head 1.14; access; symbols pkgsrc-2026Q1:1.14.0.4 pkgsrc-2026Q1-base:1.14 pkgsrc-2025Q4:1.14.0.2 pkgsrc-2025Q4-base:1.14 pkgsrc-2025Q3:1.13.0.4 pkgsrc-2025Q3-base:1.13 pkgsrc-2025Q2:1.13.0.2 pkgsrc-2025Q2-base:1.13 pkgsrc-2025Q1:1.12.0.4 pkgsrc-2025Q1-base:1.12 pkgsrc-2024Q4:1.12.0.2 pkgsrc-2024Q4-base:1.12 pkgsrc-2024Q3:1.11.0.14 pkgsrc-2024Q3-base:1.11 pkgsrc-2024Q2:1.11.0.12 pkgsrc-2024Q2-base:1.11 pkgsrc-2024Q1:1.11.0.10 pkgsrc-2024Q1-base:1.11 pkgsrc-2023Q4:1.11.0.8 pkgsrc-2023Q4-base:1.11 pkgsrc-2023Q3:1.11.0.6 pkgsrc-2023Q3-base:1.11 pkgsrc-2023Q2:1.11.0.4 pkgsrc-2023Q2-base:1.11 pkgsrc-2023Q1:1.11.0.2 pkgsrc-2023Q1-base:1.11 pkgsrc-2022Q4:1.10.0.20 pkgsrc-2022Q4-base:1.10 pkgsrc-2022Q3:1.10.0.18 pkgsrc-2022Q3-base:1.10 pkgsrc-2022Q2:1.10.0.16 pkgsrc-2022Q2-base:1.10 pkgsrc-2022Q1:1.10.0.14 pkgsrc-2022Q1-base:1.10 pkgsrc-2021Q4:1.10.0.12 pkgsrc-2021Q4-base:1.10 pkgsrc-2021Q3:1.10.0.10 pkgsrc-2021Q3-base:1.10 pkgsrc-2021Q2:1.10.0.8 pkgsrc-2021Q2-base:1.10 pkgsrc-2021Q1:1.10.0.6 pkgsrc-2021Q1-base:1.10 pkgsrc-2020Q4:1.10.0.4 pkgsrc-2020Q4-base:1.10 pkgsrc-2020Q3:1.10.0.2 pkgsrc-2020Q3-base:1.10 pkgsrc-2020Q2:1.9.0.14 pkgsrc-2020Q2-base:1.9 pkgsrc-2020Q1:1.9.0.10 pkgsrc-2020Q1-base:1.9 pkgsrc-2019Q4:1.9.0.12 pkgsrc-2019Q4-base:1.9 pkgsrc-2019Q3:1.9.0.8 pkgsrc-2019Q3-base:1.9 pkgsrc-2019Q2:1.9.0.6 pkgsrc-2019Q2-base:1.9 pkgsrc-2019Q1:1.9.0.4 pkgsrc-2019Q1-base:1.9 pkgsrc-2018Q4:1.9.0.2 pkgsrc-2018Q4-base:1.9 pkgsrc-2016Q1:1.7.0.6 pkgsrc-2016Q1-base:1.7 pkgsrc-2015Q4:1.7.0.4 pkgsrc-2015Q4-base:1.7 pkgsrc-2015Q3:1.7.0.2 pkgsrc-2015Q3-base:1.7 pkgsrc-2015Q2:1.6.0.8 pkgsrc-2015Q2-base:1.6 pkgsrc-2015Q1:1.6.0.6 pkgsrc-2015Q1-base:1.6 pkgsrc-2014Q4:1.6.0.4 pkgsrc-2014Q4-base:1.6 pkgsrc-2014Q3:1.6.0.2 pkgsrc-2014Q3-base:1.6 pkgsrc-2014Q2:1.5.0.6 pkgsrc-2014Q2-base:1.5 pkgsrc-2014Q1:1.5.0.4 pkgsrc-2014Q1-base:1.5 pkgsrc-2013Q4:1.5.0.2 pkgsrc-2013Q4-base:1.5 pkgsrc-2013Q3:1.4.0.8 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.4.0.6 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.4.0.4 pkgsrc-2013Q1-base:1.4 pkgsrc-2012Q4:1.4.0.2 pkgsrc-2012Q4-base:1.4 pkgsrc-2012Q3:1.3.0.2 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.2.0.2 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.1.0.2 pkgsrc-2012Q1-base:1.1; locks; strict; comment @// @; 1.14 date 2025.11.04.17.24.34; author ryoon; state Exp; branches; next 1.13; commitid bvM6vPvo61R7bghG; 1.13 date 2025.04.30.03.47.13; author ryoon; state Exp; branches; next 1.12; commitid o9LB8XmlM6d8H1TF; 1.12 date 2024.10.01.15.01.28; author ryoon; state Exp; branches; next 1.11; commitid Da1pbOxC39OcdYrF; 1.11 date 2023.02.05.09.05.29; author he; state Exp; branches; next 1.10; commitid g3Fsz7kGhhAFEjcE; 1.10 date 2020.09.03.15.26.22; author ryoon; state Exp; branches; next 1.9; commitid IUnmboLLH6P9dCmC; 1.9 date 2018.12.16.08.12.15; author ryoon; state Exp; branches; next 1.8; commitid hnaZYEy5PtyMXZ3B; 1.8 date 2016.04.17.18.33.50; author ryoon; state dead; branches; next 1.7; commitid IRmqpxXR05Y7G03z; 1.7 date 2015.07.09.15.17.34; author ryoon; state Exp; branches; next 1.6; commitid uOBMkh3qU83NGCsy; 1.6 date 2014.07.27.20.04.59; author ryoon; state Exp; branches; next 1.5; commitid HLv3K9i3bzvVq3Kx; 1.5 date 2013.11.12.20.50.51; author ryoon; state Exp; branches; next 1.4; commitid StqDqt98qrcNW1dx; 1.4 date 2012.11.23.07.17.54; author ryoon; state Exp; branches; next 1.3; 1.3 date 2012.09.02.06.43.40; author ryoon; state Exp; branches; next 1.2; 1.2 date 2012.04.28.16.56.58; author ryoon; state Exp; branches; next 1.1; 1.1 date 2012.03.15.08.52.34; author ryoon; state Exp; branches; next ; desc @@ 1.14 log @mail/thunderbird: Update to 144.0.1 Changelog: 144.0.1: fixed Message compose window was removed from Task Bar after saving as draft or template 144.0: changed Flatpak runtime has been updated to Freedesktop SDK 24.08 fixed Copying text from some error alerts was not possible fixed Fastmail CalDAV app password access failed due to forced OAuth regression fixed Delete key failed to prevent deleting attachments in OpenPGP messages fixed Newly created folder was missing under "Recent" when moving a message fixed Sender avatar displayed incorrectly for 'Name' via address sender format fixed Sorting by threads only brought threads with unread top messages to the top fixed News message marked read after NNTP error prevented retrieval from server fixed Inbox 'Location' column was not translated in French locale installation fixed Not all headers were signed when creating digitally signed OpenPGP email fixed Users could not read mail signed with OpenPGP v6 and PQC keys fixed Testing a configured personal S/MIME certificate for a sub-identity did not work fixed Testing an S/MIME certificate did not work for an old invalid certificate fixed Changing identity in compose window caused modified draft not to be saved fixed Shift-click 'Compose Message To' on 'mailto' link did not open in plain text fixed Image preview in Insert Image dialog failed with CSP error for web resources fixed Thunderbird could crash in various scenarios fixed 'Copy Message to' action in a newsgroup filter did not work fixed Thunderbird could not import profile located at the top level of zip file fixed Thunderbird did not clearly fail when importing profile from a bad source fixed No way to distinguish between Thunderbird Release/ESR in Windows registry fixed Multi-attachment delete/detach confirmation only cited first attachment fixed Thunderbird hung when auto-checking multiple accounts for new messages fixed Reply All button was missing when using a Microsoft Exchange account fixed Sending emails via servers with self-signed certificate did not work fixed Task reminders could fail for tasks without end dates or with shifted due dates fixed Could not copy an event in multiweek or month view by drag-and-drop fixed Calendar discovery with certificate error displayed multiple exceptions fixed Visual and UX improvements fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-84 #CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() #CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures #CVE-2025-11710: Cross-process information leaked due to malicious IPC messages #CVE-2025-11711: Some non-writable Object properties could be modified #CVE-2025-11716: Sandboxed iframes allowed links to open in external apps (Android only) #CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type #CVE-2025-11713: Potential user-assisted code execution in ??Copy as cURL?? command #CVE-2025-11719: Use-after-free caused by the native messaging web extension API on Windows #CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 #CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 #CVE-2025-11721: Memory safety bug fixed in Firefox 144 and Thunderbird 144 @ text @$NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.13 2025/04/30 03:47:13 ryoon Exp $ * Fix NetBSD linking --- ipc/glue/GeckoChildProcessHost.cpp.orig 2023-08-17 21:21:29.000000000 +0000 +++ ipc/glue/GeckoChildProcessHost.cpp @@@@ -4,7 +4,13 @@@@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#if defined(__NetBSD__) +_Pragma("GCC visibility push(default)") +#endif #include "GeckoChildProcessHost.h" +#if defined(__NetBSD__) +_Pragma("GCC visibility pop") +#endif #include "base/command_line.h" #include "base/process.h" @ 1.13 log @mail/thunderbird: Update to 137.0.2 Changelog: 137.0.2: What's Fixed fixed Thunderbird could crash on startup when creating Linux system tray icon fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-26 #CVE-2025-3522: Leak of hashed Window credentials via crafted attachment URL #CVE-2025-2830: Information Disclosure of /tmp directory listing #CVE-2025-3523: User Interface (UI) Misrepresentation of attachment URL 137.0.1: What's Fixed fixed Added delay to built-in notifications when new profile is created in offline mode 137.0: What's Changed changed File names are now used when storing mail folders (Windows only). changed Disable Linux system tray icon until it gains functionality What's Fixed fixed In-app notifications did not display correctly in high contrast mode. fixed Repair folder did not fix mbox files produced on MacOS before Thunderbird 1.0. fixed Edit menu entries missing when group header selected in "Grouped by sort" view. fixed IMAP folder "Undelete" performed "Delete" when mixed messages were selected. fixed In RSS feeds, the space bar did not scroll the message like it did in emails. fixed Slow performance opening an .eml file in a profile with many folders. fixed Threaded search view was not updated correctly when sorted by date received. fixed Line spacing changed unexpectedly in the message list with the default font size. fixed Saved message list selection was discarded when user made a new selection. fixed Replying from local or unified folders failed when the message pane was hidden. fixed Message security panel strings were used in the wrong places. fixed Importing an OpenPGP public key with whitespace failed. fixed Unable to open attached signed OpenPGP .eml message. fixed Right-clicking "Decrypt and Save As..." on an attachment file failed. fixed Searching during shutdown could cause crash. fixed Failed news message sending could close the compose window unexpectedly. fixed Having a corrupt address book database prevented sending mail. fixed Forwarding messages as attachments could use the wrong MIME type. fixed Two-factor auth via text or email did not work with Office 365 using Oauth2. fixed Account settings menu could be loaded twice. fixed No gap existed between Back and Forward buttons in the Feed Account Wizard dialog. fixed Thunderbird could crash when importing mail fixed Unable to auto-discover Address Book on Radicale server. fixed Mark-Of-The-Web was not applied to attachments saved via drag and drop. fixed Some messages could not be scrolled due to hidden overflows in inline styles. fixed Clicking a 'mid:' link could clear the thread pane and cause errors. fixed Performance regressed when moving/copying messages on Windows. fixed Automatic compact did not attempt to compact all folders when error encountered. fixed Slow performance when moving bulk messages from IMAP to local. fixed Crossposting news article was not possible if newsgroups on different servers. fixed IRC channel was not visible after restart. fixed Unable to view full certificate chain from the "View Signature" button. fixed Visual and UX improvements fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-23 #CVE-2025-3028: Use-after-free triggered by XSLTProcessor #CVE-2025-3031: JIT optimization bug with different stack slot sizes #CVE-2025-3032: Leaking file descriptors from the fork server #CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters #CVE-2025-3033: Opening local .url files could lead to another file being opened #CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 #CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137 136.0.1: What's Fixed fixed Thunderbird could crash during shutdown if a search was still active fixed Failed news message send could close the compose window unexpectedly 136.0: What's New new Messages are automatically adapted to dark mode with a quick toggle in the header. new New "Appearance" Settings UI to globally control message threading/sorting order. What's Changed changed Criteria for closing idle message databases. What's Fixed fixed Thunderbird Release channel was not displayed in "About Thunderbird". fixed Crash could occur when shutting down during MAPI send. fixed The error message for compacting a corrupted local folder was not useful. fixed Deleting or detaching attachments in a saved .eml file appeared to work but failed. fixed On HiDPI screens, clicking addresses in the header could show popup off-screen. fixed Opening an .EML file in profiles with many folders could take a long time. fixed Some messages may have been threaded incorrectly in unified folders. fixed Unified folders could become unusable instead of being automatically rebuilt. fixed Folders at level 3+ were not auto-discovered when IMAP subscriptions were ignored. fixed New subfolder did not inherit parent view, sort order, sort type, or columns. fixed With "Fetch headers only" enabled, messages could not be sorted by size. fixed Selecting starred messages did not update immediately. fixed Marking a unified folder as favorite did not show it in favorite folders. fixed Users with many folders experienced poor performance when resizing message panes. fixed The UI could falsely report a message as encrypted when a null cipher was used. fixed Search messages dialog list could not be sorted by clicking the header icon. fixed Sending to multiple SMTPs could fail silently due to missing address book. fixed "Replace" button in compose window was overwritten when the window was narrow. fixed Changing the UI font size did not apply to some dialogs. fixed Deleted Gmail messages stayed visible until compact/expunge, despite settings. fixed Export to mobile did not work when "Use default server" was selected. fixed Account settings menu could be loaded twice. fixed Account Settings updated font size were not reflected in the content frame. fixed Add-ons: Context menu entries were incorrectly aligned. fixed Middle-click autoscroll cursor appeared without arrows instead of expected design. fixed Some functionality was missing for newsgroup messages opened from a file or URI. fixed Notifications for new mail were not showing for IMAP. fixed Message and folder lists could display incorrect line spacing after restart. fixed Clicking a 'mid:' link could clear the thread pane and cause errors. fixed Release channel incorrectly showed What's New page after update. fixed "Save Link As" was not working in feed web content. fixed Sort indicators were missing on the calendar events list. fixed Visual and UX improvements fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-17 #CVE-2025-26696: Crafted email message incorrectly shown as being encrypted #CVE-2025-26695: Downloading of OpenPGP keys from WKD used incorrect padding #CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process #CVE-2025-1931: Use-after-free in WebTransportChild #CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access #CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs #CVE-2025-1934: Unexpected GC during RegExp bailout processing #CVE-2025-1942: Disclosure of uninitialized memory when .toUpperCase() causes string to get longer #CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar #CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents #CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 #CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 #CVE-2025-1943: Memory safety bugs fixed in Firefox 136 and Thunderbird 136 @ text @d1 1 a1 1 $NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.15 2023/09/05 14:08:39 ryoon Exp $ a2 1 * Support Solaris @ 1.12 log @mail/thunderbird: Update to 128.2.3 * Enable WebRTC. Changelog: 128.2.3: fixed Reverted OAuth2 changes from 128.2.2esr due to authentication timeout after upgrade 128.2.2: new Account setup is updated to support OAuth2 granular permissions fixed Thunderbird could crash when using return receipt with OWL add-on fixed Folder pane display was blank due to invalid mail server hostname fixed Some users were unable to log in to Microsoft 365 fixed Matrix end-to-end encryption tab in account settings could be shown for XMPP account fixed Participant and message were not populated when user left the room using XMPP fixed Visual and UX improvements 128.0: fixed Opening profile import tab then restarting Thunderbird caused import tab to malfunction fixed "Total" column did not display message count when using "Grouped by" sorting fixed Could not add events to CalDAV calendar when UID contained special characters fixed Visual and UX improvements @ text @@ 1.11 log @mail/thunderbird: Update to version 102.6.1. This is copied from wip/thunderbird, which builds with more recent versions of rust. This is the version just before this change was implemented: https://blog.thunderbird.net/2023/01/important-message-for-microsoft-office-365-enterprise-users/ and this version will stay here for a while before we update again. Call me lazy, but I don't think it's worth anyone's time to paste in the change log from version 78 to 102.6.1 here, and it doesn't appear to be readily accessible in the source distribution. That said, the list of security fixes implemented between version 78.12 and 102.6.1 is available at https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird102.6.1 and the release notes are available at https://www.thunderbird.net/en-US/thunderbird/releases/ @ text @d1 1 a1 1 $NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.10 2020/09/03 15:26:22 ryoon Exp $ d3 4 a6 1 --- ipc/glue/GeckoChildProcessHost.cpp.orig 2020-08-28 21:32:41.000000000 +0000 d21 1 a21 1 #include "base/process_util.h" @ 1.10 log @thunderbird: Update to 78.2.1 * Lightning cannot be disabled by users in build time. Remove mozilla-lightning option. Changelog: 78.2.1 Changes changed OpenPGP enabled by default changed OpenPGP: Disabled the use of MD5/SM2/SM3 algorithms Fixes fixed OpenPGP: Users with sub-identities were unable to encrypt or sign messages when switching identities fixed OpenPGP message security window did not support dark mode 78.2.0 Changes changed OpenPGP Key generation now disabled when there is no default mail account configured changed OpenPGP: Encrypt saved drafts when OpenPGP is enabled changed Twitter search removed changed Calendar: Event summary dialog is now themeable changed MailExtensions: Some APIs now use defineLazyPreferenceGetter in order to benefit from caching Fixes fixed OpenPGP Key Manager search function did not work fixed OpenPGP Key Properties dialog was sometimes too small fixed OpenPGP: Encrypted email would not send if address contained uppercase characters fixed OpenPGP: "Key ID" column could not be resized in Key Manage fixed OpenPGP: Keys containing invalid UTF-8 strings could not be imported fixed OpenPGP: Enable automatic signing for encrypted messages in additional scenarios fixed Many more OpenPGP bug fixes and improvements fixed IMAP fetch chunk size was always 65536 bytes fixed IMAP server capabilities were not rechecked after upgrading to SSL/TLS connection fixed Message Composer: Order of attachments could not be modified using drag & drop fixed Composing messages with a "fixed width" font did not work fixed Drag and drop of address book contacts did not work in some situations fixed Address book migration failed when there was a dot in the file name fixed Address book: "Always prefer display name over message header" was always checked when editing a contact fixed Address book performance optimizations fixed Dialog to add a new mail account from "Account Settings" did not open fixed "Select All" (Ctrl+A) in message source did not work until focused with a mouse click fixed Ctrl+scroll wheel not zooming in message reader fixed Setting/changing a signature from a file lost when closing account settings fixed Adaptive Junk Mail settings could not be disabled fixed Message filter dialog fixes: Missing scrollbar, drop-down list not wide enough fixed Various UX and theme improvements 78.1.1 Changes changed Building OpenPGP shared library linked to system libraries now supported changed MailExtension errors now shown in Developer Tools console by default changed MailExtensions: Dynamic registration of calendar providers now supported Fixesr fixed OpenPGP improvements fixed Message preview was sometimes blank after upgrading from Thunderbird 68 fixed Email addresses whitelisted for remote content not displayed in preferences fixed Importing data from Seamonkey did not work fixed Renaming a mail list did not update the side bar fixed MailExtensions: messenger.* namespace was undefined 78.1.0 What's New new OpenPGP support is now feature complete. Improvements: new Key Wizard, online searching for OpenPGP keys, and more new The preferences tab now has a search field Changes changed Dark background in message reader is now disabled Fixes fixed Thunderbird startup was slow when using folder color customizations with many folders. Previously configured colors will not be migrated. fixed Mail quota usage in status bar did not support terabyte folder sizes fixed Changing Junk mail settings with keyboard toggled wrong setting fixed Advanced IMAP server preferences not saved in Account Manager fixed Address book migration updates and fixes fixed Address book: Last Modified Date was not updated fixed Dark mode improvements fixed Various security fixes Security fixes: #CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker #CVE-2020-6514: WebRTC data channel leaks internal address to peer #CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy #CVE-2020-15653: Bypassing iframe sandbox when allowing popups #CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture #CVE-2020-15656: Type confusion for special arguments in IonMonkey #CVE-2020-15658: Overriding file type when saving to disk #CVE-2020-15657: DLL hijacking due to incorrect loading path #CVE-2020-15654: Custom cursor can overlay user interface #CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1 78.0.1 What's New new OpenPGP: Key revocation, extending key expiration, and secret key backup Fixes fixed Drag & Drop multiple attachments to macOS Finder created duplicate files fixed Faceted search date and relevance settings not saved fixed FileLink attachments included as a link and file when added from a network drive via drag & drop fixed About Thunderbird dialog keyboard shortcuts did not work fixed CC'd recipients sometimes displayed collapsed in header pane fixed Incremental search in contacts sidebar did not always display local results when an LDAP server was also in use fixed Contacts sidebar search results cleared after removing a contact fixed OpenPGP: Messages with long Armor Header lines did not display fixed OpenPGP: Messages containing non-UTF-8 text were not supported fixed Various UI and theming fixes fixed Chat: Participants list did not display operator flags @ text @d1 1 a1 1 $NetBSD$ d18 1 a18 1 #include "base/string_util.h" @ 1.9 log @Update to 60.3.3 Changelog: 60.3.3: mitigated Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault that potentially deleted saved passwords and private certificate keys for users using a master password. Version 60.3.3 will prevent the loss of data; affected users who have already upgraded to version 60.3.2 or earlier can restore the deleted key3.db file from backup to complete the migration. fixed Address book search and auto-complete slowness introduced in Thunderbird 60.3.2 Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters While composing a message, a link not removed when link location was removed in the link properties panel 60.3.2: fixed Under some circumstances Thunderbird on Mac will send attachments using the so-called AppleDouble format which can lead to problems with mail servers and recipients Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding. If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead. Body search/filtering didn't reliably ignore content of tags Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons Incorrect display of correspondents column since own email address was not always detected Spurious (encoded newline) inserted into drafts and sent email New email not inserted in correct sort order in threaded unified view or search folder 60.3.1: fixed Double-clicking on a word in the Write window sometimes launched the Advanced Property Editor or Link Properties dialog Cookie removal (not working since Thunderbird version 52) "Download rest of message" not working if global inbox was used Encoding problems for users (especially in Poland) when a file was sent via a folder using "Sent to > Mail recipient" due to a problem in the Thunderbird MAPI interface According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters are encoded using UTF-8 which can lead to problems with non-compliant providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS authentication methods are now using a Latin-1 encoding again to work around this issue. Shutdown crash/hang after entering an empty IMAP password 60.3.0: fixed Various Theme fixes where incorrect colors, backgrounds, etc. were displayed Add-on Options menu not working on Mac Shift+PageUp/PageDown in Write window Saving content of Write windows didn't overwrite existing file Issues related to "Edit Template" command Gloda attachment filtering Mailing list address auto-complete enter/return handling Thunderbird hung if HTML signature references non-existent image Filters not working for headers that appear more than once Various security fixes Secirity fixes: #CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin #CVE-2018-12392: Crash with nested event loops #CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript #CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3 #CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3 60.2.1: Changed Calendar: Default values for the first day of the week and working days are now derived from the selected datetime formatting locale (restart after changing locale in the OS required) Calendar: Switch to a Photon-style icon set for all platforms Multiple requests for master password when Google Mail or Calendar OAuth2 is enabled Scrollbar of the address entry auto-complete popup does not work Security info dialog in compose window does not show certificate status Links in the Add-on Manager's search results and theme browsing tabs open in external browser Localized versions of Thunderbird didn't show a localized name for the "Drafts" and "Sent" folders for certain IMAP providers (particularly in France) Replying to a message with an empty subject inserted Re: twice (not working in Thunderbird 60.0) Spellcheck marks disappeared erroneously for words with an apostrophe (not working in Thunderbird 60.0) Calendar: First day of the week cannot be set Calendar: Several fixes related to cutting/deleting of events and email scheduling Various security fixes Security fixes: #CVE-2018-12377: Use-after-free in refresh driver timers #CVE-2018-12378: Use-after-free in IndexedDB #CVE-2018-12379: Out-of-bounds write with malicious MAR file #CVE-2017-16541: Proxy bypass using automount and autofs #CVE-2018-12385: Crash in TransportSecurityInfo due to cached data #CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords #CVE-2018-12376: Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1 60.0: new When writing a message, a delete button now allows the removal of a recipient. This delete button is displayed when hovering the To/Cc/Bcc selector. Many improvements to attachments handling during compose: Attachments can now be reordered using a dialog, keyboard shortcuts, or drag and drop. The "Attach" button moved to the right to be above the attachment pane. The access key of the attachment pane (e.g. Alt+M, may vary depending on localization, Ctrl+M on Mac) now also works to show or hide the pane. The attachment pane can also be shown initially when composing a new message. Right-click on the header to enable this option. Hiding a non-empty attachment pane will now show a placeholder paperclip to indicate the presence of attachments and avoid sending them accidentally. "Edit Template" command. This also solves various problems when saving as template (duplicates created, message ID lost). "New Message from Template" command Allow changing the Spellcheck Language from status bar Light and Dark themes WebExtension themes are now enabled in Thunderbird A default startup directory in the address book window can now be configured Individual feed update interval An option under "Tools > Options, Advanced, General" now allows to select whether date/time display will follow the application locale (adjusted by operating system's format settings for that locale) or the locale selected in the operating system's regional settings. In other words, an US English Thunderbird can use, for example, German formats. OAuth2 authentication for Yahoo and AOL FIDO U2F support Thunderbird now allows the conversion of folders from mbox to maildir format and vice versa. This is an experimental feature that needs to be enabled by setting the preference mail.store_conversion_enabled. Note that this functionality does not not work if the option "Allow Windows Search/Spotlight to search messages" is selected. Calendar: Allow copying, cutting or deleting of a selected occurrence or the entire series for recurring events Calendar: Provide an option to display locations for events in calendar day and week views Calendar: Provide the ability for sending/not sending meeting notifications directly instead of showing a popup Calendar: Option to select the target calendar when pasting an event or task Calendar: Allow email scheduling for CalDAV servers supporting server-side scheduling Thunderbird Chat now contains multiple built-in message themes changed IMPORTANT: Add-ons not marked as compatible with Thunderbird 60 by their authors will be disabled (this can be reverted via preference extensions.strictCompatibility) IMAP: When after sending a message storing that sent message fails, the message can now be stored in a local folder Add-on options can no longer be configured from the Add-on Manager page. A new menu item "Add-on Options" is now available on the Tools menu. When messages are composed in paragraph format, "body text" and split mail quotes are converted to paragraphs when pressing the enter key "Edit As New Message" will now use the account's default compose format, either HTML or plain text ignoring the format of the message. Plain text messages will be converted to HTML and vice versa. Then using the modifier, the format choice will be reverted. The "Edit Draft" command now also honors the use of the shift key to convert HTML to plain text or vice versa when editing a draft The plain text to HTML conversion has been improved where such a conversion is necessary for "Edit As New Message" or when the shift modifier is used for "Edit Draft" or "New Message from Template". During address entry, the matching part of the address is now shown in bold. Preference mail.autoComplete.commentColumn allows to display the address book where the address is stored. When attaching a message via drag and drop, the subject of the message is now used as attachment name instead of "Attached Message" Better address book photo handling: Photos can be added by drag and drop and a copy of all photos will be stored in the Thunderbird profile On first start, Thunderbird now shows the account setup dialog, no longer the account provisioner dialog Thunderbird follows Firefox' Photon design with rectangular tabs and many other theme improvements When customizing the From: address, Thunderbird will now use this address for the SMTP "MAIL FROM" command. Previously the address configured in the identity was used. The preference mail.smtp.useSenderForSmtpMailFrom allows return to the previous behavior. Native notifications on Linux are now re-enabled Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy now supported) Thunderbird now uses the latest Rust-based Mozilla technology, including Quantum's CSS engine (based on Servo) and encoding_rs, for displaying and encoding messages All certificates issued by Symantec roots before 2016-06-01 are distrusted for use in TLS secured traffic in Thunderbird 60 and above. This applies to all brands Symantec operated: Thawte, RapidSSL, GeoTrust, Verisign, and Symantec. For usage in S/MIME the certificates remain valid. Details here. Calendar: Removal of capability to send email invitations compatible to Outlook 2002 and earlier Calendar: Reminders on read-only calendars can now be dismissed, while reminders for missed events will now only be displayed for writable calendars if option "Show missed reminders for writable calendars" is selected Thunderbird Chat: Nicknames inside of messages are colored to match the participants list fixed When many Thunderbird clients or other email clients accessed the same IMAP draft folder, messages were sometimes sent with the wrong identity. This has been corrected and the user will be notified if none of their identities matches the draft. Various problems related to handling the IMAP trash folder: Under certain circumstances the selection of the trash folder didn't persist, for example when the name contained non-ASCII characters, or in localized versions of Thunderbird. At times unwanted adtext menu behavior Better error handling for Gmail authentication to avoid re-downloading of folders Thunderbird used a stale cached password after user edited a saved password Calendar: Wrong time formatting for some time zones Calendar: Can't copy information from event dialog for received invitations Various security fixes Security fixes: #CVE-2018-12359: Buffer overflow using computed size of canvas element #CVE-2018-12360: Use-after-free when using focus() #CVE-2018-12361: Integer overflow in SwizzleData #CVE-2018-12362: Integer overflow in SSSE3 scaler #CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture #CVE-2018-12363: Use-after-free when appending DOM nodes #CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins #CVE-2018-12365: Compromised IPC child process can list local filenames #CVE-2018-12371: Integer overflow in Skia library during edge builder allocation #CVE-2018-12366: Invalid data handling during QCMS transformations #CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming #CVE-2018-12368: No warning when opening executable SettingContent-ms files #CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60 #CVE-2018-5188: Memory sa60 @ text @d3 1 a3 1 --- ipc/glue/GeckoChildProcessHost.cpp.orig 2018-12-04 23:11:48.000000000 +0000 @ 1.8 log @Update to 45.0 * Regen patch names Changelog: New Add a Correspondents column combining Sender and Recipient New Much better support for XMPP chatrooms and commands. New Remote content exceptions: Improved options to add exceptions. New Implement option to always use HTML formatting to prevent unexpected format loss when converting messages to plain text. New Use OpenStreetmap for maps (even allow the user to choose from list of map services) New Allow spell checking and dictionary selection in the subject line New Add dropdown in compose to allow specific setting of font size. New Return/Enter in composer will now insert a new paragraph by default (shift-Enter will insert a line break) New Mail.ru supports OAuth authentication. New Allow copying of name and email address from the message header of an email New Allow editing of From when composing a message. Fixed Fixed: When sending e-mail which was composed using Chinese, Japanese or Korean characters, unwanted extra spaces were inserted within the text. Fixed Spell checker checked spelling in invisible HTML parts of the message. Fixed When saving a draft that is edited as new message, original draft was overwritten. Fixed External images not displayed in reply/forward Fixed Properly preserve pre-formatted blocks in message replies. Fixed Crashed in some cases while parsing IMAP messages. Fixed Copy/paste from a plain text editor lost white-space (multiple spaces/blanks, tabs, newlines) Fixed "Open Draft"/"Forward"/"Edit As New"/"Reply" created message composition with incorrect character encoding. Fixed Fixed: Grouped By view sort direction change was broken, plus enabled custom column grouping. Fixed Fixed: New emails into a mailbox did not adhere to sort order by received. Fixed Fixed: Box.com attachments failed to upload. Fixed Fixed: Drag and drop of multiple attachments failed to OS file folder. Fixed XMPP had connection problems for users with large rosters Security bugs: Fixed in Thunderbird 45 2016-37 Font vulnerabilities in the Graphite 2 library 2016-36 Use-after-free during processing of DER encoded keys in NSS 2016-35 Buffer overflow during ASN.1 decoding in NSS 2016-34 Out-of-bounds read in HTML parser following a failed allocation 2016-27 Use-after-free during XML transformations 2016-24 Use-after-free in SetBody 2016-23 Use-after-free in HTML5 string parser 2016-20 Memory leak in libstagefright when deleting an array during MP4 processing 2016-19 Linux video memory DOS with Intel drivers 2016-18 CSP reports fail to strip location information for embedded iframe pages 2016-17 Local file overwriting and potential privilege escalation through CSP reports 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) @ text @d1 1 a1 1 $NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.7 2015/07/09 15:17:34 ryoon Exp $ d3 2 a4 2 --- mozilla/ipc/glue/GeckoChildProcessHost.cpp.orig 2015-06-08 17:49:21.000000000 +0000 +++ mozilla/ipc/glue/GeckoChildProcessHost.cpp a18 27 @@@@ -547,7 +553,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc // and passing wstrings from one config to the other is unsafe. So // we split the logic here. -#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) +#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) || defined(OS_SOLARIS) base::environment_map newEnvVars; ChildPrivileges privs = mPrivileges; if (privs == base::PRIVILEGES_DEFAULT) { @@@@ -686,7 +692,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc childArgv.push_back(pidstring); #if defined(MOZ_CRASHREPORTER) -# if defined(OS_LINUX) || defined(OS_BSD) +# if defined(OS_LINUX) || defined(OS_BSD) || defined(OS_SOLARIS) int childCrashFd, childCrashRemapFd; if (!CrashReporter::CreateNotificationPipeForChild( &childCrashFd, &childCrashRemapFd)) @@@@ -719,7 +725,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc childArgv.push_back(childProcessType); base::LaunchApp(childArgv, mFileMap, -#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) +#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) || defined(OS_SOLARIS) newEnvVars, privs, #endif false, &process, arch); @ 1.7 log @Update to 38.0.1 Changelog: What's New New GMail supports OAuth2 authentication, removing the need to manually select "allow less secure applications" in Google options for the account. (bug 849540) New Ship Lightning calendar addon with Thunderbird and enable with an opt-out dialog (bug 1113183) New Filter sent messages (bug 11039) New Filter messages when archived (bug 479823) New Enable search in multiple/all address books (bug 170270) New Add support for Yahoo Messenger in Chat (bug 955574) New Support Internationalized domain name URLs for RSS feeds (Bug 1018589) New Show expanded columns in folder pane (bug 464973) New Allow file-per-message (maildir) local message storage (bug 845952) New Add a Learn more link to the support page in feeds subscribe dialog (bug 1053782) New Add reading position marker line to conversations (bug 760762) New The editor for twitter should show inputtable character count (bug 736002) Changed Thunderbird will no longer use SHA-1 to sign messages (bug 1018259) Changed Removed rarely used character sets: T.61-8bit, non-encoding Mac encoders, VISCII, x-viet-tcvn5712, x-viet-vps x-johab, ARMSCII8 , map us-ascii to windows-1252, ISO-8859-6-I and -E and ISO-8859-8-E, (bug 1068505 and others.) Changed Disable CONDSTORE support for IMAP to prevent discrepancies in IMAP message status (deleted, unread) on some servers (bug 912216) Changed Make OpenSearch queries open in the user's default browser (bug 1120777) Changed Default to using SSL for XMPP and IRC. This might cause issues for self-signed certificates (bug 1122567, bug 1122666) Fixed Replied/forwarded icons disappear after folder repair, detach/delete (bug 840418) Fixed Attachment "Save As" files are displayed in Tools/Saved Files (bug 914517) Fixed Adding unknown email addresses to Mailing list, then deleting ghost duplicate entries from contacts pane, caused dataloss in mailing list (bug 628035) Fixed Web site from RSS feed was not rendered correctly (bug 662907) Fixed Email address with leading/trailing whitespace displayed wrongly with added quotes when composing ["foo"@@bar.com] (bug 286760) Fixed Force display of Sender header if S/MIME sender is the signer (bug 332639) Fixed Addressing autocomplete widget: Typed text in red despite results/matches found if suggestions change by last input (bug 1042561) Fixed Status bar not accessible (bug 934875) Fixed Wrong folder may be deleted when requesting junk delete (bug 1018960) Fixed Severe UI stutter or freezes getting new mail for very large folders (bug 870556) Fixed Automatically rejoin multi-user conversations on reconnect for XMPP (bug 1014472) Fixed Various improvements when using IRC on moznet (bug 1083768 and others) Fixed Significantly improve XMPP support (bug 1085022 and others) Fixed Fixes for connecting to non-standard IRC networks (bug 870556 and others) Fixed Automatically reclaim IRC nicks during a reconnect (bug 1087566) Fixed Changing location in editor doesn't preserve the font when returning to end of text/line (bug 756984) Fixed Inline spell checker loses red underlines after a backspace is used (bug 1100966) Known Issues unresolved Automatic addon compatibility update checks were not completed, so existing addon compatibilities may not be accurate. unresolved Copy/Paste into plain text editor deletes newlines from quoted text (bug 1143570) unresolved Importing data from Outlook or Eudora crashes (bug 917961) Security: Fixed in Thunderbird 38.0.1 2015-58 Mozilla Windows updater can be run outside of application directory 2015-57 Privilege escalation through IPC channel messages 2015-54 Buffer overflow when parsing compressed XML 2015-51 Use-after-free during text processing with vertical text enabled 2015-48 Buffer overflow with SVG content and CSS 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7) @ text @d1 1 a1 1 $NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.6 2014/07/27 20:04:59 ryoon Exp $ @ 1.6 log @Update to 31.0 * Update enigmail to 1.7 Changelog: NEW Autocompleting email addresses now matches against any part of the name or email (bug 529584) NEW Composing a mail to a newsgroup will now autocomplete newsgroup names (bug 61491) FIXED Insecure NTLM (pre-NTLMv2) authentication disabled (see 828183) Fixed in Thunderbird 31 MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library MFSA 2014-61 Use-after-free with FireOnStateChange event MFSA 2014-59 Use-after-free in DirectWrite font handling MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering MFSA 2014-57 Buffer overflow during Web Audio buffering for playback MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7) @ text @d1 1 a1 1 $NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.5 2013/11/12 20:50:51 ryoon Exp $ d3 1 a3 1 --- mozilla/ipc/glue/GeckoChildProcessHost.cpp.orig 2014-07-18 00:05:24.000000000 +0000 d17 3 a19 3 #if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX) #include "sandboxBroker.h" @@@@ -548,7 +554,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d28 1 a28 1 @@@@ -671,7 +677,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d37 1 a37 1 @@@@ -704,7 +710,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc @ 1.5 log @Update to 24.1.0 Changelog: 24.1. FIXED Fixed an issue where signatures were shown in too lighter grey making them difficult to read (bug 917906) FIXED Fixed an issue where Auto CC for reply might not work if the cc address is the same as the sending address (bug 917231) FIXED Security fixes can be found here Fixed in Thunderbird 24.0 MFSA 2013-92 GC hazard with default compartments and frame chain restoration MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object MFSA 2013-90 Memory corruption involving scrolling MFSA 2013-89 Buffer overflow with multi-column, lists, and floats MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes MFSA 2013-85 Uninitialized data in IonMonkey MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption MFSA 2013-81 Use-after-free with select element MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) 24.0 NEW Message threads can now be ignored or watched NEW Emails can now be sent to IDN based email addresses NEW Zoom functionality is now available in the compose window CHANGED In the Compose window, ctrl/cmd + and ctrl/cmd - now change the zoom setting rather than the font size CHANGED In Twitter, replying to a tweet now replies to all users, just like on the Twitter website FIXED Interactions in the filter list dialogs have been improved FIXED In Chat user nicknames are now highlighted when mentioned FIXED In IRC, long messages will now be sent in multiple parts instead of being cut off FIXED Various security fixes Fixed in Thunderbird 24.1 MFSA 2013-102 Use-after-free in HTML document templates MFSA 2013-101 Memory corruption in workers MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing MFSA 2013-98 Use-after-free when updating offline cache MFSA 2013-97 Writing to cycle collected object during image decoding MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions MFSA 2013-95 Access violation with XSLT and uninitialized data MFSA 2013-94 Spoofing addressbar though SELECT element MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10) @ text @d1 1 a1 1 $NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.4 2012/11/23 07:17:54 ryoon Exp $ d3 1 a3 1 --- mozilla/ipc/glue/GeckoChildProcessHost.cpp.orig 2013-10-23 22:09:00.000000000 +0000 d17 3 a19 3 #include "base/command_line.h" #include "base/path_service.h" @@@@ -490,7 +496,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d28 1 a28 10 @@@@ -509,7 +515,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc if (NS_SUCCEEDED(rv)) { nsCString path; greDir->GetNativePath(path); -# if defined(OS_LINUX) || defined(OS_BSD) +# if defined(OS_LINUX) || defined(OS_BSD) || defined(OS_SOLARIS) # if defined(MOZ_WIDGET_ANDROID) path += "/lib"; # endif // MOZ_WIDGET_ANDROID @@@@ -618,7 +624,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d37 1 a37 1 @@@@ -651,7 +657,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc @ 1.4 log @Update to 17.0 Changelog: NEW A Menu Button is now shown to new users by default NEW Tabs are now drawn in the title bar on Windows FIXED An issue causing spell-checking only parts of words in Thunderbird 16 is now fixed (790475) FIXED An issue causing Thunderbird 16 to repeatedly download emails is now fixed (806760) FIXED RSS feeds can now be viewed in the Wide View Layout (531397) FIXED Various fixes and performance improvements FIXED Various security fixes CHANGED Mac OS X 10.5 is no longer supported Security fixes: Fixed in Thunderbird 17 MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2012-103 Frames can shadow top.location MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset MFSA 2012-100 Improper security filtering for cross-origin wrappers MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox MFSA 2012-96 Memory corruption in str_unescape MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11) @ text @d1 1 a1 1 $NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.3 2012/09/02 06:43:40 ryoon Exp $ d3 1 a3 1 --- mozilla/ipc/glue/GeckoChildProcessHost.cpp.orig 2012-11-19 22:42:22.000000000 +0000 d19 1 a19 1 @@@@ -437,7 +443,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d23 2 a24 2 -#if defined(OS_LINUX) || defined(OS_MACOSX) +#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) d26 3 a28 3 base::ChildPrivileges privs = kLowRightsSubprocesses ? base::UNPRIVILEGED : @@@@ -455,8 +461,8 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d32 3 a34 4 -# ifdef OS_LINUX -# ifdef MOZ_WIDGET_ANDROID +# if defined(OS_LINUX) || defined(OS_BSD) +# if defined(MOZ_WIDGET_ANDROID) || defined(OS_BSD) d37 1 a37 2 const char *ld_library_path = PR_GetEnv("LD_LIBRARY_PATH"); @@@@ -575,7 +581,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d41 2 a42 2 -# if defined(OS_LINUX) +# if defined(OS_LINUX) || defined(OS_BSD) d46 2 a47 2 @@@@ -612,7 +618,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc #endif d50 2 a51 2 -#if defined(OS_LINUX) || defined(OS_MACOSX) +#if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) @ 1.3 log @Update to 15.0 * Update Mozilla Lightning to 1.7 * Update Enigmail to 1.4.4 (functionality is not tested yet; should be updated) * Regen patches Changelog: NEW Multi-Channel Chat: You now can enjoy real time conversation with your contacts, right from your favorite messaging application. NEW Do Not Track: This option has been implemented as an addition to Search the Web. NEW Ubuntu One is now supported in Filelink - the option to upload large attachments to online storage services. NEW New User Interface: Thunderbird is replicating the new look and feel of Mozilla Firefox in an effort to provide a similar user experience across all Mozilla software desktop or mobile and all platforms. FIXED Various fixes and performance improvements FIXED Various security fixes MFSA 2012-72 Web console eval capable of executing chrome-privileged code MFSA 2012-70 Location object security checks bypassed by chrome code MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html MFSA 2012-67 Installer will launch incorrect executable following new installation MFSA 2012-65 Out-of-bounds read in format-number in XSLT MFSA 2012-64 Graphite 2 memory corruption MFSA 2012-63 SVG buffer overflow and use-after-free issues MFSA 2012-62 WebGL use-after-free and memory corruption MFSA 2012-61 Memory corruption with bitmap format images with negative height MFSA 2012-59 Location object can be shadowed using Object.defineProperty MFSA 2012-58 Use-after-free issues found using Address Sanitizer MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) @ text @d1 1 a1 1 $NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.2 2012/04/28 16:56:58 ryoon Exp $ d3 1 a3 1 --- mozilla/ipc/glue/GeckoChildProcessHost.cpp.orig 2012-08-25 00:31:11.000000000 +0000 d5 15 a19 1 @@@@ -410,7 +410,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d26 3 a28 3 // XPCOM may not be initialized in some subprocesses. We don't want // to initialize XPCOM just for the directory service, especially @@@@ -425,8 +425,8 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d39 1 a39 1 @@@@ -537,7 +537,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d48 1 a48 1 @@@@ -574,7 +574,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d54 1 a54 1 newEnvVars, @ 1.2 log @Update to 12.0 * Remove unused option. * Update enigmail to 1.4.1 Changelog: * Global Search results now include message extracts in the results * Various security fixes * Various improvements to RSS feed subscription and general feed handling * Thunderbird now supports add-ons that provide different types of local mail storage @ text @d1 1 a1 1 $NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.1 2012/03/15 08:52:34 ryoon Exp $ d3 1 a3 1 --- mozilla/ipc/glue/GeckoChildProcessHost.cpp.orig 2012-04-20 22:40:07.000000000 +0000 d5 1 a5 1 @@@@ -430,7 +430,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d14 1 a14 1 @@@@ -445,8 +445,8 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d25 1 a25 1 @@@@ -557,7 +557,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc d34 1 a34 1 @@@@ -594,7 +594,7 @@@@ GeckoChildProcessHost::PerformAsyncLaunc @ 1.1 log @Update to 11.0 * enigmail source is not provided for this version now. * Switch to xulrunner 11 branch * Fix security bugs * Improve stability * Many bug fixes @ text @d1 1 a1 1 $NetBSD: patch-ipc_glue_GeckoChildProcessHost.cpp,v 1.1 2012/03/06 12:34:09 ryoon Exp $ d3 1 a3 1 --- mozilla/ipc/glue/GeckoChildProcessHost.cpp.orig 2011-12-20 23:28:19.000000000 +0000 d5 1 a5 1 @@@@ -430,7 +430,7 @@@@ d14 1 a14 1 @@@@ -445,8 +445,8 @@@@ d25 1 a25 1 @@@@ -557,7 +557,7 @@@@ d34 1 a34 1 @@@@ -594,7 +594,7 @@@@ a42 1 @