Commit 3c7decba authored by intrigeri's avatar intrigeri

Update Thunderbird patches from icedove.git at commit a1fe95148a2db71c58101b1495a483b7cd026b61

refs: #17808
parent 919ae896
......@@ -9,11 +9,9 @@ Author: anonym <anonym@riseup.net>
comm/mailnews/mailnews.js | 6 ++++++
2 files changed, 16 insertions(+)
diff --git a/comm/mail/components/accountcreation/content/readFromXML.js b/comm/mail/components/accountcreation/content/readFromXML.js
index 780229f..6a9fef9 100644
--- a/comm/mail/components/accountcreation/content/readFromXML.js
+++ b/comm/mail/components/accountcreation/content/readFromXML.js
@@ -34,6 +34,8 @@ function readFromXML(clientConfigXML) {
@@ -34,6 +34,8 @@
}
var allow_oauth2 =
Services.prefs.getBoolPref("mailnews.auto_config.account_constraints.allow_oauth2");
......@@ -22,7 +20,7 @@ index 780229f..6a9fef9 100644
var exception;
if (
typeof clientConfigXML != "object" ||
@@ -115,6 +117,10 @@ function readFromXML(clientConfigXML) {
@@ -115,6 +117,10 @@
}
exception = null;
......@@ -33,7 +31,7 @@ index 780229f..6a9fef9 100644
for (let iXauth of array_or_undef(iX.$authentication)) {
try {
iO.auth = sanitize.translate(iXauth, {
@@ -257,6 +263,10 @@ function readFromXML(clientConfigXML) {
@@ -257,6 +263,10 @@
}
exception = null;
......@@ -44,11 +42,9 @@ index 780229f..6a9fef9 100644
for (let oXauth of array_or_undef(oX.$authentication)) {
try {
oO.auth = sanitize.translate(oXauth, {
diff --git a/comm/mailnews/mailnews.js b/comm/mailnews/mailnews.js
index 8f598b2..7dda1ad 100644
--- a/comm/mailnews/mailnews.js
+++ b/comm/mailnews/mailnews.js
@@ -969,6 +969,12 @@ pref("mailnews.auto_config.guess.sslOnly", false);
@@ -969,6 +969,12 @@
pref("mailnews.auto_config.guess.timeout", 10);
// Whether we allow fetched configurations using OAuth2.
pref("mailnews.auto_config.account_constraints.allow_oauth2", true);
......
......@@ -16,11 +16,9 @@ Original author: anonym <anonym@riseup.net>
comm/mailnews/mailnews.js | 2 +
3 files changed, 49 insertions(+), 30 deletions(-)
diff --git a/comm/mail/components/accountcreation/content/emailWizard.js b/comm/mail/components/accountcreation/content/emailWizard.js
index 3780792..86bef64 100644
--- a/comm/mail/components/accountcreation/content/emailWizard.js
+++ b/comm/mail/components/accountcreation/content/emailWizard.js
@@ -1432,21 +1432,23 @@ EmailConfigWizard.prototype = {
@@ -1515,21 +1515,23 @@
}
this.fillPortDropdown(config.incoming.type);
......@@ -59,7 +57,7 @@ index 3780792..86bef64 100644
}
// outgoing server
@@ -1471,21 +1473,23 @@ EmailConfigWizard.prototype = {
@@ -1554,21 +1556,23 @@
this.adjustOutgoingPortToSSLAndProtocol(config);
}
......@@ -98,11 +96,9 @@ index 3780792..86bef64 100644
}
// populate fields even if existingServerKey, in case user changes back
diff --git a/comm/mail/components/accountcreation/content/readFromXML.js b/comm/mail/components/accountcreation/content/readFromXML.js
index 8c7ecdd..780229f 100644
--- a/comm/mail/components/accountcreation/content/readFromXML.js
+++ b/comm/mail/components/accountcreation/content/readFromXML.js
@@ -32,6 +32,8 @@ function readFromXML(clientConfigXML) {
@@ -32,6 +32,8 @@
function array_or_undef(value) {
return value === undefined ? [] : value;
}
......@@ -111,7 +107,7 @@ index 8c7ecdd..780229f 100644
var exception;
if (
typeof clientConfigXML != "object" ||
@@ -126,6 +128,12 @@ function readFromXML(clientConfigXML) {
@@ -126,6 +128,12 @@
NTLM: Ci.nsMsgAuthMethod.NTLM,
OAuth2: Ci.nsMsgAuthMethod.OAuth2,
});
......@@ -124,7 +120,7 @@ index 8c7ecdd..780229f 100644
break; // take first that we support
} catch (e) {
exception = e;
@@ -269,6 +277,11 @@ function readFromXML(clientConfigXML) {
@@ -269,6 +277,11 @@
OAuth2: Ci.nsMsgAuthMethod.OAuth2,
});
......@@ -136,11 +132,9 @@ index 8c7ecdd..780229f 100644
break; // take first that we support
} catch (e) {
exception = e;
diff --git a/comm/mailnews/mailnews.js b/comm/mailnews/mailnews.js
index bde86d3..8f598b2 100644
--- a/comm/mailnews/mailnews.js
+++ b/comm/mailnews/mailnews.js
@@ -967,6 +967,8 @@ pref("mailnews.auto_config.guess.enabled", true);
@@ -967,6 +967,8 @@
pref("mailnews.auto_config.guess.sslOnly", false);
// The timeout (in seconds) for each guess
pref("mailnews.auto_config.guess.timeout", 10);
......
......@@ -13,11 +13,9 @@ https://www.mozilla.org/en-US/MPL/
comm/mailnews/mime/jsmime/jsmime.js | 42 +++++++++++++++++++++++++++++--------
2 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/comm/mailnews/mailnews.js b/comm/mailnews/mailnews.js
index 7dda1ad..2673c8b 100644
--- a/comm/mailnews/mailnews.js
+++ b/comm/mailnews/mailnews.js
@@ -1029,3 +1029,10 @@ pref("mail.imap.qos", 0);
@@ -1029,3 +1029,10 @@
// PgpMime Addon
pref("mail.pgpmime.addon_url", "https://addons.mozilla.org/addon/enigmail/");
......@@ -28,11 +26,9 @@ index 7dda1ad..2673c8b 100644
+// local time zone. These measures are taken to make tracking
+// the user across accounts more difficult.
+pref("mail.mime.avoid_fingerprinting", false);
diff --git a/comm/mailnews/mime/jsmime/jsmime.js b/comm/mailnews/mime/jsmime/jsmime.js
index 75ee0c8..74183b8 100644
--- a/comm/mailnews/mime/jsmime/jsmime.js
+++ b/comm/mailnews/mime/jsmime/jsmime.js
@@ -3450,9 +3450,34 @@
@@ -3466,9 +3466,34 @@
throw new Error("Cannot encode an invalid date");
}
......@@ -68,7 +64,7 @@ index 75ee0c8..74183b8 100644
throw new Error("Date year is out of encodable range");
}
@@ -3460,7 +3485,6 @@
@@ -3476,7 +3501,6 @@
// the the 0-padding is done by hand. Note that the tzoffset we output is in
// the form ±hhmm, so we need to separate the offset (in minutes) into an hour
// and minute pair.
......@@ -76,7 +72,7 @@ index 75ee0c8..74183b8 100644
let tzOffHours = Math.abs(Math.trunc(tzOffset / 60));
let tzOffMinutes = Math.abs(tzOffset) % 60;
let tzOffsetStr =
@@ -3471,15 +3495,15 @@
@@ -3487,15 +3511,15 @@
// Convert the day-time figure into a single value to avoid unwanted line
// breaks in the middle.
let dayTime = [
......
......@@ -7,11 +7,9 @@ Subject: [PATCH] Bug 1370217 - Avoid spellchecking language disclosure in
comm/mail/components/compose/content/MsgComposeCommands.js | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/comm/mail/components/compose/content/MsgComposeCommands.js b/comm/mail/components/compose/content/MsgComposeCommands.js
index ba73704..170ca9c 100644
--- a/comm/mail/components/compose/content/MsgComposeCommands.js
+++ b/comm/mail/components/compose/content/MsgComposeCommands.js
@@ -2868,9 +2868,10 @@ function ComposeStartup(aParams) {
@@ -2868,9 +2868,10 @@
// Update the language in the composition fields, so we can save it
// to the draft next time.
if (gMsgCompose && gMsgCompose.compFields) {
......
......@@ -23,11 +23,9 @@ when disabled either.
.../content/exchangeAutoDiscover.js | 10 ---
2 files changed, 45 insertions(+), 46 deletions(-)
diff --git a/comm/mail/components/accountcreation/content/emailWizard.js b/comm/mail/components/accountcreation/content/emailWizard.js
index 3780792641a..0b53b0a498d 100644
--- a/comm/mail/components/accountcreation/content/emailWizard.js
+++ b/comm/mail/components/accountcreation/content/emailWizard.js
@@ -677,44 +677,53 @@ EmailConfigWizard.prototype = {
@@ -757,46 +757,55 @@
);
call.setAbortable(fetch);
......@@ -66,7 +64,9 @@ index 3780792641a..0b53b0a498d 100644
- (e, allErrors) => {
- // Must call error callback in any case to stop the discover mode.
- let errorCallback = call.errorCallback();
- if (allErrors && allErrors.some(e => e.code == 401)) {
- if (e instanceof CancelledException) {
- errorCallback(e);
- } else if (allErrors && allErrors.some(e => e.code == 401)) {
- // Auth failed.
- // Ask user for username.
- this.onStartOver();
......@@ -95,7 +95,9 @@ index 3780792641a..0b53b0a498d 100644
+ (e, allErrors) => {
+ // Must call error callback in any case to stop the discover mode.
+ let errorCallback = call.errorCallback();
+ if (allErrors && allErrors.some(e => e.code == 401)) {
+ if (e instanceof CancelledException) {
+ errorCallback(e);
+ } else if (allErrors && allErrors.some(e => e.code == 401)) {
+ // Auth failed.
+ // Ask user for username.
+ this.onStartOver();
......@@ -117,11 +119,9 @@ index 3780792641a..0b53b0a498d 100644
} catch (e) {
// e.g. when entering an invalid domain like "c@c.-com"
this.showErrorMsg(e);
diff --git a/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js b/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js
index f9d2a6e0d3e..efe9966a600 100644
--- a/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js
+++ b/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js
@@ -47,16 +47,6 @@ function fetchConfigFromExchange(
@@ -48,16 +48,6 @@
) {
assert(typeof successCallback == "function");
assert(typeof errorCallback == "function");
......@@ -138,6 +138,3 @@ index f9d2a6e0d3e..efe9966a600 100644
// <https://technet.microsoft.com/en-us/library/bb124251(v=exchg.160).aspx#Autodiscover%20services%20in%20Outlook>
// <https://docs.microsoft.com/en-us/previous-versions/office/developer/exchange-server-interoperability-guidance/hh352638(v%3Dexchg.140)>, search for "The Autodiscover service uses one of these four methods"
let url1 =
--
2.26.1
From: anonym <anonym@riseup.net>
Date: Wed, 27 Feb 2019 16:15:59 +0100
Subject: [PATCH] Make use of non-SSL Exchange AutoDiscover methods optional.
If an attacker does a MitM they can presumably modify the Exchange
server's HTTP response to redirect to an attacker controller Exchange
server instead. So let's provide protection against this via the
mailnews.auto_config.sslOnly pref.
---
.../accountcreation/content/exchangeAutoDiscover.js | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js b/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js
index f9d2a6e..4c3e1ce 100644
--- a/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js
+++ b/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js
@@ -127,15 +127,17 @@ function fetchConfigFromExchange(
fetch.start();
call.setAbortable(fetch);
- call = priority.addCall();
- fetch3 = new FetchHTTP(
- url3,
- callArgs,
- call.successCallback(),
- call.errorCallback()
- );
- fetch3.start();
- call.setAbortable(fetch3);
+ if (!Services.prefs.getBoolPref("mailnews.auto_config.sslOnly")) {
+ call = priority.addCall();
+ fetch3 = new FetchHTTP(
+ url3,
+ callArgs,
+ call.successCallback(),
+ call.errorCallback()
+ );
+ fetch3.start();
+ call.setAbortable(fetch3);
+ }
// url3 is an HTTP URL that will redirect to the real one, usually a HTTPS
// URL of the hoster. XMLHttpRequest unfortunately loses the call
......@@ -6,11 +6,9 @@ Subject: [PATCH] Prefer fetched configurations using SSL over plaintext.
comm/mail/components/accountcreation/content/readFromXML.js | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/comm/mail/components/accountcreation/content/readFromXML.js b/comm/mail/components/accountcreation/content/readFromXML.js
index 76b553b..8c7ecdd 100644
--- a/comm/mail/components/accountcreation/content/readFromXML.js
+++ b/comm/mail/components/accountcreation/content/readFromXML.js
@@ -100,7 +100,10 @@ function readFromXML(clientConfigXML) {
@@ -100,7 +100,10 @@
SSL: 2,
STARTTLS: 3,
});
......@@ -22,7 +20,7 @@ index 76b553b..8c7ecdd 100644
} catch (e) {
exception = e;
}
@@ -233,7 +236,10 @@ function readFromXML(clientConfigXML) {
@@ -233,7 +236,10 @@
SSL: 2,
STARTTLS: 3,
});
......
Prefer-fetched-configurations-using-SSL-over-plainte.patch
Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch
Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch
Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
Avoid-local-timestamp-disclosure-in-Date-header.patch
Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch
Fix-buggy-pref-for-disabling-MS-Exchange-autoconfig-.patch
\ No newline at end of file
Fix-buggy-pref-for-disabling-MS-Exchange-autoconfig-.patch
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment