head 1.6; access; symbols pkgsrc-2022Q4:1.5.0.20 pkgsrc-2022Q4-base:1.5 pkgsrc-2022Q3:1.5.0.18 pkgsrc-2022Q3-base:1.5 pkgsrc-2022Q2:1.5.0.16 pkgsrc-2022Q2-base:1.5 pkgsrc-2022Q1:1.5.0.14 pkgsrc-2022Q1-base:1.5 pkgsrc-2021Q4:1.5.0.12 pkgsrc-2021Q4-base:1.5 pkgsrc-2021Q3:1.5.0.10 pkgsrc-2021Q3-base:1.5 pkgsrc-2021Q2:1.5.0.8 pkgsrc-2021Q2-base:1.5 pkgsrc-2021Q1:1.5.0.6 pkgsrc-2021Q1-base:1.5 pkgsrc-2020Q4:1.5.0.4 pkgsrc-2020Q4-base:1.5 pkgsrc-2020Q3:1.5.0.2 pkgsrc-2020Q3-base:1.5 pkgsrc-2020Q2:1.4.0.2 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.3.0.4 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.6 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.2 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.2.0.4 pkgsrc-2019Q2-base:1.2 pkgsrc-2019Q1:1.2.0.2 pkgsrc-2019Q1-base:1.2 pkgsrc-2018Q4:1.1.0.2 pkgsrc-2018Q4-base:1.1; locks; strict; comment @// @; 1.6 date 2023.02.05.09.05.29; author he; state dead; branches; next 1.5; commitid g3Fsz7kGhhAFEjcE; 1.5 date 2020.09.03.15.26.22; author ryoon; state Exp; branches; next 1.4; commitid IUnmboLLH6P9dCmC; 1.4 date 2020.06.15.15.44.22; author nia; state Exp; branches; next 1.3; commitid ni47uVu7nQ2uSkcC; 1.3 date 2019.09.21.10.55.17; author ryoon; state Exp; branches; next 1.2; commitid dovG9JsbXIrHTRDB; 1.2 date 2019.02.26.11.32.13; author ryoon; state Exp; branches; next 1.1; commitid PT9jULznE15UKgdB; 1.1 date 2018.12.16.08.12.15; author ryoon; state Exp; branches; next ; commitid hnaZYEy5PtyMXZ3B; desc @@ 1.6 log @mail/thunderbird: Update to version 102.6.1. This is copied from wip/thunderbird, which builds with more recent versions of rust. This is the version just before this change was implemented: https://blog.thunderbird.net/2023/01/important-message-for-microsoft-office-365-enterprise-users/ and this version will stay here for a while before we update again. Call me lazy, but I don't think it's worth anyone's time to paste in the change log from version 78 to 102.6.1 here, and it doesn't appear to be readily accessible in the source distribution. That said, the list of security fixes implemented between version 78.12 and 102.6.1 is available at https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird102.6.1 and the release notes are available at https://www.thunderbird.net/en-US/thunderbird/releases/ @ text @$NetBSD: patch-dom_media_CubebUtils.cpp,v 1.5 2020/09/03 15:26:22 ryoon Exp $ --- dom/media/CubebUtils.cpp.orig 2020-08-28 21:32:36.000000000 +0000 +++ dom/media/CubebUtils.cpp @@@@ -125,7 +125,7 @@@@ const char kBrandBundleURL[] = "chrome:/ const char* AUDIOSTREAM_BACKEND_ID_STR[] = { "jack", "pulse", "alsa", "audiounit", "audioqueue", "wasapi", - "winmm", "directsound", "sndio", "opensl", "audiotrack", "kai"}; + "winmm", "directsound", "sndio", "opensl", "audiotrack", "kai", "sun"}; /* Index for failures to create an audio stream the first time. */ const int CUBEB_BACKEND_INIT_FAILURE_FIRST = ArrayLength(AUDIOSTREAM_BACKEND_ID_STR); @ 1.5 log @thunderbird: Update to 78.2.1 * Lightning cannot be disabled by users in build time. Remove mozilla-lightning option. Changelog: 78.2.1 Changes changed OpenPGP enabled by default changed OpenPGP: Disabled the use of MD5/SM2/SM3 algorithms Fixes fixed OpenPGP: Users with sub-identities were unable to encrypt or sign messages when switching identities fixed OpenPGP message security window did not support dark mode 78.2.0 Changes changed OpenPGP Key generation now disabled when there is no default mail account configured changed OpenPGP: Encrypt saved drafts when OpenPGP is enabled changed Twitter search removed changed Calendar: Event summary dialog is now themeable changed MailExtensions: Some APIs now use defineLazyPreferenceGetter in order to benefit from caching Fixes fixed OpenPGP Key Manager search function did not work fixed OpenPGP Key Properties dialog was sometimes too small fixed OpenPGP: Encrypted email would not send if address contained uppercase characters fixed OpenPGP: "Key ID" column could not be resized in Key Manage fixed OpenPGP: Keys containing invalid UTF-8 strings could not be imported fixed OpenPGP: Enable automatic signing for encrypted messages in additional scenarios fixed Many more OpenPGP bug fixes and improvements fixed IMAP fetch chunk size was always 65536 bytes fixed IMAP server capabilities were not rechecked after upgrading to SSL/TLS connection fixed Message Composer: Order of attachments could not be modified using drag & drop fixed Composing messages with a "fixed width" font did not work fixed Drag and drop of address book contacts did not work in some situations fixed Address book migration failed when there was a dot in the file name fixed Address book: "Always prefer display name over message header" was always checked when editing a contact fixed Address book performance optimizations fixed Dialog to add a new mail account from "Account Settings" did not open fixed "Select All" (Ctrl+A) in message source did not work until focused with a mouse click fixed Ctrl+scroll wheel not zooming in message reader fixed Setting/changing a signature from a file lost when closing account settings fixed Adaptive Junk Mail settings could not be disabled fixed Message filter dialog fixes: Missing scrollbar, drop-down list not wide enough fixed Various UX and theme improvements 78.1.1 Changes changed Building OpenPGP shared library linked to system libraries now supported changed MailExtension errors now shown in Developer Tools console by default changed MailExtensions: Dynamic registration of calendar providers now supported Fixesr fixed OpenPGP improvements fixed Message preview was sometimes blank after upgrading from Thunderbird 68 fixed Email addresses whitelisted for remote content not displayed in preferences fixed Importing data from Seamonkey did not work fixed Renaming a mail list did not update the side bar fixed MailExtensions: messenger.* namespace was undefined 78.1.0 What's New new OpenPGP support is now feature complete. Improvements: new Key Wizard, online searching for OpenPGP keys, and more new The preferences tab now has a search field Changes changed Dark background in message reader is now disabled Fixes fixed Thunderbird startup was slow when using folder color customizations with many folders. Previously configured colors will not be migrated. fixed Mail quota usage in status bar did not support terabyte folder sizes fixed Changing Junk mail settings with keyboard toggled wrong setting fixed Advanced IMAP server preferences not saved in Account Manager fixed Address book migration updates and fixes fixed Address book: Last Modified Date was not updated fixed Dark mode improvements fixed Various security fixes Security fixes: #CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker #CVE-2020-6514: WebRTC data channel leaks internal address to peer #CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy #CVE-2020-15653: Bypassing iframe sandbox when allowing popups #CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture #CVE-2020-15656: Type confusion for special arguments in IonMonkey #CVE-2020-15658: Overriding file type when saving to disk #CVE-2020-15657: DLL hijacking due to incorrect loading path #CVE-2020-15654: Custom cursor can overlay user interface #CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1 78.0.1 What's New new OpenPGP: Key revocation, extending key expiration, and secret key backup Fixes fixed Drag & Drop multiple attachments to macOS Finder created duplicate files fixed Faceted search date and relevance settings not saved fixed FileLink attachments included as a link and file when added from a network drive via drag & drop fixed About Thunderbird dialog keyboard shortcuts did not work fixed CC'd recipients sometimes displayed collapsed in header pane fixed Incremental search in contacts sidebar did not always display local results when an LDAP server was also in use fixed Contacts sidebar search results cleared after removing a contact fixed OpenPGP: Messages with long Armor Header lines did not display fixed OpenPGP: Messages containing non-UTF-8 text were not supported fixed Various UI and theming fixes fixed Chat: Participants list did not display operator flags @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @thunderbird: Sync with firefox68 - Re-enable multiprocess mode - Drop hacks for crossprocess semaphores on NetBSD - Drop OSS support - Drop unused gnome option Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: patch-dom_media_CubebUtils.cpp,v 1.3 2019/09/21 10:55:17 ryoon Exp $ d3 1 a3 1 --- dom/media/CubebUtils.cpp.orig 2020-06-02 14:07:52.000000000 +0000 d5 1 a5 1 @@@@ -163,7 +163,7 @@@@ const char kBrandBundleURL[] = "chrome:/ @ 1.3 log @Update to 68.1.0 Changelog: new Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative. fixed Edit tag not working fixed Write window: "Insert > Characters and Symbols" not working fixed Moving/dragging messages from "Search Messages" result dialog not working fixed Command line -compose "attachment=" not working fixed Custom views not working fixed Issues with list of content types/actions for incoming attachments fixed "Learn More" links in Error Console not working fixed Visual glitches: Quick Filter Bar tag buttons too tall, missing scroll bar on Connection Setting subdialog, LDAP server selection after "New", "Edit" and "Delete" fixed Calendar: Parts of CalDAV dialog not working fixed Various security fixes Security fixes: CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message #CVE-2019-11746: Use-after-free while manipulating video #CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML #CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images #CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB #CVE-2019-11743: Cross-origin access to unload event attributes #CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 @ text @d1 1 a1 1 $NetBSD: patch-dom_media_CubebUtils.cpp,v 1.2 2019/02/26 11:32:13 ryoon Exp $ d3 1 a3 1 --- dom/media/CubebUtils.cpp.orig 2019-09-09 23:43:26.000000000 +0000 d10 1 a10 1 + "winmm", "directsound", "sndio", "opensl", "audiotrack", "kai", "oss", "sun"}; @ 1.2 log @Update to 60.5.1 Changelog: 60.5.1 Fixed CalDav access to some servers not working #CVE-2018-18500: Use-after-free parsing HTML5 stream #CVE-2018-18505: Privilege escalation through IPC channel messages #CVE-2016-5824: DoS (use-after-free) via a crafted ics file #CVE-2018-18501: Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5 60.5.0 New FileLink provider WeTransfer to upload large attachments Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user inferface: [+] button to select a file an add, [-] to remove. More search engines: Google and DuckDuckGo available by default in some locales During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol. Fixed Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on Crash when using custom sound for new email notification WebExtension-based dictionaries from addons.mozilla.org not working in Thunderbird Calendar: Printing of calendars not working #CVE-2018-18356: Use-after-free in Skia #CVE-2019-5785: Integer overflow in Skia #CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D #CVE-2018-18509: S/MIME signature spoofing @ text @d1 1 a1 1 $NetBSD: patch-dom_media_CubebUtils.cpp,v 1.1 2018/12/16 08:12:15 ryoon Exp $ d3 1 a3 1 --- dom/media/CubebUtils.cpp.orig 2019-02-13 14:19:37.000000000 +0000 d5 1 a5 1 @@@@ -143,7 +143,7 @@@@ const char kBrandBundleURL[] = "chrome:/ d10 1 a10 1 + "winmm", "directsound", "sndio", "opensl", "audiotrack", "kai", "oss"}; @ 1.1 log @Update to 60.3.3 Changelog: 60.3.3: mitigated Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault that potentially deleted saved passwords and private certificate keys for users using a master password. Version 60.3.3 will prevent the loss of data; affected users who have already upgraded to version 60.3.2 or earlier can restore the deleted key3.db file from backup to complete the migration. fixed Address book search and auto-complete slowness introduced in Thunderbird 60.3.2 Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters While composing a message, a link not removed when link location was removed in the link properties panel 60.3.2: fixed Under some circumstances Thunderbird on Mac will send attachments using the so-called AppleDouble format which can lead to problems with mail servers and recipients Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding. If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead. Body search/filtering didn't reliably ignore content of tags Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons Incorrect display of correspondents column since own email address was not always detected Spurious (encoded newline) inserted into drafts and sent email New email not inserted in correct sort order in threaded unified view or search folder 60.3.1: fixed Double-clicking on a word in the Write window sometimes launched the Advanced Property Editor or Link Properties dialog Cookie removal (not working since Thunderbird version 52) "Download rest of message" not working if global inbox was used Encoding problems for users (especially in Poland) when a file was sent via a folder using "Sent to > Mail recipient" due to a problem in the Thunderbird MAPI interface According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters are encoded using UTF-8 which can lead to problems with non-compliant providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS authentication methods are now using a Latin-1 encoding again to work around this issue. Shutdown crash/hang after entering an empty IMAP password 60.3.0: fixed Various Theme fixes where incorrect colors, backgrounds, etc. were displayed Add-on Options menu not working on Mac Shift+PageUp/PageDown in Write window Saving content of Write windows didn't overwrite existing file Issues related to "Edit Template" command Gloda attachment filtering Mailing list address auto-complete enter/return handling Thunderbird hung if HTML signature references non-existent image Filters not working for headers that appear more than once Various security fixes Secirity fixes: #CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin #CVE-2018-12392: Crash with nested event loops #CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript #CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3 #CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3 60.2.1: Changed Calendar: Default values for the first day of the week and working days are now derived from the selected datetime formatting locale (restart after changing locale in the OS required) Calendar: Switch to a Photon-style icon set for all platforms Multiple requests for master password when Google Mail or Calendar OAuth2 is enabled Scrollbar of the address entry auto-complete popup does not work Security info dialog in compose window does not show certificate status Links in the Add-on Manager's search results and theme browsing tabs open in external browser Localized versions of Thunderbird didn't show a localized name for the "Drafts" and "Sent" folders for certain IMAP providers (particularly in France) Replying to a message with an empty subject inserted Re: twice (not working in Thunderbird 60.0) Spellcheck marks disappeared erroneously for words with an apostrophe (not working in Thunderbird 60.0) Calendar: First day of the week cannot be set Calendar: Several fixes related to cutting/deleting of events and email scheduling Various security fixes Security fixes: #CVE-2018-12377: Use-after-free in refresh driver timers #CVE-2018-12378: Use-after-free in IndexedDB #CVE-2018-12379: Out-of-bounds write with malicious MAR file #CVE-2017-16541: Proxy bypass using automount and autofs #CVE-2018-12385: Crash in TransportSecurityInfo due to cached data #CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords #CVE-2018-12376: Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1 60.0: new When writing a message, a delete button now allows the removal of a recipient. This delete button is displayed when hovering the To/Cc/Bcc selector. Many improvements to attachments handling during compose: Attachments can now be reordered using a dialog, keyboard shortcuts, or drag and drop. The "Attach" button moved to the right to be above the attachment pane. The access key of the attachment pane (e.g. Alt+M, may vary depending on localization, Ctrl+M on Mac) now also works to show or hide the pane. The attachment pane can also be shown initially when composing a new message. Right-click on the header to enable this option. Hiding a non-empty attachment pane will now show a placeholder paperclip to indicate the presence of attachments and avoid sending them accidentally. "Edit Template" command. This also solves various problems when saving as template (duplicates created, message ID lost). "New Message from Template" command Allow changing the Spellcheck Language from status bar Light and Dark themes WebExtension themes are now enabled in Thunderbird A default startup directory in the address book window can now be configured Individual feed update interval An option under "Tools > Options, Advanced, General" now allows to select whether date/time display will follow the application locale (adjusted by operating system's format settings for that locale) or the locale selected in the operating system's regional settings. In other words, an US English Thunderbird can use, for example, German formats. OAuth2 authentication for Yahoo and AOL FIDO U2F support Thunderbird now allows the conversion of folders from mbox to maildir format and vice versa. This is an experimental feature that needs to be enabled by setting the preference mail.store_conversion_enabled. Note that this functionality does not not work if the option "Allow Windows Search/Spotlight to search messages" is selected. Calendar: Allow copying, cutting or deleting of a selected occurrence or the entire series for recurring events Calendar: Provide an option to display locations for events in calendar day and week views Calendar: Provide the ability for sending/not sending meeting notifications directly instead of showing a popup Calendar: Option to select the target calendar when pasting an event or task Calendar: Allow email scheduling for CalDAV servers supporting server-side scheduling Thunderbird Chat now contains multiple built-in message themes changed IMPORTANT: Add-ons not marked as compatible with Thunderbird 60 by their authors will be disabled (this can be reverted via preference extensions.strictCompatibility) IMAP: When after sending a message storing that sent message fails, the message can now be stored in a local folder Add-on options can no longer be configured from the Add-on Manager page. A new menu item "Add-on Options" is now available on the Tools menu. When messages are composed in paragraph format, "body text" and split mail quotes are converted to paragraphs when pressing the enter key "Edit As New Message" will now use the account's default compose format, either HTML or plain text ignoring the format of the message. Plain text messages will be converted to HTML and vice versa. Then using the modifier, the format choice will be reverted. The "Edit Draft" command now also honors the use of the shift key to convert HTML to plain text or vice versa when editing a draft The plain text to HTML conversion has been improved where such a conversion is necessary for "Edit As New Message" or when the shift modifier is used for "Edit Draft" or "New Message from Template". During address entry, the matching part of the address is now shown in bold. Preference mail.autoComplete.commentColumn allows to display the address book where the address is stored. When attaching a message via drag and drop, the subject of the message is now used as attachment name instead of "Attached Message" Better address book photo handling: Photos can be added by drag and drop and a copy of all photos will be stored in the Thunderbird profile On first start, Thunderbird now shows the account setup dialog, no longer the account provisioner dialog Thunderbird follows Firefox' Photon design with rectangular tabs and many other theme improvements When customizing the From: address, Thunderbird will now use this address for the SMTP "MAIL FROM" command. Previously the address configured in the identity was used. The preference mail.smtp.useSenderForSmtpMailFrom allows return to the previous behavior. Native notifications on Linux are now re-enabled Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy now supported) Thunderbird now uses the latest Rust-based Mozilla technology, including Quantum's CSS engine (based on Servo) and encoding_rs, for displaying and encoding messages All certificates issued by Symantec roots before 2016-06-01 are distrusted for use in TLS secured traffic in Thunderbird 60 and above. This applies to all brands Symantec operated: Thawte, RapidSSL, GeoTrust, Verisign, and Symantec. For usage in S/MIME the certificates remain valid. Details here. Calendar: Removal of capability to send email invitations compatible to Outlook 2002 and earlier Calendar: Reminders on read-only calendars can now be dismissed, while reminders for missed events will now only be displayed for writable calendars if option "Show missed reminders for writable calendars" is selected Thunderbird Chat: Nicknames inside of messages are colored to match the participants list fixed When many Thunderbird clients or other email clients accessed the same IMAP draft folder, messages were sometimes sent with the wrong identity. This has been corrected and the user will be notified if none of their identities matches the draft. Various problems related to handling the IMAP trash folder: Under certain circumstances the selection of the trash folder didn't persist, for example when the name contained non-ASCII characters, or in localized versions of Thunderbird. At times unwanted adtext menu behavior Better error handling for Gmail authentication to avoid re-downloading of folders Thunderbird used a stale cached password after user edited a saved password Calendar: Wrong time formatting for some time zones Calendar: Can't copy information from event dialog for received invitations Various security fixes Security fixes: #CVE-2018-12359: Buffer overflow using computed size of canvas element #CVE-2018-12360: Use-after-free when using focus() #CVE-2018-12361: Integer overflow in SwizzleData #CVE-2018-12362: Integer overflow in SSSE3 scaler #CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture #CVE-2018-12363: Use-after-free when appending DOM nodes #CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins #CVE-2018-12365: Compromised IPC child process can list local filenames #CVE-2018-12371: Integer overflow in Skia library during edge builder allocation #CVE-2018-12366: Invalid data handling during QCMS transformations #CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming #CVE-2018-12368: No warning when opening executable SettingContent-ms files #CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60 #CVE-2018-5188: Memory sa60 @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- dom/media/CubebUtils.cpp.orig 2018-12-04 23:11:46.000000000 +0000 d5 6 a10 8 @@@@ -152,7 +152,8 @@@@ const char* AUDIOSTREAM_BACKEND_ID_STR[] "sndio", "opensl", "audiotrack", - "kai" + "kai", + "oss", }; d13 1 @