head 1.6; access; symbols pkgsrc-2026Q1:1.6.0.8 pkgsrc-2026Q1-base:1.6 pkgsrc-2025Q4:1.6.0.6 pkgsrc-2025Q4-base:1.6 pkgsrc-2025Q3:1.6.0.4 pkgsrc-2025Q3-base:1.6 pkgsrc-2025Q2:1.6.0.2 pkgsrc-2025Q2-base:1.6 pkgsrc-2025Q1:1.5.0.4 pkgsrc-2025Q1-base:1.5 pkgsrc-2024Q4:1.5.0.2 pkgsrc-2024Q4-base:1.5 pkgsrc-2024Q3:1.4.0.34 pkgsrc-2024Q3-base:1.4 pkgsrc-2024Q2:1.4.0.32 pkgsrc-2024Q2-base:1.4 pkgsrc-2024Q1:1.4.0.30 pkgsrc-2024Q1-base:1.4 pkgsrc-2023Q4:1.4.0.28 pkgsrc-2023Q4-base:1.4 pkgsrc-2023Q3:1.4.0.26 pkgsrc-2023Q3-base:1.4 pkgsrc-2023Q2:1.4.0.24 pkgsrc-2023Q2-base:1.4 pkgsrc-2023Q1:1.4.0.22 pkgsrc-2023Q1-base:1.4 pkgsrc-2022Q4:1.4.0.20 pkgsrc-2022Q4-base:1.4 pkgsrc-2022Q3:1.4.0.18 pkgsrc-2022Q3-base:1.4 pkgsrc-2022Q2:1.4.0.16 pkgsrc-2022Q2-base:1.4 pkgsrc-2022Q1:1.4.0.14 pkgsrc-2022Q1-base:1.4 pkgsrc-2021Q4:1.4.0.12 pkgsrc-2021Q4-base:1.4 pkgsrc-2021Q3:1.4.0.10 pkgsrc-2021Q3-base:1.4 pkgsrc-2021Q2:1.4.0.8 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.4.0.6 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.4 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.4.0.2 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.3.0.8 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.4 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.6 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.2 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.2.0.4 pkgsrc-2019Q2-base:1.2 pkgsrc-2019Q1:1.2.0.2 pkgsrc-2019Q1-base:1.2 pkgsrc-2018Q4:1.1.0.2 pkgsrc-2018Q4-base:1.1; locks; strict; comment @// @; 1.6 date 2025.04.30.03.47.13; author ryoon; state Exp; branches; next 1.5; commitid o9LB8XmlM6d8H1TF; 1.5 date 2024.10.01.15.01.28; author ryoon; state Exp; branches; next 1.4; commitid Da1pbOxC39OcdYrF; 1.4 date 2020.09.03.15.26.22; author ryoon; state Exp; branches; next 1.3; commitid IUnmboLLH6P9dCmC; 1.3 date 2019.09.21.10.55.17; author ryoon; state Exp; branches; next 1.2; commitid dovG9JsbXIrHTRDB; 1.2 date 2019.02.26.11.32.13; author ryoon; state Exp; branches; next 1.1; commitid PT9jULznE15UKgdB; 1.1 date 2018.12.16.08.12.16; author ryoon; state Exp; branches; next ; commitid hnaZYEy5PtyMXZ3B; desc @@ 1.6 log @mail/thunderbird: Update to 137.0.2 Changelog: 137.0.2: What's Fixed fixed Thunderbird could crash on startup when creating Linux system tray icon fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-26 #CVE-2025-3522: Leak of hashed Window credentials via crafted attachment URL #CVE-2025-2830: Information Disclosure of /tmp directory listing #CVE-2025-3523: User Interface (UI) Misrepresentation of attachment URL 137.0.1: What's Fixed fixed Added delay to built-in notifications when new profile is created in offline mode 137.0: What's Changed changed File names are now used when storing mail folders (Windows only). changed Disable Linux system tray icon until it gains functionality What's Fixed fixed In-app notifications did not display correctly in high contrast mode. fixed Repair folder did not fix mbox files produced on MacOS before Thunderbird 1.0. fixed Edit menu entries missing when group header selected in "Grouped by sort" view. fixed IMAP folder "Undelete" performed "Delete" when mixed messages were selected. fixed In RSS feeds, the space bar did not scroll the message like it did in emails. fixed Slow performance opening an .eml file in a profile with many folders. fixed Threaded search view was not updated correctly when sorted by date received. fixed Line spacing changed unexpectedly in the message list with the default font size. fixed Saved message list selection was discarded when user made a new selection. fixed Replying from local or unified folders failed when the message pane was hidden. fixed Message security panel strings were used in the wrong places. fixed Importing an OpenPGP public key with whitespace failed. fixed Unable to open attached signed OpenPGP .eml message. fixed Right-clicking "Decrypt and Save As..." on an attachment file failed. fixed Searching during shutdown could cause crash. fixed Failed news message sending could close the compose window unexpectedly. fixed Having a corrupt address book database prevented sending mail. fixed Forwarding messages as attachments could use the wrong MIME type. fixed Two-factor auth via text or email did not work with Office 365 using Oauth2. fixed Account settings menu could be loaded twice. fixed No gap existed between Back and Forward buttons in the Feed Account Wizard dialog. fixed Thunderbird could crash when importing mail fixed Unable to auto-discover Address Book on Radicale server. fixed Mark-Of-The-Web was not applied to attachments saved via drag and drop. fixed Some messages could not be scrolled due to hidden overflows in inline styles. fixed Clicking a 'mid:' link could clear the thread pane and cause errors. fixed Performance regressed when moving/copying messages on Windows. fixed Automatic compact did not attempt to compact all folders when error encountered. fixed Slow performance when moving bulk messages from IMAP to local. fixed Crossposting news article was not possible if newsgroups on different servers. fixed IRC channel was not visible after restart. fixed Unable to view full certificate chain from the "View Signature" button. fixed Visual and UX improvements fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-23 #CVE-2025-3028: Use-after-free triggered by XSLTProcessor #CVE-2025-3031: JIT optimization bug with different stack slot sizes #CVE-2025-3032: Leaking file descriptors from the fork server #CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters #CVE-2025-3033: Opening local .url files could lead to another file being opened #CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 #CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137 136.0.1: What's Fixed fixed Thunderbird could crash during shutdown if a search was still active fixed Failed news message send could close the compose window unexpectedly 136.0: What's New new Messages are automatically adapted to dark mode with a quick toggle in the header. new New "Appearance" Settings UI to globally control message threading/sorting order. What's Changed changed Criteria for closing idle message databases. What's Fixed fixed Thunderbird Release channel was not displayed in "About Thunderbird". fixed Crash could occur when shutting down during MAPI send. fixed The error message for compacting a corrupted local folder was not useful. fixed Deleting or detaching attachments in a saved .eml file appeared to work but failed. fixed On HiDPI screens, clicking addresses in the header could show popup off-screen. fixed Opening an .EML file in profiles with many folders could take a long time. fixed Some messages may have been threaded incorrectly in unified folders. fixed Unified folders could become unusable instead of being automatically rebuilt. fixed Folders at level 3+ were not auto-discovered when IMAP subscriptions were ignored. fixed New subfolder did not inherit parent view, sort order, sort type, or columns. fixed With "Fetch headers only" enabled, messages could not be sorted by size. fixed Selecting starred messages did not update immediately. fixed Marking a unified folder as favorite did not show it in favorite folders. fixed Users with many folders experienced poor performance when resizing message panes. fixed The UI could falsely report a message as encrypted when a null cipher was used. fixed Search messages dialog list could not be sorted by clicking the header icon. fixed Sending to multiple SMTPs could fail silently due to missing address book. fixed "Replace" button in compose window was overwritten when the window was narrow. fixed Changing the UI font size did not apply to some dialogs. fixed Deleted Gmail messages stayed visible until compact/expunge, despite settings. fixed Export to mobile did not work when "Use default server" was selected. fixed Account settings menu could be loaded twice. fixed Account Settings updated font size were not reflected in the content frame. fixed Add-ons: Context menu entries were incorrectly aligned. fixed Middle-click autoscroll cursor appeared without arrows instead of expected design. fixed Some functionality was missing for newsgroup messages opened from a file or URI. fixed Notifications for new mail were not showing for IMAP. fixed Message and folder lists could display incorrect line spacing after restart. fixed Clicking a 'mid:' link could clear the thread pane and cause errors. fixed Release channel incorrectly showed What's New page after update. fixed "Save Link As" was not working in feed web content. fixed Sort indicators were missing on the calendar events list. fixed Visual and UX improvements fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-17 #CVE-2025-26696: Crafted email message incorrectly shown as being encrypted #CVE-2025-26695: Downloading of OpenPGP keys from WKD used incorrect padding #CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process #CVE-2025-1931: Use-after-free in WebTransportChild #CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access #CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs #CVE-2025-1934: Unexpected GC during RegExp bailout processing #CVE-2025-1942: Disclosure of uninitialized memory when .toUpperCase() causes string to get longer #CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar #CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents #CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 #CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 #CVE-2025-1943: Memory safety bugs fixed in Firefox 136 and Thunderbird 136 @ text @$NetBSD: patch-js_src_util_NativeStack.cpp,v 1.6 2020/04/09 14:01:26 ryoon Exp $ Support SunOS. --- js/src/util/NativeStack.cpp.orig 2020-04-03 19:34:51.000000000 +0000 +++ js/src/util/NativeStack.cpp @@@@ -13,7 +13,7 @@@@ # if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) # include # endif -# if defined(SOLARIS) || defined(AIX) +# if defined(__sun) || defined(AIX) # include # endif # if defined(ANDROID) && !defined(__aarch64__) @@@@ -40,7 +40,7 @@@@ void* js::GetNativeStackBaseImpl() { return static_cast(pTib->StackBase); } -#elif defined(SOLARIS) +#elif defined(__sun) static_assert(JS_STACK_GROWTH_DIRECTION < 0); @@@@ -128,6 +128,7 @@@@ void* js::GetNativeStackBaseImpl() { # elif defined(PTHREAD_NP_H) || defined(_PTHREAD_NP_H_) || defined(NETBSD) /* e.g. on FreeBSD 4.8 or newer, neundorf@@kde.org */ pthread_attr_get_np(thread, &sattr); +# elif defined(__sun) # else /* * FIXME: this function is non-portable; @ 1.5 log @mail/thunderbird: Update to 128.2.3 * Enable WebRTC. Changelog: 128.2.3: fixed Reverted OAuth2 changes from 128.2.2esr due to authentication timeout after upgrade 128.2.2: new Account setup is updated to support OAuth2 granular permissions fixed Thunderbird could crash when using return receipt with OWL add-on fixed Folder pane display was blank due to invalid mail server hostname fixed Some users were unable to log in to Microsoft 365 fixed Matrix end-to-end encryption tab in account settings could be shown for XMPP account fixed Participant and message were not populated when user left the room using XMPP fixed Visual and UX improvements 128.0: fixed Opening profile import tab then restarting Thunderbird caused import tab to malfunction fixed "Total" column did not display message count when using "Grouped by" sorting fixed Could not add events to CalDAV calendar when UID contained special characters fixed Visual and UX improvements @ text @@ 1.4 log @thunderbird: Update to 78.2.1 * Lightning cannot be disabled by users in build time. Remove mozilla-lightning option. Changelog: 78.2.1 Changes changed OpenPGP enabled by default changed OpenPGP: Disabled the use of MD5/SM2/SM3 algorithms Fixes fixed OpenPGP: Users with sub-identities were unable to encrypt or sign messages when switching identities fixed OpenPGP message security window did not support dark mode 78.2.0 Changes changed OpenPGP Key generation now disabled when there is no default mail account configured changed OpenPGP: Encrypt saved drafts when OpenPGP is enabled changed Twitter search removed changed Calendar: Event summary dialog is now themeable changed MailExtensions: Some APIs now use defineLazyPreferenceGetter in order to benefit from caching Fixes fixed OpenPGP Key Manager search function did not work fixed OpenPGP Key Properties dialog was sometimes too small fixed OpenPGP: Encrypted email would not send if address contained uppercase characters fixed OpenPGP: "Key ID" column could not be resized in Key Manage fixed OpenPGP: Keys containing invalid UTF-8 strings could not be imported fixed OpenPGP: Enable automatic signing for encrypted messages in additional scenarios fixed Many more OpenPGP bug fixes and improvements fixed IMAP fetch chunk size was always 65536 bytes fixed IMAP server capabilities were not rechecked after upgrading to SSL/TLS connection fixed Message Composer: Order of attachments could not be modified using drag & drop fixed Composing messages with a "fixed width" font did not work fixed Drag and drop of address book contacts did not work in some situations fixed Address book migration failed when there was a dot in the file name fixed Address book: "Always prefer display name over message header" was always checked when editing a contact fixed Address book performance optimizations fixed Dialog to add a new mail account from "Account Settings" did not open fixed "Select All" (Ctrl+A) in message source did not work until focused with a mouse click fixed Ctrl+scroll wheel not zooming in message reader fixed Setting/changing a signature from a file lost when closing account settings fixed Adaptive Junk Mail settings could not be disabled fixed Message filter dialog fixes: Missing scrollbar, drop-down list not wide enough fixed Various UX and theme improvements 78.1.1 Changes changed Building OpenPGP shared library linked to system libraries now supported changed MailExtension errors now shown in Developer Tools console by default changed MailExtensions: Dynamic registration of calendar providers now supported Fixesr fixed OpenPGP improvements fixed Message preview was sometimes blank after upgrading from Thunderbird 68 fixed Email addresses whitelisted for remote content not displayed in preferences fixed Importing data from Seamonkey did not work fixed Renaming a mail list did not update the side bar fixed MailExtensions: messenger.* namespace was undefined 78.1.0 What's New new OpenPGP support is now feature complete. Improvements: new Key Wizard, online searching for OpenPGP keys, and more new The preferences tab now has a search field Changes changed Dark background in message reader is now disabled Fixes fixed Thunderbird startup was slow when using folder color customizations with many folders. Previously configured colors will not be migrated. fixed Mail quota usage in status bar did not support terabyte folder sizes fixed Changing Junk mail settings with keyboard toggled wrong setting fixed Advanced IMAP server preferences not saved in Account Manager fixed Address book migration updates and fixes fixed Address book: Last Modified Date was not updated fixed Dark mode improvements fixed Various security fixes Security fixes: #CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker #CVE-2020-6514: WebRTC data channel leaks internal address to peer #CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy #CVE-2020-15653: Bypassing iframe sandbox when allowing popups #CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture #CVE-2020-15656: Type confusion for special arguments in IonMonkey #CVE-2020-15658: Overriding file type when saving to disk #CVE-2020-15657: DLL hijacking due to incorrect loading path #CVE-2020-15654: Custom cursor can overlay user interface #CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1 78.0.1 What's New new OpenPGP: Key revocation, extending key expiration, and secret key backup Fixes fixed Drag & Drop multiple attachments to macOS Finder created duplicate files fixed Faceted search date and relevance settings not saved fixed FileLink attachments included as a link and file when added from a network drive via drag & drop fixed About Thunderbird dialog keyboard shortcuts did not work fixed CC'd recipients sometimes displayed collapsed in header pane fixed Incremental search in contacts sidebar did not always display local results when an LDAP server was also in use fixed Contacts sidebar search results cleared after removing a contact fixed OpenPGP: Messages with long Armor Header lines did not display fixed OpenPGP: Messages containing non-UTF-8 text were not supported fixed Various UI and theming fixes fixed Chat: Participants list did not display operator flags @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 1 --- js/src/util/NativeStack.cpp.orig 2020-08-28 21:32:56.000000000 +0000 @ 1.3 log @Update to 68.1.0 Changelog: new Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative. fixed Edit tag not working fixed Write window: "Insert > Characters and Symbols" not working fixed Moving/dragging messages from "Search Messages" result dialog not working fixed Command line -compose "attachment=" not working fixed Custom views not working fixed Issues with list of content types/actions for incoming attachments fixed "Learn More" links in Error Console not working fixed Visual glitches: Quick Filter Bar tag buttons too tall, missing scroll bar on Connection Setting subdialog, LDAP server selection after "New", "Edit" and "Delete" fixed Calendar: Parts of CalDAV dialog not working fixed Various security fixes Security fixes: CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message #CVE-2019-11746: Use-after-free while manipulating video #CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML #CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images #CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB #CVE-2019-11743: Cross-origin access to unload event attributes #CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 @ text @d1 1 a1 1 $NetBSD: patch-js_src_util_NativeStack.cpp,v 1.2 2019/02/26 11:32:13 ryoon Exp $ d3 1 a3 1 --- js/src/util/NativeStack.cpp.orig 2019-09-09 23:43:33.000000000 +0000 d21 1 a21 1 JS_STATIC_ASSERT(JS_STACK_GROWTH_DIRECTION < 0); @ 1.2 log @Update to 60.5.1 Changelog: 60.5.1 Fixed CalDav access to some servers not working #CVE-2018-18500: Use-after-free parsing HTML5 stream #CVE-2018-18505: Privilege escalation through IPC channel messages #CVE-2016-5824: DoS (use-after-free) via a crafted ics file #CVE-2018-18501: Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5 60.5.0 New FileLink provider WeTransfer to upload large attachments Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user inferface: [+] button to select a file an add, [-] to remove. More search engines: Google and DuckDuckGo available by default in some locales During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol. Fixed Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on Crash when using custom sound for new email notification WebExtension-based dictionaries from addons.mozilla.org not working in Thunderbird Calendar: Printing of calendars not working #CVE-2018-18356: Use-after-free in Skia #CVE-2019-5785: Integer overflow in Skia #CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D #CVE-2018-18509: S/MIME signature spoofing @ text @d1 1 a1 1 $NetBSD: patch-js_src_util_NativeStack.cpp,v 1.1 2018/12/16 08:12:16 ryoon Exp $ d3 1 a3 1 --- js/src/util/NativeStack.cpp.orig 2019-02-13 14:19:39.000000000 +0000 d5 10 a14 1 @@@@ -30,7 +30,7 @@@@ void* js::GetNativeStackBaseImpl() { d21 1 a21 1 #include d23 2 a24 2 @@@@ -69,6 +69,7 @@@@ void* js::GetNativeStackBaseImpl() { #elif defined(PTHREAD_NP_H) || defined(_PTHREAD_NP_H_) || defined(NETBSD) d27 2 a28 2 +#elif defined(__sun) #else @ 1.1 log @Update to 60.3.3 Changelog: 60.3.3: mitigated Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault that potentially deleted saved passwords and private certificate keys for users using a master password. Version 60.3.3 will prevent the loss of data; affected users who have already upgraded to version 60.3.2 or earlier can restore the deleted key3.db file from backup to complete the migration. fixed Address book search and auto-complete slowness introduced in Thunderbird 60.3.2 Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters While composing a message, a link not removed when link location was removed in the link properties panel 60.3.2: fixed Under some circumstances Thunderbird on Mac will send attachments using the so-called AppleDouble format which can lead to problems with mail servers and recipients Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding. If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead. Body search/filtering didn't reliably ignore content of tags Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons Incorrect display of correspondents column since own email address was not always detected Spurious (encoded newline) inserted into drafts and sent email New email not inserted in correct sort order in threaded unified view or search folder 60.3.1: fixed Double-clicking on a word in the Write window sometimes launched the Advanced Property Editor or Link Properties dialog Cookie removal (not working since Thunderbird version 52) "Download rest of message" not working if global inbox was used Encoding problems for users (especially in Poland) when a file was sent via a folder using "Sent to > Mail recipient" due to a problem in the Thunderbird MAPI interface According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters are encoded using UTF-8 which can lead to problems with non-compliant providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS authentication methods are now using a Latin-1 encoding again to work around this issue. Shutdown crash/hang after entering an empty IMAP password 60.3.0: fixed Various Theme fixes where incorrect colors, backgrounds, etc. were displayed Add-on Options menu not working on Mac Shift+PageUp/PageDown in Write window Saving content of Write windows didn't overwrite existing file Issues related to "Edit Template" command Gloda attachment filtering Mailing list address auto-complete enter/return handling Thunderbird hung if HTML signature references non-existent image Filters not working for headers that appear more than once Various security fixes Secirity fixes: #CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin #CVE-2018-12392: Crash with nested event loops #CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript #CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3 #CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3 60.2.1: Changed Calendar: Default values for the first day of the week and working days are now derived from the selected datetime formatting locale (restart after changing locale in the OS required) Calendar: Switch to a Photon-style icon set for all platforms Multiple requests for master password when Google Mail or Calendar OAuth2 is enabled Scrollbar of the address entry auto-complete popup does not work Security info dialog in compose window does not show certificate status Links in the Add-on Manager's search results and theme browsing tabs open in external browser Localized versions of Thunderbird didn't show a localized name for the "Drafts" and "Sent" folders for certain IMAP providers (particularly in France) Replying to a message with an empty subject inserted Re: twice (not working in Thunderbird 60.0) Spellcheck marks disappeared erroneously for words with an apostrophe (not working in Thunderbird 60.0) Calendar: First day of the week cannot be set Calendar: Several fixes related to cutting/deleting of events and email scheduling Various security fixes Security fixes: #CVE-2018-12377: Use-after-free in refresh driver timers #CVE-2018-12378: Use-after-free in IndexedDB #CVE-2018-12379: Out-of-bounds write with malicious MAR file #CVE-2017-16541: Proxy bypass using automount and autofs #CVE-2018-12385: Crash in TransportSecurityInfo due to cached data #CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords #CVE-2018-12376: Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1 60.0: new When writing a message, a delete button now allows the removal of a recipient. This delete button is displayed when hovering the To/Cc/Bcc selector. Many improvements to attachments handling during compose: Attachments can now be reordered using a dialog, keyboard shortcuts, or drag and drop. The "Attach" button moved to the right to be above the attachment pane. The access key of the attachment pane (e.g. Alt+M, may vary depending on localization, Ctrl+M on Mac) now also works to show or hide the pane. The attachment pane can also be shown initially when composing a new message. Right-click on the header to enable this option. Hiding a non-empty attachment pane will now show a placeholder paperclip to indicate the presence of attachments and avoid sending them accidentally. "Edit Template" command. This also solves various problems when saving as template (duplicates created, message ID lost). "New Message from Template" command Allow changing the Spellcheck Language from status bar Light and Dark themes WebExtension themes are now enabled in Thunderbird A default startup directory in the address book window can now be configured Individual feed update interval An option under "Tools > Options, Advanced, General" now allows to select whether date/time display will follow the application locale (adjusted by operating system's format settings for that locale) or the locale selected in the operating system's regional settings. In other words, an US English Thunderbird can use, for example, German formats. OAuth2 authentication for Yahoo and AOL FIDO U2F support Thunderbird now allows the conversion of folders from mbox to maildir format and vice versa. This is an experimental feature that needs to be enabled by setting the preference mail.store_conversion_enabled. Note that this functionality does not not work if the option "Allow Windows Search/Spotlight to search messages" is selected. Calendar: Allow copying, cutting or deleting of a selected occurrence or the entire series for recurring events Calendar: Provide an option to display locations for events in calendar day and week views Calendar: Provide the ability for sending/not sending meeting notifications directly instead of showing a popup Calendar: Option to select the target calendar when pasting an event or task Calendar: Allow email scheduling for CalDAV servers supporting server-side scheduling Thunderbird Chat now contains multiple built-in message themes changed IMPORTANT: Add-ons not marked as compatible with Thunderbird 60 by their authors will be disabled (this can be reverted via preference extensions.strictCompatibility) IMAP: When after sending a message storing that sent message fails, the message can now be stored in a local folder Add-on options can no longer be configured from the Add-on Manager page. A new menu item "Add-on Options" is now available on the Tools menu. When messages are composed in paragraph format, "body text" and split mail quotes are converted to paragraphs when pressing the enter key "Edit As New Message" will now use the account's default compose format, either HTML or plain text ignoring the format of the message. Plain text messages will be converted to HTML and vice versa. Then using the modifier, the format choice will be reverted. The "Edit Draft" command now also honors the use of the shift key to convert HTML to plain text or vice versa when editing a draft The plain text to HTML conversion has been improved where such a conversion is necessary for "Edit As New Message" or when the shift modifier is used for "Edit Draft" or "New Message from Template". During address entry, the matching part of the address is now shown in bold. Preference mail.autoComplete.commentColumn allows to display the address book where the address is stored. When attaching a message via drag and drop, the subject of the message is now used as attachment name instead of "Attached Message" Better address book photo handling: Photos can be added by drag and drop and a copy of all photos will be stored in the Thunderbird profile On first start, Thunderbird now shows the account setup dialog, no longer the account provisioner dialog Thunderbird follows Firefox' Photon design with rectangular tabs and many other theme improvements When customizing the From: address, Thunderbird will now use this address for the SMTP "MAIL FROM" command. Previously the address configured in the identity was used. The preference mail.smtp.useSenderForSmtpMailFrom allows return to the previous behavior. Native notifications on Linux are now re-enabled Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy now supported) Thunderbird now uses the latest Rust-based Mozilla technology, including Quantum's CSS engine (based on Servo) and encoding_rs, for displaying and encoding messages All certificates issued by Symantec roots before 2016-06-01 are distrusted for use in TLS secured traffic in Thunderbird 60 and above. This applies to all brands Symantec operated: Thawte, RapidSSL, GeoTrust, Verisign, and Symantec. For usage in S/MIME the certificates remain valid. Details here. Calendar: Removal of capability to send email invitations compatible to Outlook 2002 and earlier Calendar: Reminders on read-only calendars can now be dismissed, while reminders for missed events will now only be displayed for writable calendars if option "Show missed reminders for writable calendars" is selected Thunderbird Chat: Nicknames inside of messages are colored to match the participants list fixed When many Thunderbird clients or other email clients accessed the same IMAP draft folder, messages were sometimes sent with the wrong identity. This has been corrected and the user will be notified if none of their identities matches the draft. Various problems related to handling the IMAP trash folder: Under certain circumstances the selection of the trash folder didn't persist, for example when the name contained non-ASCII characters, or in localized versions of Thunderbird. At times unwanted adtext menu behavior Better error handling for Gmail authentication to avoid re-downloading of folders Thunderbird used a stale cached password after user edited a saved password Calendar: Wrong time formatting for some time zones Calendar: Can't copy information from event dialog for received invitations Various security fixes Security fixes: #CVE-2018-12359: Buffer overflow using computed size of canvas element #CVE-2018-12360: Use-after-free when using focus() #CVE-2018-12361: Integer overflow in SwizzleData #CVE-2018-12362: Integer overflow in SSSE3 scaler #CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture #CVE-2018-12363: Use-after-free when appending DOM nodes #CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins #CVE-2018-12365: Compromised IPC child process can list local filenames #CVE-2018-12371: Integer overflow in Skia library during edge builder allocation #CVE-2018-12366: Invalid data handling during QCMS transformations #CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming #CVE-2018-12368: No warning when opening executable SettingContent-ms files #CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60 #CVE-2018-5188: Memory sa60 @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- js/src/util/NativeStack.cpp.orig 2018-12-04 23:11:52.000000000 +0000 d5 2 a6 2 @@@@ -32,7 +32,7 @@@@ js::GetNativeStackBaseImpl() return static_cast(pTib->StackBase); d14 8 a21 8 @@@@ -78,6 +78,7 @@@@ js::GetNativeStackBaseImpl() # elif defined(PTHREAD_NP_H) || defined(_PTHREAD_NP_H_) || defined(NETBSD) /* e.g. on FreeBSD 4.8 or newer, neundorf@@kde.org */ pthread_attr_get_np(thread, &sattr); +# elif defined(__sun) # else /* * FIXME: this function is non-portable; @