head 1.2; access; symbols pkgsrc-2026Q1:1.2.0.6 pkgsrc-2026Q1-base:1.2 pkgsrc-2025Q4:1.2.0.4 pkgsrc-2025Q4-base:1.2 pkgsrc-2025Q3:1.2.0.2 pkgsrc-2025Q3-base:1.2 pkgsrc-2025Q2:1.1.0.2 pkgsrc-2025Q2-base:1.1; locks; strict; comment @# @; 1.2 date 2025.07.23.19.18.45; author ryoon; state Exp; branches; next 1.1; commitid MSfCtDnwQXIy9U3G; 1.1 date 2025.04.30.03.47.13; author ryoon; state Exp; branches; next ; commitid o9LB8XmlM6d8H1TF; desc @@ 1.2 log @mail/thunderbird: Update to 140.0.1 Changelog: 140.0.1: What's Fixed fixed Inserting a link into an HTML mail did not work as expected 140.0: What's New new Implemented enterprise policy to allow granular in-app notification control new New mail alert now includes message disposition buttons new Added 'Mark as Read' and 'Delete' actions to mail notifications new Added 'Mark as Spam' and 'Mark as Starred' actions to mail notifications new Support dark reader for the message pane new Messages are automatically adapted to dark mode with a quick toggle in the header new Message filters are now available in the Folder Pane context menu new Added horizontal threadpane scrolling mail.threadpane.table.horizontal_scroll new Implemented customizable row count for Cards View in 'Appearance' settings new Implemented ability to manually sort folders in the folder pane new New "Appearance" Settings UI to globally control message threading/sorting order new Added checkbox to select/unselect all calendars in the calendar setup wizard new Account Hub enabled by default for second email setup new Add-ons: Added support for specifying a cookieStoreId when creating a space new Added Thunderbird-specific loading symbol What's Changed changed Removed obsolete preference extensions.overlayloader.loglevel changed CardDAV address books and calendars now use the same OAuth2 code as mail changed Display junk state and allow toggling it from top of message context menu changed Subscribe/Unsubscribe buttons were removed from the IMAP subscribe dialog changed Ignore unsupported subkeys/signatures when importing compliant OpenPGP keys changed Some generic appearance settings were moved from General to Appearance section changed Add-ons: browser.messages.listAttachments() now returns attachment headers changed Set calendar.alarms.showmissed preference to false by default changed Exporting a calendar to .ics did not include the calendar name What's Fixed fixed Chrome URLs were opened in an external browser fixed Race condition in folder compaction could cause unexpected behavior fixed Crash could occur when shutting down during MAPI send fixed Message preview truncation in notifications improved fixed Thunderbird could crash when setting message compose headers fixed Links in the OAuth authentication window did not open when clicked fixed Mail window could stop functioning during and after folder compaction fixed Error message for compacting a corrupted local folder was not useful fixed Repair folder did not fix mbox files produced on MacOS before Thunderbird 1.0 fixed Wrong day of week displayed for some emails fixed Edit menu entries missing when group header selected in "Grouped by sort" view fixed IMAP folder "Undelete" performed "Delete" when mixed messages were selected fixed View Message Source no longer worked for multiple selected messages fixed Creating a new mail account from the menu bar in a message window failed fixed Feed subscriptions were broken fixed Feed body was not rendered when "Message Body As" formatting option selected fixed Thunderbird could show incorrect 'From' and 'To' fields for mailing list emails fixed mail.compose.other.header wrongly added fields to message preview pane headers fixed Deleting or detaching attachments in a saved .eml file appeared to work but failed fixed In RSS feeds, the space bar did not scroll the message like it did in emails fixed Unchecking "Show all headers" in Message Header Settings closed dialog fixed Some webpage links could be forced to open in Thunderbird fixed Right-click of message in cross-folder virtual folder wrongly selected it fixed Messages deleted from a cross-folder search view could not be undeleted fixed Cards view "replies" button remained styled without new messages in thread fixed Subscribe window "Show items that contain" should not have been shown for IMAP fixed POP3 inbox could show new mail with no subject, no sender, and date 1970-01-01 fixed Folders at level 3+ were not auto-discovered when IMAP subscriptions were ignored fixed New subfolder did not inherit parent view, sort order, sort type, or columns fixed With "Fetch headers only" enabled, messages could not be sorted by size fixed Selecting starred messages did not update immediately fixed Marking a unified folder as favorite did not show it in favorite folders fixed Threaded search view was not updated correctly when sorted by date received fixed Menu items to manage folders were not disabled in offline mode fixed Ctrl or Shift selecting multiple messages reset when dragging across a message fixed Folder was hidden from Favorite when subfolder was removed fixed Folder tree message counts displayed incorrectly under certain conditions fixed The UI could falsely report a message as encrypted when a null cipher was used fixed Message security panel strings were used in the wrong places fixed Importing an OpenPGP public key with whitespace failed fixed Unable to open attached signed OpenPGP .eml message fixed OpenPGP key was not updated when accepted key was reimported with new identities fixed Dual signed (PGP and S/MIME) emails were not displayed fixed "Secret Key ID" field did not sanitize input, causing draft encryption to fail fixed Could not send signed/encrypted messages in some setups due to regression fixed Quick Filter did not display loading symbol when search was in progress fixed Search messages dialog list could not be sd for search after repair fixed Messages with multiple authors or no author were not indexed for global search fixed Messages from authors without email address were not indexed for global search fixed Shutdown could hang due to unterminated search exelected text did not work with advanced properties selected fixed Spellcheck no longer highlighted misspelled words in the compose window fixed Changing the UI font size did not apply to some dialogs fixed Deleted Gmail messages stayed visible until comned visible when mail.chat.enabled was false fixed macOS system notifications worked but email alerts could not be disabled separately fixed Setting different archiving options for multiple identities did not work fixed OAuth2 not shown in "Authentication method" menulist for existing Exchange account fixed 'Please fill out this field' in account setup always appeared in English fixed No gap existed between Back and Forward buttons in the Feed Account Wizard dialog fixed Moving back in the calendar import dialog could break the Continue button fixed Add-ons: Links in content pages with a target attribute loaded a blank page fixed Add-ons: Context menu entries were incorrectly aligned. fixed Add-ons: Optional permission prompts for WebExtensions displayed wrong permissions fixed Double clicking a new contact icon added the contact to the address book twice fixed Unable to auto-discover Address Book on Radicale server fixed CardDAV synchronization to Zimbra server failed fixed Mark-Of-The-Web was not applied to attachments saved via drag and drop fixed System search toggle did not properly reflect and control integration state fixed Some messages could not be scrolled due to hidden overflows in inline styles fixed Keyboard navigation was not possible when first header button was disabled fixed Thunderbird could crash when renaming a local folder while copying from IMAP fixed Some functionality was missing for newsgroup messages opened from a file or URI fixed Message and folder lists could display incorrect line spacing after restart fixed Automatic compact did not attempt to compact all folders when error encountered fixed APOP authenication for POP3 did not prompt for corrected password fixed POP3 'fetch headers only' and 'get selected messages' could skip some messages fixed Thunderbird logged network errors in console when used in offline mode fixed Slow performance when moving bulk messages from IMAP to local fixed Crossposting news article was not possible if newsgroups on different servers fixed Cancelling a post to a news server could fail and remove the article fixed Thunderbird could crash in NNTP subscription dialog fixed Newsgroup searches with slashes were not supported with XPAT-enabled servers fixed Offline newsgroup use lacked functionality needed for effective offline access fixed Thunderbird could show a misleading error message on IMAP login failure fixed Modal alerts shown for expired articles when downloading news for offline use fixed Status bar message did not include newsgroup name along with the account name fixed Reconnecting to an NNTP server was potentially not possible fixed Nickserv messages appeared during successful authentication fixed Thunderbird Flatpak install did not use a branded symbolic icon fixed Unable to view full certificate chain from the "View Signature" button fixed Organizer email address for CalDAV calendar events could be incorrect fixed Changing calendar.week.start preference did not update calendar views fixed Clicking a mid: link in Calendar opened two copies of the message fixed Clicking a 'mid:' link in event created from message did not work fixed Thunderbird calendar failed to show attendee as busy when added to an event fixed Some calendar requests were blocked due to opaque response blocking fixed Visual and UX improvements fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-54 #CVE-2025-6424: Use-after-free in FontFaceSet #CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID #CVE-2025-6426: No warning when opening executable terminal files on macOS #CVE-2025-6427: connect-src Content Security Policy restriction could be bypassed #CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com #CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag #CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy #CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate #CVE-2025-6434: HTTPS-Only exception screen lacked anti-clickjacking delay #CVE-2025-6435: Save as in Devtools could download files without sanitizing the extension #CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird 140 139.0.2: What's Fixed fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-50 #CVE-2025-5986: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links 139.0.1: What's Fixed fixed Thunderbird could crash when copying a local folder to IMAP fixed Upgrade to 139.0 incorrectly switched Table View to Cards View 139.0: What's New new Implemented enterprise policy to allow granular in-app notification control new Added 'Mark as Read' and 'Delete' actions to mail notifications new Implemented customizable row count for Cards View in 'Appearance' settings new Implemented ability to manually sort folders in the folder pane What's Fixed fixed Thunderbird could crash when setting message compose headers fixed Links in the OAuth authentication window did not open when clicked fixed Access was not allowed to attachments at specific UNC hosts fixed Mail window could stop functioning during and after folder compaction fixed Full folder sorting logic was not used when inserting folders after move fixed mail.compose.other.header headers were not shown in Show All Headers mode fixed Folder was hidden from Favorite when a subfolder was removed fixed Folder tree message counts displayed incorrectly under certain conditions fixed Selection was not restored after manual folder sorting fixed Dragging a folder to a new parent did not insert it correctly for IMAP folders fixed Compact View users had all folders expanded after restart fixed Invite attachments without a name were forwarded as 'Attached Message Part' fixed Chat settings tab remained visible when mail.chat.enabled was false fixed Selected folder was not refreshed when applying 'Appearance' Threading settings fixed 'Grouped by Sort' for all folders in 'Appearance' settings did not work properly fixed Thunderbird could crash if message copying to Sent folder was interrupted fixed System search toggle did not properly reflect and control integration state fixed Dragging attachments to desktop from Thunderbird did not work on macOS fixed Dark mode messages displayed in light mode due to preference setting conflict fixed Cancelling a post to a news server could fail and remove the article fixed Thunderbird could crash in NNTP subscription dialog fixed Newsgroup searches with slashes were not supported with XPAT-enabled servers fixed Offline newsgroup use lacked functionality needed for effective offline access fixed Chat accounts could not be deleted fixed Reminders missed for all-day events when calendar.alarms.showmissed was false fixed Access to multiple CalDAV calendars was not possible fixed Visual and UX improvements fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-45 #CVE-2025-5262: Double-free in libvpx encoder #CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content #CVE-2025-5264: Potential local code execution in "Copy as cURL" command #CVE-2025-5265: Potential local code execution in "Copy as cURL" command #CVE-2025-5270: SNI was sometimes unencrypted #CVE-2025-5271: Devtools' preview ignored CSP headers #CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details #CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 #CVE-2025-5272: Memory safety bugs fixed in Firefox 139 and Thunderbird 139 138.0.2: What's Fixed fixed Messages could not be viewed if the profile used a UNC path fixed Standalone message windows/tabs no longer responded after folder compaction fixed Compacting folders with certain pending operations caused unnecessary warnings fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-41 #CVE-2025-4918: Out-of-bounds access when resolving Promise objects #CVE-2025-4919: Out-of-bounds access when optimizing linear sums @ text @$NetBSD: patch-third__party_sqlite3_ext_moz.build,v 1.1 2025/04/30 03:47:13 ryoon Exp $ --- third_party/sqlite3/ext/moz.build.orig 2025-07-02 01:08:50.000000000 +0000 +++ third_party/sqlite3/ext/moz.build @@@@ -21,7 +21,7 @@@@ SOURCES += [ "sqlite-vec/sqlite-vec.c", ] -if CONFIG["OS_TARGET"] == "Linux" or CONFIG["OS_TARGET"] == "Android": +if CONFIG["OS_TARGET"] == "Linux" or CONFIG["OS_TARGET"] == "Android" or CONFIG["OS_TARGET"] == "FreeBSD" or CONFIG["OS_TARGET"] == "NetBSD" or CONFIG["OS_TARGET"] == "OpenBSD": OS_LIBS += [ "m", ] @ 1.1 log @mail/thunderbird: Update to 137.0.2 Changelog: 137.0.2: What's Fixed fixed Thunderbird could crash on startup when creating Linux system tray icon fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-26 #CVE-2025-3522: Leak of hashed Window credentials via crafted attachment URL #CVE-2025-2830: Information Disclosure of /tmp directory listing #CVE-2025-3523: User Interface (UI) Misrepresentation of attachment URL 137.0.1: What's Fixed fixed Added delay to built-in notifications when new profile is created in offline mode 137.0: What's Changed changed File names are now used when storing mail folders (Windows only). changed Disable Linux system tray icon until it gains functionality What's Fixed fixed In-app notifications did not display correctly in high contrast mode. fixed Repair folder did not fix mbox files produced on MacOS before Thunderbird 1.0. fixed Edit menu entries missing when group header selected in "Grouped by sort" view. fixed IMAP folder "Undelete" performed "Delete" when mixed messages were selected. fixed In RSS feeds, the space bar did not scroll the message like it did in emails. fixed Slow performance opening an .eml file in a profile with many folders. fixed Threaded search view was not updated correctly when sorted by date received. fixed Line spacing changed unexpectedly in the message list with the default font size. fixed Saved message list selection was discarded when user made a new selection. fixed Replying from local or unified folders failed when the message pane was hidden. fixed Message security panel strings were used in the wrong places. fixed Importing an OpenPGP public key with whitespace failed. fixed Unable to open attached signed OpenPGP .eml message. fixed Right-clicking "Decrypt and Save As..." on an attachment file failed. fixed Searching during shutdown could cause crash. fixed Failed news message sending could close the compose window unexpectedly. fixed Having a corrupt address book database prevented sending mail. fixed Forwarding messages as attachments could use the wrong MIME type. fixed Two-factor auth via text or email did not work with Office 365 using Oauth2. fixed Account settings menu could be loaded twice. fixed No gap existed between Back and Forward buttons in the Feed Account Wizard dialog. fixed Thunderbird could crash when importing mail fixed Unable to auto-discover Address Book on Radicale server. fixed Mark-Of-The-Web was not applied to attachments saved via drag and drop. fixed Some messages could not be scrolled due to hidden overflows in inline styles. fixed Clicking a 'mid:' link could clear the thread pane and cause errors. fixed Performance regressed when moving/copying messages on Windows. fixed Automatic compact did not attempt to compact all folders when error encountered. fixed Slow performance when moving bulk messages from IMAP to local. fixed Crossposting news article was not possible if newsgroups on different servers. fixed IRC channel was not visible after restart. fixed Unable to view full certificate chain from the "View Signature" button. fixed Visual and UX improvements fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-23 #CVE-2025-3028: Use-after-free triggered by XSLTProcessor #CVE-2025-3031: JIT optimization bug with different stack slot sizes #CVE-2025-3032: Leaking file descriptors from the fork server #CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters #CVE-2025-3033: Opening local .url files could lead to another file being opened #CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 #CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137 136.0.1: What's Fixed fixed Thunderbird could crash during shutdown if a search was still active fixed Failed news message send could close the compose window unexpectedly 136.0: What's New new Messages are automatically adapted to dark mode with a quick toggle in the header. new New "Appearance" Settings UI to globally control message threading/sorting order. What's Changed changed Criteria for closing idle message databases. What's Fixed fixed Thunderbird Release channel was not displayed in "About Thunderbird". fixed Crash could occur when shutting down during MAPI send. fixed The error message for compacting a corrupted local folder was not useful. fixed Deleting or detaching attachments in a saved .eml file appeared to work but failed. fixed On HiDPI screens, clicking addresses in the header could show popup off-screen. fixed Opening an .EML file in profiles with many folders could take a long time. fixed Some messages may have been threaded incorrectly in unified folders. fixed Unified folders could become unusable instead of being automatically rebuilt. fixed Folders at level 3+ were not auto-discovered when IMAP subscriptions were ignored. fixed New subfolder did not inherit parent view, sort order, sort type, or columns. fixed With "Fetch headers only" enabled, messages could not be sorted by size. fixed Selecting starred messages did not update immediately. fixed Marking a unified folder as favorite did not show it in favorite folders. fixed Users with many folders experienced poor performance when resizing message panes. fixed The UI could falsely report a message as encrypted when a null cipher was used. fixed Search messages dialog list could not be sorted by clicking the header icon. fixed Sending to multiple SMTPs could fail silently due to missing address book. fixed "Replace" button in compose window was overwritten when the window was narrow. fixed Changing the UI font size did not apply to some dialogs. fixed Deleted Gmail messages stayed visible until compact/expunge, despite settings. fixed Export to mobile did not work when "Use default server" was selected. fixed Account settings menu could be loaded twice. fixed Account Settings updated font size were not reflected in the content frame. fixed Add-ons: Context menu entries were incorrectly aligned. fixed Middle-click autoscroll cursor appeared without arrows instead of expected design. fixed Some functionality was missing for newsgroup messages opened from a file or URI. fixed Notifications for new mail were not showing for IMAP. fixed Message and folder lists could display incorrect line spacing after restart. fixed Clicking a 'mid:' link could clear the thread pane and cause errors. fixed Release channel incorrectly showed What's New page after update. fixed "Save Link As" was not working in feed web content. fixed Sort indicators were missing on the calendar events list. fixed Visual and UX improvements fixed Security fixes Security fixes: Mozilla Foundation Security Advisory 2025-17 #CVE-2025-26696: Crafted email message incorrectly shown as being encrypted #CVE-2025-26695: Downloading of OpenPGP keys from WKD used incorrect padding #CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process #CVE-2025-1931: Use-after-free in WebTransportChild #CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access #CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs #CVE-2025-1934: Unexpected GC during RegExp bailout processing #CVE-2025-1942: Disclosure of uninitialized memory when .toUpperCase() causes string to get longer #CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar #CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents #CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 #CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 #CVE-2025-1943: Memory safety bugs fixed in Firefox 136 and Thunderbird 136 @ text @d1 1 a1 1 $NetBSD: patch-third__party_sqlite3_ext_moz.build,v 1.1 2024/08/12 14:03:32 ryoon Exp $ d3 1 a3 1 --- third_party/sqlite3/ext/moz.build.orig 2024-08-06 01:06:04.545236415 +0000 d5 2 a6 2 @@@@ -20,7 +20,7 @@@@ SOURCES += [ "fts5.c", @