./mail/thunderbird, Organize, secure and customize your mail

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 102.8.0nb2, Package name: thunderbird-102.8.0nb2, Maintainer: pkgsrc-users

Thunderbird is a free email, news, and chat application with support for
add-ons, derived from the Mozilla Firefox web browser.

Required to run:
[chat/libotr] [sysutils/dbus-glib] [textproc/icu] [graphics/MesaLib] [net/libIDL] [devel/nspr] [devel/libffi] [devel/nss] [x11/gtk2] [x11/pixman] [x11/gtk3] [graphics/libwebp] [multimedia/ffmpeg4]

Required to build:
[pkgtools/x11-links] [x11/xcb-proto] [lang/clang] [lang/rust] [x11/xorgproto] [devel/lld] [lang/wasi-compiler-rt] [lang/wasi-libc] [lang/wasi-libcxx]

Package options: dbus

Master sites:

Filesize: 494170.352 KB

Version history: (Expand)

CVS history: (Expand)

   2023-05-06 21:09:54 by Ryo ONODERA | Files touched by this commit (687)
Log message:
*: Recursive revbump from audio/libopus 1.4
   2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) | Package updated
Log message:
revbump after textproc/icu update
   2023-02-16 19:17:33 by Havard Eidnes | Files touched by this commit (1) | Package updated
Log message:
thunderbird: also update PLIST...
   2023-02-16 19:11:40 by Havard Eidnes | Files touched by this commit (3)
Log message:
mail/thunderbird: Update to version 102.8.0.

Pkgsrc changes:
 * Checksum changes.
 * Minor adjustment to patches.

Upstream changes:


 - Added option to build RNP library with OpenSSL backend (use
   "--with-librnp-backend=openssl" configure option)

 - Thunderbird now warns user that OpenPGP is disabled if RNP
   library is outdated or missing

 - "Get Messages" did not retrieve messages from Gmail accounts
   using a local folder as a deferred inbox
 - Various visual and UX improvements

Security fixes:
CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP
CVE-2023-25728: Content security policy leak in violation reports using iframes
CVE-2023-25730: Screen hijack via browser fullscreen mode
CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey
CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
CVE-2023-25738: Printing on Windows could potentially crash Thunderbird with \ 
some device drivers
CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
CVE-2023-25729: Extensions could have opened external schemes withotu user knowledge
CVE-2023-25732: Out of bounds memory write from EncodeInputStream
CVE-2023-25734: Opening local.url files could cause unexpected network loads
CVE-2023-25742: Web Crypto ImportKey crashes tab
CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8


 - Various crash fixes


 - Microsoft Office 365 accounts were unable to authenticate
 - Switching identities caused remote images in HTML signatures to
   not be shown
 - Thunderbird failed to import vCards that contained "\r\r\n" line endings
 - Contribution button for add-ons opened Contribution page in a
   Thunderbird tab, instead of the external browser
 - XMPP did not respond to unrecognized IQ queries, causing some
   servers to close the connection
 - Window titlebar buttons (minimize/maximize/close) were not
   displayed in Windows 10 "Dark" color mode

Security fixes:
CVE-2023-0430: Revocations tatus of S/Mime signature certificates was not checked


 - Enterprise policies now support Thunderbird-specific preferences.

 - Localized builds and langpacks now use "comm-l10n" repository;
   downstream builds using official langpacks should not need to make
 - Having too many folders open at startup caused loss of MSF files
 - Copying an email from one local folder to another local folder
   sometimes caused "Another Operation is using the folder" error on
   Windows 7
 - Email address pill allowed for incorrectly formatted email addresses
 - Creating security exceptions for messages sent using a self-signed
   certificate failed if hostname contained uppercase letters
 - S/MIME certificate verification was prohibitively slow
 - OpenPGP key import failed for key blocks with comments that
   contain Unicode characters
 - Chat conversation sidebar was too wide under certain circumstances,
   making scrollbar unusable
 - On Mac, deleting events from Today Pane with "Backspace" key
   deleted selected messages instead

Security fixes:
CVE-2022-46871: libusrsctp library out of date
CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
CVE-2023-23599: Malicious command could be hidden in devtools output on Windows
CVE-2023-23601: URL being dragged from cross-origin iframe into same tab \ 
triggers navigation
CVE-2023-23602: Content Security Policy wasn't being correctly applied to \ 
WebSockets in WebWorkers
CVE-2022-46877: Fullscreen notification bypass
CVE-2023-23603: Calls to console.log allowed bypassing Content Security Policy \ 
via format directive
CVE-2023-23605: Memory safety bugs fixed in Thunderbird 102.7

Known issues:
 - OAuth2 authentication not working for Microsoft 365 Enterprise
   accounts. See the Blog post
   for additional information. Bug 1810760
   2023-02-11 04:49:24 by Masatake Daimon | Files touched by this commit (1)
Log message:
mail/thunderbird: Fix a PLIST issue that occurs when official-mozilla-branding \ 
is enabled
   2023-02-10 11:04:55 by Masatake Daimon | Files touched by this commit (4)
Log message:
mail/thunderbird: Fix build on NetBSD 9
   2023-01-29 22:18:34 by Ryo ONODERA | Files touched by this commit (2527)
Log message:
*: Recursive revbup from graphics/freetype2
   2023-01-03 18:38:37 by Thomas Klausner | Files touched by this commit (1416)
Log message:
*: recursive bump for tiff shlib major bump