Upstream secure Thunderbird autoconfig wizard (#6156) · Issues · tails / tails

Upstream secure Thunderbird autoconfig wizard

Originally created by Tails on #6156 (Redmine)

Get these patches merged in Thunderbird upstream.

Upstream tickets and merge requests:

https://bugzilla.mozilla.org/show_bug.cgi?id=971347 (done)
https://bugzilla.mozilla.org/show_bug.cgi?id=669238 (done)
https://bugzilla.mozilla.org/show_bug.cgi?id=1561542 (needs work)

Status of current patches in Tails

As of 66bd9dc5 our patches are as follows:

Add-pref-for-whether-to-accept-plaintext-protocols-d.patch: we can drop this patch; when plaintext is selected by autoconfig, a scary warning is shown which is good enough → removing via #17808 (closed)
Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch: this should be reworked into "enable javascript while doing OAuth2".
Fix-buggy-pref-for-disabling-MS-Exchange-autoconfig-.patch: this is a brand new patch we should upstream; the reason for this patch is that work that happened upstream broke our previous contribution.
Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch: we can drop this patch; upstream wasn't interested, but we already managed to upstream a pref to completely disable Exchange AutoDiscover, so we are happy just doing that → removing via #17808 (closed)
Prefer-fetched-configurations-using-SSL-over-plainte.patch:
- Upstream is outright hostile towards this change so there is no point trying to upstream it unless there is a change of maintainer.
- We keep this patch as long as there are other reasons for us to custom patch Thunderbird. But we can drop it next time it has to be refreshed and no one has the energy.
- When plaintext is selected by autoconfig, a scary warning is shown which is good enough, so dropping it won't be a huge deal.
- Past discussion with upstream:

These are already upstreamed:

Avoid-local-timestamp-disclosure-in-Date-header.patch
Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch

Attachments

secure-account-creation.tar.gz

Subtasks

Related issues

Related to #6150 (closed)
Related to #7064 (closed)
Related to #15387 (closed)
Related to #16771 (closed)
Related to #16856 (closed)
Related to #17277 (closed)
Blocked by #11536 (closed)
Blocked by #12151 (closed)

_Originally created by Tails on [#6156 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/6156)_

Get these patches merged in Thunderbird upstream.

Upstream tickets and merge requests:

* <https://bugzilla.mozilla.org/show_bug.cgi?id=971347> (done)
* <https://bugzilla.mozilla.org/show_bug.cgi?id=669238> (done)
* <https://bugzilla.mozilla.org/show_bug.cgi?id=1561542> (needs work)

### Status of current patches in Tails

As of 66bd9dc5227f228bc8221cdc43dddff8d1c787b7 our patches are as follows:

* [x] `Add-pref-for-whether-to-accept-plaintext-protocols-d.patch`: we can **drop** this patch; when plaintext is selected by autoconfig, a scary warning is shown which is good enough → removing via #17808
* [ ] `Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch`: this should be **reworked** into "enable javascript while doing OAuth2".
* [ ] `Fix-buggy-pref-for-disabling-MS-Exchange-autoconfig-.patch`: this is a **brand new patch** we should **upstream**; the reason for this patch is that work that happened upstream broke our previous contribution.
* [x] `Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch`: we can **drop** this patch; upstream wasn't interested, but we already managed to upstream a pref to completely disable Exchange AutoDiscover, so we are happy just doing that → removing via #17808
* [x] `Prefer-fetched-configurations-using-SSL-over-plainte.patch`:
  - Upstream is outright hostile towards this change so there is no point trying to upstream it unless there is a change of maintainer.
  - We **keep** this patch as long as there are other reasons for us to custom patch Thunderbird. But we can **drop** it next time it has to be refreshed and no one has the energy.
  - When plaintext is selected by autoconfig, a scary warning is shown which is good enough, so dropping it won't be a huge deal.
  - Past discussion with upstream:
    1. https://bugzilla.mozilla.org/show_bug.cgi?id=971347#c152
    2. https://bugzilla.mozilla.org/show_bug.cgi?id=971347#c169
    3. https://bugzilla.mozilla.org/show_bug.cgi?id=971347#c213

These are already upstreamed:

* `Avoid-local-timestamp-disclosure-in-Date-header.patch`
* `Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch`

### Attachments

* [secure-account-creation.tar.gz](https://redmine.tails.boum.org/code/attachments/download/1966/secure-account-creation.tar.gz)

### Subtasks

- [x] tails/tails#11450
  - [x] tails/tails#15788
  - [x] tails/tails#15790
  - [x] tails/tails#16147

### Related issues

- **Related to** tails/tails#6150
  - **Related to** tails/tails#7064
  - **Related to** tails/tails#15387
  - **Related to** tails/tails#16771
  - **Related to** tails/tails#16856
  - **Related to** tails/tails#17277
  - **Blocked by** tails/tails#11536
  - **Blocked by** tails/tails#12151

Edited Sep 11, 2020 by intrigeri

To upload designs, you'll need to enable LFS. More information