47ff8451c2- Mozilla Thunderbird 60.3.3 * Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault that potentially deleted saved passwords and private certificate keys for users using a master password. Version 60.3.3 will prevent the loss of data; affected users who have already upgraded to version 60.3.2 or earlier can restore the deleted key3.db file from backup to complete the migration. * Address book search and auto-complete slowness introduced in Thunderbird 60.3.2 * Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters * While composing a message, a link not removed when link location was removed in the link properties panel
Wolfgang Rosenauer
2018-12-05 21:18:03 +00:00
0f47d98b6bAccepting request 653550 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2018-12-03 15:06:20 +00:00
e5fa4278bb- Mozilla Thunderbird 60.3.2 * Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding * If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead. * Body search/filtering didn't reliably ignore content of tags * Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons * Incorrect display of correspondents column since own email address was not always detected * Spurious 
 (encoded newline) inserted into drafts and sent email
Wolfgang Rosenauer
2018-11-30 10:20:59 +00:00
effd24db38- update to Thunderbird 60.3.0 * various theme fixes * Shift+PageUp/PageDown in Write window * Gloda attachment filtering * Mailing list address auto-complete enter/return handling * Thunderbird hung if HTML signature references non-existent image * Filters not working for headers that appear more than once - Security fixes for the Mozilla platform picked up from 60.3 (Firefox ESR release). In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts (MFSA 2018-28) (bsc#1112852) * CVE-2018-12391 (bmo#1478843) (Android only) HTTP Live Stream audio data is accessible cross-origin * CVE-2018-12392 (bmo#1492823) Crash with nested event loops * CVE-2018-12393 (bmo#1495011) Integer overflow during Unicode conversion while loading JavaScript * CVE-2018-12389 (bmo#1498460, bmo#1499198) Memory safety bugs fixed in Firefox ESR 60.3 * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159, bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803, bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699, bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844) Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
Wolfgang Rosenauer
2018-11-01 17:28:09 +00:00
9bb3d7bcacAccepting request 644807 from home:Guillaume_G:branches:mozilla:Factory
Wolfgang Rosenauer
2018-10-29 08:28:50 +00:00
266f4763daAccepting request 640045 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2018-10-05 09:08:04 +00:00
c0d713ad9eAccepting request 640011 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2018-10-04 20:00:55 +00:00
46ff0ae0de- update to Thunderbird 60.2.1 * several bugfixes since release of version 60.0 * security fixes for the Mozilla platform picked up from 60.1 and 60.2 (Firefox ESR releases) - Update file list since minidump-analyzer is only available when * Various fixes and changes to e-mail workflow
Wolfgang Rosenauer
2018-10-03 20:05:00 +00:00
93fe18dfd9Accepting request 621937 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2018-07-10 17:29:54 +00:00
1179b0a448* Deleting or detaching attachments corrupted messages under certain circumstances (bmo#1473893)
Wolfgang Rosenauer
2018-07-10 09:03:21 +00:00
97874126cc- update to Thunderbird 52.9.1 * fix detaching attachments (bmo#1473893) otherwise might reveal decryted content to the attacker. "simple" HTML view
Wolfgang Rosenauer
2018-07-10 06:54:09 +00:00
8482f17d7fAccepting request 620658 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2018-07-05 06:01:02 +00:00
3b3bdbed6fAccepting request 620624 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2018-07-04 14:06:02 +00:00
5e3677350aAccepting request 620593 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2018-07-04 08:58:13 +00:00
4460ca6a07MFSA 2018-16 (bsc#1098998) * CVE-2018-12359 (bmo#1459162) Buffer overflow using computed size of canvas element * CVE-2018-12360 (bmo#1459693) Use-after-free when using focus() * CVE-2018-12372 (bmo#1419417) S/MIME and PGP decryption oracles can be built with HTML emails * CVE-2018-12373 (bmo#1464667, bmo#1464056) S/MIME plaintext can be leaked through HTML reply/forward * CVE-2018-12362 (bmo#1452375) Integer overflow in SSSE3 scaler * CVE-2018-12363 (bmo#1464784) Use-after-free when appending DOM nodes * CVE-2018-12364 (bmo#1436241) CSRF attacks through 307 redirects and NPAPI plugins * CVE-2018-12365 (bmo#1459206) Compromised IPC child process can list local filenames * CVE-2018-12366 (bmo#1464039) Invalid data handling during QCMS transformations * CVE-2018-12374 (bmo#1462910) Using form to exfiltrate encrypted mail part by pressing enter in form field * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739, bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, bmo#1464079,bmo#1463494,bmo#1458048) Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
Wolfgang Rosenauer
2018-07-04 05:58:22 +00:00
9a9de5cf1f- update to Thunderbird 52.9 (bsc#1098998) - correct requires and provides handling (boo#1076907) - reduce memory footprint with %ix86 at linking time via additional compiler flags (boo#1091376)
Wolfgang Rosenauer
2018-07-02 13:49:36 +00:00
07cdaea7b5Accepting request 620026 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2018-07-02 12:10:40 +00:00
cd0e3ea9a0- update to Thunderbird 52.8 (bsc#1092548) MFSA 2018-13 * CVE-2018-5183 (bmo#1454692) Backport critical security fixes in Skia * CVE-2018-5184 (bmo#1411592, bsc#1093152) Full plaintext recovery in S/MIME via chosen-ciphertext attack * CVE-2018-5154 (bmo#1443092) Use-after-free with SVG animations and clip paths * CVE-2018-5155 (bmo#1448774) Use-after-free with SVG animations and text paths * CVE-2018-5159 (bmo#1441941) Integer overflow and out-of-bounds write in Skia * CVE-2018-5161 (bmo#1411720) Hang via malformed headers * CVE-2018-5162 (bmo#1457721, bsc#1093152) Encrypted mail leaks plaintext through src attribute * CVE-2018-5170 (bmo#1411732) Filename spoofing for external attachments * CVE-2018-5168 (bmo#1449548) Lightweight themes can be installed without user interaction * CVE-2018-5174 (bmo#1447080) (Windows only) Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update * CVE-2018-5178 (bmo#1443891) Buffer overflow during UTF-8 to Unicode string conversion through legacy extension * CVE-2018-5185 (bmo#1450345) Leaking plaintext through HTML forms * CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705, bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415,
Wolfgang Rosenauer
2018-05-19 10:55:26 +00:00
2fe1d46e22Accepting request 590831 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2018-03-26 11:03:30 +00:00
120baf56d9- update to Thunderbird 52.7 (bsc#1085130) * Searching message bodies of messages in local folders, including filter and quick filter operations, did not find content in message attachments * Better error handling for Yahoo accounts MFSA 2018-08 * CVE-2018-5146 (bmo#1446062) Out of bounds memory write in libvorbis * CVE-2018-5147 (bmo#1446365) Out of bounds memory write in libtremor
Wolfgang Rosenauer
2018-03-24 09:35:07 +00:00
f8a44525c7- update to Thunderbird 52.6 (bsc#1077291) * Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found. * Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices * Calendar: Unintended task deletion if numlock is enabled * Mozilla platform security fixes MFSA 2018-04 * CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during edge builder allocation * CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements * CVE-2018-5097 (bmo#1387427) Use-after-free when source document is manipulated during XSLT * CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form input elements * CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener * CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements * CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling * CVE-2018-5104 (bmo#1425000) Use-after-free during font face manipulation * CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text aligned left-to-right * CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
Wolfgang Rosenauer
2018-01-26 07:14:05 +00:00
fa26255979Accepting request 559653 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2017-12-23 21:58:24 +00:00
a542d644fe- update to Thunderbird 52.5.2 * This releases fixes the "Mailsploit" vulnerability and other vulnerabilities detected by the "Cure53" audit MFSA 2017-30 * CVE-2017-7845 (bmo#1402372) Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 * CVE-2017-7846 (bmo#1411716) JavaScript Execution via RSS in mailbox:// origin * CVE-2017-7847 (bmo#1411708) Local path string can be leaked from RSS feed * CVE-2017-7848 (bmo#1411699) RSS Feed vulnerable to new line Injection * CVE-2017-7829 (bmo#1423432) Mailsploit part 1: From address with encoded null character is cut off in message header display
Wolfgang Rosenauer
2017-12-23 20:06:58 +00:00
ca09b0503f* Better support for Charter/Spectrum IMAP: Thunderbird will now detect Charter's IMAP service and send an additional IMAP select command to the server. Check the various preferences ending in "force_select" to see whether auto-detection has discovered this case. * In search folders spanning multiple base folders clicking on a message sometimes marked another message as read * IMAP alerts have been corrected and now show the correct server name in case of connection problems * POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found MFSA 2017-26
Wolfgang Rosenauer
2017-11-25 07:08:27 +00:00
db14770321Accepting request 544396 from home:Zaitor:branches:mozilla:Factory
Wolfgang Rosenauer
2017-11-22 19:21:46 +00:00
21edfd304e- update to Thunderbird 52.5.0 (bsc#1068101) MFSA 2017-25 * CVE-2017-7828 (bmo#1406750. bmo#1412252) Use-after-free of PressShell while restyling layout * CVE-2017-7830 (bmo#1408990) Cross-origin URL information leak through Resource Timing API * CVE-2017-7826 Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
Wolfgang Rosenauer
2017-11-22 10:48:23 +00:00
c0196e9638* new behavior was introduced for replies to mailing list posts: "When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header". A new preference mail.override_list_reply_to allows to restore the previous behavior. * Under certain circumstances (image attachment and non-image attachment), attached images were shown truncated in messages stored in IMAP folders not synchronised for offline use. * IMAP UIDs > 0x7FFFFFFF now handled properly Security fixes from Gecko 52.4esr * CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API * CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array manipulation * CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in design mode * CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and validating elements with ANGLE * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free in TLS 1.2 generating handshake hashes * CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and malware protection warnings * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render some Tibetan and Arabic unicode characters as spaces * CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a unique origin * CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
Wolfgang Rosenauer
2017-10-06 20:50:03 +00:00
5a7900b24aAccepting request 531253 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2017-10-04 15:11:54 +00:00
86366658feAccepting request 529099 from home:dimstar:Factory
Wolfgang Rosenauer
2017-09-28 08:25:59 +00:00
3cf568899e- update to Thunderbird 52.3 (boo#1052829) Fixed issues: * Unwanted inline images shown in rogue SPAM messages * Deleting message from the POP3 server not working when maildir storage was used * Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later * Inline images not scaled to fit when printing * Selected text from another message sometimes included in a reply * No authorisation prompt displayed when inserting image into email body although image URL requires authentication * Large attachments taking a long time to open under some circumstances security Security fixes from Gecko 52.3esr * CVE-2017-7798 (bmo#1371586, bmo#1372112) XUL injection in the style editor in devtools * CVE-2017-7800 (bmo#1374047) Use-after-free in WebSockets during disconnection * CVE-2017-7801 (bmo#1371259) Use-after-free with marquee during window resizing * CVE-2017-7784 (bmo#1376087) Use-after-free with image observers * CVE-2017-7802 (bmo#1378147) Use-after-free resizing image elements * CVE-2017-7785 (bmo#1356985) Buffer overflow manipulating ARIA attributes in DOM * CVE-2017-7786 (bmo#1365189) Buffer overflow while painting non-displayable SVG * CVE-2017-7753 (bmo#1353312) Out-of-bounds read with cached style data and pseudo-elements#
Wolfgang Rosenauer
2017-08-16 19:17:30 +00:00
9c1bac3491Accepting request 515837 from home:Andreas_Schwab:Factory
Wolfgang Rosenauer
2017-08-10 06:56:53 +00:00
a6a4f44e7bAccepting request 506827 from home:Guillaume_G:branches:mozilla:Factory
Wolfgang Rosenauer
2017-06-29 09:32:34 +00:00
1b6e938d0c- update to Thunderbird 52.2.1 * Problems with Gmail fixed (folders not showing, repeated email download, etc.) introduced in version 52.2.0. (boo#1045895)
Wolfgang Rosenauer
2017-06-26 05:17:01 +00:00
d85085e956- update to Thunderbird 52.2 (boo#1043960) * Embedded images not shown in email received from Hotmail/Outlook webmailer * Detection of non-ASCII font names in font selector * Attachment not forwarded correctly under certain circumstances * Multiple requests for master password when GMail OAuth2 is enabled * Large number of blank pages being printed under certain circumstances when invalid preferences were present * Messages sent via the Simple MAPI interface are forced to HTML * Calendar: Invitations can't be printed * Mailing list (group) not accessible from macOS or Outlook address book * Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser MFSA 2017-17 * CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when regenerating trees * CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading * CVE-2017-7750 (bmo#1356558) Use-after-free with track elements * CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners * CVE-2017-7752 (bmo#1359547) Use-after-free with IME input * CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo object * CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging XHR header errors * CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB
Wolfgang Rosenauer
2017-06-15 11:08:05 +00:00
84d1aa88aa- explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105, boo#1042090)
Wolfgang Rosenauer
2017-06-01 06:10:49 +00:00
c8307ea894- update to Thunderbird 52.1.1 * fixed crash when compacting IMAP folder (boo#1038753) * Some attachments could not be opened or saved if the message body is empty * Unable to load full message via POP if message was downloaded partially (or only headers) before * Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use
Wolfgang Rosenauer
2017-05-15 20:50:25 +00:00
7301b54ab6- update to Thunderbird 52.1.0 * Background images not working and other issues related to embedded images when composing email have been fixed * Google Oauth setup can sometimes not progress to the next step * requires NSS >= 3.28.4 - security fixes (boo#1035082), MFSA 2017-13 * CVE-2017-5443 (bmo#1342661) Out-of-bounds write during BinHex decoding * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 * CVE-2017-5464 (bmo#1347075) Memory corruption with accessibility and DOM manipulation * CVE-2017-5465 (bmo#1347617) Out-of-bounds read in ConvolvePixel * CVE-2017-5466 (bmo#1353975) Origin confusion when reloading isolated data:text/html URL * CVE-2017-5467 (bmo#1347262) Memory corruption when drawing Skia content * CVE-2017-5460 (bmo#1343642) Use-after-free in frame selection * CVE-2017-5461 (bmo#1344380) Out-of-bounds write in Base64 encoding in NSS * CVE-2017-5449 (bmo#1340127) Crash during bidirectional unicode manipulation with animation * CVE-2017-5446 (bmo#1343505) Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data * CVE-2017-5447 (bmo#1343552) Out-of-bounds read during glyph processing
Wolfgang Rosenauer
2017-05-02 07:59:46 +00:00
55377bc24a- require libffi explicitely to fix PPC64LE build where a system library is required
Wolfgang Rosenauer
2017-04-19 09:45:54 +00:00
cb96a9588aAccepting request 489077 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2017-04-18 12:03:08 +00:00
8699f618bd- update to Thunderbird 52.0.1 * Clicking on a link in an email may not open this link in the external browser * addon blocklist updates - enable ALSA for systems w/o PA
Wolfgang Rosenauer
2017-04-17 12:52:44 +00:00
2fb682c18e- use Gtk3 for Tumbleweed
Wolfgang Rosenauer
2017-04-02 21:31:26 +00:00
5894d6fffdAccepting request 483796 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2017-04-02 21:22:13 +00:00
d6fa566d17- update to Thunderbird 52.0 * Optionally remove corresponding data files when removing an account * Possibility to copy message filter * Calendar: Event can now be created and edited in a tab * Calendar: Processing of received invitation counter proposals * Chat: Support Twitter Direct Messages * Chat: Liking and favoriting in Twitter * Chat: Removed Yahoo! Messenger support * serveral bugfixes - removed obsolete patches * mozilla-aarch64-48bit-va.patch * mozilla-binutils-visibility.patch * mozilla-flex_buffer_overrun.patch * mozilla-gcc6.patch - added generic mozilla patches * mozilla-aarch64-startup-crash.patch - require newer versions of NSPR and NSS
Wolfgang Rosenauer
2017-03-18 21:27:55 +00:00
e3be4ae3e0- update to Thunderbird 45.8.0 (boo#1028391) * MFSA 2017-07 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933) CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138) CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622) CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687) CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711) CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699) CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
Wolfgang Rosenauer
2017-03-09 16:34:03 +00:00
ea8836e41b- update to Thunderbird 45.8.0
Wolfgang Rosenauer
2017-03-08 14:16:14 +00:00
Wolfgang Rosenauer
Dominique Leuenberger
Yuchen Lin