pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mail/thunderbird Update to 52.9.1



details:   https://anonhg.NetBSD.org/pkgsrc/rev/d60cb2308ff5
branches:  trunk
changeset: 383414:d60cb2308ff5
user:      ryoon <ryoon%pkgsrc.org@localhost>
date:      Mon Jul 30 19:51:47 2018 +0000

description:
Update to 52.9.1

Changelog:
    changed
    Thunderbird will now prompt to compact IMAP folders even if the account is online. Note: Under certain circumstances an incorrect estimate of the expected gain is shown.

    fixed
    Complete fix of the EFAIL vulnerability: 1) Removing some HTML crafted to carry out an attack. 2) Optionally: Not decrypting subordinate message parts that otherwise might reveal decrypted 
content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security.

    fixed
    Various problems when forwarding messages inline when using "simple" HTML view

    fixed
    Deleting or detaching attachments corrupted messages under certain circumstances (not working only in Thunderbird version 52.9.0)

    fixed
    Various security fixes

Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails
#CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field
#CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9

diffstat:

 mail/thunderbird/Makefile |   5 ++---
 mail/thunderbird/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 8 deletions(-)

diffs (33 lines):

diff -r 55f7f2d0282c -r d60cb2308ff5 mail/thunderbird/Makefile
--- a/mail/thunderbird/Makefile Mon Jul 30 19:46:25 2018 +0000
+++ b/mail/thunderbird/Makefile Mon Jul 30 19:51:47 2018 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.211 2018/07/06 15:06:47 ryoon Exp $
+# $NetBSD: Makefile,v 1.212 2018/07/30 19:51:47 ryoon Exp $
 
 DISTNAME=      thunderbird-${TB_VER}.source
 PKGNAME=       thunderbird-${TB_VER}
-PKGREVISION=   1
-TB_VER=                52.8.0
+TB_VER=                52.9.1
 CATEGORIES=    mail
 MASTER_SITES=  ${MASTER_SITE_MOZILLA:=thunderbird/releases/${TB_VER}/source/}
 EXTRACT_SUFX=  .tar.xz
diff -r 55f7f2d0282c -r d60cb2308ff5 mail/thunderbird/distinfo
--- a/mail/thunderbird/distinfo Mon Jul 30 19:46:25 2018 +0000
+++ b/mail/thunderbird/distinfo Mon Jul 30 19:51:47 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.200 2018/06/01 19:49:40 ryoon Exp $
+$NetBSD: distinfo,v 1.201 2018/07/30 19:51:47 ryoon Exp $
 
-SHA1 (thunderbird-52.8.0.source.tar.xz) = b8aabca309c15ac239a8334df63b330cd6a35c39
-RMD160 (thunderbird-52.8.0.source.tar.xz) = 91120b683059ccd26092add8450480a41f3efdb3
-SHA512 (thunderbird-52.8.0.source.tar.xz) = ce44f32f44244560499c44dbe963a8296cf58cf33e3f26d07be455746ed7f77791084e41bc66b2c90fe46e97fa15ae2041b1f5fcfa94d15b45c4f90172230d03
-Size (thunderbird-52.8.0.source.tar.xz) = 230380780 bytes
+SHA1 (thunderbird-52.9.1.source.tar.xz) = 9970d78084fe979f568ea00bf06b8e81a738e630
+RMD160 (thunderbird-52.9.1.source.tar.xz) = b3169a0154fa85648a98ba0d74f264abd224b323
+SHA512 (thunderbird-52.9.1.source.tar.xz) = 0de80a5036b1e8a5a8549c546b4693cb285ee4d10f546f4b4aceed9e1d6c64b9dbafce7bacaaf057112130036f7b41fb2e0fa3343412140e6ac926dd94c27d23
+Size (thunderbird-52.9.1.source.tar.xz) = 230475264 bytes
 SHA1 (patch-calendar_lightning_Makefile.in) = 02a1528f2da82f1d4ff4931a7d7dc8227b7fa9f2
 SHA1 (patch-calendar_lightning_build_universal.mk) = 86dc2c6b4f9feb835570111078aa5d08a389d0da
 SHA1 (patch-calendar_providers_gdata_Makefile.in) = 0e90ddc9aecc817b0b150bbc37d23ddec97b093e



Home | Main Index | Thread Index | Old Index