Commit 1ff91c57 authored by intrigeri's avatar intrigeri

Update Thunderbird patches from icedove.git at commit bdc2bcdf2ee8aa54b7127c406cf8e40b078702ec

refs: #6156
parent 3c7decba
From: intrigeri <intrigeri@boum.org>
Date: Sun, 16 Feb 2020 09:29:00 +0000
Subject: [PATCH] Add pref for whether to accept plaintext protocols during
autoconfiguration.
Author: anonym <anonym@riseup.net>
---
comm/mail/components/accountcreation/content/readFromXML.js | 10 ++++++++++
comm/mailnews/mailnews.js | 6 ++++++
2 files changed, 16 insertions(+)
--- a/comm/mail/components/accountcreation/content/readFromXML.js
+++ b/comm/mail/components/accountcreation/content/readFromXML.js
@@ -34,6 +34,8 @@
}
var allow_oauth2 =
Services.prefs.getBoolPref("mailnews.auto_config.account_constraints.allow_oauth2");
+ var ssl_only =
+ Services.prefs.getBoolPref("mailnews.auto_config.sslOnly");
var exception;
if (
typeof clientConfigXML != "object" ||
@@ -115,6 +117,10 @@
}
exception = null;
+ if (ssl_only && iO.socketType == 1) {
+ continue;
+ }
+
for (let iXauth of array_or_undef(iX.$authentication)) {
try {
iO.auth = sanitize.translate(iXauth, {
@@ -257,6 +263,10 @@
}
exception = null;
+ if (ssl_only && oO.socketType == 1) {
+ continue;
+ }
+
for (let oXauth of array_or_undef(oX.$authentication)) {
try {
oO.auth = sanitize.translate(oXauth, {
--- a/comm/mailnews/mailnews.js
+++ b/comm/mailnews/mailnews.js
@@ -969,6 +969,12 @@
pref("mailnews.auto_config.guess.timeout", 10);
// Whether we allow fetched configurations using OAuth2.
pref("mailnews.auto_config.account_constraints.allow_oauth2", true);
+// Whether we allow fetched account configurations that employs
+// non-SSL/TLS protocols. With this option set, insecure
+// configurations are never presented to the user; with this option
+// unset, users picking an insecure configuration will get a warning
+// and have to opt-in.
+pref("mailnews.auto_config.sslOnly", false);
// Work around bug 1454325 by disabling mimetype mungling in XmlHttpRequest
pref("dom.xhr.standard_content_type_normalization", false);
Prefer-fetched-configurations-using-SSL-over-plainte.patch
Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch
Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
Avoid-local-timestamp-disclosure-in-Date-header.patch
Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch
Fix-buggy-pref-for-disabling-MS-Exchange-autoconfig-.patch
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment