![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / mail / thunderbird / patches
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.2, Sun Dec 16 08:12:16 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +1 -1
lines
FILE REMOVED
Update to 60.3.3
Changelog:
60.3.3:
mitigated
Thunderbird 60 will migrate security databases (key3.db, cert8.db to
key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault
that potentially deleted saved passwords and private certificate keys
for users using a master password. Version 60.3.3 will prevent the loss
of data; affected users who have already upgraded to version 60.3.2 or
earlier can restore the deleted key3.db file from backup to complete
the migration.
fixed
Address book search and auto-complete slowness introduced in
Thunderbird 60.3.2
Plain text markup with * for bold, / for italics, _ for underline and |
for code did not work when the enclosed text contained non-ASCII
characters
While composing a message, a link not removed when link location was
removed in the link properties panel
60.3.2:
fixed
Under some circumstances Thunderbird on Mac will send attachments using
the so-called AppleDouble format which can lead to problems with mail
servers and recipients
Encoding problems when exporting address books or messages using the
system charset. Messages are now always exported using the UTF-8 encoding.
If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was
displayed. Now using date from "Received" header instead.
Body search/filtering didn't reliably ignore content of tags
Inappropriate warning "Thunderbird prevented the site
(addons.thunderbird.net) from asking you to install software on your
computer" when installing add-ons
Incorrect display of correspondents column since own email address was
not always detected
Spurious 
 (encoded newline) inserted into drafts and sent email
New email not inserted in correct sort order in threaded unified view
or search folder
60.3.1:
fixed
Double-clicking on a word in the Write window sometimes launched the
Advanced Property Editor or Link Properties dialog
Cookie removal (not working since Thunderbird version 52)
"Download rest of message" not working if global inbox was used
Encoding problems for users (especially in Poland) when a file was sent
via a folder using "Sent to > Mail recipient" due to a problem in the
Thunderbird MAPI interface
According to RFC 4616 and RFC 5721, passwords containing non-ASCII
characters are encoded using UTF-8 which can lead to problems with
non-compliant providers, for example office365.com. The SMTP LOGIN
and POP3 USER/PASS authentication methods are now using a Latin-1
encoding again to work around this issue.
Shutdown crash/hang after entering an empty IMAP password
60.3.0:
fixed
Various Theme fixes where incorrect colors, backgrounds, etc. were
displayed
Add-on Options menu not working on Mac
Shift+PageUp/PageDown in Write window
Saving content of Write windows didn't overwrite existing file
Issues related to "Edit Template" command
Gloda attachment filtering
Mailing list address auto-complete enter/return handling
Thunderbird hung if HTML signature references non-existent image
Filters not working for headers that appear more than once
Various security fixes
Secirity fixes:
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3
60.2.1:
Changed
Calendar: Default values for the first day of the week and working days
are now derived from the selected datetime formatting locale (restart
after changing locale in the OS required)
Calendar: Switch to a Photon-style icon set for all platforms
Multiple requests for master password when Google Mail or Calendar
OAuth2 is enabled
Scrollbar of the address entry auto-complete popup does not work
Security info dialog in compose window does not show certificate status
Links in the Add-on Manager's search results and theme browsing tabs
open in external browser
Localized versions of Thunderbird didn't show a localized name for
the "Drafts" and "Sent" folders for certain IMAP providers
(particularly in France)
Replying to a message with an empty subject inserted Re: twice (not
working in Thunderbird 60.0)
Spellcheck marks disappeared erroneously for words with an apostrophe
(not working in Thunderbird 60.0)
Calendar: First day of the week cannot be set
Calendar: Several fixes related to cutting/deleting of events and email
scheduling
Various security fixes
Security fixes:
#CVE-2018-12377: Use-after-free in refresh driver timers
#CVE-2018-12378: Use-after-free in IndexedDB
#CVE-2018-12379: Out-of-bounds write with malicious MAR file
#CVE-2017-16541: Proxy bypass using automount and autofs
#CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
#CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
#CVE-2018-12376: Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1
60.0:
new
When writing a message, a delete button now allows the removal of a
recipient. This delete button is displayed when hovering the To/Cc/Bcc
selector.
Many improvements to attachments handling during compose: Attachments
can now be reordered using a dialog, keyboard shortcuts, or drag and
drop. The "Attach" button moved to the right to be above the attachment
pane. The access key of the attachment pane (e.g. Alt+M, may vary
depending on localization, Ctrl+M on Mac) now also works to show or
hide the pane. The attachment pane can also be shown initially when
composing a new message. Right-click on the header to enable this
option. Hiding a non-empty attachment pane will now show a placeholder
paperclip to indicate the presence of attachments and avoid sending
them accidentally.
"Edit Template" command. This also solves various problems when saving
as template (duplicates created, message ID lost).
"New Message from Template" command
Allow changing the Spellcheck Language from status bar
Light and Dark themes
WebExtension themes are now enabled in Thunderbird
A default startup directory in the address book window can now be
configured
Individual feed update interval
An option under "Tools > Options, Advanced, General" now allows to
select whether date/time display will follow the application locale
(adjusted by operating system's format settings for that locale) or
the locale selected in the operating system's regional settings.
In other words, an US English Thunderbird can use, for example,
German formats.
OAuth2 authentication for Yahoo and AOL
FIDO U2F support
Thunderbird now allows the conversion of folders from mbox to maildir
format and vice versa. This is an experimental feature that needs to
be enabled by setting the preference mail.store_conversion_enabled.
Note that this functionality does not not work if the option "Allow
Windows Search/Spotlight to search messages" is selected.
Calendar: Allow copying, cutting or deleting of a selected occurrence
or the entire series for recurring events
Calendar: Provide an option to display locations for events in calendar
day and week views
Calendar: Provide the ability for sending/not sending meeting
notifications directly instead of showing a popup
Calendar: Option to select the target calendar when pasting an event
or task
Calendar: Allow email scheduling for CalDAV servers supporting
server-side scheduling
Thunderbird Chat now contains multiple built-in message themes
changed
IMPORTANT: Add-ons not marked as compatible with Thunderbird 60
by their authors will be disabled (this can be reverted via preference
extensions.strictCompatibility)
IMAP: When after sending a message storing that sent message fails,
the message can now be stored in a local folder
Add-on options can no longer be configured from the Add-on Manager page.
A new menu item "Add-on Options" is now available on the Tools menu.
When messages are composed in paragraph format, "body text" and split
mail quotes are converted to paragraphs when pressing the enter key
"Edit As New Message" will now use the account's default compose format,
either HTML or plain text ignoring the format of the message. Plain
text messages will be converted to HTML and vice versa. Then using
the modifier, the format choice will be reverted.
The "Edit Draft" command now also honors the use of the shift key to
convert HTML to plain text or vice versa when editing a draft
The plain text to HTML conversion has been improved where such a
conversion is necessary for "Edit As New Message" or when the shift
modifier is used for "Edit Draft" or "New Message from Template".
During address entry, the matching part of the address is now shown in
bold. Preference mail.autoComplete.commentColumn allows to display
the address book where the address is stored.
When attaching a message via drag and drop, the subject of the message
is now used as attachment name instead of "Attached Message"
Better address book photo handling: Photos can be added by drag and
drop and a copy of all photos will be stored in the Thunderbird profile
On first start, Thunderbird now shows the account setup dialog, no longer
the account provisioner dialog
Thunderbird follows Firefox' Photon design with rectangular tabs and
many other theme improvements
When customizing the From: address, Thunderbird will now use this address
for the SMTP "MAIL FROM" command. Previously the address configured
in the identity was used. The preference
mail.smtp.useSenderForSmtpMailFrom allows return to the previous
behavior.
Native notifications on Linux are now re-enabled
Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy
now supported)
Thunderbird now uses the latest Rust-based Mozilla technology, including
Quantum's CSS engine (based on Servo) and encoding_rs, for displaying
and encoding messages
All certificates issued by Symantec roots before 2016-06-01 are
distrusted for use in TLS secured traffic in Thunderbird 60 and above.
This applies to all brands Symantec operated: Thawte, RapidSSL,
GeoTrust, Verisign, and Symantec. For usage in S/MIME the certificates
remain valid. Details here.
Calendar: Removal of capability to send email invitations compatible
to Outlook 2002 and earlier
Calendar: Reminders on read-only calendars can now be dismissed, while
reminders for missed events will now only be displayed for writable
calendars if option "Show missed reminders for writable calendars" is
selected
Thunderbird Chat: Nicknames inside of messages are colored to match
the participants list
fixed
When many Thunderbird clients or other email clients accessed the same
IMAP draft folder, messages were sometimes sent with the wrong
identity. This has been corrected and the user will be notified if
none of their identities matches the draft.
Various problems related to handling the IMAP trash folder: Under
certain circumstances the selection of the trash folder didn't persist,
for example when the name contained non-ASCII characters, or in
localized versions of Thunderbird. At times unwanted adtext menu behavior
Better error handling for Gmail authentication to avoid re-downloading
of folders
Thunderbird used a stale cached password after user edited a saved
password
Calendar: Wrong time formatting for some time zones
Calendar: Can't copy information from event dialog for received invitations
Various security fixes
Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60
#CVE-2018-5188: Memory sa60
Revision 1.1 / (download) - annotate - [select for diffs], Thu Apr 27 13:32:41 2017 UTC (6 years, 11 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Update to 52.0.1
Changelog:
52.0.1:
Fixed
Clicking on a link in an email may not open this link in the external browser.
Crash due to incompatibility with McAfee Anti-SPAM add-on. Add-on is blocked in 52.0.1
52.0:
New
Folder pane toolbar and folder view selector (replacement for folder view arrows)
Optionally remove corresponding data files when removing an account from Thunderbird
Import settings from Becky! Internet Mail
Possibility to copy message filter
Dictionary setting is restored when editing a draft. Content-Language header (RFC 3282) transmitted with message
Calendar: Event can now be created and edited in a tab
Calendar: Processing of received invitation counter proposals
Chat: Support Twitter Direct Messages
Chat: Liking and favoriting in Twitter
Chat: XMPP: Support SASL SCRAM authentication mechanism
Chat: Support Jabber/XMPP Message Carbons (XEP-280)
Changed
IMPORTANT: The way images are included in a compose window has changed. Images are now included as data URIs and not as references to parts of other messages or operating system files. This allows better interoperability with office packages such as MS Office or LibreOffice. Images linked from locations on the internet will no longer be downloaded and attached to the message automatically. This can be changed for each image individually via the Image Properties dialog or globally by setting the preference mail.compose.attach_http_images.
Correspondents column now default for all new folders, can be switched off with preference mail.threadpane.use_correspondents
When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header
On Linux PulseAudio is now required to play sound
Formatting toolbar is now left in place when delivery format is switched to plain text only
Messages in IMAP folders read on external device are now filtered by default
Folders backed by mbox storage larger than 4GB are supported without warning (unless preference mailnews.allowMboxOver4GB is set to false)
IMAP caching now uses Mozilla's latest caching technology
The keyboard shortcut to insert hyperlinks into a compose window was changed from CTRL+L to CTRL+K to align with Office applications
Chat: Removed Yahoo! Messenger support (since Yahoo removed support)
Fixed
Message preview pane non-functional after IMAP folder was renamed or moved
Fixed
Editing in paragraph format: Pressing Shift+Enter sometimes doesn't move the cursor to the next line
Various corrections when composing messages in paragraph format
Paste as quotation doesn't always work
Long lines in plain text replies not properly wrapped
Undesired white-space before signature in paragraph mode
When attachment unavailable, compose shows endless "Attaching..." message instead of error
Text encoding of reply sometimes incorrect (uses encoding of last viewed message)
Text encoding of message display, reply or forwarded message sometimes incorrect (uses encoding of attachment)
Delivery Format not preserved for saved drafts (Auto-Detect|Plaintext|HTML|Both)
Reply to own e-mail does not reply with the correct identity
IMAP message part caching
Links with escaped non-ASCII (international) characters can't be clicked
Calendar: Events specified in timezone "local time" generate alerts in UTC time
Chat: XMPP Resource collisions
Various security fixes
Security fixes:
#CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
#CVE-2017-5401: Memory Corruption when handling ErrorResult
#CVE-2017-5402: Use-after-free working with events in FontFace objects
#CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
#CVE-2017-5404: Use-after-free working with ranges in selections
#CVE-2017-5406: Segmentation fault in Skia with canvas operations
#CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
#CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
#CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
#CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
#CVE-2017-5412: Buffer overflow read in SVG filters
#CVE-2017-5413: Segmentation fault during bidirectional operations
#CVE-2017-5414: File picker can choose incorrect default directory
#CVE-2017-5416: Null dereference crash in HttpChannel
#CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
#CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
#CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
#CVE-2017-5419: Repeated authentication prompts lead to DOS attack
#CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
#CVE-2017-5421: Print preview spoofing
#CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
#CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
#CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8