Commit 6a2bac1f authored by intrigeri's avatar intrigeri
Browse files

Import, rebase and apply Tails patches.

parent 4fe392ff
......@@ -32,3 +32,9 @@ fixes/fix-function-nsMsgComposeAndSend-to-to-respect-Replo.patch
porting/Don-t-hardcode-page-size-on-ia64-sparc-or-mipsel.patch
fixes/Link-libldap-against-libpthread.patch
debian-hacks/creating-a-dummy-.deps-directory-to-get-make-happy.patch
tails/Optionally-skip-probing-for-plaintext-protocols.patch
tails/Optionally-skip-insecure-database-autoconfiguration-.patch
tails/Optionally-skip-insecure-DNS-MX-autoconfiguration-lo.patch
tails/Make-ISP-autoconfiguration-lookup-first-try-https-th.patch
tails/Add-checkbox-for-toggling-mailnews.auto_config_ssl_o.patch
tails/Optionally-skip-fetched-configs-using-plaintext-prot.patch
From: Tails developers <amnesia@boum.org>
Date: Wed, 11 Jan 2012 15:09:57 +0100
Subject: Add checkbox for toggling mailnews.auto_config_ssl_only.
---
mail/locales/en-US/chrome/messenger/accountCreation.dtd | 2 ++
mailnews/base/prefs/content/accountcreation/emailWizard.js | 14 ++++++++++++++
.../base/prefs/content/accountcreation/emailWizard.xul | 7 +++++++
3 files changed, 23 insertions(+)
diff --git a/mail/locales/en-US/chrome/messenger/accountCreation.dtd b/mail/locales/en-US/chrome/messenger/accountCreation.dtd
index 65e6203..5280cb0 100644
--- a/mail/locales/en-US/chrome/messenger/accountCreation.dtd
+++ b/mail/locales/en-US/chrome/messenger/accountCreation.dtd
@@ -16,6 +16,8 @@
<!ENTITY password.text "Optional, will only be used to validate the username">
<!ENTITY rememberPassword.label "Remember password">
<!ENTITY rememberPassword.accesskey "m">
+<!ENTITY secureProtocols.label "Only use secure protocols">
+<!ENTITY secureProtocols.accesskey "s">
<!ENTITY imapLong.label "IMAP (remote folders)">
<!ENTITY pop3Long.label "POP3 (keep mail on your computer)">
diff --git a/mailnews/base/prefs/content/accountcreation/emailWizard.js b/mailnews/base/prefs/content/accountcreation/emailWizard.js
index ea54312..4e53c28 100644
--- a/mailnews/base/prefs/content/accountcreation/emailWizard.js
+++ b/mailnews/base/prefs/content/accountcreation/emailWizard.js
@@ -223,6 +223,9 @@ EmailConfigWizard.prototype =
rememberPasswordE.disabled = true;
}
+ e("only_secure_protocols").checked =
+ Application.prefs.getValue("mailnews.auto_config_ssl_only", false);
+
// First, unhide the main window areas, and store the width,
// so that we don't resize wildly when we unhide areas.
// switchToMode() will then hide the unneeded parts again.
@@ -271,6 +274,7 @@ EmailConfigWizard.prototype =
//_show("initialSettings"); always visible
//_show("cancel_button"); always visible
if (modename == "start") {
+ _show("only_secure_protocols");
_hide("status_area");
_hide("result_area");
_hide("manual-edit_area");
@@ -308,6 +312,7 @@ EmailConfigWizard.prototype =
_show("manual-edit_button");
_hide("advanced-setup_button");
} else if (modename == "manual-edit") {
+ _hide("only_secure_protocols");
_show("status_area");
_hide("result_area");
_show("manual-edit_area");
@@ -322,6 +327,7 @@ EmailConfigWizard.prototype =
_show("advanced-setup_button");
_disable("advanced-setup_button");
} else if (modename == "manual-edit-have-hostname") {
+ _hide("only_secure_protocols");
_show("status_area");
_hide("result_area");
_show("manual-edit_area");
@@ -336,6 +342,7 @@ EmailConfigWizard.prototype =
_show("advanced-setup_button");
_disable("advanced-setup_button");
} else if (modename == "manual-edit-testing") {
+ _hide("only_secure_protocols");
_show("status_area");
_hide("result_area");
_show("manual-edit_area");
@@ -351,6 +358,7 @@ EmailConfigWizard.prototype =
_show("advanced-setup_button");
_disable("advanced-setup_button");
} else if (modename == "manual-edit-complete") {
+ _hide("only_secure_protocols");
_show("status_area");
_hide("result_area");
_show("manual-edit_area");
@@ -512,6 +520,12 @@ EmailConfigWizard.prototype =
e("password").type = "password";
},
+ toggleSecureProtocols : function()
+ {
+ Application.prefs.setValue("mailnews.auto_config_ssl_only",
+ e("only_secure_protocols").checked);
+ },
+
/**
* Check whether the user entered the minimum of information
* needed to leave the "start" mode (entering of name, email, pw)
diff --git a/mailnews/base/prefs/content/accountcreation/emailWizard.xul b/mailnews/base/prefs/content/accountcreation/emailWizard.xul
index 833871f..a17d540 100644
--- a/mailnews/base/prefs/content/accountcreation/emailWizard.xul
+++ b/mailnews/base/prefs/content/accountcreation/emailWizard.xul
@@ -196,6 +196,13 @@
accesskey="&rememberPassword.accesskey;"
checked="true"/>
</row>
+ <row align="center" pack="start">
+ <label class="autoconfigLabel"/>
+ <checkbox id="only_secure_protocols"
+ label="&secureProtocols.label;"
+ accesskey="&secureProtocols.accesskey;"
+ oncommand="gEmailConfigWizard.toggleSecureProtocols();"/>
+ </row>
</rows>
</grid>
<spacer flex="1" />
From: Tails developers <amnesia@boum.org>
Date: Tue, 10 Jan 2012 20:49:20 +0100
Subject: Make ISP autoconfiguration lookup first try https, then http.
Setting mailnews.auto_config_ssl_only to True makes autoconfiguration
use only https for ISP lookup.
---
.../prefs/content/accountcreation/fetchConfig.js | 74 ++++++++++++----------
1 file changed, 39 insertions(+), 35 deletions(-)
diff --git a/mailnews/base/prefs/content/accountcreation/fetchConfig.js b/mailnews/base/prefs/content/accountcreation/fetchConfig.js
index 0cc78c2..eda9df6 100644
--- a/mailnews/base/prefs/content/accountcreation/fetchConfig.js
+++ b/mailnews/base/prefs/content/accountcreation/fetchConfig.js
@@ -57,49 +57,53 @@ function fetchConfigFromDisk(domain, successCallback, errorCallback)
function fetchConfigFromISP(domain, emailAddress, successCallback,
errorCallback)
{
- let url1 = "http://autoconfig." + sanitize.hostname(domain) +
- "/mail/config-v1.1.xml";
+ let conf1 = "autoconfig." + sanitize.hostname(domain) +
+ "/mail/config-v1.1.xml";
// .well-known/ <http://tools.ietf.org/html/draft-nottingham-site-meta-04>
- let url2 = "http://" + sanitize.hostname(domain) +
- "/.well-known/autoconfig/mail/config-v1.1.xml";
+ let conf2 = sanitize.hostname(domain) +
+ "/.well-known/autoconfig/mail/config-v1.1.xml";
+ let url0 = "https://" + conf1;
+ let url1 = "https://" + conf2;
+ let url2 = "http://" + conf1;
+ let url3 = "http://" + conf2;
+ let prefs = Cc["@mozilla.org/preferences-service;1"]
+ .getService(Ci.nsIPrefBranch);
+ if (prefs.getBoolPref("mailnews.auto_config_ssl_only")) {
+ var urls = [url0, url1];
+ } else {
+ var urls = [url0, url1, url2, url3];
+ }
let sucAbortable = new SuccessiveAbortable();
- var time = Date.now();
- let fetch1 = new FetchHTTP(
- url1, { emailaddress: emailAddress }, false,
- function(result)
+ let time;
+
+ let success = function(result)
{
successCallback(readFromXML(result));
- },
- function(e1) // fetch1 failed
+ };
+
+ let error = function(i, e)
{
- ddump("fetchisp 1 <" + url1 + "> took " + (Date.now() - time) +
- "ms and failed with " + e1);
- time = Date.now();
- if (e1 instanceof CancelledException)
- {
- errorCallback(e1);
+ ddump("fetchisp " + i + " <" + urls[i] + "> took " +
+ (Date.now() - time) + "ms and failed with " + e);
+
+ if (i == urls.length - 1 || // implies all fetches failed
+ e instanceof CancelledException) {
+ errorCallback(e);
return;
}
+ let fetch = new FetchHTTP(urls[i + 1], { emailaddress: emailAddress },
+ false, success,
+ function(e) { error(i + 1, e) });
+ sucAbortable.current = fetch;
+ time = Date.now();
+ fetch.start();
+ };
- let fetch2 = new FetchHTTP(
- url2, { emailaddress: emailAddress }, false,
- function(result)
- {
- successCallback(readFromXML(result));
- },
- function(e2)
- {
- ddump("fetchisp 2 <" + url2 + "> took " + (Date.now() - time) +
- "ms and failed with " + e2);
- // return the error for the primary call,
- // unless the fetch was cancelled
- errorCallback(e2 instanceof CancelledException ? e2 : e1);
- });
- sucAbortable.current = fetch2;
- fetch2.start();
- });
- sucAbortable.current = fetch1;
- fetch1.start();
+ let fetch = new FetchHTTP(urls[0], { emailaddress: emailAddress }, false,
+ success, function(e) { error(0, e) });
+ sucAbortable.current = fetch;
+ time = Date.now();
+ fetch.start();
return sucAbortable;
}
From: Tails developers <amnesia@boum.org>
Date: Thu, 12 Jan 2012 15:38:55 +0100
Subject: Optionally skip fetched configs using plaintext protocols.
Setting mailnews.auto_config_ssl_only to True completely discards
fetched configurations that are using plaintext protocols during
autoconfiguration.
---
.../prefs/content/accountcreation/readFromXML.js | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/mailnews/base/prefs/content/accountcreation/readFromXML.js b/mailnews/base/prefs/content/accountcreation/readFromXML.js
index e58a199..64d4b0d 100644
--- a/mailnews/base/prefs/content/accountcreation/readFromXML.js
+++ b/mailnews/base/prefs/content/accountcreation/readFromXML.js
@@ -24,6 +24,9 @@ function readFromXML(clientConfigXML)
function array_or_undef(value) {
return value === undefined ? [] : value;
}
+ var prefs = Cc["@mozilla.org/preferences-service;1"]
+ .getService(Ci.nsIPrefBranch);
+ var ssl_only = prefs.getBoolPref("mailnews.auto_config_ssl_only");
var exception;
if (typeof(clientConfigXML) != "object" ||
!("clientConfig" in clientConfigXML) ||
@@ -76,13 +79,20 @@ function readFromXML(clientConfigXML)
try {
iO.socketType = sanitize.translate(iXsocketType,
{ plain : 1, SSL: 2, STARTTLS: 3 });
- break; // take first that we support
+
+ if (iO.socketType != 1) {
+ // pick first non-plaintext protocol, if available
+ break;
+ }
} catch (e) { exception = e; }
}
if (!iO.socketType)
throw exception ? exception : "need proper <socketType> in XML";
exception = null;
+ if (iO.socketType == 1 && ssl_only)
+ continue; // skip this configuration since we force ssl
+
for (let iXauth of array_or_undef(iX.$authentication))
{
try {
@@ -150,13 +160,20 @@ function readFromXML(clientConfigXML)
try {
oO.socketType = sanitize.translate(oXsocketType,
{ plain : 1, SSL: 2, STARTTLS: 3 });
- break; // take first that we support
+
+ if (oO.socketType != 1) {
+ // pick first non-plaintext protocol, if available
+ break;
+ }
} catch (e) { exception = e; }
}
if (!oO.socketType)
throw exception ? exception : "need proper <socketType> in XML";
exception = null;
+ if (oO.socketType == 1 && ssl_only)
+ continue; // skip this configuration since we force ssl
+
for (let oXauth of array_or_undef(oX.$authentication))
{
try {
From: Tails developers <amnesia@boum.org>
Date: Wed, 4 Jan 2012 14:59:54 +0100
Subject: Optionally skip insecure DNS MX autoconfiguration lookup.
Setting mailnews.auto_config_ssl_only to True makes autoconfiguration
skip DNS MX lookup during autoconfiguration.
---
mailnews/base/prefs/content/accountcreation/fetchConfig.js | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/mailnews/base/prefs/content/accountcreation/fetchConfig.js b/mailnews/base/prefs/content/accountcreation/fetchConfig.js
index 2acdd14..0cc78c2 100644
--- a/mailnews/base/prefs/content/accountcreation/fetchConfig.js
+++ b/mailnews/base/prefs/content/accountcreation/fetchConfig.js
@@ -162,6 +162,15 @@ function fetchConfigFromDB(domain, successCallback, errorCallback)
*/
function fetchConfigForMX(domain, successCallback, errorCallback)
{
+ var prefs = Cc["@mozilla.org/preferences-service;1"]
+ .getService(Ci.nsIPrefBranch);
+ if (prefs.getBoolPref("mailnews.auto_config_ssl_only")) {
+ // XXX We may not have to skip this method if we're using DNSSEC
+ errorCallback("Skipping insecure autoconfiguration method: " +
+ "DNS MX lookup");
+ return;
+ }
+
domain = sanitize.hostname(domain);
var sucAbortable = new SuccessiveAbortable();
From: Tails developers <amnesia@boum.org>
Date: Wed, 4 Jan 2012 14:51:21 +0100
Subject: Optionally skip insecure database autoconfiguration lookup.
Setting mailnews.auto_config_ssl_only to True makes autoconfiguration
skip database lookup during autoconfiguration if
mailnews.auto_config_url isn't HTTPS.
---
mailnews/base/prefs/content/accountcreation/fetchConfig.js | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/mailnews/base/prefs/content/accountcreation/fetchConfig.js b/mailnews/base/prefs/content/accountcreation/fetchConfig.js
index 9e5f3ed..2acdd14 100644
--- a/mailnews/base/prefs/content/accountcreation/fetchConfig.js
+++ b/mailnews/base/prefs/content/accountcreation/fetchConfig.js
@@ -112,6 +112,12 @@ function fetchConfigFromISP(domain, emailAddress, successCallback,
function fetchConfigFromDB(domain, successCallback, errorCallback)
{
let url = Services.prefs.getCharPref("mailnews.auto_config_url");
+ if (pref.getBoolPref("mailnews.auto_config_ssl_only") &&
+ url.indexOf("https://") != 0) {
+ errorCallback("Skipping insecure autoconfiguration method: " +
+ "non-SSL HTTP database lookup");
+ return;
+ }
domain = sanitize.hostname(domain);
// If we don't specify a place to put the domain, put it at the end.
From: Tails developers <amnesia@boum.org>
Date: Wed, 4 Jan 2012 14:48:02 +0100
Subject: Optionally skip probing for plaintext protocols.
Setting mailnews.auto_config_ssl_only to True prevents detecting
plaintext protocols through autoconfiguration during account creation.
---
.../prefs/content/accountcreation/guessConfig.js | 42 ++++++++++++++--------
1 file changed, 27 insertions(+), 15 deletions(-)
diff --git a/mailnews/base/prefs/content/accountcreation/guessConfig.js b/mailnews/base/prefs/content/accountcreation/guessConfig.js
index c7cbe24..89382bb 100644
--- a/mailnews/base/prefs/content/accountcreation/guessConfig.js
+++ b/mailnews/base/prefs/content/accountcreation/guessConfig.js
@@ -767,22 +767,34 @@ function getIncomingTryOrder(host, protocol, ssl, port)
else if (protocol == UNKNOWN && lowerCaseHost.startsWith("imap."))
protocol = IMAP;
+ var prefs = Cc["@mozilla.org/preferences-service;1"]
+ .getService(Ci.nsIPrefBranch);
+ var ssl_only = prefs.getBoolPref("mailnews.auto_config_ssl_only");
+
if (protocol != UNKNOWN) {
- if (ssl == UNKNOWN)
- return [getHostEntry(protocol, TLS, port),
- //getHostEntry(protocol, SSL, port),
- getHostEntry(protocol, NONE, port)];
- return [getHostEntry(protocol, ssl, port)];
- }
- if (ssl == UNKNOWN)
- return [getHostEntry(IMAP, TLS, port),
- //getHostEntry(IMAP, SSL, port),
- getHostEntry(POP, TLS, port),
- //getHostEntry(POP, SSL, port),
- getHostEntry(IMAP, NONE, port),
- getHostEntry(POP, NONE, port)];
- return [getHostEntry(IMAP, ssl, port),
- getHostEntry(POP, ssl, port)];
+ if (ssl == UNKNOWN) {
+ var order = [getHostEntry(protocol, TLS, port),
+ //getHostEntry(protocol, SSL, port)
+ ];
+ if (!ssl_only)
+ order.push(getHostEntry(protocol, NONE, port));
+ return order;
+ } else {
+ return [getHostEntry(protocol, ssl, port)];
+ }
+ } else if (ssl == UNKNOWN) {
+ var order = [getHostEntry(IMAP, TLS, port),
+ //getHostEntry(IMAP, SSL, port),
+ getHostEntry(POP, TLS, port),
+ //getHostEntry(POP, SSL, port)
+ ];
+ if (!ssl_only)
+ order.push(getHostEntry(IMAP, NONE, port),
+ getHostEntry(POP, NONE, port));
+ return order;
+ } else
+ return [getHostEntry(IMAP, ssl, port),
+ getHostEntry(POP, ssl, port)];
};
/**
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment