Upstream secure Thunderbird autoconfig wizard
Originally created by Tails on #6156 (Redmine)
Get these patches merged in Thunderbird upstream.
Upstream tickets and merge requests:
- https://bugzilla.mozilla.org/show_bug.cgi?id=971347 (done)
- https://bugzilla.mozilla.org/show_bug.cgi?id=669238 (done)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1561542 (needs work)
Status of current patches in Tails
As of 66bd9dc5 our patches are as follows:
-
Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
: we can drop this patch; when plaintext is selected by autoconfig, a scary warning is shown which is good enough → removing via #17808 (closed) -
Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch
: this should be reworked into "enable javascript while doing OAuth2". -
Fix-buggy-pref-for-disabling-MS-Exchange-autoconfig-.patch
: this is a brand new patch we should upstream; the reason for this patch is that work that happened upstream broke our previous contribution. -
Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch
: we can drop this patch; upstream wasn't interested, but we already managed to upstream a pref to completely disable Exchange AutoDiscover, so we are happy just doing that → removing via #17808 (closed) -
Prefer-fetched-configurations-using-SSL-over-plainte.patch
:- Upstream is outright hostile towards this change so there is no point trying to upstream it unless there is a change of maintainer.
- We keep this patch as long as there are other reasons for us to custom patch Thunderbird. But we can drop it next time it has to be refreshed and no one has the energy.
- When plaintext is selected by autoconfig, a scary warning is shown which is good enough, so dropping it won't be a huge deal.
- Past discussion with upstream:
These are already upstreamed:
Avoid-local-timestamp-disclosure-in-Date-header.patch
Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch
Attachments
Subtasks
Related issues
- Related to #6150 (closed)
- Related to #7064 (closed)
- Related to #15387 (closed)
- Related to #16771 (closed)
- Related to #16856 (closed)
- Related to #17277 (closed)
- Blocked by #11536 (closed)
- Blocked by #12151 (closed)
Edited by anonym