

fixed
Permission description strings were missing from Add-Ons Manager

fixed
Card View displayed incorrect recipient name for mail and news accounts,
depending on folder

fixed
Spell check dictionary dialog sometimes pushed Close button out of view

fixed
Importing calendars from iCal files did not work under certain circumstances

fixed
Calendar invitations were not sent to event participants, only organizer

fixed
Calendar alarm dialogs with lengthy descriptions pushed buttons out of view

fixed
Various visual fixes

115.3.1:
Fixes

fixed
In Unified Folders view, some folders had incorrect unified folder parent

fixed
"Edit message as new" did not restore encrypted subject from selected message

fixed
Importing some CalDAV calendars with yearly recurrence events caused
Thunderbird to freeze

fixed
Security fixes

Mozilla Foundation Security Advisory 2023-44
#CVE-2023-5217: Heap buffer overflow in libvpx

115.3.0:
Fixes

fixed
Thunderbird could not import profiles with hostname ending in dot (".")

fixed
Message header was occasionally missing in message preview

fixed
Setting an existing folder's type flag did not add descendant folders to the
Unified Folders view

fixed
Thunderbird did not always delete all temporary mail files, sometimes
preventing messages from being sent

fixed
Status bar in Message Compose window could not be hidden

fixed
Message header was intermittently missing from message preview

fixed
OAuth2 did not work on some profiles created in Thunderbird 102.6.1 or earlier

fixed
In Vertical View, decrypted subject lines were displayed as ellipsis ("...") in
message list

fixed
Condensed address preference (mail.showCondensedAddresses) did not show
condensed addresses in message list

fixed
Spam folder could not be assigned non-ASCII names with IMAP UTF-8 enabled

fixed
Message header was not displayed until images finished loading, causing
noticeable delay for messages containing large images

fixed
Large SVG favicons did not display on RSS feeds

fixed
Context menu items did not display a hover background color

fixed
Security fixes

Mozilla Foundation Security Advisory 2023-43
#CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
#CVE-2023-5169: Out-of-bounds write in PathOps
#CVE-2023-5171: Use-after-free in Ion Compiler
#CVE-2023-5174: Double-free in process spawning on Windows
#CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and
 Thunderbird 115.3

115.2.3:
Changes

changed
Card view and vertical layout are now default for new profiles

Fixes

fixed
Go > Folder menu was disabled

fixed
"Tools" menu was blank when opened from compose window on macOS

fixed
Deleting an attachment from a message on an IMAP server corrupted the local
copy when configured with "mark as deleted"

fixed
Manually entered passwords were not remembered for OAuth-authenticated accounts
such as Yahoo mail

fixed
Quick Filter's "Keep filters applied" did not persist after restarting
Thunderbird

fixed
Top-level Quick Filter settings did not persist after restart

fixed
Notifications for new messages with non-ASCII characters in the subject were
garbled

fixed
"Mark Thread As Read" did not work when some messages in thread were already
read

fixed
New Groups tab in NNTP subscribe dialog id not work as expected

fixed
Negative values were allowed in "Share for files larger than" field

fixed
Thunderbird sometimes crashed when deleting a parent folder with subfolders

fixed
"Send Message Error" appeared intermittently while Thunderbird was idle

fixed
Focused but not selected messages were missing visual indication of focus in
card view

fixed
Notification dot did not disappear from taskbar icon on Windows after messages
had already been read

fixed
Multiple selected messages could not be opened simultaneously if selection
included more than 19 messages

fixed
Email replies received via BCC incorrectly populated From field with default
identity

fixed
User was not always notified of message send failures in outbox

fixed
Tag dialog did not close properly after editing tag

fixed
Newsgroup field in compose window did not autocomplete with suggested newsgroup
names

fixed
Canceling newsgroup messages did not check if sender matched user's own
identity

fixed
Event dialog with several invitees expanded beyond screen height

fixed
Message check boxes were partially obstructed in message list

115.4.3:
Fixes

fixed
Forwarding multiple messages as attachments failed

fixed
Message list scrolling fixes

fixed
Some text remained incorrectly visible in the message list when using "Grouped
By" sorting

fixed
Subject lines were excessively indented in "Grouped by" views

fixed
"Open Message in Conversation" was incorrectly enabled for selections of
multiple messages

fixed
States of collapsed and expanded threads were not maintained when switching
folders

fixed
Pressing "n" to move to the next unread message on an unread, collapsed thread
opened the thread and selected the second message instead of the first

fixed
Search Folders dialog improvements

fixed
"Read Messages" button in Account Central did not retrieve mail from POP
accounts

fixed
Events canceled by the organizer were incorrectly sent cancelation message


115.4.2:
Fixes

fixed
No messages or calendar items were displayed on startup

fixed
Toolbar & Folder View widget fixes

fixed
Insert image dialog was not properly sized on some localized builds

fixed
The "unencrypted subject" icon was always briefly displayed when replying to a
message

fixed
RSS feeds with lengthy attachment filenames cut off visible content

fixed
RSS feeds with no favicon displayed default icon in the folder color

fixed
NNTP messages that were previously downloaded were not displayed if the server
went offline

fixed
Vcard photos were not imported when using opening the file with Thunderbird

fixed
Publishing calendars to invalid URLs did not display a helpful error

fixed
Publishing calendar events via authenticated WebDAV failed

fixed
Converting a message to an event failed when the message pane was not displayed

fixed
Redirect dialog displayed for WebDAV calendars was too small

fixed
Visual and Theme improvements

115.4.1:
What's New

new
"Manage Newsgroups Subscription" now displayed on Account Central when using
newsgroups

Fixes

fixed
Manually configured authentication methods on accounts did not always persist

fixed
"Send Autocrypt key in header" preference was available on accounts with no
encryption key

fixed
SHA-1 certificates were not accepted in Thunderbird 115; acceptance of SHA-1
messages can now be enabled via optional preference

fixed
Various Flatpak enhancements

fixed
Opening folder in new tab by clicking scroll wheel/middle mouse button did not
work in Folder Pane

fixed
Message list did not automatically scroll to new messages when switching
folders

fixed
"Move/Copy to again" was sometimes displayed in the folder context menu when it
should not have been

fixed
Multiple message drafts or message templates could not be opened simultaneously
for editing

fixed
Tools > Filters dialog did not open in Unified Folder view if no messages were
selected

fixed
Printing dialog could be opened, even with no messages selected

fixed
"From" address was editable when creating a new message from a template if the
account identity contained Unicode characters

fixed
Opening a saved .eml file in compose window did not preserve message subject
from file

fixed
Replying to some plaintext messages with desired quote selected in original
message did not preserve formatting of quote

fixed
"Edit as New", "Reply", and "Redirect" could not be used on multiple messages
simultaneously

fixed
"Reply to List" option was always enabled, even with no list to reply to

fixed
"Archive" button in message pane was enabled on messages that could not be
archived

fixed
"Followup-To" label was incorrectly labeled as "Newsgroups"

fixed
"Save image as" option did not work for RSS feed items displayed as a webpage

fixed
OTR verification dialog was blank, preventing verification of OTR chat sessions

fixed
Calendar event import failed for some ICS files

fixed
Permission description strings were missing from Add-Ons Manager

fixed
Various visual fixes

fixed
Security fixes

Security fixes:
Mozilla Foundation Security Advisory 2023-47
#CVE-2023-5721: Queued up rendering could have allowed websites to clickjack
#CVE-2023-5732: Address bar spoofing via bidirectional characters
#CVE-2023-5724: Large WebGL draw could have led to a crash
#CVE-2023-5725: WebExtensions could open arbitrary URLs
#CVE-2023-5726: Full screen notification obscured by file open dialog on macOS
#CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle,
 .appx, and .appxbundle files on Windows
#CVE-2023-5728: Improper object tracking during GC in the JavaScript engine
 could have led to a crash.
#CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and
 Thunderbird 115.4.1

115.3.3:
Fixes

fixed
Modifier keys did not work as expected when dragging a message over the folder
tree on macOS

fixed
"Folder Location" toolbar button did not work for local folders

fixed
"Copy to again" option disappeared from context menu after copying to Gmail
folder with non-ASCII name

fixed
Default reply identity did not use "Delivered-To" address when catch-all was
active

fixed
"View Headers All" did not work when selected in standalone message window

fixed
Viewing the mail filter log displayed an error if no log file was present

115.3.2:
Fixes

fixed
"Open in conversation" did not open messages in a thread view

fixed
News messsage with non-ASCII author name were incorrectly canceled

fixed
Localized "Re: " prefix was not stripped from news messages

fixed
Thunderbird attempted to load accounts missing server hostname, causing blank
3-pane window

fixed
Permission description strings were missing from Add-Ons Manager

fixed
Card View displayed incorrect recipient name for mail and news accounts,
depending on folder

fixed
Spell check dictionary dialog sometimes pushed Close button out of view

fixed
Importing calendars from iCal files did not work under certain circumstances

fixed
Calendar invitations were not sent to event participants, only organizer

fixed
Calendar alarm dialogs with lengthy descriptions pushed buttons out of view

fixed
Various visual fixes

115.3.1:
Fixes

fixed
In Unified Folders view, some folders had incorrect unified folder parent

fixed
"Edit message as new" did not restore encrypted subject from selected message

fixed
Importing some CalDAV calendars with yearly recurrence events caused
Thunderbird to freeze

fixed
Security fixes

Mozilla Foundation Security Advisory 2023-44
#CVE-2023-5217: Heap buffer overflow in libvpx

115.3.0:
Fixes

fixed
Thunderbird could not import profiles with hostname ending in dot (".")

fixed
Message header was occasionally missing in message preview

fixed
Setting an existing folder's type flag did not add descendant folders to the
Unified Folders view

fixed
Thunderbird did not always delete all temporary mail files, sometimes
preventing messages from being sent

fixed
Status bar in Message Compose window could not be hidden

fixed
Message header was intermittently missing from message preview

fixed
OAuth2 did not work on some profiles created in Thunderbird 102.6.1 or earlier

fixed
In Vertical View, decrypted subject lines were displayed as ellipsis ("...") in
message list

fixed
Condensed address preference (mail.showCondensedAddresses) did not show
condensed addresses in message list

fixed
Spam folder could not be assigned non-ASCII names with IMAP UTF-8 enabled

fixed
Message header was not displayed until images finished loading, causing
noticeable delay for messages containing large images

fixed
Large SVG favicons did not display on RSS feeds

fixed
Context menu items did not display a hover background color

fixed
Security fixes

Mozilla Foundation Security Advisory 2023-43
#CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
#CVE-2023-5169: Out-of-bounds write in PathOps
#CVE-2023-5171: Use-after-free in Ion Compiler
#CVE-2023-5174: Double-free in process spawning on Windows
#CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and
 Thunderbird 115.3

115.2.3:
Changes

changed
Card view and vertical layout are now default for new profiles

Fixes

fixed
Go > Folder menu was disabled

fixed
"Tools" menu was blank when opened from compose window on macOS

fixed
Deleting an attachment from a message on an IMAP server corrupted the local
copy when configured with "mark as deleted"

fixed
Manually entered passwords were not remembered for OAuth-authenticated accounts
such as Yahoo mail

fixed
Quick Filter's "Keep filters applied" did not persist after restarting
Thunderbird

fixed
Top-level Quick Filter settings did not persist after restart

fixed
Notifications for new messages with non-ASCII characters in the subject were
garbled

fixed
"Mark Thread As Read" did not work when some messages in thread were already
read

fixed
New Groups tab in NNTP subscribe dialog id not work as expected

fixed
Negative values were allowed in "Share for files larger than" field

fixed
Thunderbird sometimes crashed when deleting a parent folder with subfolders

fixed
"Send Message Error" appeared intermittently while Thunderbird was idle

fixed
Focused but not selected messages were missing visual indication of focus in
card view

fixed
Notification dot did not disappear from taskbar icon on Windows after messages
had already been read

fixed
Multiple selected messages could not be opened simultaneously if selection
included more than 19 messages

fixed
Email replies received via BCC incorrectly populated From field with default
identity

fixed
User was not always notified of message send failures in outbox

fixed
Tag dialog did not close properly after editing tag

fixed
Newsgroup field in compose window did not autocomplete with suggested newsgroup
names

fixed
Canceling newsgroup messages did not check if sender matched user's own
identity

fixed
Event dialog with several invitees expanded beyond screen height

fixed
Message check boxes were partially obstructed in message list

115.2.0:
What's New

new
Thunderbird MSIX packages are now published on archive.mozilla.org

Changes

changed
Size, Unread, and Total columns are now right-aligned

changed
Newsgroup names in message list header are now abbreviated

Fixes

fixed
Message compose window did not apply theme colors to menus

fixed
Reading the second new message in a folder cleared the unread indicator of all
other new messages

fixed
Displayed counts of unread or flagged messages could become out-of-sync

fixed
Deleting a message from the context menu with messages sorted in chronological
order and smooth scroll enabled caused message list to scroll to top

fixed
Repeatedly switching accounts in Subscribe dialog caused tree view to stop
updating

fixed
"Ignore thread" caused message cards to display incorrectly in message list

fixed
Creating tags from unified toolbar failed

fixed
Cross-folder navigation using F and N did not work

fixed
Account Manager did not resize to fit content, causing "Close" button to become
hidden outside bounds of dialog when too many accounts were listed

fixed
Remote content exceptions could not be added in Settings

fixed
Newsgroup list file did not get updated after adding a new NNTP server

fixed
"Download all headers" option in NNTP "Download Headers" dialog was incorrectly
selected by default

fixed
"Convert to event/task" was missing from mail context menu

fixed
Events and tasks were not shown in some cases despite being present on remote
server

fixed
Various visual and UX improvements

fixed
Security fixes

Mozilla Foundation Security Advisory 2023-38
#CVE-2023-4573: Memory corruption in IPC CanvasTranslator
#CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback
#CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
#CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation
#CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
#CVE-2023-4051: Full screen notification obscured by file open dialog
#CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an
 Out of Memory Exception
#CVE-2023-4053: Full screen notification obscured by external program
#CVE-2023-4580: Push notifications saved to disk unencrypted
#CVE-2023-4581: XLL file extensions were downloadable without warnings
#CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv
#CVE-2023-4583: Browsing Context potentially not cleared when closing Private
 Window
#CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
 Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
#CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and
 Thunderbird 115.2

Revision 1.259: download - view: text, markup, annotated - select for diffs
Tue Nov 21 15:15:36 2023 UTC (12 months, 2 weeks ago) by gdt
Branches: MAIN
Diff to: previous 1.258: preferred, colored
Changes since revision 1.258: +2 -1 lines
mail/thunderbird: Copy icu patch from firefox

Revision 1.258: download - view: text, markup, annotated - select for diffs
Mon Aug 28 18:01:46 2023 UTC (15 months, 2 weeks ago) by he
Branches: MAIN
CVS tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3
Diff to: previous 1.257: preferred, colored
Changes since revision 1.257: +2 -1 lines
mail/thunderbird: add a patch to bring isnan() into scope.

Fixes the build on at least amd64/netbsd-10.
Thanks to tnn@ for hint.

Revision 1.257: download - view: text, markup, annotated - select for diffs
Fri Aug 25 10:15:01 2023 UTC (15 months, 2 weeks ago) by pho
Branches: MAIN
Diff to: previous 1.256: preferred, colored
Changes since revision 1.256: +8 -9 lines
mail/thunderbird: Update to 115.1.1

115.1.1:
Fixed:
- Some HTML emails printed headers on first page and message on subsequent pages
- Deleting messages from message list sometimes scrolled list to bottom, selecting bottommost message
- Width of icon columns (like Junk or Starred) in message list did not adjust when UI density was changed
- Old OpenPGP secret keys could not be used to decrypt messages under certain circumstances
- When multiple folder modes were active, tab focus navigated through all folder mode options before reaching message list
- Unread message count badge was not displayed on parent folders of subfolder containing unread messages
- "Undo archive" (via Ctrl-Z) did not un-archive previously archived messages
- "New" button dropdown menu in "Message Filters" dialog could not be opened via keyboard navigation
- "Show New Mail Alert for" input field in "Customize New Mail Alert" dialog had zero width when using certain language packs
- "Account Wizard" dialog was too narrow when adding a news server, partially hiding confirmation buttons
- Link Properties and Image Properties dialogs in the composer were too wide
- Thunderbird version number and details in "About" dialog were not automatically read by screen readers when first opening dialog
- Flatpak improvements and bug fixes
- Various visual and UX improvements

115.1.0:
Changed:
- Quick Filter bar is now hidden by default
- Mail tab toolbar and Unified toolbar heights adjusted to be more consistent
Fixed:
- Message-ID header used account domain instead of "From" field domain
- Zooming did not work in multi-message view
- "Clear Recent History" dialog did not resize correctly to fit content
- Tooltip containing full message title did not appear when hovering over message in card view
- Message List column headers became transparent in increased contrast mode
- Message List card padding was incorrect in compact view
- Total message counts and folder sizes were also hidden when "Hide Local Folders" was selected in Folder Pane options
- Messages in deeply nested IMAP folders were inaccessible
- Thunderbird Flatpak could not be executed from terminal using command "thunderbird"
- CardDAV address book dialog did not resize properly to show all available address books
- Various visual and style fixes

115.0.1:
Changed:
- Added Thunderbird Supernova branding to about:dialog
Fixed:
- Message list was not updated when message was deleted from server outside of Thunderbird
- Scrolling behaved unexpectedly when moving to next message unread message in another folder
- Scrolling animation was unnecessarily used when switching or toggling the sort column in message list
- Attempting to delete a message and then cancelling the action still marked the message as read
- Unified Toolbar could not be customized under certain tabs
- Selecting a folder with one or more subfolders and pressing enter did not expand folder
- Tooltips did not appear when hovering over folders
- Deleting large amounts of messages from Trash folder consumed excessive time and memory
- Message Summary header buttons were not keyboard accessible
- "New" button in Message Filters dialog was not keyboard accessible
- Backing up secret keys from OpenPGP Key Manager dialog silently failed
- Various visual and UX improvements
- Security fixes

102.14.0:
Fixed:
- Security fixes

102.13.1:
Fixed:
- Security fixes

102.13.0:
Changed:
- Release notes opened from about: dialog will now open in the default web browser
Fixed:
- Upstream RNP version numbers now recognized as official in about:support
- Security fixes

102.12.0:
Fixed:
- "Searching the directory for recipients certificates" popup could block compose window when "S/MIME reminder" was enabled and using an LDAP address book
- Some elements still used animations with "prefers-reduced-motion" set
- Visual and theme improvements
- Security fixes

102.11.2:
Fixed:
- Thunderbird 102.11.1 contained POP3 client regressions with offline mode and TLS certificate overrides

102.11.1:
Fixed:
- POP message retrieval stopped after a network error occurred and connectivity was restored
- Reused SMTP connections sometimes silently disconnected, causing timeouts
- Thunderbird could freeze if saving a sent message to IMAP failed
- Creating OpenPGP keys with no expiration was not possible
- News reader did not always issue GROUP command after authentication with remote server, preventing Thundebird from displaying or refreshing news from the server

102.11.0:
Fixed:
- During Account Setup, the "Checking password..." message was not removed after a failure
- Miscellaneous UI fixes
- Security fixes

102.10.1:
Fixed:
- Messages with missing or corrupt "From:" header did not display message header buttons
- Composer repeatedly prompted for S/MIME smartcard signing/encryption password
- Address Book integration did not work with macOS 11.4 Bug Sur
- Mexico City DST fix in Thunderbird 102.10.0 (bug 1826146) was incomplete

102.10.0:
Changed:
- New messages will automatically select S/MIME if configured and OpenPGP is not
Fixed:
- Calendar events with timezone America/Mexico_City incorrectly applied Daylight Savings Time
- Security fixes

102.9.1:
Fixed:
- Thunderbird was unable to open file URLs from command line (URLs beginning with "file://")
- Source strings for localized builds not uploaded to FTP as expected
- Visual and theme improvements
- Security fixes

102.9.0:
Fixed:
- Notification about a sender's changed OpenPGP key was not immediately visible
- TLS Certificate Override dialog did not appear when retrieving messages via IMAP using "Get Messages" context menu
- Spellcheck dictionaries were missing from localized Thunderbird builds that should have included them
- Tooltips for "Show/Hide" calendar toggle did not display
- Various security fixes

Revision 1.256: download - view: text, markup, annotated - select for diffs
Thu Feb 16 18:11:40 2023 UTC (21 months, 3 weeks ago) by he
Branches: MAIN
CVS tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1
Diff to: previous 1.255: preferred, colored
Changes since revision 1.255: +5 -5 lines
mail/thunderbird: Update to version 102.8.0.

Pkgsrc changes:
 * Checksum changes.
 * Minor adjustment to patches.

Upstream changes:


102.8.0:

New:
 - Added option to build RNP library with OpenSSL backend (use
   "--with-librnp-backend=openssl" configure option)

Changes:
 - Thunderbird now warns user that OpenPGP is disabled if RNP
   library is outdated or missing

Fixes:
 - "Get Messages" did not retrieve messages from Gmail accounts
   using a local folder as a deferred inbox
 - Various visual and UX improvements

Security fixes:
CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP
CVE-2023-25728: Content security policy leak in violation reports using iframes
CVE-2023-25730: Screen hijack via browser fullscreen mode
CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey
CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
CVE-2023-25738: Printing on Windows could potentially crash Thunderbird with some device drivers
CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
CVE-2023-25729: Extensions could have opened external schemes withotu user knowledge
CVE-2023-25732: Out of bounds memory write from EncodeInputStream
CVE-2023-25734: Opening local.url files could cause unexpected network loads
CVE-2023-25742: Web Crypto ImportKey crashes tab
CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8


102.7.2:

Fixes:
 - Various crash fixes


102.7.1:

Fixes:
 - Microsoft Office 365 accounts were unable to authenticate
 - Switching identities caused remote images in HTML signatures to
   not be shown
 - Thunderbird failed to import vCards that contained "\r\r\n" line endings
 - Contribution button for add-ons opened Contribution page in a
   Thunderbird tab, instead of the external browser
 - XMPP did not respond to unrecognized IQ queries, causing some
   servers to close the connection
 - Window titlebar buttons (minimize/maximize/close) were not
   displayed in Windows 10 "Dark" color mode

Security fixes:
CVE-2023-0430: Revocations tatus of S/Mime signature certificates was not checked


102.7.0:

New:
 - Enterprise policies now support Thunderbird-specific preferences.

Fixes:
 - Localized builds and langpacks now use "comm-l10n" repository;
   downstream builds using official langpacks should not need to make
   changes
 - Having too many folders open at startup caused loss of MSF files
 - Copying an email from one local folder to another local folder
   sometimes caused "Another Operation is using the folder" error on
   Windows 7
 - Email address pill allowed for incorrectly formatted email addresses
 - Creating security exceptions for messages sent using a self-signed
   certificate failed if hostname contained uppercase letters
 - S/MIME certificate verification was prohibitively slow
 - OpenPGP key import failed for key blocks with comments that
   contain Unicode characters
 - Chat conversation sidebar was too wide under certain circumstances,
   making scrollbar unusable
 - On Mac, deleting events from Today Pane with "Backspace" key
   deleted selected messages instead

Security fixes:
CVE-2022-46871: libusrsctp library out of date
CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
CVE-2023-23599: Malicious command could be hidden in devtools output on Windows
CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation
CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
CVE-2022-46877: Fullscreen notification bypass
CVE-2023-23603: Calls to console.log allowed bypassing Content Security Policy via format directive
CVE-2023-23605: Memory safety bugs fixed in Thunderbird 102.7

Known issues:
 - OAuth2 authentication not working for Microsoft 365 Enterprise
   accounts. See the Blog post
   (https://blog.thunderbird.net/2023/01/important-message-for-microsoft-office-365-enterprise-users/)
   for additional information. Bug 1810760

Revision 1.255: download - view: text, markup, annotated - select for diffs
Fri Feb 10 10:04:54 2023 UTC (22 months ago) by pho
Branches: MAIN
Diff to: previous 1.254: preferred, colored
Changes since revision 1.254: +3 -2 lines
mail/thunderbird: Fix build on NetBSD 9

Revision 1.254: download - view: text, markup, annotated - select for diffs
Sun Feb 5 09:05:28 2023 UTC (22 months ago) by he
Branches: MAIN
Diff to: previous 1.253: preferred, colored
Changes since revision 1.253: +21 -44 lines
mail/thunderbird: Update to version 102.6.1.

This is copied from wip/thunderbird, which builds with
more recent versions of rust.

This is the version just before this change was implemented:

https://blog.thunderbird.net/2023/01/important-message-for-microsoft-office-365-enterprise-users/

and this version will stay here for a while before we update
again.

Call me lazy, but I don't think it's worth anyone's time to paste
in the change log from version 78 to 102.6.1 here, and it doesn't
appear to be readily accessible in the source distribution.  That
said, the list of security fixes implemented between version 78.12
and 102.6.1 is available at

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird102.6.1

and the release notes are available at

https://www.thunderbird.net/en-US/thunderbird/releases/

Revision 1.253: download - view: text, markup, annotated - select for diffs
Tue Dec 27 20:08:45 2022 UTC (23 months, 2 weeks ago) by abs
Branches: MAIN
Diff to: previous 1.252: preferred, colored
Changes since revision 1.252: +8 -1 lines
Update to build with python 3.10

Previously max version was 3.9.

Hopefully at some point someone will have the time to upgrade pkgsrc
to a newer version of thunderbird, but in the meantime...

Revision 1.252: download - view: text, markup, annotated - select for diffs
Wed Sep 7 09:37:15 2022 UTC (2 years, 3 months ago) by pho
Branches: MAIN
CVS tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3
Diff to: previous 1.251: preferred, colored
Changes since revision 1.251: +2 -1 lines
Fix build with cbindgen > 0.23

Revision 1.251: download - view: text, markup, annotated - select for diffs
Tue Oct 26 10:54:32 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
CVS tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Diff to: previous 1.250: preferred, colored
Changes since revision 1.250: +2 -2 lines
mail: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched
conditionally?):

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch

Revision 1.250: download - view: text, markup, annotated - select for diffs
Thu Oct 7 14:25:50 2021 UTC (3 years, 2 months ago) by nia
Branches: MAIN
Diff to: previous 1.249: preferred, colored
Changes since revision 1.249: +1 -2 lines
mail: Remove SHA1 hashes for distfiles

Revision 1.249: download - view: text, markup, annotated - select for diffs
Thu Jul 15 16:26:29 2021 UTC (3 years, 4 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Diff to: previous 1.248: preferred, colored
Changes since revision 1.248: +5 -5 lines
thunderbird: Update to 78.12.0

Changelog:
Fixes:

Sending an email containing HTML links with spaces in the URL sometimes
resulted in broken links

Folder Pane display theme fixes for macOS

Chat account settings did not always save as expected

RSS feed subscriptions sometimes lost

Calendar: A parsing error for alarm triggers of type "DURATION" caused sync
problems for some users

Various security fixes

Security fixes:
#CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could
 be processed
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12

Revision 1.248: download - view: text, markup, annotated - select for diffs
Tue Jul 13 15:08:55 2021 UTC (3 years, 4 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.247: preferred, colored
Changes since revision 1.247: +5 -5 lines
thunderbird: Update to 78.11.0

Changelog:
Fixes
OpenPGP could not be disabled for an account if a key was previously configured

Recipients were unable to decrypt some messages when the sender had changed the
message encryption from OpenPGP to S/MIME

Contacts moved between CardDAV address books were not synced to the new server

CardDAV compatibility fixes for Google Contacts

Folder pane had no clear indication of focus on macOS

Windows theme improvements

Various security fixes

Security fixes:
#CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message
#CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11

Revision 1.247: download - view: text, markup, annotated - select for diffs
Sun May 23 06:48:13 2021 UTC (3 years, 6 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2
Diff to: previous 1.246: preferred, colored
Changes since revision 1.246: +5 -5 lines
thunderbird: Update to 78.10.1

Changelog:
78.10.2
What's New

Added support for importing OpenPGP keys without a primary secret key

Add-ons manager displays a preferences icon for mail extensions that include an
options page

Fixes

OpenPGP messages with a high compression ratio (over 10x) could not be
decrypted

Selected OpenPGP key was lost after opening the Key Properties dialog in
Account Settings

Parsing some OpenPGP user IDs failed

Various improvements to OpenPGP partial encryption reminders

Troubleshooting information page did not display row labels on macOS

Mail toolbar buttons were too big when displaying both icons and text

Various security fixes

Security fixes:
#CVE-2021-29957: Partial protection of inline OpenPGP message not indicated
#CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master password
 protection

78.10.1
Changes

Removed the fix for bug 1689804 introduced in Thunderbird 78.9.0, restoring the
previous behavior

Fixes

Various security fixes

Security fixes:
#CVE-2021-29951: Thunderbird Maintenance Service could have been started or
 stopped by domain users

Revision 1.246: download - view: text, markup, annotated - select for diffs
Mon Apr 26 14:30:03 2021 UTC (3 years, 7 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.245: preferred, colored
Changes since revision 1.245: +5 -5 lines
thunderbird: Update t o 78.10.0

Changelog:
Fixes:
Usability & theme improvements on Windows
Various security fixes

Security fixes:
#CVE-2021-23994: Out of bound write due to lazy initialization
#CVE-2021-23995: Use-after-free in Responsive Design Mode
#CVE-2021-23998: Secure Lock icon could have been spoofed
#CVE-2021-23961: More internal network hosts could have been probed by a
 malicious webpage
#CVE-2021-23999: Blob URLs may have been granted additional privileges
#CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an
 encoded URL
#CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to
 null-reads
#CVE-2021-29948: Race condition when reading from disk while verifying
 signatures

Revision 1.245: download - view: text, markup, annotated - select for diffs
Thu Mar 25 15:46:54 2021 UTC (3 years, 8 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Diff to: previous 1.244: preferred, colored
Changes since revision 1.244: +5 -5 lines
thunderbird: Update to 78.9.0

Changelog:
Fixes
New mail notification displayed old messages that were unread

Spaces following soft line breaks in messages using quoted-printable and format
=flowed were incorrectly encoded; existing messages which were previously
incorrectly encoded may now display with some words not separated by a space

Some fields were unreadable in the Dark theme in the General preferences panel

Sending a message containing an anchor tag with an invalid data URI failed

When switching tabs, input focus was not moved to the new tab

Address Book: Syncing a read-only Google address book via CardDAV failed

Address Book: Importing VCards with non-ascii characters would fail

Address Book: Some values may not have been parsed when syncing from Google
address books.

Add-ons Manager did not show if an addon used experiment APIs

Calendar: Removing a recurring task was not possible

Various security fixes

Security fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
 out-of-bound read
#MOZ-2021-0002: Angle graphics library out of date
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
 webpage
#CVE-2021-23984: Malicious extensions could have spoofed popup information

Revision 1.244: download - view: text, markup, annotated - select for diffs
Fri Mar 12 14:37:02 2021 UTC (3 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.243: preferred, colored
Changes since revision 1.243: +5 -5 lines
thunderbird: Update to 78.8.1

Changelog:
Fixes
New mail notification did not occur for newly arrived messages if previously
received mail was unread

Directory for saving multiple attachments was not remembered between saves

Opening a message from the command-line using "-mail <URL>" failed

Automatic account setup did not use the provider email and display name

Newly-added identities were not listed in the account manager until it was
closed and reopened

Account provisioner did not properly handle UTF-8 data

Copying a large message to an IMAP server would sometimes prematurely display a
time-out error

OpenPGP: Various errors when importing keys

OpenPGP: Public keys attached to an outgoing email did not have
"Content-Description" set

Address Book: CardDAV sync errors did not retry until Thunderbird was restarted

Calendar: Changing the cache mode of a CalDAV calendar connection would lose
the username of the account

Calendar: Add-on calendars were sometimes not visible after restarting

Calendar: The preview for a recurring task did not use all available space in
the dialog window

Installer: Option to keep distribution directory on upgrade did not work

Revision 1.243: download - view: text, markup, annotated - select for diffs
Tue Mar 9 13:31:48 2021 UTC (3 years, 9 months ago) by wiz
Branches: MAIN
Diff to: previous 1.242: preferred, colored
Changes since revision 1.242: +2 -2 lines
*: remove unneeded patch after nss header install location change

Revision 1.242: download - view: text, markup, annotated - select for diffs
Fri Feb 26 15:35:12 2021 UTC (3 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.241: preferred, colored
Changes since revision 1.241: +5 -5 lines
thunderbird: Update to 78.8.0

Changelog:
Fixes
Importing an address book from a CSV file always reported an error

Security information for S/MIME messages was not displayed correctly prior to a
draft being saved

Calendar: FileLink UI fixes for Caldav calendars

Recurring tasks were always marked incomplete; unable to use filters

Various UI widgets not working

Dark theme improvements

Extension manager was missing link to addon support web page

Various security fixes

Security fixes:
#CVE-2021-23969: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23968: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23973: MediaError message property could have leaked information
about cross-origin resources
#CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8

Revision 1.241: download - view: text, markup, annotated - select for diffs
Tue Feb 9 12:34:26 2021 UTC (3 years, 10 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.240: preferred, colored
Changes since revision 1.240: +5 -5 lines
thunderbird: Update to 78.7.1

Changelog:
What's New
CardDAV address books now support OAuth2 and Google Contacts.

Changes
Thunderbird will no longer allow installation of addons that use the legacy API

Fixes
Send message button sometimes remained enabled when it should be disabled
Pressing command+enter to send a message on macOS did not work
OpenPGP: Failed to save attachments that contained binary data after decryption
Global search UI fixes
Various theme and color fixes to improve ease of use

Revision 1.240: download - view: text, markup, annotated - select for diffs
Thu Jan 28 12:55:43 2021 UTC (3 years, 10 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.239: preferred, colored
Changes since revision 1.239: +5 -6 lines
thunderbird: Update to 78.7.0

Changelog:
What's New
Extension API: Compose API now supports editing messages and templates as new
messages

Extension API: composeHtml is now exposed in MailIdentity

Extension API: windows.update and windows.create now support titlePreface

Extension API: new Accounts API functions: accounts.getDefault() and
accounts.getDefaultIdentity(accountId)

Changes
Extension API: body and plainTextBody are now used as compose mode selectors in
setComposeDetails and begin* functions in Compose API

Theme: removed the double border around the task description field on the Tasks
tab

Fixes
Account Manager: When deleting the last remaining account, the default account
was not getting cleared and still pointed to the no-longer-existing account

OpenPGP: Verification of an inline signed message would fail if it contained
leading whitespace

OpenPGP: Various other minor bug and stability fixes

Mail Window: Quickfilter bar buttons disappear when hovered on Windows 10 High
Contrast Black theme

Theme: folder properties dialog contained black text on a black background in
dark mode

Theme: recipient pills in compose window were not visible in high contrast dark
theme on Windows 10

Extension API: browserAction buttons were not restored after restart if they
were moved outside the default toolbar

Extension API: browser.compose.beginNew could not override identity plaintext
setting

Extension API: browser.compose.beginForward was ignoring ComposeDetails

Extension API: browser.compose.setComposeDetails did not properly handle
Windows-style line endings

Various security fixes

Security fixes:
#CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
#CVE-2021-23954: Type confusion when using logical assignment operators in
 JavaScript switch statements
#CVE-2020-15685: IMAP Response Injection when using STARTTLS
#CVE-2020-26976: HTTPS pages could have been intercepted by a registered
 service worker when they should not have been
#CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript
 variables during GC
#CVE-2021-23964: Memory safety bugs fixed in Thunderbird 78.7

Revision 1.239: download - view: text, markup, annotated - select for diffs
Fri Jan 1 12:58:32 2021 UTC (3 years, 11 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.238: preferred, colored
Changes since revision 1.238: +6 -5 lines
thunderbird: Update to 78.6.0

* Fix build with devel/cbindgen-0.16.0.

Changelog:
New
MailExtensions: Added browser.windows.openDefaultBrowser()

Changes
Thunderbird now only shows quota exceeded indications on the main window
MailExtensions: menus API enabled in messages being composed
MailExtensions: Honor allowScriptsToClose argument in windows.create API
function
MailExtensions: APIs that returned an accountId will reflect the account the
message belongs to, not what is stored in message headers

Fixes
Keyboard shortcut for toggling message "read" status not shown in menus
OpenPGP: After importing a secret key, Key Manager displayed properties of the
wrong key
OpenPGP: Inline PGP parsing improvements
OpenPGP: Discovering keys online via Key Manager sometimes failed on Linux
OpenPGP: Encrypted attachment "Decrypt and Open/Save As" did not work
OpenPGP: Importing keys failed on macOS
OpenPGP: Verification of clear signed UTF-8 text failed
Address book: Some columns incorrectly displayed no data
Address book: The address book view did not update after changing the name
format in the menu
Calendar: Could not import an ICS file into a CalDAV calendar
Calendar: Two "Home" calendars were visible on a new profile
Calendar: Dark theme was incomplete on Linux
Dark theme did not apply to new mail notification popups
Folder icon, message list, and contact side bar visual improvements
MailExtensions: HTTP refresh in browser content tabs did not work
MailExtensions: messageDisplayScripts failed to run in main window
Various security fixes

Security fixes:
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
#CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Thunderbird 78.6

Revision 1.238: download - view: text, markup, annotated - select for diffs
Mon Dec 7 12:30:56 2020 UTC (4 years ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Diff to: previous 1.237: preferred, colored
Changes since revision 1.237: +5 -5 lines
thunderbird: Update to 78.5.1

Changelog:
What's New
OpenPGP: Added option to disable email subject encryption

Changes
OpenPGP public key import now supports multi-file selection and bulk accepting imported keys
MailExtensions: getComposeDetails will wait for "compose-editor-ready" event

Fixes
New mail icon was not removed from the system tray at shutdown
"Place replies in the folder of the message being replied to" did not work when using "Reply to List"
Thunderbird did not honor the "Run search on server" option when searching messages
Highlight color for folders with unread messages wasn't visible in dark theme
OpenPGP: Key were missing from Key Manager
OpenPGP: Option to import keys from clipboard always disabled
The "Link" button on the large attachments info bar failed to open up Filelink section in Options if the user had not yet configured Filelink
Address book: Printing members of a mailing list resulted in incorrect output
Unable to connect to LDAP servers configured with a self-signed SSL certificate
Autoconfig via LDAP did not work as expected
Calendar: Pressing Ctrl-Enter in the new event dialog would create duplicate events
Various security fixes

Security fixes:
#CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes

Revision 1.237: download - view: text, markup, annotated - select for diffs
Thu Nov 19 14:29:55 2020 UTC (4 years ago) by ryoon
Branches: MAIN
Diff to: previous 1.236: preferred, colored
Changes since revision 1.236: +5 -5 lines
thunderbird: Update to 78.5.0

* Fix build with lang/rust-1.47.0.

Changelog:
78.5.0
What's New
OpenPGP: Added option to disable attaching the public key to a signed message
MailExtensions: "compose_attachments" context added to Menus API
MailExtensions: Menus API now available on displayed messages

Changes
MailExtensions: browser.tabs.create will now wait for "mail-delayed-startup-finished" event

Fixes
OpenPGP: Support for inline PGP messages improved
OpenPGP: Message security dialog showed unverified keys as unavailable
Chat: New chat contact menu item did not function
Various theme and usability improvements
Various security fixes

#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5


78.4.3
Fixes
User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme
Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme

78.4.2
Fixes
Security fix
#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for

78.4.1
What's New
Thunderbird prompts for an address to use when starting an email from an address book entry with multiple addresses

Fixes
Searching global search results did not work
Link location was not focused by default when adding a hyperlink in message composer
Advanced address book search dialog was unusable
Encrypted draft reply emails lost "Re:" prefix
Replying to a newsgroup message did not open the compose window
Unable to delete multiple newsgroup messages
Appmenu displayed visual glitches
Visual glitches when selecting multiple messages in the message pane and using Ctrl+click
Switching between dark and light mode could lead to unreadable text on macOS


78.4.0
What's New
MailExtensions: browser.tabs.sendMessage API added
MailExtensions: messageDisplayScripts API added

Changes
Yahoo and AOL mail users using password authentication will be migrated to OAuth2
MailExtensions: messageDisplay APIs extended to support multiple selected messages
MailExtensions: compose.begin functions now support creating a message with attachments

Fixes
Thunderbird could freeze when updating global search index
Multiple issues with handling of self-signed SSL certificates addressed
Recipient address fields in compose window could expand to fill all available space
Inserting emoji characters in message compose window caused unexpected behavior
Button to restore default folder icon color was not keyboard accessible
Various keyboard navigation fixes
Various color-related theme fixes
MailExtensions: Updating attachments with onBeforeSend.addListener() did not work
Various security fixes

Security fixes:
#CVE-2020-15969: Use-after-free in usersctp
#CVE-2020-15683: Memory safety bugs fixed in Thunderbird 78.4


78.3.3
Fixes
OpenPGP: Improved support for encrypting with subkeys
OpenPGP message status icons were not visible in message header pane
OpenPGP Key Manager was missing from Tools menu on macOS
Creating a new calendar event did not require an event title


78.3.2
Changes
Thunderbird will no longer automatically install updates when Preferences tab is opened

Fixed
OpenPGP: Improved support for encrypting with subkeys
OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly
Single-click deletion of recipient pills with middle mouse button restored
Searching an address book list did not display results
Windows installer was unreadable with Windows in high contrast mode
Dark mode, high contrast, and Windows theming fixes

Revision 1.236: download - view: text, markup, annotated - select for diffs
Fri Oct 9 16:13:49 2020 UTC (4 years, 2 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.235: preferred, colored
Changes since revision 1.235: +5 -5 lines
thunderbird: Update to 78.3.2

Changelog:
Changes

Thunderbird will no longer automatically install updates when Preferences tab is opened

Fixes

OpenPGP: Improved support for encrypting with subkeys

OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly

Single-click deletion of recipient pills with middle mouse button restored

Searching an address book list did not display results

Windows installer was unreadable with Windows in high contrast mode

Dark mode, high contrast, and Windows theming fixes

Revision 1.235: download - view: text, markup, annotated - select for diffs
Mon Sep 28 14:11:25 2020 UTC (4 years, 2 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.234: preferred, colored
Changes since revision 1.234: +5 -5 lines
thunderbird: Update to 78.3.1

Changelog:
78.3.1
Fixes
Thunderbird crashed after updating to 78.3.0


78.3.0
Changes
OpenPGP: Improved decryption performance with large messages

OpenPGP: Do not show external key UI when disabled by preference

Account setup wizard will now open a popup when connecting to a server with a
self-signed SSL/TLS certificate

Installation of "legacy" MailExtensions now disabled

Reply-To header moved in compose window; now appears under From header

Calendar: Sidebar UI improvements

Fixes
Selecting "Cancel" on the Master Password prompt at startup incorrectly
reported corrupted OpenPGP data

OpenPGP: Creating a new key pair did not automatically select it for use

Dragging & Dropping recipient pills resulted in lost pills when an error was
present

Spellcheck suggestions were unreadable in dark theme

Calendar: Multiple password prompts opened

Linux Distributions: UI was not rendered completely when built without updater

MailExtensions: browser.folders.delete failed on IMAP folders

Various security fixes

Security fixes:
Mozilla Foundation Security Advisory 2020-44
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into
a contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Thunderbird 78.3

Revision 1.234: download - view: text, markup, annotated - select for diffs
Sun Sep 13 10:51:03 2020 UTC (4 years, 2 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Diff to: previous 1.233: preferred, colored
Changes since revision 1.233: +5 -5 lines
thunderbird: Update to 78.2.2

* Runtime depend on chat/libotr.

Changelog:
What's New
new Drag and Drop reordering of recipient pills now supported

Changes
changed OpenPGP: Some signature states reported as "mismatch" now report "unknown"
changed Privacy policy now displayed in a tab when updated
changed Chat: Non-functional Twitter support removed

Fixes
fixed OpenPGP: Improvements to key importing when failures occur
fixed OpenPGP: Decryption did not work with certain HTTP proxy configurations
fixed OpenPGP: "Discover keys online" option did not work when searching for an email address
fixed Email filters reported failure when moving a message to original folder
fixed Message filters: Filters shown as enabled in configuration dialog were not always enabled
fixed vCard 2.1 attachments not handled properly
fixed Sending messages sometimes failed when recipients were in LDAP address book
fixed Non-functional help menu items removed
fixed Adding custom headers in the addressing widget (preference mail.compose.other.header) did not work
fixed Calendar: Event reminder details were unreadable
fixed Windows 10 high-contrast theme fixes
fixed More theme fixes and improvements

Revision 1.233: download - view: text, markup, annotated - select for diffs
Thu Sep 3 15:26:22 2020 UTC (4 years, 3 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.232: preferred, colored
Changes since revision 1.232: +51 -41 lines
thunderbird: Update to 78.2.1

* Lightning cannot be disabled by users in build time.
  Remove mozilla-lightning option.

Changelog:
78.2.1
Changes
changed OpenPGP enabled by default
changed OpenPGP: Disabled the use of MD5/SM2/SM3 algorithms

Fixes
fixed OpenPGP: Users with sub-identities were unable to encrypt or sign messages when switching identities
fixed OpenPGP message security window did not support dark mode

78.2.0
Changes
changed OpenPGP Key generation now disabled when there is no default mail account configured
changed OpenPGP: Encrypt saved drafts when OpenPGP is enabled
changed Twitter search removed
changed Calendar: Event summary dialog is now themeable
changed MailExtensions: Some APIs now use defineLazyPreferenceGetter in order to benefit from caching

Fixes
fixed OpenPGP Key Manager search function did not work
fixed OpenPGP Key Properties dialog was sometimes too small
fixed OpenPGP: Encrypted email would not send if address contained uppercase characters
fixed OpenPGP: "Key ID" column could not be resized in Key Manage
fixed OpenPGP: Keys containing invalid UTF-8 strings could not be imported
fixed OpenPGP: Enable automatic signing for encrypted messages in additional scenarios
fixed Many more OpenPGP bug fixes and improvements
fixed IMAP fetch chunk size was always 65536 bytes
fixed IMAP server capabilities were not rechecked after upgrading to SSL/TLS connection
fixed Message Composer: Order of attachments could not be modified using drag & drop
fixed Composing messages with a "fixed width" font did not work
fixed Drag and drop of address book contacts did not work in some situations
fixed Address book migration failed when there was a dot in the file name
fixed Address book: "Always prefer display name over message header" was always checked when editing a contact
fixed Address book performance optimizations
fixed Dialog to add a new mail account from "Account Settings" did not open
fixed "Select All" (Ctrl+A) in message source did not work until focused with a mouse click
fixed Ctrl+scroll wheel not zooming in message reader
fixed Setting/changing a signature from a file lost when closing account settings
fixed Adaptive Junk Mail settings could not be disabled
fixed Message filter dialog fixes: Missing scrollbar, drop-down list not wide enough
fixed Various UX and theme improvements

78.1.1
Changes
changed Building OpenPGP shared library linked to system libraries now supported
changed MailExtension errors now shown in Developer Tools console by default
changed MailExtensions: Dynamic registration of calendar providers now supported

Fixesr
fixed OpenPGP improvements
fixed Message preview was sometimes blank after upgrading from Thunderbird 68
fixed Email addresses whitelisted for remote content not displayed in preferences
fixed Importing data from Seamonkey did not work
fixed Renaming a mail list did not update the side bar
fixed MailExtensions: messenger.* namespace was undefined

78.1.0
What's New
new OpenPGP support is now feature complete. Improvements: new Key Wizard, online searching for OpenPGP keys, and more
new The preferences tab now has a search field

Changes
changed Dark background in message reader is now disabled

Fixes
fixed Thunderbird startup was slow when using folder color customizations with many folders. Previously configured colors will not be migrated.
fixed Mail quota usage in status bar did not support terabyte folder sizes
fixed Changing Junk mail settings with keyboard toggled wrong setting
fixed Advanced IMAP server preferences not saved in Account Manager
fixed Address book migration updates and fixes
fixed Address book: Last Modified Date was not updated
fixed Dark mode improvements
fixed Various security fixes

Security fixes:
#CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
#CVE-2020-6514: WebRTC data channel leaks internal address to peer
#CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
#CVE-2020-15653: Bypassing iframe sandbox when allowing popups
#CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
#CVE-2020-15656: Type confusion for special arguments in IonMonkey
#CVE-2020-15658: Overriding file type when saving to disk
#CVE-2020-15657: DLL hijacking due to incorrect loading path
#CVE-2020-15654: Custom cursor can overlay user interface
#CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1

78.0.1
What's New
new OpenPGP: Key revocation, extending key expiration, and secret key backup

Fixes
fixed Drag & Drop multiple attachments to macOS Finder created duplicate files
fixed Faceted search date and relevance settings not saved
fixed FileLink attachments included as a link and file when added from a network drive via drag & drop
fixed About Thunderbird dialog keyboard shortcuts did not work
fixed CC'd recipients sometimes displayed collapsed in header pane
fixed Incremental search in contacts sidebar did not always display local results when an LDAP server was also in use
fixed Contacts sidebar search results cleared after removing a contact
fixed OpenPGP: Messages with long Armor Header lines did not display
fixed OpenPGP: Messages containing non-UTF-8 text were not supported
fixed Various UI and theming fixes
fixed Chat: Participants list did not display operator flags

Revision 1.232: download - view: text, markup, annotated - select for diffs
Sat Aug 22 23:12:51 2020 UTC (4 years, 3 months ago) by wiz
Branches: MAIN
Diff to: previous 1.231: preferred, colored
Changes since revision 1.231: +2 -1 lines
thunderbird: fix build with latest rust using patch from firefox68

Revision 1.231: download - view: text, markup, annotated - select for diffs
Sat Jul 4 05:11:25 2020 UTC (4 years, 5 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.230: preferred, colored
Changes since revision 1.230: +5 -5 lines
thunderbird: Update to 68.10.0

Changelog:
Fixes

fixed Chat: Topics displayed some characters improperly
fixed Calendar: Filtering tasks did not work when "Incomplete Tasks" was selected

Security fixes:
CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
#CVE-2020-12418: Information disclosure due to manipulated URL object
#CVE-2020-12419: Use-after-free in nsGlobalWindowInner
#CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
#MFSA-2020-0001: Automatic account setup leaks Microsoft Exchange login credentials
#CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates

Revision 1.230: download - view: text, markup, annotated - select for diffs
Wed Jun 17 18:00:09 2020 UTC (4 years, 5 months ago) by nia
Branches: MAIN
CVS tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Diff to: previous 1.229: preferred, colored
Changes since revision 1.229: +1 -3 lines
thunderbird: Remove patches for NetBSD 7, rust dropped support for NetBSD 7

Revision 1.229: download - view: text, markup, annotated - select for diffs
Mon Jun 15 15:44:22 2020 UTC (4 years, 5 months ago) by nia
Branches: MAIN
Diff to: previous 1.228: preferred, colored
Changes since revision 1.228: +8 -10 lines
thunderbird: Sync with firefox68

- Re-enable multiprocess mode
- Drop hacks for crossprocess semaphores on NetBSD
- Drop OSS support
- Drop unused gnome option

Bump PKGREVISION

Revision 1.228: download - view: text, markup, annotated - select for diffs
Fri Jun 5 03:57:58 2020 UTC (4 years, 6 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.227: preferred, colored
Changes since revision 1.227: +6 -5 lines
thunderbird: Update to 68.9.0

Changelog:
Fixes
fixed Custom headers added for searching or filtering could not be removed
fixed Calendar: Today Pane updated prior to loading all data
fixed Stability improvements
fixed Various security fixes

Security fixes:
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
#CVE-2020-12405: Use-after-free in SharedWorkerService
#CVE-2020-12406: JavaScript Type confusion with NativeTypes
#CVE-2020-12410: Memory safety bugs fixed in Thunderbird 68.9.0
#CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to information leakage

Revision 1.227: download - view: text, markup, annotated - select for diffs
Wed May 27 11:40:29 2020 UTC (4 years, 6 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.226: preferred, colored
Changes since revision 1.226: +5 -5 lines
thunderbird: Update to 68.8.1

Changelog:
Fixes:
fixed IMAP stability improvements
fixed HTML tags in IRC topic changes were rendered incorrectly
fixed MailExtensions: Websockets could not be used

Revision 1.226: download - view: text, markup, annotated - select for diffs
Thu May 14 12:14:39 2020 UTC (4 years, 6 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.225: preferred, colored
Changes since revision 1.225: +5 -5 lines
thunderbird: Update to 68.8.0

Changelog:
Fixes
Account Manager: text fields were too small in some cases
Account Manager: Authentication method did not update when selecting an SMTP server
Links with embedded credentials did not open on Windows
Messages were sometimes sent with a badly formed address when filled from the address book
Accessibility: Screen readers were reporting too many activities from the status bar
MailExtensions: Setting IMAP messages as read with browser.messages.updated failed to persist
Various security fixes

Security fixes:
#CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode characters
#CVE-2020-12387: Use-after-free during worker shutdown
#CVE-2020-6831: Buffer overflow in SCTP chunk input validation
#CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
#CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0

Revision 1.225: download - view: text, markup, annotated - select for diffs
Fri Apr 24 21:48:46 2020 UTC (4 years, 7 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.224: preferred, colored
Changes since revision 1.224: +5 -5 lines
thunderbird: Update to 68.7.0

Changelog:
What's New
new MailExtensions: Raw message source available to MailExtensions

Changes
changed MailExtensions: messages.update function extended to mark messages as junk or not junk
changed MailExtensions: browser.compose.begin functions no longer expand mailing lists

Fixes
fixed Various improvements to account setup when connecting to an Exchange server
fixed Thread collapsed when opening news message in a new window
fixed Addons not automatically updated to compatible version after upgrade from Thunderbird 60
fixed Updating addons did not prompt when requesting new permissions
fixed Extra recipients panel not keyboard-accessible
fixed Accessibility: Status bar was not detected by screenreaders
fixed MailExtensions: messages.query by folder name did not require accountsRead permission
fixed Calendar: Invitations with embedded null bytes did not always decode correctly
fixed Calendar: Cancelled events didn't show with a line-through
fixed Various security fixes

Security fixes:
#CVE-2020-6819: Use-after-free while running the nsDocShell destructor
#CVE-2020-6820: Use-after-free when handling a ReadableStream
#CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method
#CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images
#CVE-2020-6825: Memory safety bugs fixed in Thunderbird 68.7.0

Revision 1.224: download - view: text, markup, annotated - select for diffs
Mon Mar 30 19:46:01 2020 UTC (4 years, 8 months ago) by joerg
Branches: MAIN
Diff to: previous 1.223: preferred, colored
Changes since revision 1.223: +2 -1 lines
Fix build with libc++ by making the template wrapper do what it is
supposed to do. Don't mess with math.h internals. Honor ressource limit
changes during build.

Revision 1.223: download - view: text, markup, annotated - select for diffs
Sun Mar 15 13:28:51 2020 UTC (4 years, 8 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Diff to: previous 1.222: preferred, colored
Changes since revision 1.222: +5 -5 lines
thunderbird: Update to 68.6.0

CVhangelog:
68.6.0
new
Thunderbird now displays a popup window when starting up on a new
profile

changed
Thunderbird now provides partial updates resulting in smaller
downloads

fixed
Searching in message bodies led to false negatives under some
circumstances in quoted-printable encoded HTML bodies

"Get New Messages for All Accounts" not working for OAuth2-authenticated
IMAP accounts

Various security fixes
#CVE-2020-6805: Use-after-free when removing data about origins
#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
#CVE-2020-6807: Use-after-free in cubeb during stream destruction
#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
#CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
#CVE-2020-6814: Memory safety bugs fixed in Thunderbird 68.6


68.0.5
new
Support for Client Identity IMAP/SMTP Service Extension

Support for OAuth 2.0 authentication for POP3 accounts

fixed
Status area goes blank during account setup

Calendar: Could not remove color for default categories

Calendar: Prevent calendar component loading multiple times

Calendar: Today pane did not retain width between sessions

Various security fixes
#CVE-2020-6793: Out-of-bounds read when processing certain email messages
#CVE-2020-6794: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords
#CVE-2020-6795: Crash processing S/MIME messages with multiple signatures
#CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
#CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
#CVE-2020-6792: Message ID calculcation was based on uninitialized data
#CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5

Revision 1.222: download - view: text, markup, annotated - select for diffs
Sat Feb 8 22:36:24 2020 UTC (4 years, 10 months ago) by kamil
Branches: MAIN
Diff to: previous 1.221: preferred, colored
Changes since revision 1.221: +2 -1 lines
thunderbird: Workaround broken pthread_equal() usage

Switch to an internal version of pthread_equal() without sanity checks.

Problems detected on NetBSD 9.99.46.

Revision 1.221: download - view: text, markup, annotated - select for diffs
Wed Feb 5 14:29:56 2020 UTC (4 years, 10 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.220: preferred, colored
Changes since revision 1.220: +5 -5 lines
thunderbird: Update to 68.4.2

Changelog:
changed
Calendar: Task and Event tree colours adjusted for the dark theme

fixed
Retrieval of S/MIME certificates from LDAP failed
Address-parsing crash on some IMAP servers when preference mail.imap.use_envelope_cmd was set
Incorrect forwarding of HTML messages caused SMTP servers to respond with a timeout
Calendar: Various parts of the calendar UI stopped working when a second Thunderbird window opened

Revision 1.220: download - view: text, markup, annotated - select for diffs
Tue Jan 14 14:30:44 2020 UTC (4 years, 10 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.219: preferred, colored
Changes since revision 1.219: +5 -6 lines
thunderbird: Update to 68.4.1

Changelog:
Changes
Various improvements when setting up an account for a Microsoft Exchange server: Now offers IMAP/SMTP if available, better detection for Office 365 accounts; re-run configuration after password change.

Fixes
Attachments with one or more spaces in their names couldn't be opened under some circumstances

After changing view layout, the message display pane showed garbled content under some circumstances

Tags were lost on messages in shared IMAP folders under some circumstances

Various theme changes to achieve "pixel perfection": Unread icon, "no results" icon, paragraph format and font selector, background of folder summary tooltip

Calendar: Event attendee dialog was not displayed correctly

Various security fixes

Security fixes:
CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
#CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
#CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
#CVE-2019-17017: Type Confusion in XPCVariant.cpp
#CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
#CVE-2019-17022: CSS sanitization does not escape HTML tags
#CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1

Revision 1.219: download - view: text, markup, annotated - select for diffs
Sun Dec 29 00:51:06 2019 UTC (4 years, 11 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.218: preferred, colored
Changes since revision 1.218: +5 -5 lines
Update to 68.3.1

Changelog:
68.3.1
Changes
changed
In dark theme unread messages no longer shown in blue to distinguish from tagged messages

changed
Account setup is now using client side DNS MX lookup instead of relying on a server.

Fixes
fixed
Searching LDAP address book crashed in some circumstances

fixed
Message navigation with backward and forward buttons did not work in some circumstances

fixed
WebExtension toolbar icons were displayed too small

fixed
Calendar: Tasks due today were not listed in bold

fixed
Calendar: Last day of long-running events was not shown


68.3.0
What’s New
new
Message display toolbar action WebExtension API

new
Navigation buttons are now available in content tabs, for example those opened via an add-on search

Changes
changed
"New email" icon in Windows systray changed from in-tray with arrow to envelope
Fixes

fixed
Icons of attachments in the attachment pane of the Write window not always correct

fixed
Toolbar buttons of add-ons in the menubar not shown after startup

fixed
LDAP lookup not working when SSL was enabled. LDAP search not working when "All Address Books" was selected.

fixed
Scam link confirmation panel not working

fixed
In Write window, the Link Properties dialog wasn't showing named anchors in context menu

fixed
Calendar: Start-up failed if the application menu is not on the calendar toolbars

fixed
Chat: Account reordering via drag-and-drop not working on Instant messaging status dialog (Show Accounts)

fixed
Various security fixes

Security fixes:
#CVE-2019-17008: Use-after-free in worker destruction
#CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code
#CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
#CVE-2019-17009: Updater temporary files accessible to unprivileged processes
#CVE-2019-17010: Use-after-free when performing device orientation checks
#CVE-2019-17005: Buffer overflow in plain text serializer
#CVE-2019-17011: Use-after-free when retrieving a document in antitracking
#CVE-2019-17012: Memory safety bugs fixed in Firefox 71, Firefox ESR 68.3, and Thunderbird 68.3

Revision 1.218: download - view: text, markup, annotated - select for diffs
Sun Nov 17 11:50:01 2019 UTC (5 years ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4
Diff to: previous 1.217: preferred, colored
Changes since revision 1.217: +2 -1 lines
Fix build with Rust 1.39.0, bump PKGREVISION

Revision 1.217: download - view: text, markup, annotated - select for diffs
Sat Nov 2 13:02:55 2019 UTC (5 years, 1 month ago) by ryoon
Branches: MAIN
Diff to: previous 1.216: preferred, colored
Changes since revision 1.216: +5 -5 lines
Update to 68.2.1

Changelog:
    new
    A language for the user interface can now be chosen in the advanced settings (multilingual UI)

    fixed
    Problem with Google authentication (OAuth2)

    fixed
    Selected or unread messages not shown in the correct color in the thread pane (message list) under some circumstances

    fixed
    When using a language pack, names of standard folders weren't localized

    fixed
    Address book default startup directory in preferences panel not persisted

    fixed
    Various visual glitches: Conditions in filter editor not high enough, folder location widget not showing folder name, problem with menubar customization, add-on home page links accumulating, theme issues on Windows 7

    fixed
    Chat: Extended context menu on Instant messaging status dialog (Show Accounts)

Revision 1.216: download - view: text, markup, annotated - select for diffs
Wed Oct 30 12:21:49 2019 UTC (5 years, 1 month ago) by ryoon
Branches: MAIN
Diff to: previous 1.215: preferred, colored
Changes since revision 1.215: +5 -8 lines
Update to 68.2.0

Changelog:
    new
    Message Display WebExtension API

    new
    Message Search WebExtension API

    fixed
    Better visual feedback for unread messages when using the dark theme

    fixed
    Various issues when editing mailing lists

    fixed
    Integration with macOS addressbook and notifications not working after introduction of notarization

    fixed
    Application windows not maintaining their size after restart

    fixed
    Issues when upgrading from a 32bit version of Thunderbird to a 64bit
    version. Note: If your profile is still not recognised, selected it
    by visiting about:profiles in the Troubleshooting Information.

    fixed
    Various security fixes

Security fixes:
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2

Revision 1.215: download - view: text, markup, annotated - select for diffs
Fri Oct 11 02:02:04 2019 UTC (5 years, 2 months ago) by kamil
Branches: MAIN
Diff to: previous 1.214: preferred, colored
Changes since revision 1.214: +7 -5 lines
thunderbird: Upgrade to 68.1.2

Local changes
=============

Cherry-pick a pending patch to fix build with the recent rust version (1.38.0).

esr68 branch fails to build with rust 1.38
https://bugzilla.mozilla.org/show_bug.cgi?id=1585099

Cherry-pick patch from:
https://marc.info/?l=openbsd-ports&m=156984549605237&w=2

Upstream changelog
==================

What's New

    fixed Visual glitches: Missing context menu in filter, downloads, password manager and Config Editor search boxes, unwanted scrollbars and cut-off text in Account Manager, incorrect colors in Calendar agenda scrollbars, theme issues on Windows 7
    fixed Some attachments couldn't be opened in messages originating from MS Outlook 2016
    fixed Address book import form CSV
    fixed Performance problem in message body search
    fixed Ctrl+Enter to send a message would open an attachment if the attachment pane had focus
    fixed Calendar: Issues with "Today Pane" start-up
    fixed Calendar: Glitches with custom repeat and reminder number input
    fixed Calendar: Problems with WCAP provider

https://www.thunderbird.net/en-US/thunderbird/68.1.2/releasenotes/

Revision 1.214: download - view: text, markup, annotated - select for diffs
Tue Oct 1 15:15:33 2019 UTC (5 years, 2 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.213: preferred, colored
Changes since revision 1.213: +5 -5 lines
Update to 68.1.1

Changelog:
    fixed Issues with attachments in IMAP messages

    fixed Gmail accounts ignored a non-standard trash folder
    selection. Note: If non-standard trash folder was selected
    previously in the account settings, this setting will now take
    effect which may be unexpected.

    fixed Entering/pasting lists of recipients into the addressing
    widget or mailing list not working reliably, especially when
    lists contained multiple commas or semicolons

    fixed Edit mailing list not working

    fixed Various theme fixes, especially dark theme improvements
    for Calendar

    fixed Contrast between tag label and background not optimal

    fixed Account Central pane always loaded at start-up

    fixed "Config Editor" button not removed if blocked by policy

    fixed Calendar: Free/busy information in attendees dialog not
    scrolled correctly. Note: Scroll arrows still not behaving
    correctly.

    fixed Various security fixes

#CVE-2019-11755: Spoofing a message author via a crafted S/MIME
message

Revision 1.213: download - view: text, markup, annotated - select for diffs
Sat Sep 21 10:55:16 2019 UTC (5 years, 2 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Diff to: previous 1.212: preferred, colored
Changes since revision 1.212: +32 -42 lines
Update to 68.1.0

Changelog:
    new
    Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative.

    fixed
    Edit tag not working

    fixed
    Write window: "Insert > Characters and Symbols" not working

    fixed
    Moving/dragging messages from "Search Messages" result dialog not working

    fixed
    Command line -compose "attachment=" not working

    fixed
    Custom views not working

    fixed
    Issues with list of content types/actions for incoming attachments

    fixed
    "Learn More" links in Error Console not working

    fixed
    Visual glitches: Quick Filter Bar tag buttons too tall, missing scroll
      bar on Connection Setting subdialog, LDAP server selection after "New",
      "Edit" and "Delete"

    fixed
    Calendar: Parts of CalDAV dialog not working

    fixed
    Various security fixes

Security fixes:
CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9

Revision 1.212: download - view: text, markup, annotated - select for diffs
Thu Jul 11 11:57:00 2019 UTC (5 years, 5 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.211: preferred, colored
Changes since revision 1.211: +5 -5 lines
Update to 60.8.0

Changelog:
changed
    Calendar: Problems when editing event times, some related to AM/PM setting in non-English locales

Revision 1.211: download - view: text, markup, annotated - select for diffs
Sat Jun 15 01:17:08 2019 UTC (5 years, 5 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Diff to: previous 1.210: preferred, colored
Changes since revision 1.210: +5 -5 lines
Update to 60.7.1

Changelog:
Fixed
No prompt for smartcard PIN when S/MIME signing is used

Security fixes:
#CVE-2019-11703: Heap buffer overflow in icalparser.c
#CVE-2019-11704: Heap buffer overflow in icalvalue.c
#CVE-2019-11705: Stack buffer overflow in icalrecur.c
#CVE-2019-11706: Type confusion in icalproperty.c

Revision 1.210: download - view: text, markup, annotated - select for diffs
Sat Jun 1 23:27:58 2019 UTC (5 years, 6 months ago) by kamil
Branches: MAIN
Diff to: previous 1.209: preferred, colored
Changes since revision 1.209: +2 -1 lines
thunderbird: Pick libGL.so for NetBSD in GLContextProviderGLX.cpp

NetBSD ships with libGL.so.3 as of NetBSD-8.99.42 and the libGL.so form
is more portable.

Revision 1.209: download - view: text, markup, annotated - select for diffs
Mon May 27 13:06:18 2019 UTC (5 years, 6 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.208: preferred, colored
Changes since revision 1.208: +5 -5 lines
Update to 60.7.0

Changelog:
changed
    Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut

fixed
    Various security fixes

#CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
#CVE-2019-9816: Type confusion with object groups and UnboxedObjects
#CVE-2019-9817: Stealing of cross-domain images using canvas
#CVE-2019-9818: Use-after-free in crash generation server
#CVE-2019-9819: Compartment mismatch with fetch API
#CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
#CVE-2019-11691: Use-after-free in XMLHttpRequest
#CVE-2019-11692: Use-after-free removing listeners in the event listener manager
#CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
#CVE-2019-7317: Use-after-free in png_image_free of libpng library
#CVE-2019-9797: Cross-origin theft of images with createImageBitmap
#CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
#CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
#CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
#CVE-2019-5798: Out-of-bounds read in Skia
#CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7

Revision 1.208: download - view: text, markup, annotated - select for diffs
Sat May 11 04:07:08 2019 UTC (5 years, 7 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.207: preferred, colored
Changes since revision 1.207: +5 -5 lines
Update to 60.6.1

Changelog:
#CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
#CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations

Revision 1.207: download - view: text, markup, annotated - select for diffs
Sun Mar 24 12:27:22 2019 UTC (5 years, 8 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Diff to: previous 1.206: preferred, colored
Changes since revision 1.206: +5 -5 lines
Update to 60.6.0

Changelog:
60.6.0
fixed
Calendar: Can't create repeating event with end date when using certain time zones, for example Europe/Minsk


60.5.3
fixed

Problem when using "Send to > Mail recipient" on Windows introduced in version 60.5.2.
If files with non-ASCII characters in their name still cause a malfunction, use one of the following two alternative solutions:

    Reset this registry entry
    HKLM\SOFTWARE\Clients\Mail\Mozilla Thunderbird - SupportUTF8 to 0. Also reset HKLM\SOFTWARE\Wow6432Node\Clients\Mail\Mozilla Thunderbird - SupportUTF8 if present.
    On Windows 10, set the system code page to UTF-8 (beta feature, see Region Settings, system locale)

Revision 1.206: download - view: text, markup, annotated - select for diffs
Mon Mar 4 15:59:06 2019 UTC (5 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.205: preferred, colored
Changes since revision 1.205: +7 -5 lines
Fix build with lang/rust-1.33.0. Bump PKGREVISION

Revision 1.205: download - view: text, markup, annotated - select for diffs
Tue Feb 26 11:32:12 2019 UTC (5 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.204: preferred, colored
Changes since revision 1.204: +16 -19 lines
Update to 60.5.1

Changelog:
60.5.1
Fixed
CalDav access to some servers not working

#CVE-2018-18500: Use-after-free parsing HTML5 stream
#CVE-2018-18505: Privilege escalation through IPC channel messages
#CVE-2016-5824: DoS (use-after-free) via a crafted ics file
#CVE-2018-18501: Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5

60.5.0
New
FileLink provider WeTransfer to upload large attachments

Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user inferface: [+] button to select a file an add, [-] to remove.

More search engines: Google and DuckDuckGo available by default in some locales

During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol.

Fixed
Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on

Crash when using custom sound for new email notification

WebExtension-based dictionaries from addons.mozilla.org not working in Thunderbird

Calendar: Printing of calendars not working

#CVE-2018-18356: Use-after-free in Skia
#CVE-2019-5785: Integer overflow in Skia
#CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
#CVE-2018-18509: S/MIME signature spoofing

Revision 1.204: download - view: text, markup, annotated - select for diffs
Sat Jan 5 00:38:22 2019 UTC (5 years, 11 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.203: preferred, colored
Changes since revision 1.203: +5 -5 lines
Update t o 60.4.0

Changelog:
new
WebExtensions FileLink API to facilitate FileLink add-ons. For the future
version Thunderbird 60.5.0: WeTransfer will be included in Thunderbird 60.5.0
and the Dropbox add-on will be compatible with Thunderbird 60.5.0.

fixed
Decoding problems for messages with less common charsets (cp932, cp936)

fixed
New messages in the drafts folder (and other special or virtual folders)
will no longer be included in the new messages notification

Revision 1.203: download - view: text, markup, annotated - select for diffs
Thu Jan 3 12:08:55 2019 UTC (5 years, 11 months ago) by adam
Branches: MAIN
Diff to: previous 1.202: preferred, colored
Changes since revision 1.202: +1 -2 lines
thunderbird: removed empty patch

Revision 1.202: download - view: text, markup, annotated - select for diffs
Sun Dec 16 08:12:15 2018 UTC (5 years, 11 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4
Diff to: previous 1.201: preferred, colored
Changes since revision 1.201: +53 -120 lines
Update to 60.3.3

Changelog:
60.3.3:
mitigated
    Thunderbird 60 will migrate security databases (key3.db, cert8.db to
    key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault
    that potentially deleted saved passwords and private certificate keys
    for users using a master password. Version 60.3.3 will prevent the loss
    of data; affected users who have already upgraded to version 60.3.2 or
    earlier can restore the deleted key3.db file from backup to complete
    the migration.

fixed
    Address book search and auto-complete slowness introduced in
      Thunderbird 60.3.2
    Plain text markup with * for bold, / for italics, _ for underline and |
      for code did not work when the enclosed text contained non-ASCII
      characters
    While composing a message, a link not removed when link location was
      removed in the link properties panel

60.3.2:
fixed
    Under some circumstances Thunderbird on Mac will send attachments using
      the so-called AppleDouble format which can lead to problems with mail
      servers and recipients
    Encoding problems when exporting address books or messages using the
      system charset. Messages are now always exported using the UTF-8 encoding.
    If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was
      displayed. Now using date from "Received" header instead.
    Body search/filtering didn't reliably ignore content of tags
    Inappropriate warning "Thunderbird prevented the site
      (addons.thunderbird.net) from asking you to install software on your
      computer" when installing add-ons
    Incorrect display of correspondents column since own email address was
      not always detected
    Spurious &#xA; (encoded newline) inserted into drafts and sent email
    New email not inserted in correct sort order in threaded unified view
      or search folder

60.3.1:
fixed
    Double-clicking on a word in the Write window sometimes launched the
      Advanced Property Editor or Link Properties dialog
    Cookie removal (not working since Thunderbird version 52)
    "Download rest of message" not working if global inbox was used
    Encoding problems for users (especially in Poland) when a file was sent
      via a folder using "Sent to > Mail recipient" due to a problem in the
      Thunderbird MAPI interface
    According to RFC 4616 and RFC 5721, passwords containing non-ASCII
      characters are encoded using UTF-8 which can lead to problems with
      non-compliant providers, for example office365.com. The SMTP LOGIN
      and POP3 USER/PASS authentication methods are now using a Latin-1
      encoding again to work around this issue.
    Shutdown crash/hang after entering an empty IMAP password

60.3.0:
fixed
    Various Theme fixes where incorrect colors, backgrounds, etc. were
      displayed
    Add-on Options menu not working on Mac
    Shift+PageUp/PageDown in Write window
    Saving content of Write windows didn't overwrite existing file
    Issues related to "Edit Template" command
    Gloda attachment filtering
    Mailing list address auto-complete enter/return handling
    Thunderbird hung if HTML signature references non-existent image
    Filters not working for headers that appear more than once
    Various security fixes

Secirity fixes:
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3

60.2.1:
Changed
    Calendar: Default values for the first day of the week and working days
      are now derived from the selected datetime formatting locale (restart
      after changing locale in the OS required)
    Calendar: Switch to a Photon-style icon set for all platforms
    Multiple requests for master password when Google Mail or Calendar
      OAuth2 is enabled
    Scrollbar of the address entry auto-complete popup does not work
    Security info dialog in compose window does not show certificate status
    Links in the Add-on Manager's search results and theme browsing tabs
      open in external browser
    Localized versions of Thunderbird didn't show a localized name for
      the "Drafts" and "Sent" folders for certain IMAP providers
      (particularly in France)
    Replying to a message with an empty subject inserted Re: twice (not
      working in Thunderbird 60.0)
    Spellcheck marks disappeared erroneously for words with an apostrophe
      (not working in Thunderbird 60.0)
    Calendar: First day of the week cannot be set
    Calendar: Several fixes related to cutting/deleting of events and email
      scheduling
    Various security fixes

Security fixes:
#CVE-2018-12377: Use-after-free in refresh driver timers
#CVE-2018-12378: Use-after-free in IndexedDB
#CVE-2018-12379: Out-of-bounds write with malicious MAR file
#CVE-2017-16541: Proxy bypass using automount and autofs
#CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
#CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
#CVE-2018-12376: Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1

60.0:
new
    When writing a message, a delete button now allows the removal of a
      recipient. This delete button is displayed when hovering the To/Cc/Bcc
      selector.
    Many improvements to attachments handling during compose: Attachments
      can now be reordered using a dialog, keyboard shortcuts, or drag and
      drop. The "Attach" button moved to the right to be above the attachment
      pane. The access key of the attachment pane (e.g. Alt+M, may vary
      depending on localization, Ctrl+M on Mac) now also works to show or
      hide the pane. The attachment pane can also be shown initially when
      composing a new message. Right-click on the header to enable this
      option. Hiding a non-empty attachment pane will now show a placeholder
      paperclip to indicate the presence of attachments and avoid sending
      them accidentally.
    "Edit Template" command. This also solves various problems when saving
      as template (duplicates created, message ID lost).
    "New Message from Template" command
    Allow changing the Spellcheck Language from status bar
    Light and Dark themes
    WebExtension themes are now enabled in Thunderbird
    A default startup directory in the address book window can now be
      configured
    Individual feed update interval
    An option under "Tools > Options, Advanced, General" now allows to
      select whether date/time display will follow the application locale
      (adjusted by operating system's format settings for that locale) or
      the locale selected in the operating system's regional settings.
      In other words, an US English Thunderbird can use, for example,
      German formats.
    OAuth2 authentication for Yahoo and AOL
    FIDO U2F support
    Thunderbird now allows the conversion of folders from mbox to maildir
      format and vice versa. This is an experimental feature that needs to
      be enabled by setting the preference mail.store_conversion_enabled.
      Note that this functionality does not not work if the option "Allow
      Windows Search/Spotlight to search messages" is selected.
    Calendar: Allow copying, cutting or deleting of a selected occurrence
      or the entire series for recurring events
    Calendar: Provide an option to display locations for events in calendar
      day and week views
    Calendar: Provide the ability for sending/not sending meeting
      notifications directly instead of showing a popup
    Calendar: Option to select the target calendar when pasting an event
      or task
    Calendar: Allow email scheduling for CalDAV servers supporting
      server-side scheduling
    Thunderbird Chat now contains multiple built-in message themes

changed
    IMPORTANT: Add-ons not marked as compatible with Thunderbird 60
      by their authors will be disabled (this can be reverted via preference
      extensions.strictCompatibility)
    IMAP: When after sending a message storing that sent message fails,
      the message can now be stored in a local folder
    Add-on options can no longer be configured from the Add-on Manager page.
      A new menu item "Add-on Options" is now available on the Tools menu.
    When messages are composed in paragraph format, "body text" and split
      mail quotes are converted to paragraphs when pressing the enter key
    "Edit As New Message" will now use the account's default compose format,
      either HTML or plain text ignoring the format of the message. Plain
      text messages will be converted to HTML and vice versa. Then using
      the modifier, the format choice will be reverted.
    The "Edit Draft" command now also honors the use of the shift key to
      convert HTML to plain text or vice versa when editing a draft
    The plain text to HTML conversion has been improved where such a
      conversion is necessary for "Edit As New Message" or when the shift
      modifier is used for "Edit Draft" or "New Message from Template".
    During address entry, the matching part of the address is now shown in
      bold. Preference mail.autoComplete.commentColumn allows to display
      the address book where the address is stored.
    When attaching a message via drag and drop, the subject of the message
      is now used as attachment name instead of "Attached Message"
    Better address book photo handling: Photos can be added by drag and
      drop and a copy of all photos will be stored in the Thunderbird profile
    On first start, Thunderbird now shows the account setup dialog, no longer
      the account provisioner dialog
    Thunderbird follows Firefox' Photon design with rectangular tabs and
      many other theme improvements
    When customizing the From: address, Thunderbird will now use this address
      for the SMTP "MAIL FROM" command. Previously the address configured
      in the identity was used. The preference
      mail.smtp.useSenderForSmtpMailFrom allows return to the previous
      behavior.
    Native notifications on Linux are now re-enabled
    Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy
      now supported)
    Thunderbird now uses the latest Rust-based Mozilla technology, including
      Quantum's CSS engine (based on Servo) and encoding_rs, for displaying
      and encoding messages
    All certificates issued by Symantec roots before 2016-06-01 are
      distrusted for use in TLS secured traffic in Thunderbird 60 and above.
      This applies to all brands Symantec operated: Thawte, RapidSSL,
      GeoTrust, Verisign, and Symantec. For usage in S/MIME the certificates
      remain valid. Details here.
    Calendar: Removal of capability to send email invitations compatible
      to Outlook 2002 and earlier
    Calendar: Reminders on read-only calendars can now be dismissed, while
      reminders for missed events will now only be displayed for writable
      calendars if option "Show missed reminders for writable calendars" is
      selected
    Thunderbird Chat: Nicknames inside of messages are colored to match
      the participants list

fixed
    When many Thunderbird clients or other email clients accessed the same
      IMAP draft folder, messages were sometimes sent with the wrong
      identity. This has been corrected and the user will be notified if
      none of their identities matches the draft.
    Various problems related to handling the IMAP trash folder: Under
      certain circumstances the selection of the trash folder didn't persist,
      for example when the name contained non-ASCII characters, or in
      localized versions of Thunderbird. At times unwanted adtext menu behavior
    Better error handling for Gmail authentication to avoid re-downloading
      of folders
    Thunderbird used a stale cached password after user edited a saved
      password
    Calendar: Wrong time formatting for some time zones
    Calendar: Can't copy information from event dialog for received invitations
    Various security fixes

Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60
#CVE-2018-5188: Memory sa60

Revision 1.201: download - view: text, markup, annotated - select for diffs
Mon Jul 30 19:51:47 2018 UTC (6 years, 4 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Diff to: previous 1.200: preferred, colored
Changes since revision 1.200: +5 -5 lines
Update to 52.9.1

Changelog:
    changed
    Thunderbird will now prompt to compact IMAP folders even if the account is online. Note: Under certain circumstances an incorrect estimate of the expected gain is shown.

    fixed
    Complete fix of the EFAIL vulnerability: 1) Removing some HTML crafted to carry out an attack. 2) Optionally: Not decrypting subordinate message parts that otherwise might reveal decrypted content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security.

    fixed
    Various problems when forwarding messages inline when using "simple" HTML view

    fixed
    Deleting or detaching attachments corrupted messages under certain circumstances (not working only in Thunderbird version 52.9.0)

    fixed
    Various security fixes

Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails
#CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field
#CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9

Revision 1.199.2.1: download - view: text, markup, annotated - select for diffs
Sun Jun 17 20:57:20 2018 UTC (6 years, 5 months ago) by spz
Branches: pkgsrc-2018Q1
Diff to: previous 1.199: preferred, colored; next MAIN 1.200: preferred, colored
Changes since revision 1.199: +5 -5 lines
Pullup ticket #5768 - requested by bsiegert
mail/thunderbird: security update

Revisions pulled up:
- mail/thunderbird/Makefile                                     1.210
- mail/thunderbird/distinfo                                     1.200

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   ryoon
   Date:           Fri Jun  1 19:49:40 UTC 2018

   Modified Files:
           pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update to 52.8.0

   Changelog:
   #CVE-2018-5183: Backport critical security fixes in Skia
   #CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack
   #CVE-2018-5154: Use-after-free with SVG animations and clip paths
   #CVE-2018-5155: Use-after-free with SVG animations and text paths
   #CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
   #CVE-2018-5161: Hang via malformed headers
   #CVE-2018-5162: Encrypted mail leaks plaintext through src attribute
   #CVE-2018-5170: Filename spoofing for external attachments
   #CVE-2018-5168: Lightweight themes can be installed without user interaction
   #CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior
    for downloaded files in Windows 10 April 2018 Update
   #CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion
    through legacy extension
   #CVE-2018-5185: Leaking plaintext through HTML forms
   #CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8,
    and Thunderbird 52.8


   To generate a diff of this commit:
   cvs rdiff -u -r1.209 -r1.210 pkgsrc/mail/thunderbird/Makefile
   cvs rdiff -u -r1.199 -r1.200 pkgsrc/mail/thunderbird/distinfo

Revision 1.200: download - view: text, markup, annotated - select for diffs
Fri Jun 1 19:49:40 2018 UTC (6 years, 6 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2
Diff to: previous 1.199: preferred, colored
Changes since revision 1.199: +5 -5 lines
Update to 52.8.0

Changelog:
#CVE-2018-5183: Backport critical security fixes in Skia
#CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack
#CVE-2018-5154: Use-after-free with SVG animations and clip paths
#CVE-2018-5155: Use-after-free with SVG animations and text paths
#CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
#CVE-2018-5161: Hang via malformed headers
#CVE-2018-5162: Encrypted mail leaks plaintext through src attribute
#CVE-2018-5170: Filename spoofing for external attachments
#CVE-2018-5168: Lightweight themes can be installed without user interaction
#CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior
 for downloaded files in Windows 10 April 2018 Update
#CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion
 through legacy extension
#CVE-2018-5185: Leaking plaintext through HTML forms
#CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8,
 and Thunderbird 52.8

Revision 1.199: download - view: text, markup, annotated - select for diffs
Thu Mar 29 10:19:30 2018 UTC (6 years, 8 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2018Q1-base
Branch point for: pkgsrc-2018Q1
Diff to: previous 1.198: preferred, colored
Changes since revision 1.198: +2 -2 lines
thunderbird: fix SUBST* and patch so it actually does something.

Revision 1.198: download - view: text, markup, annotated - select for diffs
Wed Mar 28 13:34:19 2018 UTC (6 years, 8 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.197: preferred, colored
Changes since revision 1.197: +5 -5 lines
Update to 52.7.0

Changelog:
    Fixed Searching message bodies of messages in local folders,
          including filter and quick filter operations, did not find
          content in message attachments
    Fixed Better error handling for Yahoo accounts
    Fixed Various security fixes

#CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
#CVE-2018-5129: Out-of-bounds write with malformed IPC messages
#CVE-2018-5144: Integer overflow during Unicode conversion
#CVE-2018-5146: Out of bounds memory write in libvorbis
#CVE-2018-5125: Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7,
                and Thunderbird 52.7
#CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 and
                Thunderbird 52.7

Revision 1.197: download - view: text, markup, annotated - select for diffs
Fri Mar 23 05:29:11 2018 UTC (6 years, 8 months ago) by rin
Branches: MAIN
Diff to: previous 1.196: preferred, colored
Changes since revision 1.196: +3 -1 lines
Fix from upstream for Bug 1444371:
mail.label_ascii_only_mail_as_us_ascii does not work with ISO-2022-JP

Bump PKGREVISION.

Revision 1.196: download - view: text, markup, annotated - select for diffs
Sat Mar 3 22:20:39 2018 UTC (6 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.195: preferred, colored
Changes since revision 1.195: +5 -5 lines
Update to 52.6.0

Changelog:
    Fixed Searching message bodies of messages in local folders, including
            filter and quick filter operations, not working reliably:
            Content not found in base64-encode message parts, non-ASCII text
            not found and false positives found.
    Fixed Defective messages (without at least one expected header) not shown
            in IMAP folders but shown on mobile devices
    Fixed Calendar: Unintended task deletion if numlock is enabled
    Fixed Various security fixes

Security fixes:
#CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
#CVE-2018-5096: Use-after-free while editing form elements
#CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
#CVE-2018-5098: Use-after-free while manipulating form input elements
#CVE-2018-5099: Use-after-free with widget listener
#CVE-2018-5102: Use-after-free in HTML media elements
#CVE-2018-5103: Use-after-free during mouse event handling
#CVE-2018-5104: Use-after-free during font face manipulation
#CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
#CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6,
                  and Thunderbird 52.6

Revision 1.195: download - view: text, markup, annotated - select for diffs
Wed Jan 24 16:39:02 2018 UTC (6 years, 10 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.194: preferred, colored
Changes since revision 1.194: +5 -5 lines
Update to 52.5.2

Changelog:
Fix
 This releases fixes the "Mailsploit" vulnerability and other vulnerabilities
 detected by the "Cure53" audit. For details and various other security
 fixes see here.

CVE-2017-7845: Buffer overflow when drawing and validating elements with
  ANGLE library using Direct 3D 9
CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin
CVE-2017-7847: Local path string can be leaked from RSS feed
CVE-2017-7848: RSS Feed vulnerable to new line Injection
CVE-2017-7829: Mailsploit part 1: From address with encoded null character
  is cut off in message header display

Revision 1.192.4.1: download - view: text, markup, annotated - select for diffs
Sun Dec 3 11:41:43 2017 UTC (7 years ago) by bsiegert
Branches: pkgsrc-2017Q3
Diff to: previous 1.192: preferred, colored; next MAIN 1.193: preferred, colored
Changes since revision 1.192: +5 -5 lines
Pullup ticket #5656 - requested by khorben
mail/thunderbird: security fix
mail/thunderbird-l10n: update


Revisions pulled up:
- mail/thunderbird-l10n/Makefile                                1.61-1.62
- mail/thunderbird-l10n/distinfo                                1.59-1.60
- mail/thunderbird/Makefile                                     1.198,1.200
- mail/thunderbird/distinfo                                     1.193-1.194
- mail/thunderbird/hacks.mk                                     1.8
- mail/thunderbird45/hacks.mk                                   1.2

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Oct 27 18:01:44 UTC 2017

   Modified Files:
   	pkgsrc/mail/thunderbird: hacks.mk
   	pkgsrc/mail/thunderbird45: hacks.mk

   Log Message:
   Remove removed inclusion. Pointed by oster@. Thank you

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Nov 17 00:49:20 UTC 2017

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update to 52.4.0

   Chagelog:
   New
   In Thunderbird 52 a new behavior was introduced for replies to mailing
   list posts: "When replying to a mailing list, reply will be sent to
   address in From header ignoring Reply-to header". A new preference
   mail.override_list_reply_to allows to restore the previous behavior.

   Fixed
   Under certain circumstances (image attachment and non-image attachment),
   attached images were shown truncated in messages stored in IMAP
   folders not synchronised for offline use.

   Fixed
   IMAP UIDs > 0x7FFFFFFF not handled properly

   Security fixes:
   #CVE-2017-7793: Use-after-free with Fetch API

   Reporter
       Abhishek Arya
   Impact
       high

   Description

   A use-after-free vulnerability can occur in the Fetch API when the
   worker or the associated window are freed when still in use,
   resulting in a potentially exploitable crash.

   References
       Bug 1371889

   #CVE-2017-7818: Use-after-free during ARIA array manipulation

   Reporter
       Nils
   Impact
       high

   Description

   A use-after-free vulnerability can occur when manipulating arrays of
   Accessible Rich Internet Applications (ARIA) elements within containers
   through the DOM. This results in a potentially exploitable crash.

   References
       Bug 1363723

   #CVE-2017-7819: Use-after-free while resizing images in design mode

   Reporter
       Nils
   Impact
       high

   Description

   A use-after-free vulnerability can occur in design mode when image
   objects are resized if objects referenced during the resizing have
   been freed from memory. This results in a potentially exploitable crash.

   References
       Bug 1380292

   #CVE-2017-7824: Buffer overflow when drawing and validating elements
   with ANGLE

   Reporter
       Omair, Andre Weissflog
   Impact
       high

   Description

   A buffer overflow occurs when drawing and validating elements with
   the ANGLE graphics library, used for WebGL content. This is due to
   an incorrect value being passed within the library during checks and
   results in a potentially exploitable crash.

   References
       Bug 1398381

   #CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

   Reporter
       Martin Thomson
   Impact
       high

   Description

   During TLS 1.2 exchanges, handshake hashes are generated which point
   to a message buffer. This saved data is used for later messages but
   in some cases, the handshake transcript can exceed the space available
   in the current buffer, causing the allocation of a new buffer. This
   leaves a pointer pointing to the old, freed buffer, resulting in
   a use-after-free when handshake hashes are then calculated afterwards.
   This can result in a potentially exploitable crash.

   References
       Bug 1377618

   #CVE-2017-7814: Blob and data URLs bypass phishing and malware
   protection warnings

   Reporter
       François Marier
   Impact
       moderate

   Description

   File downloads encoded with blob: and data: URL elements bypassed
   normal file download checks though the Phishing and Malware Protection
   feature and its block lists of suspicious sites and files. This
   would allow malicious sites to lure users into downloading executables
   that would otherwise be detected as suspicious.

   References
       Bug 1376036

   #CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode
   characters as spaces

   Reporter
       Khalil Zhani
   Impact
       moderate

   Description

   Several fonts on OS X display some Tibetan and Arabic characters
   as whitespace. When used in the addressbar as part of an IDN
   this can be used for domain name spoofing attacks.
   Note: This attack only affects OS X operating systems. Other
   operating systems are unaffected.

   References
       Bug 1393624
       Bug 1390980

   #CVE-2017-7823: CSP sandbox directive did not create a unique origin

   Reporter
       Jun Kokatsu
   Impact
       moderate

   Description

   The content security policy (CSP) sandbox directive did not
   create a unique origin for the document, causing it to behave as
   if the allow-same-origin keyword were always specified. This could
   allow a Cross-Site Scripting (XSS) attack to be launched from
   unsafe content.

   References
       Bug 1396320

   #CVE-2017-7810: Memory safety bugs fixed in Firefox 56, Firefox ESR 52.4,
   and Thunderbird 52.4

   Reporter
       Mozilla developers and community
   Impact
       critical

   Description

   Mozilla developers and community members Christoph Diehl, Jan de Mooij,
   Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian
   Hengst reported memory safety bugs present in Firefox 55, Firefox
   ESR 52.3, and Thunderbird 52.3. Some of these bugs showed evidence
   of memory corruption and we presume that with enough effort that some
   of these could be exploited to run arbitrary code.

   References
       Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Nov 17 00:52:40 UTC 2017

   Modified Files:
   	pkgsrc/mail/thunderbird-l10n: Makefile distinfo

   Log Message:
   Update to 52.4.0

   * Sync with mail/thunderbird-52.4.0

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Mon Nov 27 23:36:40 UTC 2017

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update to 52.5.0

   Changelog:
   #CVE-2017-7828: Use-after-free of PressShell while restyling layout

   Reporter
       Nils
   Impact
       critical

   Description
   A use-after-free vulnerability can occur when flushing and resizing
   layout because the PressShell object has been freed while still in use.
   This results in a potentially exploitable crash during these operations.

   References
       Bug 1406750
       Bug 1412252

   #CVE-2017-7830: Cross-origin URL information leak through Resource
   Timing API

   Reporter
       Jun Kokatsu
   Impact
       high

   Description
   The Resource Timing API incorrectly revealed navigations in cross-origin
   iframes. This is a same-origin policy violation and could allow for data
   theft of URLs loaded by users.

   References
       Bug 1408990

   #CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5,
   and Thunderbird 52.5

   Reporter
       Mozilla developers and community
   Impact
       critical

   Description
   Mozilla developers and community members Christian Holler, David Keeler,
   Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp,
   Nicholas Nethercote, Oriol Brufau, André Bargull, Bob Clary,
   Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen
   reported memory safety bugs present in Firefox 56, Firefox ESR 52.4, and
   Thunderbird 52.4. Some of these bugs showed evidence of memory corruption
   and we presume that with enough effort that some of these could be
   exploited to run arbitrary code.

   References
       Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5,
       and Thunderbird 52.5

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Mon Nov 27 23:38:39 UTC 2017

   Modified Files:
   	pkgsrc/mail/thunderbird-l10n: Makefile distinfo

   Log Message:
   Update to 52.5.0

   * Sync with mail/thunderbird-52.5.0

Revision 1.194: download - view: text, markup, annotated - select for diffs
Mon Nov 27 23:36:39 2017 UTC (7 years ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4
Diff to: previous 1.193: preferred, colored
Changes since revision 1.193: +5 -5 lines
Update to 52.5.0

Changelog:
#CVE-2017-7828: Use-after-free of PressShell while restyling layout

Reporter
    Nils
Impact
    critical

Description
A use-after-free vulnerability can occur when flushing and resizing
layout because the PressShell object has been freed while still in use.
This results in a potentially exploitable crash during these operations.

References
    Bug 1406750
    Bug 1412252

#CVE-2017-7830: Cross-origin URL information leak through Resource Timing API

Reporter
    Jun Kokatsu
Impact
    high

Description
The Resource Timing API incorrectly revealed navigations in cross-origin
iframes. This is a same-origin policy violation and could allow for data
theft of URLs loaded by users.

References
    Bug 1408990

#CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5,
and Thunderbird 52.5

Reporter
    Mozilla developers and community
Impact
    critical

Description
Mozilla developers and community members Christian Holler, David Keeler,
Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp,
Nicholas Nethercote, Oriol Brufau, André Bargull, Bob Clary,
Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen
reported memory safety bugs present in Firefox 56, Firefox ESR 52.4, and
Thunderbird 52.4. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort that some of these could be
exploited to run arbitrary code.

References
    Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5,
    and Thunderbird 52.5

Revision 1.193: download - view: text, markup, annotated - select for diffs
Fri Nov 17 00:49:20 2017 UTC (7 years ago) by ryoon
Branches: MAIN
Diff to: previous 1.192: preferred, colored
Changes since revision 1.192: +5 -5 lines
Update to 52.4.0

Chagelog:
New
In Thunderbird 52 a new behavior was introduced for replies to mailing
list posts: "When replying to a mailing list, reply will be sent to
address in From header ignoring Reply-to header". A new preference
mail.override_list_reply_to allows to restore the previous behavior.

Fixed
Under certain circumstances (image attachment and non-image attachment),
attached images were shown truncated in messages stored in IMAP
folders not synchronised for offline use.

Fixed
IMAP UIDs > 0x7FFFFFFF not handled properly

Security fixes:
#CVE-2017-7793: Use-after-free with Fetch API

Reporter
    Abhishek Arya
Impact
    high

Description

A use-after-free vulnerability can occur in the Fetch API when the
worker or the associated window are freed when still in use,
resulting in a potentially exploitable crash.

References
    Bug 1371889

#CVE-2017-7818: Use-after-free during ARIA array manipulation

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when manipulating arrays of
Accessible Rich Internet Applications (ARIA) elements within containers
through the DOM. This results in a potentially exploitable crash.

References
    Bug 1363723

#CVE-2017-7819: Use-after-free while resizing images in design mode

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur in design mode when image
objects are resized if objects referenced during the resizing have
been freed from memory. This results in a potentially exploitable crash.

References
    Bug 1380292

#CVE-2017-7824: Buffer overflow when drawing and validating elements
with ANGLE

Reporter
    Omair, Andre Weissflog
Impact
    high

Description

A buffer overflow occurs when drawing and validating elements with
the ANGLE graphics library, used for WebGL content. This is due to
an incorrect value being passed within the library during checks and
results in a potentially exploitable crash.

References
    Bug 1398381

#CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

Reporter
    Martin Thomson
Impact
    high

Description

During TLS 1.2 exchanges, handshake hashes are generated which point
to a message buffer. This saved data is used for later messages but
in some cases, the handshake transcript can exceed the space available
in the current buffer, causing the allocation of a new buffer. This
leaves a pointer pointing to the old, freed buffer, resulting in
a use-after-free when handshake hashes are then calculated afterwards.
This can result in a potentially exploitable crash.

References
    Bug 1377618

#CVE-2017-7814: Blob and data URLs bypass phishing and malware
protection warnings

Reporter
    François Marier
Impact
    moderate

Description

File downloads encoded with blob: and data: URL elements bypassed
normal file download checks though the Phishing and Malware Protection
feature and its block lists of suspicious sites and files. This
would allow malicious sites to lure users into downloading executables
that would otherwise be detected as suspicious.

References
    Bug 1376036

#CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode
characters as spaces

Reporter
    Khalil Zhani
Impact
    moderate

Description

Several fonts on OS X display some Tibetan and Arabic characters
as whitespace. When used in the addressbar as part of an IDN
this can be used for domain name spoofing attacks.
Note: This attack only affects OS X operating systems. Other
operating systems are unaffected.

References
    Bug 1393624
    Bug 1390980

#CVE-2017-7823: CSP sandbox directive did not create a unique origin

Reporter
    Jun Kokatsu
Impact
    moderate

Description

The content security policy (CSP) sandbox directive did not
create a unique origin for the document, causing it to behave as
if the allow-same-origin keyword were always specified. This could
allow a Cross-Site Scripting (XSS) attack to be launched from
unsafe content.

References
    Bug 1396320

#CVE-2017-7810: Memory safety bugs fixed in Firefox 56, Firefox ESR 52.4,
and Thunderbird 52.4

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Christoph Diehl, Jan de Mooij,
Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian
Hengst reported memory safety bugs present in Firefox 55, Firefox
ESR 52.3, and Thunderbird 52.3. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort that some
of these could be exploited to run arbitrary code.

References
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

Revision 1.192: download - view: text, markup, annotated - select for diffs
Sat Aug 19 04:19:03 2017 UTC (7 years, 3 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2017Q3-base
Branch point for: pkgsrc-2017Q3
Diff to: previous 1.191: preferred, colored
Changes since revision 1.191: +5 -5 lines
Update to 52.3.0

Changelog:
    Fixed
    Unwanted inline images shown in rogue SPAM messages

    Fixed
    Deleting message from the POP3 server not working when maildir storage was used

    Fixed
    Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later

    Fixed
    Inline images not scaled to fit when printing

    Fixed
    Selected text from another message sometimes included in a reply

    Fixed
    No authorisation prompt displayed when inserting image into email body although image URL requires authentication

    Fixed
    Large attachments taking a long time to open under some circumstances

    Fixed
    Various security fixes

Revision 1.191: download - view: text, markup, annotated - select for diffs
Mon Jul 3 16:37:52 2017 UTC (7 years, 5 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.190: preferred, colored
Changes since revision 1.190: +5 -6 lines
Update to 52.2.1

Changelog:
52.2.1
    Fixed Problems with Gmail (folders not showing, repeated email download, etc.) introduced in version 52.2.0.

52.2.0
    Fixed Embedded images not shown in email received from Hotmail/Outlook webmailer
    Fixed Detection of non-ASCII font names in font selector
    Fixed Attachment not forwarded correctly under certain circumstances
    Fixed Multiple requests for master password when GMail OAuth2 is enabled
    Fixed Large number of blank pages being printed under certain circumstances when invalid preferences were present
    Fixed Messages sent via the Simple MAPI interface are forced to HTML
    Fixed Calendar: Invitations can't be printed
    Fixed Mailing list (group) not accessible from macOS or Outlook address book
    Fixed Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser
    Fixed Various security fixes

#CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
#CVE-2017-7749: Use-after-free during docshell reloading
#CVE-2017-7750: Use-after-free with track elements
#CVE-2017-7751: Use-after-free with content viewer listeners
#CVE-2017-7752: Use-after-free with IME input
#CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
#CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
#CVE-2017-7757: Use-after-free in IndexedDB
#CVE-2017-7758: Out-of-bounds read in Opus encoder
#CVE-2017-7763: Mac fonts render some unicode characters as spaces
#CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
#CVE-2017-7765: Mark of the Web bypass when saving executable files
#CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2

52.1.1
    Fixed Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use
    Fixed Unable to load full message via POP if message was downloaded partially (or only headers) before
    Fixed Some attachments can't be opened or saved if the message body is empty
    Fixed Crash when compacting IMAP folder

Revision 1.190: download - view: text, markup, annotated - select for diffs
Mon May 1 05:50:08 2017 UTC (7 years, 7 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Diff to: previous 1.189: preferred, colored
Changes since revision 1.189: +5 -5 lines
Update to 52.1.0

Changelog:
Fixed
* Background images not working and other issues related to embedded images when composing email
* Google Oauth setup can sometimes not progress to the next step

Revision 1.189: download - view: text, markup, annotated - select for diffs
Thu Apr 27 13:32:40 2017 UTC (7 years, 7 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.188: preferred, colored
Changes since revision 1.188: +66 -98 lines
Update to 52.0.1

Changelog:
52.0.1:
    Fixed

    Clicking on a link in an email may not open this link in the external browser.
    Crash due to incompatibility with McAfee Anti-SPAM add-on. Add-on is blocked in 52.0.1


52.0:
    New

    Folder pane toolbar and folder view selector (replacement for folder view arrows)
    Optionally remove corresponding data files when removing an account from Thunderbird
    Import settings from Becky! Internet Mail
    Possibility to copy message filter
    Dictionary setting is restored when editing a draft. Content-Language header (RFC 3282) transmitted with message
    Calendar: Event can now be created and edited in a tab
    Calendar: Processing of received invitation counter proposals
    Chat: Support Twitter Direct Messages
    Chat: Liking and favoriting in Twitter
    Chat: XMPP: Support SASL SCRAM authentication mechanism
    Chat: Support Jabber/XMPP Message Carbons (XEP-280)

    Changed

    IMPORTANT: The way images are included in a compose window has changed. Images are now included as data URIs and not as references to parts of other messages or operating system files. This allows better interoperability with office packages such as MS Office or LibreOffice. Images linked from locations on the internet will no longer be downloaded and attached to the message automatically. This can be changed for each image individually via the Image Properties dialog or globally by setting the preference mail.compose.attach_http_images.
    Correspondents column now default for all new folders, can be switched off with preference mail.threadpane.use_correspondents
    When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header
    On Linux PulseAudio is now required to play sound
    Formatting toolbar is now left in place when delivery format is switched to plain text only
    Messages in IMAP folders read on external device are now filtered by default
    Folders backed by mbox storage larger than 4GB are supported without warning (unless preference mailnews.allowMboxOver4GB is set to false)
    IMAP caching now uses Mozilla's latest caching technology
    The keyboard shortcut to insert hyperlinks into a compose window was changed from CTRL+L to CTRL+K to align with Office applications
    Chat: Removed Yahoo! Messenger support (since Yahoo removed support)

    Fixed

    Message preview pane non-functional after IMAP folder was renamed or moved
    Fixed
    Editing in paragraph format: Pressing Shift+Enter sometimes doesn't move the cursor to the next line
    Various corrections when composing messages in paragraph format
    Paste as quotation doesn't always work
    Long lines in plain text replies not properly wrapped
    Undesired white-space before signature in paragraph mode
    When attachment unavailable, compose shows endless "Attaching..." message instead of error
    Text encoding of reply sometimes incorrect (uses encoding of last viewed message)
    Text encoding of message display, reply or forwarded message sometimes incorrect (uses encoding of attachment)
    Delivery Format not preserved for saved drafts (Auto-Detect|Plaintext|HTML|Both)
    Reply to own e-mail does not reply with the correct identity
    IMAP message part caching
    Links with escaped non-ASCII (international) characters can't be clicked
    Calendar: Events specified in timezone "local time" generate alerts in UTC time
    Chat: XMPP Resource collisions
    Various security fixes

Security fixes:
 #CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
 #CVE-2017-5401: Memory Corruption when handling ErrorResult
 #CVE-2017-5402: Use-after-free working with events in FontFace objects
 #CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
 #CVE-2017-5404: Use-after-free working with ranges in selections
 #CVE-2017-5406: Segmentation fault in Skia with canvas operations
 #CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
 #CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
 #CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
 #CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
 #CVE-2017-5412: Buffer overflow read in SVG filters
 #CVE-2017-5413: Segmentation fault during bidirectional operations
 #CVE-2017-5414: File picker can choose incorrect default directory
 #CVE-2017-5416: Null dereference crash in HttpChannel
 #CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
 #CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
 #CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
 #CVE-2017-5419: Repeated authentication prompts lead to DOS attack
 #CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
 #CVE-2017-5421: Print preview spoofing
 #CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
 #CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
 #CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8

Revision 1.188: download - view: text, markup, annotated - select for diffs
Sun Mar 26 04:05:40 2017 UTC (7 years, 8 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1
Diff to: previous 1.187: preferred, colored
Changes since revision 1.187: +6 -6 lines
Update to 45.8.0

Changelog:
 #CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
 #CVE-2017-5401: Memory Corruption when handling ErrorResult
 #CVE-2017-5402: Use-after-free working with events in FontFace objects
 #CVE-2017-5404: Use-after-free working with ranges in selections
 #CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
 #CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
 #CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
 #CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
 #CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8

Revision 1.187: download - view: text, markup, annotated - select for diffs
Wed Mar 1 13:30:19 2017 UTC (7 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.186: preferred, colored
Changes since revision 1.186: +5 -5 lines
Update to 45.7.1

Changelog:
Fixed
	Crash when viewing certain IMAP messages (introduced in 45.7.0)

Revision 1.186: download - view: text, markup, annotated - select for diffs
Sat Feb 11 08:09:08 2017 UTC (7 years, 10 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.185: preferred, colored
Changes since revision 1.185: +5 -5 lines
Update to 45.7.0

Changelog:
    Fixed Message preview pane non-functional after IMAP folder was renamed or moved
    Fixed "Move To" button on "Search Messages" panel not working
    Fixed Message sent to "undisclosed recipients" shows no recipient (non-functional since Thunderbird version 38)
    Fixed Calendar: No way to accept/decline email invitations when sent and received messages are stored in the same folder
    Fixed Various security fixes

Security fixes:
 #CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
 #CVE-2017-5376: Use-after-free in XSL
 #CVE-2017-5378: Pointer and frame data leakage of Javascript objects
 #CVE-2017-5380: Potential use-after-free during DOM manipulations
 #CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
 #CVE-2017-5396: Use-after-free with Media Decoder
 #CVE-2017-5383: Location bar spoofing with unicode characters
 #CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7

Revision 1.185: download - view: text, markup, annotated - select for diffs
Mon Jan 2 23:59:21 2017 UTC (7 years, 11 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.184: preferred, colored
Changes since revision 1.184: +5 -5 lines
Update to 45.6.0

Changelog:
    Fixed The system integration dialog was shown every time when starting Thunderbird
    Fixed Various security fixes

Security vulnerabilities fixed in Thunderbird 45.6
 #CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
 #CVE-2016-9895: CSP bypass using marquee tag
 #CVE-2016-9897: Memory corruption in libGLES
 #CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
 #CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
 #CVE-2016-9904: Cross-origin information leak in shared atoms
 #CVE-2016-9905: Crash in EnumerateSubDocuments
 #CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6

Revision 1.184: download - view: text, markup, annotated - select for diffs
Sat Dec 3 11:14:48 2016 UTC (8 years ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Diff to: previous 1.183: preferred, colored
Changes since revision 1.183: +5 -5 lines
Update to 45.5.1

Changelog:
45.5.1:
 #CVE-2016-9079: Use-after-free in SVG Animation

45.5.0:
 #CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
 #CVE-2016-5294: Arbitrary target directory for result files of update process
 #CVE-2016-5297: Incorrect argument length checking in JavaScript
 #CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
 #CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
 #CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
 #CVE-2016-5290: Memory safety bugs fixed in Thunderbird 45.5

Revision 1.183: download - view: text, markup, annotated - select for diffs
Wed Oct 26 22:50:13 2016 UTC (8 years, 1 month ago) by ryoon
Branches: MAIN
Diff to: previous 1.182: preferred, colored
Changes since revision 1.182: +5 -5 lines
Update to 45.4.0

Changelog:
    Fixed "Apply columns to..." did not honor special folders
    Fixed Threading broken when editing message draft, due to loss of Message-ID
    Fixed Mail saved as template copied In-Reply-To and References from original email.
    Fixed Additional spaces were inserted when drafts were edited.
    Fixed Recipient addresses were shown in red despite being inserted from the address book in some circumstances.
    Fixed Display name was truncated if no separating space before email address.

Revision 1.182: download - view: text, markup, annotated - select for diffs
Sun Sep 18 12:35:06 2016 UTC (8 years, 2 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3
Diff to: previous 1.181: preferred, colored
Changes since revision 1.181: +5 -5 lines
Update to 45.3.0

Changelog:
    Fixed Certain messages caused corruption of the drafts summary database.
    Fixed "edit as new message" on a received message pre-filled the sender as the composing identity.
    Fixed Disposition-Notification-To could not be used in mail.compose.other.header
    Fixed Various security fixes

Fixed in Thunderbird 45.3
    2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)

Revision 1.181: download - view: text, markup, annotated - select for diffs
Wed Jul 20 11:45:59 2016 UTC (8 years, 4 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.180: preferred, colored
Changes since revision 1.180: +5 -5 lines
Update to 45.2.0

Changelog:
Fixed Invitations to events could not be printed.
Fixed Dragging and dropping of contacts from the contact list onto an addressbook while All Addressbooks is selected moved only one contact
Fixed Falsely reported not enough disk space during compacting
Fixed Links were not always detected properly in the message body (terminated early on "|", some long links not detected at all)

Fixed in Thunderbird 45.2
    2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)

Revision 1.180: download - view: text, markup, annotated - select for diffs
Sun Jun 19 06:34:26 2016 UTC (8 years, 5 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2
Diff to: previous 1.179: preferred, colored
Changes since revision 1.179: +5 -5 lines
Update to 45.1.1

Changelog:
    Fixed When entering members into a mailing list, the enter key dismissed the panel instead of just moving onto the next line
    Fixed Email without HTML elements was sent as HTML, despite "Delivery Format: Auto-detect" option
    Fixed Options applied to a template were lost when the template was used.
    Fixed Contacts could not be deleted when they were found through a search
    Fixed Views from global searches did not respect "mail.threadpane.use_correspondents"

Revision 1.179: download - view: text, markup, annotated - select for diffs
Tue May 31 21:33:50 2016 UTC (8 years, 6 months ago) by joerg
Branches: MAIN
Diff to: previous 1.178: preferred, colored
Changes since revision 1.178: +1 -2 lines
Repeat after me: unwind.h is in already on the generated wrapper list.

Revision 1.178: download - view: text, markup, annotated - select for diffs
Sat May 21 23:22:16 2016 UTC (8 years, 6 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.177: preferred, colored
Changes since revision 1.177: +5 -5 lines
Update to 45.1.0

Changelog:
Fixed in Thunderbird 45.1
    2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

Christian Holler, Tyson Smith, and Phil Ringalda reported memory safety problems and crashes that are fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46.
    Memory safety bugs fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46 (CVE-2016-2807)

Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, and Randell Jesup reported memory safety problems and crashes that are fixed in Firefox ESR 45.1 and Firefox 46.
    Memory safety bugs fixed in Firefox ESR 45.1 and Firefox 46 (CVE-2016-2806)

Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes that are fixed in Firefox 46.
    Memory safety bugs fixed in Firefox 46 (CVE-2016-2804)

Christian Holler reported a memory safety problem that is fixed in Firefox ESR 38.8.
    Memory safety bug fixed in Firefox ESR 38.8 (CVE-2016-2805)

Revision 1.177: download - view: text, markup, annotated - select for diffs
Sun Apr 17 18:42:27 2016 UTC (8 years, 7 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.176: preferred, colored
Changes since revision 1.176: +1 -2 lines
Remove unused patch

Revision 1.176: download - view: text, markup, annotated - select for diffs
Sun Apr 17 18:33:50 2016 UTC (8 years, 7 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.175: preferred, colored
Changes since revision 1.175: +153 -178 lines
Update to 45.0

* Regen patch names

Changelog:
    New Add a Correspondents column combining Sender and Recipient
    New Much better support for XMPP chatrooms and commands.
    New Remote content exceptions: Improved options to add exceptions.
    New Implement option to always use HTML formatting to prevent unexpected format loss when converting messages to plain text.
    New Use OpenStreetmap for maps (even allow the user to choose from list of map services)
    New Allow spell checking and dictionary selection in the subject line
    New Add dropdown in compose to allow specific setting of font size.
    New Return/Enter in composer will now insert a new paragraph by default (shift-Enter will insert a line break)
    New Mail.ru supports OAuth authentication.
    New Allow copying of name and email address from the message header of an email
    New Allow editing of From when composing a message.
    Fixed Fixed: When sending e-mail which was composed using Chinese, Japanese or Korean characters, unwanted extra spaces were inserted within the text.
    Fixed Spell checker checked spelling in invisible HTML parts of the message.
    Fixed When saving a draft that is edited as new message, original draft was overwritten.
    Fixed External images not displayed in reply/forward
    Fixed Properly preserve pre-formatted blocks in message replies.
    Fixed Crashed in some cases while parsing IMAP messages.
    Fixed Copy/paste from a plain text editor lost white-space (multiple spaces/blanks, tabs, newlines)
    Fixed "Open Draft"/"Forward"/"Edit As New"/"Reply" created message composition with incorrect character encoding.
    Fixed Fixed: Grouped By view sort direction change was broken, plus enabled custom column grouping.
    Fixed Fixed: New emails into a mailbox did not adhere to sort order by received.
    Fixed Fixed: Box.com attachments failed to upload.
    Fixed Fixed: Drag and drop of multiple attachments failed to OS file folder.
    Fixed XMPP had connection problems for users with large rosters

Security bugs:
Fixed in Thunderbird 45
    2016-37 Font vulnerabilities in the Graphite 2 library
    2016-36 Use-after-free during processing of DER encoded keys in NSS
    2016-35 Buffer overflow during ASN.1 decoding in NSS
    2016-34 Out-of-bounds read in HTML parser following a failed allocation
    2016-27 Use-after-free during XML transformations
    2016-24 Use-after-free in SetBody
    2016-23 Use-after-free in HTML5 string parser
    2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
    2016-19 Linux video memory DOS with Intel drivers
    2016-18 CSP reports fail to strip location information for embedded iframe pages
    2016-17 Local file overwriting and potential privilege escalation through CSP reports
    2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

Revision 1.175: download - view: text, markup, annotated - select for diffs
Mon Mar 28 10:38:08 2016 UTC (8 years, 8 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1
Diff to: previous 1.174: preferred, colored
Changes since revision 1.174: +5 -5 lines
Update to 38.7.1

Changelog
Changed Disabled Graphite font shaping library (not relevant for pkgsrc)

Revision 1.174: download - view: text, markup, annotated - select for diffs
Mon Mar 21 00:29:04 2016 UTC (8 years, 8 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.173: preferred, colored
Changes since revision 1.173: +5 -5 lines
Update to 38.7.0

Changelog:
Fixed in Thunderbird 38.7
    2016-37 Font vulnerabilities in the Graphite 2 library
    2016-35 Buffer overflow during ASN.1 decoding in NSS
    2016-34 Out-of-bounds read in HTML parser following a failed allocation
    2016-31 Memory corruption with malicious NPAPI plugin
    2016-27 Use-after-free during XML transformations
    2016-24 Use-after-free in SetBody
    2016-23 Use-after-free in HTML5 string parser
    2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
    2016-17 Local file overwriting and potential privilege escalation through CSP reports
    2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

Revision 1.173: download - view: text, markup, annotated - select for diffs
Sun Feb 28 09:55:35 2016 UTC (8 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.172: preferred, colored
Changes since revision 1.172: +5 -6 lines
Update to 38.6.0

Changelog:
    Fixed Various security fixes.
    Fixed Filters ran on a different folder than selected
    Fixed For Windows systems on roaming profiles, could not display messages after Thunderbird update (related to Lightning updates)

Fixed in Thunderbird 38.6
    2016-14 Vulnerabilities in Graphite 2
    2016-03 Buffer overflow in WebGL after out of memory allocation
    2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
    2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature

Revision 1.172: download - view: text, markup, annotated - select for diffs
Tue Feb 9 21:20:15 2016 UTC (8 years, 10 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.171: preferred, colored
Changes since revision 1.171: +6 -5 lines
Update to 38.5.1

* Add workaround for binutils 2.26 from NetBSD current

Changelog:
For Microsoft Windows only.

Revision 1.171: download - view: text, markup, annotated - select for diffs
Sun Jan 31 23:43:48 2016 UTC (8 years, 10 months ago) by joerg
Branches: MAIN
Diff to: previous 1.170: preferred, colored
Changes since revision 1.170: +4 -4 lines
Don't request static graphite, it breaks the build against newer
external graphite. Add all the graphite headers to the magic wrapper
list to avoid future fun. Remove manual unwind.h header where it still
exists.

Revision 1.170: download - view: text, markup, annotated - select for diffs
Wed Jan 20 22:14:13 2016 UTC (8 years, 10 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.169: preferred, colored
Changes since revision 1.169: +2 -2 lines
Fix build with recent include/g++/complex on NetBSD current

Revision 1.169: download - view: text, markup, annotated - select for diffs
Wed Dec 23 12:55:02 2015 UTC (8 years, 11 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4
Diff to: previous 1.168: preferred, colored
Changes since revision 1.168: +6 -6 lines
Update to 38.5.0

Changelog:
38.5.0:
Not available

38.4.0:
    Fixed Various security fixes
    Fixed Fixed issue where messages moves of multiple messages from a maildir folder to an mbox folder failed.

Fixed in Thunderbird 38.4

    2015-133 NSS and NSPR memory corruption issues
    2015-132 Mixed content WebSocket policy bypass through workers
    2015-131 Vulnerabilities found through code inspection
    2015-128 Memory corruption in libjar through zip files
    2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
    2015-123 Buffer overflow during image interactions in canvas
    2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
    2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

Revision 1.168: download - view: text, markup, annotated - select for diffs
Fri Nov 20 14:48:20 2015 UTC (9 years ago) by joerg
Branches: MAIN
Diff to: previous 1.167: preferred, colored
Changes since revision 1.167: +2 -1 lines
Avoid ambigious class references.

Revision 1.167: download - view: text, markup, annotated - select for diffs
Tue Nov 3 23:27:22 2015 UTC (9 years, 1 month ago) by agc
Branches: MAIN
Diff to: previous 1.166: preferred, colored
Changes since revision 1.166: +2 -1 lines
Add SHA512 digests for distfiles for mail category

Problems found locating distfiles:
	Package mutt: missing distfile patch-1.5.24.rr.compressed.gz
	Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz
	Package pine: missing distfile fancy.patch.gz
	Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch
	Package qmail: missing distfile badrcptto.patch
	Package qmail: missing distfile outgoingip.patch
	Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch
	Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch
	Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz
	Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.166: download - view: text, markup, annotated - select for diffs
Sun Oct 11 23:33:59 2015 UTC (9 years, 2 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.165: preferred, colored
Changes since revision 1.165: +4 -4 lines
Update to 38.3.0

Changelog:
    New Saved files tab now implements Search field and Clear button.
    Fixed (Right-)Clicking on a newsgroup now allows directly composing a message again
    Fixed Importing to the address book from CSV now works with international characters
    Fixed Thunderbird no longer crashes when executing filter rules when using maildir
    Fixed When using the maildir storage format, the INBOX folder is no longer deleted
    Fixed Emails with long References headers are now decoded correctly
    Fixed Checking for new messages correctly works after hibernation again
    Fixed Chat entries are no longer sometimes lost in global database at shutdown.

Revision 1.165: download - view: text, markup, annotated - select for diffs
Sun Sep 27 23:46:31 2015 UTC (9 years, 2 months ago) by tnn
Branches: MAIN
Diff to: previous 1.164: preferred, colored
Changes since revision 1.164: +1 -6 lines
Remove old and probably stale Gecko Media Plugin patches (from FreeBSD?).
It might still be possible that pkgsrc needs adjustments for gmp loading
if/when we adopt some gmp packages, but until then they serve no purpose
and in fact appear to be harmful. Fixes Firefox startup error message:

addons.manager  ERROR   Exception calling provider GMPProvider.startup

Revision 1.164: download - view: text, markup, annotated - select for diffs
Mon Sep 7 15:19:10 2015 UTC (9 years, 3 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Diff to: previous 1.163: preferred, colored
Changes since revision 1.163: +2 -2 lines
Fix build with newer freetype2.
Thank you, wiz@ and mef@.

Revision 1.163: download - view: text, markup, annotated - select for diffs
Sat Aug 29 12:42:55 2015 UTC (9 years, 3 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.162: preferred, colored
Changes since revision 1.162: +4 -4 lines
Update to 38.2.0

Changelog:
Changed Hardware acceleration is now disabled by default to avoid crashing Thunderbird
Fixed A few bugs have been fixed to avoid crashing Thunderbird

Fixed in Thunderbird 38.2
    2015-90 Vulnerabilities found through code inspection
    2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
    2015-85 Out-of-bounds write with Updater and malicious MAR file
    2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
    2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)

Revision 1.162: download - view: text, markup, annotated - select for diffs
Thu Jul 16 11:40:50 2015 UTC (9 years, 4 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.161: preferred, colored
Changes since revision 1.161: +4 -4 lines
Update to 38.1.0

* Fix mozilla-common.mk inclusion.

Changelog:
What's New
    Fixed Copy/Paste into plain text editor deletes newlines from quoted text (bug 1143570)
    Fixed Cross-posts won't send because Newsgroups: groups are separated with comma+space, not just comma (bug 1151448)
    Fixed Cannot send email through exchange server (NTLM) (bug 1174159)
    Fixed Doesn't display GB2312 encoded texts correctly for Chinese Characters (bug 1174580)
    Fixed OAuth2 authentication for GMail does not work when specified server is imap.gmail.com or smtp.gmail.com. (bug 1176773)

Known Issues
    unresolved Import from Outlook and Eudora disabled, code currently not working (bug 1175055)

Revision 1.161: download - view: text, markup, annotated - select for diffs
Thu Jul 9 15:17:34 2015 UTC (9 years, 5 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.160: preferred, colored
Changes since revision 1.160: +123 -106 lines
Update to 38.0.1

Changelog:
What's New
    New GMail supports OAuth2 authentication, removing the need to manually select "allow less secure applications" in Google options for the account. (bug 849540)
    New Ship Lightning calendar addon with Thunderbird and enable with an opt-out dialog (bug 1113183)
    New Filter sent messages (bug 11039)
    New Filter messages when archived (bug 479823)
    New Enable search in multiple/all address books (bug 170270)
    New Add support for Yahoo Messenger in Chat (bug 955574)
    New Support Internationalized domain name URLs for RSS feeds (Bug 1018589)
    New Show expanded columns in folder pane (bug 464973)
    New Allow file-per-message (maildir) local message storage (bug 845952)
    New Add a Learn more link to the support page in feeds subscribe dialog (bug 1053782)
    New Add reading position marker line to conversations (bug 760762)
    New The editor for twitter should show inputtable character count (bug 736002)
    Changed Thunderbird will no longer use SHA-1 to sign messages (bug 1018259)
    Changed Removed rarely used character sets: T.61-8bit, non-encoding Mac encoders, VISCII, x-viet-tcvn5712, x-viet-vps x-johab, ARMSCII8 , map us-ascii to windows-1252, ISO-8859-6-I and -E and ISO-8859-8-E, (bug 1068505 and others.)
    Changed Disable CONDSTORE support for IMAP to prevent discrepancies in IMAP message status (deleted, unread) on some servers (bug 912216)
    Changed Make OpenSearch queries open in the user's default browser (bug 1120777)
    Changed Default to using SSL for XMPP and IRC. This might cause issues for self-signed certificates (bug 1122567, bug 1122666)
    Fixed Replied/forwarded icons disappear after folder repair, detach/delete (bug 840418)
    Fixed Attachment "Save As" files are displayed in Tools/Saved Files (bug 914517)
    Fixed Adding unknown email addresses to Mailing list, then deleting ghost duplicate entries from contacts pane, caused dataloss in mailing list (bug 628035)
    Fixed Web site from RSS feed was not rendered correctly (bug 662907)
    Fixed Email address with leading/trailing whitespace displayed wrongly with added quotes when composing ["foo"@bar.com] (bug 286760)
    Fixed Force display of Sender header if S/MIME sender is the signer (bug 332639)
    Fixed Addressing autocomplete widget: Typed text in red despite results/matches found if suggestions change by last input (bug 1042561)
    Fixed Status bar not accessible (bug 934875)
    Fixed Wrong folder may be deleted when requesting junk delete (bug 1018960)
    Fixed Severe UI stutter or freezes getting new mail for very large folders (bug 870556)
    Fixed Automatically rejoin multi-user conversations on reconnect for XMPP (bug 1014472)
    Fixed Various improvements when using IRC on moznet (bug 1083768 and others)
    Fixed Significantly improve XMPP support (bug 1085022 and others)
    Fixed Fixes for connecting to non-standard IRC networks (bug 870556 and others)
    Fixed Automatically reclaim IRC nicks during a reconnect (bug 1087566)
    Fixed Changing location in editor doesn't preserve the font when returning to end of text/line (bug 756984)
    Fixed Inline spell checker loses red underlines after a backspace is used (bug 1100966)

Known Issues
    unresolved Automatic addon compatibility update checks were not completed, so existing addon compatibilities may not be accurate.
    unresolved Copy/Paste into plain text editor deletes newlines from quoted text (bug 1143570)
    unresolved Importing data from Outlook or Eudora crashes (bug 917961)

Security:
Fixed in Thunderbird 38.0.1
    2015-58 Mozilla Windows updater can be run outside of application directory
    2015-57 Privilege escalation through IPC channel messages
    2015-54 Buffer overflow when parsing compressed XML
    2015-51 Use-after-free during text processing with vertical text enabled
    2015-48 Buffer overflow with SVG content and CSS
    2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
    2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

Revision 1.160: download - view: text, markup, annotated - select for diffs
Mon Jun 29 21:27:01 2015 UTC (9 years, 5 months ago) by markd
Branches: MAIN
Diff to: previous 1.159: preferred, colored
Changes since revision 1.159: +3 -1 lines
More nullptr -> false changes for gcc 5.x

Revision 1.159: download - view: text, markup, annotated - select for diffs
Mon Jun 8 13:40:58 2015 UTC (9 years, 6 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2
Diff to: previous 1.158: preferred, colored
Changes since revision 1.158: +3 -1 lines
Don't use implicit casts of nullptr to bool.

Revision 1.158: download - view: text, markup, annotated - select for diffs
Tue May 26 12:34:42 2015 UTC (9 years, 6 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.157: preferred, colored
Changes since revision 1.157: +5 -7 lines
Update to 31.7.0

Changelog:
Fixed in Thunderbird 31.7

    2015-57 Privilege escalation through IPC channel messages
    2015-54 Buffer overflow when parsing compressed XML
    2015-51 Use-after-free during text processing with vertical text enabled
    2015-48 Buffer overflow with SVG content and CSS
    2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
    2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

Revision 1.157: download - view: text, markup, annotated - select for diffs
Wed Apr 8 18:25:15 2015 UTC (9 years, 8 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.156: preferred, colored
Changes since revision 1.156: +7 -7 lines
Update to 31.6.0

CHangelog:
Fixed in Thunderbird 31.6

    2015-40 Same-origin bypass through anchor navigation
    2015-37 CORS requests should not follow 30x redirections after preflight
    2015-33 resource:// documents can load privileged pages
    2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
    2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)

Revision 1.156: download - view: text, markup, annotated - select for diffs
Sat Mar 14 23:02:52 2015 UTC (9 years, 9 months ago) by tnn
Branches: MAIN
CVS tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1
Diff to: previous 1.155: preferred, colored
Changes since revision 1.155: +4 -4 lines
Bump enigmail to 1.7.2 to fix CVE-2014-5369.
Bump revision of thunderbird main package.

Revision 1.155: download - view: text, markup, annotated - select for diffs
Sat Mar 7 10:25:58 2015 UTC (9 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.154: preferred, colored
Changes since revision 1.154: +7 -7 lines
Use tarballs from ftp.mozilla.org.
Thank you, tron@.

Revision 1.154: download - view: text, markup, annotated - select for diffs
Fri Mar 6 22:27:22 2015 UTC (9 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.153: preferred, colored
Changes since revision 1.153: +4 -4 lines
Update to 31.5.0

Changelog:
Fixed in Firefox/Thunderbird ESR 31.5

    2015-24 Reading of local files through manipulation of form autocomplete
    2015-19 Out-of-bounds read and write while rendering SVG content
    2015-16 Use-after-free in IndexedDB
    2015-12 Invoking Mozilla updater will load locally stored DLL files
    2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

Revision 1.153: download - view: text, markup, annotated - select for diffs
Fri Feb 13 16:28:57 2015 UTC (9 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.152: preferred, colored
Changes since revision 1.152: +4 -4 lines
Update to 31.4.0

Changelog:
Fixed The previous issues with jp mac builds have now been fixed, and Thunderbird will no longer need to be run in 32-bit mode.
Fixed Security fixes can be found here
Fixed Installing extensions within Thunderbird no longer requires download and installing as a file (Bug 1081190)
Fixed Autocomplete suggestion sort order was adjusted to prioritize entries where the search string matches the beginning of a word (Bug 970456)

Fixed in Thunderbird 31.4
    2015-04 Cookie injection through Proxy Authenticate responses
    2015-03 sendBeacon requests lack an Origin header
    2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)

Revision 1.152: download - view: text, markup, annotated - select for diffs
Thu Jan 29 22:22:27 2015 UTC (9 years, 10 months ago) by wiz
Branches: MAIN
Diff to: previous 1.151: preferred, colored
Changes since revision 1.151: +2 -2 lines
Remove cargo cult patch (chunk) pointing to
%%LOCALBASE%%/lib/browser_plugins/symlinks/gecko. Nothing installs
any files there, nor does is this directory created by anything.

Revision 1.151: download - view: text, markup, annotated - select for diffs
Thu Dec 4 05:33:12 2014 UTC (10 years ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4
Diff to: previous 1.150: preferred, colored
Changes since revision 1.150: +4 -1 lines
Add enigmail tarball checksum.

Revision 1.150: download - view: text, markup, annotated - select for diffs
Thu Dec 4 05:22:05 2014 UTC (10 years ago) by ryoon
Branches: MAIN
Diff to: previous 1.149: preferred, colored
Changes since revision 1.149: +4 -7 lines
Update to 31.3.0

Changelog:
Fixed Fixes an issue where using LDAP autocomplete could end up with blank entries in the compose addressing list (Bug 1045753)
Fixed Fixes an issue where IRC participants were not removed from the display on leaving a channel.
Fixed Fixes a regression where Thunderbird wasn't respecting the skip integration option on the default client dialog.
Fixed Security fixes can be found here

Fixed in Thunderbird 31.3
2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-85 XMLHttpRequest crashes with some input streams
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

Revision 1.149: download - view: text, markup, annotated - select for diffs
Sun Nov 30 10:25:50 2014 UTC (10 years ago) by markd
Branches: MAIN
Diff to: previous 1.148: preferred, colored
Changes since revision 1.148: +3 -1 lines
Fix build with gcc 4.9
https://bugzilla.mozilla.org/show_bug.cgi?id=999496

Revision 1.148: download - view: text, markup, annotated - select for diffs
Fri Nov 14 15:27:04 2014 UTC (10 years ago) by ryoon
Branches: MAIN
Diff to: previous 1.147: preferred, colored
Changes since revision 1.147: +5 -5 lines
Update to 31.2.0

Changelog:
31.2.0:
Fixed
Fixed a case where having a contact and card in an address book with the same name could send to the mailing list (Bug 1008718)

Fixed
Invalid certificate issue with mozilla::pkix (see bug 1042889)

Fixed
Importing an RSA private key fails if p < q (see bug 1049435)

Fixed
Security fixes can be found here

31.1.2:
Fixed
Fixed an issue where anchor links would not work in HTML emails (Bug 974857)

Fixed
Security fixes can be found here

31.1.1:
Fixed
Fixed an issue where mailing lists with spaces in their names couldn't be autocompleted (Bug 1060901)

Fixed
Fixed an occasional startup crash (Bug 1005336)

31.1.0:
Fixed
Security fixes can be found here

Fixed
Improved performance of autocomplete for large address books (Bug 984875)

Fixed
Fixed an issue with IMAP being slow when looking for folders on certain server types (Bug 799821, Bug 859269)

Fixed
Fixed various theme issues relating to titlebars and toolbars (Bug 1007225, Bug 1026608, Bug 1041211, Bug 1046563, Bug 1054260)


# Fixed in Thunderbird 31.2

    2014-81 Inconsistent video sharing within iframe
    2014-79 Use-after-free interacting with text directionality
    2014-77 Out-of-bounds write with WebM video
    2014-76 Web Audio memory corruption issues with custom waveforms
    2014-75 Buffer overflow during CSS manipulation
    2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)

# Fixed in Thunderbird 31.1.2

    2014-73 RSA Signature Forgery in NSS

# Fixed in Thunderbird 31.1

    2014-72 Use-after-free setting text directionality
    2014-70 Out-of-bounds read in Web Audio audio timeline
    2014-69 Uninitialized memory use during GIF rendering
    2014-68 Use-after-free during DOM interactions with SVG
    2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)

Revision 1.147: download - view: text, markup, annotated - select for diffs
Fri Oct 17 16:47:22 2014 UTC (10 years, 1 month ago) by joerg
Branches: MAIN
Diff to: previous 1.146: preferred, colored
Changes since revision 1.146: +3 -1 lines
nullptr is not a boolean.

Revision 1.146: download - view: text, markup, annotated - select for diffs
Wed Aug 13 22:36:04 2014 UTC (10 years, 4 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3
Diff to: previous 1.145: preferred, colored
Changes since revision 1.145: +2 -2 lines
Drop forward declaration when the correct one is in place.

Revision 1.145: download - view: text, markup, annotated - select for diffs
Sun Aug 10 12:52:08 2014 UTC (10 years, 4 months ago) by abs
Branches: MAIN
Diff to: previous 1.144: preferred, colored
Changes since revision 1.144: +2 -1 lines
Avoid warning storing a size_t in an unsigned int on LP64 - fix
build on at least NetBSD 6.x/amd64

Revision 1.144: download - view: text, markup, annotated - select for diffs
Sun Jul 27 20:04:59 2014 UTC (10 years, 4 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.143: preferred, colored
Changes since revision 1.143: +106 -112 lines
Update to 31.0

* Update enigmail to 1.7

Changelog:
    NEW
    Autocompleting email addresses now matches against any part of the name or email (bug 529584)

    NEW
    Composing a mail to a newsgroup will now autocomplete newsgroup names (bug 61491)

    FIXED
    Insecure NTLM (pre-NTLMv2) authentication disabled (see 828183)

Fixed in Thunderbird 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)

Revision 1.143: download - view: text, markup, annotated - select for diffs
Fri Jun 13 23:46:34 2014 UTC (10 years, 6 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Diff to: previous 1.142: preferred, colored
Changes since revision 1.142: +4 -4 lines
Update to 24.6.0

Changelog:
Fixed in Thunderbird 24.6
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

Revision 1.142: download - view: text, markup, annotated - select for diffs
Sun May 18 21:28:28 2014 UTC (10 years, 6 months ago) by joerg
Branches: MAIN
Diff to: previous 1.141: preferred, colored
Changes since revision 1.141: +4 -1 lines
Be consistent about static class member initialisation.

Revision 1.141: download - view: text, markup, annotated - select for diffs
Wed May 7 20:26:12 2014 UTC (10 years, 7 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.140: preferred, colored
Changes since revision 1.140: +2 -2 lines
Fix build with mozilla-common.mk for 24.5.0
Fix PLIST* (remove duplicated entries etc.)

Revision 1.138.2.2: download - view: text, markup, annotated - select for diffs
Wed May 7 07:44:27 2014 UTC (10 years, 7 months ago) by spz
Branches: pkgsrc-2014Q1
Diff to: previous 1.138.2.1: preferred, colored; branchpoint 1.138: preferred, colored; next MAIN 1.139: preferred, colored
Changes since revision 1.138.2.1: +4 -1 lines
Pullup ticket #4399 addendum - requested by tron
mail/thunderbird: restore dropped enigmail distinfo

Revisions pulled up:
- mail/thunderbird/distinfo                                     1.140

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Tue May  6 19:26:57 UTC 2014

   Modified Files:
           pkgsrc/mail/thunderbird: distinfo

   Log Message:
   Re-add checksum for "enigmail-1.6.tar.gz". Problem found by wizd(8).

                                                                                   To generate a diff of this commit:
   cvs rdiff -u -r1.139 -r1.140 pkgsrc/mail/thunderbird/distinfo

Revision 1.138.2.1: download - view: text, markup, annotated - select for diffs
Wed May 7 07:34:22 2014 UTC (10 years, 7 months ago) by spz
Branches: pkgsrc-2014Q1
Diff to: previous 1.138: preferred, colored
Changes since revision 1.138: +4 -7 lines
Pullup ticket #4399 - requested by tron
mail/thunderbird: security update

Revisions pulled up:
- mail/thunderbird/Makefile                                     1.136
- mail/thunderbird/distinfo                                     1.139

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Tue May  6 16:03:38 UTC 2014

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update "thunderbird" package to version 24.5.0.

   The following security problems were fixed in this release:
   - MFSA 2014-46 Use-after-free in nsHostResolve
   - MFSA 2014-44 Use-after-free in imgLoader while resizing images
   - MFSA 2014-43 Cross-site scripting (XSS) using history navigations
   - MFSA 2014-42 Privilege escalation through Web Notification API
   - MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
   - MFSA 2014-37 Out of bounds read while decoding JPG images
   - MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service
                  Installer
   - MFSA 2014-34 Miscellaneous memory safety hazards


   To generate a diff of this commit:
   cvs rdiff -u -r1.135 -r1.136 pkgsrc/mail/thunderbird/Makefile
   cvs rdiff -u -r1.138 -r1.139 pkgsrc/mail/thunderbird/distinfo

Revision 1.140: download - view: text, markup, annotated - select for diffs
Tue May 6 19:26:57 2014 UTC (10 years, 7 months ago) by tron
Branches: MAIN
Diff to: previous 1.139: preferred, colored
Changes since revision 1.139: +4 -1 lines
Re-add checksum for "enigmail-1.6.tar.gz". Problem found by wizd(8).

Revision 1.139: download - view: text, markup, annotated - select for diffs
Tue May 6 16:03:38 2014 UTC (10 years, 7 months ago) by tron
Branches: MAIN
Diff to: previous 1.138: preferred, colored
Changes since revision 1.138: +4 -7 lines
Update "thunderbird" package to version 24.5.0.

The following security problems were fixed in this release:
- MFSA 2014-46 Use-after-free in nsHostResolve
- MFSA 2014-44 Use-after-free in imgLoader while resizing images
- MFSA 2014-43 Cross-site scripting (XSS) using history navigations
- MFSA 2014-42 Privilege escalation through Web Notification API
- MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
- MFSA 2014-37 Out of bounds read while decoding JPG images
- MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service
               Installer
- MFSA 2014-34 Miscellaneous memory safety hazards

Revision 1.138: download - view: text, markup, annotated - select for diffs
Fri Mar 21 12:37:58 2014 UTC (10 years, 8 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2014Q1-base
Branch point for: pkgsrc-2014Q1
Diff to: previous 1.137: preferred, colored
Changes since revision 1.137: +4 -1 lines
re-add enigmail checksum

Revision 1.137: download - view: text, markup, annotated - select for diffs
Fri Mar 21 01:43:40 2014 UTC (10 years, 8 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.136: preferred, colored
Changes since revision 1.136: +4 -8 lines
Update to 24.4.0

Changelog:
Fixed in Thunderbird 24.4
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

Revision 1.134.2.1: download - view: text, markup, annotated - select for diffs
Mon Feb 17 06:52:48 2014 UTC (10 years, 9 months ago) by spz
Branches: pkgsrc-2013Q4
Diff to: previous 1.134: preferred, colored; next MAIN 1.135: preferred, colored
Changes since revision 1.134: +4 -7 lines
Pullup ticket #4324 - requested by tron
mail/thunderbird: security update

Revisions pulled up:
- mail/thunderbird/Makefile                                     1.132
- mail/thunderbird/distinfo                                     1.135

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Thu Feb 13 18:51:54 UTC 2014

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update "thunderbird" package to version 24.3.0. Changes since 24.2.0:
   - MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
   - MFSA 2014-12 NSS ticket handling issues
   - MFSA 2014-09 Cross-origin information leak through web workers
   - MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
   - MFSA 2014-04 Incorrect use of discarded images by RasterImage
   - MFSA 2014-02 Clone protected content with XBL scopes
   - MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
   - Improved handling of reply-to (bug 933555)


   To generate a diff of this commit:
   cvs rdiff -u -r1.131 -r1.132 pkgsrc/mail/thunderbird/Makefile
   cvs rdiff -u -r1.134 -r1.135 pkgsrc/mail/thunderbird/distinfo

Revision 1.136: download - view: text, markup, annotated - select for diffs
Sat Feb 15 01:21:57 2014 UTC (10 years, 9 months ago) by wiz
Branches: MAIN
Diff to: previous 1.135: preferred, colored
Changes since revision 1.135: +4 -1 lines
readd enigmail checksums

Revision 1.135: download - view: text, markup, annotated - select for diffs
Thu Feb 13 18:51:54 2014 UTC (10 years, 9 months ago) by tron
Branches: MAIN
Diff to: previous 1.134: preferred, colored
Changes since revision 1.134: +4 -7 lines
Update "thunderbird" package to version 24.3.0. Changes since 24.2.0:
- MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
- MFSA 2014-12 NSS ticket handling issues
- MFSA 2014-09 Cross-origin information leak through web workers
- MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
- MFSA 2014-04 Incorrect use of discarded images by RasterImage
- MFSA 2014-02 Clone protected content with XBL scopes
- MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
- Improved handling of reply-to (bug 933555)

Revision 1.134: download - view: text, markup, annotated - select for diffs
Mon Dec 16 08:45:18 2013 UTC (10 years, 11 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2013Q4-base
Branch point for: pkgsrc-2013Q4
Diff to: previous 1.133: preferred, colored
Changes since revision 1.133: +4 -1 lines
restore enigmail checksums

Revision 1.133: download - view: text, markup, annotated - select for diffs
Sun Dec 15 14:05:57 2013 UTC (10 years, 11 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.132: preferred, colored
Changes since revision 1.132: +4 -7 lines
Update to 24.2.0

Changelog:
    FIXED
    Security fixes can be found here
    FIXED
    Fixed an issue where long messages with multiple signatures could end up unreadable (bug 929006)
    FIXED
    Fixed an issue where editing account settings was not possible in some non-standard configurations of local folder set-ups (bug 921371)

Fixed in Thunderbird 24.2
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

Revision 1.132: download - view: text, markup, annotated - select for diffs
Mon Dec 2 15:01:04 2013 UTC (11 years ago) by richard
Branches: MAIN
Diff to: previous 1.131: preferred, colored
Changes since revision 1.131: +5 -4 lines
Update to Thunderbird and Thunderbird-l10n 24.1.1.

Fixed in Thunderbird 24.1.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities

TODO: put sdk common files into their own PLIST in order to simplify updates to
PLIST.enigmail and PLIST.lightning.

Revision 1.131: download - view: text, markup, annotated - select for diffs
Fri Nov 29 17:41:08 2013 UTC (11 years ago) by wiz
Branches: MAIN
Diff to: previous 1.130: preferred, colored
Changes since revision 1.130: +4 -1 lines
Fix build with clang using the patches from www/firefox.

Revision 1.130: download - view: text, markup, annotated - select for diffs
Wed Nov 13 14:36:58 2013 UTC (11 years, 1 month ago) by ryoon
Branches: MAIN
Diff to: previous 1.129: preferred, colored
Changes since revision 1.129: +2 -2 lines
Fix PR pkg/48240, bump PKGREVISION, and remove obsolete patches

* Use *30 instead of *50. Restore session is recovered on NetBSD/amd64 5.2.
  Based on martin@'s patch on pkgsrc-users@.

Revision 1.129: download - view: text, markup, annotated - select for diffs
Tue Nov 12 20:50:51 2013 UTC (11 years, 1 month ago) by ryoon
Branches: MAIN
Diff to: previous 1.128: preferred, colored
Changes since revision 1.128: +131 -99 lines
Update to 24.1.0

Changelog:
24.1.
    FIXED
    Fixed an issue where signatures were shown in too lighter grey making them difficult to read (bug 917906)
    FIXED
    Fixed an issue where Auto CC for reply might not work if the cc address is the same as the sending address (bug 917231)
    FIXED
    Security fixes can be found here

Fixed in Thunderbird 24.0
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)


24.0
    NEW
    Message threads can now be ignored or watched
    NEW
    Emails can now be sent to IDN based email addresses
    NEW
    Zoom functionality is now available in the compose window
    CHANGED
    In the Compose window, ctrl/cmd + and ctrl/cmd - now change the zoom setting rather than the font size
    CHANGED
    In Twitter, replying to a tweet now replies to all users, just like on the Twitter website
    FIXED
    Interactions in the filter list dialogs have been improved
    FIXED
    In Chat user nicknames are now highlighted when mentioned
    FIXED
    In IRC, long messages will now be sent in multiple parts instead of being cut off
    FIXED
    Various security fixes

Fixed in Thunderbird 24.1
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

Revision 1.128: download - view: text, markup, annotated - select for diffs
Fri Sep 27 13:44:49 2013 UTC (11 years, 2 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Diff to: previous 1.127: preferred, colored
Changes since revision 1.127: +4 -4 lines
Update to 17.0.9

Changelog:
The following security bug fixes should be applied to thunderbird-17.0.9.
But I cannot find any documents.

MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
MFSA 2013-65 Buffer underflow when generating CRMF requests

Revision 1.122.2.1: download - view: text, markup, annotated - select for diffs
Sun Aug 11 18:24:31 2013 UTC (11 years, 4 months ago) by tron
Branches: pkgsrc-2013Q2
Diff to: previous 1.122: preferred, colored; next MAIN 1.123: preferred, colored
Changes since revision 1.122: +4 -4 lines
Pullup ticket #4206 - requested by ryoon
mail/thunderbird: security update

Revisions pulled up:
- mail/thunderbird/Makefile                                     1.118-1.119
- mail/thunderbird/distinfo                                     1.123-1.124,1.126-1.127

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Tue Jul  9 10:57:20 UTC 2013

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update to 17.0.7

   Changelog:
       FIXED
       Security fixes can be found here

   Fixed in Thunderbird 17.0.7
   MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
   MFSA 2013-56 PreserveWrapper has inconsistent behavior
   MFSA 2013-55 SVG filters can lead to information disclosure
   MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
   MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
   MFSA 2013-51 Privileged content access and execution via XBL
   MFSA 2013-50 Memory corruption found using Address Sanitizer
   MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Tue Jul  9 21:25:24 UTC 2013

   Modified Files:
   	pkgsrc/mail/thunderbird: distinfo

   Log Message:
   restore enigmail checksums, again.

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Sat Aug 10 00:31:20 UTC 2013

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update to 17.0.8

   Changelog:
   Security bugfixes.
   MFSA 2013-75 Local Java applets may read contents of local file system
   MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
   MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
   MFSA 2013-71 Further Privilege escalation through Mozilla Updater
   MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
   MFSA 2013-68 Document URI misrepresentation and masquerading
   MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
   MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

---
   Module Name:	pkgsrc
   Committed By:	khorben
   Date:		Sat Aug 10 23:26:31 UTC 2013

   Modified Files:
   	pkgsrc/mail/thunderbird: distinfo

   Log Message:
   Fixed building thunderbird with the "mozilla-enigmail" option enabled.

Revision 1.127: download - view: text, markup, annotated - select for diffs
Sat Aug 10 23:26:31 2013 UTC (11 years, 4 months ago) by khorben
Branches: MAIN
Diff to: previous 1.126: preferred, colored
Changes since revision 1.126: +4 -1 lines
Fixed building thunderbird with the "mozilla-enigmail" option enabled.

Revision 1.126: download - view: text, markup, annotated - select for diffs
Sat Aug 10 00:31:20 2013 UTC (11 years, 4 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.125: preferred, colored
Changes since revision 1.125: +4 -7 lines
Update to 17.0.8

Changelog:
Security bugfixes.
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

Revision 1.125: download - view: text, markup, annotated - select for diffs
Sat Jul 13 19:33:19 2013 UTC (11 years, 5 months ago) by joerg
Branches: MAIN
Diff to: previous 1.124: preferred, colored
Changes since revision 1.124: +5 -2 lines
Don't use false as pointer value.

Revision 1.124: download - view: text, markup, annotated - select for diffs
Tue Jul 9 21:25:24 2013 UTC (11 years, 5 months ago) by wiz
Branches: MAIN
Diff to: previous 1.123: preferred, colored
Changes since revision 1.123: +4 -1 lines
restore enigmail checksums, again.

Revision 1.123: download - view: text, markup, annotated - select for diffs
Tue Jul 9 10:57:20 2013 UTC (11 years, 5 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.122: preferred, colored
Changes since revision 1.122: +4 -7 lines
Update to 17.0.7

Changelog:
    FIXED
    Security fixes can be found here

Fixed in Thunderbird 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

Revision 1.122: download - view: text, markup, annotated - select for diffs
Fri May 24 09:59:54 2013 UTC (11 years, 6 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2013Q2-base
Branch point for: pkgsrc-2013Q2
Diff to: previous 1.121: preferred, colored
Changes since revision 1.121: +4 -1 lines
restore enigmail checksums

Revision 1.121: download - view: text, markup, annotated - select for diffs
Mon May 20 11:55:50 2013 UTC (11 years, 6 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.120: preferred, colored
Changes since revision 1.120: +4 -7 lines
Update to 17.0.6

Changelog:
    FIXED
    Security fixes can be found here
    FIXED
    Thunderbird now supports the Twitter API version 1.1 ahead of Twitter closing the 1.0 version (Bug 857049)

Fixed in Thunderbird 17.0.6
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

Revision 1.120: download - view: text, markup, annotated - select for diffs
Tue May 14 12:41:02 2013 UTC (11 years, 7 months ago) by joerg
Branches: MAIN
Diff to: previous 1.119: preferred, colored
Changes since revision 1.119: +4 -1 lines
Add public wrappers for ios, ostream and unwind.h, otherwise linking may
fail due to hidden definitions of system functions.

Revision 1.119: download - view: text, markup, annotated - select for diffs
Wed May 8 09:14:29 2013 UTC (11 years, 7 months ago) by sbd
Branches: MAIN
Diff to: previous 1.118: preferred, colored
Changes since revision 1.118: +3 -3 lines
If MOZ_ALSA is to be used in Makefiles it must have a AC_SUBST and be defined
when needed.

Revision 1.118: download - view: text, markup, annotated - select for diffs
Tue Apr 9 20:23:05 2013 UTC (11 years, 8 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.117: preferred, colored
Changes since revision 1.117: +5 -6 lines
Update to 17.0.5

Changelog:
    FIXED
    Security fixes can be found here
    FIXED
    Adjusting font size when composing emails should be easier (Bug 824926)

Fixed in Thunderbird 17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

Revision 1.117: download - view: text, markup, annotated - select for diffs
Sun Mar 31 21:15:21 2013 UTC (11 years, 8 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Diff to: previous 1.116: preferred, colored
Changes since revision 1.116: +4 -1 lines
Restore enigmail checksums (hi tron)

Revision 1.116: download - view: text, markup, annotated - select for diffs
Sat Mar 30 23:31:35 2013 UTC (11 years, 8 months ago) by tron
Branches: MAIN
Diff to: previous 1.115: preferred, colored
Changes since revision 1.115: +2 -5 lines
Get this package closer to build under Solaris 10:
1.) Fix broken "yasm" version check which only accepts version numbers
    like "a.b.c.d" but not like "a.b.c" and therefore fails with
    Yasm 1.2.0. This probably affects other platforms (e.g. Linux
    as well).
2.) Use "-R" instead of non-portable "-rpath" linker option.

The build under Solaris 10 fails now during the build phase and not
already in the configuration phase.

Revision 1.115: download - view: text, markup, annotated - select for diffs
Sun Mar 10 13:06:28 2013 UTC (11 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.114: preferred, colored
Changes since revision 1.114: +4 -4 lines
Update to 17.0.4

Changelog:
Not available.

Revision 1.114: download - view: text, markup, annotated - select for diffs
Mon Feb 25 16:10:53 2013 UTC (11 years, 9 months ago) by wiz
Branches: MAIN
Diff to: previous 1.113: preferred, colored
Changes since revision 1.113: +4 -1 lines
Readd enigmail checksums.

Revision 1.113: download - view: text, markup, annotated - select for diffs
Sun Feb 24 14:13:56 2013 UTC (11 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.112: preferred, colored
Changes since revision 1.112: +4 -7 lines
Update to 17.0.3

Changelog:
    FIXED
    Security fixes can be found here
    FIXED
    Attachments sometimes could not be removed from the composition window using the keyboard, this is now fixed (799451)

Fixed in Thunderbird 17.0.3
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

Revision 1.112: download - view: text, markup, annotated - select for diffs
Sat Jan 19 13:19:53 2013 UTC (11 years, 10 months ago) by wiz
Branches: MAIN
Diff to: previous 1.111: preferred, colored
Changes since revision 1.111: +4 -1 lines
Restore engimail checksum

Revision 1.111: download - view: text, markup, annotated - select for diffs
Sat Jan 19 03:43:52 2013 UTC (11 years, 10 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.110: preferred, colored
Changes since revision 1.110: +4 -7 lines
Update to 17.0.2

Changelog:
    FIXED
    Security fixes can be found here
    FIXED
    Pressing the 'x' button on Windows now closes only one window rather than the whole application (805185)
    FIXED
    An issue that caused occasional corruption in local folders after filtering is now fixed (815012)
    FIXED
    An issue that caused deletion of drafts saved in IMAP folders whilst in offline mode is now fixed (805626)
For security fix, see http://www.mozilla.org/en-US/thunderbird/17.0.2/releasenotes/ .

Revision 1.110: download - view: text, markup, annotated - select for diffs
Mon Jan 7 21:12:15 2013 UTC (11 years, 11 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.109: preferred, colored
Changes since revision 1.109: +2 -2 lines
* Fix build on NetBSD (_res issue)
* Fix build on recent NetBSD current (kinfo_proc issue)

Revision 1.109: download - view: text, markup, annotated - select for diffs
Wed Dec 12 08:35:58 2012 UTC (12 years ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4
Diff to: previous 1.108: preferred, colored
Changes since revision 1.108: +2 -2 lines
Bump PKGREVISION.

Fix another _res multi-thread error.
Patch is provided by Dave Tyson on pkgsrc-users@.

Revision 1.108: download - view: text, markup, annotated - select for diffs
Fri Nov 23 11:08:05 2012 UTC (12 years ago) by ryoon
Branches: MAIN
Diff to: previous 1.107: preferred, colored
Changes since revision 1.107: +5 -5 lines
Fix build

* Add missing include file to PLIST.lightning
* Fix xulrunner pathes

Revision 1.107: download - view: text, markup, annotated - select for diffs
Fri Nov 23 07:17:53 2012 UTC (12 years ago) by ryoon
Branches: MAIN
Diff to: previous 1.106: preferred, colored
Changes since revision 1.106: +32 -30 lines
Update to 17.0

Changelog:
    NEW
    A Menu Button is now shown to new users by default
    NEW
    Tabs are now drawn in the title bar on Windows
    FIXED
    An issue causing spell-checking only parts of words in Thunderbird 16 is now fixed (790475)
    FIXED
    An issue causing Thunderbird 16 to repeatedly download emails is now fixed (806760)
    FIXED
    RSS feeds can now be viewed in the Wide View Layout (531397)
    FIXED
    Various fixes and performance improvements
    FIXED
    Various security fixes
    CHANGED
    Mac OS X 10.5 is no longer supported

Security fixes:
Fixed in Thunderbird 17
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

Revision 1.106: download - view: text, markup, annotated - select for diffs
Mon Nov 5 22:44:10 2012 UTC (12 years, 1 month ago) by ryoon
Branches: MAIN
Diff to: previous 1.105: preferred, colored
Changes since revision 1.105: +4 -1 lines
Fix PR pkg/47160
Readd checksum for enigmail distfile.

Revision 1.105: download - view: text, markup, annotated - select for diffs
Sat Nov 3 22:51:53 2012 UTC (12 years, 1 month ago) by ryoon
Branches: MAIN
Diff to: previous 1.104: preferred, colored
Changes since revision 1.104: +4 -7 lines
Update to 16.0.2

Changelog:
Fixed in Thunderbird 16.0.2
MFSA 2012-90 Fixes for Location object issues
MFSA 2012-67 Installer will launch incorrect executable following new installation

Revision 1.104: download - view: text, markup, annotated - select for diffs
Fri Oct 12 18:28:58 2012 UTC (12 years, 2 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.103: preferred, colored
Changes since revision 1.103: +14 -16 lines
Update to 16.0.1

Changelog:
    FIXED
    16.0.1: Vulnerability outlined here
	https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
    NEW
    We have now added box.com to the list of online storage services that are available for use with Thunderbird Filelink
    NEW
    Silent, background updates. Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up.
    FIXED
    Various fixes and performance improvements
    FIXED
    Various security fixes
Fixed in Thunderbird 16.0.1
MFSA 2012-89 defaultValue security checks not applied
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

Fixed in Thunderbird 16
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-80 Crash with invalid cast when using instanceof operator
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 Continued access to initial origin after setting document.domain
MFSA 2012-75 select element persistance allows for attacks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

Revision 1.103: download - view: text, markup, annotated - select for diffs
Mon Sep 3 15:47:49 2012 UTC (12 years, 3 months ago) by marino
Branches: MAIN
CVS tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3
Diff to: previous 1.102: preferred, colored
Changes since revision 1.102: +3 -3 lines
mail/thunderbird: Fix build for DragonFly

- kvm is still needed
- should fix FreeBSD as well

Revision 1.102: download - view: text, markup, annotated - select for diffs
Mon Sep 3 15:27:31 2012 UTC (12 years, 3 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.101: preferred, colored
Changes since revision 1.101: +2 -2 lines
Fix DragonFly build again. Thank you, marino@.

Revision 1.101: download - view: text, markup, annotated - select for diffs
Sun Sep 2 12:27:50 2012 UTC (12 years, 3 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.100: preferred, colored
Changes since revision 1.100: +2 -2 lines
Fix broken patch-mozilla_ipc_chromium_src_base_dir__reader__bsd.h.

Revision 1.100: download - view: text, markup, annotated - select for diffs
Sun Sep 2 06:43:39 2012 UTC (12 years, 3 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.99: preferred, colored
Changes since revision 1.99: +120 -124 lines
Update to 15.0

* Update Mozilla Lightning to 1.7
* Update Enigmail to 1.4.4 (functionality is not tested yet; should
  be updated)
* Regen patches

Changelog:
    NEW Multi-Channel Chat: You now can enjoy real time conversation with your contacts, right from your favorite messaging application.
    NEW Do Not Track: This option has been implemented as an addition to Search the Web.
    NEW Ubuntu One is now supported in Filelink - the option to upload large attachments to online storage services.
    NEW New User Interface: Thunderbird is replicating the new look and feel of Mozilla Firefox in an effort to provide a similar user experience across all Mozilla software desktop or mobile and all platforms.
    FIXED Various fixes and performance improvements
    FIXED Various security fixes
MFSA 2012-72 Web console eval capable of executing chrome-privileged code
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-67 Installer will launch incorrect executable following new installation
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)

Revision 1.99: download - view: text, markup, annotated - select for diffs
Thu Jul 19 17:57:30 2012 UTC (12 years, 4 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.98: preferred, colored
Changes since revision 1.98: +18 -19 lines
Update to 14.0

* Use Lightning 1.6 release
* Enigmail is not tested fully

Changelog: from http://www.mozilla.org/en-US/products/thunderbird/14.0/releasenotes/
    FIXED
    Various fixes and performance improvements
    FIXED
    Various security fixes

Revision 1.98: download - view: text, markup, annotated - select for diffs
Tue Jun 12 19:37:48 2012 UTC (12 years, 6 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2012Q2-base, pkgsrc-2012Q2
Diff to: previous 1.97: preferred, colored
Changes since revision 1.97: +23 -14 lines
Update to 13.0

* Update enigmail to 1.4.2
* Update Lightning to 1.5

Changelog:
* Filelink: Upload your files to an online storage service and send links
  to your friends, avoiding bounce back due to large attachments. We have
  partnered with YouSendIt to bring this feature, but additional partners
  will be added in the near future.
* In partnership with Gandi and Hover, you can now sign up for a
  personalized email address from within Thunderbird. Along with your new
  email address, Thunderbird will be automatically set up and ready to
  send and receive messages. We are working with additional suppliers to
  cover more areas of the world and to provide more options in the future.
* Various security fixes
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards
* The minimum system requirements for Windows are now Windows XP Service
  Pack 2 or later.

Revision 1.97: download - view: text, markup, annotated - select for diffs
Sat May 12 18:10:39 2012 UTC (12 years, 7 months ago) by abs
Branches: MAIN
Diff to: previous 1.96: preferred, colored
Changes since revision 1.96: +4 -1 lines
Add back enigmail distinfo

Revision 1.96: download - view: text, markup, annotated - select for diffs
Fri May 11 08:20:35 2012 UTC (12 years, 7 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.95: preferred, colored
Changes since revision 1.95: +4 -7 lines
Update to 12.0.1

Fix PR pkg/46427

Changelog:
* Fix various issues relating to new mail notifications and filtering
  on POP3 based accounts
* Fixes an occasional startup crash seen in TB 12.0
* Fixes an issue with corrrupted message bodies when using movemail

Revision 1.95: download - view: text, markup, annotated - select for diffs
Sat Apr 28 16:56:58 2012 UTC (12 years, 7 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.94: preferred, colored
Changes since revision 1.94: +116 -119 lines
Update to 12.0

* Remove unused option.
* Update enigmail to 1.4.1

Changelog:
* Global Search results now include message extracts in the results
* Various security fixes
* Various improvements to RSS feed subscription and general feed handling
* Thunderbird now supports add-ons that provide different types of
  local mail storage

Revision 1.94: download - view: text, markup, annotated - select for diffs
Sun Apr 1 20:53:43 2012 UTC (12 years, 8 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Diff to: previous 1.93: preferred, colored
Changes since revision 1.93: +13 -13 lines
Fix build on FreeBSD 9.0.
* Patches are borrowed from deve/xulrunner

Revision 1.93: download - view: text, markup, annotated - select for diffs
Sat Mar 24 04:29:53 2012 UTC (12 years, 8 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.92: preferred, colored
Changes since revision 1.92: +4 -1 lines
Readd enigmail distfile.

Revision 1.92: download - view: text, markup, annotated - select for diffs
Fri Mar 23 19:35:05 2012 UTC (12 years, 8 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.91: preferred, colored
Changes since revision 1.91: +2 -4 lines
Fix build with gcc<4.5.
For example, fix build on DragonFly 3.0.1.
See https://bugzilla.mozilla.org/show_bug.cgi?id=621446

Revision 1.91: download - view: text, markup, annotated - select for diffs
Sat Mar 17 01:59:08 2012 UTC (12 years, 8 months ago) by wiz
Branches: MAIN
Diff to: previous 1.90: preferred, colored
Changes since revision 1.90: +4 -1 lines
Readd enigmail checksums.

Revision 1.90: download - view: text, markup, annotated - select for diffs
Fri Mar 16 21:09:55 2012 UTC (12 years, 8 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.89: preferred, colored
Changes since revision 1.89: +4 -4 lines
Bump PKGREVISION.

* Update Lightning to 1.3 from 1.3b1

Changelog:
* Support for Apple iCloud and Chandler servers improved
* Support for high contrast themes (needs to be enabled in the preferences)
* New toolbar to adapt to Thunderbird's Tabs-on-Top

Revision 1.89: download - view: text, markup, annotated - select for diffs
Thu Mar 15 08:52:34 2012 UTC (12 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.88: preferred, colored
Changes since revision 1.88: +9 -10 lines
Update to 11.0

* enigmail source is not provided for this version now.
* Switch to xulrunner 11 branch
* Fix security bugs
* Improve stability
* Many bug fixes

Revision 1.88: download - view: text, markup, annotated - select for diffs
Sat Mar 10 11:42:38 2012 UTC (12 years, 9 months ago) by ryoon
Branches: MAIN
Diff to: previous 1.87: preferred, colored
Changes since revision 1.87: +116 -86 lines
Update to 10.0.2

* Add new features.
* Fix security bugs
* See http://www.mozilla.org/en-US/thunderbird/10.0/releasenotes/

Revision 1.87: download - view: text, markup, annotated - select for diffs
Fri Dec 23 01:16:27 2011 UTC (12 years, 11 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Diff to: previous 1.86: preferred, colored
Changes since revision 1.86: +2 -1 lines
Make sure that the directory exists before writing the output from the
idl-parser. Fixes the race conditions seen recently.

Revision 1.86: download - view: text, markup, annotated - select for diffs
Sun Nov 27 13:09:00 2011 UTC (13 years ago) by tnn
Branches: MAIN
Diff to: previous 1.85: preferred, colored
Changes since revision 1.85: +2 -2 lines
Work around lack of _SC_NPROCESSORS_ONLN on some platforms (like netbsd4).
Observed in PR pkg/45553.

Revision 1.85: download - view: text, markup, annotated - select for diffs
Sun Nov 13 16:59:58 2011 UTC (13 years, 1 month ago) by tnn
Branches: MAIN
Diff to: previous 1.84: preferred, colored
Changes since revision 1.84: +15 -16 lines
Update to thunderbird-8.0 and enigmail-1.3.3.

8.0 changes:
    Thunderbird is based on the new Mozilla Gecko 8 engine
    Add-ons installed by third party programs are now disabled by default
    New Search and Find Shortcuts
    Improved accessibility of the attachment list
    Folder switching pane widget has been removed, can be added back with the
      Folder Pane View Switcher Add-on
    Numerous platform fixes to stability
    Fixed several security issues

7.0 changes:
    Thunderbird is based on the new Mozilla Gecko 7 engine
    Several user interface fixes and improvements
    Several fixes to attachment handling
    Ability to print a summary of selected email messages
    Platform improvements to Address Book
    Fixed several security issues
    Numerous platform fixes that improve speed, performance and stability

Revision 1.84: download - view: text, markup, annotated - select for diffs
Sun Sep 4 21:28:35 2011 UTC (13 years, 3 months ago) by tnn
Branches: MAIN
CVS tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3
Diff to: previous 1.83: preferred, colored
Changes since revision 1.83: +4 -4 lines
Update to thunderbird-6.0.1.
Removes trust of fraudulent SSL certificates issued by DigiNotar.

Revision 1.83: download - view: text, markup, annotated - select for diffs
Fri Aug 26 09:24:40 2011 UTC (13 years, 3 months ago) by tnn
Branches: MAIN
Diff to: previous 1.82: preferred, colored
Changes since revision 1.82: +2 -1 lines
Remove Byte Order Mark (BOM) which isn't understood by GCC < 4.3.0.
From upstream.
Closes PR pkg/45291.

Revision 1.82: download - view: text, markup, annotated - select for diffs
Sun Aug 21 23:21:33 2011 UTC (13 years, 3 months ago) by tnn
Branches: MAIN
Diff to: previous 1.81: preferred, colored
Changes since revision 1.81: +2 -2 lines
DragonFly build fix. From Rumko in private mail.

Revision 1.81: download - view: text, markup, annotated - select for diffs
Fri Aug 19 14:39:09 2011 UTC (13 years, 3 months ago) by tnn
Branches: MAIN
Diff to: previous 1.80: preferred, colored
Changes since revision 1.80: +47 -42 lines
Update to thunderbird-6.0 and enigmail-1.2.1.

Release notes for 6.0:
  Thunderbird is based on the new Mozilla Gecko 6 engine
  Several theme improvements for Windows 7
  Support for Windows 7 Jump lists
  Several fixes when importing email from Microsoft Outlook
  Default mail client check now works with newer Linux distributions
  Various other user interface fixes and improvements
  Numerous platform fixes that improve speed, performance, stability and security

Release notes for 5.0:
  More responsive and faster to start up and use
  Thunderbird is based on the new Mozilla Gecko 5 engine
  New Add-ons Manager
  Revised account creation wizard to improve email setup
  New Troubleshooting Information page
  Tabs can now be reordered and dragged to different windows
  Attachment sizes now displayed along with attachments
  Plugins can now be loaded in RSS feeds by default
  There are several theme fixes for Windows Vista and Windows 7
  Support for Mac 32/64 bit Universal builds (Thunderbird no longer supports PowerPC on Mac)
  Over 390 platform fixes that improve speed, performance, stability and security

Revision 1.80: download - view: text, markup, annotated - select for diffs
Fri Jul 22 07:31:07 2011 UTC (13 years, 4 months ago) by tnn
Branches: MAIN
Diff to: previous 1.79: preferred, colored
Changes since revision 1.79: +4 -4 lines
Update to thunderbird-3.1.11.

MFSA 2011-24 Cookie isolation error
MFSA 2011-23 Multiple dangling pointer vulnerabilities
MFSA 2011-22 Integer overflow and arbitrary code execution in
             Array.reduceRight()
MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with
             script disabled
MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)

Revision 1.79: download - view: text, markup, annotated - select for diffs
Tue May 3 13:17:11 2011 UTC (13 years, 7 months ago) by tnn
Branches: MAIN
CVS tags: pkgsrc-2011Q2-base, pkgsrc-2011Q2
Diff to: previous 1.78: preferred, colored
Changes since revision 1.78: +4 -4 lines
Security and stability update of thunderbird to 3.1.10.

MFSA 2011-16 Directory traversal in resource: protocol
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)

Revision 1.77.2.1: download - view: text, markup, annotated - select for diffs
Sun Mar 6 19:04:09 2011 UTC (13 years, 9 months ago) by tron
Branches: pkgsrc-2010Q4
Diff to: previous 1.77: preferred, colored; next MAIN 1.78: preferred, colored
Changes since revision 1.77: +8 -8 lines
Pullup ticket #3379 - requested by tnn
mail/thunderbird: security update

Revisions pulled up:
- mail/thunderbird/Makefile                                     1.66 via patch
- mail/thunderbird/distinfo                                     1.78
- mail/thunderbird/patches/patch-directory_c-sdk_configure.in   1.2
- mail/thunderbird/patches/patch-directory_c-sdk_ldap_include_portable.h 1.3
- mail/thunderbird/patches/patch-directory_c-sdk_ldap_libraries_libldap_Makefile.in 1.2
- mail/thunderbird/patches/patch-mm                             1.4

---
   Module Name:	pkgsrc
   Committed By:	tnn
   Date:		Sat Mar  5 13:09:36 UTC 2011

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo
   	pkgsrc/mail/thunderbird/patches: patch-directory_c-sdk_configure.in
   	    patch-directory_c-sdk_ldap_include_portable.h
   	    patch-directory_c-sdk_ldap_libraries_libldap_Makefile.in patch-mm

   Log Message:
   Stability and security update of thunderbird to 3.1.8.

   MFSA 2011-09 Crash caused by corrupted JPEG image
   MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
   MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

Revision 1.78: download - view: text, markup, annotated - select for diffs
Sat Mar 5 13:09:35 2011 UTC (13 years, 9 months ago) by tnn
Branches: MAIN
CVS tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1
Diff to: previous 1.77: preferred, colored
Changes since revision 1.77: +8 -8 lines
Stability and security update of thunderbird to 3.1.8.

MFSA 2011-09 Crash caused by corrupted JPEG image
MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

Revision 1.74.2.2: download - view: text, markup, annotated - select for diffs
Sun Dec 12 19:12:21 2010 UTC (14 years ago) by tron
Branches: pkgsrc-2010Q3
Diff to: previous 1.74.2.1: preferred, colored; branchpoint 1.74: preferred, colored; next MAIN 1.75: preferred, colored
Changes since revision 1.74.2.1: +3 -4 lines
Pullup ticket #3302 - requested by tnn
mail/thunderbird: security update

Revisions pulled up:
- mail/thunderbird/Makefile			1.61-1.62,1.64 via patch
- mail/thunderbird/distinfo			1.76-1.77
- mail/thunderbird/patches/patch-pe		delete
---
Module Name:	pkgsrc
Committed By:	tnn
Date:		Sat Nov 13 11:05:05 UTC 2010

Modified Files:
	pkgsrc/mail/thunderbird: Makefile distinfo

Log Message:
Update to thunderbird-3.1.6.
Fixes MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion
---
Module Name:	pkgsrc
Committed By:	tnn
Date:		Sat Nov 13 11:54:44 UTC 2010

Modified Files:
	pkgsrc/devel/xulrunner: Makefile PLIST mozilla-common.mk
	pkgsrc/mail/thunderbird: Makefile
	pkgsrc/www/firefox: Makefile
	pkgsrc/www/seamonkey: Makefile

Log Message:
Reluctantly switch over to bundled cairo and pixman for mozilla packages,
like other distros have recently done. Bump package revisions.

Background:
The cairo-1.10 update caused multiple regressions in firefox, such as
flickering gif animations and crashes.
Mozilla doesn't seem interested in fixing it on the stable branches:
  https://bugzilla.mozilla.org/show_bug.cgi?id=610107
Other references:
  https://bugzilla.redhat.com/show_bug.cgi?id=628331
  http://bugs.gentoo.org/show_bug.cgi?id=337813
  https://bugzilla.mozilla.org/show_bug.cgi?id=597174

This workaround is guaranteed to cause other problems in the long run;
so we should attempt to switch back when we move to the mozilla-2.0 branch.
---
Module Name:	pkgsrc
Committed By:	tnn
Date:		Sat Dec 11 14:34:41 UTC 2010

Modified Files:
	pkgsrc/mail/thunderbird: Makefile distinfo
Removed Files:
	pkgsrc/mail/thunderbird/patches: patch-pe

Log Message:
Update to thunderbird-3.1.7.

- Several fixes to improve performance, stability and security
- Several fixes to improve handling of large folder files stored
locally.
- Several fixes to improve corruption in local copy of IMAP mailboxes.

- MFSA 2010-78 Add support for OTS font sanitizer
- MFSA 2010-75 Buffer overflow while line breaking after document.write
	       with long string
- MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/
1.9.1.16)

Revision 1.77: download - view: text, markup, annotated - select for diffs
Sat Dec 11 14:34:40 2010 UTC (14 years ago) by tnn
Branches: MAIN
CVS tags: pkgsrc-2010Q4-base
Branch point for: pkgsrc-2010Q4
Diff to: previous 1.76: preferred, colored
Changes since revision 1.76: +4 -5 lines
Update to thunderbird-3.1.7.

- Several fixes to improve performance, stability and security
- Several fixes to improve handling of large folder files stored locally.
- Several fixes to improve corruption in local copy of IMAP mailboxes.

- MFSA 2010-78 Add support for OTS font sanitizer
- MFSA 2010-75 Buffer overflow while line breaking after document.write
               with long string
- MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

Revision 1.76: download - view: text, markup, annotated - select for diffs
Sat Nov 13 11:05:05 2010 UTC (14 years, 1 month ago) by tnn
Branches: MAIN
Diff to: previous 1.75: preferred, colored
Changes since revision 1.75: +4 -4 lines
Update to thunderbird-3.1.6.
Fixes MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion

Revision 1.74.2.1: download - view: text, markup, annotated - select for diffs
Mon Oct 25 15:34:49 2010 UTC (14 years, 1 month ago) by tron
Branches: pkgsrc-2010Q3
Diff to: previous 1.74: preferred, colored
Changes since revision 1.74: +4 -5 lines
Pullup ticket #3257 - requested by tnn

Revisions pulled up:
- mail/thunderbird/Makefile			1.60
- mail/thunderbird/PLIST			1.32
- mail/thunderbird/distinfo			1.75
- mail/thunderbird/patches/patch-mc		delete
---
odule Name:	pkgsrc
Committed By:	tnn
Date:		Thu Oct 21 16:02:37 UTC 2010

Modified Files:
	pkgsrc/mail/thunderbird: Makefile PLIST distinfo
Removed Files:
	pkgsrc/mail/thunderbird/patches: patch-mc

Log Message:
Update to thunderbird-3.1.5.
* Several fixes to improve stability and security
* Several fixes to the user interface.

MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)

Revision 1.75: download - view: text, markup, annotated - select for diffs
Thu Oct 21 16:02:37 2010 UTC (14 years, 1 month ago) by tnn
Branches: MAIN
Diff to: previous 1.74: preferred, colored
Changes since revision 1.74: +4 -5 lines
Update to thunderbird-3.1.5.
* Several fixes to improve stability and security
* Several fixes to the user interface.

MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)

Revision 1.74: download - view: text, markup, annotated - select for diffs
Thu Sep 9 10:58:50 2010 UTC (14 years, 3 months ago) by tnn
Branches: MAIN
CVS tags: pkgsrc-2010Q3-base
Branch point for: pkgsrc-2010Q3
Diff to: previous 1.73: preferred, colored
Changes since revision 1.73: +11 -11 lines
Update to thunderbird-3.1.3.

* Several fixes to improve stability.
* Several fixes to the user interface.
* Several security fixes:
MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
             attribute
MFSA 2010-59 SJOW creates scope chains ending in outer object
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)

Revision 1.73: download - view: text, markup, annotated - select for diffs
Fri Jul 23 06:04:33 2010 UTC (14 years, 4 months ago) by tnn
Branches: MAIN
Diff to: previous 1.72: preferred, colored
Changes since revision 1.72: +4 -1 lines
Add missing checksum and take measures to prevent this mistake from
happening in the future. PR pkg/43654

Revision 1.69.2.1: download - view: text, markup, annotated - select for diffs
Thu Jul 22 16:11:00 2010 UTC (14 years, 4 months ago) by tron
Branches: pkgsrc-2010Q2
Diff to: previous 1.69: preferred, colored; next MAIN 1.70: preferred, colored
Changes since revision 1.69: +8 -5 lines
Pullup ticket #3179 - requested by tnn
mail/thunderbird: security update and build fix

Revisions pulled up:
- mail/thunderbird/Makefile			patch
- mail/thunderbird/distinfo			patch
- mail/thunderbird/patches/patch-directory_c-sdk_configure.in	new file
- mail/thunderbird/patches/patch-directory_c-sdk_ldap_include_portable.h	new file
- mail/thunderbird/patches/patch-directory_c-sdk_ldap_libraries_libldap_Makefile.in	new file
- mail/thunderbird/patches/patch-mp		patch
---
Fix the following security vulnerabilities:

MFSA 2010-47 Cross-origin data leakage from script filename in error messages
MFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
MFSA 2010-41 Remote code execution using malformed PNG image
MFSA 2010-40 nsTreeSelection dangling pointer remote code execution
MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

Revision 1.72: download - view: text, markup, annotated - select for diffs
Wed Jul 21 19:53:54 2010 UTC (14 years, 4 months ago) by tnn
Branches: MAIN
Diff to: previous 1.71: preferred, colored
Changes since revision 1.71: +5 -9 lines
Update to thunderbird-3.1.1.
(Since pkgsrc-2010Q2 has the 3.0 branch of thunderbird I will send a
separate diff to releng for the 3.0.6 security update.)

MFSA 2010-47 Cross-origin data leakage from script filename in error messages
MFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent
             character to vanish
MFSA 2010-43 Same-origin bypass using canvas context
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
MFSA 2010-41 Remote code execution using malformed PNG image
MFSA 2010-40 nsTreeSelection dangling pointer remote code execution
MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

Revision 1.71: download - view: text, markup, annotated - select for diffs
Wed Jul 21 11:48:05 2010 UTC (14 years, 4 months ago) by tnn
Branches: MAIN
Diff to: previous 1.70: preferred, colored
Changes since revision 1.70: +2 -2 lines
Fix undefined reference to re_comp/re_exec on dragonfly.
Reported by Francois Tigeot.

Revision 1.70: download - view: text, markup, annotated - select for diffs
Mon Jul 12 16:49:21 2010 UTC (14 years, 5 months ago) by tnn
Branches: MAIN
Diff to: previous 1.69: preferred, colored
Changes since revision 1.69: +35 -29 lines
- Update to thunderbird-3.1
- Update bundled enigmail to 1.1.2
- Update mozilla branch patches to 1.9.2 (from devel/xulrunner)
- While here fix PR pkg/43598 PLIST problem w/ enigmail

---8<---
Thunderbird 3.1 is based on the Gecko 1.9.2 platform to provide improved
performance, stability, web compatibility, and code simplification and
sustainability.

New features include:
Faster Search Results and Quick Filter Toolbar
 * Faster Search Results
 * Quick Filter Toolbar
User Experience Improvements
 * New Migration Assistant
 * Saved Files Manager
 * Mail Account Setup Wizard
Performance Improvements
  * Improvements to Stability, Memory, and Password Handling

Revision 1.69: download - view: text, markup, annotated - select for diffs
Thu Jun 24 18:01:38 2010 UTC (14 years, 5 months ago) by tnn
Branches: MAIN
CVS tags: pkgsrc-2010Q2-base
Branch point for: pkgsrc-2010Q2
Diff to: previous 1.68: preferred, colored
Changes since revision 1.68: +4 -4 lines
Update to thunderbird-3.0.5.
This is a bugfix release which fixes various UI issues.

Revision 1.68: download - view: text, markup, annotated - select for diffs
Wed Jun 2 15:39:26 2010 UTC (14 years, 6 months ago) by tnn
Branches: MAIN
Diff to: previous 1.67: preferred, colored
Changes since revision 1.67: +4 -1 lines
add mozilla-enigmail option for building the Enigmail OpenPGP extension.
Defaults to off for now ...

Revision 1.67: download - view: text, markup, annotated - select for diffs
Wed May 19 09:21:43 2010 UTC (14 years, 6 months ago) by tnn
Branches: MAIN
Diff to: previous 1.66: preferred, colored
Changes since revision 1.66: +2 -1 lines
Install the gdata provider when lightning is enabled. This allows you to
bidirectionally access your Google Calendar from within lightning.
For more information:
https://wiki.mozilla.org/Calendar:GDATA_Provider#Accessing_your_Calendar

Revision 1.66: download - view: text, markup, annotated - select for diffs
Mon Apr 26 12:38:00 2010 UTC (14 years, 7 months ago) by tnn
Branches: MAIN
Diff to: previous 1.65: preferred, colored
Changes since revision 1.65: +2 -2 lines
replicate the PR pkg/43146 fix for the other mozilla products

Revision 1.65: download - view: text, markup, annotated - select for diffs
Tue Mar 30 14:21:42 2010 UTC (14 years, 8 months ago) by tnn
Branches: MAIN
CVS tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1
Diff to: previous 1.64: preferred, colored
Changes since revision 1.64: +4 -4 lines
Update to thunderbird-3.0.4.
* Several fixes to improve stability and security
* Several fixes to the user interface

Revision 1.64: download - view: text, markup, annotated - select for diffs
Tue Mar 16 10:59:09 2010 UTC (14 years, 9 months ago) by tnn
Branches: MAIN
Diff to: previous 1.63: preferred, colored
Changes since revision 1.63: +66 -1 lines
clone comm-1.9.1 patch set from devel/xulrunner into mail/thunderbird and
www/seamonkey so devel/xulrunner can move forward to 1.9.2.

Revision 1.61.2.1: download - view: text, markup, annotated - select for diffs
Thu Mar 4 17:38:24 2010 UTC (14 years, 9 months ago) by tron
Branches: pkgsrc-2009Q4
Diff to: previous 1.61: preferred, colored; next MAIN 1.62: preferred, colored
Changes since revision 1.61: +4 -4 lines
Pullup ticket #3032 - requested by tnn
thunderbird: security update

Revisions pulled up:
- mail/thunderbird/Makefile			1.47-1.49
- mail/thunderbird/distinfo			1.62-1.63
---
Module Name:	pkgsrc
Committed By:	tnn
Date:		Mon Jan 25 14:42:55 UTC 2010

Modified Files:
	pkgsrc/mail/thunderbird: Makefile distinfo

Log Message:
Update to thunderbird-3.0.1.
General stability/bugfix update.
---
Module Name:	pkgsrc
Committed By:	tnn
Date:		Fri Feb 26 18:38:39 UTC 2010

Modified Files:
	pkgsrc/mail/thunderbird: Makefile distinfo

Log Message:
Update to thunderbird-3.0.2
* Several fixes to improve stability and security.
* Fixes for Thunderbird 2 users upgrading to Thunderbird 3.
* Several fixes to IMAP.
---
Module Name:	pkgsrc
Committed By:	tnn
Date:		Wed Mar  3 13:54:47 UTC 2010

Modified Files:
	pkgsrc/mail/thunderbird: Makefile

Log Message:
relax sqlite3 dependency to match what we have in pkgsrc-2009Q4.

Revision 1.63: download - view: text, markup, annotated - select for diffs
Fri Feb 26 18:38:39 2010 UTC (14 years, 9 months ago) by tnn
Branches: MAIN
Diff to: previous 1.62: preferred, colored
Changes since revision 1.62: +4 -4 lines
Update to thunderbird-3.0.2
* Several fixes to improve stability and security.
* Fixes for Thunderbird 2 users upgrading to Thunderbird 3.
* Several fixes to IMAP.

Revision 1.62: download - view: text, markup, annotated - select for diffs
Mon Jan 25 14:42:55 2010 UTC (14 years, 10 months ago) by tnn
Branches: MAIN
Diff to: previous 1.61: preferred, colored
Changes since revision 1.61: +4 -4 lines
Update to thunderbird-3.0.1.
General stability/bugfix update.

Revision 1.61: download - view: text, markup, annotated - select for diffs
Wed Dec 16 10:05:44 2009 UTC (14 years, 11 months ago) by tnn
Branches: MAIN
CVS tags: pkgsrc-2009Q4-base
Branch point for: pkgsrc-2009Q4
Diff to: previous 1.60: preferred, colored
Changes since revision 1.60: +2 -1 lines
Link main binary with -lossaudio on NetBSD.
(It's unlikely someone will play audio with thunderbird, but it's
a dependency of the common mozilla runtime.)

Revision 1.60: download - view: text, markup, annotated - select for diffs
Fri Dec 11 11:25:20 2009 UTC (15 years ago) by tnn
Branches: MAIN
Diff to: previous 1.59: preferred, colored
Changes since revision 1.59: +4 -4 lines
bump to thunderbird 3.0 proper

Revision 1.59: download - view: text, markup, annotated - select for diffs
Wed Dec 2 21:02:44 2009 UTC (15 years ago) by tnn
Branches: MAIN
Diff to: previous 1.58: preferred, colored
Changes since revision 1.58: +4 -4 lines
update to thunderbird-3.0rc2.
changes from rc1 are only bugfixes.

Revision 1.58: download - view: text, markup, annotated - select for diffs
Sun Nov 29 03:06:42 2009 UTC (15 years ago) by tnn
Branches: MAIN
Diff to: previous 1.57: preferred, colored
Changes since revision 1.57: +7 -55 lines
update to thunderbird-3.0rc1.
The 2.x version is still available in mail/thunderbird2.

Major changes:
- New Mail Account Setup Wizard
- Redesigned Mail Toolbar
- Tabbed Email Messages
- Smart Folders
- New Message Summary View
- Column Headings
- Message Archive
- Activity Manager
- New Add-ons Manager
- Improved Address Book
- Improved Gmail Integration

Full release notes:
http://www.mozillamessaging.com/en-US/thunderbird/3.0rc1/releasenotes/

Revision 1.57: download - view: text, markup, annotated - select for diffs
Sat Oct 3 13:18:23 2009 UTC (15 years, 2 months ago) by ghen
Branches: MAIN
CVS tags: pkgsrc-2009Q3-base, pkgsrc-2009Q3
Diff to: previous 1.56: preferred, colored
Changes since revision 1.56: +8 -9 lines
Update thunderbird and thunderbird-gtk1 to 2.0.0.23.

Security fixes in this version:

MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.23/releasenotes/

Revision 1.56: download - view: text, markup, annotated - select for diffs
Tue Sep 22 07:57:33 2009 UTC (15 years, 2 months ago) by tnn
Branches: MAIN
Diff to: previous 1.55: preferred, colored
Changes since revision 1.55: +1 -2 lines
Remove a bogus patch which specified a hardcoded /usr/pkg/lib/firefox rpath.
Can't possibly be right for this package.

Revision 1.55: download - view: text, markup, annotated - select for diffs
Wed Jun 24 08:45:52 2009 UTC (15 years, 5 months ago) by ghen
Branches: MAIN
CVS tags: pkgsrc-2009Q2-base, pkgsrc-2009Q2
Diff to: previous 1.54: preferred, colored
Changes since revision 1.54: +4 -4 lines
Update thunderbird and thunderbird-gtk1 to 2.0.0.22.

Security fixes in this version:

MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.22/releasenotes/

Revision 1.54: download - view: text, markup, annotated - select for diffs
Fri Jun 19 11:34:31 2009 UTC (15 years, 5 months ago) by he
Branches: MAIN
Diff to: previous 1.53: preferred, colored
Changes since revision 1.53: +2 -1 lines
Update from version 2.0.0.21 to 2.0.0.21nb1.

Pkgsrc changes:
 o For the benefit of 64-bit strict alignment archs using gcc, such
   as NetBSD/sparc64, ensure that the specially crafted double values
   are properly aligned.  Thanks to martin@ for pointing to the problem.

   This should stop regxpcom from dropping core on NetBSD/sparc64.

OK'ed by wiz@

Revision 1.53: download - view: text, markup, annotated - select for diffs
Sat May 2 07:51:02 2009 UTC (15 years, 7 months ago) by hasso
Branches: MAIN
Diff to: previous 1.52: preferred, colored
Changes since revision 1.52: +2 -2 lines
Don't try to link against libc_r on DragonFly.

Revision 1.52: download - view: text, markup, annotated - select for diffs
Tue Apr 7 08:01:01 2009 UTC (15 years, 8 months ago) by hasso
Branches: MAIN
Diff to: previous 1.51: preferred, colored
Changes since revision 1.51: +2 -2 lines
Make Mozilla products build on DragonFly master.

Revision 1.51: download - view: text, markup, annotated - select for diffs
Thu Mar 19 15:08:58 2009 UTC (15 years, 8 months ago) by ghen
Branches: MAIN
CVS tags: pkgsrc-2009Q1-base, pkgsrc-2009Q1
Diff to: previous 1.50: preferred, colored
Changes since revision 1.50: +4 -4 lines
Update thunderbird and thunderbird-gtk1 to 2.0.0.21.

Security fixes in this version:

MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.21/releasenotes/

Revision 1.49.2.1: download - view: text, markup, annotated - select for diffs
Wed Jan 7 13:40:51 2009 UTC (15 years, 11 months ago) by tron
Branches: pkgsrc-2008Q4
Diff to: previous 1.49: preferred, colored; next MAIN 1.50: preferred, colored
Changes since revision 1.49: +4 -4 lines
Pullup ticket #2624 - requested by ghen
thunderbird: security update
thunderbird-gtk1: security update

Revisions pulled up:
- mail/thunderbird-gtk1/Makefile		1.19
- mail/thunderbird/Makefile			1.32
- mail/thunderbird/Makefile-thunderbird.common	1.41
- mail/thunderbird/distinfo			1.50
---
Module Name:	pkgsrc
Committed By:	ghen
Date:		Mon Jan  5 19:41:37 UTC 2009

Modified Files:
	pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common distinfo
	pkgsrc/mail/thunderbird-gtk1: Makefile

Log Message:
Update thunderbird and thunderbird-gtk1 to 2.0.0.19.

Security fixes in this version:

MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.19/releasenotes/

Revision 1.50: download - view: text, markup, annotated - select for diffs
Mon Jan 5 19:41:37 2009 UTC (15 years, 11 months ago) by ghen
Branches: MAIN
Diff to: previous 1.49: preferred, colored
Changes since revision 1.49: +4 -4 lines
Update thunderbird and thunderbird-gtk1 to 2.0.0.19.

Security fixes in this version:

MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.19/releasenotes/

Revision 1.48.2.1: download - view: text, markup, annotated - select for diffs
Wed Nov 26 04:45:44 2008 UTC (16 years ago) by tron
Branches: pkgsrc-2008Q3
Diff to: previous 1.48: preferred, colored; next MAIN 1.49: preferred, colored
Changes since revision 1.48: +4 -4 lines
Pullup ticket #2597 - requested by is
thunderbird: security update
thunderbird-gtk1: security update

Revisions pulled up:
- mail/thunderbird/Makefile-thunderbird.common	1.38
- mail/thunderbird/distinfo			1.49
---
Module Name:	pkgsrc
Committed By:	is
Date:		Mon Nov 24 17:19:13 UTC 2008

Modified Files:
	pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo

Log Message:
Upgrade to 2.0.0.18 (some security fix)

Revision 1.49: download - view: text, markup, annotated - select for diffs
Mon Nov 24 17:19:13 2008 UTC (16 years ago) by is
Branches: MAIN
CVS tags: pkgsrc-2008Q4-base
Branch point for: pkgsrc-2008Q4
Diff to: previous 1.48: preferred, colored
Changes since revision 1.48: +4 -4 lines
Upgrade to 2.0.0.18 (some security fix)

Revision 1.48: download - view: text, markup, annotated - select for diffs
Fri Sep 26 12:08:20 2008 UTC (16 years, 2 months ago) by ghen
Branches: MAIN
CVS tags: pkgsrc-2008Q3-base
Branch point for: pkgsrc-2008Q3
Diff to: previous 1.47: preferred, colored
Changes since revision 1.47: +4 -4 lines
Update thunderbird and thunderbird-gtk1 to 2.0.0.17.

Security fixes in this version:

MFSA 2008-46 Heap overflow when canceling newsgroup message
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 UTF-8 URL stack buffer overflow

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.17/releasenotes/

Revision 1.47: download - view: text, markup, annotated - select for diffs
Thu Sep 18 13:01:45 2008 UTC (16 years, 2 months ago) by joerg
Branches: MAIN
Diff to: previous 1.46: preferred, colored
Changes since revision 1.46: +3 -1 lines
Catch up with the usual platform specific mess in the mozilla build
system. Fixes bus errors in shlibsign. From PR 39576.

Revision 1.45.4.1: download - view: text, markup, annotated - select for diffs
Sun Aug 24 11:10:27 2008 UTC (16 years, 3 months ago) by rtr
Branches: pkgsrc-2008Q2
Diff to: previous 1.45: preferred, colored; next MAIN 1.46: preferred, colored
Changes since revision 1.45: +7 -7 lines
pullup ticket #2506 - requested by ghen
thunderbird, thunderbird-gtk1: update package for security fixes

revisions pulled up:
pkgsrc/mail/thunderbird/Makefile-thunderbird.common	1.36
pkgsrc/mail/thunderbird/PLIST				1.24
pkgsrc/mail/thunderbird/distinfo			1.46
pkgsrc/mail/thunderbird-gtk1/PLIST			1.14
pkgsrc/mail/thunderbird/patches/patch-af		1.5
pkgsrc/mail/thunderbird/patches/patch-ap		1.5
pkgsrc/mail/thunderbird/patches/patch-dw		1.2

Module Name:    pkgsrc
Committed By:   ghen
Date:           Fri Aug 22 09:42:15 UTC 2008

Modified Files:
        pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
        pkgsrc/mail/thunderbird-gtk1: PLIST
        pkgsrc/mail/thunderbird/patches: patch-af patch-ap patch-dw

Log Message:
Update thunderbird and thunderbird-gtk1 to 2.0.0.16.

Security fixes in this version:

MFSA 2008-34 Remote code execution by overflowing CSS reference counter
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-26 Buffer length checks in MIME processing
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-21 Crashes with evidence of memory corruption

For more info, see
+http://www.mozilla.com/en-US/thunderbird/2.0.0.16/releasenotes/

Revision 1.46: download - view: text, markup, annotated - select for diffs
Fri Aug 22 09:42:15 2008 UTC (16 years, 3 months ago) by ghen
Branches: MAIN
CVS tags: cube-native-xorg-base, cube-native-xorg
Diff to: previous 1.45: preferred, colored
Changes since revision 1.45: +7 -7 lines
Update thunderbird and thunderbird-gtk1 to 2.0.0.16.

Security fixes in this version:

MFSA 2008-34 Remote code execution by overflowing CSS reference counter
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-26 Buffer length checks in MIME processing
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-21 Crashes with evidence of memory corruption

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.16/releasenotes/

Revision 1.43.2.1: download - view: text, markup, annotated - select for diffs
Wed May 21 16:20:33 2008 UTC (16 years, 6 months ago) by tron
Branches: pkgsrc-2008Q1
Diff to: previous 1.43: preferred, colored; next MAIN 1.44: preferred, colored
Changes since revision 1.43: +4 -4 lines
Pullup ticket 2394 - requested by ghen
Security update for thunderbird and thunderbird-gtk1

- mail/thunderbird-gtk1/Makefile		1.17
- mail/thunderbird/Makefile-thunderbird.common	1.35
- mail/thunderbird/distinfo			1.45

    Module Name:	pkgsrc
    Committed By:	ghen
    Date:		Tue May 20 11:51:55 UTC 2008

    Modified Files:
	pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo

    Log Message:
    Update thunderbird and thunderbird-gtk1 to 2.0.0.14 (2.0.0.13 was skipped to
    stay on par with Firefox version numbering?)

    Security fixes in this version:

    MFSA 2008-15  Crashes with evidence of memory corruption (rv:1.8.1.13)
    MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution

    For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.14/releasenotes/
---
    Module Name:	pkgsrc
    Committed By:	ghen
    Date:		Tue May 20 11:52:50 UTC 2008

    Modified Files:
	pkgsrc/mail/thunderbird-gtk1: Makefile

    Log Message:
    Unbump PKGREVISION for 2.0.0.14 update.

Revision 1.45: download - view: text, markup, annotated - select for diffs
Tue May 20 11:51:55 2008 UTC (16 years, 6 months ago) by ghen
Branches: MAIN
CVS tags: pkgsrc-2008Q2-base, cwrapper
Branch point for: pkgsrc-2008Q2
Diff to: previous 1.44: preferred, colored
Changes since revision 1.44: +4 -4 lines
Update thunderbird and thunderbird-gtk1 to 2.0.0.14 (2.0.0.13 was skipped to
stay on par with Firefox version numbering?)

Security fixes in this version:

MFSA 2008-15  Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.14/releasenotes/

Revision 1.44: download - view: text, markup, annotated - select for diffs
Mon May 19 10:43:02 2008 UTC (16 years, 6 months ago) by tnn
Branches: MAIN
Diff to: previous 1.43: preferred, colored
Changes since revision 1.43: +2 -2 lines
Fix assorted pkglint complaints and warns.

Revision 1.43: download - view: text, markup, annotated - select for diffs
Wed Feb 27 10:00:47 2008 UTC (16 years, 9 months ago) by ghen
Branches: MAIN
CVS tags: pkgsrc-2008Q1-base
Branch point for: pkgsrc-2008Q1
Diff to: previous 1.42: preferred, colored
Changes since revision 1.42: +4 -4 lines
Update thunderbrd and thunderbird-gtk1 to 2.0.0.12 (.10 and .11 where skipped).

Security fixes in this version:

MFSA 2008-12 Heap buffer overflow in external MIME bodies
MFSA 2008-07 Possible information disclosure in BMP decoder
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.12/releasenotes/

Revision 1.41.2.1: download - view: text, markup, annotated - select for diffs
Thu Nov 15 18:33:15 2007 UTC (17 years, 1 month ago) by ghen
Branches: pkgsrc-2007Q3
Diff to: previous 1.41: preferred, colored; next MAIN 1.42: preferred, colored
Changes since revision 1.41: +5 -5 lines
Pullup ticket 2227 - requested by tron
security update for thunderbird

- pkgsrc/mail/thunderbird/Makefile			1.30 via patch
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common	1.31
- pkgsrc/mail/thunderbird/distinfo			1.42
- pkgsrc/mail/thunderbird/patches/patch-ac		1.8

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Thu Nov 15 15:05:23 UTC 2007

   Modified Files:
	   pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common distinfo
	   pkgsrc/mail/thunderbird/patches: patch-ac

   Log Message:
   Update "thunderbird" package to version 2.0.0.9. It fixes the following
   security problems:
   - MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
   - MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)

Revision 1.42: download - view: text, markup, annotated - select for diffs
Thu Nov 15 15:05:23 2007 UTC (17 years, 1 month ago) by tron
Branches: MAIN
CVS tags: pkgsrc-2007Q4-base, pkgsrc-2007Q4
Diff to: previous 1.41: preferred, colored
Changes since revision 1.41: +5 -5 lines
Update "thunderbird" package to version 2.0.0.9. It fixes the following
security problems:
- MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
- MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)

Revision 1.39.2.1: download - view: text, markup, annotated - select for diffs
Fri Aug 10 01:40:48 2007 UTC (17 years, 4 months ago) by salo
Branches: pkgsrc-2007Q2
Diff to: previous 1.39: preferred, colored; next MAIN 1.40: preferred, colored
Changes since revision 1.39: +4 -4 lines
Pullup ticket 2156 - requested by ghen
security update for thunderbird

Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common		1.27, 1.28
- pkgsrc/mail/thunderbird/PLIST					1.23
- pkgsrc/mail/thunderbird/distinfo				1.40, 1.41
- pkgsrc/mail/thunderbird-gtk1/PLIST				1.13

   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Thu Jul 26 12:29:37 UTC 2007

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
   	pkgsrc/mail/thunderbird-gtk1: PLIST

   Log Message:
   Update thunderbrd and thunderbird-gtk1 to 2.0.0.5.

   Security fixes in this version:

   MFSA 2007-15 Security Vulnerability in APOP Authentication
   MFSA 2007-12 Crashes with evidence of memory corruption

   For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.5/releasenotes/
---
   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Thu Aug  2 08:48:30 UTC 2007

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo

   Log Message:
   Update thunderbrd and thunderbird-gtk1 to 2.0.0.6.

   Security fixes in this version:

   MFSA 2007-27 Unescaped URIs passed to external programs
   MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows

   For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.6/releasenotes/

Revision 1.41: download - view: text, markup, annotated - select for diffs
Thu Aug 2 08:48:30 2007 UTC (17 years, 4 months ago) by ghen
Branches: MAIN
CVS tags: pkgsrc-2007Q3-base
Branch point for: pkgsrc-2007Q3
Diff to: previous 1.40: preferred, colored
Changes since revision 1.40: +4 -4 lines
Update thunderbrd and thunderbird-gtk1 to 2.0.0.6.

Security fixes in this version:

MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.6/releasenotes/

Revision 1.40: download - view: text, markup, annotated - select for diffs
Thu Jul 26 12:29:36 2007 UTC (17 years, 4 months ago) by ghen
Branches: MAIN
Diff to: previous 1.39: preferred, colored
Changes since revision 1.39: +4 -4 lines
Update thunderbrd and thunderbird-gtk1 to 2.0.0.5.

Security fixes in this version:

MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-12 Crashes with evidence of memory corruption

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.5/releasenotes/

Revision 1.39: download - view: text, markup, annotated - select for diffs
Fri Jun 15 16:11:41 2007 UTC (17 years, 6 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2007Q2-base
Branch point for: pkgsrc-2007Q2
Diff to: previous 1.38: preferred, colored
Changes since revision 1.38: +2 -1 lines
Include sqlite3 locking patch from Firefox.

Revision 1.38: download - view: text, markup, annotated - select for diffs
Fri Jun 15 08:55:29 2007 UTC (17 years, 6 months ago) by ghen
Branches: MAIN
Diff to: previous 1.37: preferred, colored
Changes since revision 1.37: +4 -4 lines
Update thunderbrd and thunderbird-gtk1 to 2.0.0.4.
(2.0.0.1-2.0.0.3 skipped to keep the version on par with Firefox?)

Security fixes in this version:

MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-12 Crashes with evidence of memory corruption

For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.4/releasenotes/

Revision 1.36.2.1: download - view: text, markup, annotated - select for diffs
Thu Jun 14 01:42:49 2007 UTC (17 years, 6 months ago) by salo
Branches: pkgsrc-2007Q1
Diff to: previous 1.36: preferred, colored; next MAIN 1.37: preferred, colored
Changes since revision 1.36: +4 -4 lines
Pullup ticket 2109 - requested by ghen
security update for thunderbird

Updated via patch provided by the submitter, packages in HEAD were renamed.

   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Thu May 31 21:36:52 UTC 2007

   Modified Files:
   	pkgsrc/mail/thunderbird15: Makefile Makefile-thunderbird.common
   	    distinfo
   	pkgsrc/mail/thunderbird15-gtk1: Makefile

   Log Message:
   Update thunderbird15 and thunderbird15-gtk1 to 1.5.0.12 (they skipped .11
   to stay on par with Firefox?).

   Security fixes in this version:

   MFSA 2007-15 Security Vulnerability in APOP Authentication
   MFSA 2007-12 Crashes with evidence of memory corruption

   For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.12.html

Revision 1.37: download - view: text, markup, annotated - select for diffs
Sat May 12 06:53:22 2007 UTC (17 years, 7 months ago) by ghen
Branches: MAIN
Diff to: previous 1.36: preferred, colored
Changes since revision 1.36: +5 -6 lines
Update to Thunderbird 2.0.0.0.

What's New in Thunderbird 2

* Message Tags: Create your own tags for organizing email. Messages can be
  assigned any number of tags. Tags can be combined with saved searches and
  mail views to make it easier to organize email.
* Visual Theme: Thunderbird 2's theme and user interface have been updated to
  improve usability and maximize screen real estate.
* Session History Navigation: Back and Forward buttons allow navigation through
  message history.
* Advanced Folder Views: Customize the folder pane to show favorite, unread or
  recent folders.
* Easy Access to Popular Web Mail Services: Gmail and .Mac users can access
  their accounts in Thunderbird by simply providing their user names and
  passwords.
* Improved Support For Extensions: Extensions can now add custom columns to the
  message list pane in addition to storing custom message data in the mail
  database.
* Improved New Mail Notification Alerts: New mail alerts include information
  such as the subject, sender and message preview text.
* Folder Summary Popups: Mouse over a folder with new messages to see a summary
  of the new messages in that folder.
* Saved Search Folder Performance: Search results for saved search folders are
  now cached, improving folder loading performance.
* Find As You Type: Finds and highlights message text as you type.
* Improved Filing Tools: Recent folder menu items for moving and copying
  messages to recently used folders. Move / Copy again functionality.
* Updates to the Extension System: The extension system has been updated to
  provide enhanced security and to allow for easier localization of extensions.

The Rumbling Edge has a more detailed list of notable bug fixes:
http://weblogs.mozillazine.org/rumblingedge/archives/2007/03/tb_2.html

Revision 1.32.2.2: download - view: text, markup, annotated - select for diffs
Sat Mar 24 18:46:56 2007 UTC (17 years, 8 months ago) by salo
Branches: pkgsrc-2006Q4
Diff to: previous 1.32.2.1: preferred, colored; branchpoint 1.32: preferred, colored; next MAIN 1.33: preferred, colored
Changes since revision 1.32.2.1: +2 -1 lines
Pullup ticket 2043 - requested by joerg
portability fixes for firefox and thunderbird

Revisions pulled up:
- pkgsrc/mail/thunderbird/distinfo			1.36
- pkgsrc/mail/thunderbird/patches/patch-dw		1.1
- pkgsrc/www/firefox/distinfo				1.63
- pkgsrc/www/firefox/patches/patch-dw			1.3

   Module Name:		pkgsrc
   Committed By:	joerg
   Date:		Wed Mar  7 22:02:26 UTC 2007

   Modified Files:
   	pkgsrc/mail/thunderbird: distinfo
   Added Files:
   	pkgsrc/mail/thunderbird/patches: patch-dw

   Log Message:
   Fix build on DragonFly as RNG_RNGInit was calling itself due to bad
   linkage. I love platform dependent magic in each Makefile.
---
   Module Name:		pkgsrc
   Committed By:	joerg
   Date:		Wed Mar  7 22:05:22 UTC 2007

   Modified Files:
   	pkgsrc/www/firefox: distinfo
   Added Files:
   	pkgsrc/www/firefox/patches: patch-dw

   Log Message:
   Merge patch-dw from thunderbird to fix build on DragonFly.

Revision 1.36: download - view: text, markup, annotated - select for diffs
Wed Mar 7 22:02:25 2007 UTC (17 years, 9 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2007Q1-base
Branch point for: pkgsrc-2007Q1
Diff to: previous 1.35: preferred, colored
Changes since revision 1.35: +2 -1 lines
Fix build on DragonFly as RNG_RNGInit was calling itself due to bad
linkage. I love platform dependent magic in each Makefile.

Revision 1.32.2.1: download - view: text, markup, annotated - select for diffs
Mon Mar 5 19:16:33 2007 UTC (17 years, 9 months ago) by salo
Branches: pkgsrc-2006Q4
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +6 -6 lines
Pullup ticket 2039 - requested by ghen
security update for thunderbird

Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common		1.23
- pkgsrc/mail/thunderbird/PLIST					patch
- pkgsrc/mail/thunderbird/distinfo				patch
- pkgsrc/mail/thunderbird/patches/patch-ap			patch
- pkgsrc/mail/thunderbird/patches/patch-ax			patch
- pkgsrc/mail/thunderbird-gtk1/PLIST				1.9

   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Fri Mar  2 14:12:25 UTC 2007

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST
   	    distinfo
   	pkgsrc/mail/thunderbird-gtk1: PLIST
   	pkgsrc/mail/thunderbird/patches: patch-ap patch-ax

   Log Message:
   Update thunderbird and thunderbird-gtk1 to 1.5.0.10.  Fixed in this version:

   MFSA 2007-06  Mozilla Network Security Services (NSS) SSLv2 buffer overflow
   MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

   For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.10.html

Revision 1.35: download - view: text, markup, annotated - select for diffs
Fri Mar 2 14:12:24 2007 UTC (17 years, 9 months ago) by ghen
Branches: MAIN
Diff to: previous 1.34: preferred, colored
Changes since revision 1.34: +6 -7 lines
Update thunderbird and thunderbird-gtk1 to 1.5.0.10.  Fixed in this version:

MFSA 2007-06  Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.10.html

Revision 1.34: download - view: text, markup, annotated - select for diffs
Fri Jan 26 22:36:45 2007 UTC (17 years, 10 months ago) by dmcmahill
Branches: MAIN
Diff to: previous 1.33: preferred, colored
Changes since revision 1.33: +2 -1 lines
fix a makefile to work with the new way gmake-3.81 handles backslash-newline inside of single quotes

Revision 1.33: download - view: text, markup, annotated - select for diffs
Wed Jan 17 14:18:40 2007 UTC (17 years, 10 months ago) by dmcmahill
Branches: MAIN
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +2 -2 lines
Get this to build again on solaris.  See NetBSD PR/31481,
PR/32905, and PR/33583 and also
https://bugzilla.mozilla.org/show_bug.cgi?id=77788

Revision 1.27.2.2: download - view: text, markup, annotated - select for diffs
Sat Dec 23 04:34:07 2006 UTC (17 years, 11 months ago) by snj
Branches: pkgsrc-2006Q3
Diff to: previous 1.27.2.1: preferred, colored; branchpoint 1.27: preferred, colored; next MAIN 1.28: preferred, colored
Changes since revision 1.27.2.1: +4 -4 lines
Pullup ticket 1965 - requested by ghen
security update for thunderbird

Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common	1.21
- pkgsrc/mail/thunderbird/distinfo			1.32

   Module Name:    pkgsrc
   Committed By:   ghen
   Date:           Wed Dec 20 12:53:32 UTC 2006

   Modified Files:
           pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo

   Log Message:
   Update thunderbird and thunderbird-gtk1 to 1.5.0.9.  Fixed in this version:

   MFSA 2006-74 Mail header processing heap overflows
   MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
   MFSA 2006-72 XSS by setting img.src to javascript: URI
   MFSA 2006-71 LiveConnect crash finalizing JS objects
   MFSA 2006-70 Privilege escallation using watch point
   MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)

   For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.9.html

Revision 1.32: download - view: text, markup, annotated - select for diffs
Wed Dec 20 12:53:32 2006 UTC (17 years, 11 months ago) by ghen
Branches: MAIN
CVS tags: pkgsrc-2006Q4-base
Branch point for: pkgsrc-2006Q4
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +4 -4 lines
Update thunderbird and thunderbird-gtk1 to 1.5.0.9.  Fixed in this version:

MFSA 2006-74 Mail header processing heap overflows
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)

For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.9.html

Revision 1.27.2.1: download - view: text, markup, annotated - select for diffs
Thu Nov 9 09:30:56 2006 UTC (18 years, 1 month ago) by salo
Branches: pkgsrc-2006Q3
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +7 -5 lines
Pullup ticket 1906 - requested by ghen
security update for thunderbird

Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common	1.19, 1.20
- pkgsrc/mail/thunderbird/PLIST				1.16, 1.17
- pkgsrc/mail/thunderbird/distinfo			1.28, 1.29, 1.30, 1.31
- pkgsrc/mail/thunderbird/patches/patch-ai		1.4
- pkgsrc/mail/thunderbird/patches/patch-as		1.3
- pkgsrc/mail/thunderbird/patches/patch-at		1.1
- pkgsrc/mail/thunderbird-gtk1/PLIST			1.7, 1.8

   Module Name:		pkgsrc
   Committed By:	markd
   Date:		Thu Oct 19 10:26:14 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: distinfo
   	pkgsrc/mail/thunderbird/patches: patch-ai

   Log Message:
   Fix crash after printing caused by trying to destroy the same charset
   structure multiple times.  Bump PKGREVISION.
---
   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Fri Oct 20 12:45:13 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: distinfo
   Added Files:
   	pkgsrc/mail/thunderbird/patches: patch-as

   Log Message:
   Fix "if [ ... == ...]" in a build script.
---
   Module Name:		pkgsrc
   Committed By:	markd
   Date:		Mon Oct 23 09:43:06 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST
   	pkgsrc/mail/thunderbird-gtk1: PLIST

   Log Message:
   Build the default set of extensions in thunderbird{,-gtk1}. Allows
   GSSAPI authentication to work on NetBSD-current.  Fixes my PR 33512.
   OKed by ghen.  Bump PKGREVISION.
---
   Module Name:		pkgsrc
   Committed By:	markd
   Date:		Mon Oct 23 10:49:35 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: distinfo
   Added Files:
   	pkgsrc/mail/thunderbird/patches: patch-at

   Log Message:
   thunderbird's ldap doesn't work talking to an ipv4 ldap server if
   talking to ipv4 addresses using ipv6 addresses isn't allowed, which is
   the default on NetBSD.  Patch to use a v4 socket when talking to an ipv4
   ldap server.  Fixes my PR 33511.
   seamonkey/firefox/sunbird have the same code so make the same patch.
   OKed ghen.  Bump PKGREVISION.
---
   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Wed Nov  8 13:15:40 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST
   	    distinfo
   	pkgsrc/mail/thunderbird-gtk1: PLIST

   Log Message:
   Update thunderbird and thunderbird-gtk1 to 1.5.0.8.  Fixed in this version:

   MFSA 2006-67 Running Script can be recompiled
   MFSA 2006-66 RSA signature forgery (variant)
   MFSA 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)

   For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html

Revision 1.31: download - view: text, markup, annotated - select for diffs
Wed Nov 8 13:15:40 2006 UTC (18 years, 1 month ago) by ghen
Branches: MAIN
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +4 -4 lines
Update thunderbird and thunderbird-gtk1 to 1.5.0.8.  Fixed in this version:

MFSA 2006-67 Running Script can be recompiled
MFSA 2006-66 RSA signature forgery (variant)
MFSA 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)

For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html

Revision 1.30: download - view: text, markup, annotated - select for diffs
Mon Oct 23 10:49:34 2006 UTC (18 years, 1 month ago) by markd
Branches: MAIN
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +2 -1 lines
thunderbird's ldap doesn't work talking to an ipv4 ldap server if
talking to ipv4 addresses using ipv6 addresses isn't allowed, which is
the default on NetBSD.  Patch to use a v4 socket when talking to an ipv4
ldap server.  Fixes my PR 33511.
seamonkey/firefox/sunbird have the same code so make the same patch.
OKed ghen.  Bump PKGREVISION.

Revision 1.29: download - view: text, markup, annotated - select for diffs
Fri Oct 20 12:45:13 2006 UTC (18 years, 1 month ago) by tron
Branches: MAIN
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +2 -1 lines
Fix "if [ ... == ...]" in a build script.

Revision 1.28: download - view: text, markup, annotated - select for diffs
Thu Oct 19 10:26:14 2006 UTC (18 years, 1 month ago) by markd
Branches: MAIN
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +2 -2 lines
Fix crash after printing caused by trying to destroy the same charset
structure multiple times.  Bump PKGREVISION.

Revision 1.24.2.2: download - view: text, markup, annotated - select for diffs
Sun Sep 17 01:37:45 2006 UTC (18 years, 2 months ago) by salo
Branches: pkgsrc-2006Q2
Diff to: previous 1.24.2.1: preferred, colored; branchpoint 1.24: preferred, colored; next MAIN 1.25: preferred, colored
Changes since revision 1.24.2.1: +4 -4 lines
Pullup ticket 1828 - requested by ghen
security update for thunderbird

Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common		1.17
- pkgsrc/mail/thunderbird/distinfo				1.26, 1.27

   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Mon Jul 31 14:05:00 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: distinfo
   Added Files:
   	pkgsrc/mail/thunderbird/patches: patch-as

   Log Message:
   Make this build with GCC 4.1.x.
---
   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Fri Sep 15 13:55:22 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo
   Removed Files:
   	pkgsrc/mail/thunderbird/patches: patch-as

   Log Message:
   Update thunderbird and thunderbird-gtk1 to 1.5.0.7.  Fixed in this version:

   MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
   MFSA 2006-63 JavaScript execution in mail via XBL
   MFSA 2006-60 RSA Signature Forgery
   MFSA 2006-59 Concurrency-related vulnerability
   MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
   MFSA 2006-57 JavaScript Regular Expression Heap Corruption

   For more info, see http://www.mozilla.com/thunderbird/releases/1.5.0.7.html

Revision 1.27: download - view: text, markup, annotated - select for diffs
Fri Sep 15 13:55:22 2006 UTC (18 years, 3 months ago) by ghen
Branches: MAIN
CVS tags: pkgsrc-2006Q3-base
Branch point for: pkgsrc-2006Q3
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +4 -5 lines
Update thunderbird and thunderbird-gtk1 to 1.5.0.7.  Fixed in this version:

MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-63 JavaScript execution in mail via XBL
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
MFSA 2006-57 JavaScript Regular Expression Heap Corruption

For more info, see http://www.mozilla.com/thunderbird/releases/1.5.0.7.html

Revision 1.26: download - view: text, markup, annotated - select for diffs
Mon Jul 31 14:05:00 2006 UTC (18 years, 4 months ago) by tron
Branches: MAIN
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +2 -1 lines
Make this build with GCC 4.1.x.

Revision 1.24.2.1: download - view: text, markup, annotated - select for diffs
Sun Jul 30 11:42:24 2006 UTC (18 years, 4 months ago) by salo
Branches: pkgsrc-2006Q2
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +4 -4 lines
Pullup ticket 1760 - requested by uebayasi
security update for thunderbird

Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common		1.16
- pkgsrc/mail/thunderbird/distinfo				1.25

   Module Name:		pkgsrc
   Committed By:	uebayasi
   Date:		Sat Jul 29 02:13:04 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo

   Log Message:
   Update Thunderbird to 1.5.0.5.

   This is a security update announce at July 26, 2006.  See the following
   URLs in detail:

   	http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
   	http://www.mozilla.org/security/announce/2006/mfsa2006-44.html

Revision 1.25: download - view: text, markup, annotated - select for diffs
Sat Jul 29 02:13:04 2006 UTC (18 years, 4 months ago) by uebayasi
Branches: MAIN
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +4 -4 lines
Update Thunderbird to 1.5.0.5.

This is a security update announce at July 26, 2006.  See the following URLs
in detail:

	http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
	http://www.mozilla.org/security/announce/2006/mfsa2006-44.html

Revision 1.24: download - view: text, markup, annotated - select for diffs
Sat Jun 10 12:50:04 2006 UTC (18 years, 6 months ago) by ghen
Branches: MAIN
CVS tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +2 -2 lines
Use xpcom code for linux on amd64, similar to the earlier fix for firefox,
from PR pkg/33181.

Revision 1.21.2.2: download - view: text, markup, annotated - select for diffs
Sun Jun 4 00:54:05 2006 UTC (18 years, 6 months ago) by salo
Branches: pkgsrc-2006Q1
Diff to: previous 1.21.2.1: preferred, colored; branchpoint 1.21: preferred, colored; next MAIN 1.22: preferred, colored
Changes since revision 1.21.2.1: +4 -4 lines
Pullup ticket 1682 - requested by ghen
security update for firefox and thunderbird

Revisions pulled up:
- pkgsrc/www/firefox/Makefile				1.35
- pkgsrc/www/firefox/Makefile-firefox.common		1.30, 1.33
- pkgsrc/www/firefox/distinfo				1.49, 1.50
- pkgsrc/www/firefox-gtk1/Makefile			1.13
- pkgsrc/www/firefox/patches/patch-fa			removed
- pkgsrc/www/firefox/patches/patch-fb			removed
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common	1.15
- pkgsrc/mail/thunderbird/PLIST				1.14
- pkgsrc/mail/thunderbird/distinfo			1.23
- pkgsrc/mail/thunderbird-gtk1/PLIST			1.5

   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Thu May  4 05:16:13 UTC 2006

   Modified Files:
   	pkgsrc/www/firefox: Makefile Makefile-firefox.common distinfo
   	pkgsrc/www/firefox-gtk1: Makefile
   Removed Files:
   	pkgsrc/www/firefox/patches: patch-fa patch-fb

   Log Message:
   Update Firefox to 1.5.0.3, which is identical to our 1.5.0.2nb2 (except
   for the advertized version), so there's no reason to upgrade. :-)

   Fixes a denial of service vulnerability (MFSA 2006-30).
---
   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Sat Jun  3 08:04:36 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
   	pkgsrc/mail/thunderbird-gtk1: PLIST
   	pkgsrc/www/firefox: Makefile-firefox.common distinfo

   Log Message:
   Update www/firefox and www/firefox-gtk to 1.5.0.4, mail/thunderbird and
   mail/thunderbird-gtk1 to 1.5.0.4 (salo has already updated
   www/firefox-bin).  Note that thunderbird skipped one release number
   (again) to stay on par with firefox.

   These updates provide:
   * improvements to product stability,
   * several important security fixes (see below).

   Fixed in Firefox 1.5.0.4:
   MFSA 2006-43 Privilege escalation using addSelectionListener
   MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
   MFSA 2006-41 File stealing by changing input type (variant)
   MFSA 2006-39 "View Image" local resource linking (Windows)
   MFSA 2006-38 Buffer overflow in crypto.signText()
   MFSA 2006-37 Remote compromise via content-defined setter on object
                prototypes
   MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
   MFSA 2006-35 Privilege escalation through XUL persist
   MFSA 2006-34 XSS viewing javascript: frames or images from context menu
   MFSA 2006-33 HTTP response smuggling
   MFSA 2006-32 Fixes for crashes with potential memory corruption
   MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

   Fixed in Thunderbird 1.5.0.4:
   MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
   MFSA 2006-40 Double-free on malformed VCard
   MFSA 2006-38 Buffer overflow in crypto.signText()
   MFSA 2006-37 Remote compromise via content-defined setter on object
                prototypes
   MFSA 2006-35 Privilege escalation through XUL persist
   MFSA 2006-33 HTTP response smuggling
   MFSA 2006-32 Fixes for crashes with potential memory corruption
   MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

Revision 1.23: download - view: text, markup, annotated - select for diffs
Sat Jun 3 08:04:36 2006 UTC (18 years, 6 months ago) by ghen
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +4 -4 lines
Update www/firefox and www/firefox-gtk to 1.5.0.4, mail/thunderbird and
mail/thunderbird-gtk1 to 1.5.0.4, and www/seamonkey, www/seamonkey-gtk1
and www/seamonkey-bin to 1.0.2 (salo has already updated www/firefox-bin).
Note that thunderbird skipped one release number (again) to stay on par
with firefox.

These updates provide:
* improvements to product stability,
* several important security fixes (see below).

Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

Fixed in SeaMonkey 1.0.2:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

Revision 1.21.2.1: download - view: text, markup, annotated - select for diffs
Sun Apr 23 23:11:55 2006 UTC (18 years, 7 months ago) by salo
Branches: pkgsrc-2006Q1
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +5 -5 lines
Pullup ticket 1442 - requested by ghen
security update for thunderbird

Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile			1.18
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common	1.12
- pkgsrc/mail/thunderbird/distinfo			1.22
- pkgsrc/mail/thunderbird/patches/patch-ab		1.9
- pkgsrc/mail/thunderbird-gtk1/Makefile			1.9

   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Sun Apr 23 14:14:07 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common
			distinfo
   	pkgsrc/mail/thunderbird-gtk1: Makefile
   	pkgsrc/mail/thunderbird/patches: patch-ab

   Log Message:
   Update to Thunderbird 1.5.0.2 (1.5.0.1 was skipped to stay in sync with
   Firefox).

   Thunderbird 1.5.0.2 offers improved stability, and several security fixes:
   MFSA 2006-28  Security check of js_ValueToFunctionObject() can be
                 circumvented
   MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
   MFSA 2006-26 Mail Multiple Information Disclosure
   MFSA 2006-25 Privilege escalation through Print Preview
   MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
   MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
   MFSA 2006-21 JavaScript execution in mail when forwarding in-line
   MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
   MFSA 2006-08 "AnyName" entrainment and access control hazard
   MFSA 2006-07 Read beyond buffer while parsing XML
   MFSA 2006-06 Integer overflows in E4X, SVG and Canvas
   MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
   MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator
                objects
   MFSA 2006-02 Changing postion:relative to static corrupts memory
   MFSA 2006-01 JavaScript garbage-collection hazards

   For a detailed ChangeLog, see:
   http://weblogs.mozillazine.org/rumblingedge/archives/2006/02/1-5-0-2.html

Revision 1.22: download - view: text, markup, annotated - select for diffs
Sun Apr 23 14:14:07 2006 UTC (18 years, 7 months ago) by ghen
Branches: MAIN
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +5 -5 lines
Update to Thunderbird 1.5.0.2 (1.5.0.1 was skipped to stay in sync with
Firefox).

Thunderbird 1.5.0.2 offers improved stability, and several security fixes:
MFSA 2006-28  Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
MFSA 2006-26 Mail Multiple Information Disclosure
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-21 JavaScript execution in mail when forwarding in-line
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
MFSA 2006-08 "AnyName" entrainment and access control hazard
MFSA 2006-07 Read beyond buffer while parsing XML
MFSA 2006-06 Integer overflows in E4X, SVG and Canvas
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator objects
MFSA 2006-02 Changing postion:relative to static corrupts memory
MFSA 2006-01 JavaScript garbage-collection hazards

For a detailed ChangeLog, see:
http://weblogs.mozillazine.org/rumblingedge/archives/2006/02/1-5-0-2.html

Revision 1.21: download - view: text, markup, annotated - select for diffs
Thu Mar 23 15:43:17 2006 UTC (18 years, 8 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2006Q1-base
Branch point for: pkgsrc-2006Q1
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +2 -2 lines
Readd minor DragonFly patch. Disable use of visibility attributes,
It's Just Broken (TM). Bump revision.

Revision 1.18.2.1: download - view: text, markup, annotated - select for diffs
Thu Feb 9 10:32:28 2006 UTC (18 years, 10 months ago) by salo
Branches: pkgsrc-2005Q4
Diff to: previous 1.18: preferred, colored; next MAIN 1.19: preferred, colored
Changes since revision 1.18: +37 -27 lines
Pullup ticket 1102 - requested by Geert Hendrickx
security update for firefox and thunderbird

Updated via patch from the submitter, includes these changes:

   Module Name:		pkgsrc
   Committed By:	joerg
   Date:		Fri Dec 30 21:35:58 UTC 2005

   Modified Files:
   	pkgsrc/mail/thunderbird/patches: patch-ab patch-ac patch-aq patch-ba
   	    patch-bo patch-bs
   Added Files:
   	pkgsrc/mail/thunderbird/patches: patch-ar patch-da patch-db patch-dc
   	    patch-de patch-df patch-dg patch-dh patch-dj patch-dk patch-dl
   	    patch-dm patch-do patch-ds patch-dt

   Log Message:
   Add DragonFly build support, partly based on the patches from
   www/firefox.
---
   Module Name:		pkgsrc
   Committed By:	joerg
   Date:		Wed Jan  4 08:55:08 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: distinfo

   Log Message:
   Also commit distinfo. Reminded by wiz@.
---
   Module Name:	pkgsrc
   Committed By:	ghen
   Date:		Sun Feb  5 14:49:05 UTC 2006

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common PLIST
   	    distinfo
   	pkgsrc/mail/thunderbird-gtk1: Makefile PLIST
   	pkgsrc/mail/thunderbird/patches: patch-aa patch-ab patch-ac patch-af
   	    patch-ag patch-ai patch-aj patch-al patch-ap patch-aq patch-aw
   	    patch-ax patch-bb patch-bo patch-bq patch-br patch-db patch-de
   	    patch-df
   Removed Files:
   	pkgsrc/mail/thunderbird-gtk1: MESSAGE
   	pkgsrc/mail/thunderbird/patches: patch-bt patch-bw patch-cc patch-ce
   	    patch-cf

   Log Message:
   Update to Thunderbird 1.5.

   What's new:
       * Automated update to streamline product upgrades. Notification of an
         update is more prominent, and updates to Thunderbird may now be half
         a megabyte or smaller. Updating extensions has also improved.
       * Sort address autocomplete results by how often you send e-mail
         to each recipient.
       * Spell check as you type.
       * Saved Search Folders can now search across multiple accounts.
       * Built in phishing detector to help protect users against email scams.
       * Podcasting and other RSS Improvements.
       * Deleting attachments from messages.
       * Integration with server side spam filtering.
       * Reply and forward actions for message filters.
       * Kerberos Authentication.
       * Auto save as draft for mail composition.
       * Message aging.
       * Filters for Global Inbox.
       * Improvements to product usability including redesigned options
         interface, and SMTP server management.
       * Many security enhancements.
   For a more detailed list of changes, see
   http://weblogs.mozillazine.org/rumblingedge/archives/2006/01/1-5.html

   Ok with wiz.
---
   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Sun Feb  5 14:43:59 UTC 2006

   Modified Files:
   	pkgsrc/www/mozilla: Makefile.common

   Log Message:
   Set CATEGORIES ?=www (instead of =) such that thunderbird (and later
   sunbird) can override it.  Ok for wiz.
---
   odule Name:		pkgsrc
   Committed By:	ghen
   Date:		Sun Feb  5 14:46:31 UTC 2006

   Modified Files:
   	pkgsrc/www/firefox: Makefile Makefile-firefox.common PLIST distinfo
   	pkgsrc/www/firefox-gtk1: Makefile PLIST
   Added Files:
   	pkgsrc/www/firefox/patches: patch-dw patch-dx
   Removed Files:
   	pkgsrc/www/firefox/patches: patch-bugzilla-319004

   Log Message:
   Update to Firefox 1.5.0.1, a bug fix release for Firefox 1.5.

   What's new:
   * Improved stability.
   * Improved support for Mac OS X.
   * International Domain Name support for Iceland (.is) is now enabled.
   * Fixes for several memory leaks.
   * Several security enhancements.

   For a more detailed list changes, see
   http://www.squarefree.com/burningedge/releases/1.5.0.1.html

   Ok with wiz.

Revision 1.20: download - view: text, markup, annotated - select for diffs
Sun Feb 5 14:49:05 2006 UTC (18 years, 10 months ago) by ghen
Branches: MAIN
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +23 -28 lines
Update to Thunderbird 1.5.

What's new:
    * Automated update to streamline product upgrades. Notification of an
      update is more prominent, and updates to Thunderbird may now be half a
      megabyte or smaller. Updating extensions has also improved.
    * Sort address autocomplete results by how often you send e-mail to each recipient.
    * Spell check as you type.
    * Saved Search Folders can now search across multiple accounts.
    * Built in phishing detector to help protect users against email scams.
    * Podcasting and other RSS Improvements.
    * Deleting attachments from messages.
    * Integration with server side spam filtering.
    * Reply and forward actions for message filters.
    * Kerberos Authentication.
    * Auto save as draft for mail composition.
    * Message aging.
    * Filters for Global Inbox.
    * Improvements to product usability including redesigned options interface,
      and SMTP server management.
    * Many security enhancements.
For a more detailed list of changes, see http://weblogs.mozillazine.org/rumblingedge/archives/2006/01/1-5.html

Ok with wiz.

Revision 1.19: download - view: text, markup, annotated - select for diffs
Wed Jan 4 08:55:08 2006 UTC (18 years, 11 months ago) by joerg
Branches: MAIN
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +22 -7 lines
Also commit distinfo. Reminded by wiz@.

Revision 1.17.2.1: download - view: text, markup, annotated - select for diffs
Mon Oct 3 14:30:04 2005 UTC (19 years, 2 months ago) by salo
Branches: pkgsrc-2005Q3
Diff to: previous 1.17: preferred, colored; next MAIN 1.18: preferred, colored
Changes since revision 1.17: +4 -4 lines
Pullup ticket 797 - requested by Shin'ichiro TAYA
security update for thunderbird

Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile			1.11
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common	1.8
- pkgsrc/mail/thunderbird/distinfo			1.18
- pkgsrc/mail/thunderbird-gtk1/Makefile			1.4

   Module Name:		pkgsrc
   Committed By:	taya
   Date:		Sun Oct  2 12:37:04 UTC 2005

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common distinfo
   	pkgsrc/mail/thunderbird-gtk1: Makefile

   Log Message:
   Update thunderbird & thunderbird-gtk1 to 1.0.7

   What's New in Thunderbird 1.0.7 (from Release Notes)

   Thunderbird 1.0.7 is a security and stability update that is
   part of our ongoing program to provide a safe Internet experience
   for our customers. We recommend that all users upgrade to this
   latest version.

Revision 1.18: download - view: text, markup, annotated - select for diffs
Sun Oct 2 12:37:04 2005 UTC (19 years, 2 months ago) by taya
Branches: MAIN
CVS tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +4 -4 lines

Update thunderbird & thunderbird-gtk1 to 1.0.7

What's New in Thunderbird 1.0.7 (from Release Notes)

Thunderbird 1.0.7 is a security and stability update that is
part of our ongoing program to provide a safe Internet experience
for our customers. We recommend that all users upgrade to this
latest version.

Revision 1.17: download - view: text, markup, annotated - select for diffs
Thu Sep 8 22:03:45 2005 UTC (19 years, 3 months ago) by abs
Branches: MAIN
CVS tags: pkgsrc-2005Q3-base
Branch point for: pkgsrc-2005Q3
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +2 -2 lines
Update patches for mozilla applications to handle the fact that on
NetBSD the thread safe resolver is only available on __NetBSD_Version__
>= 299000900.  Fixes runtime usage on NetBSD 2.1. New Versions:
    - firefox-1.0.6nb2
    - firefox-gtk1-1.0.6nb2
    - mozilla-1.7.11nb1
    - mozilla-gtk2-1.7.11nb1
    - thunderbird-1.0.6nb1
    - thunderbird-gtk1-1.0.6nb1

Revision 1.14.2.1: download - view: text, markup, annotated - select for diffs
Fri Aug 19 07:44:39 2005 UTC (19 years, 3 months ago) by snj
Branches: pkgsrc-2005Q2
Diff to: previous 1.14: preferred, colored; next MAIN 1.15: preferred, colored
Changes since revision 1.14: +4 -4 lines
Pullup ticket 685 - requested by Shin'ichiro TAYA
security update for thunderbird and thunderbird-gtk1

Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common	1.7
- pkgsrc/mail/thunderbird/PLIST				1.11
- pkgsrc/mail/thunderbird/distinfo			1.15
- pkgsrc/mail/thunderbird-gtk1/PLIST			1.2

   Module Name:  pkgsrc
   Committed By: taya
   Date:         Sun Jul 24 02:58:33 UTC 2005

   Modified Files:
         pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
         pkgsrc/mail/thunderbird-gtk1: PLIST

   Log Message:
   Update thunderbird & thunderbird-gtk1 to 1.0.6
   This is a security fix release.

   Fixed in Thunderbird 1.0.5/1.0.6
   MFSA 2005-56 Code execution through shared function objects
   MFSA 2005-55 XHTML node spoofing
   MFSA 2005-52 Same origin violation: frame calling top.focus()
   MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
   MFSA 2005-46 XBL scripts ran even when Javascript disabled
   MFSA 2005-44 Privilege escalation via non-DOM property overrides
   MFSA 2005-41 Privilege escalation via DOM property overrides
   MFSA 2005-40 Missing Install object instance checks
   MFSA 2005-33 Javascript "lambda" replace exposes memory contents

Revision 1.16: download - view: text, markup, annotated - select for diffs
Mon Jul 25 15:46:02 2005 UTC (19 years, 4 months ago) by adam
Branches: MAIN
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +5 -3 lines
Use pkgsrc optimisation (CFLAGS, CXXFLAGS) = faster binary, less memory usage

Revision 1.15: download - view: text, markup, annotated - select for diffs
Sun Jul 24 02:58:33 2005 UTC (19 years, 4 months ago) by taya
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +4 -4 lines

Update thunderbird & thunderbird-gtk1 to 1.0.6
This is a security fix release.

Fixed in Thunderbird 1.0.5/1.0.6
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-41 Privilege escalation via DOM property overrides
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-33 Javascript "lambda" replace exposes memory contents

Revision 1.13.2.1: download - view: text, markup, annotated - select for diffs
Fri Mar 25 17:46:19 2005 UTC (19 years, 8 months ago) by snj
Branches: pkgsrc-2005Q1
Diff to: previous 1.13: preferred, colored; next MAIN 1.14: preferred, colored
Changes since revision 1.13: +4 -4 lines
Pullup ticket 390 - requested by Shin'ichiro TAYA
security fix for thunderbird and thunderbird-gtk2

Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common	1.6
- pkgsrc/mail/thunderbird/PLIST				1.9
- pkgsrc/mail/thunderbird/distinfo			1.14
- pkgsrc/mail/thunderbird-gtk2/PLIST			1.8


    Module Name:    pkgsrc
    Committed By:   taya
    Date:           Fri Mar 25 14:43:46 UTC 2005

    Modified Files:
            pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
            pkgsrc/mail/thunderbird-gtk2: PLIST

    Log Message:
    Update thunderbird & thunderbird-gtk2 to 1.0.2

    Thunderbird 1.0.2 is a security and stability update.
    Fixed vulnerbilities are follows.

    MFSA 2005-30  GIF heap overflow parsing Netscape extension 2
    MFSA 2005-25 Image drag and drop executable spoofing
    MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
    MFSA 2005-18 Memory overwrite in string library
    MFSA 2005-17 Install source spoofing with user:pass@host
    MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion

Revision 1.14: download - view: text, markup, annotated - select for diffs
Fri Mar 25 14:43:46 2005 UTC (19 years, 8 months ago) by taya
Branches: MAIN
CVS tags: pkgsrc-2005Q2-base
Branch point for: pkgsrc-2005Q2
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +4 -4 lines

Update thunderbird & thunderbird-gtk2 to 1.0.2

Thunderbird 1.0.2 is a security and stability update.
Fixed vulnerbilities are follows.

MFSA 2005-30  GIF heap overflow parsing Netscape extension 2
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion

Revision 1.13: download - view: text, markup, annotated - select for diffs
Tue Mar 8 08:53:08 2005 UTC (19 years, 9 months ago) by grant
Branches: MAIN
CVS tags: pkgsrc-2005Q1-base
Branch point for: pkgsrc-2005Q1
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +3 -1 lines
apply patch from mozilla CVS to fix bug id #260337 (installer missing
libnsl on Solaris), as well as another sh(1) portability fix.

	https://bugzilla.mozilla.org/show_bug.cgi?id=260337

no PKGREVISION bump because this didn't build on Solaris without
libnsl.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Thu Feb 24 09:59:30 2005 UTC (19 years, 9 months ago) by agc
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +2 -1 lines
Add RMD160 digests.

Revision 1.11: download - view: text, markup, annotated - select for diffs
Tue Dec 14 23:35:34 2004 UTC (20 years ago) by taya
Branches: MAIN
CVS tags: pkgsrc-2004Q4-base, pkgsrc-2004Q4
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +3 -3 lines

Update thunderbird & thunderbird-gtk2 to 1.0

Here are some of the new features to look for in Thunderbird:

* Adaptive Junk Mail Controls
* RSS Integration
* Saved Search Folders
 Saved Search Folders display messages based on previously set search
criteria. For example, instead of filtering messages into a new
folder, you can create a Saved Search Folder that lists all the
messages received from a certain person over the past 30 days, even if
those messages are stored in different folders and subfolders.

* Global Inbox Support
 POP3 users can now combine all of their POP3 accounts into a single
global inbox under local folders.

* Message Grouping
 You can now group messages in a folder by attributes such as date,
sender, priority or a custom label. For instance, a folder grouped by
date will group messages from today, yesterday, last week, etc. into
self-contained groups in the message list pane. (View > Sort By >
Grouped By Sort)

* Privacy Protection
 In order to help protect your privacy, Thunderbird now automatically
blocks remote image requests in emails from senders you don't know.

* Comprehensive Mail Migration from other Mail Clients
 Switching to Thunderbird has never been easier since Thunderbird can
now migrate all of your email data including settings, mail folders
and address book data from common mail applications such as the
Mozilla 1.x Suite, Outlook Express, Outlook and Eudora.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Sat Dec 4 02:16:03 2004 UTC (20 years ago) by taya
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +9 -6 lines

1)Generate extension directory at installation time.

2)sync patches from www/mozilla.

- update patch-ab
from commit log
>> date: 2004/08/31 02:37:57;  author: danw;  state: Exp;  lines: +13 -6
>> darwin fixes (tested against firefox-gtk2)

- update patch-ac
- update patch-bx
- add patch-bz
- add patch-ca
- add patch-cb
from commit log
>> date: 2004/07/07 09:08:31;  author: aymeric;  state: Exp;  lines: +14 -7
>> . on PowerPC, update files so that Mozilla works properly when compiled with
>>   gcc version 3+.
>> . generally reduce diffs to Linux version
>> . retain compatibility with older ABI (AIX-like) thanks to useful comments
>>   from Charles Hannum
>>
>> Thanks to Matthew Green for the fruitful discussion. This should address
>> PR#23240 as far as mozilla is concerned.

- remove patch-bn
enable HAVE_SOCKLEN_T

- update patch-br
from commit log
>> date: 2004/10/04 11:52:45;  author: grant;  state: Exp;  lines: +10 -6
>> bring across a patch in Firefox for using thread-safe resolver library
>> functions on NetBSD >=2.0F.

- update patch-cc
make mozilla work on NetBSD-current/alpha

3)bump PKGREVISION

Revision 1.7.2.1: download - view: text, markup, annotated - select for diffs
Wed Dec 1 01:49:24 2004 UTC (20 years ago) by snj
Branches: pkgsrc-2004Q3
Diff to: previous 1.7: preferred, colored; next MAIN 1.8: preferred, colored
Changes since revision 1.7: +4 -4 lines
Pullup ticket 157 - requested by Havard Eidnes
security fix for thunderbird and thunderbird-gtk2

Module Name:    pkgsrc
Committed By:   kristerw
Date:           Thu Nov  4 20:06:34 UTC 2004

Modified Files:
        pkgsrc/mail/thunderbird: distinfo
        pkgsrc/mail/thunderbird/patches: patch-bt

Log Message:
Use __va_copy instead of va_copy for NetBSD.  This is needed on gcc 3.4=

since the build use -ansi that in turn makes gcc 3.4 modify its pre-
defined symbols in such a way that va_copy is not defined.
---
Module Name:    pkgsrc
Committed By:   taya
Date:           Sun Nov 14 23:38:20 UTC 2004

Modified Files:
        pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST dist=
info
        pkgsrc/mail/thunderbird-gtk2: PLIST

Log Message:
Update thunderbird & thunderbird-gtk2 to 0.9

Here are the highlights for this Thunderbird release:

* Saved Search Folders
- Saved Search Folders display messages based on previously set search
criteria. For example, instead of filtering messages into a new
folder, you could create a Saved Search Folder that lists all the
messages received from a certain person over the past 30 days, even if
those messages are stored in different folders and subfolders.

* Message Grouping
- You can now group messages in a folder by attributes such as date,
sender, priority or a custom label. For instance, a folder grouped by
date will group messages from today, yesterday, last week, etc. into
self-contained groups in the message list pane. (View > Sort By >
Grouped By Sort)

* Other New Features
- Messages with attachments now get marked as such in the message list
pane immediately and not when the message is displayed.

- Improvements to Thunderbird's Global Inbox support for POP3 users.

- The new quick search bar introduced in 0.8 now features a clear
button when search text is present inside the quick search box.

- Fixed a regression introduced in 0.8 where a user could not change
the local folder path in the Account Manager.

- Improved offline support including fixes for common offline-related
problems.

- Improved privacy controls block remote content in e-mail messages
from senders not in your address book.

- Long file attachment names are no longer truncated in the message
pane.

- Bug fixes too numerous to mention!

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sun Nov 14 23:38:20 2004 UTC (20 years, 1 month ago) by taya
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +3 -3 lines

Update thunderbird & thunderbird-gtk2 to 0.9

Here are the highlights for this Thunderbird release:

* Saved Search Folders
- Saved Search Folders display messages based on previously set search
criteria. For example, instead of filtering messages into a new
folder, you could create a Saved Search Folder that lists all the
messages received from a certain person over the past 30 days, even if
those messages are stored in different folders and subfolders.

* Message Grouping
- You can now group messages in a folder by attributes such as date,
sender, priority or a custom label. For instance, a folder grouped by
date will group messages from today, yesterday, last week, etc. into
self-contained groups in the message list pane. (View > Sort By >
Grouped By Sort)

* Other New Features
- Messages with attachments now get marked as such in the message list
pane immediately and not when the message is displayed.

- Improvements to Thunderbird's Global Inbox support for POP3 users.

- The new quick search bar introduced in 0.8 now features a clear
button when search text is present inside the quick search box.

- Fixed a regression introduced in 0.8 where a user could not change
the local folder path in the Account Manager.

- Improved offline support including fixes for common offline-related
problems.

- Improved privacy controls block remote content in e-mail messages
from senders not in your address book.

- Long file attachment names are no longer truncated in the message
pane.

- Bug fixes too numerous to mention!

Revision 1.8: download - view: text, markup, annotated - select for diffs
Thu Nov 4 20:06:34 2004 UTC (20 years, 1 month ago) by kristerw
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +2 -2 lines
Use __va_copy instead of va_copy for NetBSD.  This is needed on gcc 3.4
since the build use -ansi that in turn makes gcc 3.4 modify its pre-
defined symbols in such a way that va_copy is not defined.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Mon Sep 20 12:55:43 2004 UTC (20 years, 2 months ago) by taya
Branches: MAIN
CVS tags: pkgsrc-2004Q3-base
Branch point for: pkgsrc-2004Q3
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +3 -3 lines

Update thunderbird & thunderbird-gtk2 to 0.8

What's new from Release Notes:

*  Global Inbox
POP3 users can now combine all of their POP3 accounts into a single
global inbox under local folders.

* Comprehensive Data Migration
Switching to Thunderbird has never been easier since Thunderbird can
now migrate all of your e-mail data including settings, mail folders
and address book data from common mail applications such as the
Mozilla 1.x Suite, Outlook Express, Outlook and Eudora.

* RSS Integration
Thunderbird now features a built in RSS reader which allows you to
easily subscribe to and read news and weblogs that support RSS.

* Improved Privacy Controls
In order to help protect your privacy, Thunderbird now automatically
blocks remote image requests in e-mails from senders you don't know.

* Improved Quick Search
Thunderbird now makes it even easier to manage your e-mail. Quick
search now supports many different types of search criteria including
the ability to search message body text. Thunderbird can also
highlight the quick search terms in the message body.

* Other New Features
Support for using a master password to encrypt saved e-mail account passwords.

Linux GNOME users can now make Thunderbird their default e-mail client
(Tools > Options > General).

If your network uses proxy authentication for HTTP, Thunderbird now
correctly prompts for proxy authentication instead of silently
failing.

Bug fixes too numerous to mention!

---
Several security holes have been fixed. See the page bellow for
detail.

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

Revision 1.6: download - view: text, markup, annotated - select for diffs
Tue Aug 10 14:27:17 2004 UTC (20 years, 4 months ago) by taya
Branches: MAIN
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +3 -3 lines

Update thunderbird & thunderbird-gtk2 to 0.7.3
thunderbird 0.7.3 is a security fix release.
Fixed bugs are:

- lock icon and certificate spoof with onunload document.write (Bugzilla#253121)
- Malicious certificates can permanently break HTTPS/SSL (Bugzilla#249004)

See the page below.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2

Revision 1.5: download - view: text, markup, annotated - select for diffs
Tue Jul 6 13:40:57 2004 UTC (20 years, 5 months ago) by taya
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +4 -4 lines

Update thunderbird to 0.7.1

From the article from mozillazine.org:
mozilla.org today released upgrades to both Firefox 0.9 (0.9.1) and
Thunderbird 0.7 (0.7.1) to fix some minor bugs present in both
releases. Both releases correct some flaws in the extension system
that some users may have been experiencing, as well as a new icon set
for the navigation toolbar on Windows and Linux in Firefox 0.9.1. All
users of both products should get this upgrade.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Thu Jun 24 23:09:55 2004 UTC (20 years, 5 months ago) by taya
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +33 -26 lines

Update thunderbird to 0.7

Here are the highlights for this release of Thunderbird:

* Smaller and Faster
The Windows Installer is now only a 5.9MB download. Significant
performance improvements on Windows, Linux and Mac OS X!

* New Themes and Extension Manager
Provides a convenient and secure way to manage and update the many
add-ons that set Thunderbird apart from other e-mail clients.

* Crash Analysis Tools (Talkback)
Help us help you! Integration with Mozilla Talkback allows users to
submit crash reports which makes it easier for us to find Thunderbird
top crashes.

* Other New Features...
New user interface for viewing vCards.

New Profile Manager which also supports running from a USB device.

Color quoting for quoted message parts.

Thunderbird now supports a user interface for creating multiple
identities per e-mail account. This makes it easy to have several
e-mail addresses which end up going into the same account.

* Recently Fixed Bugs
Fix for an occassional hang when reading IMAP mail over SSL.

Our LDAP support works against older version 2 LDAP servers again in
addition to version 3.

Thunderbird can handle mailto urls that contain raw spaces in the
subject.

Other bug fixes too numerous to mention!

Revision 1.3: download - view: text, markup, annotated - select for diffs
Sat May 8 04:35:37 2004 UTC (20 years, 7 months ago) by taya
Branches: MAIN
CVS tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +26 -21 lines

Update thunderbird to 0.6

What's new from release notes:
* Improved Junk Mail Controls
The algorithm for the adaptive junk mail controls has been heavily
redesigned to learn faster and catch more spam.

* New Brand Identity
To be consistent with the Mozilla Foundation's goal of brand identity,
Thunderbird has a new logo and supporting artwork thanks to the fine
work of the Mozilla Visual Identity team.

* Other New Features...
- IMAP users can now benefit from support for the IMAP IDLE command
which allows the mail server to push notifications such as new mail
arriving as soon as it arrives.

- Thunderbird supports server-wide news filters that apply to all
newsgroups on a server.

- Thunderbird includes Secure Password Authentication using a new
cross-platform NTLM authentication mechanism for IMAP, POP3 and SMTP.

- Mail filters can now mark messages as junk.

- Tools > Options > Compose > HTML Options allows you to set up
default HTML compose options such as font, size and color.

- Attachments can be opened directly from the compose window to verify
their contents before sending.

- Thunderbird now supports the notion of multiple identities per mail
account. This makes it easy to have several e-mail addresses which end
up going into the same account. Read More about how to set this up.

* Recently Fixed Bugs
- In the case of a failure when copying a message to an online Sent
folder, Thunderbird will now ask if you would like it to try again.

- Pasting data from an OpenOffice.org spreadsheet no longer pastes
random HTML garbage before the actual spreadsheet data into HTML
compose.

- Fixed several situations where LDAP connections were left open when
using LDAP auto complete or performing searches on LDAP directories.

- Improved view source behavior.

- Mail notification for POP3 messages that are marked deleted or
marked read by mail filters no longer occurs.

- The "Mark All Read" keyboard shortcut now works for Linux GTK2.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Mon Apr 26 13:56:09 2004 UTC (20 years, 7 months ago) by taya
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -2 lines

- switch to gtk1
- catch up to current statvfs support

Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Mon Apr 19 23:25:27 2004 UTC (20 years, 7 months ago) by taya
Branches: TNF
CVS tags: pkgsrc-base
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines

Initial import of thunderbird.

Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Mon Apr 19 23:25:27 2004 UTC (20 years, 7 months ago) by taya
Branches: MAIN
Initial revision

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>