head 1.4; access; symbols pkgsrc-2018Q3:1.3.0.22 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.20 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.18 pkgsrc-2018Q1-base:1.3 pkgsrc-2017Q4:1.3.0.16 pkgsrc-2017Q4-base:1.3 pkgsrc-2017Q3:1.3.0.14 pkgsrc-2017Q3-base:1.3 pkgsrc-2017Q2:1.3.0.10 pkgsrc-2017Q2-base:1.3 pkgsrc-2017Q1:1.3.0.8 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.6 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.4 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.2 pkgsrc-2016Q2-base:1.3 pkgsrc-2013Q2:1.2.0.4 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.2 pkgsrc-2012Q4-base:1.2; locks; strict; comment @// @; 1.4 date 2018.12.16.08.12.16; author ryoon; state dead; branches; next 1.3; commitid hnaZYEy5PtyMXZ3B; 1.3 date 2016.04.17.18.33.50; author ryoon; state Exp; branches; next 1.2; commitid IRmqpxXR05Y7G03z; 1.2 date 2012.03.15.08.52.34; author ryoon; state dead; branches; next 1.1; 1.1 date 2012.03.10.11.42.39; author ryoon; state Exp; branches; next ; desc @@ 1.4 log @Update to 60.3.3 Changelog: 60.3.3: mitigated Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault that potentially deleted saved passwords and private certificate keys for users using a master password. Version 60.3.3 will prevent the loss of data; affected users who have already upgraded to version 60.3.2 or earlier can restore the deleted key3.db file from backup to complete the migration. fixed Address book search and auto-complete slowness introduced in Thunderbird 60.3.2 Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters While composing a message, a link not removed when link location was removed in the link properties panel 60.3.2: fixed Under some circumstances Thunderbird on Mac will send attachments using the so-called AppleDouble format which can lead to problems with mail servers and recipients Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding. If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead. Body search/filtering didn't reliably ignore content of tags Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons Incorrect display of correspondents column since own email address was not always detected Spurious (encoded newline) inserted into drafts and sent email New email not inserted in correct sort order in threaded unified view or search folder 60.3.1: fixed Double-clicking on a word in the Write window sometimes launched the Advanced Property Editor or Link Properties dialog Cookie removal (not working since Thunderbird version 52) "Download rest of message" not working if global inbox was used Encoding problems for users (especially in Poland) when a file was sent via a folder using "Sent to > Mail recipient" due to a problem in the Thunderbird MAPI interface According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters are encoded using UTF-8 which can lead to problems with non-compliant providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS authentication methods are now using a Latin-1 encoding again to work around this issue. Shutdown crash/hang after entering an empty IMAP password 60.3.0: fixed Various Theme fixes where incorrect colors, backgrounds, etc. were displayed Add-on Options menu not working on Mac Shift+PageUp/PageDown in Write window Saving content of Write windows didn't overwrite existing file Issues related to "Edit Template" command Gloda attachment filtering Mailing list address auto-complete enter/return handling Thunderbird hung if HTML signature references non-existent image Filters not working for headers that appear more than once Various security fixes Secirity fixes: #CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin #CVE-2018-12392: Crash with nested event loops #CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript #CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3 #CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3 60.2.1: Changed Calendar: Default values for the first day of the week and working days are now derived from the selected datetime formatting locale (restart after changing locale in the OS required) Calendar: Switch to a Photon-style icon set for all platforms Multiple requests for master password when Google Mail or Calendar OAuth2 is enabled Scrollbar of the address entry auto-complete popup does not work Security info dialog in compose window does not show certificate status Links in the Add-on Manager's search results and theme browsing tabs open in external browser Localized versions of Thunderbird didn't show a localized name for the "Drafts" and "Sent" folders for certain IMAP providers (particularly in France) Replying to a message with an empty subject inserted Re: twice (not working in Thunderbird 60.0) Spellcheck marks disappeared erroneously for words with an apostrophe (not working in Thunderbird 60.0) Calendar: First day of the week cannot be set Calendar: Several fixes related to cutting/deleting of events and email scheduling Various security fixes Security fixes: #CVE-2018-12377: Use-after-free in refresh driver timers #CVE-2018-12378: Use-after-free in IndexedDB #CVE-2018-12379: Out-of-bounds write with malicious MAR file #CVE-2017-16541: Proxy bypass using automount and autofs #CVE-2018-12385: Crash in TransportSecurityInfo due to cached data #CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords #CVE-2018-12376: Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1 60.0: new When writing a message, a delete button now allows the removal of a recipient. This delete button is displayed when hovering the To/Cc/Bcc selector. Many improvements to attachments handling during compose: Attachments can now be reordered using a dialog, keyboard shortcuts, or drag and drop. The "Attach" button moved to the right to be above the attachment pane. The access key of the attachment pane (e.g. Alt+M, may vary depending on localization, Ctrl+M on Mac) now also works to show or hide the pane. The attachment pane can also be shown initially when composing a new message. Right-click on the header to enable this option. Hiding a non-empty attachment pane will now show a placeholder paperclip to indicate the presence of attachments and avoid sending them accidentally. "Edit Template" command. This also solves various problems when saving as template (duplicates created, message ID lost). "New Message from Template" command Allow changing the Spellcheck Language from status bar Light and Dark themes WebExtension themes are now enabled in Thunderbird A default startup directory in the address book window can now be configured Individual feed update interval An option under "Tools > Options, Advanced, General" now allows to select whether date/time display will follow the application locale (adjusted by operating system's format settings for that locale) or the locale selected in the operating system's regional settings. In other words, an US English Thunderbird can use, for example, German formats. OAuth2 authentication for Yahoo and AOL FIDO U2F support Thunderbird now allows the conversion of folders from mbox to maildir format and vice versa. This is an experimental feature that needs to be enabled by setting the preference mail.store_conversion_enabled. Note that this functionality does not not work if the option "Allow Windows Search/Spotlight to search messages" is selected. Calendar: Allow copying, cutting or deleting of a selected occurrence or the entire series for recurring events Calendar: Provide an option to display locations for events in calendar day and week views Calendar: Provide the ability for sending/not sending meeting notifications directly instead of showing a popup Calendar: Option to select the target calendar when pasting an event or task Calendar: Allow email scheduling for CalDAV servers supporting server-side scheduling Thunderbird Chat now contains multiple built-in message themes changed IMPORTANT: Add-ons not marked as compatible with Thunderbird 60 by their authors will be disabled (this can be reverted via preference extensions.strictCompatibility) IMAP: When after sending a message storing that sent message fails, the message can now be stored in a local folder Add-on options can no longer be configured from the Add-on Manager page. A new menu item "Add-on Options" is now available on the Tools menu. When messages are composed in paragraph format, "body text" and split mail quotes are converted to paragraphs when pressing the enter key "Edit As New Message" will now use the account's default compose format, either HTML or plain text ignoring the format of the message. Plain text messages will be converted to HTML and vice versa. Then using the modifier, the format choice will be reverted. The "Edit Draft" command now also honors the use of the shift key to convert HTML to plain text or vice versa when editing a draft The plain text to HTML conversion has been improved where such a conversion is necessary for "Edit As New Message" or when the shift modifier is used for "Edit Draft" or "New Message from Template". During address entry, the matching part of the address is now shown in bold. Preference mail.autoComplete.commentColumn allows to display the address book where the address is stored. When attaching a message via drag and drop, the subject of the message is now used as attachment name instead of "Attached Message" Better address book photo handling: Photos can be added by drag and drop and a copy of all photos will be stored in the Thunderbird profile On first start, Thunderbird now shows the account setup dialog, no longer the account provisioner dialog Thunderbird follows Firefox' Photon design with rectangular tabs and many other theme improvements When customizing the From: address, Thunderbird will now use this address for the SMTP "MAIL FROM" command. Previously the address configured in the identity was used. The preference mail.smtp.useSenderForSmtpMailFrom allows return to the previous behavior. Native notifications on Linux are now re-enabled Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy now supported) Thunderbird now uses the latest Rust-based Mozilla technology, including Quantum's CSS engine (based on Servo) and encoding_rs, for displaying and encoding messages All certificates issued by Symantec roots before 2016-06-01 are distrusted for use in TLS secured traffic in Thunderbird 60 and above. This applies to all brands Symantec operated: Thawte, RapidSSL, GeoTrust, Verisign, and Symantec. For usage in S/MIME the certificates remain valid. Details here. Calendar: Removal of capability to send email invitations compatible to Outlook 2002 and earlier Calendar: Reminders on read-only calendars can now be dismissed, while reminders for missed events will now only be displayed for writable calendars if option "Show missed reminders for writable calendars" is selected Thunderbird Chat: Nicknames inside of messages are colored to match the participants list fixed When many Thunderbird clients or other email clients accessed the same IMAP draft folder, messages were sometimes sent with the wrong identity. This has been corrected and the user will be notified if none of their identities matches the draft. Various problems related to handling the IMAP trash folder: Under certain circumstances the selection of the trash folder didn't persist, for example when the name contained non-ASCII characters, or in localized versions of Thunderbird. At times unwanted adtext menu behavior Better error handling for Gmail authentication to avoid re-downloading of folders Thunderbird used a stale cached password after user edited a saved password Calendar: Wrong time formatting for some time zones Calendar: Can't copy information from event dialog for received invitations Various security fixes Security fixes: #CVE-2018-12359: Buffer overflow using computed size of canvas element #CVE-2018-12360: Use-after-free when using focus() #CVE-2018-12361: Integer overflow in SwizzleData #CVE-2018-12362: Integer overflow in SSSE3 scaler #CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture #CVE-2018-12363: Use-after-free when appending DOM nodes #CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins #CVE-2018-12365: Compromised IPC child process can list local filenames #CVE-2018-12371: Integer overflow in Skia library during edge builder allocation #CVE-2018-12366: Invalid data handling during QCMS transformations #CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming #CVE-2018-12368: No warning when opening executable SettingContent-ms files #CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60 #CVE-2018-5188: Memory sa60 @ text @$NetBSD: patch-mozilla_ipc_glue_GeckoChildProcessHost.cpp,v 1.3 2016/04/17 18:33:50 ryoon Exp $ --- mozilla/ipc/glue/GeckoChildProcessHost.cpp.orig 2016-04-07 21:33:19.000000000 +0000 +++ mozilla/ipc/glue/GeckoChildProcessHost.cpp @@@@ -4,7 +4,13 @@@@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#if defined(__NetBSD__) +_Pragma("GCC visibility push(default)") +#endif #include "GeckoChildProcessHost.h" +#if defined(__NetBSD__) +_Pragma("GCC visibility pop") +#endif #include "base/command_line.h" #include "base/string_util.h" @@@@ -633,7 +639,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc // and passing wstrings from one config to the other is unsafe. So // we split the logic here. -#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) +#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) || defined(OS_SOLARIS) base::environment_map newEnvVars; ChildPrivileges privs = mPrivileges; if (privs == base::PRIVILEGES_DEFAULT) { @@@@ -759,7 +765,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc childArgv.push_back(pidstring); #if defined(MOZ_CRASHREPORTER) -# if defined(OS_LINUX) || defined(OS_BSD) +# if defined(OS_LINUX) || defined(OS_BSD) || defined(OS_SOLARIS) int childCrashFd, childCrashRemapFd; if (!CrashReporter::CreateNotificationPipeForChild( &childCrashFd, &childCrashRemapFd)) @@@@ -792,7 +798,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc childArgv.push_back(childProcessType); base::LaunchApp(childArgv, mFileMap, -#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) +#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) || defined(OS_SOLARIS) newEnvVars, privs, #endif false, &process, arch); @ 1.3 log @Update to 45.0 * Regen patch names Changelog: New Add a Correspondents column combining Sender and Recipient New Much better support for XMPP chatrooms and commands. New Remote content exceptions: Improved options to add exceptions. New Implement option to always use HTML formatting to prevent unexpected format loss when converting messages to plain text. New Use OpenStreetmap for maps (even allow the user to choose from list of map services) New Allow spell checking and dictionary selection in the subject line New Add dropdown in compose to allow specific setting of font size. New Return/Enter in composer will now insert a new paragraph by default (shift-Enter will insert a line break) New Mail.ru supports OAuth authentication. New Allow copying of name and email address from the message header of an email New Allow editing of From when composing a message. Fixed Fixed: When sending e-mail which was composed using Chinese, Japanese or Korean characters, unwanted extra spaces were inserted within the text. Fixed Spell checker checked spelling in invisible HTML parts of the message. Fixed When saving a draft that is edited as new message, original draft was overwritten. Fixed External images not displayed in reply/forward Fixed Properly preserve pre-formatted blocks in message replies. Fixed Crashed in some cases while parsing IMAP messages. Fixed Copy/paste from a plain text editor lost white-space (multiple spaces/blanks, tabs, newlines) Fixed "Open Draft"/"Forward"/"Edit As New"/"Reply" created message composition with incorrect character encoding. Fixed Fixed: Grouped By view sort direction change was broken, plus enabled custom column grouping. Fixed Fixed: New emails into a mailbox did not adhere to sort order by received. Fixed Fixed: Box.com attachments failed to upload. Fixed Fixed: Drag and drop of multiple attachments failed to OS file folder. Fixed XMPP had connection problems for users with large rosters Security bugs: Fixed in Thunderbird 45 2016-37 Font vulnerabilities in the Graphite 2 library 2016-36 Use-after-free during processing of DER encoded keys in NSS 2016-35 Buffer overflow during ASN.1 decoding in NSS 2016-34 Out-of-bounds read in HTML parser following a failed allocation 2016-27 Use-after-free during XML transformations 2016-24 Use-after-free in SetBody 2016-23 Use-after-free in HTML5 string parser 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing 2016-19 Linux video memory DOS with Intel drivers 2016-18 CSP reports fail to strip location information for embedded iframe pages 2016-17 Local file overwriting and potential privilege escalation through CSP reports 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update to 11.0 * enigmail source is not provided for this version now. * Switch to xulrunner 11 branch * Fix security bugs * Improve stability * Many bug fixes @ text @d1 1 a1 1 $NetBSD: patch-mozilla_ipc_glue_GeckoChildProcessHost.cpp,v 1.1 2012/03/10 11:42:39 ryoon Exp $ d3 1 a3 1 --- mozilla/ipc/glue/GeckoChildProcessHost.cpp.orig 2012-02-16 10:25:01.000000000 +0000 d5 15 a19 1 @@@@ -430,7 +430,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d23 2 a24 2 -#if defined(OS_LINUX) || defined(OS_MACOSX) +#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) d26 3 a28 14 // XPCOM may not be initialized in some subprocesses. We don't want // to initialize XPCOM just for the directory service, especially @@@@ -445,8 +445,8 @@@@ GeckoChildProcessHost::PerformAsyncLaunc if (NS_SUCCEEDED(rv)) { nsCString path; greDir->GetNativePath(path); -# ifdef OS_LINUX -# ifdef ANDROID +# if defined(OS_LINUX) || defined(OS_BSD) +# if defined(ANDROID) || defined(OS_BSD) path += "/lib"; # endif // ANDROID const char *ld_library_path = PR_GetEnv("LD_LIBRARY_PATH"); @@@@ -557,7 +557,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d32 2 a33 2 -# if defined(OS_LINUX) +# if defined(OS_LINUX) || defined(OS_BSD) d37 2 a38 2 @@@@ -594,7 +594,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc #endif d41 3 a43 3 -#if defined(OS_LINUX) || defined(OS_MACOSX) +#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) newEnvVars, @ 1.1 log @Update to 10.0.2 * Add new features. * Fix security bugs * See http://www.mozilla.org/en-US/thunderbird/10.0/releasenotes/ @ text @d1 1 a1 1 $NetBSD$ @