CVS commit: pkgsrc/mail/thunderbird

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail/thunderbird
From: "Havard Eidnes" <he%netbsd.org@localhost>
Date: Thu, 16 Feb 2023 18:11:40 +0000

Module Name:    pkgsrc
Committed By:   he
Date:           Thu Feb 16 18:11:40 UTC 2023

Modified Files:
        pkgsrc/mail/thunderbird: Makefile distinfo
        pkgsrc/mail/thunderbird/patches: patch-media_libcubeb_src_cubeb__sun.c

Log Message:
mail/thunderbird: Update to version 102.8.0.

Pkgsrc changes:
 * Checksum changes.
 * Minor adjustment to patches.

Upstream changes:

102.8.0:

New:
 - Added option to build RNP library with OpenSSL backend (use
   "--with-librnp-backend=openssl" configure option)

Changes:
 - Thunderbird now warns user that OpenPGP is disabled if RNP
   library is outdated or missing

Fixes:
 - "Get Messages" did not retrieve messages from Gmail accounts
   using a local folder as a deferred inbox
 - Various visual and UX improvements

Security fixes:
CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP
CVE-2023-25728: Content security policy leak in violation reports using iframes
CVE-2023-25730: Screen hijack via browser fullscreen mode
CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey
CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
CVE-2023-25738: Printing on Windows could potentially crash Thunderbird with some device drivers
CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
CVE-2023-25729: Extensions could have opened external schemes withotu user knowledge
CVE-2023-25732: Out of bounds memory write from EncodeInputStream
CVE-2023-25734: Opening local.url files could cause unexpected network loads
CVE-2023-25742: Web Crypto ImportKey crashes tab
CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8

102.7.2:

Fixes:
 - Various crash fixes

102.7.1:

Fixes:
 - Microsoft Office 365 accounts were unable to authenticate
 - Switching identities caused remote images in HTML signatures to
   not be shown
 - Thunderbird failed to import vCards that contained "\r\r\n" line endings
 - Contribution button for add-ons opened Contribution page in a
   Thunderbird tab, instead of the external browser
 - XMPP did not respond to unrecognized IQ queries, causing some
   servers to close the connection
 - Window titlebar buttons (minimize/maximize/close) were not
   displayed in Windows 10 "Dark" color mode

Security fixes:
CVE-2023-0430: Revocations tatus of S/Mime signature certificates was not checked

102.7.0:

New:
 - Enterprise policies now support Thunderbird-specific preferences.

Fixes:
 - Localized builds and langpacks now use "comm-l10n" repository;
   downstream builds using official langpacks should not need to make
   changes
 - Having too many folders open at startup caused loss of MSF files
 - Copying an email from one local folder to another local folder
   sometimes caused "Another Operation is using the folder" error on
   Windows 7
 - Email address pill allowed for incorrectly formatted email addresses
 - Creating security exceptions for messages sent using a self-signed
   certificate failed if hostname contained uppercase letters
 - S/MIME certificate verification was prohibitively slow
 - OpenPGP key import failed for key blocks with comments that
   contain Unicode characters
 - Chat conversation sidebar was too wide under certain circumstances,
   making scrollbar unusable
 - On Mac, deleting events from Today Pane with "Backspace" key
   deleted selected messages instead

Security fixes:
CVE-2022-46871: libusrsctp library out of date
CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
CVE-2023-23599: Malicious command could be hidden in devtools output on Windows
CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation
CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
CVE-2022-46877: Fullscreen notification bypass
CVE-2023-23603: Calls to console.log allowed bypassing Content Security Policy via format directive
CVE-2023-23605: Memory safety bugs fixed in Thunderbird 102.7

Known issues:
 - OAuth2 authentication not working for Microsoft 365 Enterprise
   accounts. See the Blog post
   (https://blog.thunderbird.net/2023/01/important-message-for-microsoft-office-365-enterprise-users/)
   for additional information. Bug 1810760


To generate a diff of this commit:
cvs rdiff -u -r1.292 -r1.293 pkgsrc/mail/thunderbird/Makefile
cvs rdiff -u -r1.255 -r1.256 pkgsrc/mail/thunderbird/distinfo
cvs rdiff -u -r1.3 -r1.4 \
    pkgsrc/mail/thunderbird/patches/patch-media_libcubeb_src_cubeb__sun.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/thunderbird/Makefile
diff -u pkgsrc/mail/thunderbird/Makefile:1.292 pkgsrc/mail/thunderbird/Makefile:1.293
--- pkgsrc/mail/thunderbird/Makefile:1.292      Fri Feb 10 10:04:54 2023
+++ pkgsrc/mail/thunderbird/Makefile    Thu Feb 16 18:11:40 2023
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.292 2023/02/10 10:04:54 pho Exp $
+# $NetBSD: Makefile,v 1.293 2023/02/16 18:11:40 he Exp $
 
 DISTNAME=      thunderbird-${TB_VER}.source
 PKGNAME=       thunderbird-${TB_VER}
-TB_VER=                102.6.1
+TB_VER=                102.8.0
 CATEGORIES=    mail
 MASTER_SITES=  ${MASTER_SITE_MOZILLA:=thunderbird/releases/${TB_VER}/source/}
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/mail/thunderbird/distinfo
diff -u pkgsrc/mail/thunderbird/distinfo:1.255 pkgsrc/mail/thunderbird/distinfo:1.256
--- pkgsrc/mail/thunderbird/distinfo:1.255      Fri Feb 10 10:04:54 2023
+++ pkgsrc/mail/thunderbird/distinfo    Thu Feb 16 18:11:40 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.255 2023/02/10 10:04:54 pho Exp $
+$NetBSD: distinfo,v 1.256 2023/02/16 18:11:40 he Exp $
 
-BLAKE2s (thunderbird-102.6.1.source.tar.xz) = a5a5e3a188e039669a404983d4ef55790a0882f8250cfc4557a3df3550260a51
-SHA512 (thunderbird-102.6.1.source.tar.xz) = 06ea2fce76c08609d638435869fddc1c4d7f4b748951ebfb2476b4dba9f1f76d3de2c11e5f62540f297a5d30bb0fc637852d8e57f4fadc2c905f299757949d83
-Size (thunderbird-102.6.1.source.tar.xz) = 508826308 bytes
+BLAKE2s (thunderbird-102.8.0.source.tar.xz) = 5d6de22c7e4aadb9937982915322f646913f7a1deb73492b68fdf6beeb56fa70
+SHA512 (thunderbird-102.8.0.source.tar.xz) = 2431eb8799184b261609c96bed3c9368bec9035a831aa5f744fa89e48aedb130385b268dd90f03bbddfec449dc3e5fad1b5f8727fe9e11e1d1f123a81b97ddf8
+Size (thunderbird-102.8.0.source.tar.xz) = 506030440 bytes
 SHA1 (patch-browser_app_profile_firefox.js) = d53fae5544563888d030af7483f00283a712235c
 SHA1 (patch-build_moz.configure_rust.configure) = 72c5fa2e9d1022325d038832cca2e35f7213116d
 SHA1 (patch-comm_third__party_botan_configure.py) = 262f560c514d221d0df15a1906100b5e716bfdab
@@ -20,7 +20,7 @@ SHA1 (patch-js_src_jsfriendapi.h) = e013
 SHA1 (patch-js_src_util_NativeStack.cpp) = 338fdf6aa34101f6a41d07b303d4a8426c483d5b
 SHA1 (patch-media_ffvpx_libavutil_arm_bswap.h) = 5a7ad4d38165d49d44862ade846cb79de026867e
 SHA1 (patch-media_libcubeb_src_cubeb__alsa.c) = 99e881e557430c1ef26060109f4b40c30d3b201c
-SHA1 (patch-media_libcubeb_src_cubeb__sun.c) = 79f086c838efd57dec03ec6f289b3ac8d439c68c
+SHA1 (patch-media_libcubeb_src_cubeb__sun.c) = 789312b0511f2667ab7ee581f066b6ecc129ad4f
 SHA1 (patch-media_libcubeb_src_moz.build) = bd3275f1acb6e439dee98b1673eeb65ec7797974
 SHA1 (patch-media_libpng_pngpriv.h) = 5c49119b0e555c9daca64799ff03f3fa8fa05ded
 SHA1 (patch-media_libtheora_lib_info.c) = 96f3d3824459186476102a4598d07cf6f6a704ef

Index: pkgsrc/mail/thunderbird/patches/patch-media_libcubeb_src_cubeb__sun.c
diff -u pkgsrc/mail/thunderbird/patches/patch-media_libcubeb_src_cubeb__sun.c:1.3 pkgsrc/mail/thunderbird/patches/patch-media_libcubeb_src_cubeb__sun.c:1.4
--- pkgsrc/mail/thunderbird/patches/patch-media_libcubeb_src_cubeb__sun.c:1.3   Fri Feb 10 10:04:54 2023
+++ pkgsrc/mail/thunderbird/patches/patch-media_libcubeb_src_cubeb__sun.c       Thu Feb 16 18:11:40 2023
@@ -1,6 +1,6 @@
-$NetBSD: patch-media_libcubeb_src_cubeb__sun.c,v 1.3 2023/02/10 10:04:54 pho Exp $
+$NetBSD: patch-media_libcubeb_src_cubeb__sun.c,v 1.4 2023/02/16 18:11:40 he Exp $
 
---- media/libcubeb/src/cubeb_sun.c.orig        2023-02-10 01:03:24.076131575 +0000
+--- media/libcubeb/src/cubeb_sun.c.orig        2023-02-16 16:57:29.457010148 +0000
 +++ media/libcubeb/src/cubeb_sun.c
 @@ -1,5 +1,5 @@
  /*

Prev by Date: CVS commit: pkgsrc/lang/mpd
Next by Date: CVS commit: pkgsrc/devel/smake
Previous by Thread: CVS commit: pkgsrc/lang/mpd
Next by Thread: CVS commit: pkgsrc/devel/smake
Indexes:

Home | Main Index | Thread Index | Old Index